FLPM: A property modification scheme for data protection in federated learning

Abstract

Federated learning (FL) is a critical technology for implementing time-critical computing systems in the Internet of Things (IoT). It allows for continuous updates to machine learning (ML) models across IoT devices. However, the vulnerability of ML models and the complexity of IoT pose significant threats to device data security and privacy, affecting the robustness of time-critical computing systems constructed through FL. Recent research on FL data protection has made progress, but challenges remain in balancing privacy protection with model availability. For example, cryptography-based defense schemes increase time overhead in time-critical computing systems, while differential privacy negatively impacts system performance. This paper proposes the FL properties modification scheme (FLPM) for data preprocessing to resist property inference attacks and data poisoning attacks. FLPM modifies training data properties using algorithms for property separation, selection, and control based on continuous latent variables. While this sacrifices a small amount of classification accuracy, it significantly improves data protection capabilities. Detailed experimental results demonstrate that FLPM successfully separates and controls image property vectors. In the FL classification task, the property modification data achieve a precision of 94.44%. This scheme effectively prevents property inference attacks and data poisoning attacks. FLPM can reduce the AUC score for property inference attacks from 0.94 to 0.56 and reduce the success rate of data poisoning attacks to 5.13%, 7.07%, and 4.60%.