Controlling Federated Learning for Covertness
Adit Jain, Vikram Krishnamurthy
TL;DR
This paper introduces a control framework for federated learning that balances learning efficiency and privacy by modeling the process as a Markov decision process, and proposes an optimal policy for covert optimization to hinder eavesdroppers.
Contribution
It models covert federated learning as a Markov decision process and develops a policy gradient method for optimal query control without transition knowledge.
Findings
Optimal policies have a monotone threshold structure.
The proposed method reduces eavesdropper accuracy from 83% to 52%.
Demonstrated on hate speech classification in federated settings.
Abstract
A learner aims to minimize a function by repeatedly querying a distributed oracle that provides noisy gradient evaluations. At the same time, the learner seeks to hide from a malicious eavesdropper that observes the learner's queries. This paper considers the problem of \textit{covert} or \textit{learner-private} optimization, where the learner has to dynamically choose between learning and obfuscation by exploiting the stochasticity. The problem of controlling the stochastic gradient algorithm for covert optimization is modeled as a Markov decision process, and we show that the dynamic programming operator has a supermodular structure implying that the optimal policy has a monotone threshold structure. A computationally efficient policy gradient algorithm is proposed to search for the optimal querying policy without knowledge of the transition probabilities. As a…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Domain Adaptation and Few-Shot Learning · Privacy-Preserving Technologies in Data