The increasing concerns about data privacy and security drive an emerging field of studying privacy-preserving machine learning from isolated data sources, i.e., federated learning. A class of federated learning, \textit{vertical federated learning}, where different parties hold different features for common users, has a great potential of driving a great variety of business cooperation among enterprises in many fields. In machine learning, decision tree ensembles such as gradient boosting decision trees (GBDT) and random forest are widely applied powerful models with high interpretability and modeling efficiency. However, state-of-art vertical federated learning frameworks adapt anonymous features to avoid possible data breaches, makes the interpretability of the model compromised. To address this issue in the inference process, in this paper, we firstly make a problem analysis about the necessity of disclosure meanings of feature to Guest Party in vertical federated learning. Then we find the prediction result of a tree could be expressed as the intersection of results of sub-models of the tree held by all parties. With this key observation, we protect data privacy and allow the disclosure of feature meaning by concealing decision paths and adapt a communication-efficient secure computation method for inference outputs. The advantages of Fed-EINI will be demonstrated through both theoretical analysis and extensive numerical results. We improve the interpretability of the model by disclosing the meaning of features while ensuring efficiency and accuracy.
相關內容
決(jue)策(ce)(ce)(ce)(ce)樹(shu)(shu)(shu)(shu)(Decision Tree)是(shi)(shi)(shi)在已知各種情況發生(sheng)概率(lv)的基(ji)礎上,通過構成(cheng)決(jue)策(ce)(ce)(ce)(ce)樹(shu)(shu)(shu)(shu)來求取凈現(xian)值(zhi)(zhi)的期望值(zhi)(zhi)大于(yu)等于(yu)零的概率(lv),評價項目風險,判斷其可行性的決(jue)策(ce)(ce)(ce)(ce)分(fen)(fen)(fen)析方法,是(shi)(shi)(shi)直觀運用(yong)(yong)(yong)概率(lv)分(fen)(fen)(fen)析的一(yi)(yi)(yi)(yi)種圖解法。由于(yu)這種決(jue)策(ce)(ce)(ce)(ce)分(fen)(fen)(fen)支(zhi)畫成(cheng)圖形很像一(yi)(yi)(yi)(yi)棵(ke)樹(shu)(shu)(shu)(shu)的枝干,故(gu)稱決(jue)策(ce)(ce)(ce)(ce)樹(shu)(shu)(shu)(shu)。在機(ji)器學(xue)(xue)(xue)習(xi)(xi)中,決(jue)策(ce)(ce)(ce)(ce)樹(shu)(shu)(shu)(shu)是(shi)(shi)(shi)一(yi)(yi)(yi)(yi)個(ge)預(yu)測模型,他代表的是(shi)(shi)(shi)對(dui)(dui)(dui)象(xiang)屬性與對(dui)(dui)(dui)象(xiang)值(zhi)(zhi)之間的一(yi)(yi)(yi)(yi)種映射(she)關(guan)系。Entropy = 系統的凌亂(luan)程度(du),使(shi)用(yong)(yong)(yong)算(suan)法ID3, C4.5和(he)C5.0生(sheng)成(cheng)樹(shu)(shu)(shu)(shu)算(suan)法使(shi)用(yong)(yong)(yong)熵。這一(yi)(yi)(yi)(yi)度(du)量是(shi)(shi)(shi)基(ji)于(yu)信息學(xue)(xue)(xue)理(li)論中熵的概念。
決(jue)策(ce)(ce)(ce)(ce)樹(shu)(shu)(shu)(shu)是(shi)(shi)(shi)一(yi)(yi)(yi)(yi)種樹(shu)(shu)(shu)(shu)形結構,其中每個(ge)內部節(jie)點表示一(yi)(yi)(yi)(yi)個(ge)屬性上的測試,每個(ge)分(fen)(fen)(fen)支(zhi)代表一(yi)(yi)(yi)(yi)個(ge)測試輸(shu)出,每個(ge)葉節(jie)點代表一(yi)(yi)(yi)(yi)種類(lei)別(bie)(bie)。
分(fen)(fen)(fen)類(lei)樹(shu)(shu)(shu)(shu)(決(jue)策(ce)(ce)(ce)(ce)樹(shu)(shu)(shu)(shu))是(shi)(shi)(shi)一(yi)(yi)(yi)(yi)種十分(fen)(fen)(fen)常用(yong)(yong)(yong)的分(fen)(fen)(fen)類(lei)方法。他是(shi)(shi)(shi)一(yi)(yi)(yi)(yi)種監管學(xue)(xue)(xue)習(xi)(xi),所(suo)謂(wei)監管學(xue)(xue)(xue)習(xi)(xi)就(jiu)是(shi)(shi)(shi)給定一(yi)(yi)(yi)(yi)堆樣本(ben)(ben),每個(ge)樣本(ben)(ben)都有一(yi)(yi)(yi)(yi)組屬性和(he)一(yi)(yi)(yi)(yi)個(ge)類(lei)別(bie)(bie),這些類(lei)別(bie)(bie)是(shi)(shi)(shi)事先確定的,那么通過學(xue)(xue)(xue)習(xi)(xi)得(de)到(dao)一(yi)(yi)(yi)(yi)個(ge)分(fen)(fen)(fen)類(lei)器,這個(ge)分(fen)(fen)(fen)類(lei)器能夠對(dui)(dui)(dui)新出現(xian)的對(dui)(dui)(dui)象(xiang)給出正(zheng)確的分(fen)(fen)(fen)類(lei)。這樣的機(ji)器學(xue)(xue)(xue)習(xi)(xi)就(jiu)被稱之為(wei)監督學(xue)(xue)(xue)習(xi)(xi)。
As there is a growing interest in utilizing data across multiple resources to build better machine learning models, many vertically federated learning algorithms have been proposed to preserve the data privacy of the participating organizations. However, the efficiency of existing vertically federated learning algorithms remains to be a big problem, especially when applied to large-scale real-world datasets. In this paper, we present a fast, accurate, scalable and yet robust system for vertically federated random forest. With extensive optimization, we achieved $5\times$ and $83\times$ speed up over the SOTA SecureBoost model \cite{cheng2019secureboost} for training and serving tasks. Moreover, the proposed system can achieve similar accuracy but with favorable scalability and partition tolerance. Our code has been made public to facilitate the development of the community and the protection of user data privacy.
With the widespread use of AI systems and applications in our everyday lives, it is important to take fairness issues into consideration while designing and engineering these types of systems. Such systems can be used in many sensitive environments to make important and life-changing decisions; thus, it is crucial to ensure that the decisions do not reflect discriminatory behavior toward certain groups or populations. We have recently seen work in machine learning, natural language processing, and deep learning that addresses such challenges in different subdomains. With the commercialization of these systems, researchers are becoming aware of the biases that these applications can contain and have attempted to address them. In this survey we investigated different real-world applications that have shown biases in various ways, and we listed different sources of biases that can affect AI applications. We then created a taxonomy for fairness definitions that machine learning researchers have defined in order to avoid the existing bias in AI systems. In addition to that, we examined different domains and subdomains in AI showing what researchers have observed with regard to unfair outcomes in the state-of-the-art methods and how they have tried to address them. There are still many future directions and solutions that can be taken to mitigate the problem of bias in AI systems. We are hoping that this survey will motivate researchers to tackle these issues in the near future by observing existing work in their respective fields.
We present a two-step hybrid reinforcement learning (RL) policy that is designed to generate interpretable and robust hierarchical policies on the RL problem with graph-based input. Unlike prior deep reinforcement learning policies parameterized by an end-to-end black-box graph neural network, our approach disentangles the decision-making process into two steps. The first step is a simplified classification problem that maps the graph input to an action group where all actions share a similar semantic meaning. The second step implements a sophisticated rule-miner that conducts explicit one-hop reasoning over the graph and identifies decisive edges in the graph input without the necessity of heavy domain knowledge. This two-step hybrid policy presents human-friendly interpretations and achieves better performance in terms of generalization and robustness. Extensive experimental studies on four levels of complex text-based games have demonstrated the superiority of the proposed method compared to the state-of-the-art.
As data are increasingly being stored in different silos and societies becoming more aware of data privacy issues, the traditional centralized training of artificial intelligence (AI) models is facing efficiency and privacy challenges. Recently, federated learning (FL) has emerged as an alternative solution and continue to thrive in this new reality. Existing FL protocol design has been shown to be vulnerable to adversaries within or outside of the system, compromising data privacy and system robustness. Besides training powerful global models, it is of paramount importance to design FL systems that have privacy guarantees and are resistant to different types of adversaries. In this paper, we conduct the first comprehensive survey on this topic. Through a concise introduction to the concept of FL, and a unique taxonomy covering: 1) threat models; 2) poisoning attacks and defenses against robustness; 3) inference attacks and defenses against privacy, we provide an accessible review of this important topic. We highlight the intuitions, key techniques as well as fundamental assumptions adopted by various attacks and defenses. Finally, we discuss promising future research directions towards robust and privacy-preserving federated learning.
Train machine learning models on sensitive user data has raised increasing privacy concerns in many areas. Federated learning is a popular approach for privacy protection that collects the local gradient information instead of real data. One way to achieve a strict privacy guarantee is to apply local differential privacy into federated learning. However, previous works do not give a practical solution due to three issues. First, the noisy data is close to its original value with high probability, increasing the risk of information exposure. Second, a large variance is introduced to the estimated average, causing poor accuracy. Last, the privacy budget explodes due to the high dimensionality of weights in deep learning models. In this paper, we proposed a novel design of local differential privacy mechanism for federated learning to address the abovementioned issues. It is capable of making the data more distinct from its original value and introducing lower variance. Moreover, the proposed mechanism bypasses the curse of dimensionality by splitting and shuffling model updates. A series of empirical evaluations on three commonly used datasets, MNIST, Fashion-MNIST and CIFAR-10, demonstrate that our solution can not only achieve superior deep learning performance but also provide a strong privacy guarantee at the same time.
Causal inference is a critical research topic across many domains, such as statistics, computer science, education, public policy and economics, for decades. Nowadays, estimating causal effect from observational data has become an appealing research direction owing to the large amount of available data and low budget requirement, compared with randomized controlled trials. Embraced with the rapidly developed machine learning area, various causal effect estimation methods for observational data have sprung up. In this survey, we provide a comprehensive review of causal inference methods under the potential outcome framework, one of the well known causal inference framework. The methods are divided into two categories depending on whether they require all three assumptions of the potential outcome framework or not. For each category, both the traditional statistical methods and the recent machine learning enhanced methods are discussed and compared. The plausible applications of these methods are also presented, including the applications in advertising, recommendation, medicine and so on. Moreover, the commonly used benchmark datasets as well as the open-source codes are also summarized, which facilitate researchers and practitioners to explore, evaluate and apply the causal inference methods.
Federated learning has been showing as a promising approach in paving the last mile of artificial intelligence, due to its great potential of solving the data isolation problem in large scale machine learning. Particularly, with consideration of the heterogeneity in practical edge computing systems, asynchronous edge-cloud collaboration based federated learning can further improve the learning efficiency by significantly reducing the straggler effect. Despite no raw data sharing, the open architecture and extensive collaborations of asynchronous federated learning (AFL) still give some malicious participants great opportunities to infer other parties' training data, thus leading to serious concerns of privacy. To achieve a rigorous privacy guarantee with high utility, we investigate to secure asynchronous edge-cloud collaborative federated learning with differential privacy, focusing on the impacts of differential privacy on model convergence of AFL. Formally, we give the first analysis on the model convergence of AFL under DP and propose a multi-stage adjustable private algorithm (MAPA) to improve the trade-off between model utility and privacy by dynamically adjusting both the noise scale and the learning rate. Through extensive simulations and real-world experiments with an edge-could testbed, we demonstrate that MAPA significantly improves both the model accuracy and convergence speed with sufficient privacy guarantee.
In federated learning, multiple client devices jointly learn a machine learning model: each client device maintains a local model for its local training dataset, while a master device maintains a global model via aggregating the local models from the client devices. The machine learning community recently proposed several federated learning methods that were claimed to be robust against Byzantine failures (e.g., system failures, adversarial manipulations) of certain client devices. In this work, we perform the first systematic study on local model poisoning attacks to federated learning. We assume an attacker has compromised some client devices, and the attacker manipulates the local model parameters on the compromised client devices during the learning process such that the global model has a large testing error rate. We formulate our attacks as optimization problems and apply our attacks to four recent Byzantine-robust federated learning methods. Our empirical results on four real-world datasets show that our attacks can substantially increase the error rates of the models learnt by the federated learning methods that were claimed to be robust against Byzantine failures of some client devices. We generalize two defenses for data poisoning attacks to defend against our local model poisoning attacks. Our evaluation results show that one defense can effectively defend against our attacks in some cases, but the defenses are not effective enough in other cases, highlighting the need for new defenses against our local model poisoning attacks to federated learning.
In structure learning, the output is generally a structure that is used as supervision information to achieve good performance. Considering the interpretation of deep learning models has raised extended attention these years, it will be beneficial if we can learn an interpretable structure from deep learning models. In this paper, we focus on Recurrent Neural Networks (RNNs) whose inner mechanism is still not clearly understood. We find that Finite State Automaton (FSA) that processes sequential data has more interpretable inner mechanism and can be learned from RNNs as the interpretable structure. We propose two methods to learn FSA from RNN based on two different clustering methods. We first give the graphical illustration of FSA for human beings to follow, which shows the interpretability. From the FSA's point of view, we then analyze how the performance of RNNs are affected by the number of gates, as well as the semantic meaning behind the transition of numerical hidden states. Our results suggest that RNNs with simple gated structure such as Minimal Gated Unit (MGU) is more desirable and the transitions in FSA leading to specific classification result are associated with corresponding words which are understandable by human beings.
Active learning has long been a topic of study in machine learning. However, as increasingly complex and opaque models have become standard practice, the process of active learning, too, has become more opaque. There has been little investigation into interpreting what specific trends and patterns an active learning strategy may be exploring. This work expands on the Local Interpretable Model-agnostic Explanations framework (LIME) to provide explanations for active learning recommendations. We demonstrate how LIME can be used to generate locally faithful explanations for an active learning strategy, and how these explanations can be used to understand how different models and datasets explore a problem space over time. In order to quantify the per-subgroup differences in how an active learning strategy queries spatial regions, we introduce a notion of uncertainty bias (based on disparate impact) to measure the discrepancy in the confidence for a model's predictions between one subgroup and another. Using the uncertainty bias measure, we show that our query explanations accurately reflect the subgroup focus of the active learning queries, allowing for an interpretable explanation of what is being learned as points with similar sources of uncertainty have their uncertainty bias resolved. We demonstrate that this technique can be applied to track uncertainty bias over user-defined clusters or automatically generated clusters based on the source of uncertainty.
小貼士
登錄享
注冊地址: 北京市海淀區羊坊店路18號2幢3層301-191