On the Conflict of Robustness and Learning in Collaborative Machine
Learning
- URL: http://arxiv.org/abs/2402.13700v1
- Date: Wed, 21 Feb 2024 11:04:23 GMT
- Title: On the Conflict of Robustness and Learning in Collaborative Machine
Learning
- Authors: Mathilde Raynal and Carmela Troncoso
- Abstract summary: Collaborative Machine Learning (CML) allows participants to jointly train a machine learning model while keeping their training data private.
In scenarios where privacy is a strong requirement, such as health-related applications, safety is also a primary concern.
This means that privacy-preserving CML processes must produce models that output correct and reliable decisions even in the presence of potentially untrusted participants.
- Score: 11.072939083563183
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Collaborative Machine Learning (CML) allows participants to jointly train a
machine learning model while keeping their training data private. In scenarios
where privacy is a strong requirement, such as health-related applications,
safety is also a primary concern. This means that privacy-preserving CML
processes must produce models that output correct and reliable decisions
\emph{even in the presence of potentially untrusted participants}. In response
to this issue, researchers propose to use \textit{robust aggregators} that rely
on metrics which help filter out malicious contributions that could compromise
the training process. In this work, we formalize the landscape of robust
aggregators in the literature. Our formalization allows us to show that
existing robust aggregators cannot fulfill their goal: either they use
distance-based metrics that cannot accurately identify targeted malicious
updates; or propose methods whose success is in direct conflict with the
ability of CML participants to learn from others and therefore cannot eliminate
the risk of manipulation without preventing learning.
Related papers
- A Method to Facilitate Membership Inference Attacks in Deep Learning Models [5.724311218570013]
We demonstrate a new form of membership inference attack that is strictly more powerful than prior art.
Our attack empowers the adversary to reliably de-identify all the training samples.
We show that the models can effectively disguise the amplified membership leakage under common membership privacy auditing.
arXiv Detail & Related papers (2024-07-02T03:33:42Z) - Silver Linings in the Shadows: Harnessing Membership Inference for Machine Unlearning [7.557226714828334]
We present a novel unlearning mechanism designed to remove the impact of specific data samples from a neural network.
In achieving this goal, we crafted a novel loss function tailored to eliminate privacy-sensitive information from weights and activation values of the target model.
Our results showcase the superior performance of our approach in terms of unlearning efficacy and latency as well as the fidelity of the primary task.
arXiv Detail & Related papers (2024-07-01T00:20:26Z) - Unveiling the Misuse Potential of Base Large Language Models via In-Context Learning [61.2224355547598]
Open-sourcing of large language models (LLMs) accelerates application development, innovation, and scientific progress.
Our investigation exposes a critical oversight in this belief.
By deploying carefully designed demonstrations, our research demonstrates that base LLMs could effectively interpret and execute malicious instructions.
arXiv Detail & Related papers (2024-04-16T13:22:54Z) - The Frontier of Data Erasure: Machine Unlearning for Large Language Models [56.26002631481726]
Large Language Models (LLMs) are foundational to AI advancements.
LLMs pose risks by potentially memorizing and disseminating sensitive, biased, or copyrighted information.
Machine unlearning emerges as a cutting-edge solution to mitigate these concerns.
arXiv Detail & Related papers (2024-03-23T09:26:15Z) - Threats, Attacks, and Defenses in Machine Unlearning: A Survey [15.05662521329346]
Machine Unlearning (MU) has gained considerable attention recently for its potential to achieve Safe AI.
This survey aims to fill the gap between the extensive number of studies on threats, attacks, and defenses in machine unlearning.
arXiv Detail & Related papers (2024-03-20T15:40:18Z) - Membership Information Leakage in Federated Contrastive Learning [7.822625013699216]
Federated Contrastive Learning (FCL) represents a burgeoning approach for learning from decentralized unlabeled data.
FCL is susceptible to privacy risks, such as membership information leakage, stemming from its distributed nature.
This study delves into the feasibility of executing a membership inference attack on FCL and proposes a robust attack methodology.
arXiv Detail & Related papers (2024-03-06T19:53:25Z) - Rethinking Machine Unlearning for Large Language Models [85.92660644100582]
We explore machine unlearning in the domain of large language models (LLMs)
This initiative aims to eliminate undesirable data influence (e.g., sensitive or illegal information) and the associated model capabilities.
arXiv Detail & Related papers (2024-02-13T20:51:58Z) - A Robust Adversary Detection-Deactivation Method for Metaverse-oriented
Collaborative Deep Learning [13.131323206843733]
This paper proposes an adversary detection-deactivation method, which can limit and isolate the access of potential malicious participants.
A detailed protection analysis has been conducted on a Multiview CDL case, and results show that the protocol can effectively prevent harmful access by manner analysis.
arXiv Detail & Related papers (2023-10-21T06:45:18Z) - Self-Destructing Models: Increasing the Costs of Harmful Dual Uses of
Foundation Models [103.71308117592963]
We present an algorithm for training self-destructing models leveraging techniques from meta-learning and adversarial learning.
In a small-scale experiment, we show MLAC can largely prevent a BERT-style model from being re-purposed to perform gender identification.
arXiv Detail & Related papers (2022-11-27T21:43:45Z) - "You Can't Fix What You Can't Measure": Privately Measuring Demographic
Performance Disparities in Federated Learning [78.70083858195906]
We propose differentially private mechanisms to measure differences in performance across groups while protecting the privacy of group membership.
Our results show that, contrary to what prior work suggested, protecting privacy is not necessarily in conflict with identifying performance disparities of federated models.
arXiv Detail & Related papers (2022-06-24T09:46:43Z) - Distributed Machine Learning and the Semblance of Trust [66.1227776348216]
Federated Learning (FL) allows the data owner to maintain data governance and perform model training locally without having to share their data.
FL and related techniques are often described as privacy-preserving.
We explain why this term is not appropriate and outline the risks associated with over-reliance on protocols that were not designed with formal definitions of privacy in mind.
arXiv Detail & Related papers (2021-12-21T08:44:05Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.