Towards adversarial robustness with 01 lossmodels, and novel convolutional neural netsystems for ultrasound images

This dissertation investigates adversarial robustness with 01 loss models and a novel convolutional neural net systems for vascular ultrasound images. In the first part, the dissertation presents stochastic coordinate descent for 01 loss and its sensitivity to adversarial attacks. The study here suggests that 01 loss may be more resilient to adversarial attacks than the hinge loss and further work is required. In the second part, this dissertation proposes sign activation network with a novel gradient-free stochastic coordinate descent algorithm and its ensembling model. The study here finds that the ensembling model gives a high minimum distortion (as measured by HopSkipJump) compared to full precision, binary, and convolutional neural networks, and explains this phenomenon by measuring the transferability between networks in an ensemble. In the last part, this dissertation tackles three important segmentation problems for vascular ultrasound images with novel convolutional neural networks. More specifically, these three problems are: (1) vessel segmentation in the internal carotid artery, (2) vessel segmentation in the entire carotid system, and (3) vessel and plaque segmentation in the entire carotid system. The study here represents a first successful step towards the automated segmentation of vessel and plaque in carotid artery ultrasound images and is an important step in creating a system that can independently evaluate carotid ultrasounds

Gradient free sign activation zero one loss neural networks for adversarially robust classification

The zero-one loss function is less sensitive to outliers than convex surrogate losses such as hinge and cross-entropy. However, as a non-convex function, it has a large number of local minima, andits undifferentiable attribute makes it impossible to use backpropagation, a method widely used in training current state-of-the-art neural networks. When zero-one loss is applied to deep neural networks, the entire training process becomes challenging. On the other hand, a massive non-unique solution probably also brings different decision boundaries when optimizing zero-one loss, making it possible to fight against transferable adversarial examples, which is a common weakness in deep learning neural network models. This dissertation introduces a stochastic coordinate descent to optimize the linear classification model based on zero-one loss. Moreover, its variants are successfully applied to multi-layer neural networks using sign activation and multi-layer convolutional neural networks to obtain higher image classification performance. In some image benchmark tests, the stochastic coordinate descent method achieves accuracy close to that of the stochastic gradient descent method. At the same time, some heuristic techniques are used, such as random node optimization, feature pool, warm start, step training, additional backpropagation penetration, and other methods to speed up training and save memory usage. Furthermore, the model\u27s adversarial robustness is analyzed by conducting white-box attacks, decision boundary attacks, and comparing zero-one loss models to those using more traditional loss functions such as cross-entropy

A Secure Federated Learning Framework for Residential Short Term Load Forecasting

Smart meter measurements, though critical for accurate demand forecasting, face several drawbacks including consumers' privacy, data breach issues, to name a few. Recent literature has explored Federated Learning (FL) as a promising privacy-preserving machine learning alternative which enables collaborative learning of a model without exposing private raw data for short term load forecasting. Despite its virtue, standard FL is still vulnerable to an intractable cyber threat known as Byzantine attack carried out by faulty and/or malicious clients. Therefore, to improve the robustness of federated short-term load forecasting against Byzantine threats, we develop a state-of-the-art differentially private secured FL-based framework that ensures the privacy of the individual smart meter's data while protect the security of FL models and architecture. Our proposed framework leverages the idea of gradient quantization through the Sign Stochastic Gradient Descent (SignSGD) algorithm, where the clients only transmit the `sign' of the gradient to the control centre after local model training. As we highlight through our experiments involving benchmark neural networks with a set of Byzantine attack models, our proposed approach mitigates such threats quite effectively and thus outperforms conventional Fed-SGD models