This repository contains the code for Key Protected Classification for Collaborative Learning
The experiments in the paper were implemented in TensorFlow. We re-implemented them in PyTorch. While doing that, we also improved the training of participants and generative networks (to make the attack stronger) by adding some heuristics.
src/scripts folder contains scripts to run experiments for:
clf_training.sh
Collaborative learning (CLF) training without any attacker => vanilla and key protected (ours) cases.
In our experimens we choose a CLF setup which does not involve a protection mechanism to prevent information leakage from participants.
Concretely:
gan_attack.sh
CLF with an attacker => vanilla GAN attack and GAN attack in key protected (ours) casesrun.sh
An example script that shows how to use these two scripts.We use torchvision and scikit-learn to handle automatic downloads of the MNIST and Olivetti Faces datasets.
So you don’t need to do anything to prepare data.
The code automatically downloads them into ../data/
.
Set the OUTPUT_ROOT
variables in clf_training.sh
and gan_attack.sh
scripts to the directory where you want the programs save outputs to.
environment:
src/requirements.txt
is generated via conda list -e > requirements.txt
.
See the first two lines of this file to create a new conda environment with all the packages I used to obtain the results below.
We show that our loss formulation and training procedure are useful for collaborative learning frameworks. For this, we split the classes in MNIST and Olivetti Faces datasets into two honest participants, and train shared models.
Observations:
This setting is the illustration for the extreme case: the attacker is able generate the same class key as one of the class keys generated by the participants => $c_{attack} = c_i$ for any $i$. To demonstrate this setting, we perform collaborative training where datasets are split into two participants and one of them is an adversary.
d-key | Digit 0 | Digit 1 | Digit 2 | Digit 3 | Digit 25 |
---|---|---|---|---|---|
128 | |||||
1024 | |||||
4096 | |||||
16384 |
d-key | Digit 0 | Digit 1 | Digit 2 | Digit 3 | Digit 25 |
---|---|---|---|---|---|
128 | |||||
1024 | |||||
4096 | |||||
16384 |
d-key | Without Fixed Layer | With Fixed Layer |
---|---|---|
128 | ||
1024 | ||
4096 | ||
16384 |
Observations:
Please use the following bib if you use the code or want to cite the paper.
@article{sariyildiz2020keyprotected,
title = "Key Protected Classification for Collaborative Learning",
author = "Mert Bulent Sariyildiz and Ramazan Gokberk Cinbis and Erman Ayday",
journal = "Pattern Recognition",
pages = "107327",
year = "2020",
issn = "0031-3203",
doi = "https://doi.org/10.1016/j.patcog.2020.107327",
url = "http://www.sciencedirect.com/science/article/pii/S0031320320301308",
}