ProFL: Private and Robust Federated Learning given Non-iid Data

Recent data privacy and security regulations pose significant challenges in collecting and using personally sensitive data for machine learning (ML) applications. Federated learning (FL) is a promising way to address these challenges, enabling clients to jointly train ML models by sharing and aggregating gradients computed from clients’ local data through a coordinating server for model updates. Models jointly trained with existing FL algorithms have been shown to suffer from privacy and integrity vulnerabilities. Recent attacks have demonstrated that private information about clients’ training samples can be inferred by observing the shared gradients. A small set of compromised clients can poison the jointly trained ML models, causing significant model integrity degradation. The diversity of non-independent and identically distributed (non-iid) data across clients further exacerbates these vulnerabilities in real-world applications. Existing FL algorithms have not been designed to be simultaneously robust to such privacy and integrity risks given non-iid data. This project aims to develop ProFL, the first Private and Robust FL framework for jointly training ML models, providing simultaneous robustness guarantees against privacy and model integrity attacks without undue sacrifice in model utility. ProFL will be evaluated for deployable solutions in industrial applications through our partnership with Adobe Systems Inc. and Microsoft Research.

Hamad Bin Khalifa University (HBKU)