<p>Modern machine learning (ML) systems, especially those trained or updated across multiple parties, are vulnerable to data poisoning, model theft, and adversarial manipulation when provenance and update integrity are not verifiable. Blockchain technology, renowned for its immutability, transparency, and decentralized nature, can provide tamper-evident provenance and auditable update trails that improve model trustworthiness when integrated carefully with federated learning (FL) workflows. We present a concrete, implementable hybrid architecture that integrates a permissioned blockchain (Hyperledger Fabric) with TensorFlow Federated to record per-sample and per-update provenance via Merkle-tree hashing and compact on-chain metadata. Our contribution includes (i) a gas-/storage-efficient on-chain metadata layout and Merkle-backed transaction format, (ii) a smart-contract-based anomaly-scoring verification routine for gradient filtering, and (iii) an analysis of PBFT-based validator sizing tuned for iterative FL rounds. We implemented the framework in a 10-client FL experiment (TensorFlow Federated + Hyperledger Fabric) on MNIST. Empirically, our system detected poisoned updates 18% faster than a baseline FL pipeline, increased final model accuracy from 97.1 to 97.5% (+ 0.4%) under targeted poisoning, and incurred modest overheads (+ 6% communication, + 8% energy).<!--Query ID="Q1" Text="Please confirm if the author names are presented accurately and in the correct sequence (given name, middle nameinitial, family name). Author 1 Given name: [Seid Mehammed] Last name [Abdu]; Author 4 Given name: [Md Nasre] Last name [Alam]; Author 5 Given name: [Armilyn Cosico] Last name [Fernandez]; Author 6 Given name: [Anna Beth Amante] Last name [Basco]. Also, kindly confirm the details in the metadata are correct." Resolved="yes"--> Implementation details include SHA-256 hashing, Merkle-tree batch commitments, PBFT consensus on a permissioned validator set, and off-chain storage of raw payloads (IPFS) with on-chain hashes. Our results demonstrate that careful co-design of on-chain provenance, compact metadata, and smart-contract audits can substantially increase FL robustness against poisoning and Sybil attacks while keeping latency and energy costs within practical bounds for consortium deployments.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Trustworthy AI for secure and robust machine learning through blockchain enabled data integrity

  • Seid Mehammed Abdu,
  • Girma Bewuketu,
  • Demeke Getaneh,
  • Md Nasre Alam,
  • Armilyn Cosico Fernandez,
  • Anna Beth Amante Basco,
  • Zafrul Hasan,
  • Mohammad Serajuddin

摘要

Modern machine learning (ML) systems, especially those trained or updated across multiple parties, are vulnerable to data poisoning, model theft, and adversarial manipulation when provenance and update integrity are not verifiable. Blockchain technology, renowned for its immutability, transparency, and decentralized nature, can provide tamper-evident provenance and auditable update trails that improve model trustworthiness when integrated carefully with federated learning (FL) workflows. We present a concrete, implementable hybrid architecture that integrates a permissioned blockchain (Hyperledger Fabric) with TensorFlow Federated to record per-sample and per-update provenance via Merkle-tree hashing and compact on-chain metadata. Our contribution includes (i) a gas-/storage-efficient on-chain metadata layout and Merkle-backed transaction format, (ii) a smart-contract-based anomaly-scoring verification routine for gradient filtering, and (iii) an analysis of PBFT-based validator sizing tuned for iterative FL rounds. We implemented the framework in a 10-client FL experiment (TensorFlow Federated + Hyperledger Fabric) on MNIST. Empirically, our system detected poisoned updates 18% faster than a baseline FL pipeline, increased final model accuracy from 97.1 to 97.5% (+ 0.4%) under targeted poisoning, and incurred modest overheads (+ 6% communication, + 8% energy). Implementation details include SHA-256 hashing, Merkle-tree batch commitments, PBFT consensus on a permissioned validator set, and off-chain storage of raw payloads (IPFS) with on-chain hashes. Our results demonstrate that careful co-design of on-chain provenance, compact metadata, and smart-contract audits can substantially increase FL robustness against poisoning and Sybil attacks while keeping latency and energy costs within practical bounds for consortium deployments.