The growing computational demands of model training tasks and the increased privacy awareness of consumers call for the development of new techniques in the area of machine learning. Fully decentralized approaches have been proposed, but are still in early research stages. This study analyses gossip learning, one of these state-of-the-art decentralized machine learning protocols, which promises high scalability and privacy preservation, with the goal of assessing its applicability to realworld scenarios.

Previous research on gossip learning presents strong and often unrealistic assumptions on the distribution of the data, the communication speeds of the devices and the connectivity among them. Our results show that lifting these requirements can, in certain scenarios, lead to slow convergence of the protocol or even unfair bias in the produced models. This paper identifies the conditions in which gossip learning can and cannot be applied, and introduces extensions that mitigate some of its limitations.

Growing privacy concerns regarding personal data disclosure are contrasting with the constant need of such information for data-driven applications. To address this issue, the combination of federated learning and differential privacy is now well-established in the domain of machine learning. These techniques allow to train deep neural networks without collecting the data and while preventing information leakage. However, there are many scenarios where simpler and more robust machine learning models are preferable. In this paper, we present a federated and differentially-private version of the Naive Bayes algorithm for classification. Our results show that, without data collection, the same performance of a centralized solution can be achieved on any dataset with only a slight increase in the privacy budget. Furthermore, if certain conditions are met, our federated solution can outperform a centralized approach.

This is an extended version of our work in [16]. In this paper,we introduce two novel algorithms to collaboratively train Naive Bayesmodels across multiple private data sources: Federated Naive Bayes andGossip Naive Bayes. Instead of directly providing access to their data,the data owners compute local updates that are then aggregated to builda global model. In order to also prevent indirect privacy leaks from theupdates or from the final model, our algorithms protect the exchangedinformation with differential privacy. We experimentally evaluate ourproposed approaches, examining different scenarios and focusing on potentialreal-world issues, such as different data owner offering differentamounts of data or requesting different levels of privacy. Our results showthat both Federated and Gossip Naive Bayes achieve similar accuracy toa “vanilla” Naive Bayes while maintaining reasonable privacy guarantees,while being extremely robust to heterogeneous data owners.

We envision PDS2, a decentralized data marketplace in which consumers submit their tasks to be run within the platform, on the data of willing providers. The goal of PDS2 is to ensure that users maintain full control on their data and do not compromise their privacy, while being rewarded for the value that their data generates. In order to achieve this, our marketplace architecture employs blockchain technology, privacypreserving computation and decentralized machine learning. We then compare different potential solutions and identify the Ethereum blockchain, trusted execution environments and gossip learning as the most suitable for the implementation of PDS2. We also discuss the main open challenges that are left to tackle and possible directions for future work.

One big challenge for Industry 4.0 is leveraging the large amount of data that remain unused after collection. A variety of commercial data marketplaces have emerged in recent years to tackle this task. Despite their different business models and target markets, such marketplaces share a number of common issues that slow the growth of the industry, including data discovery, transparency, data privacy and data valuation. Many academic designs have been proposed to address these issues, yet most of them remain unimplemented, due to complexity or inefficiency.

We argue that these issues can be addressed with a combination of blockchain-based infrastructure, privacy-preserving computing and machine learning-based valuation metrics. Furthermore, we discuss key enabling technologies in each of these areas that are feasible to deploy at scale and could thus be implemented in real-world marketplaces in the near future. We select such technologies based on their current maturity and their industrial prominence.

IoT devices have been growing exponentially in the last few years. This growth makes them an attractive target for attackers due to their low computational power and limited security features. Attackers use IoT botnets as an instrument to perform DDoS attacks which caused major disruptions of Internet services in the last decade. While many works have tackled the task of detecting botnet attacks, only a few have considered early-stage detection of these botnets during their propagation phase.

While previous approaches analyze each network packet individually to predict its maliciousness, we propose a novel deep learning model called LiMNet (Lightweight Memory Network), which uses an internal memory component to capture the behaviour of each IoT device over time. This memory incorporates both packet features and behaviour of the peer devices. With this information, LiMNet achieves almost maximum AUROC classification scores, between 98.8% and 99.7%, with a 14% improvement over state of the art. LiMNet is also lightweight, performing inference almost 8 times faster than previous approaches.

Early-stage detection of botnets during their spreadingphase, before any attack, is fundamental to IoT security.Recently introduced lightweight memory networks represent thestate of the art in this domain. However, they require a centralsystem to capture and analyze all traffic in the network, whichmay not always be feasible in real-world scenarios.In this paper, we introduce a decentralized and collaborativealternative, in which the IoT devices themselves are responsiblefor this task without any central observer or coordinator. Ourresults show that the performance of this novel approach iscompetitive with similar centralized solutions, despite the lackof a global view of the network at any participating device.We also provide an extensive analysis of the security limitationsof our fully-decentralized detection system. We identify thepotential exploits that an attacker may attempt to perform, assesstheir impact on the IoT network as well as propose and evaluateeffective countermeasures.

In existing literature, GNN training has been performed mostly in centralized, and sometimes federated, settings. In this work, we consider a fully-decentralized data-private scenario, where each node has limited knowledge of the surrounding graph. We propose the first architecture that enables GNN training in this fully-decentralized setting, by carefully combining several techniques, including decoupled learning, self-supervision and Gossip Learning. We implement two simulation tools to experimentally evaluate our solution. The results show that the proposed technique can be effectively used in scenarios where centralized or federated approaches are unfeasible or undesirable.