FL2DP: Privacy-Preserving Federated Learning Via Differential Privacy for Artificial IoT

Federated learning (FL) is a promising paradigm for collaboratively training networks on distributed clients while retaining data locally. Recent work has shown that personal data can be recovered even though clients only send gradients to the server. To against the gradient leakage issue, differential privacy (DP)-based solutions are proposed to protect data privacy by adding noise to the gradient before sending it to the server. However, the introduced noise affects the training efficiency of local clients, resulting in low model accuracy. Moreover, the identity privacy of clients has not been seriously considered in FL. In this article, we propose FL2DP, a privacy-preserving scheme focusing on protecting the data privacy as well as the identity privacy of clients. Different from the current schemes that add noise sampled from the Gaussian or Laplace distribution, in our scheme the noise is added to the gradient based on the exponential mechanism to achieve high training efficiency. Then, clients upload the perturbed gradients to a shuffler, which reassigns these gradients with different identities. We give a formal privacy definition called gradient indistinguishability to provide strict unlinkability for gradients shuffle. We propose a new gradient shuffling mechanism by adapting the DP-based exponential mechanism to satisfy gradient indistinguishability using the designed utility function. In this case, an attacker cannot infer the real identity of the client via the shuffled gradient. We conduct extensive experiments on two real-world datasets, and the results demonstrate the effectiveness of the proposed scheme.