DPBR-Adapt：具有层级自适应差分隐私的联邦学习防御方案

胡荣磊; 白晨阳; 魏占祯; 韩妍妍; 段晓毅; 张浩

doi:10.11959/j.issn.1000-436x.2026071

您当前的位置：

首页 >

文章列表页 >

DPBR-Adapt：具有层级自适应差分隐私的联邦学习防御方案

更新时间：2026-04-15

- DPBR-Adapt：具有层级自适应差分隐私的联邦学习防御方案
- DPBR-Adapt: a hierarchically adaptive differential privacy defence scheme for federated learning
- 通信学报 2026年页码：1-18
- 作者机构：
  
  北京电子科技学院电子与通信工程系，北京 100070
- 作者简介：
  
  [ "胡荣磊（1977- ），男，河北衡水人，博士，北京电子科技学院副研究员、硕士生导师，主要研究方向为隐私保护、联邦学习、区块链安全、物联网安全等。" ]
  [ "白晨阳（2001- ），男，河南周口人，北京电子科技学院硕士生，主要研究方向为隐私保护、联邦学习等。" ]
  [ "魏占祯（1971- ），男，青海西宁人，北京电子科技学院研究员级高级工程师，主要研究方向为网络安全。" ]
  [ "韩妍妍（1982- ），女，黑龙江哈尔滨人，博士，北京电子科技学院副研究员、硕士研究生导师，主要研究方向为密码学中信息隐藏、秘密共享、可视密码等。" ]
  [ "段晓毅（1979- ），男，贵州六盘水人，博士，北京电子科技学院副教授，主要研究方向为侧信道安全、人工智能应用与安全、无线网络安全。" ]
  [ "张浩（1998- ），男，四川南充人，北京电子科技学院硕士生，主要研究方向为联邦学习、区块链等。" ]
- 基金信息：
  
  国家自然科学基金资助项目(62476013);中央高校基本科研业务费专项资金资助项目(3282024052;3282024058)
- DOI：10.11959/j.issn.1000-436x.2026071
  中图分类号： TP309.2
- 收稿：2025-12-04，
  
  修回：2026-03-12，
  
  录用：2026-03-12，
  
  网络首发：2026-04-14，
- 稿件说明：
移动端阅览
胡荣磊,白晨阳,魏占祯等.DPBR-Adapt：具有层级自适应差分隐私的联邦学习防御方案[J].通信学报,

Hu Ronglei,Bai Chenyang,Wei Zhanzhen,et al.DPBR-Adapt: a hierarchically adaptive differential privacy defence scheme for federated learning[J].Journal on Communications,
胡荣磊,白晨阳,魏占祯等.DPBR-Adapt：具有层级自适应差分隐私的联邦学习防御方案[J].通信学报, DOI：10.11959/j.issn.1000-436x.2026071.

Hu Ronglei,Bai Chenyang,Wei Zhanzhen,et al.DPBR-Adapt: a hierarchically adaptive differential privacy defence scheme for federated learning[J].Journal on Communications, DOI：10.11959/j.issn.1000-436x.2026071.

摘要

针对联邦学习中隐私泄露与投毒攻击并存的双重威胁，现有防御方案往往将隐私保护与鲁棒性视为独立模块，导致噪声添加盲目、防御精度受限。基于此，提出一种隐私保护与鲁棒性深度耦合的防御方案 DPBR-Adapt。首先，在隐私保护维度，引入层级变异系数与训练进度感知因子，实现了层级差异化的噪声分配策略。在鲁棒性维度，设计了基于欧氏距离与余弦相似度的双重过滤机制，确保在强噪声干扰下仍能精确识别恶意更新。其次，建立了一套基于鲁棒统计量的自适应闭环机制，利用拜占庭检测输出的良性梯度中位数动态校准差分隐私的裁剪阈值，实现了隐私敏感度随环境风险的实时反馈调节。实验结果表明，DPBR-Adapt实现了两者在防御过程中的互补增强；在多种拜占庭攻击场景下，模型准确率较现有先进方案有显著提升，实现了更优的隐私-效用平衡与系统鲁棒性。

Abstract

To address the dual threats of privacy leakage and poisoning attacks in federated learning

existing defense mechanisms often treated privacy protection and robustness as independent modules

resulting in indiscriminate noise injection and limited defense precision. DPBR-Adapt

a defense scheme characterized by the deep coupling of privacy protection and Byzantine was proposed. Firstly

in the dimension of privacy

a hierarchical noise allocation strategy was implemented by introducing the layer-wise coefficient of variation and a training progress perception factor. In terms of robustness

a dual-filtering mechanism based on Euclidean distance and cosine similarity was designed to ensure the accurate identification and exclusion of malicious updates even under strong noise interference. Furthermore

a closed-loop adaptive mechanism based on robust statistics was established. This mechanism utilized the median of benign gradients

output by the Byzantine detection module

to dynamically calibrate the clipping threshold of differential privacy. Consequently

the privacy sensitivity was adjusted in real-time through a feedback loop based on environmental risk. Experimental results demonstrate that DPBR-Adapt achieves mutual reinforcement between defense processes. Under various Byzantine attack scenarios

the proposed scheme achieves a significant improvement in model accuracy compared to state-of-the-art methods

attaining a superior balance between privacy utility and systemic robustness.

关键词

Keywords

references

Mcmahan B , Moore E , Ramage D , et al . Communication-efficient learning of deep networks from decentralized data [C ] // Proceedings of the 20th International Conference on Artificial Intelligence and Statistics (AISTATS) . New York : PMLR , 2017 : 1273 - 1282 .

Chen Y , Esmaeilzadeh P . Generative AI in medical practice: in-depth exploration of privacy and security challenges [J ] . Journal of Medical Internet Research , 2024 , 26 : e53008 .

Hu R , Guo Y X , Gong Y M . Energy-efficient distributed machine learning at wireless edge with device-to-device communication [C ] // Proceedings of the ICC 2022 - IEEE International Conference on Communications . Piscataway : IEEE Press , 2022 : 5208 - 5213 .

Zeng Y J . Towards large-scale spectrum sensing and data analysis [D ] . Madison : University of Wisconsin-Madison , 2022 .

Wei H L , Zhang H , AI-Haddad K , et al . Ensuring secure platooning of constrained intelligent and connected vehicles against Byzantine attacks: a distributed MPC framework [J ] . Engineering , 2024 , 33 : 35 - 46 .

赵晓洁 , 时金桥 , 黄梅 , 等 . 联邦学习中的拜占庭攻防研究综述 [J ] . 通信学报 , 2024 , 45 ( 12 ): 197 - 215 .

Zhao X J , Shi J Q , Huang M , et al . Survey on Byzantine attacks and defenses in federated learning [J ] . Journal on Communications , 2024 , 45 ( 12 ): 197 - 215 .

Yuan L Q , Wang Z R , Sun L C , et al . Decentralized federated learning: a survey and perspective [J ] . IEEE Internet of Things Journal , 2024 , 11 ( 21 ): 34617 - 34638 .

Blanchard P , El Mhamdi E M , GuerraouiR , et al . Machine learning with adversaries: Byzantine tolerant gradient descent [C ] // Proceedings of the 31st Annual Conference on Neural Information Processing Systems (NIPS) . Red Hook : Curran Associates, Inc. , 2017 : 119 - 129 .

Guerraoui R , Rouault S , et al . The hidden vulnerability of distributed learning in Byzantium [C ] // Proceedings of the 35th International Conference on Machine Learning (ICML) . New York : PMLR , 2018 : 3521 - 3530 .

Dwork C , Roth A . The algorithmic foundations of differential privacy [J ] . Foundations and Trends® in Theoretical Computer Science , 2014 , 9 ( 3/4 ): 211 - 487 .

Sun Z , Kairouz P , Suresh A T , et al . Can you really backdoor federated learning [C ] // Proceedings of the 2nd Workshop on Federated Learning for Data Privacy and Confidentiality at NeurIPS . Vancouver : NeurIPS , 2019 : 1 - 10 .

康海燕 , 冀源蕊 . 基于本地化差分隐私的联邦学习方法研究 [J ] . 通信学报 , 2022 , 43 ( 10 ): 94 - 105 .

Kang H Y , Ji Y R . Research on federated learning approach based on local differential privacy [J ] . Journal on Communications , 2022 , 43 ( 10 ): 94 - 105 .

Lyu L . DP-SIGNSGD: When efficiency meets privacy and robustness [C ] // Proceedings of the 2021 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP) . Piscataway : IEEE Press , 2021 : 3070 - 3074 .

Zhu H , Ling Q . Bridging differential privacy and Byzantine-robustness via model aggregation [C ] // Proceedings of the Thirty-First International Joint Conference on Artificial Intelligence . Fremont : International Joint Conferences on Artificial Intelligence Organization , 2022 : 2427 - 2433 .

Gu X L , Li M , Xiong L . DP-BREM: Differentially-private and Byzantine-robust federated learning with client momentum [C ] // Proceedings of the 34th USENIX Security Symposium (USENIX Security 25) . Berkeley : USENIX Association , 2025 : 1 - 18 .

周由胜 , 高璟琨 , 左祥建 , 等 . 基于自适应拜占庭防御的安全联邦学习方案 [J ] . 通信学报 , 2024 , 45 ( 8 ): 166 - 179 .

Zhou Y S , Gao J K , Zuo X J , et al . Secure federated learning scheme based on adaptive Byzantine defense [J ] . Journal on Communications , 2024 , 45 ( 8 ): 166 - 179 .

Liu X , Liu Y , Liu J , et al . Adaptive differential privacy for deep learning based on layer-wise relevance propagation [J ] . IEEE Transactions on Knowledge and Data Engineering , 2023 , 35 ( 1 ): 721 - 734 .

Dwork C , Roth A . The algorithmic foundations of differential privacy [M ] . Boston : Now Publishers , 2014 .

Everitt B S , Skrondal A . The Cambridge Dictionary of Statistics [M ] . Cambridge : Cambridge University Press , 2010 .

Luo M , Chen F , Hu D , et al . No fear of heterogeneity: classifier calibration for federated learning with non-IID data [C ] // Advances in Neural Information Processing Systems 34 . Red Hook : Curran Associates, Inc. , 2021 : 5972 - 5984 .

Li T , Sahu A K , Zaheer M , et al . Federated optimization in heterogeneous networks [C ] // Proceedings of Machine Learning and Systems 2 . Austin : MLSys Press , 2020 : 429 - 450 .

Chen Q , Wang H B , Wang Z L , et al . LLDP: a layer-wise local differential privacy in federated learning [C ] // Proceedings of the 2022 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) . Piscataway : IEEE Press , 2022 : 631 - 637 .

Shejwalkar V , Houmansadr A . Manipulating the Byzantine: optimizing model poisoning attacks and defenses for federated learning [C ] // Proceedings of the 28th Annual Network and Distributed System Security Symposium (NDSS) . San Diego : Internet Society , 2021 : 1 - 18 .

Xu J , Huang S L , Song L Q , et al . Byzantine-robust federated learning through collaborative malicious gradient filtering [C ] // Proceedings of the 2022 IEEE 42nd International Conference on Distributed Computing Systems (ICDCS) . Piscataway : IEEE Press , 2022 : 1223 - 1235 .

Baruch G , Baruch M , Goldberg Y . A little is enough: circumventing defenses for distributed learning [C ] // Advances in Neural Information Processing Systems 32 . Red Hook : Curran Associates, Inc. , 2019 : 8635 - 8645 .

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

面向动态算力节点的联邦学习差分隐私重校准方法

HFLGuard：基于聚类和自编码器的异构联邦中毒防御方法

基于多方计算的安全拜占庭弹性联邦学习

空天地一体化网络中基于联邦深度强化学习的边缘协作缓存策略

基于零集中差分隐私的联邦学习激励方案