Does XGBoost support data encryption over the wire in distributed mode?

mengxr · August 6, 2018, 9:20pm

I didn’t find any reference in the doc/code, not sure if this is supported by some underlying framework.

hcho3 · August 7, 2018, 3:59pm

It depends on which tracker you use. See the selection at https://github.com/dmlc/dmlc-core/tree/master/tracker/dmlc_tracker. In particular, at least SSH will encrypt your data over the wire.

In general, security is best achieved by setting up some kind of virtual firewall so that access is prohibited from the world (0.0.0.0). For instance, if you are using Amazon Web Services, you can set up Security Groups so that workers will have unlimited access to one another but the world would have no access to any worker.

mengxr · August 7, 2018, 6:06pm

Does the SSH tracker cover data in transit during training? It seems the code only submits the jobs.

hcho3 · August 7, 2018, 6:20pm

Actually you may be right. So it would be safe to assume that data don’t get encrypted.

hcho3 · September 3, 2018, 10:47pm

It looks like XGBoost4J-Spark supports data encryption, thanks to Spark integration: https://github.com/dmlc/xgboost/issues/3647

qiyuangong · September 9, 2022, 12:34am

No. This issue and pull request didn’t add encryption support. In contrast, it just raises exception and warning to tell people that XGBoost’s network traffic is not protected when people enable spark.ssl.