1,144 research outputs found

    A survey on vulnerability of federated learning: A learning algorithm perspective

    Get PDF
    Federated Learning (FL) has emerged as a powerful paradigm for training Machine Learning (ML), particularly Deep Learning (DL) models on multiple devices or servers while maintaining data localized at owners’ sites. Without centralizing data, FL holds promise for scenarios where data integrity, privacy and security and are critical. However, this decentralized training process also opens up new avenues for opponents to launch unique attacks, where it has been becoming an urgent need to understand the vulnerabilities and corresponding defense mechanisms from a learning algorithm perspective. This review paper takes a comprehensive look at malicious attacks against FL, categorizing them from new perspectives on attack origins and targets, and providing insights into their methodology and impact. In this survey, we focus on threat models targeting the learning process of FL systems. Based on the source and target of the attack, we categorize existing threat models into four types, Data to Model (D2M), Model to Data (M2D), Model to Model (M2M) and composite attacks. For each attack type, we discuss the defense strategies proposed, highlighting their effectiveness, assumptions and potential areas for improvement. Defense strategies have evolved from using a singular metric to excluding malicious clients, to employing a multifaceted approach examining client models at various phases. In this survey paper, our research indicates that the to-learn data, the learning gradients, and the learned model at different stages all can be manipulated to initiate malicious attacks that range from undermining model performance, reconstructing private local data, and to inserting backdoors. We have also seen these threat are becoming more insidious. While earlier studies typically amplified malicious gradients, recent endeavors subtly alter the least significant weights in local models to bypass defense measures. This literature review provides a holistic understanding of the current FL threat landscape and highlights the importance of developing robust, efficient, and privacy-preserving defenses to ensure the safe and trusted adoption of FL in real-world applications. The categorized bibliography can be found at: https://github.com/Rand2AI/Awesome-Vulnerability-of-Federated-Learning

    A survey on vulnerability of federated learning: A learning algorithm perspective

    Get PDF
    Federated Learning (FL) has emerged as a powerful paradigm for training Machine Learning (ML), particularly Deep Learning (DL) models on multiple devices or servers while maintaining data localized at owners’ sites. Without centralizing data, FL holds promise for scenarios where data integrity, privacy and security and are critical. However, this decentralized training process also opens up new avenues for opponents to launch unique attacks, where it has been becoming an urgent need to understand the vulnerabilities and corresponding defense mechanisms from a learning algorithm perspective. This review paper takes a comprehensive look at malicious attacks against FL, categorizing them from new perspectives on attack origins and targets, and providing insights into their methodology and impact. In this survey, we focus on threat models targeting the learning process of FL systems. Based on the source and target of the attack, we categorize existing threat models into four types, Data to Model (D2M), Model to Data (M2D), Model to Model (M2M) and composite attacks. For each attack type, we discuss the defense strategies proposed, highlighting their effectiveness, assumptions and potential areas for improvement. Defense strategies have evolved from using a singular metric to excluding malicious clients, to employing a multifaceted approach examining client models at various phases. In this survey paper, our research indicates that the to-learn data, the learning gradients, and the learned model at different stages all can be manipulated to initiate malicious attacks that range from undermining model performance, reconstructing private local data, and to inserting backdoors. We have also seen these threat are becoming more insidious. While earlier studies typically amplified malicious gradients, recent endeavors subtly alter the least significant weights in local models to bypass defense measures. This literature review provides a holistic understanding of the current FL threat landscape and highlights the importance of developing robust, efficient, and privacy-preserving defenses to ensure the safe and trusted adoption of FL in real-world applications. The categorized bibliography can be found at: https://github.com/Rand2AI/Awesome-Vulnerability-of-Federated-Learning

    If a Machine Could Talk, We Would Not Understand It: Canadian Innovation and the Copyright Act’s TPM Interoperability Framework

    Get PDF
    This analysis examines the legal implications of technological protection measures (‘‘TPMs”) under Canada’s Copyright Act. Through embedded computing systems and proprietary interfaces, TPMs are being used by original equipment manufacturers (‘‘OEMs”) of agricultural equipment to preclude reverse engineering and follow-on innovation. This has anti-competitive effects on Canada’s ‘‘shortline” agricultural equipment industry, which produces add-on or peripheral equipment used with OEM machinery. This requires interoperability between the interfaces, data formats, and physical connectors, which are often the subject of TPM control. Exceptions under the Act have provided little assistance to the shortline industry. The research question posed by this analysis is: how does the CanadianCopyright Act’s protection for TPMs and its interoperability exception impact follow-on innovation in secondary markets? Canada’s protection for TPMs and its interoperability exception is inadequate for protecting follow-on innovation in relation to computerized machinery and embedded systems. This is due to the Act’s broad protection for TPMs, yet limited conceptualization of interoperability as a process that exists only between two ‘‘computer programs”. In legally protecting TPMs which safeguard uncopyrightable processes, data formats and interfaces, the Act’s interoperability exception fails to address the need to access subjects of TPM protection that extend beyond computer programs. This results in an asymmetry of protection and renders the interoperability exception inadequate. This article proposes enacting regulations under the Act to provide new exceptions and limitations to TPM protections which would enable shortline innovation. Both the Copyright Act and the Canada-United States-Mexico Agreement envision such additional TPM exceptions where the effect of protection has adverse effects on competition in a secondary market. In exploring a path forward for Canada’s shortline industry, the article then examines approaches taken in the United States and France to illustrate potential avenues for TPM regulation in Canada

    Privacy-preserving artificial intelligence in healthcare: Techniques and applications

    Get PDF
    There has been an increasing interest in translating artificial intelligence (AI) research into clinically-validated applications to improve the performance, capacity, and efficacy of healthcare services. Despite substantial research worldwide, very few AI-based applications have successfully made it to clinics. Key barriers to the widespread adoption of clinically validated AI applications include non-standardized medical records, limited availability of curated datasets, and stringent legal/ethical requirements to preserve patients' privacy. Therefore, there is a pressing need to improvise new data-sharing methods in the age of AI that preserve patient privacy while developing AI-based healthcare applications. In the literature, significant attention has been devoted to developing privacy-preserving techniques and overcoming the issues hampering AI adoption in an actual clinical environment. To this end, this study summarizes the state-of-the-art approaches for preserving privacy in AI-based healthcare applications. Prominent privacy-preserving techniques such as Federated Learning and Hybrid Techniques are elaborated along with potential privacy attacks, security challenges, and future directions. [Abstract copyright: Copyright © 2023 The Author(s). Published by Elsevier Ltd.. All rights reserved.

    DeepMem: ML Models as storage channels and their (mis-)applications

    Full text link
    Machine learning (ML) models are overparameterized to support generality and avoid overfitting. Prior works have shown that these additional parameters can be used for both malicious (e.g., hiding a model covertly within a trained model) and beneficial purposes (e.g., watermarking a model). In this paper, we propose a novel information theoretic perspective of the problem; we consider the ML model as a storage channel with a capacity that increases with overparameterization. Specifically, we consider a sender that embeds arbitrary information in the model at training time, which can be extracted by a receiver with a black-box access to the deployed model. We derive an upper bound on the capacity of the channel based on the number of available parameters. We then explore black-box write and read primitives that allow the attacker to: (i) store data in an optimized way within the model by augmenting the training data at the transmitter side, and (ii) to read it by querying the model after it is deployed. We also analyze the detectability of the writing primitive and consider a new version of the problem which takes information storage covertness into account. Specifically, to obtain storage covertness, we introduce a new constraint such that the data augmentation used for the write primitives minimizes the distribution shift with the initial (baseline task) distribution. This constraint introduces a level of "interference" with the initial task, thereby limiting the channel's effective capacity. Therefore, we develop optimizations to improve the capacity in this case, including a novel ML-specific substitution based error correction protocol. We believe that the proposed modeling of the problem offers new tools to better understand and mitigate potential vulnerabilities of ML, especially in the context of increasingly large models

    Cloud Computing Services and Security Challenges: A Review

    Get PDF
    An architecture of computing that provides services over the internet on the demand and desires of users that pay for the accessible resources that are shared is refer as the cloud computing. These resources are shared over the cloud and users do not have to acquire them physically. Some of the shared resources are: software, hardware, networks, services, applications and servers. Almost every industry from hospitals to education is moving towards the cloud for storage of data because of managing the effective cost and time of organizing the resources physically on their space. Storage of data over the data centers provided in the form of clouds is the key service of the cloud computing. Users store their desired data on clouds that are publicly available over the internet and away from their boundaries in cost effective manner.  Therefore, techniques like encryption is used for obscuring the user’s information before uploading or storing to the shared cloud devices. The main aim of the techniques is to provide security to the data of users from unauthorized and malicious intrusions

    Exploring Strategies for Measuring Team Innovation in Small Financial Business

    Get PDF
    Small financial business leaders cannot maintain a competitive advantage without effectively measuring work team innovation. The purpose of this qualitative exploratory multiple case study was to explore the strategies that small financial business leaders use to measure work team innovation to maintain a competitive advantage. The conceptual framework undergirding this study was Schumpeter’s innovation management theory. The research question asked what strategies small financial business leaders use to effectively measure work team innovation to maintain a competitive advantage. Interview data were collected from 15 small financial business leaders who employ less than 100 employees in Madison, Chester, Gibson, Henderson, and Crockett counties in west Tennessee and are members of a local Chamber of Commerce. Data analysis used descriptive coding method. The findings showed that small financial business leaders understand the importance of using innovation appropriately in their organization to maximize organizational performance on the work team level. Small financial business leaders acknowledged the effect COVID-19 had on the work environment and that the focus of their organization should be on the customers’ needs over the needs of their organization. This study’s positive social change implications could be that small financial businesses that use innovation appropriately in their organization might increase customer satisfaction and increase organizational success

    Enhancing Security in Internet of Healthcare Application using Secure Convolutional Neural Network

    Get PDF
    The ubiquity of Internet of Things (IoT) devices has completely changed the healthcare industry by presenting previously unheard-of potential for remote patient monitoring and individualized care. In this regard, we suggest a unique method that makes use of Secure Convolutional Neural Networks (SCNNs) to improve security in Internet-of-Healthcare (IoH) applications. IoT-enabled healthcare has advanced as a result of the integration of IoT technologies, giving it impressive data processing powers and large data storage capacity. This synergy has led to the development of an intelligent healthcare system that is intended to remotely monitor a patient's medical well-being via a wearable device as a result of the ongoing advancement of the Industrial Internet of Things (IIoT). This paper focuses on safeguarding user privacy and easing data analysis. Sensitive data is carefully separated from user-generated data before being gathered. Convolutional neural network (CNN) technology is used to analyse health-related data thoroughly in the cloud while scrupulously protecting the privacy of the consumers.The paper provide a secure access control module that functions using user attributes within the IoT-Healthcare system to strengthen security. This module strengthens the system's overall security and privacy by ensuring that only authorised personnel may access and interact with the sensitive health data. The IoT-enabled healthcare system gets the capacity to offer seamless remote monitoring while ensuring the confidentiality and integrity of user information thanks to this integrated architecture

    Robust Watermarking Using FFT and Cordic QR Techniques

    Get PDF
    Digital media sharing and access in today’s world of the internet is very frequent for every user. The management of digital rights may come into threat easily as the accessibility of data through the internet become wide. Sharing digital information under security procedures can be easily compromised due to the various vulnerabilities floating over the internet. Existing research has been tied to protecting internet channels to ensure the safety of digital data. Researchers have investigated various encryption techniques to prevent digital rights management but certain challenges including external potential attacks cannot be avoided that may give unauthorized access to digital media. The proposed model endorsed the concept of watermarking in digital data to uplift media security and ensure digital rights management. The system provides an efficient procedure to conduct over-watermarking in digital audio signals and confirm the avoidance of ownership of the host data. The proposed technique uses a watermark picture as a signature that has been initially encrypted with Arnold's cat map and cyclic encoding before being embedded. The upper triangular R-matrix component of the energy band was then created by using the Fast Fourier transform and Cordic QR procedures to the host audio stream. Using PN random sequences, the encrypted watermarking image has been embedded in the host audio component of the R-matrix. The same procedure has been applied to extract the watermark image from the watermarked audio. The proposed model evaluates the quality of the watermarked audio and extracted watermark image. The average PSNR of the watermarked audio is found to be 37.01 dB. It has also been seen that the average PSNR, Normal cross-correlation, BER, SSMI (structure similarity index matric) value for the extracted watermark image is found to be 96.30 dB, 0.9042 units, 0.1033 units, and 0.9836 units respectively. Further, the model has been tested using various attacks to check its robustness. After applying attacks such as noising, filtering, cropping, and resampling on the watermarked audio, the watermark image has been extricated and its quality has been checked under the standard parameters. It has been found that the quality of the recovered watermark image satisfying enough to justify the digital ownership of the host audio. Hence, the proposed watermarking model attains a perfect balance between imperceptibility, payload, and robustness

    Academic writing for IT students

    Get PDF
    This textbook is intended for Master and PhD Information Technology students (B1-C1 level of English proficiency). The instructions of how to write a research paper in English and the relevant exercises are given. The peculiarities of each section of a paper are presented. The exercises are based on real science materials taken from peer-reviewed journals. The subject area covers a wide scope of different Information Technology domains
    corecore