• español
    • English
  • Login
  • español 
    • español
    • English
  • Tipos de Publicaciones
    • bookbook partconference objectdoctoral thesisjournal articlemagazinemaster thesispatenttechnical documentationtechnical report
Ver ítem 
  •   IMDEA Networks Principal
  • Ver ítem
  •   IMDEA Networks Principal
  • Ver ítem
JavaScript is disabled for your browser. Some features of this site may not work without it.

Security-Enhanced and Privacy-Preserving Federated Learning

Compartir
Ficheros
PhD_Thesis_Tianyue_Chu.pdf (10.31Mb)
Identificadores
URI: https://hdl.handle.net/20.500.12761/1957
Metadatos
Mostrar el registro completo del ítem
Autor(es)
Chu, Tianyue
Supervisor(es)/Director(es)
Laoutaris, Nikolaos
Fecha
2025-07-23
Resumen
This thesis addresses two critical challenges in Federated Learning (FL): enhancing Byzantine robustness to thwart poisoning attacks and advancing privacy-preserving mechanisms to mitigate data leakage risks. To address the first challenge, we develop a robust FL aggregation scheme based on subjective logic and residual-based attack detection. This scheme retains historical data from previous rounds to build client reputations. Employing a combination of theoretical analysis, trace-driven simulation, and experimental validation with a prototype and real users, we show that our FL classifier can detect sensitive content with high accuracy, learn new labels rapidly, and remain robust against poisoning attacks from malicious users as well as imperfect input from non-malicious ones. Additionally, we identify a major weakness in FL—its vulnerability to poisoning attacks—as a consequence of the one person one vote (henceforth 1p1v) principle underlying most contemporary aggregation rules. To overcome this, we introduce FedQV, a novel aggregation algorithm built upon the quadratic voting scheme, recently proposed as a better alternative to 1p1v-based elections. Our theoretical analysis establishes that FedQV is a truthful mechanism in which bidding according to one’s true valuation is a dominant strategy that achieves a convergence rate matching that of state-of-the-art methods. Furthermore, our empirical analysis using multiple real-world datasets validates the superior performance of FedQV against poisoning attacks. It also shows that combining FedQV with unequal voting budgets according to a reputation score increases its performance benefits even further. FedQV can also be easily combined with Byzantine-robust privacy-preserving mechanisms to enhance its robustness against both poisoning and privacy attacks. To address the second challenge, we first characterize the privacy offered by pruning. We establish information-theoretic upper bounds on the information leakage from pruned FL and we experimentally validate them under state-of-the-art privacy attacks across different FL pruning schemes. Furthermore, we introduce Priprune, a privacy-aware algorithm for pruning in FL. Priprune uses defense pruning masks, which can be applied locally after any pruning algorithm, and adapts the defense pruning rate to jointly optimize privacy and accuracy. A key idea in the design of Priprune is pseudo-pruning: it undergoes defense pruning within the local model and only sends the pruned model to the server; while the weights pruned out by defense mask are withheld locally for future local training rather than being removed. We show that Priprune significantly improves the privacy-accuracy tradeoff compared to state-of-the-art pruned FL schemes. Addressing the critical challenges of robust aggregation and privacy-aware model training is crucial for integrating FL into practical scenarios. Through rigorous theoretical analysis and comprehensive empirical evaluations, this thesis demonstrates that the proposed methods significantly enhance FL’s robustness and privacy preservation. By providing innovative tools and strategies to overcome these obstacles, this thesis establishes FL as a secure and privacy-preserving learning paradigm, paving the way for its widespread adoption across diverse domains and applications.
Compartir
Ficheros
PhD_Thesis_Tianyue_Chu.pdf (10.31Mb)
Identificadores
URI: https://hdl.handle.net/20.500.12761/1957
Metadatos
Mostrar el registro completo del ítem

Listar

Todo IMDEA NetworksPor fecha de publicaciónAutoresTítulosPalabras claveTipos de contenido

Mi cuenta

Acceder

Estadísticas

Ver Estadísticas de uso

Difusión

emailContacto person Directorio wifi Eduroam rss_feed Noticias
Iniciativa IMDEA Sobre IMDEA Networks Organización Memorias anuales Transparencia
Síguenos en:
Comunidad de Madrid

UNIÓN EUROPEA

Fondo Social Europeo

UNIÓN EUROPEA

Fondo Europeo de Desarrollo Regional

UNIÓN EUROPEA

Fondos Estructurales y de Inversión Europeos

© 2021 IMDEA Networks. | Declaración de accesibilidad | Política de Privacidad | Aviso legal | Política de Cookies - Valoramos su privacidad: ¡este sitio no utiliza cookies!