Efficient Privacy-Preserving Federated Learning Against Inference Attacks for IoT

Based on the vulnerability of federated learning (FL) to inference attacks and the high computation overhead, lack of label protection and degraded model performance occurred in existing defense methods, we design an efficient privacy-preserving federated learning scheme based on compressed sensing (CS), where CS is used as both a compression method and an encryption method. Double aggregation is adopted together to ensure that gradients are not generally disclosed in a way that would allow attackers to infer private information. Meanwhile, gradient perturbation is implemented through CS-based decompression algorithm, and it also zeros the gradients for the fully connected layer which is the most important in label restoration. The proposed scheme can provide image protection and label protection simultaneously, while few additional computing resources are required, making it appropriate for IoT scenarios. Simulation results demonstrate our scheme's effective and efficient defense under different settings with negligible impact on the model performance.