Federated machine learning (FML) for training of deep neural network models is a useful technique where insufficient sample data is available at a local level. In applications where data privacy must be preserved, such as in health care, financial services, and defense contexts, it is important that there is no exchange of data between constituents of the distributed network. It may also be desirable to protect the integrity and secrecy of the algorithms and trained models deployed within the network. Demonstrating the privacy-enhancing technology of Confidential Computing, we present a novel solution for FML implementation that supports extensible graph-based network topology configuration under federated, distributed, or centralized training regimes. The presented solution provides for policy-based control of model training and automated monitoring of model convergence and network performance. Owners of private datasets can retain independent control of their data through local encryption, while global data anonymization policies can be applied over the sample data. Full auditability of the model training process is provided to distributed data owners and the model owner using hardware-based cryptographic secrets that underpin zero-trust implementation of the training network. Operation of the proposed secure FML solution is discussed in the context of model training over distributed radiological image data for weakly-supervised learning and classification of common thorax diseases. Cross-domain adaptation of the proposed solution and integrated model integrity protection against adversarial attacks reflects a breakthrough technology for data science teams working with distributed datasets.
Federated machine learning (FML) has proved a useful technique for training of artificial intelligence and machine learning (AI/ML) models, using data that is distributed among different constituents of a network which may be geographically dispersed. Typically, the data privacy of individual constituents should be preserved, and it may also be desirable to protect the integrity and secrecy of the algorithms and trained models deployed within the network. Demonstrating the privacy-enhancing technology of Confidential Computing, we present the results obtained using a novel solution for FML implementation that supports model training within a distributed network of data providers. Based upon recent research on the use of FML for distributed spectrum sensing in communication networks, we demonstrate the application of the proposed solution for distributed model training within a simulated sensor network of arbitrary topology. The presented solution provides for graph-based network configuration and model convergence within decentralized network applications. Cross-domain adaptation of the proposed solution and characteristics of confidential computing that support a zero-trust architecture are discussed, along with the integrated model integrity protection provided by attestation of trusted execution environments (TEEs). We conclude by looking ahead to the application of our solution to model training within distributed communications networks and sensor arrays, characterized by devices with limited electrical and computational power. We consider the use of physical unclonable functions (PUFs) to encrypt raw data before processing within a layered hierarchy secured with Confidential Computing technology.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
INSTITUTIONAL Select your institution to access the SPIE Digital Library.
PERSONAL Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.