DP-FedPGN：通过惩罚梯度范数寻找差分隐私联邦学习的全局平坦最小值 (DP-FedPGN: Finding Global Flat Minima for Differentially Private Federated Learning via Penalizing Gradient Norm)

To prevent inference attacks in Federated Learning (FL) and reduce the leakage of sensitive information, Client-level Differentially Private Federated Learning (CL-DPFL) is widely used. However, current CL-DPFL methods usually result in sharper loss landscapes, which leads to a decrease in model generalization after differential privacy protection. By using Sharpness Aware Minimization (SAM), the current popular federated learning methods are to find a local flat minimum value to alleviate this problem. However, the local flatness may not reflect the global flatness in CL-DPFL. Therefore, to address this issue and seek global flat minima of models, we propose a new CL-DPFL algorithm, DP-FedPGN, in which we introduce a global gradient norm penalty to the local loss to find the global flat minimum. Moreover, by using our global gradient norm penalty, we not only find a flatter global minimum but also reduce the locally updated norm, which means that we further reduce the error of gradient clipping. From a theoretical perspective, we analyze how DP-FedPGN mitigates the performance degradation caused by DP. Meanwhile, the proposed DP-FedPGN algorithm eliminates the impact of data heterogeneity and achieves fast convergence. We also use R\'enyi DP to provide strict privacy guarantees and provide sensitivity analysis for local updates. Finally, we conduct effectiveness tests on both ResNet and Transformer models, and achieve significant improvements in six visual and natural language processing tasks compared to existing state-of-the-art algorithms. The code is available at https://github.com/junkangLiu0/DP-FedPGN

翻译：为防止联邦学习（FL）中的推理攻击并减少敏感信息泄露，客户端级差分隐私联邦学习（CL-DPFL）被广泛采用。然而，现有CL-DPFL方法通常会导致损失函数景观更为尖锐，从而在差分隐私保护后降低模型的泛化能力。通过使用锐度感知最小化（SAM），当前流行的联邦学习方法旨在寻找局部平坦最小值以缓解此问题。但在CL-DPFL中，局部平坦性可能无法反映全局平坦性。为此，为寻求模型的全局平坦最小值，我们提出了一种新的CL-DPFL算法DP-FedPGN，通过在局部损失函数中引入全局梯度范数惩罚项来寻找全局平坦最小值。此外，通过使用我们的全局梯度范数惩罚，不仅能够找到更平坦的全局最小值，还能降低局部更新范数，这意味着我们进一步减少了梯度裁剪带来的误差。从理论角度，我们分析了DP-FedPGN如何缓解差分隐私导致的性能下降。同时，所提出的DP-FedPGN算法消除了数据异质性的影响并实现了快速收敛。我们还使用Rényi差分隐私提供严格的隐私保障，并对局部更新进行敏感性分析。最后，我们在ResNet和Transformer模型上进行了有效性测试，在六项视觉与自然语言处理任务中相比现有最先进算法取得了显著提升。代码发布于https://github.com/junkangLiu0/DP-FedPGN。