Will Abramson,Adam James Hall,Pavlos Papadopoulos,Nikolaos Pitropakis,William J Buchanan

DOI: https://doi.org/10.1007/978-3-030-58986-8_14

2020-06-04

Abstract:When training a machine learning model, it is standard procedure for the researcher to have full knowledge of both the data and model. However, this engenders a lack of trust between data owners and data scientists. Data owners are justifiably reluctant to relinquish control of private information to third parties. Privacy-preserving techniques distribute computation in order to ensure that data remains in the control of the owner while learning takes place. However, architectures distributed amongst multiple agents introduce an entirely new set of security and trust complications. These include data poisoning and model theft. This paper outlines a distributed infrastructure which is used to facilitate peer-to-peer trust between distributed agents; collaboratively performing a privacy-preserving workflow. Our outlined prototype sets industry gatekeepers and governance bodies as credential issuers. Before participating in the distributed learning workflow, malicious actors must first negotiate valid credentials. We detail a proof of concept using Hyperledger Aries, Decentralised Identifiers (DIDs) and Verifiable Credentials (VCs) to establish a distributed trust architecture during a privacy-preserving machine learning experiment. Specifically, we utilise secure and authenticated DID communication channels in order to facilitate a federated learning workflow related to mental health care data.

Cryptography and Security,Computers and Society,Distributed, Parallel, and Cluster Computing,Computer Science and Game Theory,Machine Learning

Ramesh Upreti,Pedro G. Lind,Ahmed Elmokashfi,Anis Yazidi

DOI: https://doi.org/10.1007/s10207-024-00813-3

2024-04-03

International Journal of Information Security

Abstract:Abstract Artificial intelligence-based algorithms are widely adopted in critical applications such as healthcare and autonomous vehicles. Mitigating the security and privacy issues of AI models, and enhancing their trustworthiness have become of paramount importance. We present a detailed investigation of existing security, privacy, and defense techniques and strategies to make machine learning more secure and trustworthy. We focus on the new paradigm of machine learning called federated learning, where one aims to develop machine learning models involving different partners (data sources) that do not need to share data and information with each other. In particular, we discuss how federated learning bridges security and privacy, how it guarantees privacy requirements of AI applications, and then highlight challenges that need to be addressed in the future. Finally, after having surveyed the high-level concepts of trustworthy AI and its different components and identifying present research trends addressing security, privacy, and trustworthiness separately, we discuss possible interconnections and dependencies between these three fields. All in all, we provide some insight to explain how AI researchers should focus on building a unified solution combining security, privacy, and trustworthy AI in the future.

computer science, information systems, theory & methods, software engineering

Dmitrii Usynin,Alexander Ziller,Daniel Rueckert,Jonathan Passerat-Palmbach,Georgios Kaissis

DOI: https://doi.org/10.48550/arXiv.2112.11040

IF: 5.414

2021-12-21

Machine Learning

Abstract:The utilisation of large and diverse datasets for machine learning (ML) at scale is required to promote scientific insight into many meaningful problems. However, due to data governance regulations such as GDPR as well as ethical concerns, the aggregation of personal and sensitive data is problematic, which prompted the development of alternative strategies such as distributed ML (DML). Techniques such as Federated Learning (FL) allow the data owner to maintain data governance and perform model training locally without having to share their data. FL and related techniques are often described as privacy-preserving. We explain why this term is not appropriate and outline the risks associated with over-reliance on protocols that were not designed with formal definitions of privacy in mind. We further provide recommendations and examples on how such algorithms can be augmented to provide guarantees of governance, security, privacy and verifiability for a general ML audience without prior exposure to formal privacy techniques.

Runhua Xu,Nathalie Baracaldo,Yi Zhou,Ali Anwar,Swanand Kadhe,Heiko Ludwig

DOI: https://doi.org/10.48550/arXiv.2207.07779

2022-07-16

Abstract:Federated learning has emerged as a privacy-preserving machine learning approach where multiple parties can train a single model without sharing their raw training data. Federated learning typically requires the utilization of multi-party computation techniques to provide strong privacy guarantees by ensuring that an untrusted or curious aggregator cannot obtain isolated replies from parties involved in the training process, thereby preventing potential inference attacks. Until recently, it was thought that some of these secure aggregation techniques were sufficient to fully protect against inference attacks coming from a curious aggregator. However, recent research has demonstrated that a curious aggregator can successfully launch a disaggregation attack to learn information about model updates of a target party. This paper presents DeTrust-FL, an efficient privacy-preserving federated learning framework for addressing the lack of transparency that enables isolation attacks, such as disaggregation attacks, during secure aggregation by assuring that parties' model updates are included in the aggregated model in a private and secure manner. DeTrust-FL proposes a decentralized trust consensus mechanism and incorporates a recently proposed decentralized functional encryption (FE) scheme in which all parties agree on a participation matrix before collaboratively generating decryption key fragments, thereby gaining control and trust over the secure aggregation process in a decentralized setting. Our experimental evaluation demonstrates that DeTrust-FL outperforms state-of-the-art FE-based secure multi-party aggregation solutions in terms of training time and reduces the volume of data transferred. In contrast to existing approaches, this is achieved without creating any trust dependency on external trusted entities.

Cryptography and Security

Sheng Shen,Tianqing Zhu,Di Wu,Wei Wang,Wanlei Zhou

DOI: https://doi.org/10.1002/cpe.6002

2020-09-23

Concurrency and Computation: Practice and Experience

Abstract:<p>Federated learning is an improved version of distributed machine learning that further offloads operations which would usually be performed by a central server. The server becomes more like an assistant coordinating clients to work together rather than micromanaging the workforce as in traditional DML. One of the greatest advantages of federated learning is the additional privacy and security guarantees it affords. Federated learning architecture relies on smart devices, such as smartphones and IoT sensors, that collect and process their own data, so sensitive information never has to leave the client device. Rather, clients train a submodel locally and send an encrypted update to the central server for aggregation into the global model. These strong privacy guarantees make federated learning an attractive choice in a world where data breaches and information theft are common and serious threats. This survey outlines the landscape and latest developments in data privacy and security for federated learning. We identify the different mechanisms used to provide privacy and security, such as differential privacy, secure multiparty computation and secure aggregation. We also survey the current attack models, identifying the areas of vulnerability and the strategies adversaries use to penetrate federated systems. The survey concludes with a discussion on the open challenges and potential directions of future work in this increasingly popular learning paradigm.</p>

English Else

Elaheh Jafarigol,Theodore Trafalis,Talayeh Razzaghi,Mona Zamankhani

2023-11-18

Abstract:In the growing world of artificial intelligence, federated learning is a distributed learning framework enhanced to preserve the privacy of individuals' data. Federated learning lays the groundwork for collaborative research in areas where the data is sensitive. Federated learning has several implications for real-world problems. In times of crisis, when real-time decision-making is critical, federated learning allows multiple entities to work collectively without sharing sensitive data. This distributed approach enables us to leverage information from multiple sources and gain more diverse insights. This paper is a systematic review of the literature on privacy-preserving machine learning in the last few years based on the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) guidelines. Specifically, we have presented an extensive review of supervised/unsupervised machine learning algorithms, ensemble methods, meta-heuristic approaches, blockchain technology, and reinforcement learning used in the framework of federated learning, in addition to an overview of federated learning applications. This paper reviews the literature on the components of federated learning and its applications in the last few years. The main purpose of this work is to provide researchers and practitioners with a comprehensive overview of federated learning from the machine learning point of view. A discussion of some open problems and future research directions in federated learning is also provided.

Machine Learning,Artificial Intelligence

M.A.P. Chamikara,P. Bertok,I. Khalil,D. Liu,S. Camtepe

DOI: https://doi.org/10.1016/j.comcom.2021.02.014

IF: 5.047

2021-04-01

Computer Communications

Abstract:<p>Edge computing and distributed machine learning have advanced to a level that can revolutionize a particular organization. Distributed devices such as the Internet of Things (IoT) often produce a large amount of data, eventually resulting in big data that can be vital in uncovering hidden patterns, and other insights in numerous fields such as healthcare, banking, and policing. Data related to areas such as healthcare and banking can contain potentially sensitive data that can become public if they are not appropriately sanitized. Federated learning (FedML) is a recently developed distributed machine learning (DML) approach that tries to preserve privacy by bringing the learning of an ML model to data owners'. However, literature shows different attack methods such as membership inference that exploit the vulnerabilities of ML models as well as the coordinating servers to retrieve private data. Hence, FedML needs additional measures to guarantee data privacy. Furthermore, big data often requires more resources than available in a standard computer. This paper addresses these issues by proposing a distributed perturbation algorithm named as DISTPAB, for privacy preservation of horizontally partitioned data. DISTPAB alleviates computational bottlenecks by distributing the task of privacy preservation utilizing the asymmetry of resources of a distributed environment, which can have resource-constrained devices as well as high-performance computers. Experiments show that DISTPAB provides high accuracy, high efficiency, high scalability, and high attack resistance. Further experiments on privacy-preserving FedML show that DISTPAB is an excellent solution to stop privacy leaks in DML while preserving high data utility.</p>

computer science, information systems,telecommunications,engineering, electrical & electronic

Tyler J Loftus,Matthew M Ruppert,Benjamin Shickel,Tezcan Ozrazgat-Baslanti,Jeremy A Balch,Philip A Efron,Gilbert R Upchurch Jr,Parisa Rashidi,Christopher Tignanelli,Jiang Bian,Azra Bihorac

DOI: https://doi.org/10.1177/20552076221134455

2022-10-27

Abstract:Generalizability, external validity, and reproducibility are high priorities for artificial intelligence applications in healthcare. Traditional approaches to addressing these elements involve sharing patient data between institutions or practice settings, which can compromise data privacy (individuals' right to prevent the sharing and disclosure of information about themselves) and data security (simultaneously preserving confidentiality, accuracy, fidelity, and availability of data). This article describes insights from real-world implementation of federated learning techniques that offer opportunities to maintain both data privacy and availability via collaborative machine learning that shares knowledge, not data. Local models are trained separately on local data. As they train, they send local model updates (e.g. coefficients or gradients) for consolidation into a global model. In some use cases, global models outperform local models on new, previously unseen local datasets, suggesting that collaborative learning from a greater number of examples, including a greater number of rare cases, may improve predictive performance. Even when sharing model updates rather than data, privacy leakage can occur when adversaries perform property or membership inference attacks which can be used to ascertain information about the training set. Emerging techniques mitigate risk from adversarial attacks, allowing investigators to maintain both data privacy and availability in collaborative healthcare research. When data heterogeneity between participating centers is high, personalized algorithms may offer greater generalizability by improving performance on data from centers with proportionately smaller training sample sizes. Properly applied, federated learning has the potential to optimize the reproducibility and performance of collaborative learning while preserving data security and privacy.

Fardin Jalil Piran,Zhiling Chen,Mohsen Imani,Farhad Imani

2024-11-25

Abstract:Federated Learning (FL) is essential for efficient data exchange in Internet of Things (IoT) environments, as it trains Machine Learning (ML) models locally and shares only model updates. However, FL is vulnerable to privacy threats like model inversion and membership inference attacks, which can expose sensitive training data. To address these privacy concerns, Differential Privacy (DP) mechanisms are often applied. Yet, adding DP noise to black-box ML models degrades performance, especially in dynamic IoT systems where continuous, lifelong FL learning accumulates excessive noise over time. To mitigate this issue, we introduce Federated HyperDimensional computing with Privacy-preserving (FedHDPrivacy), an eXplainable Artificial Intelligence (XAI) framework that combines the neuro-symbolic paradigm with DP. FedHDPrivacy carefully manages the balance between privacy and performance by theoretically tracking cumulative noise from previous rounds and adding only the necessary incremental noise to meet privacy requirements. In a real-world case study involving in-process monitoring of manufacturing machining operations, FedHDPrivacy demonstrates robust performance, outperforming standard FL frameworks-including Federated Averaging (FedAvg), Federated Stochastic Gradient Descent (FedSGD), Federated Proximal (FedProx), Federated Normalized Averaging (FedNova), and Federated Adam (FedAdam)-by up to 38%. FedHDPrivacy also shows potential for future enhancements, such as multimodal data fusion.

Machine Learning,Artificial Intelligence,Cryptography and Security

Philip Treleaven,Malgorzata Smietanka,Hirsh Pithadia

DOI: https://doi.org/10.1109/mc.2021.3052390

2022-04-01

Computer

Abstract:Federated learning (pioneered by Google) is a new class of machine learning models trained on distributed data sets, and equally important, a key privacy-preserving data technology. The contribution of this article is to place it in perspective to other data science technologies.

computer science, software engineering, hardware & architecture

Branislav Stojkovic,Jonathan Woodbridge,Zhihan Fang,Jerry Cai,Andrey Petrov,Sathya Iyer,Daoyu Huang,Patrick Yau,Arvind Sastha Kumar,Hitesh Jawa,Anamita Guha

DOI: https://doi.org/10.48550/arXiv.2206.00807

2022-06-08

Abstract:The classical machine learning paradigm requires the aggregation of user data in a central location where machine learning practitioners can preprocess data, calculate features, tune models and evaluate performance. The advantage of this approach includes leveraging high performance hardware (such as GPUs) and the ability of machine learning practitioners to do in depth data analysis to improve model performance. However, these advantages may come at a cost to data privacy. User data is collected, aggregated, and stored on centralized servers for model development. Centralization of data poses risks, including a heightened risk of internal and external security incidents as well as accidental data misuse. Federated learning with differential privacy is designed to avoid the server-side centralization pitfall by bringing the ML learning step to users' devices. Learning is done in a federated manner where each mobile device runs a training loop on a local copy of a model. Updates from on-device models are sent to the server via encrypted communication and through differential privacy to improve the global model. In this paradigm, users' personal data remains on their devices. Surprisingly, model training in this manner comes at a fairly minimal degradation in model performance. However, federated learning comes with many other challenges due to its distributed nature, heterogeneous compute environments and lack of data visibility. This paper explores those challenges and outlines an architectural design solution we are exploring and testing to productionize federated learning at Meta scale.

Machine Learning

Ehsan Hallaji,Roozbeh Razavi-Far,Mehrdad Saif,Boyu Wang,Qiang Yang

DOI: https://doi.org/10.1109/TBDATA.2024.3362191

2024-01-26

Abstract:Federated learning has been rapidly evolving and gaining popularity in recent years due to its privacy-preserving features, among other advantages. Nevertheless, the exchange of model updates and gradients in this architecture provides new attack surfaces for malicious users of the network which may jeopardize the model performance and user and data privacy. For this reason, one of the main motivations for decentralized federated learning is to eliminate server-related threats by removing the server from the network and compensating for it through technologies such as blockchain. However, this advantage comes at the cost of challenging the system with new privacy threats. Thus, performing a thorough security analysis in this new paradigm is necessary. This survey studies possible variations of threats and adversaries in decentralized federated learning and overviews the potential defense mechanisms. Trustability and verifiability of decentralized federated learning are also considered in this study.

Cryptography and Security,Artificial Intelligence,Machine Learning

Xiaohui Yang,Chongbo Xing

DOI: https://doi.org/10.1155/2024/8138644

2024-01-07

Wireless Communications and Mobile Computing

Abstract:Federated learning-based medical data privacy sharing can promote the development of medical industry intelligence, but limited by its own security and privacy deficiencies, federated learning still suffers from a single point of failure and privacy leakage of intermediate parameters. To address these problems, this paper proposes a privacy protection framework for medical data based on blockchain and cross-silo federated learning, using cross-silo federated learning to establish a collaborative training platform for multiple medical institutions to enhance the privacy of medical data, introducing blockchain and smart contracts to realize decentralized federated learning to enhance trust between distrustful medical institutions and solve the problem of a single point of failure. In addition, a secure aggregation scheme is designed using threshold homomorphic encryption to prevent the privacy leakage problem during parameter transmission. The experimental and analytical results show that the accuracy of this paper's scheme is consistent with the original federated learning scheme, effectively deals with the problems of single-point failure and inference attacks of federated learning, improves system robustness, and is suitable for medical scenarios with more stringent requirements on security and accuracy.

computer science, information systems,telecommunications,engineering, electrical & electronic

Thorsten Wittkopp,Alexander Acker

DOI: https://doi.org/10.48550/arXiv.2102.00880

2021-02-01

Abstract:The increasing complexity of IT systems requires solutions, that support operations in case of failure. Therefore, Artificial Intelligence for System Operations (AIOps) is a field of research that is becoming increasingly focused, both in academia and industry. One of the major issues of this area is the lack of access to adequately labeled data, which is majorly due to legal protection regulations or industrial confidentiality. Methods to mitigate this stir from the area of federated learning, whereby no direct access to training data is required. Original approaches utilize a central instance to perform the model synchronization by periodical aggregation of all model parameters. However, there are many scenarios where trained models cannot be published since its either confidential knowledge or training data could be reconstructed from them. Furthermore the central instance needs to be trusted and is a single point of failure. As a solution, we propose a fully decentralized approach, which allows to share knowledge between trained models. Neither original training data nor model parameters need to be transmitted. The concept relies on teacher and student roles that are assigned to the models, whereby students are trained on the output of their teachers via synthetically generated input data. We conduct a case study on log anomaly detection. The results show that an untrained student model, trained on the teachers output reaches comparable F1-scores as the teacher. In addition, we demonstrate that our method allows the synchronization of several models trained on different distinct training data subsets.

Machine Learning,Networking and Internet Architecture

Olivia Choudhury,Aris Gkoulalas-Divanis,Theodoros Salonidis,Issa Sylla,Yoonyoung Park,Grace Hsu,Amar Das

DOI: https://doi.org/10.48550/arXiv.1910.02578

2020-02-27

Abstract:Leveraging real-world health data for machine learning tasks requires addressing many practical challenges, such as distributed data silos, privacy concerns with creating a centralized database from person-specific sensitive data, resource constraints for transferring and integrating data from multiple sites, and risk of a single point of failure. In this paper, we introduce a federated learning framework that can learn a global model from distributed health data held locally at different sites. The framework offers two levels of privacy protection. First, it does not move or share raw data across sites or with a centralized server during the model training process. Second, it uses a differential privacy mechanism to further protect the model from potential privacy attacks. We perform a comprehensive evaluation of our approach on two healthcare applications, using real-world electronic health data of 1 million patients. We demonstrate the feasibility and effectiveness of the federated learning framework in offering an elevated level of privacy and maintaining utility of the global model.

Machine Learning,Cryptography and Security

Rajasekhara Babu Madda,Shaik Mahamad Shakeer

DOI: https://doi.org/10.2174/1872212117666230112110257

2023-02-25

Recent Patents on Engineering

Abstract:Privacy leakage that occurs when many IoT devices are utilized for training centralized models, a new distributed learning framework known as federated learning was created, where devices train models together while keeping their private datasets local. In a federated learning setup, a central aggregator coordinates the efforts of several clients working together to solve machine learning issues. The privacy of each device's data is protected by this setup's decentralized training data. Federated learning reduces traditional centralized machine learning systems' systemic privacy issues and costs by emphasizing local processing and model transfer. Client information is stored locally and cannot be copied or shared. By utilizing a centralized server, federated learning enables each participant's device to collect data locally for training purposes before sending the resulting model to the server for aggregate and subsequent distribution. As a means of providing a comprehensive review and encouraging further research into the topic, we introduce the works of federated learning from five different vantage points: data partitioning, privacy method, machine learning model, communication architecture, and systems heterogeneity. Then, we organize the issues plaguing federated learning today and the potential avenues for a prospective study. Finally, we provide a brief overview of the features of existing federated knowledge and discuss how it is currently being used in the field.

Sameera K. M.,Serena Nicolazzo,Marco Arazzi,Antonino Nocera,Rafidha Rehiman K. A.,Vinod P,Mauro Conti

2024-01-08

Abstract:Federated Learning (FL) has recently arisen as a revolutionary approach to collaborative training Machine Learning models. According to this novel framework, multiple participants train a global model collaboratively, coordinating with a central aggregator without sharing their local data. As FL gains popularity in diverse domains, security, and privacy concerns arise due to the distributed nature of this solution. Therefore, integrating this strategy with Blockchain technology has been consolidated as a preferred choice to ensure the privacy and security of participants.

Cryptography and Security,Artificial Intelligence,Machine Learning

Madallah Alruwaili,Muhammad Hameed Siddiqi,Muhammad Idris,Salman Alruwaili,Abdullah Saleh Alanazi,Faheem Khan

DOI: https://doi.org/10.1111/exsy.13807

IF: 3.3

2024-12-14

Expert Systems

Abstract:The application of machine learning, particularly federated learning, in collaborative model training, has demonstrated significant potential for enhancing diversity and efficiency in outcomes. In the healthcare domain, particularly healthcare with disabilities, the sensitive nature of data presents a significant challenge as sharing even the computation on these data can risk exposing personal health information. This research addresses the problem of enabling shared model training for healthcare data—particularly with disabilities decreasing the risk of leaking or compromising sensitive information. Technologies such as federated learning provide solution for decentralised model training but fall short in addressing concerns related to trust building, accountability and control over participation and data. We propose a framework that integrates federated learning with advanced identity management as well as privacy and trust management technologies. Our framework called Theme (Trusted Healthcare Machine Learning Environment) leverages digital identities (e.g., W3C decentralised identifiers and verified credentials) and policy enforcements to regulate participation. This is to ensure that only authorised and trusted entities can contribute to the model training. Additionally, we introduce the mechanisms to track contributions per participant and offer the flexibility for participants to opt out of model training at any point. Participants can choose to be either contributors (providers) or consumers (model users) or both, and they can also choose to participate in subset of activities. This is particularly important in healthcare settings, where individuals and healthcare institutions have the flexibility to control how their data are used without compromising the benefits. In summary, this research work contributes to privacy preserving shared model training leveraging federated learning without exposing sensitive data; trust and accountability mechanisms; contribution tracking per participant for accountability and back‐tracking; and fine‐grained control and autonomy per participant. By addressing the specific needs of healthcare data for people with disabilities or such institutions, the Theme framework offers a robust solution to balance the benefits of shared machine learning with critical need to protecting sensitive data.

computer science, artificial intelligence, theory & methods

Yipeng Dong,Lei Zhang,Lin Xu

DOI: https://doi.org/10.1007/978-981-97-0834-5_9

2024-01-01

Abstract:Federated learning enables collaborative training of the global model by participants with diverse data sources while preserving data privacy. However, the traditional federated learning architecture faces some challenges, including single-point of server failure and privacy disclosure. To address these challenges, this paper proposes a distributed federated learning scheme based on multi-key homomorphic encryption, which fundamentally solves the problems of server single-point failure and malicious behavior, while effectively protecting the data privacy of participants. The trusted execution environment (TEE) is used to detect the quality of the models and to prevent some malicious participants from executing malicious behavior. Furthermore, an incentive mechanism is designed to encourage participants to actively and honestly perform training tasks. Our scheme satisfies privacy, robustness, and fairness criteria, as demonstrated in our analysis.