典型的机器学习方法需要集中数据进行模型培训，这可能是由于例如隐私和梯度保护的数据共享的限制。最近提出的联合学习（FL）框架允许在没有集中的数据或数据所有者之间共享数据，允许在没有数据共享的数据中学习共享模型。然而，我们在本文中展示了联合模型的泛化能力在非独立和非相同分布（非IID）数据上差，特别是当由于重量分歧现象而使用联邦平均（FEDAVG）策略时。我们提出了一种新颖的促进算法，用于解决这种概括问题，以及在基于梯度的优化中实现了更快的收敛速率。此外，还引入了使用同型加密（HE）和差异隐私（DP）的安全渐变共享协议来防御梯度泄漏攻击。我们展示了所提出的联邦升压（FedBoost）方法在使用公共基准测试中对文本识别任务的预测准确性和运行时间效率实现了显着提高。

数据隐私已成为机器学习（ML）日益重要的问题，其中许多方法已经发展以解决这一挑战，例如，这一挑战加密（同性恋加密（HE），差异隐私（DP）等）和协作培训（安全多方计算（MPC），分布式学习和联合学习（FL））。这些技术特别侧重于数据加密或安全本地计算。他们将中间信息转移到第三方以计算最终结果。梯度交换通常被认为是在深度学习（DL）中协同训练鲁棒模型的安全方式。然而，最近的研究表明，可以从共享梯度恢复敏感信息。特别地，生成的对抗网络（GaN）已显示有效地恢复这些信息。然而，基于GaN的技术需要附加信息，例如类标签，这些标签通常不可用才能获得隐私保留的学习。在本文中，我们表明，在FL系统中，仅通过我们所提出的生成回归神经网络（GRNN）只能通过共享梯度全额从共享梯度容易地恢复基于图像的隐私数据。我们制定攻击是回归问题，并通过最小化梯度之间的距离来优化生成模型的两个分支。我们在几种图像分类任务上评估我们的方法。结果说明我们所提出的GNN优于最先进的方法，具有更好的稳定性，更强的鲁棒性和更高的准确性。它对全球流动模型也没有收敛要求。此外，我们使用面部重新识别来展示信息泄漏。在这项工作中还讨论了一些防御策略。

联邦学习（FL）是利用属于患者，人，公司或行业的敏感数据的合适解决方案，这些数据在刚性隐私约束下工作的难题。 FL主要或部分地支持数据隐私和安全问题，并提供促进促进多个边缘设备或组织的模型问题的替代方案，以使用许多本地数据培训全局模型而不具有它们。由其分布式自然引起的FL的非IID数据具有显着的性能下降和稳定性偏斜。本文介绍了一种新颖的方法，通过增强图像动态平衡客户端的数据分布，以解决FL的非IID数据问题。介绍的方法非常稳定模型培训，并将模型的测试精度从83.22％提高到89.43％，对于高度IID FL设定中的胸部X射线图像的多胸疾病检测。 IID，非IID和非IID的结果，联合培训表明，该方法可能有助于鼓励组织或研究人员开发更好的系统，以获得与数据隐私的数据的价值不仅适用于医疗保健，而且领域。

联合学习（FL）和分裂学习（SL）是两种新兴的协作学习方法，可能会极大地促进物联网（IoT）中无处不在的智能。联合学习使机器学习（ML）模型在本地培训的模型使用私人数据汇总为全球模型。分裂学习使ML模型的不同部分可以在学习框架中对不同工人进行协作培训。联合学习和分裂学习，每个学习都有独特的优势和各自的局限性，可能会相互补充，在物联网中无处不在的智能。因此，联合学习和分裂学习的结合最近成为一个活跃的研究领域，引起了广泛的兴趣。在本文中，我们回顾了联合学习和拆分学习方面的最新发展，并介绍了有关最先进技术的调查，该技术用于将这两种学习方法组合在基于边缘计算的物联网环境中。我们还确定了一些开放问题，并讨论了该领域未来研究的可能方向，希望进一步引起研究界对这个新兴领域的兴趣。

由于对个人数据隐私的不断增长和当地客户的迅速增长的数据量，Federated Learnated（FL）的动机已成为新的机器学习设置。 FL系统由中央参数服务器和多个本地客户端组成。它将数据保留在本地客户端，并通过共享本地学到的模型参数来学习集中式模型。不需要共享本地数据，并且可以很好地保护隐私。然而，由于它是模型而不是共享的原始数据，因此系统可以暴露于恶意客户端发起的中毒模型攻击。此外，由于服务器上没有本地客户端数据，因此确定恶意客户端是一项挑战。此外，仍然可以使用上载模型估算客户本地数据，从而导致隐私披露。在这项工作中，我们首先提出了一个基于模型更新的联合平均算法，以防御拜占庭式攻击，例如加性噪声攻击和弹药攻击。提出了单个客户模型初始化方法，以通过隐藏各个本地机器学习模型来提供进一步的隐私保护。在结合这两个方案时，隐私和安全性都可以有效地增强。当没有攻击时，提出的方案被证明在非IID数据分布下实验会收敛。在拜占庭式攻击下，提议的方案的表现要比基于经典模型的FedAvg算法要好得多。

联邦学习（FL）和分裂学习（SL）是两个流行的分布式机器学习方法。遵循模型到数据方案;客户培训和测试机器学习模型而不共享原始数据。由于客户端和服务器之间的机器学习模型架构，SL提供比FL更好的模型隐私。此外，分割模型使SL成为资源受限环境的更好选择。然而，由于基于中继的训练，SL表现在多个客户端的继电器训练引起的速度。在这方面，本文提出了一种名为Splitfed Learning（SFL）的新方法，该方法可分摊两种方法消除其固有缺点，以及包含差异隐私和PIXELD的精制架构配置，以增强数据隐私和模型鲁棒性。我们的分析和经验结果表明，（纯）SFL提供了类似的测试精度和通信效率，作为SL，同时每个全球时代显着降低其用于多个客户端的SL中的计算时间。此外，如SL在SL中，它的通信效率随着客户的数量而改善。此外，在扩展实验环境下进一步评估了具有隐私和鲁棒性度量的SFL的性能。

In recent years, mobile devices are equipped with increasingly advanced sensing and computing capabilities. Coupled with advancements in Deep Learning (DL), this opens up countless possibilities for meaningful applications, e.g., for medical purposes and in vehicular networks. Traditional cloudbased Machine Learning (ML) approaches require the data to be centralized in a cloud server or data center. However, this results in critical issues related to unacceptable latency and communication inefficiency. To this end, Mobile Edge Computing (MEC) has been proposed to bring intelligence closer to the edge, where data is produced. However, conventional enabling technologies for ML at mobile edge networks still require personal data to be shared with external parties, e.g., edge servers. Recently, in light of increasingly stringent data privacy legislations and growing privacy concerns, the concept of Federated Learning (FL) has been introduced. In FL, end devices use their local data to train an ML model required by the server. The end devices then send the model updates rather than raw data to the server for aggregation. FL can serve as an enabling technology in mobile edge networks since it enables the collaborative training of an ML model and also enables DL for mobile edge network optimization. However, in a large-scale and complex mobile edge network, heterogeneous devices with varying constraints are involved. This raises challenges of communication costs, resource allocation, and privacy and security in the implementation of FL at scale. In this survey, we begin with an introduction to the background and fundamentals of FL. Then, we highlight the aforementioned challenges of FL implementation and review existing solutions. Furthermore, we present the applications of FL for mobile edge network optimization. Finally, we discuss the important challenges and future research directions in FL.

Differentially private federated learning (DP-FL) has received increasing attention to mitigate the privacy risk in federated learning. Although different schemes for DP-FL have been proposed, there is still a utility gap. Employing central Differential Privacy in FL (CDP-FL) can provide a good balance between the privacy and model utility, but requires a trusted server. Using Local Differential Privacy for FL (LDP-FL) does not require a trusted server, but suffers from lousy privacy-utility trade-off. Recently proposed shuffle DP based FL has the potential to bridge the gap between CDP-FL and LDP-FL without a trusted server; however, there is still a utility gap when the number of model parameters is large. In this work, we propose OLIVE, a system that combines the merits from CDP-FL and LDP-FL by leveraging Trusted Execution Environment (TEE). Our main technical contributions are the analysis and countermeasures against the vulnerability of TEE in OLIVE. Firstly, we theoretically analyze the memory access pattern leakage of OLIVE and find that there is a risk for sparsified gradients, which is common in FL. Secondly, we design an inference attack to understand how the memory access pattern could be linked to the training data. Thirdly, we propose oblivious yet efficient algorithms to prevent the memory access pattern leakage in OLIVE. Our experiments on real-world data demonstrate that OLIVE is efficient even when training a model with hundreds of thousands of parameters and effective against side-channel attacks on TEE.

Federated learning is a collaborative method that aims to preserve data privacy while creating AI models. Current approaches to federated learning tend to rely heavily on secure aggregation protocols to preserve data privacy. However, to some degree, such protocols assume that the entity orchestrating the federated learning process (i.e., the server) is not fully malicious or dishonest. We investigate vulnerabilities to secure aggregation that could arise if the server is fully malicious and attempts to obtain access to private, potentially sensitive data. Furthermore, we provide a method to further defend against such a malicious server, and demonstrate effectiveness against known attacks that reconstruct data in a federated learning setting.

Federated Learning (FL) has been widely accepted as the solution for privacy-preserving machine learning without collecting raw data. While new technologies proposed in the past few years do evolve the FL area, unfortunately, the evaluation results presented in these works fall short in integrity and are hardly comparable because of the inconsistent evaluation metrics and experimental settings. In this paper, we propose a holistic evaluation framework for FL called FedEval, and present a benchmarking study on seven state-of-the-art FL algorithms. Specifically, we first introduce the core evaluation taxonomy model, called FedEval-Core, which covers four essential evaluation aspects for FL: Privacy, Robustness, Effectiveness, and Efficiency, with various well-defined metrics and experimental settings. Based on the FedEval-Core, we further develop an FL evaluation platform with standardized evaluation settings and easy-to-use interfaces. We then provide an in-depth benchmarking study between the seven well-known FL algorithms, including FedSGD, FedAvg, FedProx, FedOpt, FedSTC, SecAgg, and HEAgg. We comprehensively analyze the advantages and disadvantages of these algorithms and further identify the suitable practical scenarios for different algorithms, which is rarely done by prior work. Lastly, we excavate a set of take-away insights and future research directions, which are very helpful for researchers in the FL area.

通常利用机器学习方法并有效地将智能电表读数从家庭级别分解为设备级消耗，可以帮助分析用户的电力消耗行为并启用实用智能能源和智能网格申请。最近的研究提出了许多基于联邦深度学习（FL）的新型NILM框架。但是，缺乏综合研究，探讨了不同基于FL的NILM应用程序方案中的实用性优化方案和隐私保护方案。在本文中，我们首次尝试通过开发分布式和隐私的尼尔姆（DP2-NILM）框架来进行基于FL的NILM，重点关注实用程序优化和隐私保护，并在实用的NILM场景上进行比较实验基于现实世界的智能电表数据集。具体而言，在实用程序优化方案（即FedAvg和FedProx）中检查了两种替代联合学习策略。此外，DP2-NILM提供了不同级别的隐私保证，即联合学习的当地差异隐私学习和联合的全球差异隐私学习。在三个现实世界数据集上进行了广泛的比较实验，以评估所提出的框架。

Modern mobile devices have access to a wealth of data suitable for learning models, which in turn can greatly improve the user experience on the device. For example, language models can improve speech recognition and text entry, and image models can automatically select good photos. However, this rich data is often privacy sensitive, large in quantity, or both, which may preclude logging to the data center and training there using conventional approaches. We advocate an alternative that leaves the training data distributed on the mobile devices, and learns a shared model by aggregating locally-computed updates. We term this decentralized approach Federated Learning.We present a practical method for the federated learning of deep networks based on iterative model averaging, and conduct an extensive empirical evaluation, considering five different model architectures and four datasets. These experiments demonstrate the approach is robust to the unbalanced and non-IID data distributions that are a defining characteristic of this setting. Communication costs are the principal constraint, and we show a reduction in required communication rounds by 10-100× as compared to synchronized stochastic gradient descent.

联合学习允许多个参与者在不公开数据隐私的情况下协作培训高效模型。但是，这种分布式的机器学习培训方法容易受到拜占庭客户的攻击，拜占庭客户通过修改模型或上传假梯度来干扰全球模型的训练。在本文中，我们提出了一种基于联邦学习（CMFL）的新型无服务器联合学习框架委员会机制，该机制可以确保算法具有融合保证的鲁棒性。在CMFL中，设立了一个委员会系统，以筛选上载已上传的本地梯度。 The committee system selects the local gradients rated by the elected members for the aggregation procedure through the selection strategy, and replaces the committee member through the election strategy.基于模型性能和防御的不同考虑，设计了两种相反的选择策略是为了精确和鲁棒性。广泛的实验表明，与典型的联邦学习相比，与传统的稳健性相比，CMFL的融合和更高的准确性比传统的稳健性，以分散的方法的方式获得了传统的耐受性算法。此外，我们理论上分析并证明了在不同的选举和选择策略下CMFL的收敛性，这与实验结果一致。

联合学习（FL）旨在通过使客户能够在不共享其私有数据的情况下协作构建机器学习模型来保护数据隐私。然而，最近的作品表明FL容易受到基于梯度的数据恢复攻击。保存技术的品种已经利用，以进一步提升FL的隐私。尽管如此，它们的计算或通信昂贵（例如，同态加密）或遭受精密损失（例如，差异隐私）。在这项工作中，我们提出了\ textsc {fedcg}，一个新颖的\下划线{fed} erated学习方法，它利用\下划线{c} onditional \下划线{g}良好的对手网络来实现高级隐私保护，同时仍然保持竞争模型表现。更具体地说，\ textsc {fedcg}将每个客户端的本地网络分解为私有提取器和公共分类器，并保留本地提取器保护隐私。而不是暴露作为隐私泄漏的罪魁祸首的提取器，而是将客户的生成器与服务器共享，以聚合旨在增强客户端网络性能的公共知识。广泛的实验表明，与基线FL方法相比，\ TextSc {FEDCG}可以实现竞争模型性能，数值隐私分析表明\ TextSC {FEDCG}具有高级别的隐私保存能力。

在金融和医疗保健等高度监管域中的机构通常存在围绕数据共享的限制性规则。联合学习是一种分布式学习框架，可以实现对分散数据的多机构合作，并改善了每个合作师的数据隐私的保护。在本文中，我们提出了一种用于分散的联邦学习的通信有效的方案，称为ProxyFL或基于代理的联合学习。 ProxyFL中的每个参与者都维护了两个模型，私人模型和旨在保护参与者隐私的公开共享代理模型。代理模型允许参与者之间的高效信息交换，使用PushSum方法而无需集中式服务器。所提出的方法通过允许模型异质性消除了规范联合学习的显着限制;每个参与者都可以拥有任何架构的私有模型。此外，我们通过代理通信的协议导致使用差异隐私分析的隐私保障更强。对流行的图像数据集的实验，以及使用超过30,000多个高质量的千兆的千兆子痫组织的泛癌诊断问题整个幻灯片图像，表明ProxyFL可以优于现有的现有替代方案，越来越少的沟通开销和更强大的隐私。

Federated learning achieves joint training of deep models by connecting decentralized data sources, which can significantly mitigate the risk of privacy leakage. However, in a more general case, the distributions of labels among clients are different, called ``label distribution skew''. Directly applying conventional federated learning without consideration of label distribution skew issue significantly hurts the performance of the global model. To this end, we propose a novel federated learning method, named FedMGD, to alleviate the performance degradation caused by the label distribution skew issue. It introduces a global Generative Adversarial Network to model the global data distribution without access to local datasets, so the global model can be trained using the global information of data distribution without privacy leakage. The experimental results demonstrate that our proposed method significantly outperforms the state-of-the-art on several public benchmarks. Code is available at \url{https://github.com/Sheng-T/FedMGD}.

拜占庭式联合学习（FL）旨在对抗恶意客户并培训准确的全球模型，同时保持极低的攻击成功率。然而，大多数现有系统仅在诚实/半hon最达克的多数设置中都具有强大的功能。 FLTRUST（NDSS '21）将上下文扩展到对客户的恶意多数，但在训练之前，应在训练之前为服务器提供辅助数据集，以便过滤恶意输入。私人火焰/flguard（Usenix '22）提供了一种解决方案，以确保在半多数上下文中既有稳健性和更新机密性。到目前为止，不可能平衡恶意背景，鲁棒性和更新机密性之间的权衡。为了解决这个问题，我们提出了一种新颖的拜占庭式bybust和隐私的FL系统，称为简介，以捕获恶意的少数群体和多数服务器和客户端。具体而言，基于DBSCAN算法，我们设计了一种通过成对调整的余弦相似性聚类的新方法，以提高聚类结果的准确性。为了阻止多数攻击恶意的攻击，我们开发了一种称为模型分割的算法，在该算法中，同一集群中的本地更新聚集在一起，并且将聚合正确地发送回相应的客户端。我们还利用多种密码工具来执行聚类任务，而无需牺牲培训正确性并更新机密性。我们介绍了详细的安全证明和经验评估以及简要的收敛分析。实验结果表明，简介的测试精度实际上接近FL基线（平均为0.8％的差距）。同时，攻击成功率约为0％-5％。我们进一步优化了设计，以便可以分别降低{67％-89.17％和66.05％-68.75％}的通信开销和运行时。

作为一种有希望的隐私机器学习方法，联合学习（FL）可以使客户跨客户培训，而不会损害其机密的本地数据。但是，现有的FL方法遇到了不均分布数据的推理性能低的问题，因为它们中的大多数依赖于联合平均（FIDAVG）基于联合的聚合。通过以粗略的方式平均模型参数，FedAvg将局部模型的个体特征黯然失色，这极大地限制了FL的推理能力。更糟糕的是，在每一轮FL培训中，FedAvg向客户端向客户派遣了相同的初始本地模型，这很容易导致对最佳全局模型的局限性搜索。为了解决上述问题，本文提出了一种新颖有效的FL范式，名为FEDMR（联合模型重组）。与传统的基于FedAvg的方法不同，FEDMR的云服务器将收集到的本地型号的每一层层混合，并重组它们以实现新的模型，以供客户端培训。由于在每场FL比赛中进行了细粒度的模型重组和本地培训，FEDMR可以迅速为所有客户找出一个全球最佳模型。全面的实验结果表明，与最先进的FL方法相比，FEDMR可以显着提高推理准确性而不会引起额外的通信开销。

Mobile traffic prediction is of great importance on the path of enabling 5G mobile networks to perform smart and efficient infrastructure planning and management. However, available data are limited to base station logging information. Hence, training methods for generating high-quality predictions that can generalize to new observations on different parties are in demand. Traditional approaches require collecting measurements from different base stations and sending them to a central entity, followed by performing machine learning operations using the received data. The dissemination of local observations raises privacy, confidentiality, and performance concerns, hindering the applicability of machine learning techniques. Various distributed learning methods have been proposed to address this issue, but their application to traffic prediction has yet to be explored. In this work, we study the effectiveness of federated learning applied to raw base station aggregated LTE data for time-series forecasting. We evaluate one-step predictions using 5 different neural network architectures trained with a federated setting on non-iid data. The presented algorithms have been submitted to the Global Federated Traffic Prediction for 5G and Beyond Challenge. Our results show that the learning architectures adapted to the federated setting achieve equivalent prediction error to the centralized setting, pre-processing techniques on base stations lead to higher forecasting accuracy, while state-of-the-art aggregators do not outperform simple approaches.

恶意攻击者和诚实但有趣的服务器可以从联合学习中上传的梯度中窃取私人客户数据。尽管当前的保护方法（例如，添加剂同构密码系统）可以保证联合学习系统的安全性，但它们带来了额外的计算和通信成本。为了减轻成本，我们提出了\ texttt {fedage}框架，该框架使服务器能够在编码域中汇总梯度，而无需访问任何单个客户端的原始梯度。因此，\ texttt {fedage}可以防止好奇的服务器逐渐窃取，同时保持相同的预测性能而没有额外的通信成本。此外，从理论上讲，我们证明所提出的编码编码框架是具有差异隐私的高斯机制。最后，我们在几个联合设置下评估\ texttt {fedage}，结果证明了提出的框架的功效。