An Optimized Sparse Response Mechanism for Differentially Private Federated Learning

Federated Learning (FL) enables geo-distributed clients to collaboratively train a learning model without exposing their private data. By only exposing local model parameters, FL well preserves data privacy of clients. Yet, it remains possible to recover raw samples from over frequently exposed para...

Full description

Saved in:
Bibliographic Details
Published inIEEE transactions on dependable and secure computing Vol. 21; no. 4; pp. 2285 - 2295
Main Authors Ma, Jiating, Zhou, Yipeng, Cui, Laizhong, Guo, Song
Format Journal Article
LanguageEnglish
Published Washington IEEE 01.07.2024
IEEE Computer Society
Subjects
Algorithms
Budgets
Clients
Computational modeling
Convergence
convergence rate
Data models
Differential privacy
differentially private
Distortion
Exposure
Federated learning
Parameters
Privacy
sparse response
Training
Online AccessGet full text

Cover

Abstract Federated Learning (FL) enables geo-distributed clients to collaboratively train a learning model without exposing their private data. By only exposing local model parameters, FL well preserves data privacy of clients. Yet, it remains possible to recover raw samples from over frequently exposed parameters resulting in privacy leakage. Differentially private federated learning (DPFL) has recently been suggested to protect these parameters by introducing information noises. In this way, even if attackers get these parameters, they cannot exactly infer true parameters from these noisy information. Directly incorporating Differentially Private (DP) into FL however can severely affect model utility. In this article, we present an optimized sparse response mechanism (OSRM) that seamlessly incorporates DP into FL to diminish privacy budget consumption and improve model accuracy. Through OSRM, each FL client only exposes a selected set of large gradients, so as not to waste privacy budgets in protecting valueless gradients. We theoretically derive the convergence rate of DPFL with OSRM under non-convex loss. Then, OSRM is optimized by minimizing the loss of the convergence rate. Based on analysis, we present an effective algorithm for optimizing OSRM. Extensive experiments are conducted with public datasets, including MNIST, Fashion-MNIST and CIFAR-10. The results suggest that OSRM can achieve the average improvement of accuracy by 18.42% as compared to state-of-the-art baselines with a fixed privacy budget.
AbstractList Federated Learning (FL) enables geo-distributed clients to collaboratively train a learning model without exposing their private data. By only exposing local model parameters, FL well preserves data privacy of clients. Yet, it remains possible to recover raw samples from over frequently exposed parameters resulting in privacy leakage. Differentially private federated learning (DPFL) has recently been suggested to protect these parameters by introducing information noises. In this way, even if attackers get these parameters, they cannot exactly infer true parameters from these noisy information. Directly incorporating Differentially Private (DP) into FL however can severely affect model utility. In this article, we present an optimized sparse response mechanism (OSRM) that seamlessly incorporates DP into FL to diminish privacy budget consumption and improve model accuracy. Through OSRM, each FL client only exposes a selected set of large gradients, so as not to waste privacy budgets in protecting valueless gradients. We theoretically derive the convergence rate of DPFL with OSRM under non-convex loss. Then, OSRM is optimized by minimizing the loss of the convergence rate. Based on analysis, we present an effective algorithm for optimizing OSRM. Extensive experiments are conducted with public datasets, including MNIST, Fashion-MNIST and CIFAR-10. The results suggest that OSRM can achieve the average improvement of accuracy by 18.42% as compared to state-of-the-art baselines with a fixed privacy budget.
Author Cui, Laizhong
Zhou, Yipeng
Ma, Jiating
Guo, Song
Author_xml – sequence: 1
  givenname: Jiating
  orcidid: 0000-0002-1205-8782
  surname: Ma
  fullname: Ma, Jiating
  email: 1270901086@qq.com
  organization: College of Computer Science and Software Engineering, Guangdong Laboratory of Artificial Intelligence and Digital Economy (SZ), Shenzhen University, Shenzhen, China
– sequence: 2
  givenname: Yipeng
  orcidid: 0000-0003-1533-0865
  surname: Zhou
  fullname: Zhou, Yipeng
  email: yipeng.zhou@mq.edu.au
  organization: School of Computing, FSE, Macquarie University, Macquarie Park, NSW, Australia
– sequence: 3
  givenname: Laizhong
  orcidid: 0000-0003-1991-290X
  surname: Cui
  fullname: Cui, Laizhong
  email: cuilz@szu.edu.cn
  organization: College of Computer Science and Software Engineering, Guangdong Laboratory of Artificial Intelligence and Digital Economy (SZ), Shenzhen University, Shenzhen, China
– sequence: 4
  givenname: Song
  orcidid: 0000-0001-9831-2202
  surname: Guo
  fullname: Guo, Song
  email: song.guo@polyu.edu.hk
  organization: Department of Computing, Hong Kong Polytechnic University, Kowloon, Hong Kong
BookMark eNpNkE1PAjEURRuDiYD-ABMXTVwPvn7MDF0SEDXBYATXTWfmVUugM7aDCf56h8DC1TuLe-9LzoD0fO2RkFsGI8ZAPaxnq-mIAxcjIYCPM3lB-kxJlgCwca_jVKZJqnJ2RQYxbgC4HCvZJ-uJp8umdTv3ixVdNSZEpO8Ym9p38Irll_Eu7qitA505azGgb53Zbg_0Lbgf0yKdY4Whg4ou0ATv_Oc1ubRmG_HmfIfkY_64nj4ni-XTy3SySEouszYxVVWlpTQyV1CKTCIvoLQARVFUkhV5wRQHI0RlUlWkPOUClSpz4BZYJqwQQ3J_2m1C_b3H2OpNvQ--e6kF5GMGOefQpdgpVYY6xoBWN8HtTDhoBvooTx_l6aM8fZbXde5OHYeI__KcQcqY-AMvHmy-
CODEN ITDSCM
Cites_doi 10.1145/3517820
10.1109/INFOCOM41043.2020.9155494
10.1109/INFOCOM48880.2022.9796841
10.1109/JSAC.2019.2904348
10.1109/jsait.2020.2985917
10.21203/rs.3.rs-1005694/v1
10.1109/JSAC.2021.3118354
10.1007/978-3-030-63076-8_2
10.1109/BigData47090.2019.9005465
10.1109/TDSC.2022.3168556
10.1109/ITCE48509.2020.9047776
10.1145/3340531.3411860
10.1007/978-3-030-59410-7_33
10.1109/TDSC.2020.3029899
10.1109/ICC.2019.8761315
10.1109/SP40000.2020.00025
10.18653/v1/2021.econlp-1.7
10.14778/3503585.3503592
10.1109/TII.2022.3161517
10.1109/TITS.2021.3081560
10.1145/3298981
10.1145/2976749.2978318
10.1109/tdsc.2023.3241057
10.1109/ICASSP39728.2021.9413764
10.1109/TDSC.2021.3135422
10.1109/TDSC.2021.3128679
10.1561/9781601988195
10.1109/tifs.2022.3174394
10.2478/popets-2022-0043
10.1109/tifs.2020.2988575
10.1109/INFOCOM.2019.8737416
10.1109/INFOCOM42981.2021.9488839
10.1109/TIFS.2022.3227761
10.1109/INFOCOM48880.2022.9796935
10.1109/ALLERTON.2015.7447103
10.14778/3055330.3055331
10.1609/aaai.v35i10.17053
ContentType Journal Article
Copyright Copyright IEEE Computer Society 2024
Copyright_xml – notice: Copyright IEEE Computer Society 2024
DBID 97E
RIA
RIE
AAYXX
CITATION
JQ2
DOI 10.1109/TDSC.2023.3302864
DatabaseName IEEE All-Society Periodicals Package (ASPP) 2005-present
IEEE All-Society Periodicals Package (ASPP) 1998–Present
IEEE Electronic Library Online
CrossRef
ProQuest Computer Science Collection
DatabaseTitle CrossRef
ProQuest Computer Science Collection
DatabaseTitleList
ProQuest Computer Science Collection
Database_xml – sequence: 1
  dbid: RIE
  name: IEL
  url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/
  sourceTypes: Publisher
DeliveryMethod fulltext_linktorsrc
Discipline Computer Science
EISSN 1941-0018
EndPage 2295
ExternalDocumentID 10_1109_TDSC_2023_3302864
10210511
Genre orig-research
GrantInformation_xml – fundername: General Research Fund
  grantid: 152203/20E; 152244/21E; 152169/22E
– fundername: National Key R&D Program of China
  grantid: 2022YFB3102302
– fundername: Key-Area Research and Development Program of Guangdong Province
  grantid: 2021B0101400003
– fundername: Hong Kong RGC Research Impact Fund
  grantid: R5060-19
– fundername: Areas of Excellence Scheme
  grantid: AoE/E-601/22-R
– fundername: Shenzhen Science and Technology Program
  grantid: RCYX20200714114645048
– fundername: Shenzhen Science and Technology Innovation Commission
  grantid: JCYJ20200109142008673
  funderid: 10.13039/501100010877
GroupedDBID .4S
.DC
0R~
29I
3V.
4.4
5GY
5VS
6IK
7WY
8FE
8FG
8FL
8R4
8R5
97E
AAJGR
AASAJ
AAYOK
ABJCF
ABQJQ
ABUWG
ACGFO
ACIWK
AENEX
AETIX
AFKRA
AIBXA
AKJIK
ALMA_UNASSIGNED_HOLDINGS
ARAPS
ARCSS
ATWAV
AZQEC
BEFXN
BENPR
BEZIV
BFFAM
BGLVJ
BGNUA
BKEBE
BPEOZ
BPHCQ
CCPQU
CS3
DU5
DWQXO
EBS
EDO
EJD
FRNLG
GNUQQ
GROUPED_ABI_INFORM_COMPLETE
HCIFZ
HZ~
IEDLZ
IFIPE
IPLJI
ITG
ITH
JAVBF
K60
K6V
K6~
K7-
L6V
LAI
M0C
M0N
M43
M7S
O9-
OCL
P2P
P62
PQBIZ
PQBZA
PQQKQ
PROAC
PTHSS
Q2X
RIA
RIC
RIE
RIG
RNI
RNS
RZB
AAYXX
CITATION
JQ2
ID FETCH-LOGICAL-c246t-addd5c4a4790c364e2b0cf00bbbd41b7b1920a33da59b52523e99c702f0163f33
IEDL.DBID RIE
ISSN 1545-5971
IngestDate Thu Oct 10 22:57:59 EDT 2024
Wed Jul 24 12:22:06 EDT 2024
Mon Nov 04 11:50:39 EST 2024
IsPeerReviewed false
IsScholarly true
Issue 4
Language English
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c246t-addd5c4a4790c364e2b0cf00bbbd41b7b1920a33da59b52523e99c702f0163f33
ORCID 0000-0003-1991-290X
0000-0001-9831-2202
0000-0003-1533-0865
0000-0002-1205-8782
PQID 3078107220
PQPubID 27603
PageCount 11
ParticipantIDs crossref_primary_10_1109_TDSC_2023_3302864
ieee_primary_10210511
proquest_journals_3078107220
PublicationCentury 2000
PublicationDate 2024-07-01
PublicationDateYYYYMMDD 2024-07-01
PublicationDate_xml – month: 07
  year: 2024
  text: 2024-07-01
  day: 01
PublicationDecade 2020
PublicationPlace Washington
PublicationPlace_xml – name: Washington
PublicationTitle IEEE transactions on dependable and secure computing
PublicationTitleAbbrev TDSC
PublicationYear 2024
Publisher IEEE
IEEE Computer Society
Publisher_xml – name: IEEE
– name: IEEE Computer Society
References ref13
Choudhury (ref28) 2019
ref35
ref12
ref34
Fu (ref40) 2021
ref15
ref37
ref14
ref36
ref31
Geyer (ref4) 2017
ref30
ref33
ref10
ref32
ref2
ref1
ref17
ref39
ref16
ref38
ref19
ref24
ref23
ref26
Wang (ref44)
ref25
McMahan (ref18)
ref20
ref42
ref41
ref22
ref21
ref43
ref27
ref29
ref8
ref7
ref9
ref3
ref6
Zhang (ref11) 2021
Wei (ref5) 2020
References_xml – ident: ref30
  doi: 10.1145/3517820
– ident: ref42
  doi: 10.1109/INFOCOM41043.2020.9155494
– ident: ref26
  doi: 10.1109/INFOCOM48880.2022.9796841
– ident: ref34
  doi: 10.1109/JSAC.2019.2904348
– start-page: 1273
  volume-title: Proc. 20th Int. Conf. Artif. Intell. Statist.
  ident: ref18
  article-title: Communication-efficient learning of deep networks from decentralized data
  contributor:
    fullname: McMahan
– ident: ref15
  doi: 10.1109/jsait.2020.2985917
– ident: ref2
  doi: 10.21203/rs.3.rs-1005694/v1
– ident: ref37
  doi: 10.1109/JSAC.2021.3118354
– ident: ref6
  doi: 10.1007/978-3-030-63076-8_2
– ident: ref25
  doi: 10.1109/BigData47090.2019.9005465
– ident: ref24
  doi: 10.1109/TDSC.2022.3168556
– start-page: 22802
  volume-title: Proc. 39th Int. Conf. Mach. Learn.
  ident: ref44
  article-title: Communication-efficient adaptive federated learning
  contributor:
    fullname: Wang
– ident: ref41
  doi: 10.1109/ITCE48509.2020.9047776
– year: 2021
  ident: ref11
  article-title: Wide network learning with differential privacy
  contributor:
    fullname: Zhang
– ident: ref12
  doi: 10.1145/3340531.3411860
– ident: ref14
  doi: 10.1007/978-3-030-59410-7_33
– ident: ref39
  doi: 10.1109/TDSC.2020.3029899
– ident: ref43
  doi: 10.1109/ICC.2019.8761315
– year: 2020
  ident: ref5
  article-title: A framework for evaluating gradient leakage attacks in federated learning
  contributor:
    fullname: Wei
– ident: ref9
  doi: 10.1109/SP40000.2020.00025
– ident: ref29
  doi: 10.18653/v1/2021.econlp-1.7
– ident: ref35
  doi: 10.14778/3503585.3503592
– ident: ref10
  doi: 10.1109/TII.2022.3161517
– ident: ref1
  doi: 10.1109/TITS.2021.3081560
– ident: ref3
  doi: 10.1145/3298981
– ident: ref32
  doi: 10.1145/2976749.2978318
– ident: ref27
  doi: 10.1109/tdsc.2023.3241057
– ident: ref36
  doi: 10.1109/ICASSP39728.2021.9413764
– ident: ref38
  doi: 10.1109/TDSC.2021.3135422
– ident: ref21
  doi: 10.1109/TDSC.2021.3128679
– ident: ref22
  doi: 10.1561/9781601988195
– ident: ref23
  doi: 10.1109/tifs.2022.3174394
– year: 2019
  ident: ref28
  article-title: Differential privacy-enabled federated learning for sensitive health data
  contributor:
    fullname: Choudhury
– ident: ref19
  doi: 10.2478/popets-2022-0043
– ident: ref8
  doi: 10.1109/tifs.2020.2988575
– ident: ref20
  doi: 10.1109/INFOCOM.2019.8737416
– ident: ref16
  doi: 10.1109/INFOCOM42981.2021.9488839
– ident: ref7
  doi: 10.1109/TIFS.2022.3227761
– year: 2021
  ident: ref40
  article-title: On the practicality of differential privacy in federated learning by tuning iteration times
  contributor:
    fullname: Fu
– year: 2017
  ident: ref4
  article-title: Differentially private federated learning: A client level perspective
  contributor:
    fullname: Geyer
– ident: ref33
  doi: 10.1109/INFOCOM48880.2022.9796935
– ident: ref13
  doi: 10.1109/ALLERTON.2015.7447103
– ident: ref31
  doi: 10.14778/3055330.3055331
– ident: ref17
  doi: 10.1609/aaai.v35i10.17053
SSID ssj0024894
Score 2.432082
Snippet Federated Learning (FL) enables geo-distributed clients to collaboratively train a learning model without exposing their private data. By only exposing local...
SourceID proquest
crossref
ieee
SourceType Aggregation Database
Publisher
StartPage 2285
SubjectTerms Algorithms
Budgets
Clients
Computational modeling
Convergence
convergence rate
Data models
Differential privacy
differentially private
Distortion
Exposure
Federated learning
Parameters
Privacy
sparse response
Training
Title An Optimized Sparse Response Mechanism for Differentially Private Federated Learning
URI https://ieeexplore.ieee.org/document/10210511
https://www.proquest.com/docview/3078107220
Volume 21
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1LTwIxEG6UkxfxgRFF04Mnk1262-6jRwISYgIagYTbZvtYQ4SF8DjIr3e6W-IrJt562N00nen0m-3M9yF0RxQNUkiUHU24cJiMPIiDceoAko1F6kkvyEw3cn8Q9sbscRJMbLN60QujtS6Kz7RrhsVdvlrIrflV1jQy1OBEkOwcRjwum7U-ifXiQvXQQAIHULJnrzA9wpujzrDtGp1wF7J3Pw7Zt0OoUFX5FYqL86VbRYP9zMqykjd3uxGu3P0gbfz31E_QsUWauFW6xik60PkZqu5VHLDd1Odo1MrxEwSO-XSnFR4uIdPV-KUsndW4r01r8HQ9x4BuccfKqUBYmM3e8fPKaKNp3DWMFDBQ2NK1vtbQuPswavccq7XgSJ-FGwfCnAokS1nEiaQh074gMiNECKGYJyIBSJCklKo04CLwIX3VnMuI-BlgRppReoEq-SLXlwhnMlN-pHgcMGZ6pkXmpUTyOJRMKqplHd3vFz9ZlpQaSZGKEJ4YSyXGUom1VB3VzGJ-ebBcxzpq7O2V2F23TqhhLiKR75OrP167RkfwdVbW2zZQZbPa6htAFRtxW3jTB1d7yKI
link.rule.ids 315,782,786,798,27931,27932,54765
linkProvider IEEE
linkToHtml http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV3JTsMwELUQHOBCWYooqw-ckBKc2E7iYwVUBdqCaCv1FsVLEKK0VZcDfD3jxBWbkLj5kCiWZzx-E8-8h9AZ0ZRnkCh7hgjpMRUHEAeTzAMkm8gsUAHPbTdyuxM1--x2wAeuWb3ohTHGFMVnxrfD4i5fj9XC_iq7sDLU4ESQ7KxxFke8bNf6pNZLCt1DCwo8wMmBu8QMiLjoXXUvfasU7kP-HiYR-3YMFboqv4JxccI0KqiznFtZWPLiL-bSV-8_aBv_PfkttOmwJq6XzrGNVsxoB1WWOg7Ybetd1KuP8D2Ejtfnd6NxdwK5rsGPZfGswW1jm4OfZ68Y8C2-coIqEBiGwzf8MLXqaAY3LCcFDDR2hK1PVdRvXPcum55TW_BUyKK5B4FOc8UyFguiaMRMKInKCZFSahbIWAIWJBmlOuNC8hASWCOEikmYA2qkOaV7aHU0Hpl9hHOV6zDWIuGM2a5pmQcZUSKJFFOaGlVD58vFTyclqUZaJCNEpNZSqbVU6ixVQ1W7mF8eLNexho6W9krdvpul1HIXkTgMycEfr52i9Wav3UpbN527Q7QBX2Jl9e0RWp1PF-YYMMZcnhSe9QEJ_svx
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=An+Optimized+Sparse+Response+Mechanism+for+Differentially+Private+Federated+Learning&rft.jtitle=IEEE+transactions+on+dependable+and+secure+computing&rft.au=Ma%2C+Jiating&rft.au=Zhou%2C+Yipeng&rft.au=Cui%2C+Laizhong&rft.au=Guo%2C+Song&rft.date=2024-07-01&rft.pub=IEEE&rft.issn=1545-5971&rft.volume=21&rft.issue=4&rft.spage=2285&rft.epage=2295&rft_id=info:doi/10.1109%2FTDSC.2023.3302864&rft.externalDocID=10210511
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1545-5971&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1545-5971&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1545-5971&client=summon