skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Federated Learning Robustness on Real World Data in Intelligent Transportation Systems
Machine Learning models are widely utilized in a variety of applications, including Intelligent Transportation Systems (ITS). As these systems are operating in highly dynamic environments, they are exposed to numerous security threats that cause Data Quality (DQ) variations. Among such threats are network attacks that may cause data losses. We evaluate the influence of these factors on the image DQ and consequently on the image ML model performance. We propose and investigate Federated Learning (FL) as the way to enhance the overall level of privacy and security in ITS, as well as to improve ML model robustness to possible DQ variations in real-world applications. Our empirical study conducted with traffic sign images and YOLO, VGG16 and ResNet models proved the greater robustness of FL-based architecture over a centralized one.  more » « less
Award ID(s):
2321652
PAR ID:
10532530
Author(s) / Creator(s):
; ; ;
Editor(s):
Goal, S
Publisher / Repository:
19th Annual Symposium on Information Assurance (ASIA’ 24) , June 4-5, 2024, Albany, NY
Date Published:
Format(s):
Medium: X
Location:
Albany, NY
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; ; (, IEEE)
    In industrial applications, Machine Learning (ML) services are often deployed on cloud infrastructure and require a transfer of the input data over a network, which is susceptible to Quality of Service (QoS) degradation. In this paper we investigate the robustness of industrial ML classifiers towards varying Data Quality (DQ) due to degradation in network QoS. We define the robustness of an ML model as the ability to maintain a certain level of performance under variable levels of DQ at its input. We employ the classification accuracy as the performance metric for the ML classifiers studied. The POWDER testbed is utilized to create an experimental setup consisting of a real-world wireless network connecting two nodes. We transfer multiple video and image files between the two nodes under varying degrees of packet loss and varying buffer sizes to create degraded data. We then evaluate the performance of AWS Rekognition, a commercial ML tool for on-demand object detection, on corrupted video and image data. We also evaluate the performance of YOLOv7 to compare the performance of a commercial and an open-source model. As a result we demonstrate that even a slight degree of packet loss, 1% for images and 0.2% for videos, can have a drastic impact on the classification performance of the system. We discuss the possible ways to make industrial ML systems more robust to network QoS degradation. 
    more » « less
  2. ; ; (, 2023 IEEE Power & Energy Society Innovative Smart Grid Technologies Conference (ISGT))
    Machine Learning (ML) algorithms have shown quite promising applications in smart meter data analytics enabling intelligent energy management systems for the Advanced Metering Infrastructure (AMI). One of the major challenges in developing ML applications for the AMI is to preserve user privacy while allowing active end-users participation. This paper addresses this challenge and proposes Differential Privacy-enabled AMI with Federated Learning (DP-AMI-FL), framework for ML-based applications in the AMI. This framework provides two layers of privacy protection: first, it keeps the raw data of consumers hosting ML applications at edge devices (smart meters) with Federated Learning (FL), and second, it obfuscates the ML models using Differential Privacy (DP) to avoid privacy leakage threats on the models posed by various inference attacks. The framework is evaluated by analyzing its performance on a use case aimed to improve Short-Term Load Forecasting (STLF) for residential consumers having smart meters and home energy management systems. Extensive experiments demonstrate that the framework when used with Long Short-Term Memory (LSTM) recurrent neural network models, achieves high forecasting accuracy while preserving users data privacy. 
    more » « less
  3. ; ; ; ; (, 19th Annual Symposium on Information Assurance (ASIA’ 24) , June 4-5, 2024, Albany, NY)
    Goel, S (Ed.)
    Federated Learning (FL), an emerging decentralized Machine Learning (ML) approach, offers a promising avenue for training models on distributed data while safeguarding individual privacy. Nevertheless, when imple- mented in real ML applications, adversarial attacks that aim to deteriorate the quality of the local training data and to compromise the performance of the resulting model still remaining a challenge. In this paper, we propose and develop an approach that integrates Reputation and Trust techniques into the conventional FL. These techniques incur a novel local models’ pre-processing step performed before the aggregation procedure, in which we cluster the local model updates in their parameter space and employ clustering results to evaluate trust towards each of the local clients. The trust value is updated in each aggregation round, and takes into account retrospective evaluations performed in the previous rounds that allow considering the history of updates to make the assessment more informative and reliable. Through our empirical study on a traffic signs classification computer vision application, we verify our novel approach that allow to identify local clients compromised by adversarial attacks and submitting updates detrimental to the FL performance. The local updates provided by non-trusted clients are excluded from aggregation, which allows to enhance FL security and robustness to the models that might be trained on corrupted data. 
    more » « less
  4. (, Proceedings of the 2023 Secure and Trustworthy Deep Learning Systems Workshop (SecTL ’23))
    Electroencephalography (EEG) based systems utilize machine learning (ML) and deep learning (DL) models in various applications such as seizure detection, emotion recognition, cognitive workload estimation, and brain-computer interface (BCI). However, the security and robustness of such intelligent systems under analog-domain threats have received limited attention. This paper presents the first demonstration of physical signal injection attacks on ML and DL models utilizing EEG data. We investigate how an adversary can degrade the performance of different models by non-invasively injecting signals into EEG recordings. We show that the attacks can mislead or manipulate the models and diminish the reliability of EEG-based systems. Overall, this research sheds light on the need for more trustworthy physiological-signal-based intelligent systems in the healthcare field and opens up avenues for future work. 
    more » « less
  5. ; ; (, IEEE Transactions on Sustainable Computing)
    Cyber-Physical Systems (CPS) are increasingly leveraging Federated Learning (FL) to enable decentralized intelligence while preserving privacy across distributed devices. Federated adversarial learning (FAL) leverages FL and adversarial training to enhance model robustness against adversarial attacks while maintaining data privacy across decentralized, heterogeneous devices. While FAL strengthens CPS resilience against adversarial threats, variations in energy constraints, carbon emissions, computational capabilities, and latency requirements introduce additional complexity. These variations impact energy consumption, carbon emissions, and power source efficiency, creating a complex trade-off between sustainability and robustness. This underscores the critical need for standardized metrics to systematically evaluate and balance these competing factors in FAL-enabled CPS. In this paper, we propose three novel robustness metrics designed to quantify the interplay between energy efficiency, sustainability dimensions, and adversarial robustness in FAL setups for CPS. The proposed methodology accounts for diverse CPS scenarios, addressing factors such as emissions, energy consumption, latency, renewable energy, and low-energy devices with critical latency needs. We validate our approach through simulations in two setups, including a single-device environment to isolate device variability and a heterogeneous multi-device environment to evaluate architectural impacts. The results demonstrate the effectiveness of our proposed metrics in systemically quantifying the trade-off between sustainability and robustness in FAL-based CPS. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Text Encoded Conversion
  • XML
  • Save / Share this Record
  • Send to Email