guarding user privacy with federated learning and
play

Guarding user Privacy with Federated Learning and Differential - PowerPoint PPT Presentation

Jan 18, 2024 •241 likes •956 views

Guarding user Privacy with Federated Learning and Differential Privacy Brendan McMahan mcmahan@google.com DIMACS/Northeast Big Data Hub Workshop on Overcoming Barriers to Data Sharing including Privacy and Fairness 2017.10.24 Our Goal Imbue

  1. Guarding user Privacy with Federated Learning and Differential Privacy Brendan McMahan mcmahan@google.com DIMACS/Northeast Big Data Hub Workshop on Overcoming Barriers to Data Sharing including Privacy and Fairness 2017.10.24

  2. Our Goal Imbue mobile devices with Federated state of the art machine learning Learning systems without centralizing data and with privacy by default.

  3. Our Goal Imbue mobile devices with Federated state of the art machine learning Learning systems without centralizing data and with privacy by default. A very personal computer 2015: 79% away from phone ≤2 hours/day 1 63% away from phone ≤1 hour/day 25% can't remember being away at all 2013: 72% of users within 5 feet of phone most of the time 2 . Plethora of sensors Innumerable digital interactions 1 2015 Always Connected Research Report, IDC and Facebook 2 2013 Mobile Consumer Habits Study, Jumio and Harris Interactive.

  4. Our Goal Imbue mobile devices with Federated state of the art machine learning Learning systems without centralizing data and with privacy by default. Deep Learning non-convex millions of parameters complex structure (eg LSTMs)

  5. Our Goal Imbue mobile devices with Federated state of the art machine learning Learning systems without centralizing data and with privacy by default. Distributed learning problem Horizontally partitioned Nodes: millions to billions Dimensions: thousands to millions Examples: millions to billions

  6. Our Goal Imbue mobile devices with Federated state of the art machine learning Learning systems without centralizing data and with privacy by default. Federated decentralization facilitator

  7. Deep Learning, the short short version 0 0.5 Is it 5? 0.5 0.9 1 1 1 f (input, parameters) = output

  8. Deep Learning, the short short version 0 0.5 Is it 5? 0.5 0.9 1 1 1 f (input, parameters) = output loss (parameters) = 1/n ∑ i difference( f (input i , parameters), desired i )

  9. Deep Learning, the short short version 0 0.5 Is it 5? 0.5 0.9 1 1 1 Adjust these f (input, parameters) = output loss (parameters) = 1/n ∑ i difference( f (input i , parameters), desired i ) to minimize this

  10. Deep Learning, the short short version Stochastic Choose a random subset of training data Gradient Compute the "down" direction on the loss function Descent Take a step in that direction (Rinse & repeat) f (input, parameters) = output loss (parameters) = 1/n ∑ i difference( f (input i , parameters), desired i )

  11. Cloud-centric ML for Mobile

  12. The model lives in the cloud. Current Model Parameters

  13. We train models in the cloud. training data

  14. Mobile Device Current Model Parameters

  15. Make predictions in the cloud. t s e u q e r n o i t c i d e r p

  16. Gather training data in the cloud. t s e u q e r n o i t c i d e r p training data

  17. And make the models better. training data

  18. On-Device Predictions (Inference)

  19. Instead of making predictions in the cloud t s e u q e r n o i t c i d e r p

  20. Distribute the model, make predictions on device.

  21. 1 On-device inference On-Device Inference User Advantages Low latency ● ● Longer battery life Less wireless data transfer ● ● Better offline experience Less data sent to the cloud ● Developer Advantages ● Data is already localized ● New product opportunities World Advantages ● Raise privacy expectations for the industry

  22. 1 On-device training On-Device Inference User Advantages Bringing Low latency ● model training ● Longer battery life onto mobile devices. Less wireless data transfer ● ● Better offline experience Less data sent to the cloud ● (training data stays on device) Developer Advantages ● Data is already localized ● New product opportunities ● Straightforward personalization ● Simple access to rich user context World Advantages ● Raise privacy expectations for the industry

  23. 1 On-device training On-Device Inference User Advantages Bringing Low latency ● model training ● Longer battery life onto mobile devices. Less wireless data transfer ● ● Better offline experience Less data sent to the cloud ● (training data stays on device) 2 Developer Advantages Federated Learning ● Data is already localized ● New product opportunities ● Straightforward personalization ● Simple access to rich user context World Advantages ● Raise privacy expectations for the industry

  24. Federated Learning

  25. Federated Learning Federated Learning is the problem of training a shared global model under the coordination of a central server, from a federation of participating devices which maintain control of their own data. 2 Federated Learning

  26. Federated Learning Mobile Device Local Cloud Training Service Data Provider Current Model Parameters

  27. Federated Learning Mobile Device Many devices will be offline. Local Cloud Training Service Data Provider Current Model Parameters

  28. Federated Learning Mobile Device 1. Server selects Local a sample of e.g. Training 100 online Data devices. Current Model Parameters

  29. Federated Learning Mobile Device 1. Server selects Local a sample of e.g. Training 100 online Data devices. Current Model Parameters

  30. Federated Learning 2. Selected devices download the current model parameters.

  31. Federated Learning 3. Users compute an update using local training data

  32. Federated Learning ∑ 4. Server aggregates users' updates into a new model. Repeat until convergence.

  33. Applications of federating learning What makes a good application? Example applications On-device data is more relevant Language modeling (e.g., next ● ● than server-side proxy data word prediction) for mobile keyboards ● On-device data is privacy sensitive or large Image classification for predicting ● which photos people will share ● Labels can be inferred naturally ● ... from user interaction

  34. … or, why this isn't just Challenges of Federated Learning "standard" distributed optimization Massively Distributed Training data is stored across a very large number of devices Limited Communication Only a handful of rounds of unreliable communication with each devices Unbalanced Data Some devices have few examples, some have orders of magnitude more Highly Non-IID Data Data on each device reflects one individual's usage pattern Unreliable Compute Nodes Devices go offline unexpectedly; expect faults and adversaries Dynamic Data Availability The subset of data available is non-constant, e.g. time-of-day vs. country

  35. The Federated Averaging algorithm Server Until Converged: 1. Select a random subset (e.g. 100) of the (online) clients 2. In parallel, send current parameters θ t to those clients Selected Client k 1. Receive θ t from server. θ' 2. Run some number of minibatch SGD steps, producing θ' θ t 3. Return θ'-θ t to server. H. B. McMahan, et al . 3. θ t+1 = θ t + data-weighted average of client updates Communication-Efficient Learning of Deep Networks from Decentralized Data. AISTATS 2017

  36. Large-scale LSTM for next-word prediction Rounds to reach 10.5% Accuracy FedSGD 820 FedAvg 35 23x decrease in communication rounds Model Details 1.35M parameters 10K word dictionary embeddings ∊ℝ 96 , state ∊ℝ 256 corpus: Reddit posts, by author

  37. CIFAR-10 convolutional model Updates to reach 82% SGD 31,000 FedSGD 6,600 FedAvg 630 49x decrease in communication (updates) vs SGD (IID and balanced data)

  38. Federated Learning & Privacy

  39. Federated Learning ∑ 4. Server aggregates users' updates into a new model. Repeat until convergence.

  40. Might these Federated Learning updates contain privacy-sensitive data? ∑

  41. Might these updates contain privacy-sensitive data?

  42. Might these updates contain privacy-sensitive data? 1. Ephemeral

  43. Might these updates contain privacy-sensitive data? Improve privacy & 1. Ephemeral security by minimizing the 2. Focussed "attack surface"

  44. Might these updates contain privacy-sensitive data? 1. Ephemeral 2. Focussed ∑ 3. Only in aggregate

  45. Wouldn't it be even better if ... ∑ Google aggregates users' updates, but cannot inspect the individual updates.

  46. A novel, practical protocol ∑ Google aggregates users' updates, but cannot inspect K. Bonawitz, et.al. Practical the individual updates. Secure Aggregation for Privacy-Preserving Machine Learning. CCS 2017.

  47. Might the final model memorize a user's data? 1. Ephemeral 2. Focussed ∑ 3. Only in aggregate 4. Differentially private

  48. Differential Privacy ∑

  49. Differential Privacy Differential Privacy (trusted aggregator) ∑ +

  50. Federated Averaging Server Until Converged: 1. Select a random subset (e.g. C=100) of the (online) clients 2. In parallel, send current parameters θ t to those clients Selected Client k 1. Receive θ t from server. θ' 2. Run some number of minibatch SGD steps, producing θ' θ t 3. Return θ'-θ t to server. 3. θ t+1 = θ t + data-weighted average of client updates

Recommend

FedSel: Federated SGD under Local Differential Privacy with Top-k Dimension Selection Ruixuan

FedSel: Federated SGD under Local Differential Privacy with Top-k Dimension Selection Ruixuan

FedSel: Federated SGD under Local Differential Privacy with Top-k Dimension Selection Ruixuan Liu 1 , Yang Cao 2 , Masatoshi Yoshikawa 2 , Hong Chen 1 1 Renmin University of China, 2 Kyoto University DASFAA, 2020 Federated Learning Overview

370 views • 35 slides
Fair Resource Allocation in Federated Learning Tian Li (CMU) , Maziar Sanjabi (Facebook AI), Ahmad

Fair Resource Allocation in Federated Learning Tian Li (CMU) , Maziar Sanjabi (Facebook AI), Ahmad

Fair Resource Allocation in Federated Learning Tian Li (CMU) , Maziar Sanjabi (Facebook AI), Ahmad Beirami (Facebook AI), Virginia Smith (CMU) tianli@cmu.edu 1 Federated Learning 2 2 Federated Learning Privacy-preserving training in

1.19k views • 55 slides
FEEL: A Federated Edge Learning System for Efficient and Privacy-Preserving Mobile Healthcare

FEEL: A Federated Edge Learning System for Efficient and Privacy-Preserving Mobile Healthcare

FEEL: A Federated Edge Learning System for Efficient and Privacy-Preserving Mobile Healthcare Yeting Guo, Zhiping Cai, Nong Xiao: National University of Defense Technology Fang Liu: Sun Yat-Sen University Li Chen: University of Louisiana at

247 views • 20 slides
BIT Maintaining Training Efficiency and Accuracy for Edge-assisted Online Federated

BIT Maintaining Training Efficiency and Accuracy for Edge-assisted Online Federated

BIT Maintaining Training Efficiency and Accuracy for Edge-assisted Online Federated Learning with ABS Jiayu Wang, Zehua Guo, Sen Liu, Yuanqing Xia Beijing Institute Of Technology, Fudan University 1 Federated Learning User devices

612 views • 12 slides
Federated Learning Min Du Postdoc, UC Berkeley Outline q Preliminary: deep learning and SGD q

Federated Learning Min Du Postdoc, UC Berkeley Outline q Preliminary: deep learning and SGD q

Federated Learning Min Du Postdoc, UC Berkeley Outline q Preliminary: deep learning and SGD q Federated learning: FedSGD and FedAvg q Related research in federated learning q Open problems Outline q Preliminary: deep learning and SGD q Federated

616 views • 50 slides
Analyzing Federated Learning through an Adversarial Lens Arjun Nitin Bhagoji 1 , Supriyo

Analyzing Federated Learning through an Adversarial Lens Arjun Nitin Bhagoji 1 , Supriyo

Analyzing Federated Learning through an Adversarial Lens Arjun Nitin Bhagoji 1 , Supriyo Chakraborty 2 , Prateek Mittal 1 and Seraphin Calo 2 1 Princeton University 2 IBM Research ICML 2019 Federated learning (with a malicious agent) Federated

1.46k views • 59 slides
Federated Machine Learning via Over-the-Air Computation Yuanming Shi ShanghaiTech University 1

Federated Machine Learning via Over-the-Air Computation Yuanming Shi ShanghaiTech University 1

Federated Machine Learning via Over-the-Air Computation Yuanming Shi ShanghaiTech University 1 Outline Motivations Big data, IoT,AI Three vignettes: Federated machine learning Federated model aggregation Over-the-air

1.02k views • 56 slides
Privacy-Preserving Statistical Data Analysis on Federated Databases Dan Bogdanov Liina Kamm

Privacy-Preserving Statistical Data Analysis on Federated Databases Dan Bogdanov Liina Kamm

Privacy-Preserving Statistical Data Analysis on Federated Databases Dan Bogdanov Liina Kamm Sven Laur Pille Pruulmann-Vengerfeldt Riivo Talviste Jan Willemson Annual Privacy Forum Athens, Greece May 20, 2014 UaESMC Problem Statement

429 views • 17 slides
Comprehensive Privacy Analysis of Deep Learning: Passive and Active White-box Inference

Comprehensive Privacy Analysis of Deep Learning: Passive and Active White-box Inference

Comprehensive Privacy Analysis of Deep Learning: Passive and Active White-box Inference Attacks against Centralized and Federated Learning Milad Nasr 1 , Reza Shokri 2 , Amir Houmansadr 1 1 University of Massachusetts Amherst, 2 National

568 views • 29 slides
K Anonymity Dagstuhl Workshop Federated Semantic 8 Data Management, June 2017 4 27.06.2017

K Anonymity Dagstuhl Workshop Federated Semantic 8 Data Management, June 2017 4 27.06.2017

27.06.2017 Schutz der Privatsphre (WS15/16) Introduction to Privacy (Part 1) You have zero privacy. Get over it. Scott McNealy, 1999 Privacy, k anonymity, and differential privacy Johann Christoph Freytag Humboldt-Universitt zu

457 views • 11 slides
Differentially-Private Federated Linear Bandits Introduction Federated Learning Contextual

Differentially-Private Federated Linear Bandits Introduction Federated Learning Contextual

Differentially- Private Federated Linear Bandits Dubey and Pentland June 2020 Differentially-Private Federated Linear Bandits Introduction Federated Learning Contextual Bandits Summary Background Abhimanyu Dubey and Alex Pentland

437 views • 20 slides
Privacy as a Service Raymond Cheng Build practical cloud services that protect user privacy from

Privacy as a Service Raymond Cheng Build practical cloud services that protect user privacy from

Privacy as a Service Raymond Cheng Build practical cloud services that protect user privacy from powerful threats 2 3 Powerful Threats to User Privacy Organized Crime Nation-State Actors 4 Powerful Threats to User Privacy Gather

1.56k views • 104 slides
SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY

SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY

SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY Christian Kaestner with slides from Eunsuk Kang Required reading: Hulten, Geoff. "Building Intelligent Systems: A Guide to Machine Learning

1.95k views • 113 slides
Altitude Terrain Guarding and Guarding Uni-Monotone Polygons Stephan Friedrichs Valentin

Altitude Terrain Guarding and Guarding Uni-Monotone Polygons Stephan Friedrichs Valentin

Altitude Terrain Guarding and Guarding Uni-Monotone Polygons Stephan Friedrichs Valentin Polishchuk Christiane Schmidt image source:

1.66k views • 112 slides
Agnostic federated learning Mehryar Mohri 1 , 2 , Gary Sivek 1 , Ananda Theertha Suresh 1 1 Google

Agnostic federated learning Mehryar Mohri 1 , 2 , Gary Sivek 1 , Ananda Theertha Suresh 1 1 Google

Agnostic federated learning Mehryar Mohri 1 , 2 , Gary Sivek 1 , Ananda Theertha Suresh 1 1 Google Research, 2 Courant Institute June 11, 2019 1/8 Federated learning scenario [McMahan et al., 17] centralized model client A client

418 views • 8 slides
User privacy Vicen c Torra February, 2018 SAIL + PICS, School of Informatics, University of

User privacy Vicen c Torra February, 2018 SAIL + PICS, School of Informatics, University of

User privacy Vicen c Torra February, 2018 SAIL + PICS, School of Informatics, University of Sk ovde, Sweden Outline Outline 1. User privacy 1 / 25 Outline User privacy 2 / 25 DP > Dimensions Outline Data Privacy Classification

836 views • 37 slides
Optimizing Federated Learning on Non-IID Data with Reinforcement Learning Hao Wang *, Zakhary

Optimizing Federated Learning on Non-IID Data with Reinforcement Learning Hao Wang *, Zakhary

INFOCOM20 Optimizing Federated Learning on Non-IID Data with Reinforcement Learning Hao Wang *, Zakhary Kaplan*, Di Niu^, Baochun Li* *University of Toronto, ^University of Alberta < < > > Alexa Siri 2 Machine

541 views • 53 slides
Federated Zero-Shot Learning: A Proposal Francesco Odierna CS PhD student @ University of Pisa

Federated Zero-Shot Learning: A Proposal Francesco Odierna CS PhD student @ University of Pisa

Federated Zero-Shot Learning: A Proposal Francesco Odierna CS PhD student @ University of Pisa francesco.odierna@phd.unipi.it 1 Outline Introduction Federated Learning Zero-Shot Learning The Proposal Motivation Road

349 views • 19 slides
Computational Geometry Triangulations and Guarding Art Galleries Michael T. Goodrich with

Computational Geometry Triangulations and Guarding Art Galleries Michael T. Goodrich with

Computational Geometry Triangulations and Guarding Art Galleries Michael T. Goodrich with slides by Carola Wenk, Tulane Univ., and Subhash Suri, UCSB 1 Guarding an Art Gallery Problem: Given the floor plan of an art gallery, place (a

963 views • 31 slides
Privacy user interfaces for eye-tracking Sren Preibusch 20 November 2014 @ W3C Workshop on

Privacy user interfaces for eye-tracking Sren Preibusch 20 November 2014 @ W3C Workshop on

Privacy user interfaces for eye-tracking Sren Preibusch 20 November 2014 @ W3C Workshop on Privacy and User-Centric Controls How eye-tracking works Tobii Time-stamped gaze data plus semantics www.evocinsights.com Opportunities and

350 views • 9 slides
Should Go Hand in Hand with Privacy-Consequence Information: The Case of Smartphone Apps W3C

Should Go Hand in Hand with Privacy-Consequence Information: The Case of Smartphone Apps W3C

User Control Mechanisms for Privacy Protection Should Go Hand in Hand with Privacy-Consequence Information: The Case of Smartphone Apps W3C Workshop on Privacy and User Centric Controls 20 21 November 2014, Berlin, Germany Dipl.-Inf.

829 views • 15 slides
Privacy in Machine Learning Fatemehsadat Mireshghallah ICLR2020 Privacy: A Major Concern for

Privacy in Machine Learning Fatemehsadat Mireshghallah ICLR2020 Privacy: A Major Concern for

Privacy in Machine Learning Fatemehsadat Mireshghallah ICLR2020 Privacy: A Major Concern for Machine Learning Graphics Adopted from The New York Times Privacy Project 2 Famous incidents - Anonymization - A Face Is Exposed for AOL

1.03k views • 7 slides
Federated User Credential Deployment Portal (FEUDAL) Lukas Burgey | August 29, 2018 STEINBUCH

Federated User Credential Deployment Portal (FEUDAL) Lukas Burgey | August 29, 2018 STEINBUCH

Federated User Credential Deployment Portal (FEUDAL) Lukas Burgey | August 29, 2018 STEINBUCH CENTRE FOR COMPUTING www.kit.edu KIT University of the State of Baden-Wuerttemberg and National Research Centre of the Helmholtz Association

519 views • 22 slides
MOCHA: Federated Multi-Task Learning NIPS 17 Virginia Smith Stanford / CMU Chao-Kai

MOCHA: Federated Multi-Task Learning NIPS 17 Virginia Smith Stanford / CMU Chao-Kai

MOCHA: Federated Multi-Task Learning NIPS 17 Virginia Smith Stanford / CMU Chao-Kai Chiang USC Maziar Sanjabi USC Ameet Talwalkar CMU MACHINE LEARNING WORKFLOW data & problem machine learning model n optimization

1.71k views • 35 slides

More recommend