-
Private and Collaborative Kaplan-Meier Estimators
Authors:
Shadi Rahimian,
Raouf Kerkouche,
Ina Kurth,
Mario Fritz
Abstract:
Kaplan-Meier estimators capture the survival behavior of a cohort. They are one of the key statistics in survival analysis. As with any estimator, they become more accurate in presence of larger datasets. This motivates multiple data holders to share their data in order to calculate a more accurate Kaplan-Meier estimator. However, these survival datasets often contain sensitive information of indi…
▽ More
Kaplan-Meier estimators capture the survival behavior of a cohort. They are one of the key statistics in survival analysis. As with any estimator, they become more accurate in presence of larger datasets. This motivates multiple data holders to share their data in order to calculate a more accurate Kaplan-Meier estimator. However, these survival datasets often contain sensitive information of individuals and it is the responsibility of the data holders to protect their data, thus a naive sharing of data is often not viable.
In this work, we propose two novel differentially private schemes that are facilitated by our novel synthetic dataset generation method. Based on these scheme we propose various paths that allow a joint estimation of the Kaplan-Meier curves with strict privacy guarantees.
Our contribution includes a taxonomy of methods for this task and an extensive experimental exploration and evaluation based on this structure. We show that we can construct a joint, global Kaplan-Meier estimator which satisfies very tight privacy guarantees and with no statistically-significant utility loss compared to the non-private centralized setting.
△ Less
Submitted 24 May, 2023;
originally announced May 2023.
-
Practical Challenges in Differentially-Private Federated Survival Analysis of Medical Data
Authors:
Shadi Rahimian,
Raouf Kerkouche,
Ina Kurth,
Mario Fritz
Abstract:
Survival analysis or time-to-event analysis aims to model and predict the time it takes for an event of interest to happen in a population or an individual. In the medical context this event might be the time of dying, metastasis, recurrence of cancer, etc. Recently, the use of neural networks that are specifically designed for survival analysis has become more popular and an attractive alternativ…
▽ More
Survival analysis or time-to-event analysis aims to model and predict the time it takes for an event of interest to happen in a population or an individual. In the medical context this event might be the time of dying, metastasis, recurrence of cancer, etc. Recently, the use of neural networks that are specifically designed for survival analysis has become more popular and an attractive alternative to more traditional methods. In this paper, we take advantage of the inherent properties of neural networks to federate the process of training of these models. This is crucial in the medical domain since data is scarce and collaboration of multiple health centers is essential to make a conclusive decision about the properties of a treatment or a disease. To ensure the privacy of the datasets, it is common to utilize differential privacy on top of federated learning. Differential privacy acts by introducing random noise to different stages of training, thus making it harder for an adversary to extract details about the data. However, in the realistic setting of small medical datasets and only a few data centers, this noise makes it harder for the models to converge. To address this problem, we propose DPFed-post which adds a post-processing stage to the private federated learning scheme. This extra step helps to regulate the magnitude of the noisy average parameter update and easier convergence of the model. For our experiments, we choose 3 real-world datasets in the realistic setting when each health center has only a few hundred records, and we show that DPFed-post successfully increases the performance of the models by an average of up to $17\%$ compared to the standard differentially private federated learning scheme.
△ Less
Submitted 8 February, 2022;
originally announced February 2022.
-
Sampling Attacks: Amplification of Membership Inference Attacks by Repeated Queries
Authors:
Shadi Rahimian,
Tribhuvanesh Orekondy,
Mario Fritz
Abstract:
Machine learning models have been shown to leak information violating the privacy of their training set. We focus on membership inference attacks on machine learning models which aim to determine whether a data point was used to train the victim model. Our work consists of two sides: We introduce sampling attack, a novel membership inference technique that unlike other standard membership adversar…
▽ More
Machine learning models have been shown to leak information violating the privacy of their training set. We focus on membership inference attacks on machine learning models which aim to determine whether a data point was used to train the victim model. Our work consists of two sides: We introduce sampling attack, a novel membership inference technique that unlike other standard membership adversaries is able to work under severe restriction of no access to scores of the victim model. We show that a victim model that only publishes the labels is still susceptible to sampling attacks and the adversary can recover up to 100% of its performance compared to when posterior vectors are provided. The other sides of our work includes experimental results on two recent membership inference attack models and the defenses against them. For defense, we choose differential privacy in the form of gradient perturbation during the training of the victim model as well as output perturbation at prediction time. We carry out our experiments on a wide range of datasets which allows us to better analyze the interaction between adversaries, defense mechanism and datasets. We find out that our proposed fast and easy-to-implement output perturbation technique offers good privacy protection for membership inference attacks at little impact on utility.
△ Less
Submitted 1 September, 2020;
originally announced September 2020.
-
Segmentations-Leak: Membership Inference Attacks and Defenses in Semantic Image Segmentation
Authors:
Yang He,
Shadi Rahimian,
Bernt Schiele,
Mario Fritz
Abstract:
Today's success of state of the art methods for semantic segmentation is driven by large datasets. Data is considered an important asset that needs to be protected, as the collection and annotation of such datasets comes at significant efforts and associated costs. In addition, visual data might contain private or sensitive information, that makes it equally unsuited for public release. Unfortunat…
▽ More
Today's success of state of the art methods for semantic segmentation is driven by large datasets. Data is considered an important asset that needs to be protected, as the collection and annotation of such datasets comes at significant efforts and associated costs. In addition, visual data might contain private or sensitive information, that makes it equally unsuited for public release. Unfortunately, recent work on membership inference in the broader area of adversarial machine learning and inference attacks on machine learning models has shown that even black box classifiers leak information on the dataset that they were trained on. We show that such membership inference attacks can be successfully carried out on complex, state of the art models for semantic segmentation. In order to mitigate the associated risks, we also study a series of defenses against such membership inference attacks and find effective counter measures against the existing risks with little effect on the utility of the segmentation method. Finally, we extensively evaluate our attacks and defenses on a range of relevant real-world datasets: Cityscapes, BDD100K, and Mapillary Vistas.
△ Less
Submitted 19 September, 2020; v1 submitted 20 December, 2019;
originally announced December 2019.
-
On the Capacity Region of ALOHA Protocol for the Internet of Things
Authors:
Moslem Noori,
Samira Rahimian,
Masoud Ardakani
Abstract:
Accommodating the needs of a large number of diverse users in the Internet of Things (IoT), notably managing how the users access the common channel, has posed unique challenges to the network designers. In this paper, we study a heterogeneous IoT network consisting of multiple classes of users who may have different service requirements. For this network, we consider the application of irregular…
▽ More
Accommodating the needs of a large number of diverse users in the Internet of Things (IoT), notably managing how the users access the common channel, has posed unique challenges to the network designers. In this paper, we study a heterogeneous IoT network consisting of multiple classes of users who may have different service requirements. For this network, we consider the application of irregular repetition slotted ALOHA (IRSA) that is shown to offer large throughput for single-class networks. Then, we focus on finding the network performance boundaries by studying the set of feasible throughput values for each class, called the capacity region. To this end, we first introduce the concept of dual network of a multi-class network meaning a homogeneous network with the same number of users. We then prove that finding the capacity region of the assumed multi-class network boils down to finding the maximum achievable throughput of its dual network. Using this finding, we then discuss how any given point of the capacity region can be achieved. Further, a delay performance study is conducted to evaluate the average and maximum packet transmission delay experienced by the users of each class.
△ Less
Submitted 27 May, 2016;
originally announced May 2016.