Search

US-12626144-B2 - Data processing method, federated learning training method, and related apparatus and device

US12626144B2US 12626144 B2US12626144 B2US 12626144B2US-12626144-B2

Abstract

The technology of this application relates to a training method that includes a first terminal obtaining a to-be-trained first machine learning model from the server. The first terminal is any one of a plurality of terminals. The first terminal trains the first machine learning model by using local data stored by the first terminal, to obtain trained model parameters. The first terminal determines, based on a collaboration relationship, a first collaborative terminal corresponding to the first terminal, and sends a part or all of the trained model parameters of the first terminal to the server by using the first collaborative terminal. The collaboration relationship is delivered by the server to the first terminal. The foregoing manner can improve security of data exchange between the server and the terminal.

Inventors

  • Gang Li
  • Yunfeng Shao
  • Lei Zhang

Assignees

  • HUAWEI TECHNOLOGIES CO., LTD.

Dates

Publication Date
20260512
Application Date
20221118
Priority Date
20200519

Claims (20)

  1. 1 . A federated learning training method applied to a federated learning system, the federated learning system includes a server and a plurality of terminals, and the server is configured to store a corresponding collaboration relationship of each terminal in the federated learning system, the federated learning training method comprising: obtaining, by a first terminal, a to-be-trained first machine learning model from the server; training, by the first terminal, the first machine learning model by using local data stored by the first terminal, to obtain trained model parameters; determining, by the first terminal based on a collaboration relationship, a first collaborative terminal corresponding to the first terminal; allocating, by the first terminal, a part of the model parameters to the first collaborative terminal; encrypting, by the first terminal, target data by using first encryption noise, to obtain an encrypted first model parameter; and sending, by the first terminal, the first model parameter to the server, wherein the collaboration relationship is delivered by the server to the first terminal, the collaboration relationship indicates a corresponding collaborative terminal of each terminal of the plurality of terminals, in association with the server aggregating trained model parameters of the plurality of terminals to obtain a second machine learning model that meets a convergent state, the server determines the second machine learning model as a trained result of the federated learning system, the first collaborative terminal encrypts, by using second encryption noise, the part of the model parameters allocated to the first collaborative terminal to obtain encrypted second model parameters, and the second model parameter is sent to the server by using the first collaborative terminal.
  2. 2 . The method according to claim 1 , further comprising: determining, by the first terminal, a quantity of first collaborative terminals required in collaboration with the first terminal to send the model parameters to the server; and determining, by the first terminal based on the collaboration relationship, the first collaborative terminal corresponding to the first terminal comprises: determining, by the first terminal, the first collaborative terminal based on the determined quantity of the first collaborative terminals and the collaboration relationship.
  3. 3 . The method according to claim 1 , wherein a quantity of first collaborative terminals corresponding to the first terminal is N, when a part of the trained model parameters of the first terminal are sent to the server by using the first collaborative terminal, the trained model parameters of the first terminal are divided into N+1 parts, wherein N is a positive integer greater than 1, and after determining, by the first terminal based on the collaboration relationship, the first collaborative terminal corresponding to the first terminal, and before sending the part or all of the trained model parameters of the first terminal to the server by using the first collaborative terminal, the method further comprises: allocating, by the first terminal, one part of model parameters to each of the first terminal and the N first collaborative terminals, wherein different terminals correspond to different model parameters; and encrypting, by the first terminal by using first encryption noise, a model parameter allocated to the first terminal, to obtain an encrypted first model parameter, wherein the N first collaborative terminals encrypt, by using respective second encryption noise, model parameters allocated to the N first collaborative terminals, to obtain encrypted second model parameters, and no noise is comprised after superposition of the first encryption noise and the respective second encryption noise of the N first collaborative terminals, wherein sending the part or all of the trained model parameters of the first terminal to the server by using the first collaborative terminal comprises: sending the first model parameter to the server by using the first terminal, and sending the second model parameters to the server by using the first collaborative terminals.
  4. 4 . The method according to claim 1 , wherein a quantity of first collaborative terminals corresponding to the first terminal is N, when all the trained model parameters of the first terminal are sent to the server by using the first collaborative terminal, the trained model parameters of the first terminal comprise N parts, wherein N is a positive integer greater than 1, and after determining, by the first terminal based on the collaboration relationship, the first collaborative terminal corresponding to the first terminal, and before sending the part or all of the trained model parameters of the first terminal to the server by using the first collaborative terminal, the method further comprises: allocating, by the first terminal, one part of model parameters to each of the N first collaborative terminals, wherein different terminals correspond to different model parameters; and encrypting, by the first terminal, target data by using first encryption noise, to obtain an encrypted third model parameter, wherein the target data is null, the N first collaborative terminals encrypt, by using respective second encryption noise, model parameters allocated to the N first collaborative terminals, to obtain encrypted fourth model parameters, and no noise is comprised after superposition of the first encryption noise and the respective second encryption noise of the N first collaborative terminals, wherein sending the part or all of the trained model parameters of the first terminal to the server by using the first collaborative terminal comprises: sending the third model parameter to the server by using the first terminal, and sending the fourth model parameters to the server by using the first collaborative terminal.
  5. 5 . The method according to claim 3 , wherein the server stores a corresponding public key of each terminal in the federated learning system, the terminal in the federated learning system stores a public key delivered by the server and corresponding to a collaborative terminal having a collaboration relationship with the terminal, the N first collaborative terminals comprise a first collaborative sub-terminal, and the method further comprises: generating, by the first terminal, the first encryption noise based on a random seed; and encrypting, by the first terminal, the first encryption noise by using a public key corresponding to the first collaborative sub-terminal, to obtain first intermediate noise, wherein the first intermediate noise is used by the first collaborative sub-terminal to decrypt the first intermediate noise by using a private key corresponding to the first collaborative sub-terminal, to obtain the second encryption noise, and the first collaborative sub-terminal is any one of the N first collaborative terminals.
  6. 6 . The method according to claim 1 , wherein the trained model parameters of the first terminal are compressed model parameters.
  7. 7 . The method according to claim 1 , wherein the trained model parameters of the first terminal comprise corresponding index values, and the index values represent storage addresses corresponding to the model parameters, and the method further comprises: sending, by the first terminal to the first collaborative terminal, an index value corresponding to a model parameter that needs to be sent by the first terminal to the server by using the first collaborative terminal; and obtaining, by the first collaborative terminal, the corresponding model parameter based on the index value, and sending the obtained model parameter to the server.
  8. 8 . The method according to claim 1 , wherein no noise is comprised after superposition of the first encryption noise and the respective second encryption noise.
  9. 9 . A federated learning training method applied to a federated learning system, wherein the federated learning system includes a server and a plurality of terminals, and the server is configured to store a corresponding collaboration relationship of each terminal in the federated learning system, the federated learning training method comprising: sending, by the server, a to-be-trained first machine learning model to each of the plurality of terminals; obtaining, by the server, a part or all of model parameters determined by each of the plurality of terminals based on the collaboration relationship and sent by the collaborative terminal, wherein the plurality of model parameters are obtained by each terminal by training the first machine learning model by using local data stored by the terminal, and the collaboration relationship is delivered by the server to the terminal; and aggregating, by the server, the plurality of model parameters to obtain a second machine learning model, wherein the collaboration relationship indicates a corresponding collaborative terminal of each terminal of the plurality of terminals; and in association with the server determining that the second machine learning model meets a convergent state, determining, by the server, the second machine learning model as a trained result of the federated learning system, a part of the model parameters are allocated to a first collaborative terminal, target data is encrypted by using first encryption noise, to obtain an encrypted first model parameter, the part of the model parameters allocated to the first collaborative terminal are encrypted, by using second encryption noise, to obtain encrypted second model parameters, and the server receives the first model parameter via a first terminal, and receives the second model parameter via the first collaborative terminal.
  10. 10 . The method according to claim 9 , wherein the plurality of model parameters are obtained through encryption by using respective encryption noise by each terminal and the collaborative terminal corresponding to each terminal, and before aggregating, by the server, the plurality of model parameters to obtain the second machine learning model, the method further comprises: determining, by the server, whether corresponding model parameters of the plurality of terminals comprise noise after superposition; and if no noise is comprised after the superposition, aggregating, by the server, the plurality of model parameters to obtain the second machine learning model; and aggregating, by the server, the plurality of model parameters to obtain the second machine learning model comprises: performing, by the server, average calculation on the plurality of model parameters to obtain a global model parameter, and training the first machine learning model based on the global model parameter to obtain the second machine learning model.
  11. 11 . The method according to claim 10 , further comprising: if noise is comprised, re-obtaining, by the server, the corresponding model parameters of the plurality of terminals, until the corresponding model parameters of the plurality of terminals that are obtained by the server do not comprise noise after superposition.
  12. 12 . A data processing method, comprising: receiving input data; inputting the received input data into a trained second machine learning model, and processing the input data by using the second machine learning model, to obtain a processing result, wherein the trained second machine learning model is obtained by using the federated learning training method according to claim 1 ; and outputting the processing result.
  13. 13 . A non-transitory computer-readable storage medium having computer readable instructions that, when executed by a processor, cause the processor to implement the federated learning training method according to claim 9 .
  14. 14 . The method according to claim 9 , wherein no noise is comprised after superposition of the first encryption noise and the respective second encryption noise.
  15. 15 . A first terminal, comprising: a processor; and a memory configured to store computer readable instructions that, when executed by the processor, cause the processor to: obtain a to-be-trained first machine learning model from a server; train the first machine learning model by using local data stored by the first terminal, to obtain trained model parameters; determine, based on a collaboration relationship, a first collaborative terminal corresponding to the first terminal; allocate a part of the model parameters to the first collaborative terminal; encrypt target data by using first encryption noise, to obtain an encrypted first model parameter; and send the first model parameter to the server, wherein the collaboration relationship indicates a corresponding collaborative terminal of each terminal of a plurality of terminals, the collaboration relationship is delivered by the server to the first terminal, and when the server aggregates trained model parameters of a plurality of terminals to obtain a second machine learning model that meets a convergent state, the server determines the second machine learning model as a trained result of a federated learning system, the first collaborative terminal encrypts, by using second encryption noise, the part of the model parameters allocated to the first collaborative terminal to obtain encrypted second model parameters, and the second model parameter is sent to the server by using the first collaborative terminal.
  16. 16 . The first terminal according to claim 15 , wherein the processor is further caused to: determine a quantity of first collaborative terminals required in collaboration with the first terminal to send the model parameters to the server; and determine the first collaborative terminal based on the determined quantity of the first collaborative terminals and the collaboration relationship.
  17. 17 . The first terminal according to claim 15 , wherein no noise is comprised after superposition of the first encryption noise and the respective second encryption noise.
  18. 18 . A server used in a federated learning system, wherein the federated learning system includes the server and a plurality of terminals, and the server is configured to store a corresponding collaboration relationship of each terminal in the federated learning system, the server comprising: a processor; and a memory configured to store computer readable instructions that, when executed by the processor, cause the processor to: send a to-be-trained first machine learning model to each of the plurality of terminals; obtain a part or all of model parameters determined by each of the plurality of terminals based on the collaboration relationship and sent by the collaborative terminal, wherein the plurality of model parameters are obtained by each terminal by training the first machine learning model by using local data stored by the terminal, the collaboration relationship indicates a corresponding collaborative terminal of each terminal of the plurality of terminals, and the collaboration relationship is delivered by the server to the terminal; aggregate the plurality of model parameters to obtain a second machine learning model; and when the server determines that the second machine learning model meets a convergent state, determine the second machine learning model as a trained result of the federated learning system, wherein a part of the model parameters are allocated to a first collaborative terminal, target data is encrypted by using first encryption noise, to obtain an encrypted first model parameter, the part of the model parameters allocated to the first collaborative terminal are encrypted, by using second encryption noise, to obtain encrypted second model parameters, and the server receives the first model parameter via a first terminal, and receives the second model parameter via the first collaborative terminal.
  19. 19 . The server according to claim 18 , wherein the plurality of model parameters are obtained through encryption by using respective encryption noise by each terminal and the collaborative terminal corresponding to each terminal, and before aggregating the plurality of model parameters to obtain the second machine learning model, the processor is further caused to: determine whether corresponding model parameters of the plurality of terminals comprise noise after superposition; if no noise is comprised after the superposition, aggregate the plurality of model parameters to obtain the second machine learning model; and perform average calculation on the plurality of model parameters to obtain a global model parameter, and training the first machine learning model based on the global model parameter to obtain the second machine learning model, wherein the processor is further caused to: if noise is comprised, re-obtain the corresponding model parameters of the plurality of terminals, until the corresponding model parameters of the plurality of terminals that are obtained by the server do not comprise noise after superposition.
  20. 20 . The server according to claim 18 , wherein no noise is comprised after superposition of the first encryption noise and the respective second encryption noise.

Description

CROSS-REFERENCE TO RELATED APPLICATION(S) This application is a continuation of International Application No. PCT/CN2021/072421, filed on Jan. 18, 2021, which claims priority to Chinese Patent Application No. 202010427897.1, filed on May 19, 2020. The disclosures of the aforementioned applications are hereby incorporated by reference in their entireties. TECHNICAL FIELD This application relates to the field of data security protection technologies, and in particular, to a data processing method, a federated learning training method, and a related apparatus and device. BACKGROUND With help of the Internet, big data, machine learning, and artificial intelligence technologies are evolving rapidly. Face-swipe payment, assisted diagnosis, personalized services, and the like are gradually popular and profoundly change production and lifestyle of people. However, behind these smart products, a large amount of sensitive personal data such as physiological features, medical records, and social networks of users are recklessly collected by enterprises and institutions at any moment. Large-scale data collection can improve machine learning performance and achieve both economic and social benefits, which, however, also brings greater risks and challenges to personal privacy protection, as mainly presented in the following two aspects: First, data leaks are frequently caused by unreliable data collectors, which not only causes great economic and reputation losses to enterprises, but also poses great threats to social stability and national security. Second, numerous studies have shown that attackers can perform backward inference by analyzing output results of machine learning models, to obtain sensitive information of individuals in training data. In conventional machine learning training, various data is first collected by a data collector in a centralized manner, and then model training is performed by a data analyzer. This mode is referred to as centralized learning. The data collector and the data analyzer may be a same party, for example, a mobile application developer. Alternatively, the data collector and the data analyzer may be different parties. For example, the developer shares the data with another data analysis institution. It can be learned that, in the centralized learning mode, for users, once data is collected, it is difficult to have control over the data, and it is not clear where and how the data is to be used. In recent years, some researchers have tried to train a global model while keeping various data locally. A typical example of this work is federated learning proposed by Google in 2017. Specifically, a plurality of federal clients in a federated learning system do not give their own data during model training, but train local models based on a global model parameter delivered by a server and local data sets of the clients, and return local model parameters for aggregation by the server to update the global model parameter. An updated global model parameter is re-delivered to the clients, so that the clients may perform retraining based on the updated global model parameter by using local data. Such steps of “uploading” and “delivering” are repeated a plurality of times, until the server determines that a trained machine learning model meets a convergent state. In this way, a federated learning training process can be completed. In actual application, the local data of the clients and the local models of the clients are not transmitted, and the local data is not subject to backward inference. Federated learning can protect data privacy while maintaining data integrity to a relatively high degree. It can be learned that, federated learning can complete model training without sharing the local data with the server, and achieve an effect of conventional centralized learning training. However, an existing federated learning training method cannot ensure security of the model parameter uploaded by the client to the server. If the model parameter is stolen by an attacker outside the federated learning system, the attacker may restore the local data of the client by using the model parameter or reconstruct the local model based on the model parameter. This brings a great risk of data leakage to the client. Therefore, how to improve security of data in federated learning is a technical problem that needs to be resolved urgently. SUMMARY This application provides a data processing method, a federated learning training method, and a related apparatus and device. When a machine learning model is trained by using a federated learning system, each terminal in the federated learning system may send a trained model parameter of each terminal to a server by using a collaborative terminal that has a collaboration relationship with the terminal, to improve security of data exchange between the server and the terminal. According to a first aspect, a federated learning training method is provided. The method is a