关键词: 联邦学习, 模型安全, 后门攻击, 差分隐私；隐私保护

Abstract: Model security and clients privacy are urgent challenges to be addressed in federated learning. In order to simultaneously tackle these challenges, a federated learning scheme based on differential privacy and model clustering is proposed. Local differential privacy is introduced in clients updates to protect clients privacy by disrupting the parameters. To ensure precise clustering of noisy model updates, cosine gradient is defined for the first time to cluster noisy model updates. Based on the clustering results, malicious models are accurately identified and filtered. Finally, global differential privacy is introduced to resist potential backdoor attacks. The noise boundary of global noise is obtained by theoretical analysis and it is proved that the total noise introduced by our scheme is lower than that introduced by the classical model security scheme. The experimental results demonstrate that our scheme can achieve the expected goals in terms of accuracy, robustness and privacy.

Key words: federated learning, model security, backdoor attack, differential privacy, privacy protection