LDP-FL: Practical Private Aggregation in Federated Learning with Local Differential Privacy

LDP-FL: Practical Private Aggregation in Federated Learning with Local Differential Privacy

Lichao Sun, Jianwei Qian, Xun Chen

Proceedings of the Thirtieth International Joint Conference on Artificial Intelligence
Main Track. Pages 1571-1578. https://doi.org/10.24963/ijcai.2021/217

Training deep learning models on sensitive user data has raised increasing privacy concerns in many areas. Federated learning is a popular approach for privacy protection that collects the local gradient information instead of raw data. One way to achieve a strict privacy guarantee is to apply local differential privacy into federated learning. However, previous works do not give a practical solution due to two issues. First, the range difference of weights in different deep learning model layers has not been explicitly considered when applying local differential privacy mechanism. Second, the privacy budget explodes due to the high dimensionality of weights in deep learning models and many query iterations of federated learning. In this paper, we proposed a novel design of local differential privacy mechanism for federated learning to address the abovementioned issues. It makes the local weights update differentially private by adapting to the varying ranges at different layers of a deep neural network, which introduces a smaller variance of the estimated model weights, especially for deeper models. Moreover, the proposed mechanism bypasses the curse of dimensionality by parameter shuffling aggregation. A series of empirical evaluations on three commonly used datasets in prior differential privacy works, MNIST, Fashion-MNIST and CIFAR-10, demonstrate that our solution can not only achieve superior deep learning performance but also provide a strong privacy guarantee at the same time.
Keywords:
Data Mining: Federated Learning
Data Mining: Privacy Preserving Data Mining
Agent-based and Multi-agent Systems: Multi-agent Learning
AI Ethics, Trust, Fairness: Trustable Learning