Skip to main content
Apply Library A-Z Find a person Maps
Brightspace Email
University
of Victoria
Apply Library A-Z Find a person Maps
Sign in Online tools Sign out
Faculty of Graduate Studies

William Briguglio

  • MSc (University of Windsor, 2020)
  • BSc (University of Windsor, 2019)
Notice of the Final Oral Examination for the Degree of Doctor of Philosophy

Topic

Machine Learning Techniques for the Preservation of Data Privacy

Department of Electrical and Computer Engineering

Date & location

  • Monday, July 29, 2024
  • 12:00 P.M.
  • Virtual Defence

Examining Committee

Supervisory Committee

  • Dr. Issa Traore, Department of Electrical and Computer Engineering, University of Victoria
    (Co-Supervisor)
  • Dr. Waleed Yousef, Department of Electrical and Computer Engineering, UVic (Co-Supervisor)
  • Dr. Sherif Saad, Department of Electrical and Computer Engineering, Uvic (Member)
  • Dr. Hausi Muller, Department of Computer Science, UVic (Outside Member)

External Examiner

  • Dr. Arash H. Lashkari, Electrical Engineering and Computer Science, York University

Chair of Oral Examination

  • Dr. Janelle Jenstad, Department of English, UVic

Abstract

Machine learning has been successfully applied in various domains in recent years. Still, its use is limited since training or testing data may contain sensitive information which cannot be shared with model owners due to privacy concerns. For example, healthcare providers may be bound by patient privacy laws. Without large publicly available datasets, useful models become impossible to train. Therefore, ML methods that preserve the privacy of private training data are required. One solution is to use homomorphic encryption to carry out mathematical operations on encrypted data without compromising the privacy of said data. However, sometimes a large dataset that is difficult for a single institution to obtain is needed for complex learning tasks. In such a case, federated learning can be used to learn from private data distributed across multiple owners without compromising the privacy of each owner’s data.

However, federated learning carries its own risks. For example, exchanging even the minimum information needed for training can compromise privacy, and rogue participants in a federated learning network may attempt to sabotage model performance. Further, data that is not independently and identically distributed hampers the convergence of federated learning techniques. Additionally, once training is complete, regardless of the means, extra steps must be taken to ensure model privacy during the inference phase. Such steps are needed to ensure the model owner(s) can retain sole proprietorship of the global model. Further, if a model’s parameters are leaked, then an adversary may be able to reverse engineer them to compromise the privacy of the training data. Keeping a model private eliminates this risk.

In this dissertation, we provide an in-depth background to the problems of machine learning with encryption and federated learning. We propose novel techniques for private inference that maintain the privacy of both the model and the data the model performs inferences on. We propose a federated learning framework which, in addition to maintaining the privacy of the data used during training, is, to the best of our knowledge, the only approach that enables just a single participant to obtain the jointly trained model. We also present a secure method for distributed dimensionality reduction, which can be used as a preprocessing step to enhance the performance of the proposed federated learning framework. Finally, we combine these approaches and propose an end-to-end federated learning and private inference framework which maintains data privacy during the federated learning and private inference phase, as well as ensures the privacy of the trained model’s parameters during each phase.

Back to oral exams