1,476 research outputs found
Parameter Privacy versus Control Performance: Fisher Information Regularized Control
This article introduces and solves a new privacy-related optimization problem for cyber-physical systems where an adversary tries to learn the system dynamics. In the context of linear quadratic systems, we consider the problem of achieving a small cost while balancing the need for keeping knowledge about the model's parameters private. To this end, we formulate a Fisher information regularized version of the linear quadratic regulator with cheap cost. Here the control operator is allowed to not only control the plant but also mask its state by injecting further noise. Within the class of linear policies with additive noise, we solve this problem and show that the optimal noise distribution is Gaussian with state dependent covariance. Next, we prove that the optimal linear feedback law is the same as without regularization. Finally, to motivate our proposed scheme, we formulate an equivalent minimax problem for the worst-case scenario in which the adversary has full knowledge of all other inputs and outputs. Here, our policies are minimax optimal with respect to maximizing the variance over all unbiased estimators
Information-Theoretic Privacy through Chaos Synchronization and Optimal Additive Noise
We study the problem of maximizing privacy of data sets by adding random
vectors generated via synchronized chaotic oscillators. In particular, we
consider the setup where information about data sets, queries, is sent through
public (unsecured) communication channels to a remote station. To hide private
features (specific entries) within the data set, we corrupt the response to
queries by adding random vectors. We send the distorted query (the sum of the
requested query and the random vector) through the public channel. The
distribution of the additive random vector is designed to minimize the mutual
information (our privacy metric) between private entries of the data set and
the distorted query. We cast the synthesis of this distribution as a convex
program in the probabilities of the additive random vector. Once we have the
optimal distribution, we propose an algorithm to generate pseudo-random
realizations from this distribution using trajectories of a chaotic oscillator.
At the other end of the channel, we have a second chaotic oscillator, which we
use to generate realizations from the same distribution. Note that if we obtain
the same realizations on both sides of the channel, we can simply subtract the
realization from the distorted query to recover the requested query. To
generate equal realizations, we need the two chaotic oscillators to be
synchronized, i.e., we need them to generate exactly the same trajectories on
both sides of the channel synchronously in time. We force the two chaotic
oscillators into exponential synchronization using a driving signal.
Simulations are presented to illustrate our results.Comment: arXiv admin note: text overlap with arXiv:1809.03133 by other author
Robust Networks: Neural Networks Robust to Quantization Noise and Analog Computation Noise Based on Natural Gradient
abstract: Deep neural networks (DNNs) have had tremendous success in a variety of
statistical learning applications due to their vast expressive power. Most
applications run DNNs on the cloud on parallelized architectures. There is a need
for for efficient DNN inference on edge with low precision hardware and analog
accelerators. To make trained models more robust for this setting, quantization and
analog compute noise are modeled as weight space perturbations to DNNs and an
information theoretic regularization scheme is used to penalize the KL-divergence
between perturbed and unperturbed models. This regularizer has similarities to
both natural gradient descent and knowledge distillation, but has the advantage of
explicitly promoting the network to and a broader minimum that is robust to
weight space perturbations. In addition to the proposed regularization,
KL-divergence is directly minimized using knowledge distillation. Initial validation
on FashionMNIST and CIFAR10 shows that the information theoretic regularizer
and knowledge distillation outperform existing quantization schemes based on the
straight through estimator or L2 constrained quantization.Dissertation/ThesisMasters Thesis Computer Engineering 201
Privacy Against Adversarial Classification in Cyber-Physical Systems
For a class of Cyber-Physical Systems (CPSs), we address the problem of
performing computations over the cloud without revealing private information
about the structure and operation of the system. We model CPSs as a collection
of input-output dynamical systems (the system operation modes). Depending on
the mode the system is operating on, the output trajectory is generated by one
of these systems in response to driving inputs. Output measurements and driving
inputs are sent to the cloud for processing purposes. We capture this
"processing" through some function (of the input-output trajectory) that we
require the cloud to compute accurately - referred here as the trajectory
utility. However, for privacy reasons, we would like to keep the mode private,
i.e., we do not want the cloud to correctly identify what mode of the CPS
produced a given trajectory. To this end, we distort trajectories before
transmission and send the corrupted data to the cloud. We provide mathematical
tools (based on output-regulation techniques) to properly design distorting
mechanisms so that: 1) the original and distorted trajectories lead to the same
utility; and the distorted data leads the cloud to misclassify the mode
- …