Secure Training of Deep Neural Network Over Several Agents


The inventors have developed machine learning methods that enable secure training of deep neural networks over multiple data sources. These technologies are useful in fields where data privacy is critical, such as healthcare and finance.

This technology would appeal to companies and institutions who process large quantities of data in order to make estimations or inferences, and especially those who deal with private or otherwise sensitive data. This system allows for the robust data processing required to train neural networks, while protecting the particulars of the data from unauthorized viewing. As such, this technology has direct applications in financial and medical institutions, where data security is critical, but informed estimations and analyses are essential to the operations of the organization

Problem Addressed

Deep neural networks are powerful tools for performing classification and predictive analysis of large datasets. However, certain fields face significant challenges in training deep neural networks due to data sensitivity and privacy. For example, in healthcare, sufficiently deep neural architectures may require secure compilation and analysis of patient data across multiple repositories without direct sharing of raw data. Furthermore, training of deep neural networks may require computationally intense data preparation and training, rendering this process difficult for individual data repositories. Although methods exist to train multi-party deep neural networks, these approaches are computationally ineffective and insecure. Therefore, there is a need for methods that enable efficient and secure training of deep neural networks over several data sources.


The inventors have developed algorithms that enable secure training of deep neural networks using multiple data repositories and a supercomputing resource. In this invention, steps of the neural network training process are distributed between one or more data repositories and a supercomputing resource, which maintains control over the architecture of the neural network. Importantly, raw labeled data are not directly shared between the data sources nor with the supercomputing resource. Furthermore, by distributing the training process between data repositories and a supercomputing resource, these methods reduce the computational requirements on individual data sources.

The inventors demonstrate that this distributed algorithm has similar performance as when all data is combined on a single machine. These methods can be modified to incorporate semi-supervised learning when training with a small amount of labeled data. This invention may be beneficial for applications when raw data sharing is not possible.


  • Enables computationally efficient and secure training of neural networks over multiple data entities
  • Yields similar performance as a regular neural network trained on a single machine
  • Useful for data-sensitive applications, such as in healthcare and finance