2019-杨强无损FL框架多方设置+隐私安全+仅一方有标签+纵向FL+无损-SecureBoost A Lossless Fed
需积分: 0 122 浏览量
2022-08-04
14:17:34
上传
评论 2
收藏 392KB PDF 举报
arXiv:1901.08755v1 [cs.LG] 25 Jan 2019
SecureBoost: A Lossless Federated Learning Framework
Kewei Cheng
1
, Tao Fan
2
, Yilun Ji n
3
, Yang Liu
2
, Tianjian Chen
2
, Qiang Yang
4
1. University of Californ ia , Los Angeles, Los Angeles, USA
2. Webank, Shenzhen, China
3. Peking University, Beijing, China
4. Hong Kong Unversity of Science and Technology, Hong Kong
tobyche n@webank.com, qyang@cse.ust.hk
Abstract
The protection of user privacy is an important concern in ma-
chine learning, as evidenced by the r oll ing out of the General
Data Protection Regulation (GDPR) i n the European Union
(EU) in May 2018. The GDPR is designed to give users more
control over their personal data, which motivates us to ex-
plore machine learning frameworks with data sharing with-
out violating user privacy. To meet this goal, in this paper, we
propose a novel lossless privacy-preserving tree-boosting sys-
tem known as SecureBoost in the setting of federated learn-
ing. This federated-learning system allows a learning process
to be jointly conducted over multiple parties with partially
common user samples but different feature sets, which corre-
sponds to a vertically partitioned virtual data set. An advan-
tage of SecureBoost is that it provides the same level of accu-
racy as the non privacy-preserving approach while at the same
time, reveal no information of each private data provider.
We theoretically prove that the SecureBoost framework is as
accurate as other non-federated gradient tr ee-boosting algo-
rithms that bring the data into one place. In addition, along
with a proof of security, we discuss what would be required
to make the protocols completely secure.
Introduction
The modern society is increasingly concerned with the
unlawful use and exploitation of our personal data. At
the individual level, improper use of personal data may
cause potential risk to user privacy. At the enterprise level,
data leakage may imp inge have grave consequences on
commercia l inte rests. Actions are being taken by different
societies. For example, the European Union has recently
enacted a low known as Ge neral Data Protection Reg-
ulation (GDPR). The GDPR is designe d to g ive users
more control over their personal data (Regulation 2016;
Albrecht 2016; Mayer-Schonberger and Padova 2015;
Goodman and Flaxm a n 2016). Many enterprises that
rely heavily on machine learning are beginning to make
sweeping changes as a consequence.
Despite difficulty in meeting the goal of user privacy pro-
tection, the need for different organizations to collaborate
while building machine-learning models still stay strong. In
reality, many data owners do not have a sufficient amount of
data to build high-quality models. For example, retail c om-
panies have user transactions data, which correspon d to dif-
ferent data dimensions or fea tures a s credit-rating compa-
nies do. Likewise, mobile phone users h ave their usage data,
but each device only have a small amount of user-activity
data. To have a usable model for user preference prediction,
it would be necessary to integrate the data collected by the
clients.
Thus, it is a challenge to b oth allow different data own-
ers to collaborate toge ther in order to build high-quality
machine learning models while a t the same time, pro-
tect user data privacy and confidentiality. In the past,
several attempts h ave been made to address the u ser-
privacy problem while excha nging data (Hardy et al. 2017;
Mohassel and Zhang 2017). For example, Apple proposed
to use differential privacy (Dwork, Roth, a nd others 2014;
Dwork 2008) to address the privacy preservation issue. The
basic idea of differential privacy (DP) is to add properly cal-
ibrated noise to data to disambiguate the identity of any in-
dividuals when the data is being exchanged and analyzed
by a third party. However, as we discuss in the pape r, DP
only prevent user-data leakage to a certain degree and can-
not co mpletely rule out the identity of an individual. In ad-
dition, data exchan ge under the DP still requires that th e
data changes hands between o rganizations, which may not
be allowed by strict laws like GDPR. Furthermore, the DP
method is lossy in machine learning in that models built after
noise is injected can reduce much perfor mance in prediction
accuracy.
More recently, Google introduces a federated learning
framework (Koneˇcn`y et al. 20 16) on its Android cloud. The
basic idea is to allow individual clients to encrypt their
models which are then uploaded and aggregated at a cen-
tral cloud site. The ma chine-learning process at that site
can make use o f these enc rypted models while not leaking
the clients’ information. This f ramework applies to a data-
partition framework where each partition corresponds to a
subset of data samples collected from one or more users.
In this paper, we consider a general setting of multiple
parties collabo ratively build their machine-learning models
while protecting user p rivacy and data co nfidentiality. Our
setting is as shown in Figur e 2. We conside r a collectio n of
parties each holding a part of its own data. We can visualize
the data lo cated at different parties as a subsection o f a big
data table that is obtained by taking the un ion of all da ta at
different parties. Then the data at each party has the follow-
ing property:
剩余11页未读,继续阅读
资源评论
