Knowledge-Aware Privacy-Preserving Model Customization in Zero-Trust Federated Learning Model Marketplaces

Abstract

Federated learning (FL) model marketplaces require qualified workers to collaboratively train customized models. However, recruiting optimal workers on a limited budget in non-independent and identically distributed (non-IID) data settings remains a fundamental issue. Moreover, inadequate quality verification exposes the marketplace to spoofing and poisoning attacks, while verifying data and model quality without accessing local storage remains a significant dilemma. To bridge the research gap, this paper proposes a knowledge-aware model customization scheme in FL model marketplaces, to facilitate zero-trust worker recruitment and verification while ensuring privacy preservation. Specifically, (i) we design a knowledge-aware quality evaluation mechanism by leveraging the knowledge of workers, i.e., soft-label predictions of their local models on a privacy-free reference dataset (provided by the customer), to assess their data quality in a privacy-preserving manner. (ii) We formulate the optimal worker recruitment problem under budget constraints as an NP-hard integer programming problem and design a dynamic programming-based optimal worker recruitment algorithm with budget feasibility and computational efficiency. (iii) We devise a two-stage zero-trust quality verification mechanism by utilizing zero-knowledge proof (ZKP) to exclude distrustful workers, thereby preventing spoofing and poisoning attacks. Extensive experimental results demonstrate that the proposed scheme enhances model customization performance by up to 34.3% on label-skewed non-IID data and 36.2% on feature-skewed non-IID data compared with existing representatives.