Secure Federated Learning with Model Compression

Although federated Learning (FL) has become very popular recently, FL is vulnerable to gradient leakage attacks. Recent studies have shown that clients' private data can be reconstructed from shared models or gradients by attackers. Many existing works focus on adding privacy protection mechanisms to prevent user privacy leakage, such as differential privacy (DP) and homomorphic encryption. However, these defenses may cause an increase of computation and communication costs or degrade the performance of FL, and do not consider the impact of wireless network resources on the FL training process. Herein, we propose a defense method, weight compression, to prevent gradient leakage attacks for FL over wireless networks. The gradient compression matrix is determined by the user's location and channel conditions. Moreover, we also add Gaussian noise to the compressed gradients to strengthen the defense. This joint learning, wireless resource allocation and weight compression matrix is formulated as an optimization problem with the objective of minimizing the FL loss function. To find the solution, we first analyze the convergence rate of FL and quantify the effect of the weight matrix on FL convergence. Then, we seek the optimal resource block (RB) allocation by exhaustive search or ant colony optimization (ACO), and then use CVX toolbox to obtain the optimal weight matrix to minimize the optimization function. Our simulation results show that the optimized RB can accelerate the convergence of FL.