Information-Bottleneck-Based Secure Federated Learning

Abstract

This project will develop systematic tools for ensuring generalization of learning algorithms to previously unseen testing data and robustness of these algorithms to adversarial attacks in the setting of federated learning. The technical approach relies on an information-theoretic framework based on the information bottleneck formulation for solving this problem, with an emphasis on algorithm development and analytical performance results. Generalizable and trusted learning is a challenging and largely open problem, especially in a federated setup with multiple edge devices coordinating with a cloud based server. This project will guarantee generalization and robustness to adversarial perturbations in a distributed learning setup in a computationally efficient manner, which is a must for trusted autonomy. Federated learning (also known as collaborative learning) has emerged as a natural candidate for this purpose in a variety of applications. Federated learning was initially proposed as an approach to learning by multiple mobile devices that form a loose federation for a specific learning task. The core problem that is tackled in federated learning is that of training models usually under the supervision of a central coordinating authority; however, without collecting the raw data from a number of devices (or odes) at a central place. Since federated learning allows consideration of large datasets while addressing critical issues such as data privacy, data security, data access rights and access to heterogeneous data, the field has become ever more popular with both academic researchers and industry practitioners. Its applications have spread over a number of application areas including defense, telecommunications,Internet of Things (loT), and pharmaceutics. In the Department of Defense space, federated learning has found interest in applications such as missile defense and has been recognized as crucial towards the evolution of the US Army to become a Multi-Domain Operations (MDO) Joint Force, especially at the Tactical Edge that operates in complex urban settings. A11 ML techniques face the challenges of being able to generalize to previously unseen testing data and to be secure against both passive eavesdropping and active perturbation malicious attacks. Given that in federated learning, data are distributed among multiple devices and the devices communicate repeatedly with the central server, these problems become even more challenging in is setup. It is also important to note that tackling these two concerns can align, and does not necessarily produce a trade-off. For example, noise injection is a commonly used regularization technique for machine learning algorithms that has also been traditionally applied for secure communication. This project proposes an information-theoretic framework that can be used both for deriving analytical performance bounds as well as for providing design guidelines for federated learning algorithms that generalize ell and are secure by design.

Document Details

Document Type

DoD Grant Award

Publication Date

Aug 02, 2023

Source ID

W911NF2310316

Entities

Tags