Abstract: A computer-implemented method, according to one approach, includes issuing a hyperparameter optimization (HPO) query to a plurality of computing devices. HPO results are received from the plurality of computing devices, and the HPO results include a set of hyperparameter (HP)/rank value pairs. The method further includes computing, based on the set of HP/rank value pairs, a global set of HPs from the HPO results for federated learning (FL) training. An indication of the global set of HPs is output to the plurality of computing devices. A computer program product, according to another approach, includes a computer readable storage medium having program instructions embodied therewith. The program instructions are readable and/or executable by a computer to cause the computer to perform the foregoing method.

Abstract: A method, a computer program product, and a system of personalized training a machine learning model using federated learning with gradient boosted trees. The method includes training a global machine learning model using federated learning between a plurality of parties. The method also includes distributing the global machine learning model to each of the parties and receiving personalized model updates from each of the parties. The personalized model updates are generated from updated models boosted locally and produced by each of the parties using their respective local data. The method further includes fusing the personalized model updates to produce a boosted decision tree to update the global machine learning model. The method also includes training global machine learning model, iteratively, in this manner until a stopping criterion is achieved.

Abstract: Techniques for improved federated learning are provided. One or more queries are issued to a plurality of participants in a federated learning system, and one or more replies are received from the plurality of participants. A first aggregated model is generated based on the one or more relies and a first influence vector. Upon determining that a predefined criterion is satisfied, a second influence vector modifying a weight of a first participant of the plurality of participants is generated. A second aggregated model is generated based on the one or more replies and the second influence vector.

Abstract: An example system includes a processor to compute a tensor of indicators indicating a presence of partial sums in an encrypted vector of indicators. The processor can also securely reorder an encrypted array based on the computed tensor of indicators to generate a reordered encrypted array.

Abstract: A second set of data identifiers, comprising identifiers of data usable in federated model training by a second data owner, is received at a first data owner from the second data owner. An intersection set of data identifiers is determined at the first data owner. At the first data owner according to the intersection set of data identifiers, the data usable in federated model training is rearranged by the first data owner to result in a first training dataset. At the first data owner using the intersection set of data identifiers, the first training dataset, and a previous iteration of an aggregated set of model weights, a first partial set of model weights is computed. An updated aggregated set of model weights, comprising the first partial set of model weights and a second partial set of model weights from the second data owner, is received from an aggregator.

Abstract: A computer-implemented method, a computer program product, and a computer system for defending against adversarial attacks in federated learning. In the federated learning comprising an aggregator and parties, the aggregator receives weights sent from the respective parties. The aggregator computes values of a performance metric for weight arrays obtained by the respective parties, using a validation dataset. The aggregator ranks the values of the performance metric in a list. The aggregator recursively splits the list in half until one or more adversary updates of the weights are isolated. The aggregator excludes one or more parties that send the one or more adversary updates from participating in a current round of training in the federated learning.

Abstract: A method, system, and computer program product for training models for federated learning. The method determines, by a federated learning aggregator, a set of sample ratios for a set of participant systems. Each sample ratio is associated with a distinct participant system. A set of participant epsilon values are generated for the set of participant systems with each participant epsilon value being associated with a participant system of the set of participant systems. A set of surrogate data sets are received for the set of participant systems with each surrogate data set representing a data set of a participant system. The federated learning aggregator generates a set of local models. Each local model is generated based on a first global model. The method generates a second global model based on a prediction set generated by the set of participant systems using the set of local models.

Abstract: An example operation may include one or more of connecting, by a pharmacy node, to a blockchain network configured to store patients' data on a blockchain ledger, receiving, by the pharmacy node, a request from a patient node for a prescription refill, the request contains a secret key of a patient, extracting, by the pharmacy node, the secret key from the request to verify a patient's identity, and executing, by the pharmacy node, a smart contract to: (a) decrypt a prescription data located on the ledger by an application of the secret key, (b) retrieve patient's allergy records from the ledger to check the allergy records against the prescription data, (c) determine a number of remaining refills from the prescription data, (d) check validity of the prescription data based on an expiration date, and commit a prescription refill transaction to the blockchain based on a successful execution of (b)-(d).

Abstract: Computer-implemented methods, program products, and systems for provenance-based defense against poison attacks are disclosed. In one approach, a method includes: receiving observations and corresponding provenance data from data sources; determining whether the observations are poisoned based on the corresponding provenance data; and removing the poisoned observation(s) from a final training dataset used to train a final prediction model. Another implementation involves provenance-based defense against poison attacks in a fully untrusted data environment. Untrusted data points are grouped according to provenance signature, and the groups are used to train learning algorithms and generate complete and filtered prediction models. The results of applying the prediction models to an evaluation dataset are compared, and poisoned data points identified where the performance of the filtered prediction model exceeds the performance of the complete prediction model.

Abstract: According to one embodiment, a method, computer system, and computer program product for grouped federated learning is provided. The embodiment may include initializing a plurality of aggregation groups including a plurality of parties and a plurality of local aggregators. The embodiment may also include submitting a query to a first party from the plurality of parties. The embodiment may further include submitting an initial response to the query from the first party or a second party from the plurality of parties to a first local aggregator from the plurality of local aggregators. The embodiment may also include submitting a final response from the first local aggregator or a second local aggregator from the plurality of local aggregators to a global aggregator. The embodiment may further include building a machine learning model based on the final response.

Abstract: The method provides for analyzing input and output connections of layers of a received neural network model configured for vertical federated learning. An undirected graph of nodes is generated in which a node having two or more child nodes includes an aggregation operation, based on the analysis of the model in which a model output corresponds to a node of the graph. A layer of the model is identified in which a sum of lower layer outputs are computed. The identified model layer is partitioned into a first part applied respectively to the multiple entities and a second part applied as an aggregator of the output of the first part. The aggregation operation is performed between pairs of lower layer outputs, and multiple forward and backward passes of the neural network model are performed that include secure aggregation and maintain model partitioning in forward and backward passes.

Abstract: Techniques regarding privacy preservation in a federated learning environment are provided. For example, one or more embodiments described herein can comprise a system, which can comprise a memory that can store computer executable components. The system can also comprise a processor, operably coupled to the memory, and that can execute the computer executable components stored in the memory. The computer executable components can comprise a plurality of machine learning components that can execute a machine learning algorithm to generate a plurality of model parameters. The computer executable components can also comprise an aggregator component that can synthesize a machine learning model based on an aggregate of the plurality of model parameters. The aggregator component can communicate with the plurality of machine learning components via a data privacy scheme that comprises a privacy process and a homomorphic encryption process in a federated learning environment.

Abstract: An indication of availability over time and resource usage is maintained for each computing device of a plurality of computing devices. An optimal combination of a subset of the plurality of computing devices is determined for each round of one or more rounds of training based on the availability over time and the resource usage for each computing device. A global model is generated utilizing the one or more optimal combinations of the plurality of computing devices and a query is performed utilizing the global model.

Abstract: Computer-implemented methods, program products, and systems for provenance-based defense against poison attacks are disclosed. In one approach, a method includes: receiving observations and corresponding provenance data from data sources; determining whether the observations are poisoned based on the corresponding provenance data; and removing the poisoned observation(s) from a final training dataset used to train a final prediction model. Another implementation involves provenance-based defense against poison attacks in a fully untrusted data environment. Untrusted data points are grouped according to provenance signature, and the groups are used to train learning algorithms and generate complete and filtered prediction models. The results of applying the prediction models to an evaluation dataset are compared, and poisoned data points identified where the performance of the filtered prediction model exceeds the performance of the complete prediction model.

Abstract: Computer-implemented methods, program products, and systems for provenance-based defense against poison attacks are disclosed. In one approach, a method includes: receiving observations and corresponding provenance data from data sources; determining whether the observations are poisoned based on the corresponding provenance data; and removing the poisoned observation(s) from a final training dataset used to train a final prediction model. Another implementation involves provenance-based defense against poison attacks in a fully untrusted data environment. Untrusted data points are grouped according to provenance signature, and the groups are used to train learning algorithms and generate complete and filtered prediction models. The results of applying the prediction models to an evaluation dataset are compared, and poisoned data points identified where the performance of the filtered prediction model exceeds the performance of the complete prediction model.

Abstract: A method, a computer system, and a computer program product are provided for federated learning. An aggregator may receive cluster information from distributed computing devices. The cluster information may relate to identified clusters in sample data of the distributed computing devices. The cluster information may include centroid information per cluster. The aggregator may include a processor. The aggregator may integrate the cluster information to define data classes for machine learning classification. The integrating may include computing a respective distance between centroids of the clusters in order to determine a total number of the data classes. The aggregator may send a deep learning model that includes an output layer that has a total number of nodes equal to the total number of the data classes. The deep learning model may be for the distributed computing devices to perform machine learning classification in federated learning.

Abstract: A computer-implemented method according to one embodiment includes issuing a hyperparameter optimization (HPO) query to a plurality of computing devices; receiving HPO results from each of the plurality of computing devices; generating a unified performance metric surface utilizing the HPO results from each of the plurality of computing devices; and determining optimal global hyperparameters, utilizing the unified performance metric surface.

Abstract: One embodiment provides a method for federated learning across a plurality of data parties, comprising assigning each data party with a corresponding namespace in an object store, assigning a shared namespace in the object store, and triggering a round of federated learning by issuing a customized learning request to at least one data party. Each customized learning request issued to a data party triggers the data party to locally train a model based on training data owned by the data party and model parameters stored in the shared namespace, and upload a local model resulting from the local training to a corresponding namespace in the object store the data party is assigned with. The method further comprises retrieving, from the object store, local models uploaded to the object store during the round of federated learning, and aggregating the local models to obtain a shared model.

Abstract: Embodiments relate to a system, program product, and method for automatically determining which activation data points in a neural model have been poisoned to erroneously indicate association with a particular label or labels. A neural network is trained using potentially poisoned training data. Each of the training data points is classified using the network to retain the activations of the last hidden layer, and segment those activations by the label of corresponding training data. Clustering is applied to the retained activations of each segment, and a cluster assessment is conducted for each cluster associated with each label to distinguish clusters with potentially poisoned activations from clusters populated with legitimate activations. The assessment includes executing a set of analyses and integrating the results of the analyses into a determination as to whether a training data set is poisonous based on determining if resultant activation clusters are poisoned.

Abstract: Systems, computer-implemented methods, and computer program products that can facilitate detection of an adversarial backdoor attack on a trained model at inference time are provided. According to an embodiment, a system can comprise a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory. The computer executable components can comprise a log component that records predictions and corresponding activation values generated by a trained model based on inference requests. The computer executable components can further comprise an analysis component that employs a model at an inference time to detect a backdoor trigger request based on the predictions and the corresponding activation values. In some embodiments, the log component records the predictions and the corresponding activation values from one or more layers of the trained model.