Unlearnable Clusters: Towards Label-agnostic Unlearnable Examples

There is a growing interest in developing unlearnable examples (UEs) against visual privacy leaks on the Internet. UEs are training samples added with invisible but unlearnable noise, which have been found can prevent unauthorized training of machine learning models. UEs typically are generated via a bilevel optimization framework with a surrogate model to remove (minimize) errors from the original samples, and then applied to protect the data against unknown target models. However, existing UE generation methods all rely on an ideal assumption called label-consistency, where the hackers and protectors are assumed to hold the same label for a given sample. In this work, we propose and promote a more practical label-agnostic setting, where the hackers may exploit the protected data quite differently from the protectors. E.g., a m-class unlearnable dataset held by the protector may be exploited by the hacker as a n-class dataset. Existing UE generation methods are rendered ineffective in this challenging setting. To tackle this challenge, we present a novel technique called Unlearnable Clusters (UCs) to generate label-agnostic unlearnable examples with cluster-wise perturbations. Furthermore, we propose to leverage VisionandLanguage Pre-trained Models (VLPMs) like CLIP as the surrogate model to improve the transferability of the crafted UCs to diverse domains. We empirically verify the effectiveness of our proposed approach under a variety of settings with different datasets, target models, and even commercial platforms Microsoft Azure and Baidu PaddlePaddle. Code is available at \url{https://github.com/jiamingzhang94/Unlearnable-Clusters}.Comment: CVPR202

Self-Ensemble Protection: Training Checkpoints Are Good Data Protectors

As data become increasingly vital for deep learning, a company would be very cautious about releasing data, because the competitors could use the released data to train high-performance models, thereby posing a tremendous threat to the company's commercial competence. To prevent training good models on the data, imperceptible perturbations could be added to it. Since such perturbations aim at hurting the entire training process, they should reflect the vulnerability of DNN training, rather than that of a single model. Based on this new idea, we seek adversarial examples that are always unrecognized (never correctly classified) in training. In this paper, we uncover them by modeling checkpoints' gradients, forming the proposed self-ensemble protection (SEP), which is very effective because (1) learning on examples ignored during normal training tends to yield DNNs ignoring normal examples; (2) checkpoints' cross-model gradients are close to orthogonal, meaning that they are as diverse as DNNs with different architectures in conventional ensemble. That is, our amazing performance of ensemble only requires the computation of training one model. By extensive experiments with 9 baselines on 3 datasets and 5 architectures, SEP is verified to be a new state-of-the-art, e.g., our small $\ell_\infty=2/255$ perturbations reduce the accuracy of a CIFAR-10 ResNet18 from 94.56\% to 14.68\%, compared to 41.35\% by the best-known method.Code is available at https://github.com/Sizhe-Chen/SEP

Early-Stage Detection of Solid Oxide Cells Anode Degradation by Operando Impedance Analysis

Solid oxide cells represent one of the most efficient and promising electrochemical tech- nologies for hydrogen energy conversion. Understanding and monitoring degradation is essential for their full development and wide diffusion. Techniques based on electrochemical impedance spectroscopy and distribution of relaxation times of physicochemical processes occurring in solid oxide cells have attracted interest for the operando diagnosis of degradation. This research paper aims to validate the methodology developed by the authors in a previous paper, showing how such a diagnostic tool may be practically implemented. The validation methodology is based on applying an a priori known stress agent to a solid oxide cell operated in laboratory conditions and on the discrete measurement and deconvolution of electrochemical impedance spectra. Finally, experi- mental evidence obtained from a fully operando approach was counterchecked through ex-post material characterization

Federated learning for medical imaging radiology

Federated learning (FL) is gaining wide acceptance across the medical AI domains. FL promises to provide a fairly acceptable clinical-grade accuracy, privacy, and generalisability of machine learning models across multiple institutions. However, the research on FL for medical imaging AI is still in its early stages. This paper presents a review of recent research to outline the difference between state-of-the-art [SOTA] (published literature) and state-of-the-practice [SOTP] (applied research in realistic clinical environments). Furthermore, the review outlines the future research directions considering various factors such as data, learning models, system design, governance, and human-in-loop to translate the SOTA into SOTP and effectively collaborate across multiple institutions

Enhancing Federated Learning Robustness and Fairness in Non-IID Scenarios

Federated Learning is a distributed machine learning paradigm that allows multiple clients to collaboratively train a joint model without sharing the raw data. Despite its advantages, FL faces the security issues inherent to its decentralized nature, and FL clients often encounter unfair treatment from the design that prioritizes server interests. Today, many studies have been proposed to mitigate the research gap; nevertheless, in the absence of a non-IID setting, ensuring robustness and fairness in FL remains an open problem. Therefore, in this thesis, we study several topics on the robustness and fairness of FL in non-IID scenarios, including attack surface reduction, poisoning attack defense, and implicit class-level fair enhancement. We start by investigating FL's non-IID resource and propose the Mini FL framework. Based on a predefined grouping principle, Mini FL assigns similar clients to different groups and aggregates them respectively to achieve attack surface reduction. Then, we focus on defending against FL poisoning attacks. For the Label Flipping Attack, we introduce the HSCS FL method. It evaluates the accuracy of each class in both global and local models in each iteration. These accuracies are then translated into a score, and only clients with top scores are included in the current aggregation. For the Class Imbalance Attack, we introduce the Class-Balanced FL framework. This approach dynamically determines the aggregation weight for each client, considering their potential contribution to the current global model, thereby preventing the joint model biases toward specific data distributions. Lastly, we propose the ICB FL method to enhance FL fairness. This framework enables the server to identify implicit classes and dynamically distribute weights, ensuring a similar learning performance across these implicit classes. We provide mathematical proofs for each scheme and framework we proposed and conduct experiments to show their effectiveness