Secure Federated Transfer Learning(论文笔记)





☆Recent Artificial Intelligence (AI) achievements have been depending on the availability of massive amount of labeled data.
☆AlphaGo (Silver et al. 2016) uses 30 millions of moves from 160,000 actual games.The ImageNet dataset (Deng et al. 2009) has over 14 million images.

However,across various industries, more fields of application have only small or poor quality data. Labeling data is very expensive, especially in fields which require human expertise and domain knowledge. In addition, data needed for a specific task may not be kept in one place. Many organizations may only have unlabeled data, and some other organizations may have very limited amount of labels. It has been increasingly difficult for organizations to combine their data too.
在各个行业中,更多的应用领域仅有较少或质量差的数据给数据打标签非常昂贵,特别是在需要人类专业知识和领域知识的领域。此外,特定任务所需的数据不能保存在一个地方。许多组织可能只有未标注的数据,而其他一些组织的标签数量可能非常有限。 组织也越来越难以将其数据结合起来


Google first introduced a federated learning (FL) system (McMahan et al. 2016) in which a global machine learning model is updated by a federation of distributed participants while keeping their data locally.
These existing approaches are only applicable to either common features or common samples under a federation.

In this paper, we propose a possible solution to these challenges: Federated Transfer Learning (FTL), which leverages transfer learning technique (Pan et al. 2010) to provide solutions for the entire sample and feature space under a federation.

  • We introduce federated transfer learning in a privacy preserving setting to provide solutions for federation problems beyond the scope of existing federated learning approaches;
  • We provide an end-to-end solution to the proposed FTL problem and show that convergence and accuracy of the proposed approach is comparable to the non-privacy preserving approach;
  • We provide a novel approach for adopting additively homomorphic encryption (HE) to multi-party computation (MPC) with neural networks such that only minimal modifications to the neural network is required and the accuracy is almost lossless, whereas most of the existing secure deep learning frameworks suffer from loss of accuracy when adopting privacy-preserving techniques.

③我们提供了一种采用 加性同态加密(HE)与神经网络的多方计算(MPC) 的新方法,这样只需要对神经网络进行最小的修改,并且精度几乎是无损的,而大多数现有的安全深度 学习框架在采用隐私保护技术时会失去准确性。 )*


(一)Federated learning and Secure Deep Learning

Server-end Models:(applicable for inference only)
① Google:a secure aggregation scheme(安全聚合方案)
②CryptoNets:Neural computations to work with data encrypted with Homomorphic Encryption
③CryptoDL: the activation functions in neural networks with low degree polynomials
④DeepSecure(uses Yao’s Garbled Circuit Protocol for data encryption instead of HE)

In this paper: SecureML
加密:use secret-sharing and Yao’s Garble Circuit for encryption
训练:support collaborative training for linear regression(线性回归) , logistic regression and neural networks

(二)Transfer Learning

应用情景:small dataset(小数据集) or weak supervison(弱监督)

四、Problem Definition

在这里插入图片描述 在这里插入图片描述在这里插入图片描述在这里插入图片描述
☆ Without losing generality, we assume all labels are in party A, but all the deduction here can be adapted to the case where labels exist in party B. One can find the commonly shared sample ID set in a privacy-preserving setting by masking data IDs with encryption techniques such as RSA scheme. Here we assume that A and B already found or both know their commonly shared sample IDs. Given the above setting, the objective is for the two parities to build a transfer learning model to predict labels for the target-domain party as accurately as possible without exposing data to each other.

△Security Definition:
① all parties are honest-but-curious
② assume a threat model with a semi-honest adversary D (半诚实的敌人)
③ Protocol P(协议P)


五、Proposed Approach

① Transfer Learning Model and Federated Framework
② Deep Neural Networks
在这里插入图片描述 在这里插入图片描述在这里插入图片描述
③ Hidden representation layer :d
④ Prediction function
⑤ Translator function
⑥ Loss function (logistic loss)
⑦ minimize the alignment loss
Secure Federated Transfer Learning(论文笔记)_第1张图片Secure Federated Transfer Learning(论文笔记)_第2张图片
⑧ Final objective function
⑨ Gradients(梯度——用来更新参数)

Additively Homomorphic Encryption(加法同态加密)

Secure Federated Transfer Learning(论文笔记)_第3张图片
Secure Federated Transfer Learning(论文笔记)_第4张图片
Secure Federated Transfer Learning(论文笔记)_第5张图片
Secure Federated Transfer Learning(论文笔记)_第6张图片

☆Federated Transfer Learning架构(三个算法)

Secure Federated Transfer Learning(论文笔记)_第7张图片

(一)Federated Transfer Learning: Training

① 初始化并在本地独立运行神经网络Net(A),Net(B)获取隐藏表示u(i,A),u(i,B)
② A方计算并加密,发送给B协助B计算梯度Net(B)
③ B方同理②



(二)Federated Transfer Learning: Prediction

① B方利用训练好的神经网络的参数Θ(B)计算u(j,B),并把加密结果[[G(u(j,B)]]发送给A方
② A使用随机值进行评估和掩码,并将加密和掩码的φ(u(j,B))发送到B,B解密并发送回A
③ A获得解密好的φ(u(j,B))从而得到标签,并把标签发送给B方


优点:如实验部分所示,损耗和梯度计算中的误差以及采用我们的方法导致的精度损失很小。 因此,该方法可扩展并且灵活地适应神经网络结构的变化。

(三)Federated Transfer Learning: Cross Validation

方法: a secure transfer cross validation approach (TrCV)

① 将有标签的源域数据集划分为k折,每一轮(总共k轮)去一折作为测试集,使用剩余的k-1折数据根据算法1来建模,利用算法2进行标签预测
② 将预测的标签和已有的数据集结合(对应)起来,用算法1对模型重新训练并用一折的测试集进行评估:
③最后获得最终的模型:Secure Federated Transfer Learning(论文笔记)_第8张图片
在标签位于源域方的情况下,自学习被简化为基于特征的联合学习问题。 否则,目标域方将自己构建自学模型。 在转移学习模型不如自学模型的情况下,知识不需要转移。
(Notice that TrCV performs validations using source domain labels, which could be advantageous in situations where target labels are difficult to obtain. A self-learning supervised
model MF,Dc is also built with Dc to provide safeguards against negative transfer (Kuzborskij and Orabona 2013; Zhong et al. 2010). In the scenario that the labels are in the source-domain party, the self-learning is reduced to a feature-based federated learning problem. Otherwise the target-domain party will build the self-learning model itself. In the cases that the transfer learning model is inferior to a self-learning model, knowledge needs not to be transfered.)

Security Analysis

Theorem 1. The protocol in Algorithm 1 and 2 is secure under our security definition, provided that the underlying additively homomorphic encryption scheme is secure.
① The training protocol in Algorithm 1 and 2 do not reveal any information, because all A and B learns are the masked gradients.
As long as the encryption scheme is considered secure, the protocol is secure.
② At inference time, the two parties need to collaboratively compute the prediction results. Note the protocol does not deal with a malicious party. If party A fakes its inputs and submits only one non-zero input, it may tell the value of u(B) i at that input’s position. It still can not tell x(B) i or Θ(B), and neither party will get correct results.
Secure Federated Transfer Learning(论文笔记)_第9张图片


(二)Impact of Taylor approximation
①As we increased the depth of the neural networks, the convergence and the performance of the model do not decay. (随着神经网络深度增加,收敛性和性能不会衰减)
(三)Transfer learning vs self-learning
① 在使用少量样本时,迁移学习方法优于自主学习
② 随样本数增加,性能表现得到改进
③ 性能随重叠样本数的增加而增加
As expected from the above analysis, as we increase the dimension of the hidden representation d, the increase of the running time is accelerating across different values of number of overlapping samples tested. On the other hand, the running time grows linearly with respect to the number of target-domain features, as well as the number of samples shared.


① The proposed framework is a complete privacypreserving solution which includes training, evaluation and cross validation.
② The current framework is not limited to any specific learning models but rather a general framework for privacy-preserving transfer learning.
③ Future works for FTL may include exploring and adopting the methodology to other deep learning systems where privacy-preservingdata collaborationis needed,and continuingimprovingthe efficiencyof the algorithms by using distributed computing techniques, and finding less expensive encryption schemes.

你可能感兴趣的:(Secure Federated Transfer Learning(论文笔记))