Skellam mixture mechanism-Reference-Cited by-同舟云学术

Skellam mixture mechanism

Published:2022-07 Issue:11 Volume:15 Page:2348-2360
ISSN:2150-8097
Container-title:Proceedings of the VLDB Endowment
language:en
Short-container-title:Proc. VLDB Endow.

Author:

Bao Ergute¹,Zhu Yizheng¹,Xiao Xiaokui¹,Yang Yin²,Ooi Beng Chin¹,Tan Benjamin Hong Meng³,Aung Khin Mi Mi³

Affiliation:

1. National University of Singapore

2. Hamad Bin Khalifa University

3. A*STAR, Singapore

Abstract

Deep neural networks have strong capabilities of memorizing the underlying training data, which can be a serious privacy concern. An effective solution to this problem is to train models with differential privacy ( DP ), which provides rigorous privacy guarantees by injecting random noise to the gradients. This paper focuses on the scenario where sensitive data are distributed among multiple participants, who jointly train a model through federated learning , using both secure multiparty computation ( MPC ) to ensure the confidentiality of each gradient update, and differential privacy to avoid data leakage in the resulting model. A major challenge in this setting is that common mechanisms for enforcing DP in deep learning, which inject real-valued noise , are fundamentally incompatible with MPC, which exchanges finite-field integers among the participants. Consequently, most existing DP mechanisms require rather high noise levels, leading to poor model utility. Motivated by this, we propose Skellam mixture mechanism (SMM), a novel approach to enforcing DP on models built via federated learning. Compared to existing methods, SMM eliminates the assumption that the input gradients must be integer-valued, and, thus, reduces the amount of noise injected to preserve DP. The theoretical analysis of SMM is highly non-trivial, especially considering (i) the complicated math of DP deep learning in general and (ii) the fact that the mixture of two Skellam distributions is rather complex. Extensive experiments on various practical settings demonstrate that SMM consistently and significantly outperforms existing solutions in terms of the utility of the resulting model.

Publisher

Association for Computing Machinery (ACM)

Subject

General Earth and Planetary Sciences,Water Science and Technology,Geography, Planning and Development

Link

https://dl.acm.org/doi/pdf/10.14778/3551793.3551798

Reference53 articles.

1. Martín Abadi Paul Barham Jianmin Chen Zhifeng Chen Andy Davis Jeffrey Dean Matthieu Devin Sanjay Ghemawat Geoffrey Irving Michael Isard Manjunath Kudlur Josh Levenberg Rajat Monga Sherry Moore Derek G. Murray Benoit Steiner Paul Tucker Vijay Vasudevan Pete Warden Martin Wicke Yuan Yu and Xiaoqiang Zheng. 2016. TensorFlow: A System for Large-Scale Machine Learning. In OSDI. 265--283. Martín Abadi Paul Barham Jianmin Chen Zhifeng Chen Andy Davis Jeffrey Dean Matthieu Devin Sanjay Ghemawat Geoffrey Irving Michael Isard Manjunath Kudlur Josh Levenberg Rajat Monga Sherry Moore Derek G. Murray Benoit Steiner Paul Tucker Vijay Vasudevan Pete Warden Martin Wicke Yuan Yu and Xiaoqiang Zheng. 2016. TensorFlow: A System for Large-Scale Machine Learning. In OSDI. 265--283.

2. Martín Abadi Andy Chu Ian J. Goodfellow H. Brendan McMahan Ilya Mironov Kunal Talwar and Li Zhang. 2016. Deep Learning with Differential Privacy. In CCS. 308--318. Martín Abadi Andy Chu Ian J. Goodfellow H. Brendan McMahan Ilya Mironov Kunal Talwar and Li Zhang. 2016. Deep Learning with Differential Privacy. In CCS. 308--318.

3. Naman Agarwal Peter Kairouz and Ziyu Liu. 2021. The Skellam Mechanism for Differentially Private Federated Learning. In NeurIPS. 5052--5064. Naman Agarwal Peter Kairouz and Ziyu Liu. 2021. The Skellam Mechanism for Differentially Private Federated Learning. In NeurIPS. 5052--5064.

4. Naman Agarwal , Ananda Theertha Suresh , Felix Yu, Sanjiv Kumar, and H. Brendan McMahan. 2018 . CpSGD: Communication- Efficient and Differentially-Private Distributed SGD. In NeurIPS. 7575--7586. Naman Agarwal, Ananda Theertha Suresh, Felix Yu, Sanjiv Kumar, and H. Brendan McMahan. 2018. CpSGD: Communication-Efficient and Differentially-Private Distributed SGD. In NeurIPS. 7575--7586.

5. Prabhanjan Ananth , Arka Rai Choudhuri , Aarushi Goel, and Abhishek Jain. 2018 . Round-Optimal Secure Multiparty Computation with Honest Majority. In CRYPTO. 395--424. Prabhanjan Ananth, Arka Rai Choudhuri, Aarushi Goel, and Abhishek Jain. 2018. Round-Optimal Secure Multiparty Computation with Honest Majority. In CRYPTO. 395--424.

Cited by 6 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. DProvDB: Differentially Private Query Processing with Multi-Analyst Provenance;Proceedings of the ACM on Management of Data;2023-12-08

2. FedCSS: Joint Client-and-Sample Selection for Hard Sample-Aware Noise-Robust Federated Learning;Proceedings of the ACM on Management of Data;2023-11-13

3. Trusted AI in Multiagent Systems: An Overview of Privacy and Security for Distributed Learning;Proceedings of the IEEE;2023-09

4. ShapleyFL: Robust Federated Learning Based on Shapley Value;Proceedings of the 29th ACM SIGKDD Conference on Knowledge Discovery and Data Mining;2023-08-04

5. Incentive-Aware Decentralized Data Collaboration;Proceedings of the ACM on Management of Data;2023-06-13