Federated learning (FL) aims to collaboratively train the global model in a distributed manner by sharing the model parameters from local clients to a central server, thereby potentially protecting users' private information. Nevertheless, recent studies have illustrated that FL still suffers from information leakage as adversaries try to recover the training data by analyzing shared parameters from local clients. To deal with this issue, differential privacy (DP) is adopted to add noise to the gradients of local models before aggregation. It, however, results in the poor performance of gradient-based interpretability methods, since some weights capturing the salient region in feature map will be perturbed. To overcome this problem, we propose a simple yet effective adaptive differential privacy (ADP) mechanism that selectively adds noisy perturbations to the gradients of client models in FL. We also theoretically analyze the impact of gradient perturbation on the model interpretability. Finally, extensive experiments on both IID and Non-IID data demonstrate that the proposed ADP can achieve a good trade-off between privacy and interpretability in FL.

翻译：联邦学习（FL）旨在通过将本地客户端的模型参数共享至中央服务器，以分布式方式协同训练全局模型，从而潜在地保护用户的隐私信息。然而，最近研究表明，由于攻击者试图通过分析共享的本地客户端参数来恢复训练数据，联邦学习仍存在信息泄露风险。为解决此问题，差分隐私（DP）被引入，在聚合前对本地模型梯度添加噪声。然而，这会导致基于梯度的可解释性方法性能下降，因为捕捉特征图中显著区域的部分权重会受到扰动。为克服这一难题，我们提出一种简单而有效的自适应差分隐私（ADP）机制，可在联邦学习中对客户端模型梯度选择性地添加噪声扰动。我们还从理论上分析了梯度扰动对模型可解释性的影响。最后，在独立同分布（IID）和非独立同分布（Non-IID）数据上的大量实验表明，所提出的ADP能在联邦学习中实现隐私与可解释性之间的良好平衡。