FedSel: Federated SGD Under Local Differential Privacy with Top-k Dimension Selection

Liu, Ruixuan; Cao, Yang; Yoshikawa, Masatoshi; Hong, Chen

doi:10.1007/978-3-030-59410-7_33

Cited by 98 publications

(56 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this case, the total domain size increases exponentially, which leads to huge computing costs and low data utility due to the “curse of dimensionality”. The second is protecting high-dimensional parameters of learning models in machine learning, deep learning, or federated learning tasks [ 168 ]. In this case, the scale of injected noise is proportional to the dimension, which will inject heavier noise and result in inaccurate models.…”

Section: Discussion and Future Directionsmentioning

confidence: 99%

“…However, the increase of dimension d will cause the privacy budget to decay rapidly and the noise scale to increase, which leads to poor accuracy of the learned model when d is large. Thus, Liu et al [ 168 ] proposed FedSel that only selects the most important top- k dimensions under the premise of stabilizing the learning process. In addition, Sun et al [ 169 ] proposed to mitigate the privacy degradation by splitting and shuffling, which reduces noise variance and improve accuracy.…”

Section: Machine Learning With Ldpmentioning

confidence: 99%

See 1 more Smart Citation

A Comprehensive Survey on Local Differential Privacy toward Data Statistics and Analysis

Wang

Zhang

Feng

et al. 2020

Sensors

View full text Add to dashboard Cite

Collecting and analyzing massive data generated from smart devices have become increasingly pervasive in crowdsensing, which are the building blocks for data-driven decision-making. However, extensive statistics and analysis of such data will seriously threaten the privacy of participating users. Local differential privacy (LDP) was proposed as an excellent and prevalent privacy model with distributed architecture, which can provide strong privacy guarantees for each user while collecting and analyzing data. LDP ensures that each user’s data is locally perturbed first in the client-side and then sent to the server-side, thereby protecting data from privacy leaks on both the client-side and server-side. This survey presents a comprehensive and systematic overview of LDP with respect to privacy models, research tasks, enabling mechanisms, and various applications. Specifically, we first provide a theoretical summarization of LDP, including the LDP model, the variants of LDP, and the basic framework of LDP algorithms. Then, we investigate and compare the diverse LDP mechanisms for various data statistics and analysis tasks from the perspectives of frequency estimation, mean estimation, and machine learning. Furthermore, we also summarize practical LDP-based application scenarios. Finally, we outline several future research directions under LDP.

show abstract

Section: Discussion and Future Directionsmentioning

confidence: 99%

Section: Machine Learning With Ldpmentioning

confidence: 99%

A Comprehensive Survey on Local Differential Privacy toward Data Statistics and Analysis

Wang

Zhang

Feng

et al. 2020

Sensors

View full text Add to dashboard Cite

show abstract

“…However, the perdimension privacy budget becomes extremely small for high-dimensional models, which results in a significant increase of noise. A recent work [37] proposed a twostage LDP-FL framework, which splits the privacy budget into a dimension selection (DS) stage and a value perturbation (VP) stage. In the DS stage, the local update is sorted by absolute value and one "important" dimension is privately selected from the top-k dimensions; in the VP stage, the value of the selected di- Randomly sample a dimension j ∈ {a ∈ {1, • • • , d}|a / ∈ S topk } 11: end if 12: Return j mension is perturbed.…”

Section: Training the Generative Modelmentioning

confidence: 99%

“…Finally, a sparse local update is constructed and returned to the server. Although [37] mitigated the dimension-dependency problem by only selecting one "important" dimension, the privacy budget is still consumed by the two stages. In high-privacy scenarios (where the privacy budget is small), each stage may therefore obtain only an insufficient privacy budget and cause large randomness.…”

Section: Training the Generative Modelmentioning

confidence: 99%

See 1 more Smart Citation

Privacy-Preserving High-dimensional Data Collection with Federated Generative Autoencoder

Jiang

Zhou

Großklags

2021

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

Business intelligence and AI services often involve the collection of copious amounts of multidimensional personal data. Since these data usually contain sensitive information of individuals, the direct collection can lead to privacy violations. Local differential privacy (LDP) is currently considered a state-ofthe-art solution for privacy-preserving data collection. However, existing LDP algorithms are not applicable to high-dimensional data; not only because of the increase in computation and communication cost, but also poor data utility. In this paper, we aim at addressing the curse-of-dimensionality problem in LDP-based high-dimensional data collection. Based on the idea of machine learning and data synthesis, we propose DP-Fed-Wae, an efficient privacy-preserving framework for collecting high-dimensional categorical data. With the combination of a generative autoencoder, federated learning, and differential privacy, our framework is capable of privately learning the statistical distributions of local data and generating high utility synthetic data on the server side without revealing users’ private information. We have evaluated the framework in terms of data utility and privacy protection on a number of real-world datasets containing 68–124 classification attributes. We show that our framework outperforms the LDP-based baseline algorithms in capturing joint distributions and correlations of attributes and generating high-utility synthetic data. With a local privacy guarantee ∈ = 8, the machine learning models trained with the synthetic data generated by the baseline algorithm cause an accuracy loss of 10% ~ 30%, whereas the accuracy loss is significantly reduced to less than 3% and at best even less than 1% with our framework. Extensive experimental results demonstrate the capability and efficiency of our framework in synthesizing high-dimensional data while striking a satisfactory utility-privacy balance.

show abstract

Privacy preserving and secure robust federated learning: A survey

Han,

Lu,

Wang

et al. 2024

Concurrency and Computation

View full text Add to dashboard Cite

SummaryFederated learning (FL) has emerged as a promising solution to address the challenges posed by data silos and the need for global data fusion. It offers a distributed machine learning framework with privacy‐preserving features, allowing model training without the need to collect user data. However, FL also presents significant security and privacy threats that hinder its widespread adoption. The requirements of privacy and security in FL are inherently conflicting. Privacy necessitates the concealment of individual client updates, while security requires the disclosure of client updates to detect anomalies. While most existing research focused on the privacy and security aspects of FL, very few studies have addressed the compatibility of these two demands. In this work, we aim to bridge this gap by proposing a comprehensive defense scheme that ensures privacy, security, and compatibility in FL. We categorize the existing literature into two key directions: privacy defense and security defense. Privacy defense includes methods based on additive masks, differential privacy, homomorphic encryption, and trusted execution environment, whereas security defense encompasses distance‐, performance‐, clustering‐, and similarity‐based anomaly detection techniques and statistical information‐based anomaly update bypassing techniques when the server is trusted and privacy‐compatible anomaly update detection techniques when the server is not trusted. In addition, this article presents decentralized FL solutions based on blockchain. For each direction, we discuss specific technical solutions, their advantages, and disadvantages. By evaluating various defense methods, we identify the most suitable approach to address the primary challenge of “achieving a secure and robust FL system against malicious adversaries while protecting users' privacy.” We then propose a theoretical reference framework for end‐to‐end protection of privacy and security in FL for the key problem, which summarizes the attack surface of FL systems from the client to the server under the security model where the client and server are malicious. Leveraging the strengths and characteristics of existing schemes, our proposed framework integrates multiple techniques to strike a balance between privacy, usability, and efficiency. This framework serves as a valuable reference and provides insights for future work in the field. Finally, we also provide recommendations for future research directions in this field.

show abstract

FedSel: Federated SGD Under Local Differential Privacy with Top-k Dimension Selection

Cited by 98 publications

References 14 publications

A Comprehensive Survey on Local Differential Privacy toward Data Statistics and Analysis

A Comprehensive Survey on Local Differential Privacy toward Data Statistics and Analysis

Privacy-Preserving High-dimensional Data Collection with Federated Generative Autoencoder

Privacy preserving and secure robust federated learning: A survey

Contact Info

Product

Resources

About