Print Email Facebook Twitter Privacy in federated deep learning on medical data Title Privacy in federated deep learning on medical data Author Enthoven, David (TU Delft Electrical Engineering, Mathematics and Computer Science) Contributor Al-Ars, Z. (mentor) Degree granting institution Delft University of Technology Programme Electrical Engineering | Embedded Systems Date 2019-12-17 Abstract With the increasing number of data collectors such as smartphones, immense amounts of data are available. These data have great value for training machine learning models. Federated learning is a distributed machine learning approach that allows a machine learning model to train on a distributed data-set without transferring any data and therefore claims that privacy is preserved. In this thesis, privacy is considered specifically for the use-case of medical data. These are sensitive and distinct for different patients. A step-wise argument as to what constitutes privacy preservation is formulated. This notably requires systems to be able to train on singular samples without compromising their privacy. As such, the federated averaging algorithm (FedAvg) is demonstrated to be critically insecure against certain attack methods. A chosen attack method is used to show how training data is reconstructed with solely the model update. The viability of this attack method is demonstrated to great extend for fully connected neural networks and convolutional neural networks To adhere to the strict privacy formulation, a novel federated learning method is presented in this thesis which is called Locally Encoded Federated Averaging (LEFedAvg). This method works on the premise that a part of the model remains private throughout. Subsequently, it is demonstrated to be usable and how this method allows for collaborative training. The privacy benefits of this federated learning method are empirically shown. The trade-off between performance and privacy is demonstrated and discussed for a more realistic operational setting. Subject Federater learningDeep learningprivacyModel sharing To reference this document use: http://resolver.tudelft.nl/uuid:a6f05abc-fe60-446d-a0fc-a1818edd25e2 Embargo date 2020-12-31 Part of collection Student theses Document type master thesis Rights © 2019 David Enthoven Files PDF Thesis_David_enthoven_17_ ... 2_2019.pdf 1.87 MB Close viewer /islandora/object/uuid:a6f05abc-fe60-446d-a0fc-a1818edd25e2/datastream/OBJ/view