-
Improved Localized Machine Unlearning Through the Lens of Memorization
Authors:
Reihaneh Torkzadehmahani,
Reza Nasirigerdeh,
Georgios Kaissis,
Daniel Rueckert,
Gintare Karolina Dziugaite,
Eleni Triantafillou
Abstract:
Machine unlearning refers to removing the influence of a specified subset of training data from a machine learning model, efficiently, after it has already been trained. This is important for key applications, including making the model more accurate by removing outdated, mislabeled, or poisoned data. In this work, we study localized unlearning, where the unlearning algorithm operates on a (small)…
▽ More
Machine unlearning refers to removing the influence of a specified subset of training data from a machine learning model, efficiently, after it has already been trained. This is important for key applications, including making the model more accurate by removing outdated, mislabeled, or poisoned data. In this work, we study localized unlearning, where the unlearning algorithm operates on a (small) identified subset of parameters. Drawing inspiration from the memorization literature, we propose an improved localization strategy that yields strong results when paired with existing unlearning algorithms. We also propose a new unlearning algorithm, Deletion by Example Localization (DEL), that resets the parameters deemed-to-be most critical according to our localization strategy, and then finetunes them. Our extensive experiments on different datasets, forget sets and metrics reveal that DEL sets a new state-of-the-art for unlearning metrics, against both localized and full-parameter methods, while modifying a small subset of parameters, and outperforms the state-of-the-art localized unlearning in terms of test accuracy too.
△ Less
Submitted 3 December, 2024;
originally announced December 2024.
-
Machine Unlearning for Medical Imaging
Authors:
Reza Nasirigerdeh,
Nader Razmi,
Julia A. Schnabel,
Daniel Rueckert,
Georgios Kaissis
Abstract:
Machine unlearning is the process of removing the impact of a particular set of training samples from a pretrained model. It aims to fulfill the "right to be forgotten", which grants the individuals such as patients the right to reconsider their contribution in models including medical imaging models. In this study, we evaluate the effectiveness (performance) and computational efficiency of differ…
▽ More
Machine unlearning is the process of removing the impact of a particular set of training samples from a pretrained model. It aims to fulfill the "right to be forgotten", which grants the individuals such as patients the right to reconsider their contribution in models including medical imaging models. In this study, we evaluate the effectiveness (performance) and computational efficiency of different unlearning algorithms in medical imaging domain. Our evaluations demonstrate that the considered unlearning algorithms perform well on the retain set (samples whose influence on the model is allowed to be retained) and forget set (samples whose contribution to the model should be eliminated), and show no bias against male or female samples. They, however, adversely impact the generalization of the model, especially for larger forget set sizes. Moreover, they might be biased against easy or hard samples, and need additional computational overhead for hyper-parameter tuning. In conclusion, machine unlearning seems promising for medical imaging, but the existing unlearning algorithms still needs further improvements to become more practical for medical applications.
△ Less
Submitted 10 July, 2024;
originally announced July 2024.
-
Label Noise-Robust Learning using a Confidence-Based Sieving Strategy
Authors:
Reihaneh Torkzadehmahani,
Reza Nasirigerdeh,
Daniel Rueckert,
Georgios Kaissis
Abstract:
In learning tasks with label noise, improving model robustness against overfitting is a pivotal challenge because the model eventually memorizes labels, including the noisy ones. Identifying the samples with noisy labels and preventing the model from learning them is a promising approach to address this challenge. When training with noisy labels, the per-class confidence scores of the model, repre…
▽ More
In learning tasks with label noise, improving model robustness against overfitting is a pivotal challenge because the model eventually memorizes labels, including the noisy ones. Identifying the samples with noisy labels and preventing the model from learning them is a promising approach to address this challenge. When training with noisy labels, the per-class confidence scores of the model, represented by the class probabilities, can be reliable criteria for assessing whether the input label is the true label or the corrupted one. In this work, we exploit this observation and propose a novel discriminator metric called confidence error and a sieving strategy called CONFES to differentiate between the clean and noisy samples effectively. We provide theoretical guarantees on the probability of error for our proposed metric. Then, we experimentally illustrate the superior performance of our proposed approach compared to recent studies on various settings, such as synthetic and real-world label noise. Moreover, we show CONFES can be combined with other state-of-the-art approaches, such as Co-teaching and DivideMix to further improve model performance.
△ Less
Submitted 27 September, 2023; v1 submitted 11 October, 2022;
originally announced October 2022.
-
Kernel Normalized Convolutional Networks for Privacy-Preserving Machine Learning
Authors:
Reza Nasirigerdeh,
Javad Torkzadehmahani,
Daniel Rueckert,
Georgios Kaissis
Abstract:
Normalization is an important but understudied challenge in privacy-related application domains such as federated learning (FL), differential privacy (DP), and differentially private federated learning (DP-FL). While the unsuitability of batch normalization for these domains has already been shown, the impact of other normalization methods on the performance of federated or differentially private…
▽ More
Normalization is an important but understudied challenge in privacy-related application domains such as federated learning (FL), differential privacy (DP), and differentially private federated learning (DP-FL). While the unsuitability of batch normalization for these domains has already been shown, the impact of other normalization methods on the performance of federated or differentially private models is not well-known. To address this, we draw a performance comparison among layer normalization (LayerNorm), group normalization (GroupNorm), and the recently proposed kernel normalization (KernelNorm) in FL, DP, and DP-FL settings. Our results indicate LayerNorm and GroupNorm provide no performance gain compared to the baseline (i.e. no normalization) for shallow models in FL and DP. They, on the other hand, considerably enhance the performance of shallow models in DP-FL and deeper models in FL and DP. KernelNorm, moreover, significantly outperforms its competitors in terms of accuracy and convergence rate (or communication efficiency) for both shallow and deeper models in all considered learning environments. Given these key observations, we propose a kernel normalized ResNet architecture called KNResNet-13 for differentially private learning. Using the proposed architecture, we provide new state-of-the-art accuracy values on the CIFAR-10 and Imagenette datasets, when trained from scratch.
△ Less
Submitted 23 November, 2022; v1 submitted 30 September, 2022;
originally announced October 2022.
-
Kernel Normalized Convolutional Networks
Authors:
Reza Nasirigerdeh,
Reihaneh Torkzadehmahani,
Daniel Rueckert,
Georgios Kaissis
Abstract:
Existing convolutional neural network architectures frequently rely upon batch normalization (BatchNorm) to effectively train the model. BatchNorm, however, performs poorly with small batch sizes, and is inapplicable to differential privacy. To address these limitations, we propose the kernel normalization (KernelNorm) and kernel normalized convolutional layers, and incorporate them into kernel no…
▽ More
Existing convolutional neural network architectures frequently rely upon batch normalization (BatchNorm) to effectively train the model. BatchNorm, however, performs poorly with small batch sizes, and is inapplicable to differential privacy. To address these limitations, we propose the kernel normalization (KernelNorm) and kernel normalized convolutional layers, and incorporate them into kernel normalized convolutional networks (KNConvNets) as the main building blocks. We implement KNConvNets corresponding to the state-of-the-art ResNets while forgoing the BatchNorm layers. Through extensive experiments, we illustrate that KNConvNets achieve higher or competitive performance compared to the BatchNorm counterparts in image classification and semantic segmentation. They also significantly outperform their batch-independent competitors including those based on layer and group normalization in non-private and differentially private training. Given that, KernelNorm combines the batch-independence property of layer and group normalization with the performance advantage of BatchNorm.
△ Less
Submitted 4 March, 2024; v1 submitted 20 May, 2022;
originally announced May 2022.
-
HyFed: A Hybrid Federated Framework for Privacy-preserving Machine Learning
Authors:
Reza Nasirigerdeh,
Reihaneh Torkzadehmahani,
Julian Matschinske,
Jan Baumbach,
Daniel Rueckert,
Georgios Kaissis
Abstract:
Federated learning (FL) enables multiple clients to jointly train a global model under the coordination of a central server. Although FL is a privacy-aware paradigm, where raw data sharing is not required, recent studies have shown that FL might leak the private data of a client through the model parameters shared with the server or the other clients. In this paper, we present the HyFed framework,…
▽ More
Federated learning (FL) enables multiple clients to jointly train a global model under the coordination of a central server. Although FL is a privacy-aware paradigm, where raw data sharing is not required, recent studies have shown that FL might leak the private data of a client through the model parameters shared with the server or the other clients. In this paper, we present the HyFed framework, which enhances the privacy of FL while preserving the utility of the global model. HyFed provides developers with a generic API to develop federated, privacy-preserving algorithms. HyFed supports both simulation and federated operation modes and its source code is publicly available at https://github.com/tum-aimed/hyfed.
△ Less
Submitted 27 October, 2021; v1 submitted 21 May, 2021;
originally announced May 2021.
-
The FeatureCloud AI Store for Federated Learning in Biomedicine and Beyond
Authors:
Julian Matschinske,
Julian Späth,
Reza Nasirigerdeh,
Reihaneh Torkzadehmahani,
Anne Hartebrodt,
Balázs Orbán,
Sándor Fejér,
Olga Zolotareva,
Mohammad Bakhtiari,
Béla Bihari,
Marcus Bloice,
Nina C Donner,
Walid Fdhila,
Tobias Frisch,
Anne-Christin Hauschild,
Dominik Heider,
Andreas Holzinger,
Walter Hötzendorfer,
Jan Hospes,
Tim Kacprowski,
Markus Kastelitz,
Markus List,
Rudolf Mayer,
Mónika Moga,
Heimo Müller
, et al. (7 additional authors not shown)
Abstract:
Machine Learning (ML) and Artificial Intelligence (AI) have shown promising results in many areas and are driven by the increasing amount of available data. However, this data is often distributed across different institutions and cannot be shared due to privacy concerns. Privacy-preserving methods, such as Federated Learning (FL), allow for training ML models without sharing sensitive data, but t…
▽ More
Machine Learning (ML) and Artificial Intelligence (AI) have shown promising results in many areas and are driven by the increasing amount of available data. However, this data is often distributed across different institutions and cannot be shared due to privacy concerns. Privacy-preserving methods, such as Federated Learning (FL), allow for training ML models without sharing sensitive data, but their implementation is time-consuming and requires advanced programming skills. Here, we present the FeatureCloud AI Store for FL as an all-in-one platform for biomedical research and other applications. It removes large parts of this complexity for developers and end-users by providing an extensible AI Store with a collection of ready-to-use apps. We show that the federated apps produce similar results to centralized ML, scale well for a typical number of collaborators and can be combined with Secure Multiparty Computation (SMPC), thereby making FL algorithms safely and easily applicable in biomedical and clinical environments.
△ Less
Submitted 12 May, 2021;
originally announced May 2021.
-
Federated Multi-Mini-Batch: An Efficient Training Approach to Federated Learning in Non-IID Environments
Authors:
Reza Nasirigerdeh,
Mohammad Bakhtiari,
Reihaneh Torkzadehmahani,
Amirhossein Bayat,
Markus List,
David B. Blumenthal,
Jan Baumbach
Abstract:
Federated learning has faced performance and network communication challenges, especially in the environments where the data is not independent and identically distributed (IID) across the clients. To address the former challenge, we introduce the federated-centralized concordance property and show that the federated single-mini-batch training approach can achieve comparable performance as the cor…
▽ More
Federated learning has faced performance and network communication challenges, especially in the environments where the data is not independent and identically distributed (IID) across the clients. To address the former challenge, we introduce the federated-centralized concordance property and show that the federated single-mini-batch training approach can achieve comparable performance as the corresponding centralized training in the Non-IID environments. To deal with the latter, we present the federated multi-mini-batch approach and illustrate that it can establish a trade-off between the performance and communication efficiency and outperforms federated averaging in the Non-IID settings.
△ Less
Submitted 3 July, 2021; v1 submitted 13 November, 2020;
originally announced November 2020.
-
Privacy-preserving Artificial Intelligence Techniques in Biomedicine
Authors:
Reihaneh Torkzadehmahani,
Reza Nasirigerdeh,
David B. Blumenthal,
Tim Kacprowski,
Markus List,
Julian Matschinske,
Julian Späth,
Nina Kerstin Wenke,
Béla Bihari,
Tobias Frisch,
Anne Hartebrodt,
Anne-Christin Hausschild,
Dominik Heider,
Andreas Holzinger,
Walter Hötzendorfer,
Markus Kastelitz,
Rudolf Mayer,
Cristian Nogales,
Anastasia Pustozerova,
Richard Röttger,
Harald H. H. W. Schmidt,
Ameli Schwalber,
Christof Tschohl,
Andrea Wohner,
Jan Baumbach
Abstract:
Artificial intelligence (AI) has been successfully applied in numerous scientific domains. In biomedicine, AI has already shown tremendous potential, e.g. in the interpretation of next-generation sequencing data and in the design of clinical decision support systems. However, training an AI model on sensitive data raises concerns about the privacy of individual participants. For example, summary s…
▽ More
Artificial intelligence (AI) has been successfully applied in numerous scientific domains. In biomedicine, AI has already shown tremendous potential, e.g. in the interpretation of next-generation sequencing data and in the design of clinical decision support systems. However, training an AI model on sensitive data raises concerns about the privacy of individual participants. For example, summary statistics of a genome-wide association study can be used to determine the presence or absence of an individual in a given dataset. This considerable privacy risk has led to restrictions in accessing genomic and other biomedical data, which is detrimental for collaborative research and impedes scientific progress. Hence, there has been a substantial effort to develop AI methods that can learn from sensitive data while protecting individuals' privacy. This paper provides a structured overview of recent advances in privacy-preserving AI techniques in biomedicine. It places the most important state-of-the-art approaches within a unified taxonomy and discusses their strengths, limitations, and open problems. As the most promising direction, we suggest combining federated machine learning as a more scalable approach with other additional privacy preserving techniques. This would allow to merge the advantages to provide privacy guarantees in a distributed way for biomedical applications. Nonetheless, more research is necessary as hybrid approaches pose new challenges such as additional network or computation overhead.
△ Less
Submitted 6 November, 2020; v1 submitted 22 July, 2020;
originally announced July 2020.
