Differential Privacy-Enhanced Federated Learning for Robust AI Systems

Jou nal o Compu e Technology and So wa e
ISSN: 2998-2383
Vol. 3, No. 4, 2024
Di e en ial P i acy-Enhanced Fede a ed Lea ning o Robus AI
Sys ems
Yilin Li
Ca negie Mellon Uni e si y, Pi sbu gh, USA
i [email protected]
Abs ac : This pape p oposes a di e en ial-p i acy-enhanced ede a ed lea ning amewo k o add ess he challenges o
p i acy p o ec ion and obus ness in ede a ed lea ning. The s udy i s analyzes he limi a ions o adi ional ede a ed lea ning
unde pa ame e agg ega ion and dis ibu ion he e ogenei y, no ing ha elying solely on dis ibu ed modeling is insu icien o
p e en da a leakage and ad e sa ial isks. In he me hod design, g adien clipping and noise injec ion a e in oduced o en o ce
di e en ial p i acy, and obus agg ega ion ope a o s a e employed o supp ess nega i e impac s om malicious clien s o
abno mal dis ibu ions. On his basis, he amewo k is sys ema ically e alua ed h ough compa a i e and sensi i i y expe imen s
ac oss dimensions such as lea ning a e, clien sampling a e, da a imbalance, and ad e sa ial noise ampli ude, using accu acy,
p ecision, ecall, and F1-Sco e as e alua ion me ics. The esul s show ha he p oposed me hod main ains high u ili y while
ensu ing p i acy and demons a es s able pe o mance in complex en i onmen s. This wo k no only alida es he e ec i e
in eg a ion o di e en ial p i acy and obus ness design bu also p o ides a comple e echnical pa hway o building us wo hy
in elligen sys ems in high- isk and sensi i e da a scena ios. Based on his backg ound, he in eg a ion o di e en ial p i acy and
ede a ed lea ning has become a esea ch ocus in ecen yea s, as s udies show ha in oducing di e en ial p i acy in o
dis ibu ed modeling can p o ec use da a while imp o ing sys em eliabili y unde non-ideal condi ions. Such in eg a ion can
esis ex e nal a acks and supp ess in e e ence om malicious clien s, he eby enhancing o e all obus ness. Howe e , mos
exis ing wo k s ill emphasizes ei he p i acy p o ec ion o obus ness in isola ion, lacking a sys ema ic amewo k o op imize
bo h simul aneously. The e o e, explo ing di e en ial-p i acy-enhanced ede a ed lea ning o cons uc mo e obus AI sys ems is
no only an ex ension o exis ing esea ch bu also a necessa y di ec ion o ad ancing us wo hy a i icial in elligence.
Keywo ds: Di e en ial p i acy; ede a ed lea ning; obus ness; sensi i i y expe imen s
1. In oduc ion
In he e a o big da a and a i icial in elligence, da a-d i en
in elligen sys ems ha e shown g ea po en ial in heal hca e,
inance, anspo a ion, go e nmen , and indus y. Howe e ,
he wide collec ion and use o da a ha e b ough se ious
conce ns abou use p i acy and da a secu i y. T adi ional
cen alized modeling elies on agg ega ing la ge amoun s o
aw da a on a cen al se e [1]. This app oach inc eases he isk
o da a leakage and c ea es compliance and e hical challenges.
A he same ime, AI sys ems o en appea agile in complex
en i onmen s wi h dis ibu ion shi s, noise, and malicious
a acks. Ensu ing bo h p i acy p o ec ion and obus
pe o mance has become a c i ical issue[2].
Fede a ed lea ning, as an eme ging dis ibu ed aining
pa adigm, p o ides a new solu ion. By mo ing model aining
o local de ices, ede a ed lea ning enables collabo a i e
modeling ac oss de ices o ins i u ions wi hou uploading aw
da a. This mechanism educes he isk o da a leakage and
suppo s da a compliance and c oss-domain coope a ion. Ye
ede a ed lea ning also aces challenges. Da a he e ogenei y
among local de ices can lead o uns able aining. In addi ion,
pa ame e agg ega ion and ansmission a e s ill ulne able o
a acks and leaks. Relying on adi ional ede a ed lea ning
alone canno achie e an ideal balance be ween p i acy and
obus ness[3].
Di e en ial p i acy, as one o he mos in luen ial p i acy
p o ec ion echniques, b ings s onge secu i y gua an ees o
ede a ed lea ning. By adding ca e ully designed noise o
g adien s o model pa ame e s, di e en ial p i acy limi s he
impac o any single sample on he inal model. This ensu es
ha a acke s canno in e sensi i e in o ma ion h ough
e e se analysis[4]. The mechanism s eng hens p i acy con ol
wi hin ede a ed lea ning. Howe e , he in oduc ion o noise
also educes u ili y. In high-dimensional da a o complex
model se ings, s ong noise can weaken pe o mance.
Balancing p i acy cons ain s wi h model u ili y and obus ness
has he e o e become a sha ed ocus in bo h academia and
indus y.
F om he pe spec i e o obus ness, AI sys ems mus
wi hs and no only con en ional noise and dis ibu ion
imbalance, bu also ad e sa ial examples, pa ame e ampe ing,
and malicious clien uploads. Exis ing app oaches o en ade
accu acy o secu i y o s eng hen obus ness while neglec ing
p i acy. The in eg a ion o di e en ial p i acy and ede a ed
lea ning o e s a complemen a y solu ion. Di e en ial p i acy
educes he isk o indi idual clien a acks and imp o es
sys em secu i y. A he same ime, he dis ibu ed s uc u e o
ede a ed lea ning p o ides lexible s a egies o noise
alloca ion and con ol, allowing he model o emain s able and
adap i e in complex en i onmen s[5].
In summa y, di e en ial-p i acy-enhanced ede a ed
lea ning o obus AI sys ems has signi ican heo e ical and
p ac ical alue. On one hand, i p omo es he in eg a ion o
p i acy p o ec ion and in elligen modeling, add essing u gen
demands o da a secu i y and compliance[6,7]. On he o he
hand, i p o ides eliable echnical suppo o AI sys ems in
high- isk ields such as inancial isk con ol, sma heal hca e,
and sma ci ies. In u u e in elligen de elopmen , his
di ec ion is expec ed o become a key pa h o sa egua ding
use igh s and enhancing AI us wo hiness, hus laying a
ounda ion o he heal hy and sus ainable g ow h o a i icial
in elligence.
2. Rela ed wo k
In he esea ch ield ha in e sec s p i acy p o ec ion and
a i icial in elligence, ede a ed lea ning is ega ded as an
impo an amewo k ha balances da a use and p i acy[8].
Compa ed wi h adi ional cen alized aining, i a oids
cen alized s o age o aw da a h ough dis ibu ed pa ame e
sha ing. This educes he isks o da a leakage and compliance
iola ions. Many s udies ocus on he op imiza ion o ede a ed
lea ning, including imp o ing communica ion e iciency,
ensu ing s abili y unde he e ogeneous da a, and achie ing
ai ness in c oss-domain collabo a ion. These s udies ha e laid
he ounda ion o la ge-scale dis ibu ed in elligen sys ems.
Howe e , in p ac ical applica ions, elying solely on ede a ed
lea ning is insu icien o de end agains complex p i acy
h ea s and ad e sa ial isks[9].
To compensa e o he limi a ions o ede a ed lea ning in
p i acy p o ec ion, di e en ial p i acy has been in oduced in o
ela ed esea ch. By adding noise du ing pa ame e upda es o
g adien uploads, di e en ial p i acy minimizes he in luence
o any single da a sample. I p o ides s ong p i acy gua an ees
om a heo e ical pe spec i e[10]. Resea che s ha e explo ed
a ious mechanisms, including noise g anula i y con ol,
adap i e p i acy budge alloca ion, and u ili y p ese a ion in
high-dimensional se ings. These imp o emen s ha e g ea ly
enhanced he applicabili y o di e en ial p i acy in eal asks.
Ye he in eg a ion o di e en ial p i acy wi h ede a ed
lea ning also b ings pe o mance deg ada ion. Balancing
p i acy p o ec ion and model u ili y has he e o e become he
cen al challenge in cu en esea ch[11].
A he same ime, esea ch on he obus ness o AI sys ems
has been inc easing. T adi ional deep lea ning models a e o en
ulne able when acing ou -o -dis ibu ion da a, ad e sa ial
a acks, and noise[12]. To add ess his, he academic
communi y has p oposed many s a egies, such as
egula iza ion me hods, ad e sa ial aining, and mul imodal
da a usion. These me hods imp o e model s abili y and
gene aliza ion o some ex en . Howe e , hey usually ail o
add ess p i acy cons ain s. In high- isk o sensi i e da a
scena ios, ocusing only on obus ness while neglec ing p i acy
can lea e sys ems exposed o secu i y isks.
Based on his backg ound, he in eg a ion o di e en ial
p i acy and ede a ed lea ning has g adually become a esea ch
ocus in ecen yea s. S udies show ha in oducing di e en ial
p i acy in o dis ibu ed modeling can p o ec use da a while
imp o ing sys em eliabili y in non-ideal en i onmen s. This
in eg a ion can de end agains ex e nal a acks and supp ess
in e e ence om malicious clien s, he eby enhancing
obus ness o some ex en [13]. Howe e , mos exis ing wo k
s ill akes a single pe spec i e, o en emphasizing ei he
p i acy o obus ness. The e is a lack o sys ema ic amewo ks
ha op imize bo h dimensions simul aneously. Explo ing
di e en ial-p i acy-enhanced ede a ed lea ning o build mo e
obus AI sys ems is hus no only an ex ension o exis ing
esea ch bu also a necessa y di ec ion o p omo ing
us wo hy a i icial in elligence.
3. P oposed App oach
When building a obus di e en ially p i a e ede a ed
lea ning amewo k, we i s need o cla i y he basic p ocess
o ede a ed lea ning. Assume he e is a global model
pa ame e ec o

. In ound o aining, he cen al se e
dis ibu es i o he se o pa icipa ing clien s
C
. Each clien i
uses i s local da a dis ibu ion
i
D
o op imize he model
pa ame e s. The objec i e unc ion can be o malized as
weigh ed empi ical isk minimiza ion:
)1( )(
||
||
)(min
11

i
N
i
N
jj
i
D
D
F


Whe e
)(

i
ep esen s he local loss unc ion o clien i.
To ensu e he e ec i eness o dis ibu ed collabo a ion, each
clien upda es he pa ame e s locally by g adien descen :
)2( )(
1
i
i



A e comple ing se e al i e a ions, he upda ed esul s a e
uploaded o he cen al se e o agg ega ion. The o e all
model a chi ec u e is shown in Figu e 1.
In he p ocess o ensu ing p i acy, he in oduc ion o a
di e en ial p i acy mechanism is he co e link. Speci ically,
when uploading pa ame e s in each ound, he g adien needs
o be clipped o con ol i s sensi i i y:
)3(
)
||||
,1max( 2
C
g
g
g
i
i
i
Whe e
i
g
ep esen s he clien 's local g adien and C is he
clipping h eshold. On his basis, di e en ial p i acy is
achie ed by adding Gaussian noise o he clipped g adien :
)4( ),0(
ˆ22 ICNgg
i
i


He e,

con ols he noise in ensi y, e ec i ely balancing
p i acy budge and model pe o mance. Du ing he agg ega ion
phase, he se e upda es he pe u bed g adien s o ensu e he
p i acy and secu i y o global pa ame e s.
To u he enhance he obus ness o he sys em,
conside ing ha he clien may ha e malicious uploads o
abno mal dis ibu ion, he agg ega ion me hod uses a obus
agg ega ion ope a o ins ead o a simple weigh ed a e age. The
obus agg ega ion unc ion is de ined as:
)5( })|({
1
i
CigA 


Whe e
)(A
ep esen s a obus agg ega ion mechanism,
such as median-based o unca ed mean-based me hods, o
mi iga e he impac o anomalous upda es. Wi hin his
amewo k, he global upda e p ocess e ec i ely imp o es
esilience o noise, ad e sa ial a acks, and he e ogeneous
dis ibu ions while main aining di e en ial p i acy cons ain s.
Finally, unde he heo e ical cons ain s o di e en ial
p i acy, he o e all p i acy budge o he sys em can be
de ined by he p i acy loss accumula ion o mula. Assuming
ha he di e en ial p i acy pa ame e o each ound is
),(

,
a e T ounds o i e a ions, he o e all p i acy budge can be
ob ained using he p i acy accoun ing mechanism:
(6)
This exp ession p o ides heo e ical p i acy gua an ees o
he algo i hm o e mul iple i e a ions, hus p o iding a solid
secu i y bounda y o p ac ical deploymen . By o ganically
combining di e en ial p i acy wi h a obus agg ega ion
s a egy, his me hod can achie e bo h p i acy p o ec ion and
obus ness enhancemen s in la ge-scale dis ibu ed
en i onmen s, laying a me hodological ounda ion o building
us wo hy AI sys ems.
Figu e 1. O e all model a chi ec u e
4. Pe o mance E alua ion
4.1 Da ase
In his s udy, he da ase used is he FEMNIST da ase
om he LEAF benchma k. This da ase is an ex ended
e sion o he handw i en cha ac e ecogni ion ask. I is buil
on classical handw i en digi s and le e s and is epa i ioned
o ede a ed lea ning scena ios. The da a a e assigned o
di e en clien s, wi h each clien co esponding o he se o
cha ac e s w i en by one use . This na u ally leads o non-
independen and non-iden ical dis ibu ions, which align wi h
he he e ogenei y assump ion in ede a ed lea ning.
The da ase con ains 62 classes, co e ing digi s and bo h
uppe case and lowe case le e s. The o al sample size exceeds
800,000 images. The da a a e s o ed as g ayscale images wi h
a size o 28 ×28 pixels. The da ase is ligh weigh and
s anda dized, making i sui able o modeling and alida ion
on esou ce-cons ained de ices and in la ge-scale dis ibu ed
se ings. Due o signi ican di e ences in da a olume ac oss
clien s and highly imbalanced class dis ibu ions, his da ase
has become an impo an benchma k o e alua ing ede a ed
lea ning algo i hms unde complex condi ions.
The choice o his da ase is mo i a ed by i s abili y o
e lec eal-wo ld si ua ions o une en da a dis ibu ion and
sample imbalance. I also p esen s ela i ely high ask
di icul y and s ong gene ali y. The da ase has been widely
used in ede a ed lea ning esea ch. I p o ides a solid basis
o e alua ing p i acy p o ec ion, di e en ial p i acy
mechanisms, and obus ness enhancemen me hods. S udies
conduc ed on his da ase can clea ly demons a e he po en ial
ad an ages o di e en ial-p i acy-enhanced ede a ed lea ning
in add essing he dual challenges o da a he e ogenei y and
p i acy p o ec ion.
Based on his backg ound, he in eg a ion o di e en ial
p i acy and ede a ed lea ning has g adually become a
esea ch ocus in ecen yea s. S udies show ha in oducing
di e en ial p i acy in o dis ibu ed modeling can p o ec use
da a while imp o ing sys em eliabili y in non-ideal
en i onmen s. This in eg a ion no only de ends agains
ex e nal a acks bu also supp esses in e e ence om
malicious clien s, hus imp o ing obus ness o some ex en .
Howe e , mos exis ing wo k s ill akes a single pe spec i e,
o en emphasizing ei he p i acy p o ec ion o obus ness. A
sys ema ic amewo k ha op imizes bo h aspec s
simul aneously is s ill lacking. The e o e, explo ing
di e en ial-p i acy-enhanced ede a ed lea ning o build mo e
obus AI sys ems is no only an ex ension o exis ing esea ch
bu also a necessa y di ec ion o ad ancing us wo hy
a i icial in elligence.
4.2 Expe imen al Resul s
This pape i s conduc s a compa a i e expe imen , and he
expe imen al esul s a e shown in Table 1.
Table 1: Compa a i e expe imen al esul s
Me hod
Acc
P ecision
Recall
F1-Sco e
Fedbio [14]
83.2
82.5
81.7
82.1
Sa Fed[15]
84.6
84.0
83.5
83.7
FedAC[16]
85.8
85.1
84.7
84.9
Fedmu [17]
86.3
85.9
85.2
85.5
Ou s
89.7
89.2
88.6
88.9
F om he compa a i e expe imen al esul s, i can be seen
ha he p oposed me hod ou pe o ms exis ing baselines ac oss
all co e me ics. In e ms o accu acy, p ecision, and ecall, he
me hod shows signi ican ad an ages. In pa icula , i achie es
an F1-Sco e o 88.9, which is a leas 3.4 pe cen age poin s
highe han o he me hods. This indica es ha he in eg a ion o
di e en ial p i acy and obus ness enhancemen mechanisms
no only mi iga es ins abili y unde he e ogeneous da a
dis ibu ions bu also demons a es s onge compe i i eness in
o e all pe o mance.
Fu he analysis shows ha adi ional ede a ed lea ning
me hods o en in ol e ade-o s be ween p i acy and
pe o mance. Fo example, Fedbio and Sa Fed p o ec use
da a, ye model pe o mance s ill declines o some ex en . In
con as , he p oposed me hod in oduces noise clipping and
obus agg ega ion s a egies. These s a egies e ec i ely
compensa e o he u ili y loss caused by di e en ial p i acy
alone and main ain high p edic i e pe o mance unde p i acy
cons ain s. This ea u e is highly ele an o sensi i e da a
scena ios in eal-wo ld applica ions.
The esul s also e eal ha imp o ed me hods, such as
FedAC and Fedmu app oach he p oposed me hod in some
me ics. Howe e , hey emain weake in obus ness and
gene aliza ion. The dual imp o emen s o he p oposed me hod
in ecall and p ecision indica e i s s onge abili y o cap u e
use ul ea u es while educing e o s caused by noise o
malicious clien s. This enables he sys em o emain s able in
complex en i onmen s, which is c ucial o esis ing
ad e sa ial a acks and handling abno mal da a dis ibu ions.
O e all, he expe imen al esul s con i m he dual
ad an ages o he p oposed di e en ial-p i acy-enhanced
ede a ed lea ning amewo k in bo h p i acy p o ec ion and
obus ness. I b eaks h ough he limi a ions o p io me hods
ha ocus on single-poin op imiza ion and achie es a
coo dina ed balance be ween p i acy and pe o mance.
The e o e, he me hod can p o ide mo e eliable suppo o
in elligen sys ems in high- isk domains such as inance,
heal hca e, and sma ci ies. I also o e s new insigh s and
p ac ical pa hways o combining p i acy p o ec ion wi h
obus AI.
This pape also p esen s an expe imen on he sensi i i y o
he lea ning a e o he expe imen al esul s, and he
expe imen al esul s a e shown in Figu e 2.
F om he esul s shown in he igu e, i can be obse ed ha
di e en lea ning a es ha e a clea impac on model
pe o mance. Fo accu acy, he model imp o es as he lea ning
a e inc eases om 0.001 o 0.01, eaching he bes
pe o mance a 0.01. When he lea ning a e is u he
inc eased o 0.05, pe o mance dec eases. This indica es ha a
e y small lea ning a e leads o slow con e gence and
insu icien lea ning o da a ea u es, while an excessi ely la ge
lea ning a e may cause oscilla ions and educe global
con e gence s abili y.
The end o p ecision is simila o ha o accu acy. This
sugges s ha he adjus men o he lea ning a e a ec s no only
o e all p edic ion co ec ness bu also he abili y o
disc imina e posi i e samples. Wi h a mode a e lea ning a e,
he model can be e main ain s able decision bounda ies unde
he in e e ence o di e en ial p i acy noise, which educes
misclassi ica ion. This phenomenon shows ha a p ope
lea ning a e can mi iga e he u ili y loss caused by p i acy
p o ec ion mechanisms and enhance model usabili y.
Figu e 2. Sensi i i y expe imen o lea ning a e o
expe imen al esul s
Fo ecall, he change wi h espec o he lea ning a e also
shows a unimodal pa e n. When he lea ning a e is oo low,
he model cap u es limi ed ea u es, leading o insu icien
ecogni ion o posi i e samples. Wi h a mode a e lea ning a e,
ecall imp o es signi ican ly, sugges ing ha he model can
mo e comp ehensi ely co e he a ge classes. When he
lea ning a e becomes oo high, ecall dec eases sha ply,
e lec ing ha ea u e ex ac ion is dis up ed by he combined
e ec o p i acy noise and upda e oscilla ions.
F1-Sco e, as a comp ehensi e me ic, shows a end
consis en wi h p ecision and ecall. I achie es he bes alue
a a lea ning a e o 0.01, indica ing ha he model eaches a
ela i ely op imal balance be ween accu acy and co e age a
his poin . This u he con i ms ha unde p i acy cons ain s
and obus ness equi emen s, he p oposed me hod can
main ain s able pe o mance ad an ages h ough p ope
hype pa ame e con igu a ion. I also p o ides p ac ical
guidance o deploying di e en ial-p i acy-enhanced ede a ed
lea ning in eal applica ions.
Based on his backg ound, he in eg a ion o di e en ial
p i acy and ede a ed lea ning has g adually become a esea ch
ocus in ecen yea s. S udies ha e shown ha in oducing
di e en ial p i acy in o dis ibu ed modeling can p o ec use
da a while imp o ing sys em eliabili y unde non-ideal
condi ions. This in eg a ion can de end agains ex e nal a acks
and supp ess in e e ence om malicious clien s, he eby
imp o ing obus ness o some ex en . Howe e , mos exis ing
wo k s ill emphasizes ei he p i acy p o ec ion o obus ness in
isola ion. A sys ema ic amewo k ha op imizes bo h aspec s
a he same ime is s ill lacking. The e o e, explo ing
di e en ial-p i acy-enhanced ede a ed lea ning o build mo e
obus AI sys ems is no only an ex ension o exis ing esea ch
bu also a necessa y di ec ion o ad ancing us wo hy
a i icial in elligence.
This pape also p esen s an expe imen on he impac o
clien sampling a e on expe imen al esul s, and he
expe imen al esul s a e shown in Figu e 3.
Figu e 3. Expe imen on he impac o clien sampling a e
on expe imen al esul s
The expe imen al esul s show ha changes in clien
sampling a e ha e a signi ican impac on model pe o mance.
In e ms o accu acy, pe o mance s eadily imp o es as he
sampling a e inc eases om 0.2 o 0.8, eaching he bes alue
a 0.8. When he a e inc eases u he o 1.0, accu acy
dec eases sligh ly. This sugges s ha al hough a highe
sampling a e allows he use o mo e clien da a, i may also
in oduce mo e noise and he e ogenei y, which can cause
pe o mance luc ua ions.
The end o p ecision is simila o ha o accu acy. A low
sampling a es, he model ails o cap u e su icien clien -
speci ic ea u es, and i s abili y o dis inguish posi i e samples
is limi ed. Wi h mode a e sampling a es, p ecision imp o es
signi ican ly, showing ha he model can be e sepa a e
posi i e and nega i e samples. Howe e , when he a e eaches
he maximum, pe o mance imp o emen becomes negligible
o e en declines sligh ly. This u he con i ms ha he
sampling a e needs o balance e iciency and s abili y.
Fo ecall, inc easing he sampling a e g ea ly imp o es he
model’s abili y o co e posi i e samples. A low a es, many
posi i e samples a e missed, leading o poo ecall. As he
sampling a e ises, ecall s eadily inc eases and peaks nea 0.8.
This indica es ha g ea e clien pa icipa ion helps he model
lea n mo e comp ehensi e ea u es, he eby imp o ing
sensi i i y o posi i e samples. Howe e , when he a e
becomes oo high, ecall dec eases sligh ly, e lec ing ha da a
dis ibu ion di e ences and accumula ed p i acy noise may
in e e e wi h model consis ency.
The end o F1-Sco e combines he pe o mance o
p ecision and ecall and shows a simila unimodal cu e. The
bes alue is achie ed a a sampling a e o 0.8, indica ing ha
he model eaches an op imal balance be ween accu acy and
co e age a his poin . This esul shows ha a easonable clien
sampling a e no only inds a ade-o be ween p i acy
p o ec ion and compu a ional cos bu also imp o es he
obus ness and p ac icali y o di e en ial-p i acy-enhanced
ede a ed lea ning amewo ks. I p o ides aluable guidance
o eal-wo ld deploymen .
Based on his backg ound, he in eg a ion o di e en ial
p i acy and ede a ed lea ning has g adually become a esea ch
ocus in ecen yea s. S udies ha e shown ha in oducing
di e en ial p i acy in o dis ibu ed modeling can p o ec use
da a while imp o ing sys em eliabili y unde non-ideal
condi ions. This in eg a ion can de end agains ex e nal a acks
and supp ess in e e ence om malicious clien s, he eby
imp o ing obus ness o some ex en . Howe e , mos exis ing
wo k s ill emphasizes ei he p i acy p o ec ion o obus ness in
isola ion. A sys ema ic amewo k ha op imizes bo h aspec s
a he same ime is s ill lacking. The e o e, explo ing
di e en ial-p i acy-enhanced ede a ed lea ning o build mo e
obus AI sys ems is no only an ex ension o exis ing esea ch
bu also a necessa y di ec ion o ad ancing us wo hy
a i icial in elligence.
This pape u he p esen s an expe imen on he sensi i i y
o clien da a imbalance o expe imen al esul s, and he
expe imen al esul s a e shown in Figu e 4.
Figu e 4. Expe imen on he sensi i i y o clien da a
imbalance o expe imen al esul s
The expe imen al esul s show ha da a imbalance among
clien s has a clea impac on model pe o mance. O e all, as
he imbalance le el inc eases, all ou co e me ics dec ease o
a ying deg ees. When he da a dis ibu ion is ela i ely
balanced, he model can e ec i ely lea n ea u es om
di e en classes and main ain high le els o accu acy and
o e all pe o mance. In con as , unde highly imbalanced
condi ions, he sca ci y o mino i y class samples weakens he
model’s abili y o cap u e he global dis ibu ion, leading o
pe o mance deg ada ion.
Fo accu acy and p ecision, he pe o mance gap be ween
low and mode a e imbalance is small. This indica es ha he
model can s ill main ain good disc imina i e abili y unde
mode a e dis ibu ion di e ences. Howe e , as he imbalance
in ensi ies, p ecision declines mo e sha ply, showing ha he
model is mo e likely o misclassi y mino i y class samples.
This inding e eals ha di e en ial-p i acy-enhanced

ede a ed lea ning s ill equi es mo e obus mechanisms o
dis inguish posi i e and nega i e samples unde high imbalance.
The change in ecall is pa icula ly e iden . Unde low and
mode a e imbalance, ecall emains ela i ely high, sugges ing
ha he model can cap u e posi i e samples comp ehensi ely.
Unde high imbalance, ecall d ops signi ican ly, e lec ing
insu icien ecogni ion o mino i y class samples. This decline
highligh s he challenge ha da a dis ibu ion poses o model
obus ness. I also shows ha when p i acy p o ec ion and
dis ibu ion he e ogenei y coexis , he model can be cons ained
by inadequa e co e age o sca ce samples.
The o e all me ic F1-Sco e ollows he same end as he
p e ious me ics. I emains ela i ely s able unde mode a e
imbalance bu dec eases sha ply unde high imbalance. This
indica es ha when clien da a dis ibu ions di e oo much, he
model s uggles o main ain a balance be ween p ecision and
ecall. In summa y, hese esul s sugges ha al hough
di e en ial-p i acy-enhanced ede a ed lea ning can esis he
impac o da a he e ogenei y o some ex en , i s ill aces
pe o mance bo lenecks unde ex eme imbalance. This also
implies ha u u e esea ch should u he op imize obus
agg ega ion and egula iza ion s a egies o mi iga e he
nega i e impac o dis ibu ion imbalance.
Based on his backg ound, he in eg a ion o di e en ial
p i acy and ede a ed lea ning has g adually become a esea ch
ocus in ecen yea s. S udies ha e shown ha in oducing
di e en ial p i acy in o dis ibu ed modeling can p o ec use
da a while imp o ing sys em eliabili y unde non-ideal
condi ions. This in eg a ion can de end agains ex e nal a acks
and supp ess in e e ence om malicious clien s, he eby
imp o ing obus ness o some ex en . Howe e , mos exis ing
wo k s ill emphasizes ei he p i acy p o ec ion o obus ness in
isola ion. A sys ema ic amewo k ha op imizes bo h aspec s
a he same ime is s ill lacking. The e o e, explo ing
di e en ial-p i acy-enhanced ede a ed lea ning o build mo e
obus AI sys ems is no only an ex ension o exis ing esea ch
bu also a necessa y di ec ion o ad ancing us wo hy
a i icial in elligence.
This pape also gi es he impac o he an i-noise ampli ude
on he expe imen al esul s, and he expe imen al esul s a e
shown in Figu e 5.
Figu e 5. The impac o an i-noise ampli ude on
expe imen al esul s
The expe imen al esul s show ha inc easing he ampli ude
o ad e sa ial noise signi ican ly a ec s he o e all
pe o mance o he model. As he noise ampli ude inc eases,
accu acy shows a s eady downwa d end. This indica es ha
unde s ong in e e ence, bo h he con e gence abili y and he
s abili y o decision bounda ies a e damaged. This inding
sugges s ha al hough di e en ial p i acy mechanisms
enhance secu i y, he model s ill shows ulne abili y when
acing addi ional ad e sa ial noise. S onge obus ness
s a egies a e equi ed o main ain pe o mance.
The cu e o p ecision shows ha la ge noise ampli udes
educe he model’s abili y o disc imina e posi i e samples.
This leads o mo e nega i e samples being misclassi ied as
posi i e. When noise is small, he model main ains high
p ecision, which means ha in low-dis u bance en i onmen s,
di e en ial-p i acy-enhanced ede a ed lea ning can balance
p i acy p o ec ion and p edic i e pe o mance. Howe e , when
noise becomes oo s ong, his balance is b oken. The model
sac i ices accu acy in ecogni ion while main aining p i acy.
Fo ecall, he downwa d end is e en mo e e iden . As
noise ampli ude inc eases, he model’s abili y o co e posi i e
samples declines. The ecogni ion o mino i y classes becomes
weake , and missed de ec ions g ow mo e se e e. This shows
ha ecall is one o he mos sensi i e me ics unde high
unce ain y. I also e lec s he limi a ions o combining
di e en ial p i acy and obus ness mechanisms when s ong
ad e sa ial in e e ence is p esen .
The end o F1-Sco e is consis en wi h p ecision and
ecall, showing an o e all decline. This indica es ha he
balance be ween accu acy and co e age is dis up ed by noise
om bo h sides. The expe imen al esul s demons a e ha
al hough di e en ial-p i acy-enhanced ede a ed lea ning can
esis ad e sa ial isks o some ex en , a s onge obus ness
design is s ill needed when noise ampli ude is high. This
emphasizes ha in s udies combining p i acy p o ec ion and
obus ness, adap abili y o ad e sa ial en i onmen s mus be
conside ed. Only hen can he model ensu e usabili y and
us wo hiness in eal-wo ld deploymen .
Based on his backg ound, he in eg a ion o di e en ial
p i acy and ede a ed lea ning has g adually become a esea ch
ocus in ecen yea s. S udies ha e shown ha in oducing
di e en ial p i acy in o dis ibu ed modeling can p o ec use
da a while imp o ing sys em eliabili y unde non-ideal
condi ions. This in eg a ion can de end agains ex e nal a acks
and supp ess in e e ence om malicious clien s, he eby
imp o ing obus ness o some ex en . Howe e , mos exis ing
wo k s ill emphasizes ei he p i acy p o ec ion o obus ness in
isola ion. A sys ema ic amewo k ha op imizes bo h aspec s
a he same ime is s ill lacking. The e o e, explo ing
di e en ial-p i acy-enhanced ede a ed lea ning o build mo e
obus AI sys ems is no only an ex ension o exis ing esea ch
bu also a necessa y di ec ion o ad ancing us wo hy
a i icial in elligence.
5. Conclusion
This s udy ocuses on a di e en ial-p i acy-enhanced
ede a ed lea ning amewo k, aiming o add ess he dual
challenges o da a p i acy p o ec ion and model obus ness.
The p oposed me hod in eg a es di e en ial p i acy
mechanisms wi h obus agg ega ion s a egies. In his way, i
ensu es use da a secu i y while mi iga ing he nega i e impac
o dis ibu ion he e ogenei y, ad e sa ial noise, and abno mal
clien beha io s on model pe o mance. Th ough sys ema ic
compa a i e and sensi i i y expe imen s, he s udy
demons a es ha he amewo k achie es supe io esul s
ac oss mul iple pe o mance me ics, highligh ing he alue and
po en ial o combining di e en ial p i acy wi h obus ness
me hods.
The esul s indica e ha p ope hype pa ame e
con igu a ion and well-designed p i acy budge s a e c ucial o
ensu ing sys em s abili y and u ili y. In mul idimensional
expe imen s in ol ing lea ning a e, clien sampling a e, and
da a imbalance, he model shows s ong obus ness in accu acy,
p ecision, ecall, and F1-Sco e. This no only highligh s he
algo i hmic ad an ages o he me hod bu also con i ms i s
adap abili y o he complexi y o eal-wo ld applica ions. These
indings u he emphasize he impo ance o di e en ial
p i acy mechanisms in achie ing bo h p i acy compliance and
e icien modeling.
F om an applica ion pe spec i e, he p oposed amewo k
p o ides new solu ions o in elligen sys ems in sensi i e
domains such as inancial isk con ol, heal hca e, and sma
ci ies. In hese scena ios, da a a e o en highly p i a e and
s ongly he e ogeneous, and adi ional me hods s uggle o
balance secu i y and e ec i eness. By in eg a ing di e en ial
p i acy wi h obus design, his s udy o e s s ong suppo o
he us wo hiness and usabili y o models in deploymen . I
can he e o e be e se e c i ical asks such as isk
managemen , medical diagnosis, and public sa e y.
In summa y, his s udy con ibu es heo e ical and
me hodological inno a ions o he deep in eg a ion o
di e en ial p i acy and ede a ed lea ning. I also p o ides
empi ical e idence o he de elopmen o obus a i icial
in elligence sys ems. The signi icance lies no only in en iching
he esea ch sys em o p i acy p o ec ion and dis ibu ed
modeling bu also in o e ing p ac ical pa hways o add ess
p i acy compliance and secu i y isks. In he u u e, as
applica ion scena ios expand and secu i y demands inc ease,
di e en ial-p i acy-enhanced ede a ed lea ning amewo ks
a e expec ed o show g ea e alue in mo e complex asks,
d i ing he ad ancemen o us wo hy a i icial in elligence
ac oss indus ies.
Re e ences
[1] Gu X, Li M, Xiong L. P ecad: P i acy-p ese ing and obus ede a ed
lea ning ia c yp o-aided di e en ial p i acy[J]. a Xi p ep in
a Xi :2110.11578, 2021.
[2] Zhu H, Ling Q. B idging di e en ial p i acy and byzan ine- obus ness
ia model agg ega ion[J]. a Xi p ep in a Xi :2205.00107, 2022.
[3] Zhang Z, Hu R. Byzan ine- obus ede a ed lea ning wi h a iance
educ ion and di e en ial p i acy[C]//2023 IEEE Con e ence on
Communica ions and Ne wo k Secu i y (CNS). IEEE, 2023: 1-9.
[4] Fu J, Chen Z, Han X. Adap dp- l: Di e en ially p i a e ede a ed
lea ning wi h adap i e noise[C]//2022 IEEE in e na ional con e ence on
us , secu i y and p i acy in compu ing and communica ions
(T us Com). IEEE, 2022: 656-663.
[5] Feng S, Mohammady M, Hong H, e al. Ha monizing Di e en ial
P i acy Mechanisms o Fede a ed Lea ning: Boos ing Accu acy and
Con e gence[C]//P oceedings o he Fi een h ACM Con e ence on Da a
and Applica ion Secu i y and P i acy. 2024: 60-71.
[6] X. Ren, S. Yang, C. Zhao, J. McCann, and Z. Xu, "Bel and b aces:
When ede a ed lea ning mee s di e en ial p i acy," Communica ions o
he ACM, ol. 67, no. 12, pp. 66-77, 2024.
[7] Guo S, Yang J, Long S, e al. Fede a ed lea ning wi h di e en ial p i acy
ia as Fou ie ans o m o igh e -e icien combining[J]. Scien i ic
Repo s, 2024, 14(1): 26770.
[8] Riess A, Zille A, Kolek S, e al. Complex-Valued Fede a ed Lea ning
wi h Di e en ial P i acy and MRI Applica ions[C]//In e na ional
Con e ence on Medical Image Compu ing and Compu e -Assis ed
In e en ion. Cham: Sp inge Na u e Swi ze land, 2024: 191-203.
[9] X. Gu, M. Li, and L. Xiong, "P eCAD: P i acy-p ese ing and obus
ede a ed lea ning ia c yp o-aided di e en ial p i acy," a Xi p ep in
a Xi :2110.11578, 2021.
[10] Nase i M, Hayes J, De C is o a o E. Local and cen al di e en ial
p i acy o obus ness and p i acy in ede a ed lea ning[J]. a Xi
p ep in a Xi :2009.03561, 2020.
[11] Fu J, Hong Y, Ling X, e al. Di e en ially p i a e ede a ed lea ning: A
sys ema ic e iew[J]. a Xi p ep in a Xi :2405.08299, 2024.
[12] Qi T, Wang H, Huang Y. Towa ds he obus ness o di e en ially p i a e
ede a ed lea ning[C]//P oceedings o he AAAI Con e ence on
A i icial In elligence. 2024, 38(18): 19911-19919.
[13] Lyu L, Yu H, Ma X, e al. P i acy and obus ness in ede a ed lea ning:
A acks and de enses[J]. IEEE ansac ions on neu al ne wo ks and
lea ning sys ems, 2022, 35(7): 8726-8746.
[14] Wu F, Li Z, Li Y, e al. Fedbio : Llm local ine- uning in ede a ed
lea ning wi hou ull model[C]//P oceedings o he 30 h ACM SIGKDD
Con e ence on Knowledge Disco e y and Da a Mining. 2024: 3345-
3355.
[15] S. Li, E. C. H. Ngai, and T. Voig , "An expe imen al s udy o byzan ine-
obus agg ega ion schemes in ede a ed lea ning," IEEE T ansac ions
on Big Da a, ol. 10, no. 6, pp. 975-988, 2023.
[16] Zhang Y, Chen H, Lin Z, e al. FedAC: An Adap i e Clus e ed Fede a ed
Lea ning F amewo k o He e ogeneous Da a[J]. a Xi p ep in
a Xi :2403.16460, 2024.
[17] Hu M, Cao Y, Li A, e al. FedMu : Gene alized ede a ed lea ning ia
s ochas ic mu a ion[C]//P oceedings o he AAAI con e ence on
a i icial in elligence. 2024, 38(11): 12528-12537.