Federated learning with bilateral defense via blockchain

IF 6.3 1区计算机科学 Q1 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE Neural Networks Pub Date : 2025-01-27 DOI:10.1016/j.neunet.2025.107199

Jue Xiao , Hewang Nie , Zepu Yi , Xueming Tang , Songfeng Lu

{"title":"Federated learning with bilateral defense via blockchain","authors":"Jue Xiao , Hewang Nie , Zepu Yi , Xueming Tang , Songfeng Lu","doi":"10.1016/j.neunet.2025.107199","DOIUrl":null,"url":null,"abstract":"<div><div>Federated Learning (FL) offers benefits in protecting client data privacy but also faces multiple security challenges, such as privacy breaches from unencrypted data transmission and poisoning attacks that compromise model performance, however, most existing solutions address only one of these issues. In this paper, we consider a more challenging threat model—the non-fully trusted model, wherein both malicious clients and honest-but-curious servers coexist. To this end, we propose a Federated Learning with Bilateral Defense via Blockchain (FedBASS) scheme that tackles both threats by implementing a dual-server architecture (Analyzer and Verifier), using CKKS encryption to secure client-uploaded gradients, and employing cosine similarity to detect malicious clients. Additionally, we address the problem of non-IID data by proposing a gradient compensation strategy based on dynamic clustering. To further enhance privacy during clustering, we propose a weakened differential privacy scheme augmented with shuffling. Moreover, in FedBASS, the communication process between servers is recorded on the blockchain to ensure the robustness and transparency of FedBASS and to prevent selfish behaviors by clients and servers. Finally, extensive experiments conducted on three datasets prove that FedBASS effectively achieves a balance among model fidelity, robustness, efficiency, privacy, and practicality.</div></div>","PeriodicalId":49763,"journal":{"name":"Neural Networks","volume":"185 ","pages":"Article 107199"},"PeriodicalIF":6.3000,"publicationDate":"2025-01-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Neural Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0893608025000784","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

Federated Learning (FL) offers benefits in protecting client data privacy but also faces multiple security challenges, such as privacy breaches from unencrypted data transmission and poisoning attacks that compromise model performance, however, most existing solutions address only one of these issues. In this paper, we consider a more challenging threat model—the non-fully trusted model, wherein both malicious clients and honest-but-curious servers coexist. To this end, we propose a Federated Learning with Bilateral Defense via Blockchain (FedBASS) scheme that tackles both threats by implementing a dual-server architecture (Analyzer and Verifier), using CKKS encryption to secure client-uploaded gradients, and employing cosine similarity to detect malicious clients. Additionally, we address the problem of non-IID data by proposing a gradient compensation strategy based on dynamic clustering. To further enhance privacy during clustering, we propose a weakened differential privacy scheme augmented with shuffling. Moreover, in FedBASS, the communication process between servers is recorded on the blockchain to ensure the robustness and transparency of FedBASS and to prevent selfish behaviors by clients and servers. Finally, extensive experiments conducted on three datasets prove that FedBASS effectively achieves a balance among model fidelity, robustness, efficiency, privacy, and practicality.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

b区块链与双边防御的联合学习。

联邦学习（FL）在保护客户端数据隐私方面提供了好处，但也面临着多重安全挑战，例如未加密数据传输造成的隐私泄露和损害模型性能的中毒攻击，然而，大多数现有解决方案只解决了其中一个问题。在本文中，我们考虑了一个更具挑战性的威胁模型——非完全信任模型，其中恶意客户端和诚实但好奇的服务器共存。为此，我们提出了一种通过b区块链（FedBASS）方案进行双边防御的联邦学习，该方案通过实现双服务器架构（分析器和验证器）来解决这两种威胁，使用CKKS加密来保护客户端上传的梯度，并使用余弦相似度来检测恶意客户端。此外，我们提出了一种基于动态聚类的梯度补偿策略来解决非iid数据的问题。为了进一步增强聚类过程中的隐私性，我们提出了一种增强洗牌的弱差分隐私方案。此外，在FedBASS中，服务器之间的通信过程被记录在区块链上，以确保FedBASS的鲁棒性和透明性，防止客户端和服务器的自私行为。最后，在三个数据集上进行的大量实验证明，FedBASS有效地实现了模型保真度、鲁棒性、效率、隐私性和实用性之间的平衡。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Neural Networks 工程技术-计算机：人工智能

CiteScore

13.90

自引率

7.70%

发文量

425

审稿时长

67 days

期刊介绍： Neural Networks is a platform that aims to foster an international community of scholars and practitioners interested in neural networks, deep learning, and other approaches to artificial intelligence and machine learning. Our journal invites submissions covering various aspects of neural networks research, from computational neuroscience and cognitive modeling to mathematical analyses and engineering applications. By providing a forum for interdisciplinary discussions between biology and technology, we aim to encourage the development of biologically-inspired artificial intelligence.