brokered agreements in in mult lti party machine learnin
play

Brokered Agreements in in Mult lti-Party Machine Learnin ing - PowerPoint PPT Presentation

Oct 01, 2023 •241 likes •663 views

Brokered Agreements in in Mult lti-Party Machine Learnin ing 10th ACM SIGOPS Asia-Pacific Workshop on Systems (APSys 2019) Clement Fung, Ivan Beschastnikh University of British Columbia 1 The emerging ML economy With the explosion of

  1. Brokered Agreements in in Mult lti-Party Machine Learnin ing 10th ACM SIGOPS Asia-Pacific Workshop on Systems (APSys 2019) Clement Fung, Ivan Beschastnikh University of British Columbia 1

  2. The emerging ML economy With the explosion of machine learning (ML), data is the new currency! ● Good quality data is vital to the health of ML ecosystems ○ Improve models with more data from more sources! ● 2

  3. Actors in in th the ML economy Data providers: ● Owners of potentially private datasets ○ Contribute data to the ML process ○ Model owners: ● Define model task and goals ○ Deploy and profit from trained model ○ Infrastructure providers: ● Host training process and model ○ Expose APIs for training and prediction ○ 3

  4. Actors in today’s ML economy Data providers supply data for model owners ● Model owners: ● Manage infrastructure to host computation ○ Provide privacy and security for data providers ○ Use the model for profit once training is complete ○ Information Transfer 4

  5. In In-House priv ivacy solu lutio ions [1] Wired 2016. [2] Apple. “ Learning with Privacy at Scale” Apple Machine Learning Journal V1.8 2017. 5 [3] Wired 2017.

  6. In In-House priv ivacy solu lutio ions [1] Wired 2016. [2] Apple. “ Learning with Privacy at Scale” Apple Machine Learning Journal V1.8 2017. 6 [3] Wired 2017.

  7. In Incentive tr trade-off in in th the ML economy Not only correctness, but there is an issue with incentives: ● Data providers want to keep their data as private as possible ○ Model owners want to extract as much value from the data as possible ○ Service providers lack incent ntives to o pr provid ide fair irness [1] ● Need solutions that can work without cooperation from the system ○ provider and are deployed from outside the system itself [1] Overdorf et al. “ Questioning the assumptions behind fairness solutions. ” NeurIPS 2018. 7

  8. In Incentive tr trade-off in in th the ML economy Not only correctness, but there is an issue with incentives: ● Data providers want to keep their data as private as possible ○ Model owners want to extract as much value from the data as possible ○ Service providers lack incent ntives to o pr provid ide fair irness [1] ● We cannot trust model owners to control the ML Need solutions that can work without cooperation from the system ○ incentive tradeoff! provider and are deployed from outside the system itself [1] Overdorf et al. “ Questioning the assumptions behind fairness solutions. ” NeurIPS 2018. 8

  9. Incentives in today’s ML economy Data providers supply data for model owners ● Model owners: ● Manage infrastructure to host computation ○ Provide privacy and security for data providers ○ Use the model for profit once training is complete ○ Information Transfer 9

  10. Incentives in today’s ML economy Data providers supply data for model owners ● Model owners have incentive to: ● Manage infrastructure to host computation ○ Provide privacy and security for data providers ○ Use the model for profit once training is complete ○ Information Transfer 10

  11. Our contrib ibution: Brokered le learning Introduce a broker as a neutral infrastructure provider: ● Manage infrastructure to host ML computation ○ Provide privacy and security for or da data ta pro provid iders and nd mod odel l ow owners ○ Information Transfer Brokered Information Transfer Agreement Broker 11

  12. Federated le learning A recent push for privacy-preserving multi-party ML [1]: ● Send model updates over network ○ Aggregate updates across multiple clients ○ Client-side differential privacy [2] ○ Better speed, no data transfer ○ Model M State of the art in multi-party ML ○ Brokered learning builds on ○ 𝚬 M 𝚬 M 𝚬 M federated learning [1] McMahan et al. “ Communication-Efficient Learning of Deep Networks from Decentralized Data ” AISTATS 2017. 12 [2] Geyer et al. “ Differentially Private Federated Learning: A Client Level Perspective ” NIPS 2017.

  13. Data providers are not to to be tr trusted Giving data providers unmonitored control over compute: ● Providers can maximize privacy, giv give zer zero util ilit ity or or at atta tack syst system ○ Providers can attack ML model, compromising integrity [1] ○ Providers can attack other providers, compromising privacy [2] ○ [1] Bagdasaryan et al. “ How To Backdoor Federated Learning ” arXiv 2018. 13 [2] Hitaj et al. “ Deep Models Under the GAN: Information Leakage from Collaborative Deep Learning ” CCS 2017.

  14. Data providers are not to to be tr trusted Giving data providers unmonitored control over compute: ● Providers can maximize privacy, giv give zer zero util ilit ity or or at atta tack syst system ○ Providers can attack ML model, compromising integrity [1] ○ Providers can attack other providers, compromising privacy [2] ○ We also cannot trust data providers to control the ML incentive tradeoff! [1] Bagdasaryan et al. “ How To Backdoor Federated Learning ” arXiv 2018. 14 [2] Hitaj et al. “ Deep Models Under the GAN: Information Leakage from Collaborative Deep Learning ” CCS 2017.

  15. Putting it it all ll to together The state of the art in multi-party ML ● Gives too much control to model owners ○ Not No t priv privacy focused and nd vuln vulnerable ○ State of the art in private multi-party ML (federated learning) ● Require trust in model owners or data providers ○ But ut the here is s no no inc ncenti tive for or eit ither to o do do so so ○ Data marketplaces (blockchains) [1] ● Security and system overkill ○ Much too oo slo slow for or mod odern use se cas cases ○ [1] Hynes et al. “ A Demonstration of Sterling: A Privacy-Preserving Data Marketplace ” VLDB 2018. 15

  16. Putting it it all ll to together More Centralized Less Centralized Less Private/Secure More Private/Secure 16

  17. Putting it it all ll to together Centralized Parameter Server More Centralized Less Centralized Less Private/Secure More Private/Secure 17

  18. Putting it it all ll to together Centralized Federated Parameter Server Learning More Centralized Less Centralized Less Private/Secure More Private/Secure 18

  19. Putting it it all ll to together Centralized Federated Blockchain-based Parameter Server Learning Multi-party ML More Centralized Less Centralized Less Private/Secure More Private/Secure 19

  20. Putting it it all ll to together Centralized Federated Brokered Blockchain-based Parameter Server Learning Learning Multi-party ML More Centralized Less Centralized Less Private/Secure More Private/Secure 20

  21. Our contrib ibutions Current multi-party ML systems use unsophisticated threat/incentive model: ● Trust the model owner ○ New brokered learning setting for privacy-preserving ML ● New defences against known ML attacks for this setting ● TorMentor: A brokered learning example of an anonymous ML system ● Bro rokered Le Learnin ing : A new standard for incentives in secure ML 21

  22. Brokered Learning 22

  23. Brokered agreements in in th the ML economy Federated learning: Brokered learning ● ● Communicate with model owner Communicate with neutral broker ○ ○ Trust that model owner is not malicious Broker executes model owner’s ○ ○ Model owners have full control over validation services ○ model and process De Decouple mod odel ow owners and and ○ inf nfrastr tructure 23

  24. Brokered le learning components Deployment verifier ● Interface for model owners (“curators”) ○ Provider verifier ● Interface for data providers ○ Aggregator ● Host ML deployments ○ Collect and aggregate model updates ○ Same as federated learning ○ 24

  25. Deplo loyment verifier API Serves as model owner interface ● curate() : Launch curator deployment ○ Set provider verifier parameters ■ fetch() : Access to model once trained ○ Protects the ML model from abuse from ● curator during training E.g. Blockchain smart contracts [1] ● [1] Szabo, Nick. “ Formalizing and Securing Relationships on Public Networks ” 1997. 25

  26. Provider verifier API Serves as data provider interface ● Defined by curator ○ join() : Verify identity and allow provider join ○ update() : Verify and allow model update ○ Protect model from malicious data providers ● E.g. Access tokens and statistical tests ● 26

  27. Brokered le learning workflow Curator: Create deployment ● Define model and provide deployment ○ parameters Define verification services ○ 27

  28. Brokered le learning workflow Curator: Create deployment ● Define model and provide deployment ○ parameters Define verification services ○ Data providers: Join model ● Define personal privacy preferences (ε) ○ Pass verification on join ○ Admission Parameters 28

  29. Brokered le learning workflow Curator: Create deployment ● Define model and provide deployment ○ parameters Define verification services ○ Data providers: Join model and train ● Define personal privacy preferences (ε) ○ Pass verification on join ○ Iterative model updates ○ Pass verification on model update ○ 29

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Brokered Agreements in Multi-Party Machine Learning 10th ACM SIGOPS Asia-Pacific Workshop on

Brokered Agreements in Multi-Party Machine Learning 10th ACM SIGOPS Asia-Pacific Workshop on

Brokered Agreements in Multi-Party Machine Learning 10th ACM SIGOPS Asia-Pacific Workshop on Systems (APSys 2019) Clement Fung, Ivan Beschastnikh University of British Columbia 1 The emerging ML economy With the explosion of machine

596 views • 42 slides
Characterizing Ext xtragalactic Pre-Main- Sequence Stars wit ith Machine and Deep Learnin ing

Characterizing Ext xtragalactic Pre-Main- Sequence Stars wit ith Machine and Deep Learnin ing

Characterizing Ext xtragalactic Pre-Main- Sequence Stars wit ith Machine and Deep Learnin ing Techniques Victor Francisco Ksoll Understanding the Nearby Star-forming Universe with JWST 27.08.2019 Star Forming Regions in the Large Magellanic

333 views • 18 slides
resolution over SLA issues between these parties be identified as unresolvable by either party

resolution over SLA issues between these parties be identified as unresolvable by either party

4. Performance Specifications 4.1 Goals and intentions of Service Level Agreements and Public Service Monitoring Goals of Service Level Agreements: Service Level Agreements are set between ICANN and Registry Operators to ensure predictable

247 views • 12 slides
Supreme Leader Pulkit Party!!!!!! Party!!!!!! Just us Party!!!!!! What we have done

Supreme Leader Pulkit Party!!!!!! Party!!!!!! Just us Party!!!!!! What we have done

Supreme Leader Pulkit Party!!!!!! Party!!!!!! Just us Party!!!!!! What we have done Party!!!!!! Party!!!!!! Curling Orientation Party!!!!!! Party!!!!!! Party!!!!!! National day parade Airport picking-uping Party!!!!!!

1.18k views • 69 slides
Clock lock Tree ee Res esynt nthes hesis is for or Mult ulti-cor i-corner ner Mult

Clock lock Tree ee Res esynt nthes hesis is for or Mult ulti-cor i-corner ner Mult

Clock lock Tree ee Res esynt nthes hesis is for or Mult ulti-cor i-corner ner Mult ulti-mode i-mode Timing iming Clos losur ure Subhendu Roy 1 , Pavlos M. Mattheakis 2 , Laurent Masse-Navette 2 and David Z. Pan 1 1 ECE Department,

492 views • 48 slides
How Risks are Brokered and Underwritten Presentation Outline Timelines, information flows

How Risks are Brokered and Underwritten Presentation Outline Timelines, information flows

Proudly Presents How Risks are Brokered and Underwritten Presentation Outline Timelines, information flows and steps in the renewal process Roles and responsibilities of Risk Manager, Broker and Underwriter, including: What

595 views • 43 slides
DELEGATEE: BROKERED DELEGATION USING TRUSTED EXECUTION ENVIRONMENTS Sinisa Matetic, Moritz

DELEGATEE: BROKERED DELEGATION USING TRUSTED EXECUTION ENVIRONMENTS Sinisa Matetic, Moritz

DELEGATEE: BROKERED DELEGATION USING TRUSTED EXECUTION ENVIRONMENTS Sinisa Matetic, Moritz Schneider, Andrew Miller, Ari Juels, Srdjan Capkun OVERVIEW 1. Introduction 2. Motivations and Problem Statement 3. DelagaTEE 4. Security Analysis 5.

946 views • 46 slides
DELEGA TE TEE : Brokered Delegation DELE Using Trusted Execution Environments Sinisa Matetic and

DELEGA TE TEE : Brokered Delegation DELE Using Trusted Execution Environments Sinisa Matetic and

DELEGA TE TEE : Brokered Delegation DELE Using Trusted Execution Environments Sinisa Matetic and Moritz Schneider, ETH Zurich ; Andrew Miller, UIUC ; Ari Juels, Cornell Tech ; Srdjan Capkun, ETH Zurich CSC 6991 Presented by: Shikha Sikligar

596 views • 18 slides
Bank Brokered Deposits: New FDIC Guidance on Identifying, Accepting and Reporting Deposits

Bank Brokered Deposits: New FDIC Guidance on Identifying, Accepting and Reporting Deposits

Presenting a live 90-minute webinar with interactive Q&A Bank Brokered Deposits: New FDIC Guidance on Identifying, Accepting and Reporting Deposits Meeting FDIC Expectations and Reporting Requirements in an Era of Heightened Scrutiny

766 views • 37 slides
Brokered CDs and CD Ladders February 6, 2018 Patrick Deignan SVP, Fidelity Capital Markets

Brokered CDs and CD Ladders February 6, 2018 Patrick Deignan SVP, Fidelity Capital Markets

FIXED INCOME WEBINAR Brokered CDs and CD Ladders February 6, 2018 Patrick Deignan SVP, Fidelity Capital Markets Richard Carter VP, Fixed Income Products Fidelity Brokerage Services LLC, Member NYSE, SIPC 900 Salem Street, Smithfield, RI 02917

431 views • 24 slides
Construction Insurance Claims: Consent Judgments and Coblentz Settlement Agreements Navigating

Construction Insurance Claims: Consent Judgments and Coblentz Settlement Agreements Navigating

Presenting a live 90-minute webinar with interactive Q&A Construction Insurance Claims: Consent Judgments and Coblentz Settlement Agreements Navigating the Contours of Permissible Insured/Third Party Claimant Settlements vs. Unreasonable

347 views • 33 slides
Normal Basis is Usin ing Novel Concurrent Seria ial Squarin ing and Mult ltipli lication

Normal Basis is Usin ing Novel Concurrent Seria ial Squarin ing and Mult ltipli lication

A New Mult ltipli licative In Inverse Archit itecture in in Normal Basis is Usin ing Novel Concurrent Seria ial Squarin ing and Mult ltipli lication Amin Monfared, Hayssam El-Razouk and Arash Reyhani-Masoleh Presented by: Arash

371 views • 18 slides
Bilateral and Regional Trade Agreements 1 2 Bilateral & Regional Trade Agreements 3

Bilateral and Regional Trade Agreements 1 2 Bilateral & Regional Trade Agreements 3

Arab Republic of Egypt Ministry of Trade and Industry Trade Agreements Sector Bilateral and Regional Trade Agreements 1 2 Bilateral & Regional Trade Agreements 3 Bilateral & Regional Trade Agreements: into force agreement Free

634 views • 50 slides
Renewable Energy February 2013 Party concerned Identified problem Renewable Renewable generators

Renewable Energy February 2013 Party concerned Identified problem Renewable Renewable generators

Demand-Led Renewable Energy February 2013 Party concerned Identified problem Renewable Renewable generators lack access to Generator long-term supply contracts with third Power Purchase parties (usually supplier but can be Agreements

195 views • 8 slides
Mult ltipha hase F Flo low M Models ls i in S n STAR-C -CCM+ Simo mon L n Lo Eule

Mult ltipha hase F Flo low M Models ls i in S n STAR-C -CCM+ Simo mon L n Lo Eule

Mult ltipha hase F Flo low M Models ls i in S n STAR-C -CCM+ Simo mon L n Lo Eule lerian M Mult ltipha hase F Flo low M Models ls i in S n STAR-C -CCM+ Gr Granu nula lar f flo low Mixing of multiple particle

498 views • 18 slides
Mult ltipha hase F Flo low M Models ls i in S n STAR-C -CCM+ Simo mon L n Lo Eule

Mult ltipha hase F Flo low M Models ls i in S n STAR-C -CCM+ Simo mon L n Lo Eule

Mult ltipha hase F Flo low M Models ls i in S n STAR-C -CCM+ Simo mon L n Lo Eule lerian M Mult ltipha hase F Flo low M Models ls i in S n STAR-C -CCM+ Gr Granu nula lar f flo low Mixing of multiple particle

408 views • 23 slides
The DReW System for Nonmonotonic DL-Programs Guohui Xiao 1 Thomas Eiter 1 Stijn Heymans 2 1

The DReW System for Nonmonotonic DL-Programs Guohui Xiao 1 Thomas Eiter 1 Stijn Heymans 2 1

The DReW System for Nonmonotonic DL-Programs Guohui Xiao 1 Thomas Eiter 1 Stijn Heymans 2 1 Institute of Information Systems Vienna University of Technology, Austria 2 Artificial Intelligence Center, SRI International, United States CSWS 2012

405 views • 26 slides
F airness-Aware Hybrid Precoding for mmWave NOMA Unicast/Multicast Transmissions in Industrial IoT

F airness-Aware Hybrid Precoding for mmWave NOMA Unicast/Multicast Transmissions in Industrial IoT

F airness-Aware Hybrid Precoding for mmWave NOMA Unicast/Multicast Transmissions in Industrial IoT Luis F. Abanto-Leon Co-author: Gek Hong (Allyson) Sim Department of Computer Science Technical University of Darmstadt IEEE International

963 views • 30 slides
Computers that can Negotiate ERCIM Cor Baayen Award Tim Baarslag Researcher in Centrum Wiskunde

Computers that can Negotiate ERCIM Cor Baayen Award Tim Baarslag Researcher in Centrum Wiskunde

Computers that can Negotiate ERCIM Cor Baayen Award Tim Baarslag Researcher in Centrum Wiskunde & Informatica (CWI), Research institute for Mathematics and Computer Science in the Netherlands Negotiation Negotiation is everywhere

399 views • 15 slides
Internet consists mostly of wired data communication equipment To build a stable global wide

Internet consists mostly of wired data communication equipment To build a stable global wide

Internet consists mostly of wired data communication equipment To build a stable global wide area networks is a major electrical challenge! How do you fight The robust hardware the electrical of Internet interference? William Sandqvist

347 views • 22 slides
Staged Recanalization Of Carotid Artery Occlusion Paul Hsien-Li Kao, MD Associate Professor

Staged Recanalization Of Carotid Artery Occlusion Paul Hsien-Li Kao, MD Associate Professor

Staged Recanalization Of Carotid Artery Occlusion Paul Hsien-Li Kao, MD Associate Professor Cardiac Cath Lab Director National Taiwan University Hospital Cardiovascular Center Paul HL Kao 12 Disclosure Statement of Financial Interest I,

988 views • 31 slides
A Large-Scale Wired Network Energy Model for Flow-Level Simulations Loic Guegan, Betsegaw Lemma

A Large-Scale Wired Network Energy Model for Flow-Level Simulations Loic Guegan, Betsegaw Lemma

A Large-Scale Wired Network Energy Model for Flow-Level Simulations Loic Guegan, Betsegaw Lemma Amersho, Anne-Ccile Orgerie, Martin Quinson Univ Rennes, Inria, CNRS, IRISA, Rennes, France June 2019 Loic Guegan Network Energy/Flow Simulators

461 views • 22 slides
WiredTiger Backend for OpenLDAP Open Source Solution Technology Corporation Tsukasa Hamano

WiredTiger Backend for OpenLDAP Open Source Solution Technology Corporation Tsukasa Hamano

WiredTiger Backend for OpenLDAP Open Source Solution Technology Corporation Tsukasa Hamano <hamano@osstech.co.jp> LDAPCon 2015 Edinburgh November 2015 Open Source Solution Technology Corporation 1 WiredTiger Backend for OpenLDAP About

399 views • 23 slides
October 1 st 2009, SoCal NEGT Symposium Welfare Effects of Spectrum Management Regimes Ergin

October 1 st 2009, SoCal NEGT Symposium Welfare Effects of Spectrum Management Regimes Ergin

October 1 st 2009, SoCal NEGT Symposium Welfare Effects of Spectrum Management Regimes Ergin Bayrak Scholar in Residence, Annenberg School for Communication Ph.D. Candidate, Department of Economics University of Southern California BACKGROUND

622 views • 49 slides

More recommend