14 research outputs found
Horizontal Federated Learning and Secure Distributed Training for Recommendation System with Intel SGX
With the advent of big data era and the development of artificial
intelligence and other technologies, data security and privacy protection have
become more important. Recommendation systems have many applications in our
society, but the model construction of recommendation systems is often
inseparable from users' data. Especially for deep learning-based recommendation
systems, due to the complexity of the model and the characteristics of deep
learning itself, its training process not only requires long training time and
abundant computational resources but also needs to use a large amount of user
data, which poses a considerable challenge in terms of data security and
privacy protection. How to train a distributed recommendation system while
ensuring data security has become an urgent problem to be solved. In this
paper, we implement two schemes, Horizontal Federated Learning and Secure
Distributed Training, based on Intel SGX(Software Guard Extensions), an
implementation of a trusted execution environment, and TensorFlow framework, to
achieve secure, distributed recommendation system-based learning schemes in
different scenarios. We experiment on the classical Deep Learning
Recommendation Model (DLRM), which is a neural network-based machine learning
model designed for personalization and recommendation, and the results show
that our implementation introduces approximately no loss in model performance.
The training speed is within acceptable limits.Comment: 5 pages, 8 figure
DeepSweep: An Evaluation Framework for Mitigating DNN Backdoor Attacks using Data Augmentation
Public resources and services (e.g., datasets, training platforms,
pre-trained models) have been widely adopted to ease the development of Deep
Learning-based applications. However, if the third-party providers are
untrusted, they can inject poisoned samples into the datasets or embed
backdoors in those models. Such an integrity breach can cause severe
consequences, especially in safety- and security-critical applications. Various
backdoor attack techniques have been proposed for higher effectiveness and
stealthiness. Unfortunately, existing defense solutions are not practical to
thwart those attacks in a comprehensive way.
In this paper, we investigate the effectiveness of data augmentation
techniques in mitigating backdoor attacks and enhancing DL models' robustness.
An evaluation framework is introduced to achieve this goal. Specifically, we
consider a unified defense solution, which (1) adopts a data augmentation
policy to fine-tune the infected model and eliminate the effects of the
embedded backdoor; (2) uses another augmentation policy to preprocess input
samples and invalidate the triggers during inference. We propose a systematic
approach to discover the optimal policies for defending against different
backdoor attacks by comprehensively evaluating 71 state-of-the-art data
augmentation functions. Extensive experiments show that our identified policy
can effectively mitigate eight different kinds of backdoor attacks and
outperform five existing defense methods. We envision this framework can be a
good benchmark tool to advance future DNN backdoor studies