Decentralized Privacy-Preserving Federal Learning of Computer Vision Models on Edge Devices

TL;DR

This paper investigates privacy-preserving techniques in federated learning for computer vision on edge devices, analyzing methods like encryption, gradient manipulation, and system modifications to enhance data privacy without significantly sacrificing model accuracy.

Contribution

It provides a comprehensive analysis of privacy-enhancing methods in federated learning, including practical implementation on edge hardware and evaluation of their impact on model performance.

Findings

Gradient compression and noising can reduce privacy risks but may affect accuracy.

Data reconstruction is difficult with segmentation networks.

Proof of concept demonstrated on NVIDIA Jetson TX2 edge device.

Abstract

Collaborative training of a machine learning model comes with a risk of sharing sensitive or private data. Federated learning offers a way of collectively training a single global model without the need to share client data, by sharing only the updated parameters from each client's local model. A central server is then used to aggregate parameters from all clients and redistribute the aggregated model back to the clients. Recent findings have shown that even in this scenario, private data can be reconstructed only using information about model parameters. Current efforts to mitigate this are mainly focused on reducing privacy risks on the server side, assuming that other clients will not act maliciously. In this work, we analyzed various methods for improving the privacy of client data concerning both the server and other clients for neural networks. Some of these methods include homomorphic encryption, gradient compression, gradient noising, and discussion on possible usage of modified federated learning systems such as split learning, swarm learning or fully encrypted models. We have analyzed the negative effects of gradient compression and gradient noising on the accuracy of convolutional neural networks used for classification. We have shown the difficulty of data reconstruction in the case of segmentation networks. We have also implemented a proof of concept on the NVIDIA Jetson TX2 module used in edge devices and simulated a federated learning process.