UBC Theses and Dissertations
Dancing in the dark : private multi-party machine learning in an untrusted setting Fung, Clement
The problem of machine learning (ML) over distributed data sources arises in a variety of domains. Unfortunately, today's distributed ML systems use an unsophisticated threat model: data sources must trust a central ML process. We propose a brokered learning abstraction that provides data sources with provable privacy guarantees while allowing them to contribute data towards a globally-learned model in an untrusted setting. We realize this abstraction by building on the state of the art in multi-party distributed ML and differential privacy methods to construct TorMentor, a system that is deployed as a hidden service over an anonymous communication protocol. We define a new threat model by characterizing, developing and evaluating new attacks in the brokered learning setting, along with effective defenses for these attacks. We show that TorMentor effectively protects data sources against known ML attacks while providing them with a tunable trade-off between model accuracy and privacy. We evaluate TorMentor with local and geo-distributed deployments on Azure. In an experiment with 200 clients and 14 megabytes of data per client our prototype trained a logistic regression model using stochastic gradient descent in 65 seconds.
Item Citations and Data
Attribution-NonCommercial-NoDerivatives 4.0 International