8 research outputs found
Stochastic-Sign SGD for Federated Learning with Theoretical Guarantees
Federated learning (FL) has emerged as a prominent distributed learning
paradigm. FL entails some pressing needs for developing novel parameter
estimation approaches with theoretical guarantees of convergence, which are
also communication efficient, differentially private and Byzantine resilient in
the heterogeneous data distribution settings. Quantization-based SGD solvers
have been widely adopted in FL and the recently proposed SIGNSGD with majority
vote shows a promising direction. However, no existing methods enjoy all the
aforementioned properties. In this paper, we propose an intuitively-simple yet
theoretically-sound method based on SIGNSGD to bridge the gap. We present
Stochastic-Sign SGD which utilizes novel stochastic-sign based gradient
compressors enabling the aforementioned properties in a unified framework. We
also present an error-feedback variant of the proposed Stochastic-Sign SGD
which further improves the learning performance in FL. We test the proposed
method with extensive experiments using deep neural networks on the MNIST
dataset and the CIFAR-10 dataset. The experimental results corroborate the
effectiveness of the proposed method
Byzantine-Resilient Federated Learning with Heterogeneous Data Distribution
For mitigating Byzantine behaviors in federated learning (FL), most
state-of-the-art approaches, such as Bulyan, tend to leverage the similarity of
updates from the benign clients. However, in many practical FL scenarios, data
is non-IID across clients, thus the updates received from even the benign
clients are quite dissimilar. Hence, using similarity based methods result in
wasted opportunities to train a model from interesting non-IID data, and also
slower model convergence. We propose DiverseFL to overcome this challenge in
heterogeneous data distribution settings. Rather than comparing each client's
update with other client updates to detect Byzantine clients, DiverseFL
compares each client's update with a guiding update of that client. Any client
whose update diverges from its associated guiding update is then tagged as a
Byzantine node. The FL server in DiverseFL computes the guiding update in every
round for each client over a small sample of the client's local data that is
received only once before start of the training. However, sharing even a small
sample of client's data with the FL server can compromise client's data privacy
needs. To tackle this challenge, DiverseFL creates a Trusted Execution
Environment (TEE)-based enclave to receive each client's sample and to compute
its guiding updates. TEE provides a hardware assisted verification and
attestation to each client that its data is not leaked outside of TEE. Through
experiments involving neural networks, benchmark datasets and popular Byzantine
attacks, we demonstrate that DiverseFL not only performs Byzantine mitigation
quite effectively, it also almost matches the performance of OracleSGD, where
the server only aggregates the updates from the benign clients
Privacy-Preserving and Bandwidth-Efficient Federated Learning: An Application to In-Hospital Mortality Prediction
International audienceMachine Learning, and in particular Federated Machine Learning, opens new perspectives in terms of medical research and patient care. Although Federated Machine Learning improves over centralized Machine Learning in terms of privacy, it does not provide provable privacy guarantees. Furthermore, Federated Machine Learning is quite expensive in term of bandwidth consumption as it requires participant nodes to regularly exchange large updates. This paper proposes a bandwidth-efficient privacy-preserving Federated Learning that provides theoretical privacy guarantees based on Differential Privacy. We experimentally evaluate our proposal for in-hospital mortality prediction using a real dataset, containing Electronic Health Records of about one million patients. Our results suggest that strong and provable patient-level privacy can be enforced at the expense of only a moderate loss of prediction accuracy
ScionFL: Efficient and Robust Secure Quantized Aggregation
Secure aggregation is commonly used in federated learning (FL) to alleviate privacy concerns related to the central aggregator seeing all parameter updates in the clear. Unfortunately, most existing secure aggregation schemes ignore two critical orthogonal research directions that aim to (i) significantly reduce client-server communication and~(ii) mitigate the impact of malicious clients. However, both of these additional properties are essential to facilitate cross-device FL with thousands or even millions of (mobile) participants.
In this paper, we unite both research directions by introducing ScionFL, the first secure aggregation framework for FL that operates efficiently on quantized inputs and simultaneously provides robustness against malicious clients. Our framework leverages (novel) multi-party computation (MPC) techniques and supports multiple linear (1-bit) quantization schemes, including ones that utilize the randomized Hadamard transform and Kashin\u27s representation.
Our theoretical results are supported by extensive evaluations. We show that with no overhead for clients and moderate overhead on the server side compared to transferring and processing quantized updates in plaintext, we obtain comparable accuracy for standard FL benchmarks. Additionally, we demonstrate the robustness of our framework against state-of-the-art poisoning attacks