机器学习中的隐私和安全挑战(ML)已成为ML普遍的开发以及最近对大型攻击表面的展示,已成为一个关键的话题。作为一种成熟的以系统为导向的方法,在学术界和行业中越来越多地使用机密计算来改善各种ML场景的隐私和安全性。在本文中,我们将基于机密计算辅助的ML安全性和隐私技术的发现系统化,以提供i)保密保证和ii)完整性保证。我们进一步确定了关键挑战,并提供有关ML用例现有可信赖的执行环境(TEE)系统中限制的专门分析。我们讨论了潜在的工作,包括基础隐私定义,分区的ML执行,针对ML的专用发球台设计,TEE Awawe Aware ML和ML Full Pipeline保证。这些潜在的解决方案可以帮助实现强大的TEE ML,以保证无需引入计算和系统成本。
translated by 谷歌翻译
随着移动设备和基于位置的服务越来越多地在不同的智能城市场景和应用程序中开发,由于数据收集和共享,许多意外的隐私泄漏已经出现。当与云辅助应用程序共享地理位置数据时,用户重新识别和其他敏感的推论是主要的隐私威胁。值得注意的是,四个时空点足以唯一地识别95%的个人,这加剧了个人信息泄漏。为了解决诸如用户重新识别之类的恶意目的,我们提出了一种基于LSTM的对抗机制,具有代表性学习,以实现原始地理位置数据(即移动性数据)的隐私权特征表示,以共享目的。这些表示旨在以最小的公用事业预算(即损失)最大程度地减少用户重新识别和完整数据重建的机会。我们通过量化轨迹重建风险,用户重新识别风险和移动性可预测性来量化移动性数据集的隐私性权衡权衡来训练该机制。我们报告了探索性分析,使用户能够通过特定的损失功能及其权重参数评估此权衡。四个代表性移动数据集的广泛比较结果证明了我们提出的在移动性隐私保护方面的架构的优越性以及提议的隐私权提取器提取器的效率。我们表明,流动痕迹的隐私能够以边际移动公用事业为代价获得体面的保护。我们的结果还表明,通过探索帕累托最佳设置,我们可以同时增加隐私(45%)和实用程序(32%)。
translated by 谷歌翻译
根据手头的任务,错误可能不会产生相同的后果。然而,研究有限的研究研究了错误向量中不同特征的贡献的不平衡影响。因此,我们提出功能影响平衡(FIB)得分。它衡量了两个向量之间的差异中特征是否存在平衡的影响。我们设计的FIB得分位于[0,1]中。得分接近0表示,少数功能会导致大多数错误,而得分接近1表示大多数功能都会同等地造成误差。我们使用自动编码器和变异自动编码器在不同数据集上实验研究FIB。我们展示了功能影响平衡在训练过程中如何变化,并展示其可用性以支持单输出和多输出任务的模型选择。
translated by 谷歌翻译
对协作学习的实证攻击表明,深度神经网络的梯度不仅可以披露训练数据的私有潜在属性,还可以用于重建原始数据。虽然先前的作品试图量化了梯度的隐私风险,但这些措施没有建立理论上对梯度泄漏的理解了解,而不是跨越攻击者的概括,并且不能完全解释通过实际攻击在实践中通过实证攻击观察到的内容。在本文中,我们介绍了理论上激励的措施,以量化攻击依赖和攻击无关方式的信息泄漏。具体而言,我们展示了$ \ mathcal {v} $ - 信息的适应,它概括了经验攻击成功率,并允许量化可以从任何所选择的攻击模型系列泄漏的信息量。然后,我们提出了独立的措施,只需要共享梯度,用于量化原始和潜在信息泄漏。我们的经验结果,六个数据集和四种流行型号,揭示了第一层的梯度包含最高量的原始信息,而(卷积)特征提取器层之后的(完全连接的)分类层包含最高的潜在信息。此外,我们展示了如何在训练期间诸如梯度聚集的技术如何减轻信息泄漏。我们的工作为更好的防御方式铺平了道路,例如基于层的保护或强聚合。
translated by 谷歌翻译
In large-scale machine learning, recent works have studied the effects of compressing gradients in stochastic optimization in order to alleviate the communication bottleneck. These works have collectively revealed that stochastic gradient descent (SGD) is robust to structured perturbations such as quantization, sparsification, and delays. Perhaps surprisingly, despite the surge of interest in large-scale, multi-agent reinforcement learning, almost nothing is known about the analogous question: Are common reinforcement learning (RL) algorithms also robust to similar perturbations? In this paper, we investigate this question by studying a variant of the classical temporal difference (TD) learning algorithm with a perturbed update direction, where a general compression operator is used to model the perturbation. Our main technical contribution is to show that compressed TD algorithms, coupled with an error-feedback mechanism used widely in optimization, exhibit the same non-asymptotic theoretical guarantees as their SGD counterparts. We then extend our results significantly to nonlinear stochastic approximation algorithms and multi-agent settings. In particular, we prove that for multi-agent TD learning, one can achieve linear convergence speedups in the number of agents while communicating just $\tilde{O}(1)$ bits per agent at each time step. Our work is the first to provide finite-time results in RL that account for general compression operators and error-feedback in tandem with linear function approximation and Markovian sampling. Our analysis hinges on studying the drift of a novel Lyapunov function that captures the dynamics of a memory variable introduced by error feedback.
translated by 谷歌翻译
With Twitter's growth and popularity, a huge number of views are shared by users on various topics, making this platform a valuable information source on various political, social, and economic issues. This paper investigates English tweets on the Russia-Ukraine war to analyze trends reflecting users' opinions and sentiments regarding the conflict. The tweets' positive and negative sentiments are analyzed using a BERT-based model, and the time series associated with the frequency of positive and negative tweets for various countries is calculated. Then, we propose a method based on the neighborhood average for modeling and clustering the time series of countries. The clustering results provide valuable insight into public opinion regarding this conflict. Among other things, we can mention the similar thoughts of users from the United States, Canada, the United Kingdom, and most Western European countries versus the shared views of Eastern European, Scandinavian, Asian, and South American nations toward the conflict.
translated by 谷歌翻译
Solving portfolio management problems using deep reinforcement learning has been getting much attention in finance for a few years. We have proposed a new method using experts signals and historical price data to feed into our reinforcement learning framework. Although experts signals have been used in previous works in the field of finance, as far as we know, it is the first time this method, in tandem with deep RL, is used to solve the financial portfolio management problem. Our proposed framework consists of a convolutional network for aggregating signals, another convolutional network for historical price data, and a vanilla network. We used the Proximal Policy Optimization algorithm as the agent to process the reward and take action in the environment. The results suggested that, on average, our framework could gain 90 percent of the profit earned by the best expert.
translated by 谷歌翻译
Autoencoders are a popular model in many branches of machine learning and lossy data compression. However, their fundamental limits, the performance of gradient methods and the features learnt during optimization remain poorly understood, even in the two-layer setting. In fact, earlier work has considered either linear autoencoders or specific training regimes (leading to vanishing or diverging compression rates). Our paper addresses this gap by focusing on non-linear two-layer autoencoders trained in the challenging proportional regime in which the input dimension scales linearly with the size of the representation. Our results characterize the minimizers of the population risk, and show that such minimizers are achieved by gradient methods; their structure is also unveiled, thus leading to a concise description of the features obtained via training. For the special case of a sign activation function, our analysis establishes the fundamental limits for the lossy compression of Gaussian sources via (shallow) autoencoders. Finally, while the results are proved for Gaussian data, numerical simulations on standard datasets display the universality of the theoretical predictions.
translated by 谷歌翻译
Recently, Smart Video Surveillance (SVS) systems have been receiving more attention among scholars and developers as a substitute for the current passive surveillance systems. These systems are used to make the policing and monitoring systems more efficient and improve public safety. However, the nature of these systems in monitoring the public's daily activities brings different ethical challenges. There are different approaches for addressing privacy issues in implementing the SVS. In this paper, we are focusing on the role of design considering ethical and privacy challenges in SVS. Reviewing four policy protection regulations that generate an overview of best practices for privacy protection, we argue that ethical and privacy concerns could be addressed through four lenses: algorithm, system, model, and data. As an case study, we describe our proposed system and illustrate how our system can create a baseline for designing a privacy perseverance system to deliver safety to society. We used several Artificial Intelligence algorithms, such as object detection, single and multi camera re-identification, action recognition, and anomaly detection, to provide a basic functional system. We also use cloud-native services to implement a smartphone application in order to deliver the outputs to the end users.
translated by 谷歌翻译
Domain adaptation aims to transfer the knowledge acquired by models trained on (data-rich) source domains to (low-resource) target domains, for which a popular method is invariant representation learning. While they have been studied extensively for classification and regression problems, how they apply to ranking problems, where the data and metrics have a list structure, is not well understood. Theoretically, we establish a domain adaptation generalization bound for ranking under listwise metrics such as MRR and NDCG. The bound suggests an adaptation method via learning list-level domain-invariant feature representations, whose benefits are empirically demonstrated by unsupervised domain adaptation experiments on real-world ranking tasks, including passage reranking. A key message is that for domain adaptation, the representations should be analyzed at the same level at which the metric is computed, as we show that learning invariant representations at the list level is most effective for adaptation on ranking problems.
translated by 谷歌翻译