TY - GEN
T1 - Differentially-Private “Draw and Discard” Machine Learning
T2 - 6th International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2022
AU - Pihur, Vasyl
AU - Korolova, Aleksandra
AU - Liu, Frederick
AU - Sankuratripati, Subhash
AU - Yung, Moti
AU - Huang, Dachuan
AU - Zeng, Ruogu
N1 - Publisher Copyright:
© 2022, Springer Nature Switzerland AG.
PY - 2022
Y1 - 2022
N2 - The setting of our problem is a distributed architecture facing an enormous user set, where events are repeating and evolving over time, and we want to absorb the stream of events into the model: first local model, then absorb it in the global one, and also care about user privacy. Naturally, we learn a phenomenon which happens distributedly in many places (like malware spread over smartphones, user behavior to operation and UX of an app, or other such events). To this end, we considered a configuration where the learning server is built to deal with the possibly high frequency high-volume environment in a natural distributed fashion, while taking care of statistical convergence and privacy properties of the setting as well. We propose a novel framework for privacy-preserving client-distributed machine learning. It is based on the desire to allow differential privacy guarantees in the local model of privacy in a way that satisfies systems constraints using high number of asynchronous client-server communication (i.e., not much coordination among separate clients, which is a simple communication model to implement, which in some settings already exist, i.e., in apps facing users), and provides attractive model learning properties. We develop a generic randomized learning algorithm “Draw and Discard” because it relies on random sampling and discarding of models for load distribution and scalability, which also provides additional server-side privacy protections and improved model quality through averaging. The model is general and we show its applicability to Generalized Linear models. We analyze the statistical stability and privacy guarantees provided by our approach against faults and against several types of adversaries. We then showcase experimental results. Our framework (first reported in [28]) has been experimentally deployed in a real industrial setting. We view the result as an initial combination of ML and of distributed systems, and we believe it poses numerous directions for further developments.
AB - The setting of our problem is a distributed architecture facing an enormous user set, where events are repeating and evolving over time, and we want to absorb the stream of events into the model: first local model, then absorb it in the global one, and also care about user privacy. Naturally, we learn a phenomenon which happens distributedly in many places (like malware spread over smartphones, user behavior to operation and UX of an app, or other such events). To this end, we considered a configuration where the learning server is built to deal with the possibly high frequency high-volume environment in a natural distributed fashion, while taking care of statistical convergence and privacy properties of the setting as well. We propose a novel framework for privacy-preserving client-distributed machine learning. It is based on the desire to allow differential privacy guarantees in the local model of privacy in a way that satisfies systems constraints using high number of asynchronous client-server communication (i.e., not much coordination among separate clients, which is a simple communication model to implement, which in some settings already exist, i.e., in apps facing users), and provides attractive model learning properties. We develop a generic randomized learning algorithm “Draw and Discard” because it relies on random sampling and discarding of models for load distribution and scalability, which also provides additional server-side privacy protections and improved model quality through averaging. The model is general and we show its applicability to Generalized Linear models. We analyze the statistical stability and privacy guarantees provided by our approach against faults and against several types of adversaries. We then showcase experimental results. Our framework (first reported in [28]) has been experimentally deployed in a real industrial setting. We view the result as an initial combination of ML and of distributed systems, and we believe it poses numerous directions for further developments.
KW - Differential privacy
KW - Distributed machine learning
KW - High-volume distributed computing
KW - Local privacy model
UR - http://www.scopus.com/inward/record.url?scp=85134184159&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85134184159&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-07689-3_33
DO - 10.1007/978-3-031-07689-3_33
M3 - Conference contribution
AN - SCOPUS:85134184159
SN - 9783031076886
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 468
EP - 486
BT - Cyber Security, Cryptology, and Machine Learning - 6th International Symposium, CSCML 2022, Proceedings
A2 - Dolev, Shlomi
A2 - Meisels, Amnon
A2 - Katz, Jonathan
PB - Springer Science and Business Media Deutschland GmbH
Y2 - 30 June 2022 through 1 July 2022
ER -