← Work

Federated Learning for Privacy-Preserving Analytics

UCLA MEng Capstone · Cathay Bank, Los Angeles · March 2023 – Nov 2023

Cathay Bank wanted a fraud detection model that could learn from transaction data across multiple jurisdictions. CCPA and PIPL made it illegal to move raw customer records across borders, so centralised training on pooled data was out. The project built the mathematical and engineering foundations to close that gap.

Architecture

Each jurisdiction trains locally. Only gradient updates, clipped and noise-added before they leave the node, travel to the aggregation server. No raw data moves.

Aggregation server FedAvg · DP · median fallback Los Angeles CCPA jurisdiction Hong Kong APAC node Shanghai PIPL jurisdiction clipped + noisy gradients clipped + noisy gradients global model

The full mathematical treatment is published: Mathematical Foundations of Federated Learning for Privacy-Preserving Analytics

Non-IID convergence

Fraud patterns differ across branches. Naive gradient averaging under non-IID data causes client drift: the global model gets pulled toward incompatible local optima. Rather than tuning the local update frequency empirically, the optimal number of local steps before aggregation was derived analytically from the FedAvg convergence bound. The bound relates loss gap to gradient variance across clients, data heterogeneity, and local step count. Differentiating with respect to local steps and solving yields a closed-form expression: predictable behaviour across distribution shifts, no hyperparameter search needed.

Differential privacy

Each client clips its gradient update to a maximum L2 norm, then adds Gaussian noise calibrated to σ before the server aggregates. Privacy budget is tracked across rounds using the RDP moments accountant. The system satisfied both CCPA and PIPL data residency requirements simultaneously.

Robust aggregation

A Byzantine client can steer the global model by sending large adversarial updates. The system uses a hybrid mean by default, with automatic fallback to coordinate-wise median when the variance of incoming updates exceeds a threshold. The median is resistant to outliers by construction: adversarial values cannot shift it outside the range of honest inputs.

Results

Utility With differential privacy at regulatory thresholds (ε < 8), the model reached 98%+ AUC on fraud detection, within 2% of centralised training.
Residency Zero raw customer data crossed a border at any point. CCPA and PIPL data residency requirements satisfied simultaneously.

What's next

The model trained on Cathay's data is frozen, it cannot be released for the same data residency reasons the project was built to address. What's being built now is an open framework: bring any tabular fraud dataset, run it through the FL pipeline with differential privacy and Byzantine robustness, get a trained model with a verifiable privacy certificate. The plan is to host on Hugging Face with a Colab demo once real-data validation is complete.

Python · PyTorch · PySyft · RDP composition · Byzantine-robust aggregation