1,656 research outputs found
Unlearnable Clusters: Towards Label-agnostic Unlearnable Examples
There is a growing interest in developing unlearnable examples (UEs) against
visual privacy leaks on the Internet. UEs are training samples added with
invisible but unlearnable noise, which have been found can prevent unauthorized
training of machine learning models. UEs typically are generated via a bilevel
optimization framework with a surrogate model to remove (minimize) errors from
the original samples, and then applied to protect the data against unknown
target models. However, existing UE generation methods all rely on an ideal
assumption called label-consistency, where the hackers and protectors are
assumed to hold the same label for a given sample. In this work, we propose and
promote a more practical label-agnostic setting, where the hackers may exploit
the protected data quite differently from the protectors. E.g., a m-class
unlearnable dataset held by the protector may be exploited by the hacker as a
n-class dataset. Existing UE generation methods are rendered ineffective in
this challenging setting. To tackle this challenge, we present a novel
technique called Unlearnable Clusters (UCs) to generate label-agnostic
unlearnable examples with cluster-wise perturbations. Furthermore, we propose
to leverage VisionandLanguage Pre-trained Models (VLPMs) like CLIP as the
surrogate model to improve the transferability of the crafted UCs to diverse
domains. We empirically verify the effectiveness of our proposed approach under
a variety of settings with different datasets, target models, and even
commercial platforms Microsoft Azure and Baidu PaddlePaddle. Code is available
at \url{https://github.com/jiamingzhang94/Unlearnable-Clusters}.Comment: CVPR202
Self-Ensemble Protection: Training Checkpoints Are Good Data Protectors
As data become increasingly vital for deep learning, a company would be very
cautious about releasing data, because the competitors could use the released
data to train high-performance models, thereby posing a tremendous threat to
the company's commercial competence. To prevent training good models on the
data, imperceptible perturbations could be added to it. Since such
perturbations aim at hurting the entire training process, they should reflect
the vulnerability of DNN training, rather than that of a single model. Based on
this new idea, we seek adversarial examples that are always unrecognized (never
correctly classified) in training. In this paper, we uncover them by modeling
checkpoints' gradients, forming the proposed self-ensemble protection (SEP),
which is very effective because (1) learning on examples ignored during normal
training tends to yield DNNs ignoring normal examples; (2) checkpoints'
cross-model gradients are close to orthogonal, meaning that they are as diverse
as DNNs with different architectures in conventional ensemble. That is, our
amazing performance of ensemble only requires the computation of training one
model. By extensive experiments with 9 baselines on 3 datasets and 5
architectures, SEP is verified to be a new state-of-the-art, e.g., our small
perturbations reduce the accuracy of a CIFAR-10 ResNet18
from 94.56\% to 14.68\%, compared to 41.35\% by the best-known method.Code is
available at https://github.com/Sizhe-Chen/SEP
Early-Stage Detection of Solid Oxide Cells Anode Degradation by Operando Impedance Analysis
Solid oxide cells represent one of the most efficient and promising electrochemical tech- nologies for hydrogen energy conversion. Understanding and monitoring degradation is essential for their full development and wide diffusion. Techniques based on electrochemical impedance spectroscopy and distribution of relaxation times of physicochemical processes occurring in solid oxide cells have attracted interest for the operando diagnosis of degradation. This research paper aims to validate the methodology developed by the authors in a previous paper, showing how such a diagnostic tool may be practically implemented. The validation methodology is based on applying an a priori known stress agent to a solid oxide cell operated in laboratory conditions and on the discrete measurement and deconvolution of electrochemical impedance spectra. Finally, experi- mental evidence obtained from a fully operando approach was counterchecked through ex-post material characterization
Federated learning for medical imaging radiology
Federated learning (FL) is gaining wide acceptance across the medical AI domains. FL promises to provide a fairly acceptable clinical-grade accuracy, privacy, and generalisability of machine learning models across multiple institutions. However, the research on FL for medical imaging AI is still in its early stages. This paper presents a review of recent research to outline the difference between state-of-the-art [SOTA] (published literature) and state-of-the-practice [SOTP] (applied research in realistic clinical environments). Furthermore, the review outlines the future research directions considering various factors such as data, learning models, system design, governance, and human-in-loop to translate the SOTA into SOTP and effectively collaborate across multiple institutions
Enhancing Federated Learning Robustness and Fairness in Non-IID Scenarios
Federated Learning is a distributed machine learning paradigm that allows multiple clients to
collaboratively train a joint model without sharing the raw data. Despite its advantages, FL faces the
security issues inherent to its decentralized nature, and FL clients often encounter unfair treatment
from the design that prioritizes server interests. Today, many studies have been proposed to mitigate
the research gap; nevertheless, in the absence of a non-IID setting, ensuring robustness and fairness
in FL remains an open problem. Therefore, in this thesis, we study several topics on the robustness
and fairness of FL in non-IID scenarios, including attack surface reduction, poisoning attack defense,
and implicit class-level fair enhancement.
We start by investigating FL's non-IID resource and propose the Mini FL framework. Based on a
predefined grouping principle, Mini FL assigns similar clients to different groups and aggregates them
respectively to achieve attack surface reduction. Then, we focus on defending against FL poisoning
attacks. For the Label Flipping Attack, we introduce the HSCS FL method. It evaluates the accuracy
of each class in both global and local models in each iteration. These accuracies are then translated
into a score, and only clients with top scores are included in the current aggregation. For the Class
Imbalance Attack, we introduce the Class-Balanced FL framework. This approach dynamically
determines the aggregation weight for each client, considering their potential contribution to the
current global model, thereby preventing the joint model biases toward specific data distributions.
Lastly, we propose the ICB FL method to enhance FL fairness. This framework enables the server to
identify implicit classes and dynamically distribute weights, ensuring a similar learning performance
across these implicit classes. We provide mathematical proofs for each scheme and framework we
proposed and conduct experiments to show their effectiveness
- …