Abstract: A method detects model-poisoning attempts in a federated learning system. The federated learning system includes a server orchestrating with clients to train a machine-learning model. The method includes receiving, by the server, results of a poisoning detection analysis. The poisoning detection analysis includes at least one of an analysis of class-specific misclassification rates or an analysis of activation clustering of a current state of the machine-learning model.

Abstract: A computer-implemented method of instantiating a machine learning model with a host processing system is provided. The host processing system includes a trusted execution environment (TEE) and an untrusted processing system (UPS). The method includes: preparing, with the host processing system, a compiler encoding an architecture of the machine learning model; receiving, from a client processing system, source data; and producing, with the compiler, software based on the received source data and model parameters stored on the host processing system. The software includes an untrusted software component for performance on the UPS and a trusted software component for performance on the TEE. The untrusted software component and the trusted software component are configured to, when performed in concert, instantiate the machine learning model.

Abstract: A computer-implemented method of instantiating a machine learning model with a host processing system is provided. The host processing system includes a trusted execution environment (TEE) and an untrusted processing system (UPS). The method includes: preparing, with the host processing system, a compiler encoding an architecture of the machine learning model; receiving, from a client processing system, source data; and producing, with the compiler, software based on the received source data and model parameters stored on the host processing system. The software includes an untrusted software component for performance on the UPS and a trusted software component for performance on the TEE. The untrusted software component and the trusted software component are configured to, when performed in concert, instantiate the machine learning model.

Abstract: A method detects model-poisoning attempts in a federated learning system. The federated learning system includes a server orchestrating with clients to train a machine-learning model. The method includes receiving, by the server, results of a poisoning detection analysis. The poisoning detection analysis includes at least one of an analysis of class-specific misclassification rates or an analysis of activation clustering of a current state of the machine-learning model.