Collaborative Machine Learning: Schemes, Robustness, and Privacy

Wang, Junbo; Pal, Amitangshu; Yang, Xiusong; Kant, Krishna; Zhu, Kaiming; Guo, Song

doi:10.1109/tnnls.2022.3169347

Cited by 14 publications

(9 citation statements)

References 84 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In collaborative ML, researchers have investigated how data science and ML practitioners may work with domain experts in different stages of the ML pipeline [5,26,30,31,38,40,43,49]. Current collaboration approaches are largely through live meetings, messaging channels, and, in a few instances, specially designed graphical interfaces [5,8,10,25,37,40].…”

Section: Related Workmentioning

confidence: 99%

Leveraging Large Language Models to Enhance Domain Expert Inclusion in Data Science Workflows

Shih,

Mohanty,

Katsis

et al. 2024

Extended Abstracts of the CHI Conference on Human Factors in Computing Systems

View full text Add to dashboard Cite

Domain experts can play a crucial role in guiding data scientists to optimize machine learning models while ensuring contextual relevance for downstream use. However, in current workflows, such collaboration is challenging due to differing expertise, abstract documentation practices, and lack of access and visibility into low-level implementation artifacts. To address these challenges and enable domain expert participation, we introduce CellSync, a collaboration framework comprising (1) a Jupyter Notebook extension that continuously tracks changes to dataframes and model metrics and (2) a Large Language Model powered visualization dashboard that makes those changes interpretable to domain experts. Through CellSync's cell-level dataset visualization with code summaries, domain experts can interactively examine how individual data and modeling operations impact different data segments. The chat features enable data-centric conversations and targeted feedback to data scientists. Our preliminary evaluation shows that CellSync provides transparency and promotes critical discussions about the intents and implications of data operations. CCS CONCEPTS• Human-centered computing → User interface programming; Collaborative and social computing systems and tools; Information visualization.

show abstract

Section: Related Workmentioning

confidence: 99%

Leveraging Large Language Models to Enhance Domain Expert Inclusion in Data Science Workflows

Shih,

Mohanty,

Katsis

et al. 2024

Extended Abstracts of the CHI Conference on Human Factors in Computing Systems

View full text Add to dashboard Cite

show abstract

“…We attack some parameters randomly in those layers with the most likely two forms: ① g(θ + ϵ) ② g(θ) + ϵ, where θ, ϵ denote parameters and noises respectively. g represents activation operations in pure classical models, while it means sine or cosine functions in the hybrid models [21], [22]. The test of robustness is seperated into symmetrical noise attack with form ① and ② and unsymmetrical noise attack with form ① and ② (see supplementary materials part D for more results).…”

Section: B Robustness Testmentioning

confidence: 99%

Accurate classification of white blood cells by coupling pre-trained ResNet and DenseNet with SCAM mechanism

et al. 2022

View full text Add to dashboard Cite

Background Via counting the different kinds of white blood cells (WBCs), a good quantitative description of a person’s health status is obtained, thus forming the critical aspects for the early treatment of several diseases. Thereby, correct classification of WBCs is crucial. Unfortunately, the manual microscopic evaluation is complicated, time-consuming, and subjective, so its statistical reliability becomes limited. Hence, the automatic and accurate identification of WBCs is of great benefit. However, the similarity between WBC samples and the imbalance and insufficiency of samples in the field of medical computer vision bring challenges to intelligent and accurate classification of WBCs. To tackle these challenges, this study proposes a deep learning framework by coupling the pre-trained ResNet and DenseNet with SCAM (spatial and channel attention module) for accurately classifying WBCs. Results In the proposed network, ResNet and DenseNet enables information reusage and new information exploration, respectively, which are both important and compatible for learning good representations. Meanwhile, the SCAM module sequentially infers attention maps from two separate dimensions of space and channel to emphasize important information or suppress unnecessary information, further enhancing the representation power of our model for WBCs to overcome the limitation of sample similarity. Moreover, the data augmentation and transfer learning techniques are used to handle the data of imbalance and insufficiency. In addition, the mixup approach is adopted for modeling the vicinity relation across training samples of different categories to increase the generalizability of the model. By comparing with five representative networks on our developed LDWBC dataset and the publicly available LISC, BCCD, and Raabin WBC datasets, our model achieves the best overall performance. We also implement the occlusion testing by the gradient-weighted class activation mapping (Grad-CAM) algorithm to improve the interpretability of our model. Conclusion The proposed method has great potential for application in intelligent and accurate classification of WBCs.

show abstract

“…FL has been widely used in various fields including medical diagnosis, financial data analysis, and cybersecurity. However, it has been shown to be vulnerable to adversarial attacks [5], [6], [7], [8], [9]. Notably, a compromised client might inject malicious model parameters into the FL system, causing malfunction and influencing other clients in the system (Figure 1a).…”

Section: Introductionmentioning

confidence: 99%

Attacking-Distance-Aware Attack: Semi-targeted Model Poisoning on Federated Learning

Sun

Ochiai

Sakuma

2024

IEEE Trans. Artif. Intell.

View full text Add to dashboard Cite

Existing model poisoning attacks on federated learning (FL) assume that an adversary has access to the full data distribution. In reality, an adversary usually has limited prior knowledge about clients' data. A poorly chosen target class renders an attack less effective. This work considers a semitargeted situation where the source class is predetermined but the target class is not. The goal is to cause the misclassification of the global classifier on data from the source class. Approaches such as label flipping have been used to inject malicious parameters into FL. Nevertheless, it has shown that their performances are usually class-sensitive, varying with different target classes. Typically, an attack becomes less effective when shifting to a different target class. To overcome this challenge, we propose the Attacking Distance-aware Attack (ADA) that enhances model poisoning in FL by finding the optimized target class in the feature space. ADA deduces pair-wise class attacking distances using a Fast LAyer gradient MEthod (FLAME). Extensive evaluations were performed on five benchmark image classification tasks and three model architectures using varying attacking frequencies. Furthermore, ADA's robustness to conventional defenses of Byzantine-robust aggregation and differential privacy was validated. The results showed that ADA succeeded in increasing attack performance to 2.8 times in the most challenging case with an attacking frequency of 0.01 and bypassed existing defenses, where differential privacy that was the most effective defense still could not reduce the attack performance to below 50%.Impact Statement-Model poisoning on federated learning (FL) causes client models to be compromised by malicious model parameter sharing. Though FL extends the attacking surface of the attacker involving lots of clients, the model aggregation that combines different clients' model parameters, can greatly reduce poisoning attack's effect. Different from previous studies that adopt an arbitrary target class to mount an attack, this work proposes a novel semi-targeted model poisoning attack that adaptively computes the optimized attacking target depending on input samples. Such an attack could immensely enhance model poisoning's efficacy in FL, improving its robustness against model aggregation. The empirical result showed that the proposed method achieved great performance even with a low attacking frequency, generalizing across different distribution spaces and model architectures. In addition, existing defenses in FL were found to be ineffective in alleviating the semi-targeted attack.

show abstract

Collaborative Machine Learning: Schemes, Robustness, and Privacy

Cited by 14 publications

References 84 publications

Leveraging Large Language Models to Enhance Domain Expert Inclusion in Data Science Workflows

Leveraging Large Language Models to Enhance Domain Expert Inclusion in Data Science Workflows

Accurate classification of white blood cells by coupling pre-trained ResNet and DenseNet with SCAM mechanism

Attacking-Distance-Aware Attack: Semi-targeted Model Poisoning on Federated Learning

Contact Info

Product

Resources

About