CN-121998129-A - Safe and reliable federal learning method for large model illusion perception

Abstract

A safe and reliable federal learning method for large model illusion perception relates to the technical field of federal learning, and solves the technical problems that large model training is easy to generate result illusions due to factors such as data isomerism and the like under a federal learning framework, sensitive information is easy to leak due to model parameter interaction, and the reliability and privacy safety of model generation are difficult to cooperatively consider in the existing method. The method comprises the steps of configuring a federal learning system comprising N clients, holding private data sets by the clients and sharing initial large model parameters, locally training the clients to obtain model parameters, constructing a phantom constraint loss function for measuring deviation between a generated result and facts, introducing an optimization target, uploading the parameters after safe processing, evaluating credibility by a server and weighting and aggregating the parameters to obtain new global parameters, and circularly training to a set round to obtain a safe large model with low phantom rate, thereby realizing phantom suppression and safety enhancement under federal learning. The method has good application prospect in the field with high data privacy sensitivity requirement.

Inventors

• ZHANG LIBAO
• SUN GUANGLU
• ZHAO JUNFENG
• ZHU SUXIA

Assignees

• 哈尔滨理工大学

Dates

Publication Date

20260508

Application Date

20260126

Claims (6)

1. 1. A safe and reliable federal learning method for large model illusion perception is characterized by comprising the following steps: s1, configuration comprises Federal learning system for individual clients, th Personal clients hold private datasets locally Each client shares initial global big model parameters ; S2, each client is based on the private data set Performing local training on the large model to obtain local model parameters Constructing a phantom constraint loss function The phantom constraint loss function The method is used for measuring the deviation between the large model generation result and the fact; s3, constraint loss function of the illusion Introducing local optimization targets for the local model parameters Optimizing to obtain a local training objective function, wherein the local training objective function is expressed as: ; Wherein, the The task loss function is represented as a function of the task, As a parameter of the global large model, The weight coefficient is inhibited for illusion; s4, carrying out the local model parameter Performing security protection treatment to obtain local model parameters with security protection Uploading the data to a server; s5, the server side performs security protection on the local model parameters Performing reliability assessment, and performing weighted federation aggregation based on the assessment result to obtain global model parameters: ; Wherein, the As a parameter of the global model, The credibility weight of the local model parameters of the client is represented; And S6, after the global model parameters are aggregated, the aggregated global model parameters are issued to each client, the steps of S2-S5 are repeatedly executed until the set communication turns are reached, the trained low-illusion-rate large model is obtained, and illusion suppression and safety enhancement of the large model in a federal learning environment are realized.
2. 2. The method for federally learning security and trust oriented to large model illusion perception of claim 1, wherein the illusion constraint loss function in S2 Comprising a fact constraint item based on a difference between a model generation result and trusted fact information And a faithful evaluation item based on consistency of the multiple generation results The expression is: ; Wherein, the Weight coefficients that are consistency constraints.
3. 3. The large model illusion aware secure trusted federal learning method of claim 2, wherein the factual constraint term based on differences between model generation results and trusted facts information The generation method of (2) is as follows: within the same round, for each input data Repeating The second forward propagation generates multiple outputs, taking only the first generation of the large model, and then computing the difference: ; Wherein, the Representing a first generation result of the large model; Representing corresponding trusted fact information obtained from input manual annotation data; is a cosine similarity function for measuring the difference between the generated result and the fact information; Representing a client All of the samples in (1) Is not limited to the above-described embodiments.
4. 4. A security and trust federal learning method for large model illusion sensing according to claim 3, wherein the multiple generation result consistency based loyalty assessment term The generation method of (2) is as follows: within the same round, for each input data Repeating The second forward propagation generates multiple outputs and then calculates the difference between each generated result and the mean: ; Wherein, the Representing the number of times of generation; Is the first Generating a result secondarily; Is that And (5) generating a mean value of the result secondarily.
5. 5. The method for federally trusted learning with large model illusion awareness of claim 1 wherein the security protection process in S4 is specifically implemented at the local model parameters Differential privacy disturbance is added, and the expression is as follows: ; Wherein, the Representing gaussian noise; is the variance of the gaussian distribution; Is an identity matrix that represents the independence of noise in each dimension and the uniformity of the noise variance in each dimension.
6. 6. The method for learning federal safe and reliable for large model illusion perception of claim 1, wherein the reliability assessment in S5 is specifically that the client calculates corresponding illusion risk assessment value in the local training process It is defined as: ; If the illusion risk assessment value If the model parameter is larger than the preset illusion risk threshold value, judging that the model parameter is the local model parameter Abnormal and cancelling its federal aggregation, the credibility weight The influence degree of the illusion risk of the client model on the global illusion risk is determined by the following steps: ; Wherein, the For the super-parameters used to adjust the degree of influence, Is the illusion risk assessment value of the kth client.

Description

Safe and reliable federal learning method for large model illusion perception Technical Field The invention relates to the technical field of federal learning, in particular to a safe and reliable federal learning method for large model illusion perception. Background With the rapid development of deep learning technology, large models featuring large-scale parameters and strong expressive power exhibit significant advantages in tasks such as natural language processing, content generation, and the like. Meanwhile, federal learning is used as a distributed collaborative training model, and an effective way is provided for solving the problem of data islanding and protecting data privacy by only exchanging model parameters or gradient information between all the participants without directly sharing original data. Therefore, combining large models with federal learning has become an important development direction for achieving multiparty collaborative modeling and privacy preservation. However, training large models under the federal learning framework still faces a number of technical challenges. On one hand, the data distribution of each client in the federal learning environment generally has obvious independent same distribution characteristics, and the characteristics of complex structure and huge parameter scale of the superimposed large model are easy to cause the model to generate illusion in the generation process, namely, the generated result of the model deviates from the real credible information in the semantic or fact level, so that the reliability and credibility of model output are reduced. The existing method focuses on the illusion suppression in a centralized training scene, and is difficult to be directly applied to a distributed and heterogeneous data environment in federal learning. On the other hand, although the federal learning avoids direct sharing of the original data, the model parameters or gradients can still leak sensitive information of the client in the multi-round interaction process, especially in the large model training process, the information quantity carried by the model parameters is larger, and the privacy leakage risk is further amplified. On the premise of ensuring the performance and stability of the model, the effective protection of the model parameters in the Union learning process is still a key problem to be solved urgently. The existing privacy protection method is often focused on privacy security or model performance alone, and the cooperative consideration of large model generation reliability and privacy security is lacking. Therefore, the illusion generating behavior of the large model is restrained in the federal learning training process, and the model parameters are strictly privacy-protected, so that safe and reliable large-model federal training is realized, and the method becomes a technical problem in the current technical field. Therefore, the invention provides a safe and reliable federal learning method for large model illusion perception. According to the method, under the federal learning framework, a phantom constraint mechanism is introduced in the local training process of the client, the model generation result is constrained in two dimensions of reality and faithfulness, the deviation between the model generation result and real credible information is effectively reduced, meanwhile, disturbance and protection are carried out on model parameters by combining a differential privacy mechanism, sensitive information of the client is prevented from being revealed in the federal interaction process, and therefore reliability and credibility of the federal large model training process are improved on the premise of guaranteeing data privacy safety. Disclosure of Invention In order to solve the technical problems that the large model training is easy to generate a generating result illusion due to factors such as data isomerism and the like under the federal learning framework, sensitive information is easy to leak due to model parameter interaction, and the existing method is difficult to cooperatively consider model generating reliability and privacy safety, the invention provides a safe and reliable federal learning method oriented to large model illusion perception, which comprises the following steps: s1, configuration comprises Federal learning system for individual clients, thPersonal clients hold private datasets locallyEach client shares initial global big model parameters; S2, each client is based on the private data setPerforming local training on the large model to obtain local model parametersConstructing a phantom constraint loss functionThe phantom constraint loss functionThe method is used for measuring the deviation between the large model generation result and the fact; s3, constraint loss function of the illusion Introducing local optimization targets for the local model parametersOptimizing to obtain a local training objec