Adam in Private: Secure and Fast Training of Deep Neural Networks with
Adaptive Moment Estimation
- URL: http://arxiv.org/abs/2106.02203v1
- Date: Fri, 4 Jun 2021 01:40:09 GMT
- Title: Adam in Private: Secure and Fast Training of Deep Neural Networks with
Adaptive Moment Estimation
- Authors: Nuttapong Attrapadung and Koki Hamada and Dai Ikarashi and Ryo Kikuchi
and Takahiro Matsuda and Ibuki Mishina and Hiraku Morita and Jacob C. N.
Schuldt
- Abstract summary: We propose a framework that allows efficient evaluation of full-fledged state-of-the-art machine learning algorithms.
This is in contrast to most prior works, which substitute ML algorithms with approximated "MPC-friendly" variants.
We obtain secure training that outperforms state-of-the-art three-party systems.
- Score: 6.342794803074475
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Privacy-preserving machine learning (PPML) aims at enabling machine learning
(ML) algorithms to be used on sensitive data. We contribute to this line of
research by proposing a framework that allows efficient and secure evaluation
of full-fledged state-of-the-art ML algorithms via secure multi-party
computation (MPC). This is in contrast to most prior works, which substitute ML
algorithms with approximated "MPC-friendly" variants. A drawback of the latter
approach is that fine-tuning of the combined ML and MPC algorithms is required,
which might lead to less efficient algorithms or inferior quality ML. This is
an issue for secure deep neural networks (DNN) training in particular, as this
involves arithmetic algorithms thought to be "MPC-unfriendly", namely, integer
division, exponentiation, inversion, and square root. In this work, we propose
secure and efficient protocols for the above seemingly MPC-unfriendly
computations. Our protocols are three-party protocols in the honest-majority
setting, and we propose both passively secure and actively secure with abort
variants. A notable feature of our protocols is that they simultaneously
provide high accuracy and efficiency. This framework enables us to efficiently
and securely compute modern ML algorithms such as Adam and the softmax function
"as is", without resorting to approximations. As a result, we obtain secure DNN
training that outperforms state-of-the-art three-party systems; our full
training is up to 6.7 times faster than just the online phase of the recently
proposed FALCON@PETS'21 on a standard benchmark network. We further perform
measurements on real-world DNNs, AlexNet and VGG16. The performance of our
framework is up to a factor of about 12-14 faster for AlexNet and 46-48 faster
for VGG16 to achieve an accuracy of 70% and 75%, respectively, when compared to
FALCON.
Related papers
- Efficient Privacy-Preserving Convolutional Spiking Neural Networks with
FHE [1.437446768735628]
Homomorphic Encryption (FHE) is a key technology for privacy-preserving computation.
FHE has limitations in processing continuous non-polynomial functions.
We present a framework called FHE-DiCSNN for homomorphic SNNs.
FHE-DiCSNN achieves an accuracy of 97.94% on ciphertexts, with a loss of only 0.53% compared to the original network's accuracy of 98.47%.
arXiv Detail & Related papers (2023-09-16T15:37:18Z) - Combining Multi-Objective Bayesian Optimization with Reinforcement Learning for TinyML [4.2019872499238256]
We propose a novel strategy for deploying Deep Neural Networks on microcontrollers (TinyML) based on Multi-Objective Bayesian optimization (MOBOpt)
Our methodology aims at efficiently finding tradeoffs between a DNN's predictive accuracy, memory consumption on a given target system, and computational complexity.
arXiv Detail & Related papers (2023-05-23T14:31:52Z) - The Cascaded Forward Algorithm for Neural Network Training [61.06444586991505]
We propose a new learning framework for neural networks, namely Cascaded Forward (CaFo) algorithm, which does not rely on BP optimization as that in FF.
Unlike FF, our framework directly outputs label distributions at each cascaded block, which does not require generation of additional negative samples.
In our framework each block can be trained independently, so it can be easily deployed into parallel acceleration systems.
arXiv Detail & Related papers (2023-03-17T02:01:11Z) - An Adaptive Device-Edge Co-Inference Framework Based on Soft
Actor-Critic [72.35307086274912]
High-dimension parameter model and large-scale mathematical calculation restrict execution efficiency, especially for Internet of Things (IoT) devices.
We propose a new Deep Reinforcement Learning (DRL)-Soft Actor Critic for discrete (SAC-d), which generates the emphexit point, emphexit point, and emphcompressing bits by soft policy iterations.
Based on the latency and accuracy aware reward design, such an computation can well adapt to the complex environment like dynamic wireless channel and arbitrary processing, and is capable of supporting the 5G URL
arXiv Detail & Related papers (2022-01-09T09:31:50Z) - OMPQ: Orthogonal Mixed Precision Quantization [64.59700856607017]
Mixed precision quantization takes advantage of hardware's multiple bit-width arithmetic operations to unleash the full potential of network quantization.
We propose to optimize a proxy metric, the concept of networkity, which is highly correlated with the loss of the integer programming.
This approach reduces the search time and required data amount by orders of magnitude, with little compromise on quantization accuracy.
arXiv Detail & Related papers (2021-09-16T10:59:33Z) - Adaptive Sampling for Best Policy Identification in Markov Decision
Processes [79.4957965474334]
We investigate the problem of best-policy identification in discounted Markov Decision (MDPs) when the learner has access to a generative model.
The advantages of state-of-the-art algorithms are discussed and illustrated.
arXiv Detail & Related papers (2020-09-28T15:22:24Z) - An Analysis of Alternating Direction Method of Multipliers for
Feed-forward Neural Networks [2.8747398859585376]
The motive behind this approach was to conduct a method of training neural networks that is scalable and can be parallelised.
We have achieved 6.9% and 6.8% better accuracy comparing to SGD and Adam respectively, with a four-layer neural network with hidden size of 28.
arXiv Detail & Related papers (2020-09-06T22:13:54Z) - Bayesian Optimization with Machine Learning Algorithms Towards Anomaly
Detection [66.05992706105224]
In this paper, an effective anomaly detection framework is proposed utilizing Bayesian Optimization technique.
The performance of the considered algorithms is evaluated using the ISCX 2012 dataset.
Experimental results show the effectiveness of the proposed framework in term of accuracy rate, precision, low-false alarm rate, and recall.
arXiv Detail & Related papers (2020-08-05T19:29:35Z) - APQ: Joint Search for Network Architecture, Pruning and Quantization
Policy [49.3037538647714]
We present APQ for efficient deep learning inference on resource-constrained hardware.
Unlike previous methods that separately search the neural architecture, pruning policy, and quantization policy, we optimize them in a joint manner.
With the same accuracy, APQ reduces the latency/energy by 2x/1.3x over MobileNetV2+HAQ.
arXiv Detail & Related papers (2020-06-15T16:09:17Z) - SWIFT: Super-fast and Robust Privacy-Preserving Machine Learning [16.17280000789628]
We propose SWIFT, a robust framework for a range of ML algorithms in SOC setting.
SWIFT guarantees output delivery to the users irrespective of any adversarial behaviour.
We demonstrate our framework's practical relevance by benchmarking popular ML algorithms.
arXiv Detail & Related papers (2020-05-20T18:20:23Z) - ESSOP: Efficient and Scalable Stochastic Outer Product Architecture for
Deep Learning [1.2019888796331233]
Matrix-vector multiplications (MVM) and vector-vector outer product (VVOP) are the two most expensive operations associated with the training of deep neural networks (DNNs)
We introduce efficient techniques to SC for weight update in DNNs with the activation functions required by many state-of-the-art networks.
Our architecture reduces the computational cost by re-using random numbers and replacing certain FP multiplication operations by bit shift scaling.
Hardware design of ESSOP at 14nm technology node shows that, compared to a highly pipelined FP16 multiplier, ESSOP is 82.2% and 93.7% better in energy
arXiv Detail & Related papers (2020-03-25T07:54:42Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.