Paper Info
Title
Reaching Data Confidentiality and Model Accountability on the CalTrain
Abstract
Distributed collaborative learning (DCL) paradigms enable building joint machine learning models from distrusted multi-party participants. Data confidentiality is guaranteed by retaining private training data on each participant's local infrastructure. However, this approach makes today's DCL design fundamentally vulnerable to data poisoning and backdoor attacks. It limits DCL's model accountability, which is key to backtracking problematic training data instances and their responsible contributors. In this paper, we introduce CALTRAIN, a centralized collaborative learning system that simultaneously achieves data confidentiality and model accountability. CALTRAIN enforces isolated computation via secure enclaves on centrally aggregated training data to guarantee data confidentiality. To support building accountable learning models, we securely maintain the links between training instances and their contributors. Our evaluation shows that the models generated by CALTRAIN can achieve the same prediction accuracy when compared to the models trained in non-protected environments. We also demonstrate that when malicious training participants tend to implant backdoors during model training, CALTRAIN can accurately and precisely discover the poisoned or mislabeled training data that lead to the runtime mispredictions.
Year
DOI
Venue
2018
10.1109/DSN.2019.00044
2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
Keywords
DocType
Volume
Data Privacy,Learning Systems,Systems Security
Journal
abs/1812.03230
ISSN
ISBN
Citations 
1530-0889
978-1-7281-0058-6
0
PageRank 
References 
Authors
0.34
15
8
Name
Order
Citations
PageRank
Zhongshu Gu113510.84
Hani Jamjoom269142.44
Dong Su3123.98
Heqing Huang4354.16
Jialong Zhang500.34
Tengfei Ma616921.46
Dimitrios Pendarakis798981.72
Ian Molloy873338.81