核心概念
SecureDL is a novel decentralized learning protocol that enhances security and privacy against Byzantine threats through secure multiparty computation and robust aggregation techniques.
摘要
The content discusses the development of SecureDL, a novel decentralized learning (DL) protocol that aims to enhance security and privacy against Byzantine threats.
Key highlights:
- DL eliminates the need for a central server, making the system more susceptible to privacy attacks and Byzantine threats compared to Federated Learning (FL).
- SecureDL employs secure multiparty computation techniques to enable privacy-preserving aggregation of model updates, preventing clients from accessing other clients' data in plain form.
- The protocol utilizes robust aggregation rules based on cosine similarity and normalization to detect and exclude malicious model updates, enhancing the system's resilience against Byzantine attacks.
- Theoretical analysis is provided to demonstrate the convergence and privacy guarantees of SecureDL.
- Empirical evaluation on MNIST, Fashion-MNIST, SVHN and CIFAR-10 datasets shows SecureDL's effectiveness against various Byzantine attacks, even in the presence of a malicious majority.
- The overhead analysis quantifies the computational and communication costs of the privacy-preserving mechanisms in SecureDL.
統計資料
"Decentralized machine learning (DL) has been receiving an increasing interest recently due to the elimination of a single point of failure, present in Federated learning setting."
"Defenses against Byzantine adversaries, however, typically require access to the updates of other clients, a counterproductive privacy trade-off that in turn increases the risk of inference attacks on those same model updates."
"Our experiments show that SecureDL is effective even in the case of attacks by the malicious majority (e.g., 80% Byzantine clients) while preserving high training accuracy."
引述
"SecureDL facilitates a collaborative defense, while protecting the privacy of clients' model updates through secure multiparty computation."
"By using MNIST, Fashion-MNIST, SVHN and CIFAR-10 datasets, we evaluated SecureDL against various Byzantine attacks and compared its effectiveness with four existing defense mechanisms."