Large machine learning models with improved predictions have become widely available in the chemical sciences. Unfortunately, these models do not protect the privacy necessary within commercial settings, prohibiting the use of potentially extremely valuable data by others. Encrypting the prediction process can solve this problem by double-blind model evaluation and prohibits the extraction of training or query data. However, contemporary ML models based on fully homomorphic encryption or federated learning are either too expensive for practical use or have to trade higher speed for weaker security. We have implemented secure and computationally feasible encrypted machine learning models using oblivious transfer enabling and secure predictions of molecular quantum properties across chemical compound space. However, we find that encrypted predictions using kernel ridge regression models are a million times more expensive than without encryption. This demonstrates a dire need for a compact machine learning model architecture, including molecular representation and kernel matrix size, that minimizes model evaluation costs.
translated by 谷歌翻译
To apply federated learning to drug discovery we developed a novel platform in the context of European Innovative Medicines Initiative (IMI) project MELLODDY (grant n{\deg}831472), which was comprised of 10 pharmaceutical companies, academic research labs, large industrial companies and startups. The MELLODDY platform was the first industry-scale platform to enable the creation of a global federated model for drug discovery without sharing the confidential data sets of the individual partners. The federated model was trained on the platform by aggregating the gradients of all contributing partners in a cryptographic, secure way following each training iteration. The platform was deployed on an Amazon Web Services (AWS) multi-account architecture running Kubernetes clusters in private subnets. Organisationally, the roles of the different partners were codified as different rights and permissions on the platform and administrated in a decentralized way. The MELLODDY platform generated new scientific discoveries which are described in a companion paper.
translated by 谷歌翻译
制药行业可以更好地利用其数据资产来通过协作机器学习平台虚拟化药物发现。另一方面,由于参与者的培训数据的意外泄漏,存在不可忽略的风险,因此,对于这样的平台,必须安全和隐私权。本文介绍了在药物发现的临床前阶段进行协作建模的隐私风险评估,以加快有前途的候选药物的选择。在最新推理攻击的简短分类法之后,我们采用并定制了几种基础情况。最后,我们用一些相关的隐私保护技术来描述和实验,以减轻此类攻击。
translated by 谷歌翻译
Federated learning is a collaborative method that aims to preserve data privacy while creating AI models. Current approaches to federated learning tend to rely heavily on secure aggregation protocols to preserve data privacy. However, to some degree, such protocols assume that the entity orchestrating the federated learning process (i.e., the server) is not fully malicious or dishonest. We investigate vulnerabilities to secure aggregation that could arise if the server is fully malicious and attempts to obtain access to private, potentially sensitive data. Furthermore, we provide a method to further defend against such a malicious server, and demonstrate effectiveness against known attacks that reconstruct data in a federated learning setting.
translated by 谷歌翻译
网络威胁情报(CTI)共享是减少攻击者和捍卫者之间信息不对称的重要活动。但是,由于数据共享和机密性之间的紧张关系,这项活动带来了挑战,这导致信息保留通常会导致自由骑士问题。因此,共享的信息仅代表冰山一角。当前的文献假设访问包含所有信息的集中数据库,但是由于上述张力,这并不总是可行的。这会导致不平衡或不完整的数据集,需要使用技术扩展它们。我们展示了这些技术如何导致结果和误导性能期望。我们提出了一个新颖的框架,用于从分布式数据中提取有关事件,漏洞和妥协指标的分布式数据,并与恶意软件信息共享平台(MISP)一起证明其在几种实际情况下的使用。提出和讨论了CTI共享的政策影响。拟议的系统依赖于隐私增强技术和联合处理的有效组合。这使组织能够控制其CTI,并最大程度地减少暴露或泄漏的风险,同时为共享的好处,更准确和代表性的结果以及更有效的预测性和预防性防御能力。
translated by 谷歌翻译
Today's AI still faces two major challenges. One is that in most industries, data exists in the form of isolated islands. The other is the strengthening of data privacy and security. We propose a possible solution to these challenges: secure federated learning. Beyond the federated learning framework first proposed by Google in 2016, we introduce a comprehensive secure federated learning framework, which includes horizontal federated learning, vertical federated learning and federated transfer learning. We provide definitions, architectures and applications for the federated learning framework, and provide a comprehensive survey of existing works on this subject. In addition, we propose building data networks among organizations based on federated mechanisms as an effective solution to allow knowledge to be shared without compromising user privacy.
translated by 谷歌翻译
由于机器学习(ML)技术和应用正在迅速改变许多计算领域,以及与ML相关的安全问题也在出现。在系统安全领域中,已经进行了许多努力,以确保ML模型和数据机密性。ML计算通常不可避免地在不受信任的环境中执行,并因此需要复杂的多方安全要求。因此,研究人员利用可信任的执行环境(TEES)来构建机密ML计算系统。本文通过在不受信任的环境中分类攻击向量和缓解攻击载体和缓解来进行系统和全面的调查,分析多方ML安全要求,并讨论相关工程挑战。
translated by 谷歌翻译
联邦机器学习利用边缘计算来开发网络用户数据的模型,但联合学习的隐私仍然是一个重大挑战。已经提出了使用差异隐私的技术来解决这一点,但是带来了自己的挑战 - 许多人需要一个值得信赖的第三方,或者增加了太多的噪音来生产有用的模型。使用多方计算的\ EMPH {SERVE聚合}的最新进步消除了对第三方的需求,但是在计算上尤其在规模上昂贵。我们提出了一种新的联合学习协议,利用了一种基于与错误学习的技术的新颖差异私有的恶意安全聚合协议。我们的协议优于当前最先进的技术,并且经验结果表明它缩放到大量方面,具有任何差别私有联合学习方案的最佳精度。
translated by 谷歌翻译
机器学习中的隐私和安全挑战(ML)已成为ML普遍的开发以及最近对大型攻击表面的展示,已成为一个关键的话题。作为一种成熟的以系统为导向的方法,在学术界和行业中越来越多地使用机密计算来改善各种ML场景的隐私和安全性。在本文中,我们将基于机密计算辅助的ML安全性和隐私技术的发现系统化,以提供i)保密保证和ii)完整性保证。我们进一步确定了关键挑战,并提供有关ML用例现有可信赖的执行环境(TEE)系统中限制的专门分析。我们讨论了潜在的工作,包括基础隐私定义,分区的ML执行,针对ML的专用发球台设计,TEE Awawe Aware ML和ML Full Pipeline保证。这些潜在的解决方案可以帮助实现强大的TEE ML,以保证无需引入计算和系统成本。
translated by 谷歌翻译
分布式隐私的回归方案已在各个领域开发和扩展,在这些领域中,多方协作和私人运行优化算法,例如梯度下降,以学习一组最佳参数。但是,传统的基于梯度的方法无法解决包含具有L1正则化的客观功能的问题,例如LASSO回归。在本文中,我们介绍了一个名为FCD的新分布式方案联合坐标下降,旨在在多方场景下安全地解决此问题。具体而言,通过安全的聚合和添加的扰动,我们的方案确保:(1)没有向其他方泄漏本地信息,并且(2)全局模型参数不会暴露于云服务器。最终,各方可以消除附加的扰动,以得出具有高性能的全球模型。我们表明,FCD方案填补了多方安全坐标下降方法的空白,并且适用于一般线性回归,包括线性,脊和拉索回归。理论安全分析和实验结果表明,可以有效,有效地执行FCD,并以低MAE度量作为在现实世界UCI数据集的三种线性回归的任务下作为集中方法提供的低MAE度量。
translated by 谷歌翻译
边缘计算是一个将数据处理服务转移到生成数据的网络边缘的范式。尽管这样的架构提供了更快的处理和响应,但除其他好处外,它还提出了必须解决的关键安全问题和挑战。本文讨论了从硬件层到系统层的边缘网络体系结构出现的安全威胁和漏洞。我们进一步讨论了此类网络中的隐私和法规合规性挑战。最后,我们认为需要一种整体方法来分析边缘网络安全姿势,该姿势必须考虑每一层的知识。
translated by 谷歌翻译
Machine learning methods have revolutionized the discovery process of new molecules and materials. However, the intensive training process of neural networks for molecules with ever-increasing complexity has resulted in exponential growth in computation cost, leading to long simulation time and high energy consumption. Photonic chip technology offers an alternative platform for implementing neural networks with faster data processing and lower energy usage compared to digital computers. Photonics technology is naturally capable of implementing complex-valued neural networks at no additional hardware cost. Here, we demonstrate the capability of photonic neural networks for predicting the quantum mechanical properties of molecules. To the best of our knowledge, this work is the first to harness photonic technology for machine learning applications in computational chemistry and molecular sciences, such as drug discovery and materials design. We further show that multiple properties can be learned simultaneously in a photonic chip via a multi-task regression learning algorithm, which is also the first of its kind as well, as most previous works focus on implementing a network in the classification task.
translated by 谷歌翻译
随着机器学习(ml)的进步及其日益增长的意识,许多拥有数据但不是ML专业知识(数据所有者)的组织希望汇集他们的数据并与那些具有专业知识的人合作,但需要来自不同来源的数据,以便训练真正普遍的资料模型(模型所有者)。在这种协作ML中,数据所有者希望保护其培训数据的隐私,而模型所有者希望模型的机密性和可能包含知识产权的培训方法。但是,现有的私人ML解决方案,如联合学习和分裂学习,不能同时满足数据和模型所有者的隐私要求。本文介绍了城可扩展的协作ML系统,可根据英特尔SGX在不受信任的基础架构中保护两个数据所有者和模型所有者的隐私。 CITADEL在代表数据所有者和代表模型所有者运行的多个训练环路中执行分布式训练。 CITADEL通过零和屏蔽和分层聚合进一步在这些外地之间建立了强大的信息屏障,以防止在协同培训期间防止数据/模型泄漏。与现有的SGX保护培训系统相比,Citadel实现了合作ML的更好的可扩展性和更强大的隐私保障。具有各种ML模型的云部署显示,Citadel缩放到大量的环路,由SGX引起的小于1.73x放缓。
translated by 谷歌翻译
In recent years, mobile devices are equipped with increasingly advanced sensing and computing capabilities. Coupled with advancements in Deep Learning (DL), this opens up countless possibilities for meaningful applications, e.g., for medical purposes and in vehicular networks. Traditional cloudbased Machine Learning (ML) approaches require the data to be centralized in a cloud server or data center. However, this results in critical issues related to unacceptable latency and communication inefficiency. To this end, Mobile Edge Computing (MEC) has been proposed to bring intelligence closer to the edge, where data is produced. However, conventional enabling technologies for ML at mobile edge networks still require personal data to be shared with external parties, e.g., edge servers. Recently, in light of increasingly stringent data privacy legislations and growing privacy concerns, the concept of Federated Learning (FL) has been introduced. In FL, end devices use their local data to train an ML model required by the server. The end devices then send the model updates rather than raw data to the server for aggregation. FL can serve as an enabling technology in mobile edge networks since it enables the collaborative training of an ML model and also enables DL for mobile edge network optimization. However, in a large-scale and complex mobile edge network, heterogeneous devices with varying constraints are involved. This raises challenges of communication costs, resource allocation, and privacy and security in the implementation of FL at scale. In this survey, we begin with an introduction to the background and fundamentals of FL. Then, we highlight the aforementioned challenges of FL implementation and review existing solutions. Furthermore, we present the applications of FL for mobile edge network optimization. Finally, we discuss the important challenges and future research directions in FL.
translated by 谷歌翻译
Differentially private federated learning (DP-FL) has received increasing attention to mitigate the privacy risk in federated learning. Although different schemes for DP-FL have been proposed, there is still a utility gap. Employing central Differential Privacy in FL (CDP-FL) can provide a good balance between the privacy and model utility, but requires a trusted server. Using Local Differential Privacy for FL (LDP-FL) does not require a trusted server, but suffers from lousy privacy-utility trade-off. Recently proposed shuffle DP based FL has the potential to bridge the gap between CDP-FL and LDP-FL without a trusted server; however, there is still a utility gap when the number of model parameters is large. In this work, we propose OLIVE, a system that combines the merits from CDP-FL and LDP-FL by leveraging Trusted Execution Environment (TEE). Our main technical contributions are the analysis and countermeasures against the vulnerability of TEE in OLIVE. Firstly, we theoretically analyze the memory access pattern leakage of OLIVE and find that there is a risk for sparsified gradients, which is common in FL. Secondly, we design an inference attack to understand how the memory access pattern could be linked to the training data. Thirdly, we propose oblivious yet efficient algorithms to prevent the memory access pattern leakage in OLIVE. Our experiments on real-world data demonstrate that OLIVE is efficient even when training a model with hundreds of thousands of parameters and effective against side-channel attacks on TEE.
translated by 谷歌翻译
在联合学习(FL)中,一组参与者共享与将更新结合到全局模型中的聚合服务器在本地数据上计算的更新。但是,将准确性与隐私和安全性进行调和是FL的挑战。一方面,诚实参与者发送的良好更新可能会揭示其私人本地信息,而恶意参与者发送的中毒更新可能会损害模型的可用性和/或完整性。另一方面,通过更新失真赔偿准确性增强隐私,而通过更新聚合损坏安全性,因为它不允许服务器过滤掉单个中毒更新。为了解决准确性私人关系冲突,我们提出{\ em碎片的联合学习}(FFL),其中参与者在将其发送到服务器之前,随机交换并混合其更新的片段。为了获得隐私,我们设计了一个轻巧的协议,该协议允许参与者私下交换和混合其更新的加密片段,以便服务器既不能获得单个更新,也不能将其链接到其发起人。为了实现安全性,我们设计了针对FFL量身定制的基于声誉的防御,该防御根据他们交换的片段质量以及他们发送的混合更新来建立对参与者及其混合更新的信任。由于交换的片段的参数可以保持其原始坐标和攻击者可以中和,因此服务器可以从接收到的混合更新中正确重建全局模型而不会准确损失。四个真实数据集的实验表明,FFL可以防止半冬季服务器安装隐私攻击,可以有效地抵抗中毒攻击,并可以保持全局模型的准确性。
translated by 谷歌翻译
联邦学习一直是一个热门的研究主题,使不同组织的机器学习模型的协作培训在隐私限制下。随着研究人员试图支持更多具有不同隐私方法的机器学习模型,需要开发系统和基础设施,以便于开发各种联合学习算法。类似于Pytorch和Tensorflow等深度学习系统,可以增强深度学习的发展,联邦学习系统(FLSS)是等效的,并且面临各个方面的面临挑战,如有效性,效率和隐私。在本调查中,我们对联合学习系统进行了全面的审查。为实现流畅的流动和引导未来的研究,我们介绍了联合学习系统的定义并分析了系统组件。此外,我们根据六种不同方面提供联合学习系统的全面分类,包括数据分布,机器学习模型,隐私机制,通信架构,联合集市和联合的动机。分类可以帮助设计联合学习系统,如我们的案例研究所示。通过系统地总结现有联合学习系统,我们展示了设计因素,案例研究和未来的研究机会。
translated by 谷歌翻译
已经提出了安全的多方计算(MPC),以允许多个相互不信任的数据所有者在其合并数据上共同训练机器学习(ML)模型。但是,通过设计,MPC协议忠实地计算了训练功能,对抗性ML社区已证明该功能泄漏了私人信息,并且可以在中毒攻击中篡改。在这项工作中,我们认为在我们的框架中实现的模型合奏是一种称为Safenet的框架,是MPC的高度无限方法,可以避免许多对抗性ML攻击。 MPC培训中所有者之间数据的自然分区允许这种方法在训练时间高度可扩展,可证明可保护免受中毒攻击的保护,并证明可以防御许多隐私攻击。我们展示了Safenet对在端到端和转移学习方案训练的几个机器学习数据集和模型上中毒的效率,准确性和韧性。例如,Safenet可显着降低后门攻击的成功,同时获得$ 39 \ times $ $的培训,$ 36 \ times $ $ $少于达尔斯科夫(Dalskov)等人的四方MPC框架。我们的实验表明,即使在许多非IID设置中,结合也能保留这些好处。结合的简单性,廉价的设置和鲁棒性属性使其成为MPC私下培训ML模型的强大首选。
translated by 谷歌翻译
联合学习允许一组用户在私人训练数据集中培训深度神经网络。在协议期间,数据集永远不会留下各个用户的设备。这是通过要求每个用户向中央服务器发送“仅”模型更新来实现,从而汇总它们以更新深神经网络的参数。然而,已经表明,每个模型更新都具有关于用户数据集的敏感信息(例如,梯度反转攻击)。联合学习的最先进的实现通过利用安全聚合来保护这些模型更新:安全监控协议,用于安全地计算用户的模型更新的聚合。安全聚合是关键,以保护用户的隐私,因为它会阻碍服务器学习用户提供的个人模型更新的源,防止推断和数据归因攻击。在这项工作中,我们表明恶意服务器可以轻松地阐明安全聚合,就像后者未到位一样。我们设计了两种不同的攻击,能够在参与安全聚合的用户数量上,独立于参与安全聚合的用户数。这使得它们在大规模现实世界联邦学习应用中的具体威胁。攻击是通用的,不瞄准任何特定的安全聚合协议。即使安全聚合协议被其理想功能替换为提供完美的安全性的理想功能,它们也同样有效。我们的工作表明,安全聚合与联合学习相结合,当前实施只提供了“虚假的安全感”。
translated by 谷歌翻译
联合学习(FL)是一个系统,中央聚合器协调多个客户解决机器学习问题的努力。此设置允许分散培训数据以保护隐私。本文的目的是提供针对医疗保健的FL系统的概述。 FL在此根据其框架,架构和应用程序进行评估。这里显示的是,FL通过中央聚合器服务器通过共享的全球深度学习(DL)模型解决了前面的问题。本文研究了最新的发展,并提供了来自FL研究的快速增长的启发,列出了未解决的问题。在FL的背景下,描述了几种隐私方法,包括安全的多方计算,同态加密,差异隐私和随机梯度下降。此外,还提供了对各种FL类的综述,例如水平和垂直FL以及联合转移学习。 FL在无线通信,服务建议,智能医学诊断系统和医疗保健方面有应用,本文将在本文中进行讨论。我们还对现有的FL挑战进行了彻底的审查,例如隐私保护,沟通成本,系统异质性和不可靠的模型上传,然后是未来的研究指示。
translated by 谷歌翻译