fedsel federated sgd under local differential privacy
play

FedSel: Federated SGD under Local Differential Privacy with Top-k - PowerPoint PPT Presentation

Apr 17, 2023 •20 likes •370 views

FedSel: Federated SGD under Local Differential Privacy with Top-k Dimension Selection Ruixuan Liu 1 , Yang Cao 2 , Masatoshi Yoshikawa 2 , Hong Chen 1 1 Renmin University of China, 2 Kyoto University DASFAA, 2020 Federated Learning Overview

  1. FedSel: Federated SGD under Local Differential Privacy with Top-k Dimension Selection Ruixuan Liu 1 , Yang Cao 2 , Masatoshi Yoshikawa 2 , Hong Chen 1 1 Renmin University of China, 2 Kyoto University DASFAA, 2020

  2. Federated Learning Overview Sensitive information: age, job, location, etc.

  3. Federated Learning Overview Sensitive information: age, job, location, etc.

  4. Federated Learning Overview Sensitive information: age, job, location, etc.

  5. Federated Learning Overview Sensitive information: age, job, location, etc. �

  6. Federated Learning Overview Sensitive information: age, job, location, etc. �

  7. Federated Learning Overview Sensitive information: age, job, location, etc. �

  8. Federated Learning Privacy Vulnerabilities Sensitive information: age, job, location, etc. �

  9. Federated Learning Privacy Vulnerabilities Sensitive information: age, job, location, etc. �

  10. Federated Learning Privacy Vulnerabilities Sensitive information: age, job, location, etc. �

  11. Federated Learning Privacy Vulnerabilities Possible privacy attacks…  Membership Inference “Whether data of a target victim has been used to train a model?”  Reconstruction attack Given a gender classifier, “What a male looks like?”  Unintended inference attack Given a gender classifier, “What is the race of people in Bob’s photos?”

  12. Differential Privacy for Federated Learning Sensitive information: age, job, location, etc. �

  13. Differential Privacy for Federated Learning Sensitive information: age, job, location, etc. � +noise The server adds noises to aggregated updates.

  14. Differential Privacy for Federated Learning Sensitive information: age, job, location, etc. � +noise Requires a trusted server 

  15. Local Differential Privacy for Federated Learning Sensitive information: age, job, location, etc. � +noise +noise +noise +noise No worry about untrusted server 

  16. Local Differential Privacy for Federated Learning Sensitive information: age, job, location, etc. � +noise +noise +noise +noise LDP is a natural privacy definition for FL

  17. Local Differential Privacy for Federated Learning � output … input

  18. Challenges of LDP in Federated Learning [1] Wang N, Xiao X, Yang Y, et al. Collecting and analyzing multidimensional data with local differential privacy[C]//2019 IEEE 35th International Conference on Data Engineering (ICDE). IEEE, 2019: 638-649. For a -dimensional vector, the metric is : • Given a local privacy budget for the vector, • The error in the estimated mean of each dimension If split local privacy budget to d dimensions[1]: • The error is super-linear to , and can be excessive when is large

  19. Challenges of LDP in Federated Learning [1] Wang N, Xiao X, Yang Y, et al. Collecting and analyzing multidimensional data with local differential privacy[C]//2019 IEEE 35th International Conference on Data Engineering (ICDE). IEEE, 2019: 638-649. For a -dimensional vector, the metric is : • Given a local privacy budget for the vector, • The error in the estimated mean of each dimension If split local privacy budget to d dimensions[1]: • The error is super-linear to , and can be excessive when is large An asymptotically optimal conclusion[1]: 1. Random sample dimensions • Increase the privacy budget for each dimension • Reduce the noise variance incurred 2. Perturb each sampled dimension with � 3. Aggregate and scale up by the factor of �

  20. Challenges of LDP in Federated Learning Typical orders-of-magnitude d: 100-1,000,000s dimensions m: 100-1000s users per round : smaller privacy budget = stronger privacy The dimension curse!

  21. Our Intuition Common bottleneck of the dimension curse  Distributed learning Data are partitioned and distributed for accelerating the training process Gradient vectors are transmitted among separate workers Communication costs = bits of representing one real value  Gradient sparsification Reduce communication costs by only transmitting important dimensions  Intuition Dimensions with larger absolute magnitudes are more important => Efficient dimension reduction for LDP

  22. Our Intuition Common focus on selecting Top dimensions Utility / Learning performance Utility / Learning performance Privacy budget Communication resources

  23. Our Intuition Common focus on selecting Top dimensions Utility / Learning performance Utility / Learning performance Privacy budget Communication resources

  24. Two-stage Framework- FedSel  Top-k dimension selection is data-dependent Server Local vector = Top-k information + value  Average gradient  Update global parameters parameters information  Two-stage framework …  Pull  Update the local  Push noisy vector 𝑡 ∗ accumulated vector Private selection + Value Perturbation Local data ∗ 0 0 0 0 𝑡 � 0 0 0  Sequential Composition 𝑠 𝑡 � 0 0 0 0 0 0 0 � 1 × 𝑒 • The Top-k selection is 𝜗 � -LDP Dimension Selection ValuePerturbation • The value perturbation is 𝜗 � -LDP  Perturb  Calculate Gradients  Select Top-K the selected value with local data dimensions privately • => The mechanism is 𝜗 -LDP, 𝜗 = 𝜗 � + 𝜗 � User 𝑣 �

  25. Two-stage Framework- FedSel  Top-k dimension selection is data-dependent Server Local vector = Top-k information + value  Average gradient  Update global parameters parameters information  Two-stage framework …  Pull  Update the local  Push noisy vector 𝑡 ∗ accumulated vector Private selection + Value Perturbation Local data ∗ 0 0 0 0 𝑡 � 0 0 0  Sequential Composition 𝑠 𝑡 � 0 0 0 0 0 0 0 � 1 × 𝑒 • The Top-k selection is 𝜗 � -LDP Dimension Selection ValuePerturbation • The value perturbation is 𝜗 � -LDP  Perturb  Calculate Gradients  Select Top-K the selected value with local data dimensions privately • => The mechanism is 𝜗 -LDP, 𝜗 = 𝜗 � + 𝜗 � Next goal User 𝑣 �

  26. Methods-Exponential Mechanism (EXP) 1. Sorting and the ranking is denoted with { � , …, � } � 2. Sample unevenly with the probability value 1 3 6 2 4 5

  27. Methods-Exponential Mechanism (EXP) 1. Sorting and the ranking is denoted with { � , …, � } � 2. Sample unevenly with the probability probability value 1 3 6 1 2 3 4 5 6 2 4 5

  28. Methods-Perturbed Encoding Mechanism (PE) 1. Sorting and the ranking is denoted the Top-k status with { � , …, � } � 2. For each dimension, to retain status � with a larger probability to flip � has a smaller probability 3. Sample from dimension set ∗ � value 1 3 6 2 4 5

  29. Methods-Perturbed Encoding Mechanism (PE) 1. Sorting and the ranking is denoted the Top-k status with { � , …, � } � 2. For each dimension, to retain status � with a larger probability to flip � has a smaller probability 3. Sample from dimension set ∗ � value 1 3 6 2 4 5

  30. Methods-Perturbed Encoding Mechanism (PE) 1. Sorting and the ranking is denoted the Top-k status with { � , …, � } � 2. For each dimension, to retain status � with a larger probability to flip � has a smaller probability 3. Sample from dimension set ∗ � value 1 3 6 2 4 5

  31. Methods-Perturbed Sampling Mechanism (PS) 1. Sorting and the ranking is denoted the Top-k status with { � , …, � } � 2. Sample a dimension from: Top-k dimension set, with a larger probability Non-top dimension set, with a smaller probability value 1 3 6 2 4 5

  32. Empirical results Even a small budget in dimension selection helps to increase the learning accuracy • Private Top-k selection helps to improve the learning utility independent of the • mechanism for perturbing one dimension.

  33. Empirical results What we gain is much larger than what we lose from private and efficient Top-k selection

  34. Summary Conclusion We propose a two-stage framework for locally differential private federated SGD • We propose 3 private selection mechanisms for efficient dimension reduction under LDP • Takeaway • Private mechanism can be specialized for sparse vector Private Top-k dimension selection can improve learning utility under a given privacy level • Future work Optimal hyper-parameter tuning •

  35. Thanks - Utility + - Privacy +

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CS573 Data Privacy and Security Local Differential Privacy Li Xiong Privacy at Scale: Local

CS573 Data Privacy and Security Local Differential Privacy Li Xiong Privacy at Scale: Local

CS573 Data Privacy and Security Local Differential Privacy Li Xiong Privacy at Scale: Local Differential Privacy in Practice (Module 1) Graham Cormode, Somesh Jha, Tejas Kulkarni, Ninghui Li, Divesh Srivastava, and Tianhao Wang Differential

819 views • 38 slides
Guarding user Privacy with Federated Learning and Differential Privacy Brendan McMahan

Guarding user Privacy with Federated Learning and Differential Privacy Brendan McMahan

Guarding user Privacy with Federated Learning and Differential Privacy Brendan McMahan mcmahan@google.com DIMACS/Northeast Big Data Hub Workshop on Overcoming Barriers to Data Sharing including Privacy and Fairness 2017.10.24 Our Goal Imbue

956 views • 70 slides
Amplification by Shuffling: From Local to Central Differential Privacy via Anonymity Vitaly

Amplification by Shuffling: From Local to Central Differential Privacy via Anonymity Vitaly

Amplification by Shuffling: From Local to Central Differential Privacy via Anonymity Vitaly Feldman Ulfar Erlingsson Ilya Mironov Ananth Raghunathan Kunal Talwar Abhradeep Thakurta Local Differential Privacy (LDP) 1 1 For all ,

151 views • 11 slides
Mobile Data Collection and Analysis with Local Differential Privacy - Part 1 Ninghui Li (Purdue

Mobile Data Collection and Analysis with Local Differential Privacy - Part 1 Ninghui Li (Purdue

Mobile Data Collection and Analysis with Local Differential Privacy - Part 1 Ninghui Li (Purdue University) 1 Outline Motivation of Differential Privacy and Local Differential Privacy (LDP) Frequency Oracles in LDP Tradeoff between

821 views • 53 slides
Differential Privacy (Part III) Approximate (or ( , ))-differential privacy

Differential Privacy (Part III) Approximate (or ( , ))-differential privacy

Differential Privacy (Part III) Approximate (or ( , ))-differential privacy Generalized definition of differential privacy allowing for a (supposedly small) additive factor Used in a variety of applications A query mechanism M is (

1.27k views • 43 slides
K Anonymity Dagstuhl Workshop Federated Semantic 8 Data Management, June 2017 4 27.06.2017

K Anonymity Dagstuhl Workshop Federated Semantic 8 Data Management, June 2017 4 27.06.2017

27.06.2017 Schutz der Privatsphre (WS15/16) Introduction to Privacy (Part 1) You have zero privacy. Get over it. Scott McNealy, 1999 Privacy, k anonymity, and differential privacy Johann Christoph Freytag Humboldt-Universitt zu

457 views • 11 slides
Differential Privacy Techniques Beyond Differential Privacy Steven Wu Assistant Professor

Differential Privacy Techniques Beyond Differential Privacy Steven Wu Assistant Professor

Differential Privacy Techniques Beyond Differential Privacy Steven Wu Assistant Professor University of Minnesota 1 Differential privacy? Isnt it just adding noise? How to add smart noise to guarantee privacy without sacrificing

592 views • 57 slides
Differential Privacy Li Xiong Outline Differential Privacy Definition Basic techniques

Differential Privacy Li Xiong Outline Differential Privacy Definition Basic techniques

CS573 Data Privacy and Security Differential Privacy Li Xiong Outline Differential Privacy Definition Basic techniques Composition theorems Statistical Data Privacy Non-interactive vs interactive Privacy goal: individual is

1.15k views • 64 slides
Toniann Pitassi Outline 1. Differential Privacy: The Basics 2. Differential Privacy in New

Toniann Pitassi Outline 1. Differential Privacy: The Basics 2. Differential Privacy in New

Differential Privacy and Fairness: Foundations and New Frontiers Toniann Pitassi Outline 1. Differential Privacy: The Basics 2. Differential Privacy in New Settings - Pan Privacy - Privacy in multi-party settings - Fairness Outline

947 views • 49 slides
CS573 Data Privacy and Security Differential Privacy Real World Deployments Li Xiong

CS573 Data Privacy and Security Differential Privacy Real World Deployments Li Xiong

CS573 Data Privacy and Security Differential Privacy Real World Deployments Li Xiong Applying Differential Privacy Real world deployments of differential privacy OnTheMap RAPPOR Module 4 Tutorial: Differential Privacy in the Wild

617 views • 30 slides
Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy Alexandra Wood Berkman Klein Center for Internet & Society at Harvard University DIMACS/Northeast Big Data Hub Workshop on Overcoming Barriers to

964 views • 54 slides
Truth Inference on Sparse Crowdsourcing Data with Local Differential Privacy IEEE BIG DATA 18

Truth Inference on Sparse Crowdsourcing Data with Local Differential Privacy IEEE BIG DATA 18

Truth Inference on Sparse Crowdsourcing Data with Local Differential Privacy IEEE BIG DATA 18 Haipei Sun 1 Boxiang Dong 2 Hui (Wendy) Wang 1 Ting Yu 3 Zhan Qin 4 1 Stevens Institute of Technology Hoboken, NJ 2 Montclair State University

391 views • 36 slides
Providing Input-Discriminative Protection for Local Differential Privacy Xiaolan Gu * , Ming Li *

Providing Input-Discriminative Protection for Local Differential Privacy Xiaolan Gu * , Ming Li *

Providing Input-Discriminative Protection for Local Differential Privacy Xiaolan Gu * , Ming Li * , Li Xiong # and Yang Cao *University of Arizona # Emory University Kyoto University IEEE International Conference on Data Engineering

440 views • 20 slides
Guaranteeing Local Differential Privacy on Ultra-low-power Systems Woo-Seok Choi, Matthew Tomei,

Guaranteeing Local Differential Privacy on Ultra-low-power Systems Woo-Seok Choi, Matthew Tomei,

Guaranteeing Local Differential Privacy on Ultra-low-power Systems Woo-Seok Choi, Matthew Tomei, Jose Rodrigo Sanchez Vicarte, Pavan Kumar Hanumolu, Rakesh Kumar University of Illinois at Urbana-Champaign Security in IoT IoT Cloud Data

700 views • 20 slides
Differential privacy and applications to location privacy Catuscia Palamidessi INRIA & Ecole

Differential privacy and applications to location privacy Catuscia Palamidessi INRIA & Ecole

Differential privacy and applications to location privacy Catuscia Palamidessi INRIA & Ecole Polytechnique 1 Plan of the talk General introduction to privacy issues A naive approach to privacy protection: anonymization Why it

740 views • 44 slides
Implementing Differential Privacy & Side-channel attacks CompSci 590.03 Instructor: Ashwin

Implementing Differential Privacy & Side-channel attacks CompSci 590.03 Instructor: Ashwin

Implementing Differential Privacy & Side-channel attacks CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 14 : 590.03 Fall 12 1 Outline Differential Privacy Implementations PINQ: Privacy Integrated Queries [McSherry SIGMOD

1.22k views • 40 slides
Entropy & Information Jill illes V s Vreeken 29 29 May 2015 2015 Qu Question o of f

Entropy & Information Jill illes V s Vreeken 29 29 May 2015 2015 Qu Question o of f

Entropy & Information Jill illes V s Vreeken 29 29 May 2015 2015 Qu Question o of f th the da day What is infor ormation tion? (and what do talking drums have to do with it?) Bit Bits a s and Piec Pieces es What are

592 views • 42 slides
HOST SCA Countermeasures I ECE 525 Side-Channel Analysis (SCA) Countermeasures Reference

HOST SCA Countermeasures I ECE 525 Side-Channel Analysis (SCA) Countermeasures Reference

HOST SCA Countermeasures I ECE 525 Side-Channel Analysis (SCA) Countermeasures Reference Mangard et. al, "Power Analysis Attacks, Revealing the Secrets of Smart Cards", Springer, 2009 Power analysis attacks are effective because the

479 views • 19 slides
Physical layer Encoding data into signals Computer networks Girts Strazdins, gist@ntnu.no, NTNU

Physical layer Encoding data into signals Computer networks Girts Strazdins, gist@ntnu.no, NTNU

Physical layer Encoding data into signals Computer networks Girts Strazdins, gist@ntnu.no, NTNU i lesund, 2020 Outline 1. Digital and analog data 2. Signaling, symbols, bitrate 3. Digital signaling 4. Analog signaling 5. Sender and

719 views • 53 slides
Signal Encoding Techniques Digital Data, Analog Signals Analog Data, Digital Signals ITS323:

Signal Encoding Techniques Digital Data, Analog Signals Analog Data, Digital Signals ITS323:

ITS323 Signal Encoding Introduction Digital Data, Digital Signals Signal Encoding Techniques Digital Data, Analog Signals Analog Data, Digital Signals ITS323: Introduction to Data Communications Analog Data, Analog Signals Sirindhorn

787 views • 40 slides
DATABASE SYSTEM IMPLEMENTATION GT 4420/6422 // SPRING 2019 // @JOY_ARULRAJ LECTURE #2: IN-MEMORY

DATABASE SYSTEM IMPLEMENTATION GT 4420/6422 // SPRING 2019 // @JOY_ARULRAJ LECTURE #2: IN-MEMORY

DATABASE SYSTEM IMPLEMENTATION GT 4420/6422 // SPRING 2019 // @JOY_ARULRAJ LECTURE #2: IN-MEMORY DATABASES 2 TODAYS AGENDA Background In-Memory DBMS Architectures Early Notable In-Memory DBMSs 3 LAST CLASS History of DBMSs In a way

1.08k views • 69 slides
Differential Fault Analysis against AES-192 and AES-256 with Minimal Faults Chong Hee KIM

Differential Fault Analysis against AES-192 and AES-256 with Minimal Faults Chong Hee KIM

Outline Differential Fault Analysis against AES-192 and AES-256 with Minimal Faults Chong Hee KIM Information Security Group Universit e Catholique de Louvain, Belgium August 21, 2010 Chong Hee KIM, Universit e Catholique de Louvain

797 views • 76 slides
Differential Fault Analysis of HC-128 Aleksandar Kircanski and Amr M. Youssef AFRICACRYPT 2010

Differential Fault Analysis of HC-128 Aleksandar Kircanski and Amr M. Youssef AFRICACRYPT 2010

Differential Fault Analysis of HC-128 Differential Fault Analysis of HC-128 Aleksandar Kircanski and Amr M. Youssef AFRICACRYPT 2010 May 03-06, 2010, Stellenbosch, South Africa Differential Fault Analysis of HC-128 Outline Fault analysis

374 views • 24 slides
Fault Attacks on Embedded Software: Threats, Design, and Mitigation Patrick Schaumont Professor

Fault Attacks on Embedded Software: Threats, Design, and Mitigation Patrick Schaumont Professor

Fault Attacks on Embedded Software: Threats, Design, and Mitigation Patrick Schaumont Professor Bradley Department of ECE Virginia Tech Acknowledgements FAME Project Team https://sites.google.com/view/famechip Supported through National

1.01k views • 72 slides

More recommend