MSc Thesis: Defending collaborative machine learning through interpretability methods

Collaborative machine learning has became the new paradigm-of-choice when it comes to training deep learning models in many fields, including medical image analysis. Due to a number of data protection and governance regulations being introduced, direct data sharing for such training is rendered problematic. As a result implementations that rely on local training, such as federated learning (FL) have been widely adopted. However, a number of studies [1,2] have shown that such paradigms are deeply vulnerable to adversarial influence either in the form of privacy violation [3] or utility degradation [4].

This project aims to unite the areas of interpretable deep learning and defenses against attacks on collaborative learning. A number of approaches identifying the so-called critical neurons and pathways have previously been proposed to aid the community in interpretation of the predictions made by deep learning models[5,6,7]. We want to determine if these neurons/pathways are also critical for the adversary when it comes to extraction of information or destruction of utility of a jointly trained model.

Your qualifications:

  • Basic familiarity with existing collaborative machine learning paradigms, preferably federated learning.
  • Basic familiarity with attacks on machine learning models (all information can be found in the references).
  • Advanced knowledge of machine learning and computer vision.
  • Excellent programming skills in Python and PyTorch.

What we offer:

  • Ability to perform cutting edge research in the field of adversarial and privacy-preserving machine learning.
  • Closely working and collaborating with a team of experts in privacy-preserving machine learning, deep learning and medical image analysis.
  • This project is targeting publication at leading privacy and security conferences/journals (e.g. PETS)


[1] Usynin, Dmitrii, et al. “Adversarial interference and its mitigations in privacy-preserving collaborative machine learning.” Nature Machine Intelligence 3.9 (2021): 749-758.

[2] Usynin, Dmitrii, et al. “Distributed Machine Learning and the Semblance of Trust.” arXiv preprint arXiv:2112.11040 (2021).

[3] Shokri, Reza, et al. “Membership inference attacks against machine learning models.” 2017 IEEE Symposium on Security and Privacy (SP). IEEE, 2017.

[4] Bagdasaryan, Eugene, et al. “How to backdoor federated learning.” International Conference on Artificial Intelligence and Statistics. PMLR, 2020.

[5] Khakzar, Ashkan, et al. “Neural response interpretation through the lens of critical pathways.” Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 2021.

[6] Zhang, Yang, et al. “Fine-grained neural network explanation by identifying input features with predictive information.” Advances in Neural Information Processing Systems 34 (2021): 20040-20051.

[7] Bau, David, et al. “Network dissection: Quantifying interpretability of deep visual representations.” Proceedings of the IEEE conference on computer vision and pattern recognition. 2017.

Dmitrii Usynin
Dmitrii Usynin
PhD Student

Attacks on machine learning, privacy-preserving machine learning.