A Lightweight and Secure Deep Learning Model for Privacy-Preserving Federated Learning in Intelligent Enterprises

TL;DR

This work tackles privacy-preserving federated learning in Intelligent Enterprises facing non-IID data, poisoning/inference threats, and communication overhead. It introduces FedAnil+, a lightweight DL model that (i) handles data-type skew via Cosine Similarity and Affinity Propagation clustering, (ii) protects privacy with CKKS-FHE-enabled encrypted aggregation and a consortium blockchain along with encoded gradient vectors, and (iii) reduces communication through K-Medoids-based gradient quantization and lossless entropy encoding. Theoretical convergence guarantees are provided, and empirical results on Sent140, Fashion-MNIST, FEMNIST, and CIFAR-10 show improved accuracy (up to ~26%), lower communication (up to ~25%), and reduced computation (up to ~11%) compared with baselines, while resisting inference and poisoning attacks. The proposed framework offers a practical, secure, and scalable blueprint for enterprise-scale FL in IoT-rich environments.

Abstract

The ever growing Internet of Things (IoT) connections drive a new type of organization, the Intelligent Enterprise. In intelligent enterprises, machine learning based models are adopted to extract insights from data. Due to the efficiency and privacy challenges of these traditional models, a new federated learning (FL) paradigm has emerged. In FL, multiple enterprises can jointly train a model to update a final model. However, firstly, FL trained models usually perform worse than centralized models, especially when enterprises training data is non-IID (Independent and Identically Distributed). Second, due to the centrality of FL and the untrustworthiness of local enterprises, traditional FL solutions are vulnerable to poisoning and inference attacks and violate privacy. Thirdly, the continuous transfer of parameters between enterprises and servers increases communication costs. To this end, the FedAnil+ model is proposed, a novel, lightweight, and secure Federated Deep Learning Model that includes three main phases. In the first phase, the goal is to solve the data type distribution skew challenge. Addressing privacy concerns against poisoning and inference attacks is covered in the second phase. Finally, to alleviate the communication overhead, a novel compression approach is proposed that significantly reduces the size of the updates. The experiment results validate that FedAnil+ is secure against inference and poisoning attacks with better accuracy. In addition, it shows improvements over existing approaches in terms of model accuracy (13%, 16%, and 26%), communication cost (17%, 21%, and 25%), and computation cost (7%, 9%, and 11%).

Figures (7)

• Figure 1: $\varphi_1$ and $\varphi_2$ in the $\textsc{FedAnil+}$ model.
• Figure 2: Quantization in the $\textsc{FedAnil+}$.
• Figure 3: Non-IID data distribution. Different colors represent different labels, and each column represents an enterprise's data distribution. (a) $\alpha \rightarrow 0.1$; (b) $\alpha \rightarrow 1$; (c) $\alpha \rightarrow\infty$.
• Figure 4: Comparison of the overall accuracy between $\textsc{FedAnil+}$ and existing methods where the $\varepsilon$ is fixed at $30$ and $R=50$. ($\mu=20\%$).
• Figure 5: Comparison of the communication cost between $\textsc{FedAnil+}$ and existing methods where the $\varepsilon$ is fixed at $30$ and $R=50$. ($\mu=20\%$).