Data Reconstruction from Gradient Updates in Federated Learning

Zhang, Xiaoxue; Li, Junhao; Zhang, Jianjie; Yan, Jijie; Zhu, Enmin; Chen, Kongyang

doi:10.1007/978-3-031-20096-0_44

Cited by 2 publications

(3 citation statements)

References 68 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Recent advances (Diakonikolas et al 2019a;Lai, Rao, and Vempala 2016) design efficient algorithms for high-dimensional robust statistics. These techniques are applied to more general machine learning tasks, including linear regression (Diakonikolas, Kong, and Stewart 2019), supervised learning (Diakonikolas et al 2019b;Prasad et al 2018) and RL (Zhang et al 2022(Zhang et al , 2021. Our work utilizes robust mean estimation to defend data corruption in offline RLs.…”

Section: Related Workmentioning

confidence: 99%

“…Adversarial RL and robust RL: RL is vulnerable to adversarial attacks (Ma et al 2019;Zhang et al 2020;Huang et al 2017;Behzadan and Munir 2017). Corruption robust RL performs policy learning under data corruption (Lykouris et al 2021;Wei, Dann, and Zimmert 2022;Zhang et al 2021Zhang et al , 2022Chen et al 2022), which usually results in a bias term in the performance guarantee due to the data corruption. (Niss and Tewari 2020;Kapoor, Patel, and Kar 2019) study multi-armed bandits under data corruption using robust statistics.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Exact Policy Recovery in Offline RL with Both Heavy-Tailed Rewards and Data Corruption

Chen,

Zhang,

Xie

et al. 2024

AAAI

View full text Add to dashboard Cite

We study offline reinforcement learning (RL) with heavy-tailed reward distribution and data corruption: (i) Moving beyond subGaussian reward distribution, we allow the rewards to have infinite variances; (ii) We allow corruptions where an attacker can arbitrarily modify a small fraction of the rewards and transitions in the dataset. We first derive a sufficient optimality condition for generalized Pessimistic Value Iteration (PEVI), which allows various estimators with proper confidence bounds and can be applied to multiple learning settings. In order to handle the data corruption and heavy-tailed reward setting, we prove that the trimmed-mean estimation achieves the minimax optimal error rate for robust mean estimation under heavy-tailed distributions. In the PEVI algorithm, we plug in the trimmed mean estimation and the confidence bound to solve the robust offline RL problem. Standard analysis reveals that data corruption induces a bias term in the suboptimality gap, which gives the false impression that any data corruption prevents optimal policy learning. By using the optimality condition for the generalized PEVI, we show that as long as the bias term is less than the ``action gap'', the policy returned by PEVI achieves the optimal value given sufficient data.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Exact Policy Recovery in Offline RL with Both Heavy-Tailed Rewards and Data Corruption

Chen,

Zhang,

Xie

et al. 2024

AAAI

View full text Add to dashboard Cite

show abstract

“…Security threats and model strengthening: There are emerging security threats in deep learning [1,2], such as the well-known backdoor attacks [4][5][6], membership inference attacks [7], adversarial sample attacks [8,9], data reconstruction attacks [10][11][12], etc., leading to serious information leakage or degraded system performance [13]. Previous solutions have focused on how to detect these security threats to notify the trainer.…”

Section: Related Workmentioning

confidence: 99%

Fast and Accurate SNN Model Strengthening for Industrial Applications

Zhou,

Chen,

Chen

et al. 2023

Electronics

View full text Add to dashboard Cite

In spiking neural networks (SNN), there are emerging security threats, such as adversarial samples and poisoned data samples, which reduce the global model performance. Therefore, it is an important issue to eliminate the impact of malicious data samples on the whole model. In SNNs, a naive solution is to delete all malicious data samples and retrain the entire dataset. In the era of large models, this is impractical due to the huge computational complexity. To address this problem, we present a novel SNN model strengthening method to support fast and accurate removal of malicious data from a trained model. Specifically, we use untrained data that has the same distribution as the training data. We can infer that the untrained data has no effect on the initial model, and the malicious data should have no effect on the final refined model. Thus, we can use the model output of the untrained data with respect to the initial model to guide the final refined model. In this way, we present a stochastic gradient descent method to iteratively determine the final model. We perform a comprehensive performance evaluation on two industrial steel surface datasets. Experimental results show that our model strengthening method can provide accurate malicious data elimination, with speeds 11.7× to 27.2× faster speeds than the baseline method.

show abstract

Data Reconstruction from Gradient Updates in Federated Learning

Cited by 2 publications

References 68 publications

Exact Policy Recovery in Offline RL with Both Heavy-Tailed Rewards and Data Corruption

Exact Policy Recovery in Offline RL with Both Heavy-Tailed Rewards and Data Corruption

Fast and Accurate SNN Model Strengthening for Industrial Applications

Contact Info

Product

Resources

About