A survey on vulnerability of federated learning: A learning algorithm perspective

Federated Learning (FL) has emerged as a powerful paradigm for training Machine Learning (ML), particularly Deep Learning (DL) models on multiple devices or servers while maintaining data localized at owners’ sites. Without centralizing data, FL holds promise for scenarios where data integrity, privacy and security and are critical. However, this decentralized training process also opens up new avenues for opponents to launch unique attacks, where it has been becoming an urgent need to understand the vulnerabilities and corresponding defense mechanisms from a learning algorithm perspective. This review paper takes a comprehensive look at malicious attacks against FL, categorizing them from new perspectives on attack origins and targets, and providing insights into their methodology and impact. In this survey, we focus on threat models targeting the learning process of FL systems. Based on the source and target of the attack, we categorize existing threat models into four types, Data to Model (D2M), Model to Data (M2D), Model to Model (M2M) and composite attacks. For each attack type, we discuss the defense strategies proposed, highlighting their effectiveness, assumptions and potential areas for improvement. Defense strategies have evolved from using a singular metric to excluding malicious clients, to employing a multifaceted approach examining client models at various phases. In this survey paper, our research indicates that the to-learn data, the learning gradients, and the learned model at different stages all can be manipulated to initiate malicious attacks that range from undermining model performance, reconstructing private local data, and to inserting backdoors. We have also seen these threat are becoming more insidious. While earlier studies typically amplified malicious gradients, recent endeavors subtly alter the least significant weights in local models to bypass defense measures. This literature review provides a holistic understanding of the current FL threat landscape and highlights the importance of developing robust, efficient, and privacy-preserving defenses to ensure the safe and trusted adoption of FL in real-world applications. The categorized bibliography can be found at: https://github.com/Rand2AI/Awesome-Vulnerability-of-Federated-Learning

A survey on vulnerability of federated learning: A learning algorithm perspective

Federated Learning (FL) has emerged as a powerful paradigm for training Machine Learning (ML), particularly Deep Learning (DL) models on multiple devices or servers while maintaining data localized at owners’ sites. Without centralizing data, FL holds promise for scenarios where data integrity, privacy and security and are critical. However, this decentralized training process also opens up new avenues for opponents to launch unique attacks, where it has been becoming an urgent need to understand the vulnerabilities and corresponding defense mechanisms from a learning algorithm perspective. This review paper takes a comprehensive look at malicious attacks against FL, categorizing them from new perspectives on attack origins and targets, and providing insights into their methodology and impact. In this survey, we focus on threat models targeting the learning process of FL systems. Based on the source and target of the attack, we categorize existing threat models into four types, Data to Model (D2M), Model to Data (M2D), Model to Model (M2M) and composite attacks. For each attack type, we discuss the defense strategies proposed, highlighting their effectiveness, assumptions and potential areas for improvement. Defense strategies have evolved from using a singular metric to excluding malicious clients, to employing a multifaceted approach examining client models at various phases. In this survey paper, our research indicates that the to-learn data, the learning gradients, and the learned model at different stages all can be manipulated to initiate malicious attacks that range from undermining model performance, reconstructing private local data, and to inserting backdoors. We have also seen these threat are becoming more insidious. While earlier studies typically amplified malicious gradients, recent endeavors subtly alter the least significant weights in local models to bypass defense measures. This literature review provides a holistic understanding of the current FL threat landscape and highlights the importance of developing robust, efficient, and privacy-preserving defenses to ensure the safe and trusted adoption of FL in real-world applications. The categorized bibliography can be found at: https://github.com/Rand2AI/Awesome-Vulnerability-of-Federated-Learning

Practical implementation of a dependently typed functional programming language

Types express a program's meaning, and checking types ensures that a program has the intended meaning. In a dependently typed programming language types are predicated on values, leading to the possibility of expressing invariants of a program's behaviour in its type. Dependent types allow us to give more detailed meanings to programs, and hence be more confident of their correctness. This thesis considers the practical implementation of a dependently typed programming language, using the Epigram notation defined by McBride and McKinna. Epigram is a high level notation for dependently typed functional programming elaborating to a core type theory based on Lu๙s UTT, using Dybjer's inductive families and elimination rules to implement pattern matching. This gives us a rich framework for reasoning about programs. However, a naive implementation introduces several run-time overheads since the type system blurs the distinction between types and values; these overheads include the duplication of values, and the storage of redundant information and explicit proofs. A practical implementation of any programming language should be as efficient as possible; in this thesis we see how the apparent efficiency problems of dependently typed programming can be overcome and that in many cases the richer type information allows us to apply optimisations which are not directly available in traditional languages. I introduce three storage optimisations on inductive families; forcing, detagging and collapsing. I further introduce a compilation scheme from the core type theory to G-machine code, including a pattern matching compiler for elimination rules and a compilation scheme for efficient run-time implementation of Peano's natural numbers. We also see some low level optimisations for removal of identity functions, unused arguments and impossible case branches. As a result, we see that a dependent type theory is an effective base on which to build a feasible programming language

The Anatomy of Sight: Poetic Eyedentity in Shakespeare’s Sonnets to the Fair Youth

Travail d’Étude et de Recherche présenté par Benoît Bondroit en vue de l’obtention du Master 1, sous la direction de Madame Mireille Ravassat, Département d’Anglais de la Faculté de Lettres, Langues, Arts et Sciences Humaines, Université de Valenciennes et du Hainaut-Cambrésis. Acknowledgements And then the lover,Sighing like furnace, with a woeful balladMade to his mistress’ eyebrow. As You Like It, 2.7.147-9 I wish to express my gratitude to the Société Française Shakespeare for awarding..

Peter, le langage qui n’existe pas...

“Inside every large language is a small language struggling to get out ...” [Igarashi et al. 2001]“... and inside every small language is a sharp extension looking for better expressivity ...” [Liquori & Spiwack 2008]It is my privilege and pleasure to introduce Peter, the language that does not exist... The Peter language contains almost the linguistic features I have introduced and investigated in the field of functional and object-oriented programming, plus some new features not published yet. In Peter’s Habilitation, I will try to limit as much as possible the mathematical overhead and the technicalities (e.g. full set of rules, full proofs of theorems, etc.). In my opinion, the habilitation thesis should not be a mere translation of the candidate’s most successful papers (3), nor a commented curriculum vitæ, nor a survey of all the related works in his scientific area (4), just to mention a few “classic Habilitation styles”. It is my opinion that it should be short in length since it is experienced that a very few Habilitation thesis are really downloaded, cited and read. Oftenly, habilitation thesis are not even made accessible on the Web. Peter’s Habilitation will be based on the following three points: • (Modularity) I will present a (Turing complete) kernel of Peter, called Baby Peter, and I will continue in the rest of the Habilitation to extend it in a modular fashion until the final extension, called Wise Peter. Baby Peter is a functional language with object-oriented features equipped with a sound type system. Peter bears some similarities to Atsushi, Benjamin and Phil’s Featherweight Java [IPW01] and Alonso Church’s typed lambda calculus [Chu41]. The main difference lies in an ad hoc exception-handling mechanism allowing the programmer to choose the type system according to her/his necessities and goals. Even more, it allows the programmer to write her/his own type system (see item (Type-programmable)). Some chapters will focus on operational semantics, some others on type systems, some others on both. All topics will be treated in a “lightweight fashion”. Examples of extensions are for instance mixing class-based and pure object-based features, but also improving proof languages à la LF with pattern matching facilities and including those metalanguages to Peter in order to mix algorithms and their correctness proofs. • (Verbatim-like) Instead of annoying the reader with a plain French translation of some of my most relevant papers (6), I will show, for each extension, only some key rules of the operational semantics or of the type system (every system has at least a key rule...) and some motivating examples. I do not plan to prove type soundness for each extension of Peter: the whole soundness of Wise Peter is left as a challenge for the “next” user friendly proof assistant.• (Type-programmable) Type systems for programming languages and proof languages are fixed a priori by language designers; type systems are not first class citizens. To my little knowledge, no language allows the programmer to build, choose, or mix type systems. The idea of modifying the type discipline at compile time is not completely new; a quite inspiring work has been done by the “visionary-6-pages” paper by Gilad in 2004 [Bra04] called Pluggable Type Systems. The possibility to mixing type systems and using it as a first class citizens is an interesting research strand that will constitute an original contribution in Peter’s Habilitation. With the intention of disseminating science in a simple, clear and pedagogical way, and inspired by the works of Kim [Bru99, TKB01, BDKT03, RBC+ 05, Bru02] and Gilles [Dow03, Dow07], I wish you a very nice reading of the Peter’s Habilitation. 3 Although certain parts are taken of my articles. 4 The typographic convention is that references to my papers are in “numeric” style while references to other papers are in “alphanumeric” style. 6 We provide a CD and a Web site with all my papers.C’est mon privilege et plaisir d’introduire Peter, le langage qui n’existe pas... Le langage Peter contient quasiment tous les aspects linguistiques que j’ai introduits et étudiés dans le domaine de la programmation fonctionnelle et objets, ainsi que quelques idées qui n’ont pas encore été publiées. Dans l’habilitation de Peter, la démarche que je suivrai consiste à essayer de limiter les détails concernant les aspects théoriques et techniques (c-à-d. les ensembles complets des règles de typage, suites de théorèmes abscons, etc.). Mon mémoire d’habilitation ne sera pas une traduction brutale des différents articles publiés (1), ni un curriculum vitæ commenté, ni un panorama de tous les articles dans un domaine scientifique (2), pour ne citer que quelques styles classiques de thèses d’habilitation. Tout d’abord elle sera courte car l’expérience enseigne que très peu de thèses d’habilitation sont réellement téléchargées, citées et lues. Très souvent, les thèses d’habilitation ne sont même pas accessibles sur le Web. L’Habilitation de Peter sera fondée sur les trois « dogmes » suivants: • (Modularité) Je commencerai par le plus petit fragment complet (au sens de Turing) de Peter, appelée Baby Peter et je continuerai de façon modulaire, d’extension en extension, jusqu’à l’extension finale appelée Sage Peter. Baby Peter est un langage fonctionnel avec des constructions linguistiques orientées objet et un système de types correct. Peter partage quelques similitudes avec Featherweight Java de Atsushi, Benjamin et Phil [IPW01] et le lambda calcul typé de Alonso (Church) [Chu41]. La différence principale entre Featherweight Java et Peter, est un mécanisme d’exceptions ad hoc, qui permet au programmeur de décider quel système de types sera le plus adapté à l’egard de ses nécessités et objectifs. En plus, ce mécanisme permet au programmeur d'écrire son système de types (voir point Type-programmable). Certains chapitres seront focalisés sur un nouveau système de types, tandis que, dans d’autres chapitres, l’extension sera associée à une extension de la syntaxe et du système de types. Tous les arguments seront traités d’une façon accessible au plus grand nombre de lecteurs. Comme exemples d’extensions, je citerai une forme nouvelle d'héritage multiple, une extension de Peter qui permettra à un objet de « s'échapper de sa classe », une extension de Peter avec filtrage évolué et enfin une extension de Peter qui permettra de mélanger algorithmes et preuves de correction d’algorithmes.• (Verbatim-like) Plutôt que d'asséner à mes lecteurs une traduction française mot-à-mot de mes articles scientifiques (5), j’ai privilegié une présentation simple de chaque extension, utilisant uniquement quelques règles clés de la sémantique opérationnelle ou du système de types (il y a toujours une règle clé...), en ajoutant immédiatement des exemples pour motiver et comprendre son utilisation correcte. Je ne prouverai pas la propriété de complétude de chaque système de types qui étend Peter : la complétude de Sage Peter est proposée en défi au prochain assistant à la preuve convivial. • (Type-programmable) Les systèmes de types pour les langages de programmation et pour la preuve sont fixés a priori par leurs concepteurs et ne sont pas des objets de première classe pouvant être modifiés ou simplement utilisés par le programmeur qui en subit les qualités et les faiblesses. À ma connaissance, aucun langage ne permet au programmeur de « programmer » sa discipline de types personnelle. L’idée de modifier la discipline de typage à la compilation n’est pas très nouvelle ; un article « visionnaire » de 6 pages, qui m'a eclairé, a été Pluggable Type System de Gilad [Bra04] sorti en 2004. La possibilité de permettre au programmeur d'écrire sa propre discipline de typage et de l’utiliser à la volée est par elle-même une contribution originale dans l’habilitation de Peter. Avec l’envie de diffuser la connaissance scientifique de façon simple, claire et pédagogique, inspiré par les ouvrages de Kim [Bru99,TKB01, BDKT03, RBC+ 05, Bru02] et Gilles [Dow03, Dow07], il ne me reste plus qu'à vous souhaiter une bonne lecture de l’habilitation de Peter. 1. Bien que certaines parties soient tirées de mes articles. 2. La convention typographique est que les référence à mes articles soit en style « numérique » tandis que les références à d’autres articles soit en « alphanumérique ». 5 Un CD et un site web contiendront tous mes articles. <br

Turing-Completeness as Medium: Art, Computers and Intentionality

This PhD is a practice-based study of how the computer functions in art practice, which takes on the notion of a fine art computing “medium”. Current research, while sometimes referencing the computer as a potential art medium, mostly defines it non-explicitly as a type of “hybrid” media device or some sort of “multimedia” machine. These terms leave the existence of a specific computing medium in art practice undefined and have historically led the analysis of artworks that employ computers to rely on critical frameworks that were either developed for earlier physical media, or have no structural similarities to computers. Such approaches can fail to examine unique ontological issues that arise - especially at a structural level - when using a computer to produce art. To achieve a formal description of a hitherto loosely defined (or non-defined) art medium, the research employs a range of critical and theoretical material from fields outside art practice, chiefly among them Alan Turing’s definition of a "a(utomatic)-machine", (nowadays called a “Turing machine”) from his 1936 paper "On Computable Numbers, with an Application to the Entscheidungsproblem". Turing described a machine which can “simulate” any other computing machine including all modern computers. His machine is here used to propose a ‘Turing-complete medium’ of art, of which every computer is a computationally equivalent member. Using this perspective/definition, the research undertook an investigation of a ‘Turing-complete medium’ by developing creative practice in the form of individual works that explored specific aspects of computing systems. The research then engaged in a written analysis of the practice, again employing the concept of a ‘Turing-complete medium’, working towards the development of medium-specific critique of any art made with any computer. In foregrounding the nature and functions of computing machines, the research explores how these elements can be made intrinsic to our interpretations of computer-based art while also being aware of the limitations of medium-specific critique as exposed within the modernist tradition

Synthesis and axiomatisation for structural equivalences in the Petri Box Calculus

PhD ThesisThe Petri Box Calculus (PBC) consists of an algebra of box expressions, and a corresponding algebra of boxes (a class of labelled Petri nets). A compo- sitional semantics provides a translation from box expressions to boxes. The synthesis problem is to provide an algorithmic translation from boxes to box expressions. The axiomatisation problem is to provide a sound and complete axiomatisation for the fragment of the calculus under consideration, which captures a particular notion of equivalence for boxes. There are several alternative ways of defining an equivalence notion for boxes, the strongest one being net isomorphism. In this thesis, the synthesis and axiomatisation problems are investigated for net semantic isomorphism, and a slightly weaker notion of equivalence, called duplication equivalence, which can still be argued to capture a very close structural similarity of con- current systems the boxes are supposed to represent. In this thesis, a structured approach to developing a synthesis algorithm is proposed, and it is shown how this may be used to provide a framework for the production of a sound and complete axiomatisation. This method is used for several different fragments of the Petri Box Calculus, and for gener- ating axiomatisations for both isomorphism and duplication equivalence. In addition, the algorithmic problems of checking equivalence of boxes and box expressions, and generating proofs of equivalence are considered as extensions to the synthesis algorithm

Towards Optimal and Practical Asynchronous Byzantine Fault Tolerant Protocols

With recent advancements in blockchain technology, people expect Byzantine fault tolerant (BFT) protocols to be deployed more frequently in wide-area networks (WAN) as opposed to conventional in-house settings. Asynchronous BFT protocols, which do not rely on any form of timing assumption, are arguably robust in such a setting. Asynchronous BFT protocols have been studied since the 1980s, but these asynchronous BFT works mainly focus on understanding the theoretical limits and possibilities. Until the recent asynchronous BFT protocol, HoneyBadgerBFT (HBBFT), was proposed, the field received renewed attention. Dumbo family, a series of our works on the asynchronous BFT protocols, significantly pushed those protocols towards practice. First, all complexity metrics are pushed down to asymptotically optimal, simultaneously. Second, we identify the bottleneck in the state of the art and revisit the design methodology, identifying and utilizing the right components, and optimizing the protocol structure in various ways. Last but not least, we also open the box and optimize the critical components themselves. The resulting protocols are indeed significantly more performant, the latest protocol can have 100K tps and a few seconds of latency at a reasonable scale. This thesis focuses on the latest three members of the Dumbo family. To begin, we solved an open problem by proposing an optimal Multi-valued validated asynchronous Byzantine agreement protocol. Next, we present Dumbo-NG to address the challenge of latency-throughput tension by redesigning the methodology of asynchronous BFT protocols. Another benefit of the new methodology is that it can conquer the censorship threat without extra cost. Furthermore, we consider a realistic environment and present Bolt-Dumbo Transformer (BDT), a generic framework for practical optimistic asynchronous BFT to achieve the "best of both worlds" in terms of the advantages of deterministic BFT and randomized (asynchronous) BFT