Privacy-Preserving Distributed Multi-Task Learning against Inference Attack in Cloud Computing

Xindi Ma; Jianfeng Ma; Saru Kumari; Fushan Wei; Mohammad Shojafar; Mamoun Alazab

doi:10.1145/3426969

Privacy-Preserving Distributed Multi-Task Learning against Inference Attack in Cloud Computing

Xindi Ma, Jianfeng Ma, Saru Kumari, Fushan Wei, Mohammad Shojafar, Mamoun Alazab

Research output: Contribution to journal › Article › peer-review

7 Citations (Scopus)

Abstract

Because of the powerful computing and storage capability in cloud computing, machine learning as a service (MLaaS) has recently been valued by the organizations for machine learning training over some related representative datasets. When these datasets are collected from different organizations and have different distributions, multi-task learning (MTL) is usually used to improve the generalization performance by scheduling the related training tasks into the virtual machines in MLaaS and transferring the related knowledge between those tasks. However, because of concerns about privacy breaches (e.g., property inference attack and model inverse attack), organizations cannot directly outsource their training data to MLaaS or share their extracted knowledge in plaintext, especially the organizations in sensitive domains. In this article, we propose a novel privacy-preserving mechanism for distributed MTL, namely NOInfer, to allow several task nodes to train the model locally and transfer their shared knowledge privately. Specifically, we construct a single-server architecture to achieve the private MTL, which protects task nodes' local data even if out of nodes colluded. Then, a new protocol for the Alternating Direction Method of Multipliers (ADMM) is designed to perform the privacy-preserving model training, which resists the inference attack through the intermediate results and ensures that the training efficiency is independent of the number of training samples. When releasing the trained model, we also design a differentially private model releasing mechanism to resist the membership inference attack. Furthermore, we analyze the privacy preservation and efficiency of NOInfer in theory. Finally, we evaluate our NOInfer over two testing datasets and evaluation results demonstrate that NOInfer efficiently and effectively achieves the distributed MTL.

Original language	English
Article number	45
Pages (from-to)	1-24
Number of pages	24
Journal	ACM Transactions on Internet Technology
Volume	22
Issue number	2
DOIs	https://doi.org/10.1145/3426969
Publication status	Published - May 2022

Bibliographical note

Funding Information:
This work was supported by the National Natural Science Foundation of China (Grant Nos. 61902290, 61902291, 62072352, 61872283), China Postdoctoral Science Foundation Funded Project (Grant Nos. 2018M640962, 2019M653567), Key Research and Development Program of Shaanxi (Grant Nos. 2019ZDLGY12-04, 2020ZDLGY09-06), Natural Science Foundation of Shaanxi Province (Grant Nos. 2019JM-109, 2019JM-425), Scientific Research Program Funded by Shaanxi Provincial Education Department (Grant No. 20JY016), Fundamental Research Funds for the Central Universities (Grant No. JB191508, JB191507), M. Shojafar was supported by a Marie Curie Fellowship funded by the European Commission (Grant No. MSCA-IF-GF-2019-839255).

Access to Document

10.1145/3426969

Cite this

@article{24e7795d845b473a9a9048ec8e0de62c,

title = "Privacy-Preserving Distributed Multi-Task Learning against Inference Attack in Cloud Computing",

abstract = "Because of the powerful computing and storage capability in cloud computing, machine learning as a service (MLaaS) has recently been valued by the organizations for machine learning training over some related representative datasets. When these datasets are collected from different organizations and have different distributions, multi-task learning (MTL) is usually used to improve the generalization performance by scheduling the related training tasks into the virtual machines in MLaaS and transferring the related knowledge between those tasks. However, because of concerns about privacy breaches (e.g., property inference attack and model inverse attack), organizations cannot directly outsource their training data to MLaaS or share their extracted knowledge in plaintext, especially the organizations in sensitive domains. In this article, we propose a novel privacy-preserving mechanism for distributed MTL, namely NOInfer, to allow several task nodes to train the model locally and transfer their shared knowledge privately. Specifically, we construct a single-server architecture to achieve the private MTL, which protects task nodes' local data even if out of nodes colluded. Then, a new protocol for the Alternating Direction Method of Multipliers (ADMM) is designed to perform the privacy-preserving model training, which resists the inference attack through the intermediate results and ensures that the training efficiency is independent of the number of training samples. When releasing the trained model, we also design a differentially private model releasing mechanism to resist the membership inference attack. Furthermore, we analyze the privacy preservation and efficiency of NOInfer in theory. Finally, we evaluate our NOInfer over two testing datasets and evaluation results demonstrate that NOInfer efficiently and effectively achieves the distributed MTL. ",

keywords = "cloud computing, differential privacy, homomorphic cryptography, Multi-task learning, privacy preservation",

author = "Xindi Ma and Jianfeng Ma and Saru Kumari and Fushan Wei and Mohammad Shojafar and Mamoun Alazab",

note = "Funding Information: This work was supported by the National Natural Science Foundation of China (Grant Nos. 61902290, 61902291, 62072352, 61872283), China Postdoctoral Science Foundation Funded Project (Grant Nos. 2018M640962, 2019M653567), Key Research and Development Program of Shaanxi (Grant Nos. 2019ZDLGY12-04, 2020ZDLGY09-06), Natural Science Foundation of Shaanxi Province (Grant Nos. 2019JM-109, 2019JM-425), Scientific Research Program Funded by Shaanxi Provincial Education Department (Grant No. 20JY016), Fundamental Research Funds for the Central Universities (Grant No. JB191508, JB191507), M. Shojafar was supported by a Marie Curie Fellowship funded by the European Commission (Grant No. MSCA-IF-GF-2019-839255).",

year = "2022",

month = may,

doi = "10.1145/3426969",

language = "English",

volume = "22",

pages = "1--24",

journal = "ACM Transactions on Internet Technology",

issn = "1533-5399",

publisher = "Association for Computing Machinery (ACM)",

number = "2",

}

TY - JOUR

T1 - Privacy-Preserving Distributed Multi-Task Learning against Inference Attack in Cloud Computing

AU - Ma, Xindi

AU - Ma, Jianfeng

AU - Kumari, Saru

AU - Wei, Fushan

AU - Shojafar, Mohammad

AU - Alazab, Mamoun

N1 - Funding Information: This work was supported by the National Natural Science Foundation of China (Grant Nos. 61902290, 61902291, 62072352, 61872283), China Postdoctoral Science Foundation Funded Project (Grant Nos. 2018M640962, 2019M653567), Key Research and Development Program of Shaanxi (Grant Nos. 2019ZDLGY12-04, 2020ZDLGY09-06), Natural Science Foundation of Shaanxi Province (Grant Nos. 2019JM-109, 2019JM-425), Scientific Research Program Funded by Shaanxi Provincial Education Department (Grant No. 20JY016), Fundamental Research Funds for the Central Universities (Grant No. JB191508, JB191507), M. Shojafar was supported by a Marie Curie Fellowship funded by the European Commission (Grant No. MSCA-IF-GF-2019-839255).

PY - 2022/5

Y1 - 2022/5

N2 - Because of the powerful computing and storage capability in cloud computing, machine learning as a service (MLaaS) has recently been valued by the organizations for machine learning training over some related representative datasets. When these datasets are collected from different organizations and have different distributions, multi-task learning (MTL) is usually used to improve the generalization performance by scheduling the related training tasks into the virtual machines in MLaaS and transferring the related knowledge between those tasks. However, because of concerns about privacy breaches (e.g., property inference attack and model inverse attack), organizations cannot directly outsource their training data to MLaaS or share their extracted knowledge in plaintext, especially the organizations in sensitive domains. In this article, we propose a novel privacy-preserving mechanism for distributed MTL, namely NOInfer, to allow several task nodes to train the model locally and transfer their shared knowledge privately. Specifically, we construct a single-server architecture to achieve the private MTL, which protects task nodes' local data even if out of nodes colluded. Then, a new protocol for the Alternating Direction Method of Multipliers (ADMM) is designed to perform the privacy-preserving model training, which resists the inference attack through the intermediate results and ensures that the training efficiency is independent of the number of training samples. When releasing the trained model, we also design a differentially private model releasing mechanism to resist the membership inference attack. Furthermore, we analyze the privacy preservation and efficiency of NOInfer in theory. Finally, we evaluate our NOInfer over two testing datasets and evaluation results demonstrate that NOInfer efficiently and effectively achieves the distributed MTL.

AB - Because of the powerful computing and storage capability in cloud computing, machine learning as a service (MLaaS) has recently been valued by the organizations for machine learning training over some related representative datasets. When these datasets are collected from different organizations and have different distributions, multi-task learning (MTL) is usually used to improve the generalization performance by scheduling the related training tasks into the virtual machines in MLaaS and transferring the related knowledge between those tasks. However, because of concerns about privacy breaches (e.g., property inference attack and model inverse attack), organizations cannot directly outsource their training data to MLaaS or share their extracted knowledge in plaintext, especially the organizations in sensitive domains. In this article, we propose a novel privacy-preserving mechanism for distributed MTL, namely NOInfer, to allow several task nodes to train the model locally and transfer their shared knowledge privately. Specifically, we construct a single-server architecture to achieve the private MTL, which protects task nodes' local data even if out of nodes colluded. Then, a new protocol for the Alternating Direction Method of Multipliers (ADMM) is designed to perform the privacy-preserving model training, which resists the inference attack through the intermediate results and ensures that the training efficiency is independent of the number of training samples. When releasing the trained model, we also design a differentially private model releasing mechanism to resist the membership inference attack. Furthermore, we analyze the privacy preservation and efficiency of NOInfer in theory. Finally, we evaluate our NOInfer over two testing datasets and evaluation results demonstrate that NOInfer efficiently and effectively achieves the distributed MTL.

KW - cloud computing

KW - differential privacy

KW - homomorphic cryptography

KW - Multi-task learning

KW - privacy preservation

UR - http://www.scopus.com/inward/record.url?scp=85130329828&partnerID=8YFLogxK

U2 - 10.1145/3426969

DO - 10.1145/3426969

M3 - Article

AN - SCOPUS:85130329828

SN - 1533-5399

VL - 22

SP - 1

EP - 24

JO - ACM Transactions on Internet Technology

JF - ACM Transactions on Internet Technology

IS - 2

M1 - 45

ER -

Privacy-Preserving Distributed Multi-Task Learning against Inference Attack in Cloud Computing

Abstract

Bibliographical note

Access to Document

Other files and links

Fingerprint

Cite this