Model fusion is becoming a crucial component in the context of model-as-a-service scenarios, enabling the delivery of high-quality model services to local users. However, this approach introduces privacy risks and imposes certain limitations on its applications. Ensuring secure model exchange and knowledge fusion among users becomes a significant challenge in this setting. To tackle this issue, we propose PrivFusion, a novel architecture that preserves privacy while facilitating model fusion under the constraints of local differential privacy. PrivFusion leverages a graph-based structure, enabling the fusion of models from multiple parties without necessitating retraining. By employing randomized mechanisms, PrivFusion ensures privacy guarantees throughout the fusion process. To enhance model privacy, our approach incorporates a hybrid local differentially private mechanism and decentralized federated graph matching, effectively protecting both activation values and weights. Additionally, we introduce a perturbation filter adapter to alleviate the impact of randomized noise, thereby preserving the utility of the fused model. Through extensive experiments conducted on diverse image datasets and real-world healthcare applications, we provide empirical evidence showcasing the effectiveness of PrivFusion in maintaining model performance while preserving privacy. Our contributions offer valuable insights and practical solutions for secure and collaborative data analysis within the domain of privacy-preserving model fusion.

翻译：模型融合正成为模型即服务场景中的关键组件，能够向本地用户提供高质量的模型服务。然而，这种方法引入了隐私风险，对其应用施加了某些限制。在此背景下，确保用户间的安全模型交换和知识融合成为一项重大挑战。为解决这一问题，我们提出PrivFusion——一种在局部差分隐私约束下实现隐私保护与模型融合的新型架构。PrivFusion利用基于图的结构，支持多方模型融合而无需重新训练。通过采用随机化机制，PrivFusion在整个融合过程中确保隐私保障。为增强模型隐私性，我们的方法融合了混合局部差分隐私机制与去中心化联邦图匹配，有效保护激活值和权重。此外，我们引入扰动滤波器适配器以缓解随机噪声的影响，从而保持融合模型的实用性。通过在多样化图像数据集和真实医疗应用上的广泛实验，我们提供了实证证据，展示了PrivFusion在保持模型性能的同时维护隐私的有效性。我们的贡献为隐私保护模型融合领域的安全协作数据分析提供了有价值的见解和实用解决方案。