Movatterモバイル変換

[0]ホーム
URL:

CN112560059A - Vertical federal model stealing defense method based on neural pathway feature extraction - Google Patents

Vertical federal model stealing defense method based on neural pathway feature extractionDownload PDF

Info

Publication number
CN112560059A
CN112560059ACN202011499140.XACN202011499140ACN112560059ACN 112560059 ACN112560059 ACN 112560059ACN 202011499140 ACN202011499140 ACN 202011499140ACN 112560059 ACN112560059 ACN 112560059A
Authority
CN
China
Prior art keywords
model
loss
edge
sample set
sample
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011499140.XA
Other languages
Chinese (zh)
Other versions
CN112560059B (en
Inventor
陈晋音
吴长安
张龙源
金海波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang University of Technology ZJUT
Original Assignee
Zhejiang University of Technology ZJUT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang University of Technology ZJUTfiledCriticalZhejiang University of Technology ZJUT
Priority to CN202011499140.XApriorityCriticalpatent/CN112560059B/en
Publication of CN112560059ApublicationCriticalpatent/CN112560059A/en
Application grantedgrantedCritical
Publication of CN112560059BpublicationCriticalpatent/CN112560059B/en
Activelegal-statusCriticalCurrent
Anticipated expirationlegal-statusCritical

Links

Images

Classifications

Landscapes

Abstract

Translated fromChinese

本发明公开了一种基于神经通路特征提取的垂直联邦下模型窃取防御方法,包括:(1)将数据集中的每张样本平均分成两部分,组成样本集DA和DB,且仅样本集DB包含样本标签;(2)依据DA对边缘终端PB的边缘模型MA进行训练,依据DB对边缘终端PB的边缘模型MB进行训练,PA将训练过程产生的特征数据发送给PB,PB利用接收的特征数据和激活神经元通路数据计算损失函数,PA和PB并将各自的损失函数掩码加密后上传至服务端;(3)服务端对上传的损失函数掩码解密并聚合后求解聚合的损失函数获得MA和MB的梯度信息,并返回梯度信息至PA和PB以更新边缘模型网络参数。来提高在垂直联邦场景下边缘模型的信息安全性。

Figure 202011499140

The invention disclosesa model stealing defense method under vertical federation based on neural pathway feature extraction. DB contains sample labels; (2) the edge modelMA of the edge terminalPB is trained according to DA, the edge modelMB of the edge terminalPB is trained according toDB , and the feature data generated by the training process is trained byPA Send to PB , PB uses the received feature data and activated neuron pathway data to calculate the loss function, PA and PB encrypt their respective loss function masks and upload them to the server; (3) The server pairs the uploaded After the loss function mask is decrypted and aggregated, the aggregated loss function is solved to obtain the gradient information of MA and MB , and the gradient information is returned to PA and PB to update the network parameters of the edge model. To improve the information security of edge models in vertical federation scenarios.

Figure 202011499140

Description

Vertical federal model stealing defense method based on neural pathway feature extraction
Technical Field
The invention belongs to the field of safety defense, and particularly relates to a vertical federal model stealing defense method based on neural pathway feature extraction.
Background
In recent years, deep learning models have been widely used for various realistic tasks and have achieved good results. Meanwhile, data islanding and privacy disclosure in the model training and application process become main problems which hinder the development of artificial intelligence technology at present. To address this problem, federal learning has emerged as an efficient means of privacy protection. The federal learning is a distributed machine learning method, namely a learning method that a participant uploads updated parameters to a server after training local data, and the server aggregates the updated parameters to obtain overall parameters, and a lossless learning model is trained through local training and parameter transmission of the participant.
Federal learning can be roughly divided into three categories according to different situations of data distribution: horizontal federal learning, vertical federal learning, and federal migratory learning. The horizontal federated learning refers to that under the condition that data features are overlapped more and users are overlapped less among different data sets, the data sets are segmented according to user dimensions, and the data with the same data features and not identical users is extracted for training. Longitudinal federated learning refers to that under the condition that users overlap more and data features overlap less among different data sets, the data sets are segmented according to data feature dimensions, and the data with the same users and the data features which are not identical are extracted for training. Federal transfer learning refers to the situation where users of multiple data sets have little overlap with data features, data is not segmented, but transfer learning is utilized to overcome data or tag deficiencies.
Compared with the traditional machine learning technology, the federal learning can improve the learning efficiency, solve the problem of data islands and protect the privacy of local data. However, a plurality of potential safety hazards exist in federal learning, and three main threats to attacks in federal learning are as follows: poisoning attacks, countering attacks, and privacy disclosure. The privacy disclosure problem is the most important problem in the context of federal learning, because federal learning involves model information interaction of a plurality of participants, in the process, the model information interaction is easily attacked maliciously, and the privacy security of the model for the federal learning is greatly threatened.
In a vertical federal scene, in order to protect the privacy security of a depth model, the proposed main privacy protection technology comprises safe multi-party calculation, homomorphic encryption and differential privacy protection, the computation complexity of the safe multi-party calculation and homomorphic encryption technology can be greatly increased, the time cost and the computation cost can be improved, the computation force requirement on equipment is also high, the differential privacy protection technology needs to realize the privacy security protection by adding noise, and the accuracy of the model on the original task can be influenced.
Disclosure of Invention
In order to improve the information security of the edge model under a vertical federal scene and prevent the edge model from being stolen by a malicious attacker in the information transmission process, the invention provides a vertical federal model stealing defense method based on neural pathway feature extraction.
The technical scheme of the invention is as follows:
a vertical federal model stealing defense method based on neural pathway feature extraction comprises the following steps:
(1) dividing each sample in the data set into two parts to form a sample set DAAnd sample set DBAnd only the sample set DBContaining a sample label, sample set DA、DBTo the edge terminal PAAnd an edge terminal PB
(2) According to sample set DAFor edge terminal PBEdge model M ofATraining is carried out according to a sample set DBFor edge terminal PBEdge model M ofBTraining is performed, edge terminal PASending the characteristic data generated in the training process to PB,PBComputing a loss function using the received feature data and the activated neuron path data, the edge terminal PAAnd PBEncrypting the respective loss function masks and uploading the encrypted loss function masks to a server;
(3) service end to edge terminal PAAnd PBAfter the uploaded loss function mask is decrypted, the loss function is aggregated, and then the aggregated loss function is solved to obtain MAAnd MBAnd returning the gradient information to the edge terminal PAAnd PBTo update the edge model network parameters.
Compared with the prior art, the invention has the beneficial effects that at least:
according to the stealing and defending method for the model under the vertical federation based on the neural pathway feature extraction, the neural pathway feature is fixed during training, and the loss function is encrypted and uploaded, so that a malicious attacker is prevented from stealing the model under the vertical federation scene, and the information security of the edge model under the vertical federation scene is prevented.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a flowchart of a vertical federal model theft defense method based on neural pathway feature extraction according to an embodiment of the present invention;
fig. 2 is a schematic diagram of training of a vertical federal model provided in an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be further described in detail with reference to the accompanying drawings and examples. It should be understood that the detailed description and specific examples, while indicating the scope of the invention, are intended for purposes of illustration only and are not intended to limit the scope of the invention.
Aiming at the problem that a model of a lower edge end in a vertical federal scene is vulnerable to a malicious attacker in the process of model information interaction, after the attacker steals model information of the edge end, the model of the edge end is stolen through calculation of gradients and loss values. In order to prevent the stealing of the edge model, the embodiment of the invention provides a model stealing defense scheme under the vertical federation based on neural pathway feature extraction, a neural pathway feature extraction step is added in a training stage of the edge model, and a model parameter transmission process in the training stage is encrypted by a method for fixedly activating neurons, so that a malicious party is effectively prevented from stealing the privacy information of the depth model in the process of model parameter exchange of different edge terminals under the vertical federation scene, and an attacker cannot restore the training process of the model even if the transmission information of the edge model is stolen under the premise of not unlocking the fixed neural pathway, thereby achieving the purposes of protecting the model information and defending against model stealing attack.
Fig. 1 is a flowchart of a vertical federal model theft defense method based on neural pathway feature extraction according to an embodiment of the present invention. As shown in fig. 1, the method for protecting from stealing of a model under a vertical federation based on neural pathway feature extraction provided by the embodiment includes the following steps:
step 1, data set division and alignment.
In an embodiment, an MNIST dataset, a CIFAR-10 dataset, and an ImageNet dataset are employed. The MNIST data set comprises ten types of training sets, 6000 samples of each type, ten types of testing sets and 1000 samples of each type; the training set of the CIFAR-10 data set comprises ten types, 5000 samples of each type, ten types of the test set and 1000 samples of each type; the ImageNet data sets are 1000 types, each type comprises 1000 samples, 30% of pictures in each type are randomly extracted to serve as a test set, and the rest pictures serve as training sets.
In the present invention, two edge terminals P are used under the vertical federationAAnd PBIn the vertical federal scenario, two edge terminals PAAnd PBThe data of (2) have different data characteristics, so that the preprocessed data set needs to be subjected to characteristic segmentation. Averagely dividing each sample image in the MNIST data set, the CIFAR-10 data set and the ImageNet data set into two parts which are respectively used as a sample set DAAnd sample set DBWherein the sample set DBA sample classmark containing the sample image.
In an embodiment, the samples are divided to obtain a sample set DAAnd sample set DBThen, the sample set D is also neededAAnd sample set DBIn which the partial samples derived from the same sample are aligned, i.e. the edge model M is guaranteedAAnd edge model MBThe partial samples of the same input are derived from the same sample.
Due to edge termination P under vertical federal scenarioAAnd PBAre different, while ensuring a sample set D of different edge terminalsAAnd DBThe method has the advantages that the original data of the two partial images belonging to the same sample image are aligned by adopting an encryption-based user ID alignment technology, so that the partial image data used each time come from the same sample image in the training process of the two terminals, and the users of any edge terminal cannot be exposed in the process of data entity alignment.
And 2, the edge terminal trains respective edge models by using respective sample sets, encrypts respective loss functions by masks and uploads the loss functions to the server.
In an embodiment, according to sample set DAFor edge terminal PBEdge model M ofATraining is carried out according to a sample set DBFor edge terminal PBEdge model M ofBTraining is performed, edge terminal PASending the characteristic data generated in the training process to PB,PBComputing a loss function using the received feature data and the activated neuron path data, the edge terminal PAAnd PBAnd the respective loss function masks are encrypted and uploaded to the server.
For different data sets, both edge terminals are usedAnd (3) training the same model structure, and for the Imagnet data set, training and setting unified hyper-parameters by using an ImageNet pre-trained model: using a random gradient descent (SGD), adam optimizer, learning rate of η, regularization parameter of λ, data set
Figure BDA0002843047120000051
Figure BDA0002843047120000052
Where i denotes a certain sample data, yiThe original label representing the corresponding sample,
Figure BDA0002843047120000053
and
Figure BDA0002843047120000054
the feature spaces respectively representing data, and the model parameters related to the feature spaces are represented by thetaAAnd ΘBThe model training target is expressed as:
Figure BDA0002843047120000061
in particular, according to the sample set DAFor edge model MAIn training, the edge model MALoss function Loss ofAComprises the following steps:
Figure BDA0002843047120000062
wherein, thetaARepresenting an edge model MAThe model parameters of (a) are determined,
Figure BDA0002843047120000063
represents the ith sample belonging to the sample set A, | · | | non-calculation2Representing the square of the norm of L1.
According to sample set DBFor edge model MBIn training, the edge model MBTotal Loss function Loss ofsumComprises the following steps:
losssum=lossB+λ*losstopk+lossAB
Figure BDA0002843047120000064
Figure BDA0002843047120000065
Figure BDA0002843047120000066
therein, lossBRepresenting an edge model MBLoss oftopkIndicating neural pathway loss, lossABDenotes the common loss, and λ denotes the adaptive adjustment coefficient as a partial factor of the neural pathway encryption, ΘBRepresenting an edge model MBThe model parameters of (a) are determined,
Figure BDA0002843047120000067
denotes the i-th sample, y, belonging to the sample set BiTo represent
Figure BDA0002843047120000068
Corresponding label, | · | | non-conducting phosphor2Denotes the square of the L1 norm, i denotes the sample index, N is the number of samples, NUPathl(T, N) represents the activation values of a plurality of maximum activation neurons of the L-th layer of the edge model, L represents the total number of layers of the edge model, T is the number of samples input each time, and N represents the number of neurons of each layer.
In the embodiment, a neural pathway is defined by taking any neuron in an input layer in the neural network as a starting point, taking any neuron in an output layer as an end point, taking information flow of data as a direction, and passing through communication paths of a plurality of neurons in a hidden layer. The neural pathway represents the connection relationship between neurons, and when a sample is input into the model to activate a specific neuron, the pathway formed by the neurons in the activated state is called an activated neural pathway.
When the neural pathway is fixed, in the training process of the edge end model, after each round of training is finished, randomly selecting samples from the test set of the data set selected in the step 1 as samples to be input into the training model, and obtaining the maximum activation neural pathway of the model at the moment: let N be { N ═ N1,n2,...nnIs a set of neurons of the deep learning model; let T ═ x1,x2,...xnIs the input of a set of test sets;
Figure BDA0002843047120000071
in order to be a function of the function,
Figure BDA0002843047120000072
representing given input samples
Figure BDA0002843047120000073
In the first layer and the input sample
Figure BDA0002843047120000074
Corresponding neuron niActivation value of, maxk(. cndot.) represents the extraction of activation values for k neurons k large before the activation value in each layer. The maximum activation neural pathway is defined as follows:
Figure BDA0002843047120000075
during training, a maximum activation neural channel composed of activation values of a plurality of maximum activation neurons is fixed, namely the activation values of the neurons are unchanged, and the activation values of k neurons in each neural layer are accumulated to form a path loss function.
Step 3, the service end carries out the edge terminal PAAnd PBAfter the uploaded loss function mask is decrypted, the aggregation loss function obtains gradient information and returns the gradient information to the edge terminal PAAnd PBTo update the edge model network parameters.
In this embodiment, the service end is to the edge terminal PAAnd PBAfter the uploaded loss function mask is decrypted, the loss function is aggregated, and then the aggregated loss function is solved to obtain MAAnd MBAnd returns the gradient information to the edge terminal PAAnd PB. Specifically, the server side adopts random gradient descent to solve gradient information of the aggregated loss function. The Loss function Loss of the server side aggregation is as follows:
Loss=lossB+λ*losstopk+lossAB+lossA
MAand MBRespectively is
Figure BDA0002843047120000076
And
Figure BDA0002843047120000077
edge terminal PAAnd PBAfter gradient information returned by the server is received, updating M of each edge model according to the gradient informationAAnd MBBased on the updated new network parameters, the training is resumed.
Aiming at model stealing attack in a vertical federal scene, the method for preventing model stealing in the vertical federal based on neural pathway feature extraction provided by the embodiment fixes and encrypts the neural pathway feature in the training process of the edge end model, so that the model is prevented from being stolen by a malicious attacker in the gradient and loss information transmission process of the edge model, and the model is stolen. The information of the model is encrypted and protected from the aspect of feature extraction, so that the privacy and the safety of the model are protected while the model training efficiency is improved.
The above-mentioned embodiments are intended to illustrate the technical solutions and advantages of the present invention, and it should be understood that the above-mentioned embodiments are only the most preferred embodiments of the present invention, and are not intended to limit the present invention, and any modifications, additions, equivalents, etc. made within the scope of the principles of the present invention should be included in the scope of the present invention.

Claims (8)

1. A vertical federal model stealing defense method based on neural pathway feature extraction is characterized by comprising the following steps:
(1) dividing each sample in the data set into two parts to form a sample set DAAnd sample set DBAnd only the sample set DBContaining a sample label, sample set DA、DBTo the edge terminal PAAnd an edge terminal PB
(2) According to sample set DAFor edge terminal PBEdge model M ofATraining is carried out according to a sample set DBFor edge terminal PBEdge model M ofBTraining is performed, edge terminal PASending the characteristic data generated in the training process to PB,PBComputing a loss function using the received feature data and the activated neuron path data, the edge terminal PAAnd PBEncrypting the respective loss function masks and uploading the encrypted loss function masks to a server;
(3) service end to edge terminal PAAnd PBAfter the uploaded loss function mask is decrypted, the loss function is aggregated, and then the aggregated loss function is solved to obtain MAAnd MBAnd returning the gradient information to the edge terminal PAAnd PBTo update the edge model network parameters.
2. The vertical federal model theft defense method based on neural pathway feature extraction as claimed in claim 1, wherein the method is based on a sample set DAFor edge model MAIn training, the edge model MALoss function Loss ofAComprises the following steps:
Figure FDA0002843047110000011
wherein, thetaARepresenting an edge model MAThe model parameters of (a) are determined,
Figure FDA0002843047110000012
represents the ith sample belonging to the sample set A, | · | | non-calculation2Representing the square of the norm of L1.
3. The vertical federal model theft defense method based on neural pathway feature extraction as claimed in claim 1, wherein the method is based on a sample set DBFor edge model MBIn training, the edge model MBTotal Loss function Loss ofsumComprises the following steps:
losssum=lossB+λ*losstopk+lossAB
Figure FDA0002843047110000021
Figure FDA0002843047110000022
Figure FDA0002843047110000023
therein, lossBRepresenting an edge model MBLoss oftopkIndicating neural pathway loss, lossABDenotes the common loss, and λ denotes the adaptive adjustment coefficient as a partial factor of the neural pathway encryption, ΘBRepresenting an edge model MBThe model parameters of (a) are determined,
Figure FDA0002843047110000024
denotes the i-th sample, y, belonging to the sample set BiTo represent
Figure FDA0002843047110000025
Corresponding label, | · | | non-conducting phosphor2Denotes the square of the L1 norm, i denotes the sample index, N is the number of samples, NUPathl(T, N) denotes multiple maximum activations of the l-th layer of the edge modelThe activation value of the neuron, L represents the total number of layers of the edge model, T is the number of samples input each time, and N represents the number of the neuron of each layer.
4. The method for vertical federal model theft defense based on neural pathway feature extraction as claimed in claim 3, wherein NUPathlThe formula for calculating (T, N) is:
Figure FDA0002843047110000026
wherein,
Figure FDA0002843047110000027
in order to be a function of the function,
Figure FDA0002843047110000028
representing given input samples
Figure FDA0002843047110000029
In the first layer and the input sample
Figure FDA00028430471100000210
Corresponding neuron niActivation value of, maxk(. cndot.) represents the extraction of activation values for k neurons k large before the activation value in each layer.
5. The vertical federal model theft defense method based on neural pathway feature extraction as claimed in claim 1, wherein in the step (3), the Loss function Loss of the service-side aggregation is:
Loss=lossB+λ*losstopk+lossAB+lossA
MAand MBRespectively is
Figure FDA00028430471100000211
And
Figure FDA00028430471100000212
6. the vertical federal model theft defense method based on neural pathway feature extraction as claimed in claim 1, wherein the edge terminal P isAAnd PBAfter gradient information returned by the server is received, updating M of each edge model according to the gradient informationAAnd MBBased on the updated new network parameters, the training is resumed.
7. The vertical federal model theft defense method based on neural pathway feature extraction as claimed in claim 1, wherein samples are divided to obtain a sample set DAAnd sample set DBThen, the sample set D is also neededAAnd sample set DBIn which the partial samples derived from the same sample are aligned, i.e. the edge model M is guaranteedAAnd edge model MBThe partial samples of the same input are derived from the same sample.
8. The vertical federal model theft defense method based on neural pathway feature extraction as claimed in claim 1, wherein the server side adopts random gradient descent to solve gradient information of aggregated loss functions.
CN202011499140.XA2020-12-172020-12-17Vertical federal model stealing defense method based on neural pathway feature extractionActiveCN112560059B (en)

Priority Applications (1)

Application NumberPriority DateFiling DateTitle
CN202011499140.XACN112560059B (en)2020-12-172020-12-17Vertical federal model stealing defense method based on neural pathway feature extraction

Applications Claiming Priority (1)

Application NumberPriority DateFiling DateTitle
CN202011499140.XACN112560059B (en)2020-12-172020-12-17Vertical federal model stealing defense method based on neural pathway feature extraction

Publications (2)

Publication NumberPublication Date
CN112560059Atrue CN112560059A (en)2021-03-26
CN112560059B CN112560059B (en)2022-04-29

Family

ID=75063447

Family Applications (1)

Application NumberTitlePriority DateFiling Date
CN202011499140.XAActiveCN112560059B (en)2020-12-172020-12-17Vertical federal model stealing defense method based on neural pathway feature extraction

Country Status (1)

CountryLink
CN (1)CN112560059B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
CN113297575A (en)*2021-06-112021-08-24浙江工业大学Multi-channel graph vertical federal model defense method based on self-encoder
CN113362216A (en)*2021-07-062021-09-07浙江工业大学Deep learning model encryption method and device based on backdoor watermark
CN113792890A (en)*2021-09-292021-12-14国网浙江省电力有限公司信息通信分公司Model training method based on federal learning and related equipment

Citations (13)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
CN1806337A (en)*2004-01-102006-07-19HVVi半导体股份有限公司Power semiconductor device and method therefor
US20080072301A1 (en)*2004-07-092008-03-20Matsushita Electric Industrial Co., Ltd.System And Method For Managing User Authentication And Service Authorization To Achieve Single-Sign-On To Access Multiple Network Interfaces
US9614670B1 (en)*2015-02-052017-04-04Ionic Security Inc.Systems and methods for encryption and provision of information security using platform services
CN109525384A (en)*2018-11-162019-03-26成都信息工程大学The DPA attack method and system, terminal being fitted using neural network
CN110782042A (en)*2019-10-292020-02-11深圳前海微众银行股份有限公司 Horizontal and vertical federation methods, devices, equipment and media
US20200202243A1 (en)*2019-03-052020-06-25Allegro Artificial Intelligence LtdBalanced federated learning
CN111401552A (en)*2020-03-112020-07-10浙江大学 A Federated Learning Method and System Based on Adjusting Batch Size and Gradient Compression Ratio
CN111598143A (en)*2020-04-272020-08-28浙江工业大学 A Defense Method for Federated Learning Poisoning Attack Based on Credit Evaluation
CN111625820A (en)*2020-05-292020-09-04华东师范大学 A Federal Defense Method Based on AIoT Security
CN111723946A (en)*2020-06-192020-09-29深圳前海微众银行股份有限公司 A federated learning method and device applied to blockchain
CN111783853A (en)*2020-06-172020-10-16北京航空航天大学 An Interpretability-Based Detection and Recovery Neural Network Adversarial Example Method
CN111860832A (en)*2020-07-012020-10-30广州大学 A Federated Learning-Based Approach to Enhance the Defense Capability of Neural Networks
CN111931242A (en)*2020-09-302020-11-13国网浙江省电力有限公司电力科学研究院Data sharing method, computer equipment applying same and readable storage medium

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
CN1806337A (en)*2004-01-102006-07-19HVVi半导体股份有限公司Power semiconductor device and method therefor
US20080072301A1 (en)*2004-07-092008-03-20Matsushita Electric Industrial Co., Ltd.System And Method For Managing User Authentication And Service Authorization To Achieve Single-Sign-On To Access Multiple Network Interfaces
US9614670B1 (en)*2015-02-052017-04-04Ionic Security Inc.Systems and methods for encryption and provision of information security using platform services
CN109525384A (en)*2018-11-162019-03-26成都信息工程大学The DPA attack method and system, terminal being fitted using neural network
US20200202243A1 (en)*2019-03-052020-06-25Allegro Artificial Intelligence LtdBalanced federated learning
CN110782042A (en)*2019-10-292020-02-11深圳前海微众银行股份有限公司 Horizontal and vertical federation methods, devices, equipment and media
CN111401552A (en)*2020-03-112020-07-10浙江大学 A Federated Learning Method and System Based on Adjusting Batch Size and Gradient Compression Ratio
CN111598143A (en)*2020-04-272020-08-28浙江工业大学 A Defense Method for Federated Learning Poisoning Attack Based on Credit Evaluation
CN111625820A (en)*2020-05-292020-09-04华东师范大学 A Federal Defense Method Based on AIoT Security
CN111783853A (en)*2020-06-172020-10-16北京航空航天大学 An Interpretability-Based Detection and Recovery Neural Network Adversarial Example Method
CN111723946A (en)*2020-06-192020-09-29深圳前海微众银行股份有限公司 A federated learning method and device applied to blockchain
CN111860832A (en)*2020-07-012020-10-30广州大学 A Federated Learning-Based Approach to Enhance the Defense Capability of Neural Networks
CN111931242A (en)*2020-09-302020-11-13国网浙江省电力有限公司电力科学研究院Data sharing method, computer equipment applying same and readable storage medium

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
C. T. B. GARROCHO ET AL: "Real-Time Systems Implications in the Blockchain-Based Vertical Integration", 《COMPUTER》*
李铮: "一种支持隐私与权益保护的数据联合利用系统方案", 《信息与电脑(理论版)》*
陈晋音等: "深度学习模型的中毒攻击与防御综述", 《信息安全学报》*

Cited By (6)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
CN113297575A (en)*2021-06-112021-08-24浙江工业大学Multi-channel graph vertical federal model defense method based on self-encoder
CN113297575B (en)*2021-06-112022-05-17浙江工业大学Multi-channel graph vertical federal model defense method based on self-encoder
CN113362216A (en)*2021-07-062021-09-07浙江工业大学Deep learning model encryption method and device based on backdoor watermark
CN113362216B (en)*2021-07-062024-08-20浙江工业大学Deep learning model encryption method and device based on back door watermark
CN113792890A (en)*2021-09-292021-12-14国网浙江省电力有限公司信息通信分公司Model training method based on federal learning and related equipment
CN113792890B (en)*2021-09-292024-05-03国网浙江省电力有限公司信息通信分公司 A model training method based on federated learning and related equipment

Also Published As

Publication numberPublication date
CN112560059B (en)2022-04-29

Similar Documents

PublicationPublication DateTitle
Hu et al.Federated learning: a distributed shared machine learning method
Wang et al.Evilmodel: hiding malware inside of neural network models
CN115333825A (en) A defense method against neuron gradient attacks in federated learning
CN110008696A (en) A User Data Reconstruction Attack Method for Deep Federated Learning
CN112560059B (en)Vertical federal model stealing defense method based on neural pathway feature extraction
Shen et al.Privacy-preserving federated learning against label-flipping attacks on non-iid data
CN113298268A (en)Vertical federal learning method and device based on anti-noise injection
CN117421762A (en)Federal learning privacy protection method based on differential privacy and homomorphic encryption
CN111935168A (en)Industrial information physical system-oriented intrusion detection model establishing method
CN112738035B (en)Block chain technology-based vertical federal model stealing defense method
CN112487456B (en) Federated learning model training method, system, electronic device and readable storage medium
CN117216805A (en)Data integrity audit method suitable for resisting Bayesian and hordeolum attacks in federal learning scene
CN115310625A (en)Longitudinal federated learning reasoning attack defense method
CN116127519A (en) A blockchain-based dynamic differential privacy federated learning system
CN116340986A (en)Block chain-based privacy protection method and system for resisting federal learning gradient attack
CN114492828A (en) Vertical federated learning malicious node detection and reinforcement method and application based on blockchain technology
CN113792890A (en)Model training method based on federal learning and related equipment
CN116861994A (en) A privacy-preserving federated learning method that resists Byzantine attacks
Zhang et al.Visual object detection for privacy-preserving federated learning
CN118468986A (en) Application of Federated Learning in Power Data Analysis and Privacy Protection Methods
CN116050546A (en)Federal learning method of Bayesian robustness under data dependent identical distribution
Kaushal et al.Securing the collective intelligence: a comprehensive review of federated learning security attacks and defensive strategies
CN119850214A (en)Security protection transaction settlement method based on artificial intelligence
Masuda et al.Model fragmentation, shuffle and aggregation to mitigate model inversion in federated learning
CN118607670A (en) Federated learning method, system and readable storage medium

Legal Events

DateCodeTitleDescription
PB01Publication
PB01Publication
SE01Entry into force of request for substantive examination
SE01Entry into force of request for substantive examination
GR01Patent grant
GR01Patent grant
OL01Intention to license declared
OL01Intention to license declared
[8]ページ先頭
©2009-2025 Movatter.jp