AirMixML: Over-the-Air Data Mixup for Inherently Privacy-Preserving Edge Machine Learning

TL;DR

AirMixML leverages wireless channel noise and superposition to enable privacy-preserving edge machine learning, using over-the-air mixup data augmentation and a novel power control scheme to balance accuracy and privacy.

Contribution

This work introduces AirMixML, a novel framework that uses over-the-air superposition and noise for privacy-preserving ML at the network edge, with a new power control method ensuring differential privacy.

Findings

Achieves comparable accuracy to raw data training using mixup augmentation.

Provides a closed-form relationship between power control parameters and privacy guarantees.

Demonstrates improved privacy and energy efficiency through simulations.

Abstract

Wireless channels can be inherently privacy-preserving by distorting the received signals due to channel noise, and superpositioning multiple signals over-the-air. By harnessing these natural distortions and superpositions by wireless channels, we propose a novel privacy-preserving machine learning (ML) framework at the network edge, coined over-the-air mixup ML (AirMixML). In AirMixML, multiple workers transmit analog-modulated signals of their private data samples to an edge server who trains an ML model using the received noisy-and superpositioned samples. AirMixML coincides with model training using mixup data augmentation achieving comparable accuracy to that with raw data samples. From a privacy perspective, AirMixML is a differentially private (DP) mechanism limiting the disclosure of each worker's private sample information at the server, while the worker's transmit power determines the privacy disclosure level. To this end, we develop a fractional channel-inversion power control (PC) method, {\alpha}-Dirichlet mixup PC (DirMix({\alpha})-PC), wherein for a given global power scaling factor after channel inversion, each worker's local power contribution to the superpositioned signal is controlled by the Dirichlet dispersion ratio {\alpha}. Mathematically, we derive a closed-form expression clarifying the relationship between the local and global PC factors to guarantee a target DP level. By simulations, we provide DirMix({\alpha})-PC design guidelines to improve accuracy, privacy, and energy-efficiency. Finally, AirMixML with DirMix({\alpha})-PC is shown to achieve reasonable accuracy compared to a privacy-violating baseline with neither superposition nor PC.