Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
MTZ-Fachkongress

Antriebe und Energiesysteme von morgen


Austausch von Automobil- und Energiewirtschaft

Am 14./15. Mai geht es in Chemnitz um die Mobilitätswende durch Elektro- und Wasserstofffahrzeuge.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Neural Additive and Basis Models with Feature Selection and Interactions Kapitel lesen Erstes Kapitel lesen

2024 | OriginalPaper | Buchkapitel

Construct a Secure CNN Against Gradient Inversion Attack

verfasst von : Yu-Hsin Liu, Yu-Chun Shen, Hsi-Wen Chen, Ming-Syan Chen

Erschienen in: Advances in Knowledge Discovery and Data Mining

Verlag: Springer Nature Singapore

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Federated learning enables collaborative model training across multiple clients without sharing raw data, adhering to privacy regulations, which involves clients sending model updates (gradients) to a central server, where they are aggregated to improve a global model. Despite its benefits, federated learning faces threats from gradient inversion attacks, which can reconstruct private data from gradients. Traditional defenses, including cryptography, differential privacy, and perturbation techniques, offer protection but may suffer from a reduction in computational efficiency and model performance. Thus, in this paper, we introduce Secure Convolutional Neural Networks (SecCNN), a novel approach embedding an upsampling layer into CNNs to inherently defend against gradient inversion attacks. SecCNN leverages Rank Analysis for enhanced security without sacrificing model accuracy or incurring significant computational costs. Our results demonstrate SecCNN’s effectiveness in securing federated learning against privacy breaches, thereby building trust among participants and advancing secure collaborative learning.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel SecureBoost: Large Scale and High-Performance Vertical Federated Gradient Boosting Decision Tree
Nächstes Kapitel Backdoor Attack Against One-Class Sequential Anomaly Detection Models
Literatur
1.
Aono, Y., Hayashi, T., Wang, L., Moriai, S., et al.: Privacy-preserving deep learning via additively homomorphic encryption. IEEE Trans. Inf. Forensics Secur. 13(5), 1333–1345 (2017)
2.
Berahas, A.S., Nocedal, J., Takác, M.: A multi-batch l-bfgs method for machine learning. In: Advances in Neural Information Processing Systems, vol. 29 (2016)
3.
Bonawitz, K., et al.: Towards federated learning at scale: system design. Proc. Mach. Learn. Syst. 1, 374–388 (2019)
4.
Bonawitz, K., et al.: Practical secure aggregation for privacy-preserving machine learning. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 1175–1191 (2017)
5.
Chilimbi, T., Suzue, Y., Apacible, J., Kalyanaraman, K.: Project Adam: building an efficient and scalable deep learning training system. In: 11th \(\{\)USENIX\(\}\) Symposium on Operating Systems Design and Implementation (\(\{\)OSDI\(\}\) 14), pp. 571–582 (2014)
6.
Fan, L., et al.: Rethinking privacy preserving deep learning: how to evaluate and thwart privacy attacks. In: Federated Learning: Privacy and Incentive, pp. 32–50 (2020)
7.
Geiping, J., Bauermeister, H., Dröge, H., Moeller, M.: Inverting gradients - how easy is it to break privacy in federated learning? In: Larochelle, H., Ranzato, M., Hadsell, R., Balcan, M., Lin, H. (eds.) Advances in Neural Information Processing Systems, vol. 33, pp. 16937–16947. Curran Associates, Inc. (2020)
8.
Harding, E.L., Vanto, J.J., Clark, R., Hannah Ji, L., Ainsworth, S.C.: Understanding the scope and impact of the California consumer privacy act of 2018. J. Data Protect. Privacy 2(3), 234–253 (2019)
9.
Hatamizadeh, A., et al.: Gradvit: gradient inversion of vision transformers. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp. 10021–10030 (2022)
10.
He, F., Wang, B., Tao, D.: Tighter generalization bounds for iterative differentially private learning algorithms. In: Uncertainty in Artificial Intelligence, pp. 802–812. PMLR (2021)
11.
He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 770–778 (2016)
12.
Howard, A., et al.: Searching for mobilenetv3. In: Proceedings of the IEEE/CVF International Conference on Computer Vision, pp. 1314–1324 (2019)
13.
Huang, Y., Gupta, S., Song, Z., Li, K., Arora, S.: Evaluating gradient inversion attacks and defenses in federated learning. In: Advances in Neural Information Processing Systems, vol. 34, pp. 7232–7241 (2021)
14.
Huang, Y., Song, Z., Li, K., Arora, S.: Instahide: instance-hiding schemes for private distributed learning. In: International Conference on Machine Learning, pp. 4507–4518. PMLR (2020)
15.
Huang, Z., Wang, Y., Mitra, S., Dullerud, G.E.: On the cost of differential privacy in distributed control systems. In: Proceedings of the 3rd International Conference on High Confidence Networked Systems, pp. 105–114 (2014)
16.
Kim, J., Koo, D., Kim, Y., Yoon, H., Shin, J., Kim, S.: Efficient privacy-preserving matrix factorization for recommendation via fully homomorphic encryption. ACM Trans. Privacy Secur. (TOPS) 21(4), 1–30 (2018)CrossRef
17.
Konečnỳ, J., McMahan, H.B., Yu, F.X., Richtárik, P., Suresh, A.T., Bacon, D.: Federated learning: strategies for improving communication efficiency. arXiv preprint arXiv:​1610.​05492 (2016)
18.
Krizhevsky, A., Hinton, G., et al.: Learning multiple layers of features from tiny images (2009)
19.
LeCun, Y., Bottou, L., Bengio, Y., Haffner, P.: Gradient-based learning applied to document recognition. Proc. IEEE 86(11), 2278–2324 (1998)CrossRef
20.
Lia, D., Togan, M.: Privacy-preserving machine learning using federated learning and secure aggregation. In: 2020 12th International Conference on Electronics, Computers and Artificial Intelligence (ECAI), pp. 1–6. IEEE (2020)
21.
Liang, H., Li, Y., Zhang, C., Liu, X., Zhu, L.: Egia: an external gradient inversion attack in federated learning. IEEE Trans. Inf. Forensics Secur. (2023)
22.
23.
Mangold, P., Perrot, M., Bellet, A., Tommasi, M.: Differential privacy has bounded impact on fairness in classification. In: International Conference on Machine Learning, pp. 23681–23705. PMLR (2023)
24.
McMahan, B., Moore, E., Ramage, D., Hampson, S., Arcas, B.A.: Communication-efficient learning of deep networks from decentralized data. In: Artificial Intelligence and Statistics, pp. 1273–1282. PMLR (2017)
25.
McMahan, H.B., Moore, E., Ramage, D., Arcas, B.A.: Federated learning of deep networks using model averaging, 2, 2. arXiv preprint arXiv:​1602.​05629 (2016)
26.
Pfitzner, B., Steckhan, N., Arnrich, B.: Federated learning in a medical context: a systematic literature review. ACM Trans. Internet Technology (TOIT) 21(2), 1–31 (2021)CrossRef
27.
Regulation, G.D.P.: General data protection regulation (GDPR). Intersoft Consulting, Accessed in October 24(1) (2018)
28.
Shokri, R., Shmatikov, V.: Privacy-preserving deep learning. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 1310–1321 (2015)
29.
Sun, J., Li, A., Wang, B., Yang, H., Li, H., Chen, Y.: Provable defense against privacy leakage in federated learning from representation perspective. arXiv preprint arXiv:​2012.​06043 (2020)
30.
Tan, M., Le, Q.: Efficientnet: rethinking model scaling for convolutional neural networks. In: International Conference on Machine Learning, pp. 6105–6114. PMLR (2019)
31.
Truex, S., Liu, L., Chow, K.H., Gursoy, M.E., Wei, W.: LDP-FED: federated learning with local differential privacy. In: Proceedings of the Third ACM International Workshop on Edge Systems, Analytics and Networking, pp. 61–66 (2020)
32.
Wei, W., Liu, L., Wu, Y., Su, G., Iyengar, A.: Gradient-leakage resilient federated learning. In: 2021 IEEE 41st International Conference on Distributed Computing Systems (ICDCS), pp. 797–807. IEEE (2021)
33.
Ye, D., Shen, S., Zhu, T., Liu, B., Zhou, W.: One parameter defense-defending against data inference attacks via differential privacy. IEEE Trans. Inf. Forensics Secur. 17, 1466–1480 (2022)CrossRef
34.
Zhang, C., Li, S., Xia, J., Wang, W., Yan, F., Liu, Y.: \(\{\)BatchCrypt\(\}\): efficient homomorphic encryption for \(\{\)Cross-Silo\(\}\) federated learning. In: 2020 USENIX Annual Technical Conference (USENIX ATC 20), pp. 493–506 (2020)
35.
Zhang, Q., Ma, J., Xiao, Y., Lou, J., Xiong, L.: Broadening differential privacy for deep learning against model inversion attacks. In: 2020 IEEE International Conference on Big Data (Big Data), pp. 1061–1070. IEEE (2020)
36.
Zhang, R., Guo, S., Wang, J., Xie, X., Tao, D.: A survey on gradient inversion: attacks, defenses and future directions. arXiv preprint arXiv:​2206.​07284 (2022)
37.
38.
Zhao, Y., Li, M., Lai, L., Suda, N., Civin, D., Chandra, V.: Federated learning with non-IID data. arXiv preprint arXiv:​1806.​00582 (2018)
39.
40.
Zhu, L., Liu, Z., Han, S.: Deep leakage from gradients. In: Advances in Neural Information Processing Systems, vol. 32 (2019)
Metadaten
Titel
Construct a Secure CNN Against Gradient Inversion Attack
verfasst von
Yu-Hsin Liu
Yu-Chun Shen
Hsi-Wen Chen
Ming-Syan Chen
Copyright-Jahr
2024
Verlag
Springer Nature Singapore
Buch
Advances in Knowledge Discovery and Data Mining

Print ISBN: 978-981-9722-61-7

Electronic ISBN: 978-981-9722-59-4

Copyright-Jahr: 2024

DOI
https://doi.org/10.1007/978-981-97-2259-4_19

Premium Partner

    Bildnachweise