Helen: Maliciously Secure Coopetitive Learning for Linear Models

2022 IEEE Symposium on Security and Privacy (SP), Год журнала: 2019, Номер unknown, С. 724 - 738

Опубликована: Май 1, 2019

Many organizations wish to collaboratively train machine learning models on their combined datasets for a common benefit (e.g., better medical research, or fraud detection). However, they often cannot share plaintext due privacy concerns and/or business competition. In this paper, we design and build Helen, system that allows multiple parties linear model without revealing data, setting call coopetitive learning. Compared prior secure training systems, Helen protects against much stronger adversary who is malicious can compromise m−1 out of m parties. Our evaluation shows achieve up five orders magnitude performance improvement when compared using an existing state-of-the-art multi-party computation framework.

Язык: Английский

---

Backdoor Attacks and Countermeasures on Deep Learning: A Comprehensive Review

arXiv (Cornell University), Год журнала: 2020, Номер unknown

Опубликована: Янв. 1, 2020

This work provides the community with a timely comprehensive review of backdoor attacks and countermeasures on deep learning. According to attacker's capability affected stage machine learning pipeline, attack surfaces are recognized be wide then formalized into six categorizations: code poisoning, outsourcing, pretrained, data collection, collaborative post-deployment. Accordingly, under each categorization combed. The categorized four general classes: blind removal, offline inspection, online post removal. we countermeasures, compare analyze their advantages disadvantages. We have also reviewed flip side attacks, which explored for i) protecting intellectual property models, ii) acting as honeypot catch adversarial example iii) verifying deletion requested by contributor.Overall, research defense is far behind attack, there no single that can prevent all types attacks. In some cases, an attacker intelligently bypass existing defenses adaptive attack. Drawing insights from systematic review, present key areas future backdoor, such empirical security evaluations physical trigger in particular, more efficient practical solicited.

Язык: Английский

---

POSEIDON: Privacy-Preserving Federated Neural Network Learning

Опубликована: Янв. 1, 2021

Furthermore, the trusted party becomes a single point of failure, thus both data and model privacy could be compromised by breaches, hacking, leaks, etc.Hence, solutions originating from cryptographic community replace emulate with group computing servers.In particular, to enable privacy-preserving training NNs, several studies employ multiparty computation (MPC) techniques operate on two [83], [28], three [82], [110],[111], or four [26], [27] server models.Such approaches, however, limit number parties among which trust is split, often assume an honest majority servers, require communicate (i.e., secret share) their outside premises.This might not acceptable due confidentiality requirements strict protection regulations.Furthermore, servers do own benefit training; hence, only incentive reputation harm if they are caught, increases possibility malicious behavior.A recently proposed alternative for NNs -without outsourcing -is federated learning.Instead bringing model, brought (via coordinating server) clients, who perform updates local data.The updated models averaged obtain global NN [75], [63].Although learning retains sensitive input locally eliminates need outsourcing, that also sensitive, e.g., proprietary reasons, available server, placing latter in position power respect remaining parties.Recent research demonstrates sharing intermediate lead various attacks, such as extracting parties' inputs [53], [113], [120] membership inference [78], [86].Consequently, works differential exchanges values free adversarial inferences settings [67], [101], [76].Although differentially private partially attacks learning, decrease utility resulting ML model.Furthermore, robust accurate requires high budgets, such, level achieved practice remains unclear [55].Therefore, distributed deep approach strong during training, well final weights.Recent approaches [119], [42], have limited functionalities, i.e., regularized generalized linear models, but traditional encryption schemes make them vulnerable post-quantum attacks.This should cautiously considered, recent advances quantum [47], [87], [105], [116], increase deploying quantum-resilient eliminate Abstract-In this paper, we address problem privacypreserving evaluation neural networks N-party, setting.We propose novel system, POSEIDON, first its kind regime network training.It employs lattice-based cryptography preserve data, under passive-adversary collusions between up N -1 parties.To efficiently execute secure backpropagation algorithm networks, provide generic packing enables Single Instruction, Multiple Data (SIMD) operations encrypted data.We introduce arbitrary transformations within bootstrapping operation, optimizing costly computations over parties, define constrained optimization choosing parameters.Our experimental results show POSEIDON achieves accuracy similar centralized decentralized non-private communication overhead scales linearly parties.POSEIDON trains 3-layer MNIST dataset 784 features 60K samples 10 less than 2 hours.

Язык: Английский

---

A Survey on Deep Learning Empowered IoT Applications

IEEE Access, Год журнала: 2019, Номер 7, С. 181721 - 181732

Опубликована: Янв. 1, 2019

The Internet of Things (IoT) is widely regarded as a key component the future and thereby has drawn significant interests in recent years. IoT consists billions intelligent communicating "things", which further extend borders world with physical virtual entities. Such ubiquitous smart things produce massive data every day, posing urgent demands on quick analysis various mobile devices. Fortunately, breakthroughs deep learning have enabled us to address problem an elegant way. Deep models can be exported process sensor learn underlying features quickly efficiently for applications In this article, we survey literature leveraging applications. We aim give insights how tools applied from diverse perspectives empower four representative domains, including healthcare, home, transportation, industry. A main thrust seamlessly merge two disciplines IoT, resulting wide-range new designs applications, such health monitoring, disease analysis, indoor localization, control, home robotics, traffic prediction, autonomous driving, manufacture inspection. also discuss set issues, challenges, research directions that leverage may motivate inspire developments promising field.

Язык: Английский

---

CPS data streams analytics based on machine learning for Cloud and Fog Computing: A survey

Future Generation Computer Systems, Год журнала: 2018, Номер 90, С. 435 - 450

Опубликована: Июль 5, 2018

Язык: Английский

---

Toward Edge-Assisted Internet of Things: From Security and Efficiency Perspectives

IEEE Network, Год журнала: 2019, Номер 33(2), С. 50 - 57

Опубликована: Март 1, 2019

As we are moving toward the Internet of Things (IoT) era, number connected physical devices is increasing at a rapid pace. Mobile edge computing emerging to handle sheer volume produced data and reach latency demand computation-intensive IoT applications. Although advance mobile on service has been well studied, security efficiency usage in have not clearly identified. In this article, examine architecture explore potential utilizing enhance analysis for applications while achieving computational efficiency. Specifically, first introduce overall several promising edge-assisted We then study security, privacy, challenges processing computing, discuss opportunities improve with assistance including secure aggregation, deduplication, offloading. Finally, interesting directions edge-empowered presented future research.

Язык: Английский

---

STRIP: A Defence Against Trojan Attacks on Deep Neural Networks

arXiv (Cornell University), Год журнала: 2019, Номер unknown

Опубликована: Янв. 1, 2019

A recent trojan attack on deep neural network (DNN) models is one insidious variant of data poisoning attacks. Trojan attacks exploit an effective backdoor created in a DNN model by leveraging the difficulty interpretability learned to misclassify any inputs signed with attacker's chosen trigger. Since trigger secret guarded and exploited attacker, detecting such challenge, especially at run-time when are active operation. This work builds STRong Intentional Perturbation (STRIP) based detection system focuses vision system. We intentionally perturb incoming input, for instance superimposing various image patterns, observe randomness predicted classes perturbed from given deployed model---malicious or benign. low entropy violates input-dependence property benign implies presence malicious input---a characteristic trojaned input. The high efficacy our method validated through case studies three popular contrasting datasets: MNIST, CIFAR10 GTSRB. achieve overall false acceptance rate (FAR) less than 1%, preset rejection (FRR) different types triggers. Using GTSRB, we have empirically achieved result 0% both FRR FAR. also evaluated STRIP robustness against number variants adaptive

Язык: Английский

---

FinBrain: when finance meets AI 2.0

Frontiers of Information Technology & Electronic Engineering, Год журнала: 2019, Номер 20(7), С. 914 - 924

Опубликована: Июль 1, 2019

Язык: Английский

---

Artificial Intelligence Governance For Businesses

Information Systems Management, Год журнала: 2022, Номер 40(3), С. 229 - 249

Опубликована: Июнь 20, 2022

While artificial intelligence (AI) governance is thoroughly discussed on a philosophical, societal, and regulatory level, few works target companies. We address this gap by deriving conceptual framework from literature. decompose AI into of data, machine learning models, systems along the dimensions who, what, how "is governed." This decomposition enables evolution existing structures. Novel, business-specific aspects include measuring data value novel roles.

Язык: Английский

---

VerSA: Verifiable Secure Aggregation for Cross-Device Federated Learning

IEEE Transactions on Dependable and Secure Computing, Год журнала: 2021, Номер 20(1), С. 36 - 52

Опубликована: Ноя. 9, 2021

In privacy-preserving cross-device federated learning, users train a global model on their local data and submit encrypted models, while an untrusted central server aggregates the models to obtain updated model. Prior work has demonstrated how verify correctness of aggregation in such setting. However, verification relies strong assumptions, as trusted setup among all under unreliable network conditions, or it suffers from expensive cryptographic operations, bilinear pairing. this paper, we scrutinize mechanism prior propose recovery attack, demonstrating that most can be leaked within reasonable time (e.g., $98\%$ are recovered 21 h). Then, VerSA , verifiable secure protocol for learning. does not require any between minimizing cost by enabling both utilize only lightweight pseudorandom generator prove aggregation. We experimentally confirm efficiency diverse datasets, is orders magnitude faster than work.

Язык: Английский

---