Showing 1–2 of 2 results for author: Klause, H
-
Can collaborative learning be private, robust and scalable?
Authors:
Dmitrii Usynin,
Helena Klause,
Johannes C. Paetzold,
Daniel Rueckert,
Georgios Kaissis
Abstract:
In federated learning for medical image analysis, the safety of the learning protocol is paramount. Such settings can often be compromised by adversaries that target either the private data used by the federation or the integrity of the model itself. This requires the medical imaging community to develop mechanisms to train collaborative models that are private and robust against adversarial data.…
▽ More
In federated learning for medical image analysis, the safety of the learning protocol is paramount. Such settings can often be compromised by adversaries that target either the private data used by the federation or the integrity of the model itself. This requires the medical imaging community to develop mechanisms to train collaborative models that are private and robust against adversarial data. In response to these challenges, we propose a practical open-source framework to study the effectiveness of combining differential privacy, model compression and adversarial training to improve the robustness of models against adversarial samples under train- and inference-time attacks. Using our framework, we achieve competitive model performance, a significant reduction in model's size and an improved empirical adversarial robustness without a severe performance degradation, critical in medical image analysis.
△ Less
Submitted 8 August, 2022; v1 submitted 5 May, 2022;
originally announced May 2022.
-
Differentially private training of residual networks with scale normalisation
Authors:
Helena Klause,
Alexander Ziller,
Daniel Rueckert,
Kerstin Hammernik,
Georgios Kaissis
Abstract:
The training of neural networks with Differentially Private Stochastic Gradient Descent offers formal Differential Privacy guarantees but introduces accuracy trade-offs. In this work, we propose to alleviate these trade-offs in residual networks with Group Normalisation through a simple architectural modification termed ScaleNorm by which an additional normalisation layer is introduced after the r…
▽ More
The training of neural networks with Differentially Private Stochastic Gradient Descent offers formal Differential Privacy guarantees but introduces accuracy trade-offs. In this work, we propose to alleviate these trade-offs in residual networks with Group Normalisation through a simple architectural modification termed ScaleNorm by which an additional normalisation layer is introduced after the residual block's addition operation. Our method allows us to further improve on the recently reported state-of-the art on CIFAR-10, achieving a top-1 accuracy of 82.5% (ε=8.0) when trained from scratch.
△ Less
Submitted 6 May, 2022; v1 submitted 1 March, 2022;
originally announced March 2022.