This non-provisional application claims priority under 35 U.S.C. § 119(a) on Patent Application No(s). 202310239239.3 filed in China on Mar. 13, 2023, the entire contents of which are hereby incorporated by reference.
The present disclosure relates to federated learning, and more particularly to a federated learning system and method of protecting data digest.
Federated Learning (FL) addresses many privacy and data sharing issues through cross-device and distributed learning via central orchestration. Existing FL methods mostly assume a collaborative setting among clients can tolerate temporary client disconnection from the moderator.
In practice, however, extended client absence or departure can happen due to business competitions or other non-technical reasons. The performance degradation can be severe when the data are unbalanced, skewed, or non-independent-and-identically-distributed (non-IID) across clients.
Another issue arises when the moderator needs to evaluate and release the model to the consumers. As private client data are not accessible by the moderator, the representative data would be lost when clients cease to collaborate, resulting in largely biased FL gradient update and long-term training degradation. The naive approach of memorizing gradients during training is not a suitable solution, as gradients become unrepresentative very quickly as iteration progresses.
Overall, current federated learning still fails to perform well in the following three scenarios in combinations: (1) unreliable clients, (2) training after removing clients, and (3) training after adding clients.
Accordingly, the present disclosure provides a federated learning system and method of protecting data digest. This is a federated learning framework that can address client absence by synthesizing representative client data at the moderator. The present disclosure proposes a feature-mixing solution to reduce the privacy concerns and uses a feature disturbance method to protect the digest.
According to an embodiment of the present disclosure, a federated learning method of protecting data digest comprises: sending a general model to each of a plurality of client devices by a moderator; executing a digest producer by each of the plurality of client devices to generate a plurality of encoded features according to a plurality of raw data; performing a training procedure by each of the plurality of client devices, wherein the training procedure comprises: updating the general model to generate a client model according to the plurality of raw data, the plurality of encoded features, a plurality of labels corresponding to the plurality of encoded features, and a present client loss function; selecting at least two of the plurality of encoded features to compute a feature weighted sum, computing a sum of the feature weighted sum and noise; selecting at least two of the plurality of labels to compute a label weighted sum, and sending the sum and the label weighted sum to the moderator as a digest when receiving a digest request; and sending an update parameter of the client model to the moderator; determining an absent client and a present client among the plurality of client devices by the moderator; generating a replacement model according to the general model, the digest of the absent client and an absent client loss function by the moderator; performing an aggregation to generate an aggregation model according to the update parameter of the client model of the present client and an update parameter of the replacement model of the absent client by the moderator; and training the aggregation model to update the general model according to a moderator loss function by the moderator.
According to an embodiment of the present disclosure, a federated learning system of protecting data digest comprises a plurality of client devices and a moderator. Each of the plurality of client devices comprises: a first processor configured to execute a digest producer to generate a plurality of encoded features according to a plurality of raw data, further configured to update a general model to generate a client model according to the plurality of raw data, the plurality of encoded features, a plurality of labels corresponding to the plurality of encoded features, and a present client loss function, and further configured to select at least two of the plurality of encoded features to compute a feature weighted sum, compute a sum of the feature weighted sum and noise and select at least two of the plurality of labels to compute a label weighted sum when receives a digest request; and a first communication circuit electrically connected to the first processor and configured to send the feature weighted sum and the label weighted sum as a digest and send an update parameter of the client model. The moderator is communicably connected to each of the plurality of client devices, and comprises: a second communication circuit configured to send the general model to each of the plurality of client devices; and a second processor electrically connected to the second communication circuit, wherein the second processor is configured to determine an absent client and a present client among the plurality of client devices, generate a replacement model according to the digest of the absent client and an absent client loss function, perform an aggregation to generate an aggregation model according to the update parameter of the client model of the present client and an update parameter of the replacement model of the absent client, and train the aggregation model to update the general model according to a moderator loss function.
The present disclosure will become more fully understood from the detailed description given hereinbelow and the accompanying drawings which are given by way of illustration only and thus are not limitative of the present disclosure and wherein:
In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the disclosed embodiments. According to the description, claims and the drawings disclosed in the specification, one skilled in the art may easily understand the concepts and features of the present invention. The following embodiments further illustrate various aspects of the present invention, but are not meant to limit the scope of the present invention.
The detailed description of the embodiments of the present disclosure includes a plurality of technical terms, and the following are the definitions of these technical terms:
Client, the endpoint that contributes the data to join a distributed training or federated learning, also called “client device”.
Moderator, the service provider that collects the models from the clients to aggregate a general model for providing the service.
Raw data, the data that are held by a client and need to be protected, also called “private data”.
Digest, a sharable representation that can represent the raw data. No privacy concerns are included in the digest. The dimension of the digest is usually but not limited to lower than the raw data.
Guidance, the data to support model training with client absence. The domains of the guidance and the private data are usually the same.
Client model, the model owned by each client and trained according to the raw data by the client.
General model, the model owned by the moderator that is aggregated from the client models.
Stochastic Gradient Decent (SGD), an optimization process to update the parameters of a machine learning model based on predefined loss functions.
Federated learning (FL), a collaborative training framework to train a machine learning model without sharing client data to protect the data privacy.
Machine learning, a field of study that gives computers the ability to learn without being explicitly programmed.
Loss function: the objective functions of the optimizing process for training a machine learning model.
Differential Privacy (DP), DP is a rigorous mathematical definition of privacy. DP technologies allow sharing data information without expose any individual sample.
The present disclosure proposes a federated learning system of protecting data digest (also called FedDig framework) and an operating method using this system.
The hardware architecture of each of the client devices Ci, Cj is basically the same. The client device Ci in
The client device Ci is configured to collect raw data. The raw data include a private part and a non-private part other than the private part. For example, the raw data is an integrated circuit diagram, and the private part is a key circuit design in the integrated circuit diagram. For example, the raw data is a product design layout, and the private part is the product logo. For example, the raw data is the text, and the private part is the personal information such as name, phone, and address.
The first processor i1 is configured to execute a digest producer R, and thus generating a plurality of encoded features according to the plurality of raw data. In the embodiment shown in
In an embodiment, the federated learning system adopts an appropriate neural network model as the digest producer R according to the type of raw data. For example, EfficientNetV2 may be adopted as the digest producer R when the raw data is CIFAR-10 (Canadian Institute for Advanced Research), and VGG16 may be adopted as the digest producer R when the raw data is EMINST (Extend Modified National Institute of Standards and Technology).
In an embodiment, the raw data is directly inputted to the digest producer R to generate the encoded features. In another embodiment, the first processor i1 preprocesses the private part of the raw data before the raw data is inputted to the digest producer R for the generation of the encoded features. For example, when the raw data is an image, the preprocessing is to crop out the private part from the image; when the raw data is a text, the preprocessing is to remove the specified field or to mask the specific string. The digest producer R converts one piece of raw data into one encoded feature. In general, the dimension of raw data is greater than the dimension of encoded features.
If the number of samples of the raw data is K, after the digest producer R generates K encoded features according to the K pieces of raw data, the first processor i1 updates the general model from the moderator Mo to generate the client model according to the K pieces of raw data, K encoded features, K labels corresponding to the K encoded features, and a present client loss function. In an embodiment, the number K of labels and the labels themselves are given manually.
When the first communication circuit i2 receives a digest request from the moderator Mo, the first processor i1 is further configured to select at least two of the encoded features ri to compute a feature weighted sum, select at least two of the labels yi to compute a label weighted sum, and compute a sum of the feature weighted sum and noise.
In an embodiment, the feature weighted sum is shown in the following Equation 2, and the label weighted sum is shown in the following Equation 3:
In embodiment, the sum of the feature weighted sum and the noise is computed according to the following Equation 4:
In other embodiments, FP(·) may be any function that introduces feature disturbance. After the first processor i1 completes the computations of Equations 2 to Equation 4, the pair of the sum DR and the label weighted sum Dy may be outputted as a digest D through the first communication circuit i2.
In an embodiment, one of the following devices may be employed as the first processor i1: Application Specific Integrated Circuit (ASIC), Digital Signal Processor (DSP), Field Programmable Gate Array (FPGA), system-on-a-chip (SoC), and deep learning accelerator.
The first communication circuit i2 is configured to send the sum DR and the label weighted sum Dy as the digest D to the moderator Mo, and send an update parameter of the client model i to the moderator Mo. In an embodiment, the update parameter may be, for example, the gradient or weight of the model. The first communication circuit i2 is further configured to receive the general model and the updated general model from the moderator Mo. In an embodiment, the first communication circuit i2 performs the aforementioned transmission and reception tasks through a wired network or a wireless network.
The first storage circuit i3 is configured to store the raw data Ri, the digest D, the general model , and the client model i. In an embodiment, one of the following devices may be employed as the first storage circuit i3: Dynamic Random Access Memory (DRAM), Static Random Access Memory (SRAM), Double Data Rate Synchronuous Dynamic Random Access Memory (DDR SDRAM), flash memory, and hard disk.
The moderator Mo is communicably connected to each of the client devices Ci, Cj. The moderator Mo includes a second processor M1, a second communication circuit M2, and a second storage circuit M3. The second processor M1 is electrically connected to the second communication circuit M2, and the second storage circuit M3 is electrically connected to the second processor M1 and the second communication circuit M2. The hardware implementation of the moderator Mo and its internal components M1, M2, M3 may refer to the client device Ci and its internal component i1, i2, i3, and thus the detail is not repeated here.
The second processor M1 is configured to determine one or more absent client devices and one or more present devices among the plurality of client devices Ci, Cj. In an embodiment, the second processor M1 checks the communication connection between the second communication circuit M2 and each of the client devices Ci and thereby determining whether one or more of all the client devices Ci, Cj is (are) disconnected. The client device Ci keeping the connection is called the present client, while the client device Cj breaking the connection is called the absent client.
The second processor M1 is configured to execute a guidance producer G, and thereby generating a piece of guidance G according to the digest D of the absent client. In the initial training stage of federated learning, each client device Ci converts the raw data R into the digest D and sends the digest D to the moderator Mo. Therefore, the guidance G recovered from the digest D is equivalent to the representative part of the raw data R, and the guidance G does not include the privacy part of the raw data R. When the moderator Mo updates the general model , the guidance producer G is trained together with the general model , and the detail is described later. In the embodiment shown in
In the initial training stage of federated learning, the second processor is further configured to initialize the general model , and send the general model to each of the client devices Ci through the second communication circuit M2. During the training process of federal learning, if the second processor M1 determines absent client (such as Cj), the second processor M1 generates a replacement model according to the general model , the digest DRj of the absent client Cj, and an absent client loss function.
Overall, if the client device is not an absent client, the client device may train the client model based on the general model and the raw data. In contrast, if the client device becomes an absent client, the moderator will generate the guidance according to the digest representing the raw data and train the general model on behalf of the absent client based on the digest and the guidance to generate a replacement model. From
The second processor M1 is further configured to perform an aggregation to generate an aggregation model according to the general model , the update parameter of the client model i of the present client Ci and the update parameter of the replacement model j of the absent client Cj. In an embodiment, the update parameter of the model may be, for example, gradient or weight. In an embodiment, the aggregation is shown in the following Equation 7:
where t is the aggregation model, t is the general model (t represents the t-th iteration), wti is the weight corresponding to the present client Ci, ∇ti is the update parameter of the client model ti of the present client Ci, wtj is the weight corresponding to the absent client Cj, ∇tj, is the update parameter of the replacement model j of the absent client Cj.
In an embodiment, the weight wti corresponding to the present client Ci and the weight wtj corresponding to the absent client Cj satisfy the following Equation 8:
In other embodiments, the aggregation may be FedAvg, FedProx, or FedNova, and the present disclosure does not limit thereof.
The second processor M1 is further configured to train the aggregation model t to update the general model t according to the moderator loss function. In an embodiment, the moderator loss function is shown in the following Equation 9:
The second communication circuit M2 is configured to send the general model t and the digest producer R to each of the client devices Ci, Cj. In other words, the moderator Mo and each of the client devices Ci, Cj have identical digest producer R. In addition, in the initial training stage of federated learning, the second processor M1 controls the second communication circuit M2 to send the digest request to each of the client devices Ci, Cj, and then to receive the digest D returned from each of the client devices Ci, Cj.
The second storage circuit M is configured to store digests D of all client devices Ci, Cj, and further store the digest producer R, the guidance G, the general model t, and the replacement model J.
Before the timing corresponding to
The moderator Mo receives the digests Di, Dj from the client devices Ci, Cj and stores thereof. The moderator Mo receives the update parameters of the client models i,j from the client devices Ci, Cj, performs the aggregation according to the update parameters of the client models i,j, and thereby updating the general model . Finally, the trained general model may be deployed on the device of the consumer U.
At the the timing corresponding to
In this way, regardless of whether the client device Ci exists or not, the training of the federated learning system of protecting data digest proposed by the present disclosure will not be interrupted.
The training of federated learning includes a plurality of iterations, and steps S3-S7 in
In an embodiment, step S1 is performed in the first iteration of federated learning. In step S1, the moderator initializes a general model, and sends the general model to each client device. In addition, the moderator sends the digest producer to each client device to ensure that all client devices have the identical digest producer.
In step S2, each client device inputs the plurality of raw data into the digest producer to generate the plurality of encoded features, and selects some of the plurality of encoded features to mix according to the specified number, and thereby generating the digest to send to the moderator. In an embodiment, step S2 is performed in the first iteration of the federated learning. In another embodiment, step S2 is performed as long as the client device receives the digest request from the moderator.
In step S3, the details of the training procedure may refer to
In step S32, the client device determines whether a digest request has been received. Step S33 is performed if the determination is “yes”. Step S35 is performed if the determination is “no”. In step S33, the client device selects at least two encoded features from the plurality of encoded features to compute a feature weighted sum and selects at least two labels from the plurality of labels to compute a label weighted sum. In step S34, the client device computes the sum of feature weighted sum and the noise. In step S35, the client device sends the sum and the label weighted sum as the digest to the moderator. In step S36, the client device sends the update parameter of the client device to the moderator.
In step S4, the moderator detects the connection between itself and each client device, determines the client device that keeps the connection as a present client, and determines the client device that breaks the connection as an absent client.
In step S5, the details of generating the replacement model may refer to
In step S6, the details of generating the aggregation model may refer to
In step S7, the details of updating the general model may refer to
The following algorithm is the pseudo code of the federated learning method of protecting data digest according to an embodiment of the present disclosure:
Please refer to
In view of the above, the present disclosure provides a federated learning method of protecting data digest. This is a federated learning framework that can address client absence by synthesizing representative client data at the moderator. The present disclosure proposes a data memorizing mechanism to handle the client's absence effectively. Specifically, the present disclosure handles the following three scenarios: (1) unreliable clients, (2) training after removing clients, and (3) training after adding clients.
The present disclosure deals with potential client absence during FL training is to encode and aggregate information of the raw data and corresponding labels as data digests, and add a mechanism of the feature disturbance into the digest. When clients leave, the moderator may recover information from these digests to generate training guidance that can mitigate the catastrophic forgetting caused by the absent data. Since digests may be shared and stored at the moderator for training use, information that can lead to data privacy infringement should not be recoverable from the digests. To increase privacy protection of the proposed data digest, the present disclosure introduces the sample disturbance by mixing features extracted from the raw data, and add the noise generated based on differential privacy to protect the privacy of the data digest. Furthermore, the present disclosure introduces a trainable guidance producer into the ordinary FL training process, such that the moderator may learn to extract information and generate training guidance from the digests automatically. The digest and guidance proposed by the present disclosure are adaptable to most FL systems.
In the training process of FL, the following four training scenarios are common: (1) a client temporarily leaves during the FL training, (2) a client leaves the training forever, (3) all clients leave the FL training sequentially, and (4) multiple client groups join the FL training in different time slots.
Number | Date | Country | Kind |
---|---|---|---|
202310239239.3 | Mar 2023 | CN | national |