基于联邦学习的推荐系统将模型训练分散在多个本地设备上,而不在服务端共享数据,以实现用户数据的隐私保护。现有大多方法通常将服务端的物品特征矩阵广播到用户端计算损失并将物品的梯度回传到服务端更新,这种方式存在泄漏用户兴趣偏好的风险。为了解决这个问题,该文提出了一种基于匿名化的联邦学习推荐算法FedKRec来有效避免隐私泄露。具体来说,受K匿名思想的启发,FedKRec在向服务器上传梯度信息时将(隐私的)正样本的梯度隐藏在K个静态负样本的梯度之中。首先,通过对真实数据集的分析结果表明,正样本物品类别分布会在一定程度上泄漏用户兴趣偏好,提出一种考虑物品类别平衡的自适应负样本采样方法。其次,由于正样本和负样本梯度量级存在较大的差距,容易造成正样本信息泄漏,提出为正负样本梯度增加一定的高斯噪声,使得攻击者无法从中准确地识别出正样本。最后,从理论上证明了从物品类别分布上来看,这些加入噪声后的正负样本的集合不会泄露用户的偏好。在多个公开数据集上的实验结果表明,该文提出的FebKRec算法在有效保护了用户隐私的前提下达到了与传统方法可比的推荐性能。
Abstract
A recommendation system based on federated learning disperses model training on multiple local devices without sharing data on the server to achieve privacy protection of user data. Most existing methods usually broadcast the item feature matrix from the server to the user to calculate losses and update the gradient of the item back to the server, with a risk of leaking user interests and preferences. To address this issue, this article proposes a federated learning recommendation algorithm FedKRec based on anonymization to avoid privacy breaches. Inspired by K′s anonymous idea, FedKRec hides the gradient of (private) positive samples within the gradient of K static negative samples when uploading gradient information to the server. Firstly, the analysis of real datasets shows that the distribution of positive sample item categories can leak user interest preferences. We propose an adaptive negative sample sampling method that considers item category balance. Secondly, due to the significant difference in gradient magnitude between positive and negative samples, it is easy to cause information leakage in positive samples. We propose adding a certain amount of Gaussian noise to the gradient of positive and negative samples, which prevents attackers from accurately identifying positive samples. Finally, we theoretically prove that from the distribution of item categories, the set of positive and negative samples with added noise will not reveal user preferences. The experimental results on multiple public datasets show that the proposed FebKRec algorithm achieves comparable recommendation performance with traditional methods while effectively protecting user privacy.
关键词
联邦学习 /
分布式学习 /
推荐系统 /
隐私保护 /
匿名技术
{{custom_keyword}} /
Key words
federated learning /
distributed learning /
recommender system /
privacy-preserving /
anonymity technology
{{custom_keyword}} /
{{custom_sec.title}}
{{custom_sec.title}}
{{custom_sec.content}}
参考文献
[1] KOREN Y, BELL R, VOLINSKY C. Matrix factorization techniques for recommender systems[J]. Computer, 2009, 42(8): 30-37.
[2] MNIH A, SALAKHUTDINOV R R. Probabilistic matrix factorization[C]//Proceedings of the 20th International Conference on Neural Information Processing Systems, 2007: 1257-1264.
[3] RENDLE S. Factorization machines[C]//Proceedings of the IEEE International Conference on Data Mining, 2010: 995-1000.
[4] COVINGTON P, ADAMS J, SARGIN E. Deep neural networks for youtube recommendations[C]//Proceedings of the 10th ACM Conference on Recommender Systems, USA, 2016: 191-198.
[5] HE X, DU X, WANG X, et al. Outer product-based neural collaborative filtering[C]//Proceedings of the 27th International Joint Conference on Artificial Intelligence, Stockholm, Sweden, 2018: 2227-2233.
[6] HE X, LIAO L, ZHANG H, et al. Neural collaborative filtering[C]//Proceedings of the 26th International Conference on World Wide Web, Australia, 2017: 173-182.
[7] MCMAHAN B, MOORE E, RAMAGE D, et al. Communication-efficient learning of deep networks from decentralized data[C]//Proceedings of the 20th International Conference on Artificial Intelligence and Statistics. PMLR, Fort Lauderdale, USA, 2017: 1273-1282.
[8] YANG Q, LIU Y, CHEN T, et al. Federated machine learning: Concept and applications[J]. ACM Transactions on Intelligent Systems and Technology, 2019, 10(2): 1-19.
[9] AMMAD UD DIN M, IVANNIKOVA E, KHAN S A, et al. Federated collaborative filtering for privacy-preserving personalized recommendation system[J]. arXiv preprint arXiv:1901.09888, 2019.
[10] LIANG F, PAN W, MING Z. Fedrec++: Lossless federated recommendation with explicit feedback[C]//Proceedings of the AAAI Conference on Artificial Intelligence. Online, 2021:35(5): 4224-4231.
[11] CHAI D, WANG L, CHEN K, et al. Secure federated matrix factorization[J]. IEEE Intelligent Systems, 2020, 36(5): 11-20.
[12] 余晟兴,陈钟. 基于同态加密的高效安全联邦学习聚合框架[J]. 通信学报, 2023,44(1): 4-11.
[13] 林莉,张笑盈,沈薇,等. FastProtector: 一种支持梯度隐私保护的高效联邦学习方法[J]. 电子与信息学报,2022: 1-10.
[14] LIN G, LIANG F, PAN W, et al. Fedrec: Federated recommendation with explicit feedback[J]. IEEE Intelligent Systems, 2020, 36(5): 21-30.
[15] HUA J Y, XIA C, ZHONG S. Differentially private matrix factorization.[C]//Proceedings of the 24th International Joint Conference on Artificial Intelligence.Buenos Aires, Argentina, 2015: 1763-1770.
[16] 熊平,朱天清,王晓峰. 差分隐私保护及其应用[J]. 计算机学报,2014,37(1): 22-30.
[17] MENG X, WANG S, SHU K, et al. Personalized privacy-preserving social recommendation[C]//Proceedings of the AAAI Conference on Artificial Intelligence. New Orleans, USA, 2018.
[18] 任一支,刘容轲,王冬,等. 基于联邦学习的本地化差分隐私机制研究,电子与信息学报,2022,44: 2-3.
[19] SWEENEY L. k-anonymity: A model for protecting privacy[J]. International Journal of Uncertainty, Fuzziness and Knowledge-based Systems, 2002, 10(05): 557-570.
[20] RENDLE S, FREUDENTHALER C, GANTNER Z, et al. BPR: Bayesian personalized ranking from implicit feedback[C]//Proceedings of the 25th Conference on Uncertainty in Artificial Intelligence.Montreal, Canada, 2009:452-461.
[21] HARPER F M, KONSTAN J A. The movielens datasets: History and context[J]. Acm Transactions on Interactive Intelligent Systems, 2015, 5(4): 1-19.
[22] TAO Q, WU F Z, WU C H, et al. Privacy-preserving news recommendation model learning[C]//Proceedings of the Association for Computational Linguistics, Online, 2020:1423-1432.
[23] ZHAO T, MCAULEY J, KING I. Leveraging social connections to improve personalized ranking for collaborative filtering[C]//Proceedings of the 23rd ACM International Conference on Information and Knowledge Management. China,2014: 261-270.
{{custom_fnGroup.title_cn}}
脚注
{{custom_fn.content}}
基金
国家自然科学基金(62032013);辽宁省科学计划项目(2023JH3/10200005);中央高校基本科研业务专项资金项目(N2317002)
{{custom_fund}}
PDF(3171 KB)
