VAEFL: Integrating variational autoencoders for privacy preservation and performance retention in federated learning

Li Zhixin; Liu Yicun; Li Jiale; Ye Guangnan; Chai Hongfeng; Lu Zhihui; Wu Jie

doi:10.1051/sands/2024005

Security and Safety (Jan 2024)

VAEFL: Integrating variational autoencoders for privacy preservation and performance retention in federated learning

Li Zhixin,
Liu Yicun,
Li Jiale,
Ye Guangnan,
Chai Hongfeng,
Lu Zhihui,
Wu Jie

Affiliations

Li Zhixin: ORCiD; School of Computer Science, Fudan University
Liu Yicun: ORCiD; School of Computer Science, Fudan University
Li Jiale: School of Computer Science, Fudan University
Ye Guangnan: School of Computer Science, Fudan University
Chai Hongfeng: School of Computer Science, Fudan University
Lu Zhihui: School of Computer Science, Fudan University
Wu Jie: ORCiD; School of Computer Science, Fudan University

DOI: https://doi.org/10.1051/sands/2024005
Journal volume & issue: Vol. 3
p. 2024005

Abstract

Read online

Federated Learning (FL) heralds a paradigm shift in the training of artificial intelligence (AI) models by fostering collaborative model training while safeguarding client data privacy. In sectors where data sensitivity and AI model security are of paramount importance, such as fintech and biomedicine, maintaining the utility of models without compromising privacy is crucial with the growing application of AI technologies. Therefore, the adoption of FL is attracting significant attention. However, traditional FL methods are susceptible to Deep Leakage from Gradients (DLG) attacks, and typical defensive strategies in current research, such as secure multi-party computation and differential privacy, often lead to excessive computational costs or significant decreases in model accuracy. To address DLG attacks in FL, this study introduces VAEFL, an innovative FL framework that incorporates Variational Autoencoders (VAEs) to enhance privacy protection without undermining the predictive prowess of the models. VAEFL strategically partitions the model into a private encoder and a public decoder. The private encoder, remaining local, transmutes sensitive data into a latent space fortified for privacy, while the public decoder and classifier, through collaborative training across clients, learn to derive precise predictions from the encoded data. This bifurcation ensures that sensitive data attributes are not disclosed, circumventing gradient leakage attacks and simultaneously allowing the global model to benefit from the diverse knowledge of client datasets. Comprehensive experiments demonstrate that VAEFL not only surpasses standard FL benchmarks in privacy preservation but also maintains competitive performance in predictive tasks. VAEFL thus establishes a novel equilibrium between data privacy and model utility, offering a secure and efficient FL approach for the sensitive application of FL in the financial domain.

Published in Security and Safety

ISSN: 2826-1275 (Online)
Publisher: EDP Sciences
Country of publisher: France
LCC subjects: Science: Mathematics: Instruments and machines: Electronic computers. Computer science
Website: https://sands.edpsciences.org

About the journal

Abstract

Keywords