MSc Thesis: Defending collaborative machine learning through interpretability methods

Dmitrii Usynin
Jul 27, 2022

Collaborative machine learning has became the new paradigm-of-choice when it comes to training deep learning models in many fields, including medical image analysis. Due to a number of data protection and governance regulations being introduced, direct data sharing for such training is rendered problematic. As a result implementations that rely on local training, such as federated learning (FL) have been widely adopted. However, a number of studies [1,2] have shown that such paradigms are deeply vulnerable to adversarial influence either in the form of privacy violation [3] or utility degradation [4].

This project aims to unite the areas of interpretable deep learning and defenses against attacks on collaborative learning. A number of approaches identifying the so-called critical neurons and pathways have previously been proposed to aid the community in interpretation of the predictions made by deep learning models[5,6,7]. We want to determine if these neurons/pathways are also critical for the adversary when it comes to extraction of information or destruction of utility of a jointly trained model.


Your qualifications:

  • Basic familiarity with existing collaborative machine learning paradigms, preferably federated learning.
  • Basic familiarity with attacks on machine learning models (all information can be found in the references).
  • Advanced knowledge of machine learning and computer vision.
  • Excellent programming skills in Python and PyTorch.

What we offer:

  • Ability to perform cutting edge research in the field of adversarial and privacy-preserving machine learning.
  • Closely working and collaborating with a team of experts in privacy-preserving machine learning, deep learning and medical image analysis.
  • This project is targeting publication at leading privacy and security conferences/journals (e.g. PETS)

References

[1] Usynin, Dmitrii, et al. “Adversarial interference and its mitigations in privacy-preserving collaborative machine learning.” Nature Machine Intelligence 3.9 (2021): 749-758.

[2] Usynin, Dmitrii, et al. “Distributed Machine Learning and the Semblance of Trust.” arXiv preprint arXiv:2112.11040 (2021).

[3] Shokri, Reza, et al. “Membership inference attacks against machine learning models.” 2017 IEEE Symposium on Security and Privacy (SP). IEEE, 2017.

[4] Bagdasaryan, Eugene, et al. “How to backdoor federated learning.” International Conference on Artificial Intelligence and Statistics. PMLR, 2020.

[5] Khakzar, Ashkan, et al. “Neural response interpretation through the lens of critical pathways.” Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 2021.

[6] Zhang, Yang, et al. “Fine-grained neural network explanation by identifying input features with predictive information.” Advances in Neural Information Processing Systems 34 (2021): 20040-20051.

[7] Bau, David, et al. “Network dissection: Quantifying interpretability of deep visual representations.” Proceedings of the IEEE conference on computer vision and pattern recognition. 2017.

Federated Learning Model Inversion Attack Membership Inference Attack Adversarial Machine Learning Interpretability of deep learning models
Dmitrii Usynin
Dmitrii Usynin
PhD Student

Attacks on machine learning, privacy-preserving machine learning.