The difficulty in acquiring a sufficient amount of training data is a major bottleneck for machine learning (ML) based data analytics. Recently, commoditizing ML models has been proposed as an economical and moderate solution to ML-oriented data acquisition. However, existing model marketplaces assume that the broker can access data owners' private training data, which may not be realistic in practice. In this paper, to promote trustworthy data acquisition for ML tasks, we propose FL-Market, a locally private model marketplace that protects privacy not only against model buyers but also against the untrusted broker. FL-Market decouples ML from the need to centrally gather training data on the broker's side using federated learning, an emerging privacy-preserving ML paradigm in which data owners collaboratively train an ML model by uploading local gradients (to be aggregated into a global gradient for model updating). Then, FL-Market enables data owners to locally perturb their gradients by local differential privacy and thus further prevents privacy risks. To drive FL-Market, we propose a deep learning-empowered auction mechanism for intelligently deciding the local gradients' perturbation levels and an optimal aggregation mechanism for aggregating the perturbed gradients. Our auction and aggregation mechanisms can jointly maximize the global gradient's accuracy, which optimizes model buyers' utility. Our experiments verify the effectiveness of the proposed mechanisms.

翻译：获取足量训练数据的困难是基于机器学习的数据分析的主要瓶颈。近年来，将机器学习模型商品化被提出作为面向数据获取的经济且适度的解决方案。然而，现有模型市场假设中介可以访问数据所有者的私有训练数据，这在实践中可能并不现实。本文中，为促进机器学习任务中可信的数据获取，我们提出FL-Market——一个局部私有模型市场，该市场不仅保护模型买家的隐私，还防止不可信中介的隐私泄露。FL-Market利用联邦学习（一种新兴的隐私保护机器学习范式，其中数据所有者通过上传局部梯度以聚合成用于模型更新的全局梯度，协作训练机器学习模型），将机器学习与在中介端集中收集训练数据的需求解耦。随后，FL-Market通过局部差分隐私使数据所有者能够局部扰动其梯度，从而进一步防止隐私风险。为驱动FL-Market，我们提出一种深度学习赋能的拍卖机制，用于智能决定局部梯度的扰动水平，以及一种最优聚合机制，用于聚合扰动梯度。我们的拍卖和聚合机制能共同最大化全局梯度的准确性，从而优化模型买家的效用。实验验证了所提机制的有效性。