Search Results for author:
Found 56 papers, 20 papers with code
A Pathway Towards Responsible AI Generated Content
AI Generated Content (AIGC) has received tremendous attention within the past few years, with content ranging from image, text, to audio, video, etc.
On the Hardness of Robustness Transfer: A Perspective from Rademacher Complexity over Symmetric Difference Hypothesis Space
Recent studies demonstrated that the adversarially robust learning under $\ell_\infty$ attack is harder to generalize to different domains than standard domain adaptation.
ASSET: Robust Backdoor Data Detection Across a Multiplicity of Deep Learning Paradigms
However, we lack a thorough understanding of the applicability of existing detection methods across a variety of learning settings.
InOR-Net: Incremental 3D Object Recognition Network for Point Cloud Representation
Moreover, they cannot explore which 3D geometric characteristics are essential to alleviate the catastrophic forgetting on old classes of 3D objects.
Delving into the Adversarial Robustness of Federated Learning
In this work, we propose a novel algorithm called Decision Boundary based Federated Adversarial Training (DBFAT), which consists of two components (local re-weighting and global regularization) to improve both accuracy and robustness of FL systems.
GAIN: Enhancing Byzantine Robustness in Federated Learning with Gradient Decomposition
Meanwhile, we observe that most existing robust AGgregation Rules (AGRs) fail to stop the aggregated gradient deviating from the optimal gradient (the average of honest gradients) in the non-IID setting.
SplitGNN: Splitting GNN for Node Classification with Heterogeneous Attention
With the frequent happening of privacy leakage and the enactment of privacy laws across different countries, data owners are reluctant to directly share their raw data and labels with any other party.
DEJA VU: Continual Model Generalization For Unseen Domains
To overcome these limitations of DA and DG in handling the Unfamiliar Period during continual domain shift, we propose RaTP, a framework that focuses on improving models' target domain generalization (TDG) capability, while also achieving effective target domain adaptation (TDA) capability right after training on certain domains and forgetting alleviation (FA) capability on past domains.
FedSkip: Combatting Statistical Heterogeneity with Federated Skip Aggregation
However, in addition to previous explorations for improvement in federated averaging, our analysis shows that another critical bottleneck is the poorer optima of client models in more heterogeneous conditions.
ResFed: Communication Efficient Federated Learning by Transmitting Deep Compressed Residuals
To address this bottleneck, we introduce a residual-based federated learning framework (ResFed), where residuals rather than model parameters are transmitted in communication networks for training.
GNN-SL: Sequence Labeling Based on Nearest Examples via GNN
To better handle long-tail cases in the sequence labeling (SL) task, in this work, we introduce graph neural networks sequence labeling (GNN-SL), which augments the vanilla SL model output with similar tagging examples retrieved from the whole training set.
Outsourcing Training without Uploading Data via Efficient Collaborative Open-Source Sampling
As deep learning blooms with growing demand for computation and data resources, outsourcing model training to a powerful cloud server becomes an attractive alternative to training at a low-power and cost-effective end device.
Fine-mixing: Mitigating Backdoors in Fine-tuned Language Models
In this work, we take the first step to exploit the pre-trained (unfine-tuned) weights to mitigate backdoors in fine-tuned language models.
How to Sift Out a Clean Data Subset in the Presence of Data Poisoning?
Most poisoning defenses presume access to a set of clean data (or base set).
Cross-Network Social User Embedding with Hybrid Differential Privacy Guarantees
Integrating multiple online social networks (OSNs) has important implications for many downstream social mining tasks, such as user preference modelling, recommendation, and link prediction.
RAIN: RegulArization on Input and Network for Black-Box Domain Adaptation
For the input-level, we design a new data augmentation technique as Phase MixUp, which highlights task-relevant objects in the interpolations, thus enhancing input-level regularization and class consistency for target models.
Accelerated Federated Learning with Decoupled Adaptive Optimization
The federated learning (FL) framework enables edge clients to collaboratively learn a shared inference model while keeping privacy of training data on clients.
Turning a Curse into a Blessing: Enabling In-Distribution-Data-Free Backdoor Removal via Stabilized Model Inversion
Our work is the first to provide a thorough understanding of leveraging model inversion for effective backdoor removal by addressing key questions about reconstructed samples' properties, perceptual similarity, and the potential presence of backdoor triggers.
FairVFL: A Fair Vertical Federated Learning Framework with Contrastive Adversarial Learning
In order to learn a fair unified representation, we send it to each platform storing fairness-sensitive features and apply adversarial learning to remove bias from the unified representation inherited from the biased data.
Privacy for Free: How does Dataset Condensation Help Privacy?
In this work, we for the first time identify that dataset condensation (DC) which is originally designed for improving training efficiency is also a better solution to replace the traditional data generators for private data generation, thus providing privacy for free.
CalFAT: Calibrated Federated Adversarial Training with Label Skewness
In this paper, we study the problem of FAT under label skewness, and reveal one root cause of the training instability and natural accuracy degradation issues: skewed labels lead to non-identical class probabilities and heterogeneous local models.
QEKD: Query-Efficient and Data-Free Knowledge Distillation from Black-box Models
Knowledge distillation (KD) is a typical method for training a lightweight student model with the help of a well-trained teacher model.
Data-Free Adversarial Knowledge Distillation for Graph Neural Networks
Graph neural networks (GNNs) have been widely used in modeling graph structured data, owing to its impressive performance in a wide range of practical applications.
PrivateRec: Differentially Private Training and Serving for Federated News Recommendation
Collecting and training over sensitive personal data raise severe privacy concerns in personalized recommendation systems, and federated learning can potentially alleviate the problem by training models over decentralized user data. However, a theoretically private solution in both the training and serving stages of federated recommendation is essential but still lacking. Furthermore, naively applying differential privacy (DP) to the two stages in federated recommendation would fail to achieve a satisfactory trade-off between privacy and utility due to the high-dimensional characteristics of model gradients and hidden representations. In this work, we propose a federated news recommendation method for achieving a better utility in model training and online serving under a DP guarantee. We first clarify the DP definition over behavior data for each round in the life-circle of federated recommendation systems. Next, we propose a privacy-preserving online serving mechanism under this definition based on the idea of decomposing user embeddings with public basic vectors and perturbing the lower-dimensional combination coefficients.
Narcissus: A Practical Clean-Label Backdoor Attack with Limited Information
With poisoning equal to or less than 0. 5% of the target-class data and 0. 05% of the training set, we can train a model to classify test examples from arbitrary classes into the target class when the examples are patched with a backdoor trigger.
Ranked #1 on
Clean-label Backdoor Attack (0.024%)
on PubFig
No One Left Behind: Inclusive Federated Learning over Heterogeneous Devices
In this way, all the clients can participate in the model learning in FL, and the final model can be big and powerful enough.
Exploiting Data Sparsity in Secure Cross-Platform Social Recommendation
As a result, our model can not only improve the recommendation performance of the rating platform by incorporating the sparse social data on the social platform, but also protect data privacy of both platforms.
Differential Private Knowledge Transfer for Privacy-Preserving Cross-Domain Recommendation
To this end, PriCDR can not only protect the data privacy of the source domain, but also alleviate the data sparsity of the source domain.
DENSE: Data-Free One-Shot Federated Learning
One-shot Federated Learning (FL) has recently emerged as a promising approach, which allows the central server to learn a model in a single communication round.
Protecting Intellectual Property of Language Generation APIs with Lexical Watermark
Nowadays, due to the breakthrough in natural language generation (NLG), including machine translation, document summarization, image captioning, etc NLG models have been encapsulated in cloud APIs to serve over half a billion people worldwide and process over one hundred billion word generations per day.
Gradient Driven Rewards to Guarantee Fairness in Collaborative Machine Learning
In this paper, we adopt federated learning as a gradient-based formalization of collaborative machine learning, propose a novel cosine gradient Shapley value to evaluate the agents’ uploaded model parameter updates/gradients, and design theoretically guaranteed fair rewards in the form of better model performance.
Anti-Backdoor Learning: Training Clean Models on Poisoned Data
From this view, we identify two inherent characteristics of backdoor attacks as their weaknesses: 1) the models learn backdoored data much faster than learning with clean data, and the stronger the attack the faster the model converges on backdoored data; 2) the backdoor task is tied to a specific class (the backdoor target class).
How to Inject Backdoors with Better Consistency: Logit Anchoring on Clean Data
In this work, we observe an interesting phenomenon that the variations of parameters are always AWPs when tuning the trained clean model to inject backdoors.
FedKD: Communication Efficient Federated Learning via Knowledge Distillation
Instead of directly communicating the large models between clients and server, we propose an adaptive mutual distillation framework to reciprocally learn a student and a teacher model on each client, where only the student model is shared by different clients and updated collaboratively to reduce the communication cost.
Student Surpasses Teacher: Imitation Attack for Black-Box NLP APIs
Machine-learning-as-a-service (MLaaS) has attracted millions of users to their splendid large-scale models.
A Novel Attribute Reconstruction Attack in Federated Learning
We perform the first systematic evaluation of attribute reconstruction attack (ARA) launched by the malicious server in the FL system, and empirically demonstrate that the shared epoch-averaged local model gradients can reveal sensitive attributes of local training data of any victim participant.
A Vertical Federated Learning Framework for Graph Convolutional Network
Recently, Graph Neural Network (GNN) has achieved remarkable success in various real-world problems on graph data.
Defending Against Backdoor Attacks in Natural Language Generation
The frustratingly fragile nature of neural network models make current natural language generation (NLG) systems prone to backdoor attacks and generate malicious sequences that could be sexist or offensive.
Killing One Bird with Two Stones: Model Extraction and Attribute Inference Attacks against BERT-based APIs
In this work, we bridge this gap by first presenting an effective model extraction attack, where the adversary can practically steal a BERT-based API (the target/victim model) by only querying a limited number of queries.
Robust Training Using Natural Transformation
We target attributes of the input images that are independent of the class identification, and manipulate those attributes to mimic real-world natural transformations (NaTra) of the inputs, which are then used to augment the training dataset of the image classifier.
Model Extraction and Adversarial Transferability, Your BERT is Vulnerable!
Finally, we investigate two defence strategies to protect the victim model and find that unless the performance of the victim model is sacrificed, both model ex-traction and adversarial transferability can effectively compromise the target models
Neural Attention Distillation: Erasing Backdoor Triggers from Deep Neural Networks
NAD utilizes a teacher network to guide the finetuning of the backdoored student network on a small clean subset of data such that the intermediate-layer attention of the student network aligns with that of the teacher network.
EXPLORING VULNERABILITIES OF BERT-BASED APIS
We then demonstrate how the extracted model can be exploited to develop effective attribute inference attack to expose sensitive information of the training data.
Privacy and Robustness in Federated Learning: Attacks and Defenses
Besides training powerful global models, it is of paramount importance to design FL systems that have privacy guarantees and are resistant to different types of adversaries.
A Reputation Mechanism Is All You Need: Collaborative Fairness and Adversarial Robustness in Federated Learning
In this paper, we propose a novel Robust and Fair Federated Learning (RFFL) framework to achieve collaborative fairness and adversarial robustness simultaneously via a reputation mechanism.
Differentially Private Representation for NLP: Formal Guarantee and An Empirical Study on Privacy and Fairness
It has been demonstrated that hidden representation learned by a deep model can encode private information of the input, hence can be exploited to recover such information with reasonable accuracy.
Federated Model Distillation with Noise-Free Differential Privacy
Conventional federated learning directly averages model weights, which is only possible for collaboration between models with homogeneous architectures.
Collaborative Fairness in Federated Learning
In current deep learning paradigms, local training or the Standalone framework tends to result in overfitting and thus poor generalizability.
Local Differential Privacy and Its Applications: A Comprehensive Survey
Local differential privacy (LDP), as a strong privacy tool, has been widely deployed in the real world in recent years.
Cryptography and Security
How to Democratise and Protect AI: Fair and Differentially Private Decentralised Deep Learning
This paper firstly considers the research problem of fairness in collaborative deep learning, while ensuring privacy.
Towards Differentially Private Text Representations
Most deep learning frameworks require users to pool their local data or model updates to a trusted server to train or maintain a global model.
Vertically Federated Graph Neural Network for Privacy-Preserving Node Classification
Recently, Graph Neural Network (GNN) has achieved remarkable progresses in various real-world tasks on graph data, consisting of node features and the adjacent information between different nodes.
Local Differential Privacy based Federated Learning for Internet of Things
To avoid the privacy threat and reduce the communication cost, in this paper, we propose to integrate federated learning and local differential privacy (LDP) to facilitate the crowdsourcing applications to achieve the machine learning model.
Threats to Federated Learning: A Survey
It is thus of paramount importance to make FL system designers to be aware of the implications of future FL algorithm design on privacy-preservation.
Privacy-Preserving Blockchain-Based Federated Learning for IoT Devices
To help manufacturers develop a smart home system, we design a federated learning (FL) system leveraging the reputation mechanism to assist home appliance manufacturers to train a machine learning model based on customers' data.
Towards Fair and Privacy-Preserving Federated Deep Models
This problem can be addressed by either a centralized framework that deploys a central server to train a global model on the joint data from all parties, or a distributed framework that leverages a parameter server to aggregate local model updates.
