2,491 research outputs found
A survey on vulnerability of federated learning: A learning algorithm perspective
Federated Learning (FL) has emerged as a powerful paradigm for training Machine Learning (ML), particularly Deep Learning (DL) models on multiple devices or servers while maintaining data localized at owners’ sites. Without centralizing data, FL holds promise for scenarios where data integrity, privacy and security and are critical. However, this decentralized training process also opens up new avenues for opponents to launch unique attacks, where it has been becoming an urgent need to understand the vulnerabilities and corresponding defense mechanisms from a learning algorithm perspective. This review paper takes a comprehensive look at malicious attacks against FL, categorizing them from new perspectives on attack origins and targets, and providing insights into their methodology and impact. In this survey, we focus on threat models targeting the learning process of FL systems. Based on the source and target of the attack, we categorize existing threat models into four types, Data to Model (D2M), Model to Data (M2D), Model to Model (M2M) and composite attacks. For each attack type, we discuss the defense strategies proposed, highlighting their effectiveness, assumptions and potential areas for improvement. Defense strategies have evolved from using a singular metric to excluding malicious clients, to employing a multifaceted approach examining client models at various phases. In this survey paper, our research indicates that the to-learn data, the learning gradients, and the learned model at different stages all can be manipulated to initiate malicious attacks that range from undermining model performance, reconstructing private local data, and to inserting backdoors. We have also seen these threat are becoming more insidious. While earlier studies typically amplified malicious gradients, recent endeavors subtly alter the least significant weights in local models to bypass defense measures. This literature review provides a holistic understanding of the current FL threat landscape and highlights the importance of developing robust, efficient, and privacy-preserving defenses to ensure the safe and trusted adoption of FL in real-world applications. The categorized bibliography can be found at: https://github.com/Rand2AI/Awesome-Vulnerability-of-Federated-Learning
A survey on vulnerability of federated learning: A learning algorithm perspective
Federated Learning (FL) has emerged as a powerful paradigm for training Machine Learning (ML), particularly Deep Learning (DL) models on multiple devices or servers while maintaining data localized at owners’ sites. Without centralizing data, FL holds promise for scenarios where data integrity, privacy and security and are critical. However, this decentralized training process also opens up new avenues for opponents to launch unique attacks, where it has been becoming an urgent need to understand the vulnerabilities and corresponding defense mechanisms from a learning algorithm perspective. This review paper takes a comprehensive look at malicious attacks against FL, categorizing them from new perspectives on attack origins and targets, and providing insights into their methodology and impact. In this survey, we focus on threat models targeting the learning process of FL systems. Based on the source and target of the attack, we categorize existing threat models into four types, Data to Model (D2M), Model to Data (M2D), Model to Model (M2M) and composite attacks. For each attack type, we discuss the defense strategies proposed, highlighting their effectiveness, assumptions and potential areas for improvement. Defense strategies have evolved from using a singular metric to excluding malicious clients, to employing a multifaceted approach examining client models at various phases. In this survey paper, our research indicates that the to-learn data, the learning gradients, and the learned model at different stages all can be manipulated to initiate malicious attacks that range from undermining model performance, reconstructing private local data, and to inserting backdoors. We have also seen these threat are becoming more insidious. While earlier studies typically amplified malicious gradients, recent endeavors subtly alter the least significant weights in local models to bypass defense measures. This literature review provides a holistic understanding of the current FL threat landscape and highlights the importance of developing robust, efficient, and privacy-preserving defenses to ensure the safe and trusted adoption of FL in real-world applications. The categorized bibliography can be found at: https://github.com/Rand2AI/Awesome-Vulnerability-of-Federated-Learning
Application of reinforcement learning in robotic disassembly operations
Disassembly is a key step in remanufacturing. To increase the level of automation in disassembly, it is necessary to use robots that can learn to perform new tasks by themselves rather than having to be manually reprogrammed every time there is a different job. Reinforcement Learning (RL) is a machine learning technique that enables the robots to learn by trial and error rather than being explicitly programmed.
In this thesis, the application of RL to robotic disassembly operations has been studied. Firstly, a literature review on robotic disassembly and the application of RL in contact-rich tasks has been conducted in Chapter 2.
To physically implement RL in robotic disassembly, the task of removing a bolt from a door chain lock has been selected as a case study, and a robotic training platform has been built for this implementation in Chapter 3. This task is chosen because it can demonstrate the capabilities of RL to pathfinding and dealing with reaction forces without explicitly specifying the target coordinates or building a force feedback controller. The robustness of the learned policies against the imprecision of the robot is studied by a proposed method to actively lower the precision of the robots. It has been found that the robot can learn successfully even when the precision is lowered to as low as ±0.5mm. This work also investigates whether learned policies can be transferred among robots with different precisions. Experiments have been performed by training a robot with a certain precision on a task and replaying the learned skills on a robot with different precision. It has been found that skills learned by a low-precision robot can perform better on a robot with higher precision, and skills learned by a high-precision robot have worse performance on robots with lower precision, as it is suspected that the policies trained on high-precision robots have been overfitted to the precise robots.
In Chapter 4, the approach of using a digital-twin-assisted simulation-to-reality transfer to accelerate the learning performance of the RL has been investigated. To address the issue of identifying the system parameters, such as the stiffness and damping of the contact models, that are difficult to measure directly but are critical for building the digital twins of the environments, system identification method is used to minimise the discrepancy between the response generated from the physical and digital environments by using the Bees Algorithm. It is found that the proposed method effectively increases RL's learning performance. It is also found that it is possible to have worse performance with the sim-to-real transfer if the reality gap is not effectively addressed. However, increasing the size of the dataset and optimisation cycles have been demonstrated to reduce the reality gap and lead to successful sim-to-real transfers.
Based on the training task described in Chapters 4 and 5, a full factorial study has been conducted to identify patterns when selecting the appropriate hyper-parameters when applying the Deep Deterministic Policy Gradient (DDPG) algorithm to the robotic disassembly task. Four hyper-parameters that directly influence the decision-making Artificial Neural Network (ANN) update have been chosen for the study, with three levels assigned to each hyper-parameter. After running 241 simulations, it is found that for this particular task, the learning rates of the actor and critic networks are the most influential hyper-parameters, while the batch size and soft update rate have relatively limited influence.
Finally, the thesis is concluded in Chapter 6 with a summary of findings and suggested future research directions
Reinforcement learning in large state action spaces
Reinforcement learning (RL) is a promising framework for training intelligent agents which learn to optimize long term utility by directly interacting with the environment. Creating RL methods which scale to large state-action spaces is a critical problem towards ensuring real world deployment of RL systems. However, several challenges limit the applicability of RL to large scale settings. These include difficulties with exploration, low sample efficiency, computational intractability, task constraints like decentralization and lack of guarantees about important properties like performance, generalization and robustness in potentially unseen scenarios.
This thesis is motivated towards bridging the aforementioned gap. We propose several principled algorithms and frameworks for studying and addressing the above challenges RL. The proposed methods cover a wide range of RL settings (single and multi-agent systems (MAS) with all the variations in the latter, prediction and control, model-based and model-free methods, value-based and policy-based methods). In this work we propose the first results on several different problems: e.g. tensorization of the Bellman equation which allows exponential sample efficiency gains (Chapter 4), provable suboptimality arising from structural constraints in MAS(Chapter 3), combinatorial generalization results in cooperative MAS(Chapter 5), generalization results on observation shifts(Chapter 7), learning deterministic policies in a probabilistic RL framework(Chapter 6). Our algorithms exhibit provably enhanced performance and sample efficiency along with better scalability. Additionally, we also shed light on generalization aspects of the agents under different frameworks. These properties have been been driven by the use of several advanced tools (e.g. statistical machine learning, state abstraction, variational inference, tensor theory).
In summary, the contributions in this thesis significantly advance progress towards making RL agents ready for large scale, real world applications
Natural Actor-Critic for Robust Reinforcement Learning with Function Approximation
We study robust reinforcement learning (RL) with the goal of determining a
well-performing policy that is robust against model mismatch between the
training simulator and the testing environment. Previous policy-based robust RL
algorithms mainly focus on the tabular setting under uncertainty sets that
facilitate robust policy evaluation, but are no longer tractable when the
number of states scales up. To this end, we propose two novel uncertainty set
formulations, one based on double sampling and the other on an integral
probability metric. Both make large-scale robust RL tractable even when one
only has access to a simulator. We propose a robust natural actor-critic (RNAC)
approach that incorporates the new uncertainty sets and employs function
approximation. We provide finite-time convergence guarantees for the proposed
RNAC algorithm to the optimal robust policy within the function approximation
error. Finally, we demonstrate the robust performance of the policy learned by
our proposed RNAC approach in multiple MuJoCo environments and a real-world
TurtleBot navigation task
An exploratory study evaluating the effectiveness of a data driven approach to identifying coordinative features that are associated with sprint velocity
Sprint performance is multifactorial in nature and is dependent on a variety of coordination and motor control features. During the sequential phases of a sprint, the athlete completes a series of spatiotemporal coordination strategies to achieve the fastest possible velocity. The overall aim of the study was to leverage wearable sensor technology and data- driven tools to objectively assess the kinematic and neuromuscular determinants of optimal sprint velocity from a large dataset of university-aged sprinters. To achieve this, we recruited participants to run three 60 m sprints as fast as possible, while being outfitted with wireless electromyography (EMG) and a full-body inertial measurement unit (IMU) suit to obtain full- body 3D kinematics. Five strides about peak sprint velocity were selected and used for inputs into a principal components analysis (PCA). Significant stepwise multivariable regression models were generated for both kinematic and EMG features identified using PCA, with the kinematic model outperforming the EMG model as the kinematic model displayed a higher R2 value. This suggests that the kinematic dataset used in this study is a better predictor of sprint performance when compared to the EMG dataset, and that both may be viable options in the development of data-driven objective sprint coaching tools
Current issues of the management of socio-economic systems in terms of globalization challenges
The authors of the scientific monograph have come to the conclusion that the management of socio-economic systems in the terms of global challenges requires the use of mechanisms to ensure security, optimise the use of resource potential, increase competitiveness, and provide state support to economic entities. Basic research focuses on assessment of economic entities in the terms of global challenges, analysis of the financial system, migration flows, logistics and product exports, territorial development. The research results have been implemented in the different decision-making models in the context of global challenges, strategic planning, financial and food security, education management, information technology and innovation. The results of the study can be used in the developing of directions, programmes and strategies for sustainable development of economic entities and regions, increasing the competitiveness of products and services, decision-making at the level of ministries and agencies that regulate the processes of managing socio-economic systems. The results can also be used by students and young scientists in the educational process and conducting scientific research on the management of socio-economic systems in the terms of global challenges
Baseline Defenses for Adversarial Attacks Against Aligned Language Models
As Large Language Models quickly become ubiquitous, it becomes critical to
understand their security vulnerabilities. Recent work shows that text
optimizers can produce jailbreaking prompts that bypass moderation and
alignment. Drawing from the rich body of work on adversarial machine learning,
we approach these attacks with three questions: What threat models are
practically useful in this domain? How do baseline defense techniques perform
in this new domain? How does LLM security differ from computer vision?
We evaluate several baseline defense strategies against leading adversarial
attacks on LLMs, discussing the various settings in which each is feasible and
effective. Particularly, we look at three types of defenses: detection
(perplexity based), input preprocessing (paraphrase and retokenization), and
adversarial training. We discuss white-box and gray-box settings and discuss
the robustness-performance trade-off for each of the defenses considered. We
find that the weakness of existing discrete optimizers for text, combined with
the relatively high costs of optimization, makes standard adaptive attacks more
challenging for LLMs. Future research will be needed to uncover whether more
powerful optimizers can be developed, or whether the strength of filtering and
preprocessing defenses is greater in the LLMs domain than it has been in
computer vision.Comment: 12 page
Geometric Data Analysis: Advancements of the Statistical Methodology and Applications
Data analysis has become fundamental to our society and comes in multiple facets and approaches. Nevertheless, in research and applications, the focus was primarily on data from Euclidean vector spaces. Consequently, the majority of methods that are applied today are not suited for more general data types. Driven by needs from fields like image processing, (medical) shape analysis, and network analysis, more and more attention has recently been given to data from non-Euclidean spaces–particularly (curved) manifolds. It has led to the field of geometric data analysis whose methods explicitly take the structure (for example, the topology and geometry) of the underlying space into account.
This thesis contributes to the methodology of geometric data analysis by generalizing several fundamental notions from multivariate statistics to manifolds. We thereby focus on two different viewpoints.
First, we use Riemannian structures to derive a novel regression scheme for general manifolds that relies on splines of generalized BĂ©zier curves. It can accurately model non-geodesic relationships, for example, time-dependent trends with saturation effects or cyclic trends. Since BĂ©zier curves can be evaluated with the constructive de Casteljau algorithm, working with data from manifolds of high dimensions (for example, a hundred thousand or more) is feasible. Relying on the regression, we further develop
a hierarchical statistical model for an adequate analysis of longitudinal data in manifolds, and a method to control for confounding variables.
We secondly focus on data that is not only manifold- but even Lie group-valued, which is frequently the case in applications. We can only achieve this by endowing the group with an affine connection structure that is generally not Riemannian. Utilizing it, we derive generalizations of several well-known dissimilarity measures between data distributions that can be used for various tasks, including hypothesis testing. Invariance under data translations is proven, and a connection to continuous distributions is given for one measure.
A further central contribution of this thesis is that it shows use cases for all notions in real-world applications, particularly in problems from shape analysis in medical imaging and archaeology. We can replicate or further quantify several known findings for shape changes of the femur and the right hippocampus under osteoarthritis and Alzheimer's, respectively. Furthermore, in an archaeological application, we obtain new insights into the construction principles of ancient sundials. Last but not least, we use the geometric structure underlying human brain connectomes to predict cognitive scores. Utilizing a sample selection procedure, we obtain state-of-the-art results
Study of Climate Variability Patterns at Different Scales – A Complex Network Approach
Das Klimasystem der Erde besteht aus zahlreichen interagierenden Teilsystemen, die sich über verschiedene Zeitskalen hinweg verändern, was zu einer äußerst komplizierten räumlich-zeitlichen Klimavariabilität führt. Das Verständnis von Prozessen, die auf verschiedenen räumlichen und zeitlichen Skalen ablaufen, ist ein entscheidender Aspekt bei der numerischen Wettervorhersage. Die Variabilität des Klimas, ein sich selbst konstituierendes System, scheint in Mustern auf großen Skalen organisiert zu sein. Die Verwendung von Klimanetzwerken hat sich als erfolgreicher Ansatz für die Erkennung der räumlichen Ausbreitung dieser großräumigen Muster in der Variabilität des Klimasystems erwiesen.
In dieser Arbeit wird mit Hilfe von Klimanetzwerken gezeigt, dass die Klimavariabilität nicht nur auf größeren Skalen (Asiatischer Sommermonsun, El Niño/Southern Oscillation), sondern auch auf kleineren Skalen, z.B. auf Wetterzeitskalen, in Mustern organisiert ist. Dies findet Anwendung bei der Erkennung einzelner tropischer Wirbelstürme, bei der Charakterisierung binärer Wirbelsturm-Interaktionen, die zu einer vollständigen Verschmelzung führen, und bei der Untersuchung der intrasaisonalen und interannuellen Variabilität des Asiatischen Sommermonsuns.
Schließlich wird die Anwendbarkeit von Klimanetzwerken zur Analyse von Vorhersagefehlern demonstriert, was für die Verbesserung von Vorhersagen von immenser Bedeutung ist. Da korrelierte Fehler durch vorhersagbare Beziehungen zwischen Fehlern verschiedener Regionen aufgrund von zugrunde liegenden systematischen oder zufälligen Prozessen auftreten können, wird gezeigt, dass Fehler-Netzwerke helfen können, die räumlich kohärenten Strukturen von Vorhersagefehlern zu untersuchen. Die Analyse der Fehler-Netzwerk-Topologie von Klimavariablen liefert ein erstes Verständnis der vorherrschenden Fehlerquelle und veranschaulicht das Potenzial von Klimanetzwerken als vielversprechendes Diagnoseinstrument zur Untersuchung von Fehlerkorrelationen.The Earth’s climate system consists of numerous interacting subsystems varying over a multitude of time scales giving rise to highly complicated spatio-temporal climate variability. Understanding processes occurring at different scales, both spatial and temporal, has been a very crucial problem in numerical weather prediction. The variability of climate, a self-constituting system, appears to be organized in patterns on large scales. The climate networks approach has been very successful in detecting the spatial propagation of these large scale patterns of variability in the climate system.
In this thesis, it is demonstrated using climate network approach that climate variability is organized in patterns not only at larger scales (Asian Summer Monsoon, El Niño-Southern Oscillation) but also at shorter scales, e.g., weather time scales. This finds application in detecting individual tropical cyclones, characterizing binary cyclone interaction leading to a complete merger, and studying the intraseasonal and interannual variability of the Asian Summer Monsoon.
Finally, the applicability of the climate network framework to understand forecast error properties is demonstrated, which is crucial for improvement of forecasts. As correlated errors can arise due to the presence of a predictable relationship between errors of different regions because of some underlying systematic or random process, it is shown that error networks can help to analyze the spatially coherent structures of forecast errors. The analysis of the error network topology of a climate variable provides a preliminary understanding of the dominant source of error, which shows the potential of climate networks as a very promising diagnostic tool to study error correlations
- …