Papers
Topics
Authors
Recent
Search
2000 character limit reached

Balancing Privacy, Robustness, and Efficiency in Machine Learning

Published 22 Dec 2023 in cs.LG, cs.CR, and cs.DC | (2312.14712v3)

Abstract: This position paper argues that achieving robustness, privacy, and efficiency simultaneously in machine learning systems is infeasible under prevailing threat models. The tension between these goals arises not from algorithmic shortcomings but from structural limitations imposed by worst-case adversarial assumptions. We advocate for a systematic research agenda aimed at formalizing the robustness-privacy-efficiency trilemma, exploring how principled relaxations of threat models can unlock better trade-offs, and designing benchmarks that expose rather than obscure the compromises made. By shifting focus from aspirational universal guarantees to context-aware system design, the machine learning community can build models that are truly appropriate for real-world deployment.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (40)
  1. Byzantine stochastic gradient descent. Advances in Neural Information Processing Systems 31 (2018).
  2. Fixing by Mixing: A Recipe for Optimal Byzantine ML under Heterogeneity. In Proceedings of The 26th International Conference on Artificial Intelligence and Statistics (Proceedings of Machine Learning Research, Vol. 206), Francisco Ruiz, Jennifer Dy, and Jan-Willem van de Meent (Eds.). PMLR, 1232–1300. https://proceedings.mlr.press/v206/allouah23a.html
  3. Robust Distributed Learning: Tight Error Bounds and Breakdown Point under Data Heterogeneity, In Thirty-seventh Conference on Neural Information Processing Systems. arXiv preprint arXiv:2309.13591. https://openreview.net/forum?id=n3fPDW87is
  4. On the Privacy-Robustness-Utility Trilemma in Distributed Learning. In Proceedings of the 40th International Conference on Machine Learning (Proceedings of Machine Learning Research, Vol. 202), Andreas Krause, Emma Brunskill, Kyunghyun Cho, Barbara Engelhardt, Sivan Sabato, and Jonathan Scarlett (Eds.). PMLR, 569–626. https://proceedings.mlr.press/v202/allouah23a.html
  5. Dimitri Bertsekas and John Tsitsiklis. 2015. Parallel and distributed computation: numerical methods. Athena Scientific.
  6. Poisoning attacks against support vector machines. In Proceedings of the 29th International Coference on International Conference on Machine Learning. 1467–1474.
  7. Machine learning with adversaries: Byzantine tolerant gradient descent. Advances in neural information processing systems 30 (2017).
  8. Practical Secure Aggregation for Privacy-Preserving Machine Learning. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (Dallas, Texas, USA) (CCS ’17). Association for Computing Machinery, New York, NY, USA, 1175–1191. https://doi.org/10.1145/3133956.3133982
  9. Extracting training data from large language models. In 30th USENIX Security Symposium (USENIX Security 21). 2633–2650.
  10. Draco: Byzantine-resilient distributed training via redundant gradients. In International Conference on Machine Learning. PMLR, 903–912.
  11. Distributed differential privacy via shuffling. In Advances in Cryptology–EUROCRYPT 2019: 38th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Darmstadt, Germany, May 19–23, 2019, Proceedings, Part I 38. Springer, 375–403.
  12. SABLE: Secure And Byzantine robust LEarning. arXiv:2309.05395 [cs.LG]
  13. Sever: A robust meta-algorithm for stochastic optimization. In International Conference on Machine Learning. PMLR, 1596–1606.
  14. Machine learning in finance. Vol. 1170. Springer.
  15. The algorithmic foundations of differential privacy. Foundations and Trends® in Theoretical Computer Science 9, 3–4 (2014), 211–407.
  16. Byzantine machine learning made easy by resilient averaging of momentums. In International Conference on Machine Learning. PMLR, 6246–6283.
  17. Security Vulnerabilities of SGX and Countermeasures: A Survey. ACM Comput. Surv. 54, 6, Article 126 (jul 2021), 36 pages. https://doi.org/10.1145/3456631
  18. SAFELearn: Secure Aggregation for private FEderated Learning. In 2021 IEEE Security and Privacy Workshops (SPW). 56–62. https://doi.org/10.1109/SPW53761.2021.00017
  19. Differentially private empirical risk minimization with input perturbation. In Discovery Science: 20th International Conference, DS 2017, Kyoto, Japan, October 15–17, 2017, Proceedings 20. Springer, 82–90.
  20. Differential privacy and byzantine resilience in SGD: Do they add up?. In Proceedings of the 2021 ACM Symposium on Principles of Distributed Computing. 391–401.
  21. Efficient, Private and Robust Federated Learning. In Annual Computer Security Applications Conference (Virtual Event, USA) (ACSAC ’21). Association for Computing Machinery, New York, NY, USA, 45–60. https://doi.org/10.1145/3485832.3488014
  22. The distributed discrete gaussian mechanism for federated learning with secure aggregation. In International Conference on Machine Learning. PMLR, 5201–5212.
  23. Byzantine-Robust Learning on Heterogeneous Datasets via Bucketing. In International Conference on Learning Representations.
  24. What can we learn privately? SIAM J. Comput. 40, 3 (2011), 793–826.
  25. The Byzantine Generals Problem. ACM Trans. Program. Lang. Syst. 4, 3 (jul 1982), 382–401. https://doi.org/10.1145/357172.357176
  26. When Machine Learning Meets Privacy: A Survey and Outlook. ACM Comput. Surv. 54, 2, Article 31 (mar 2021), 36 pages. https://doi.org/10.1145/3436755
  27. Privacy-preserving federated learning based on multi-key homomorphic encryption. International Journal of Intelligent Systems 37, 9 (2022), 5880–5901. https://doi.org/10.1002/int.22818 arXiv:https://onlinelibrary.wiley.com/doi/pdf/10.1002/int.22818
  28. Communication-Efficient Learning of Deep Networks from Decentralized Data. In Proceedings of the 20th International Conference on Artificial Intelligence and Statistics (Proceedings of Machine Learning Research, Vol. 54), Aarti Singh and Jerry Zhu (Eds.). PMLR, 1273–1282. https://proceedings.mlr.press/v54/mcmahan17a.html
  29. Payman Mohassel and Yupeng Zhang. 2017. Secureml: A system for scalable privacy-preserving machine learning. In 2017 IEEE symposium on security and privacy (SP). IEEE, 19–38.
  30. Privacy-Preserving Deep Learning via Additively Homomorphic Encryption. IEEE Transactions on Information Forensics and Security 13, 5 (2018), 1333–1345. https://doi.org/10.1109/TIFS.2017.2787987
  31. Back to the drawing board: A critical evaluation of poisoning attacks on production federated learning. In 2022 IEEE Symposium on Security and Privacy (SP). IEEE, 1354–1371.
  32. Membership inference attacks against machine learning models. In 2017 IEEE symposium on security and privacy (SP). IEEE, 3–18.
  33. Jenni AM Sidey-Gibbons and Chris J Sidey-Gibbons. 2019. Machine learning in medicine: a practical introduction. BMC medical research methodology 19 (2019), 1–18.
  34. Certified defenses for data poisoning attacks. Advances in neural information processing systems 30 (2017).
  35. Thomas Steinke and Jonathan Ullman. 2016. Between Pure and Approximate Differential Privacy. Journal of Privacy and Confidentiality 7, 2 (2016).
  36. Zeno: Distributed stochastic gradient descent with suspicion-based fault-tolerance. In International Conference on Machine Learning. PMLR, 6893–6901.
  37. Byzantine-robust distributed learning: Towards optimal statistical rates. In International Conference on Machine Learning. PMLR, 5650–5659.
  38. BatchCrypt: Efficient Homomorphic Encryption for Cross-Silo Federated Learning. In 2020 USENIX Annual Technical Conference (USENIX ATC 20). USENIX Association, 493–506. https://www.usenix.org/conference/atc20/presentation/zhang-chengliang
  39. Heng Zhu and Qing Ling. 2022. Bridging Differential Privacy and Byzantine-Robustness via Model Aggregation. In Proceedings of the Thirty-First International Joint Conference on Artificial Intelligence, IJCAI-22, Lud De Raedt (Ed.). International Joint Conferences on Artificial Intelligence Organization, 2427–2433. https://doi.org/10.24963/ijcai.2022/337 Main Track.
  40. Deep Leakage from Gradients. In Advances in Neural Information Processing Systems, H. Wallach, H. Larochelle, A. Beygelzimer, F. d'Alché-Buc, E. Fox, and R. Garnett (Eds.), Vol. 32. Curran Associates, Inc. https://proceedings.neurips.cc/paper_files/paper/2019/file/60a6c4002cc7b29142def8871531281a-Paper.pdf

Summary

No one has generated a summary of this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Sign Up to Summarize

Paper to Video (Beta)

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Sign Up to Generate

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Continue Learning

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up

Tweets

Sign up for free to view the 1 tweet with 0 likes about this paper.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up for Free