4.7 Article

Amplitude-Varying Perturbation for Balancing Privacy and Utility in Federated Learning

IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY (2023)

Get Full Text
Add to Collection

Journal

IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY
Volume 18, Issue -, Pages 1884-1897

Publisher

IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
DOI: 10.1109/TIFS.2023.3258255

Keywords

Privacy; Perturbation methods; Servers; Convergence; Training; Analytical models; Upper bound; Federated learning; differential privacy; time-varying noise variance; convergence analysis

Categories

Computer Science, Theory & Methods Engineering, Electrical & Electronic

Ask authors/readers for more resources

Protocol

Community support

Reagent

Community support

This paper proposes a new differential privacy perturbation mechanism with a time-varying noise amplitude to protect the privacy of federated learning and retain the capability of adjusting the learning performance. Extensive experiments confirm the contribution of this mechanism to the convergence and accuracy of privacy-preserving federated learning compared to the state-of-the-art Gaussian noise mechanism with a persistent noise amplitude.
While preserving the privacy of federated learning (FL), differential privacy (DP) inevitably degrades the utility (i.e., accuracy) of FL due to model perturbations caused by DP noise added to model updates. Existing studies have considered exclusively noise with persistent root-mean-square amplitude and overlooked an opportunity of adjusting the amplitudes to alleviate the adverse effects of the noise. This paper presents a new DP perturbation mechanism with a time-varying noise amplitude to protect the privacy of FL and retain the capability of adjusting the learning performance. Specifically, we propose a geometric series form for the noise amplitude and reveal analytically the dependence of the series on the number of global aggregations and the (e, d)-DP requirement. We derive an online refinement of the series to prevent FL from premature convergence resulting from excessive perturbation noise. Another important aspect is an upper bound developed for the loss function of a multi-layer perceptron (MLP) trained by FL running the new DP mechanism. Accordingly, the optimal number of global aggregations is obtained, balancing the learning and privacy. Extensive experiments are conducted using MLP, supporting vector machine, and convolutional neural network models on four public datasets. The contribution of the new DP mechanism to the convergence and accuracy of privacy-preserving FL is corroborated, compared to the state-of-the-art Gaussian noise mechanism with a persistent noise amplitude.

Authors

I am an author on this paper
Click your name to claim this paper and add it to your profile.

Reviews

Primary Rating

4.7
Not enough ratings

Secondary Ratings

Novelty
-
Significance
-
Scientific rigor
-
Rate this paper

Recommended

No Data Available
No Data Available
Webinars Posters Questions Hubs Funding Journals Papers Connect Collections Reviewers About Us FAQs Mobile App Privacy Policy Terms of Use
© Peeref 2019-2024. All rights reserved.