Federated machine learning (FML) for training of deep neural network models is a useful technique where insufficient sample data is available at a local level. In applications where data privacy must be preserved, such as in health care, financial services, and defense contexts, it is important that there is no exchange of data between constituents of the distributed network. It may also be desirable to protect the integrity and secrecy of the algorithms and trained models deployed within the network. Demonstrating the privacy-enhancing technology of Confidential Computing, we present a novel solution for FML implementation that supports extensible graph-based network topology configuration under federated, distributed, or centralized training regimes. The presented solution provides for policy-based control of model training and automated monitoring of model convergence and network performance. Owners of private datasets can retain independent control of their data through local encryption, while global data anonymization policies can be applied over the sample data. Full auditability of the model training process is provided to distributed data owners and the model owner using hardware-based cryptographic secrets that underpin zero-trust implementation of the training network. Operation of the proposed secure FML solution is discussed in the context of model training over distributed radiological image data for weakly-supervised learning and classification of common thorax diseases. Cross-domain adaptation of the proposed solution and integrated model integrity protection against adversarial attacks reflects a breakthrough technology for data science teams working with distributed datasets.
|