Controlling Federated Learning for Covertness
Abstract: In this paper, we propose a stochastic-control based approach to control the stochastic gradient descent of a learner to achieve the objective of covert optimization. The methods presented here can be generalized to other auto-ml objectives, including robustness and communication efficiency.
A learner aims to minimize a function by repeatedly querying a distributed oracle that provides noisy gradient evaluations. At the same time, the learner seeks to hide from a malicious eavesdropper that observes the learner's queries. This paper considers the problem of _covert_ or _learner-private_ optimization, where the learner has to dynamically choose between learning and obfuscation by exploiting stochasticity. The problem of controlling the stochastic gradient algorithm for covert optimization is modeled as a Markov decision process, and we show that the dynamic programming operator has a supermodular structure implying that the optimal policy has a monotone threshold structure. A computationally efficient policy gradient algorithm is proposed to search for the optimal querying policy without knowledge of the transition probabilities. As a practical application, our methods are demonstrated on a hate speech classification task in a federated setting where an eavesdropper can use the optimal weights to generate toxic content, which is more easily misclassified. Numerical results show that when the learner uses the optimal policy, an eavesdropper can only achieve a validation accuracy of $52$% with no information and $69$% when it has a public dataset with $10$% positive samples compared to $83$% when the learner employs a greedy policy.
Paper Is In Scope: Yes
Paper Has Not Been Presented At A Conference: Yes
Submission Checklist And Broader Impact Statement: pdf
Submission Checklist: Yes
Broader Impact Statement: Yes
Link To Paper: https://openreview.net/forum?id=g01OVahtN9
Link To Code: https://anon-github.automl.cc/r/CovertHateSpeechClassification-0712
Note On License: The license below, CC-BY-4.0, pertains only to the uploaded PDF. The journal paper's license is not affected.
Submission Number: 1
Loading