Federated learning (FL) has emerged as a collaborative approach that allows multiple clients to jointly learn a machine learning model without sharing their private data. The concern about privacy leakage, albeit demonstrated under specific conditions, has triggered numerous follow-up research in designing powerful attacking methods and effective defending mechanisms aiming to thwart these attacking methods. Nevertheless, privacy-preserving mechanisms employed in these defending methods invariably lead to compromised model performances due to a fixed obfuscation applied to private data or gradients. In this article, we, therefore, propose a novel adaptive obfuscation mechanism, coined FedAdOb, to protect private data without yielding original model performances. Technically, FedAdOb utilizes passport-based adaptive obfuscation to ensure data privacy in both horizontal and vertical federated learning settings. The privacy-preserving capabilities of FedAdOb, specifically with regard to private features and labels, are theoretically proven through Theorems 1 and 2. Furthermore, extensive experimental evaluations conducted on various datasets and network architectures demonstrate the effectiveness of FedAdOb by manifesting its superior trade-off between privacy preservation and model performance, surpassing existing methods.

翻译：联邦学习（FL）作为一种协作式方法，允许多个客户端在不共享私有数据的情况下联合训练机器学习模型。尽管隐私泄露问题仅在特定条件下被证实，但已引发大量后续研究，旨在设计强大的攻击方法与有效的防御机制以抵御这些攻击。然而，现有防御方法采用的隐私保护机制由于对私有数据或梯度施加了固定的混淆操作，均不可避免地导致模型性能下降。为此，本文提出一种新颖的自适应混淆机制——FedAdOb，旨在保护私有数据的同时不损失原始模型性能。在技术上，FedAdOb利用基于护照的自适应混淆机制，在横向与纵向联邦学习场景中均能确保数据隐私。通过定理1与定理2，我们从理论上证明了FedAdOb对私有特征与标签的隐私保护能力。此外，在不同数据集与网络架构上进行的大量实验评估表明，FedAdOb在隐私保护与模型性能之间取得了更优的权衡效果，其有效性超越了现有方法。