UBC Theses and Dissertations

UBC Theses Logo

UBC Theses and Dissertations

Dancing in the dark : private multi-party machine learning in an untrusted setting Fung, Clement

Abstract

The problem of machine learning (ML) over distributed data sources arises in a variety of domains. Unfortunately, today's distributed ML systems use an unsophisticated threat model: data sources must trust a central ML process. We propose a brokered learning abstraction that provides data sources with provable privacy guarantees while allowing them to contribute data towards a globally-learned model in an untrusted setting. We realize this abstraction by building on the state of the art in multi-party distributed ML and differential privacy methods to construct TorMentor, a system that is deployed as a hidden service over an anonymous communication protocol. We define a new threat model by characterizing, developing and evaluating new attacks in the brokered learning setting, along with effective defenses for these attacks. We show that TorMentor effectively protects data sources against known ML attacks while providing them with a tunable trade-off between model accuracy and privacy. We evaluate TorMentor with local and geo-distributed deployments on Azure. In an experiment with 200 clients and 14 megabytes of data per client our prototype trained a logistic regression model using stochastic gradient descent in 65 seconds.

Item Media

Item Citations and Data

Rights

Attribution-NonCommercial-NoDerivatives 4.0 International