- Library Home /
- Search Collections /
- Open Collections /
- Browse Collections /
- UBC Theses and Dissertations /
- Dancing in the dark : private multi-party machine learning...
Open Collections
UBC Theses and Dissertations
UBC Theses and Dissertations
Dancing in the dark : private multi-party machine learning in an untrusted setting Fung, Clement
Abstract
The problem of machine learning (ML) over distributed data sources arises in a variety of domains. Unfortunately, today's distributed ML systems use an unsophisticated threat model: data sources must trust a central ML process. We propose a brokered learning abstraction that provides data sources with provable privacy guarantees while allowing them to contribute data towards a globally-learned model in an untrusted setting. We realize this abstraction by building on the state of the art in multi-party distributed ML and differential privacy methods to construct TorMentor, a system that is deployed as a hidden service over an anonymous communication protocol. We define a new threat model by characterizing, developing and evaluating new attacks in the brokered learning setting, along with effective defenses for these attacks. We show that TorMentor effectively protects data sources against known ML attacks while providing them with a tunable trade-off between model accuracy and privacy. We evaluate TorMentor with local and geo-distributed deployments on Azure. In an experiment with 200 clients and 14 megabytes of data per client our prototype trained a logistic regression model using stochastic gradient descent in 65 seconds.
Item Metadata
Title |
Dancing in the dark : private multi-party machine learning in an untrusted setting
|
Creator | |
Publisher |
University of British Columbia
|
Date Issued |
2018
|
Description |
The problem of machine learning (ML) over distributed data sources
arises in a variety of domains. Unfortunately, today's distributed ML
systems use an unsophisticated threat model: data sources must trust a
central ML process.
We propose a brokered learning abstraction that provides data
sources with provable privacy guarantees while allowing them to
contribute data towards a globally-learned model in an untrusted
setting. We realize this abstraction by building on the state of the
art in multi-party distributed ML and differential privacy methods to
construct TorMentor, a system that is deployed as a hidden
service over an anonymous communication protocol.
We define a new threat model by characterizing, developing and
evaluating new attacks in the brokered learning setting, along with
effective defenses for these attacks. We show that TorMentor
effectively protects data sources against known ML attacks while
providing them with a tunable trade-off between model accuracy and
privacy.
We evaluate TorMentor with local and geo-distributed deployments on
Azure. In an experiment with 200 clients and 14 megabytes of data per
client our prototype trained a logistic regression model using
stochastic gradient descent in 65 seconds.
|
Genre | |
Type | |
Language |
eng
|
Date Available |
2018-10-18
|
Provider |
Vancouver : University of British Columbia Library
|
Rights |
Attribution-NonCommercial-NoDerivatives 4.0 International
|
DOI |
10.14288/1.0372888
|
URI | |
Degree | |
Program | |
Affiliation | |
Degree Grantor |
University of British Columbia
|
Graduation Date |
2018-11
|
Campus | |
Scholarly Level |
Graduate
|
Rights URI | |
Aggregated Source Repository |
DSpace
|
Item Media
Item Citations and Data
Rights
Attribution-NonCommercial-NoDerivatives 4.0 International