Research on Privacy Protection in Federated Learning Combining Distillation Defense and Blockchain
Round 1
Reviewer 1 Report
Comments and Suggestions for AuthorsThe article proposes an innovative approach for privacy protection in federated learning by combining knowledge distillation defense techniques and decentralized blockchain technology. The key ideas and contribution of the work are solid. However, there are some aspects that could be improved:
- The attack model considered is somewhat limited. Only a few white-box attack methods like FGSM are evaluated. The defense should be tested against more advanced black-box attacks to fully validate its robustness.
- More details on the parameter tuning process and its impact on convergence/performance could be provided. Some key hyperparameters like temperature and weights are chosen empirically but the rationale is not clearly explained.
- The experimental setup assumes a relatively small number of clients (20) which may not sufficiently represent real-world large-scale federated learning scenarios. The approach needs to be evaluated at a larger scale.
- Privacy guarantees are claimed but not formally proven. Differential privacy or other quantification of privacy leakage is lacking. More analysis is needed to numerically evaluate the privacy enhancement.
- Incentive mechanisms are proposed but not deeply analyzed. Issues like sufficient incentives for honest participation, preventing manipulation, Sybil attacks need thorough consideration.
- Blockchain brings overhead that is not characterized. The costs of consensus, storage, communication could impact feasibility depending on the application context.
Overall, the paper proposes an innovative integration of distillation defense with blockchain that has the potential to strengthen privacy protection in federated learning. However, more rigorous attack evaluation, theoretical analysis, large-scale testing and quantification of gains/costs are needed to substantiate the claims. With the suggested improvements, the work could have a significant impact on privacy-preserving distributed machine learning research.
Author Response
Please see the attachment
Author Response File: 
Author Response.pdf
Reviewer 2 Report
Comments and Suggestions for AuthorsPlease write how you measure reputation of client
Section “4.1. Experiment Setting” -- is too laconic and requires additional information. Please give a real example with precise description. Without such example the punch of the work does not exist. Instead submitted publication is in type "we want publication".
“Firstly, the experiment compared the distilled defense-based method used in this study with the traditional FedAvg algorithm in the absence of malicious device intervention.” – please define what is malicious device, and what type of intervention it can do?
Figure 2 - what the authors understand by the concept of accuracy. According to my opinion, with such a laconic description of the experiment, accuracy can be anything.
The sentence of conclusion: “Finally, it should be noted that this study’s model operates in a simulated environment.” must be positioned in abstract section.
Comments on the Quality of English LanguageAn example of not very precise, but baroque language can be found at the beginning of the abstract section:
“Traditional federated learning addresses the data security issue stemming from the need to centralize client datasets for training models on a central server. However, this approach still poses risks to privacy protection. For instance, the central server is unable to verify privacy breaches resulting from poisoning attacks by malicious clients. Additionally, defense sample attacks, which involve testing local models on the client side, can potentially infer specific samples of raw data.”
In the following sentences we see a lack of precision and jargon forms :
“This study proposes a privacy protection method for federated learning that combines distillation defense with blockchain.” -- such a sentence addresses the publication to a narrow circle of readers.
In my opinion, the abstract section should be re-written. You have an example of fine text in the first paragraph of introduction section.
Author Response
Please see the attachment
Author Response File: Author Response.pdf
Round 2
Reviewer 1 Report
Comments and Suggestions for AuthorsThe authors address the comments that improve the quality of this paper.
Reviewer 2 Report
Comments and Suggestions for AuthorsThe publication was corrected properly. All-important doubts were explained precisely.
Comments on the Quality of English LanguageThere are punctuation errors in the work, most often related to the end of the sentence. These are errors that can be easily corrected automatically.
