liu.seSearch for publications in DiVA
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Over-the-Air Federated Learning with Privacy Protection via Correlated Additive Perturbations
Linköping University, Department of Electrical Engineering, Communication Systems. Linköping University, Faculty of Science & Engineering.
Linköping University, Department of Electrical Engineering, Communication Systems. Linköping University, Faculty of Science & Engineering.
Linköping University, Department of Electrical Engineering, Communication Systems. Linköping University, Faculty of Science & Engineering.ORCID iD: 0000-0002-7599-4367
2022 (English)In: 2022 58TH ANNUAL ALLERTON CONFERENCE ON COMMUNICATION, CONTROL, AND COMPUTING (ALLERTON), IEEE , 2022Conference paper, Published paper (Refereed)
Abstract [en]

In this paper, we consider privacy aspects of wireless federated learning (FL) with Over-the-Air (OtA) transmission of gradient updates from multiple users/agents to an edge server. OtA FL enables the users to transmit their updates simultaneously with linear processing techniques, which improves resource efficiency. However, this setting is vulnerable to privacy leakage since an adversary node can hear directly the uncoded message. Traditional perturbation-based methods provide privacy protection while sacrificing the training accuracy due to the reduced signal-to-noise ratio. In this work, we aim at minimizing privacy leakage to the adversary and the degradation of model accuracy at the edge server at the same time. More explicitly, spatially correlated perturbations are added to the gradient vectors at the users before transmission. Using the zero-sum property of the correlated perturbations, the side effect of the added perturbation on the aggregated gradients at the edge server can be minimized In the meanwhile, the added perturbation will not be canceled out at the adversary, which prevents privacy leakage. Theoretical analysis of the perturbation covariance matrix, differential privacy, and model convergence is provided, based on which an optimization problem is formulated to jointly design the covariance matrix and the power scaling factor to balance between privacy protection and convergence performance. Simulation results validate the correlated perturbation approach can provide strong defense ability while guaranteeing high learning accuracy.

Place, publisher, year, edition, pages
IEEE , 2022.
Series
Annual Allerton Conference on Communication Control and Computing, ISSN 2474-0195
National Category
Signal Processing
Identifiers
URN: urn:nbn:se:liu:diva-191062DOI: 10.1109/ALLERTON49937.2022.9929413ISI: 000895747000076ISBN: 9798350399981 (electronic)ISBN: 9798350399998 (print)OAI: oai:DiVA.org:liu-191062DiVA, id: diva2:1728393
Conference
58th Annual Allerton Conference on Communication, Control, and Computing (Allerton), Monticello, IL, sep 28-30, 2022
Note

Funding Agencies|Security Link; ELLIIT; KAW foundation

Available from: 2023-01-18 Created: 2023-01-18 Last updated: 2023-01-18

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full text

Search in DiVA

By author/editor
Liao, JialingChen, ZhengLarsson, Erik G
By organisation
Communication SystemsFaculty of Science & Engineering
Signal Processing

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 222 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf