University Library
  • Login
A gateway to Melbourne's research publications
Minerva Access is the University's Institutional Repository. It aims to collect, preserve, and showcase the intellectual output of staff and students of the University of Melbourne for a global audience.
View Item 
  • Minerva Access
  • Engineering and Information Technology
  • Electrical and Electronic Engineering
  • Electrical and Electronic Engineering - Research Publications
  • View Item
  • Minerva Access
  • Engineering and Information Technology
  • Electrical and Electronic Engineering
  • Electrical and Electronic Engineering - Research Publications
  • View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.

    Federated Learning with Differential Privacy: Algorithms and Performance Analysis

    Thumbnail
    Download
    Accepted version (501.8Kb)

    Citations
    Scopus
    Web of Science
    Altmetric
    3
    5
    Author
    Wei, K; Li, J; Ding, M; Ma, C; Yang, HH; Farokhi, F; Jin, S; Quek, TQS; Poor, HV
    Date
    2020-06-16
    Source Title
    IEEE Transactions on Information Forensics and Security
    Publisher
    IEEE
    University of Melbourne Author/s
    Farokhi, Farhad
    Affiliation
    Electrical and Electronic Engineering
    Metadata
    Show full item record
    Document Type
    Journal Article
    Citations
    Wei, K., Li, J., Ding, M., Ma, C., Yang, H. H., Farokhi, F., Jin, S., Quek, T. Q. S. & Poor, H. V. (2020). Federated Learning with Differential Privacy: Algorithms and Performance Analysis. IEEE Transactions on Information Forensics and Security, 15, pp.3454-3469. https://doi.org/10.1109/TIFS.2020.2988575.
    Access Status
    Open Access
    URI
    http://hdl.handle.net/11343/251362
    DOI
    10.1109/TIFS.2020.2988575
    Abstract
    Federated learning (FL), as a type of distributed machine learning, is capable of significantly preserving clients’ private data from being exposed to adversaries. Nevertheless, private information can still be divulged by analyzing uploaded parameters from clients, e.g., weights trained in deep neural networks. In this paper, to effectively prevent information leakage, we propose a novel framework based on the concept of differential privacy (DP), in which artificial noises are added to parameters at the clients’ side before aggregating, namely, noising before model aggregation FL (NbAFL). First, we prove that the NbAFL can satisfy DP under distinct protection levels by properly adapting different variances of artificial noises. Then we develop a theoretical convergence bound of the loss function of the trained FL model in the NbAFL. Specifically, the theoretical bound reveals the following three key properties: 1) There is a tradeoff between a convergence performance and privacy protection levels, i.e., better convergence performance leads to a lower protection level; 2) Given a fixed privacy protection level, increasing the number N of overall clients participating in FL can improve the convergence performance; and 3) There is an optimal number aggregation times (communication rounds) in terms of convergence performance for a given protection level. Furthermore, we propose a K-client random scheduling strategy, where K (1≤K<N) clients are randomly selected from the N overall clients to participate in each aggregation. We also develop a corresponding convergence bound for the loss function in this case and the K-client random scheduling strategy also retains the above three properties. Moreover, we find that there is an optimal K that achieves the best convergence performance at a fixed privacy level. Evaluations demonstrate that our theoretical results are consistent with simulations, thereby facilitating the design of various privacy-preserving FL algorithms with different tradeoff requirements on convergence performance and privacy levels.

    Export Reference in RIS Format     

    Endnote

    • Click on "Export Reference in RIS Format" and choose "open with... Endnote".

    Refworks

    • Click on "Export Reference in RIS Format". Login to Refworks, go to References => Import References


    Collections
    • Minerva Elements Records [52443]
    • Electrical and Electronic Engineering - Research Publications [792]
    Minerva AccessDepositing Your Work (for University of Melbourne Staff and Students)NewsFAQs

    BrowseCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsThis CollectionBy Issue DateAuthorsTitlesSubjects
    My AccountLoginRegister
    StatisticsMost Popular ItemsStatistics by CountryMost Popular Authors