Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Facebook Report on Privacy of fNIRS data

Md Imran Hossen, Sai Venkatesh Chilukoti, Liqun Shan, Vijay Srinivas Tida, Xiali Hei

TL;DR

This work tackles privacy risks inherent in fNIRS data by developing privacy-preserving ML approaches that combine differential privacy (DP) with centralized and federated training. It systematically compares DP-SGD and DP-Adam for centralized DP training and explores federated learning with and without DP, including a local DP setting, on the Tufts fNIRS2MW dataset. The findings show that DP-Adam generally yields higher utility under a given privacy budget, and that IID federated learning can approach centralized performance, while locally private FL incurs notable accuracy costs. The work highlights concrete privacy-utility trade-offs, outlines practical steps for implementing DP in FL, and proposes future directions toward non-IID data and transformer-based architectures for improved performance under privacy constraints.

Abstract

The primary goal of this project is to develop privacy-preserving machine learning model training techniques for fNIRS data. This project will build a local model in a centralized setting with both differential privacy (DP) and certified robustness. It will also explore collaborative federated learning to train a shared model between multiple clients without sharing local fNIRS datasets. To prevent unintentional private information leakage of such clients' private datasets, we will also implement DP in the federated learning setting.

Facebook Report on Privacy of fNIRS data

TL;DR

This work tackles privacy risks inherent in fNIRS data by developing privacy-preserving ML approaches that combine differential privacy (DP) with centralized and federated training. It systematically compares DP-SGD and DP-Adam for centralized DP training and explores federated learning with and without DP, including a local DP setting, on the Tufts fNIRS2MW dataset. The findings show that DP-Adam generally yields higher utility under a given privacy budget, and that IID federated learning can approach centralized performance, while locally private FL incurs notable accuracy costs. The work highlights concrete privacy-utility trade-offs, outlines practical steps for implementing DP in FL, and proposes future directions toward non-IID data and transformer-based architectures for improved performance under privacy constraints.

Abstract

The primary goal of this project is to develop privacy-preserving machine learning model training techniques for fNIRS data. This project will build a local model in a centralized setting with both differential privacy (DP) and certified robustness. It will also explore collaborative federated learning to train a shared model between multiple clients without sharing local fNIRS datasets. To prevent unintentional private information leakage of such clients' private datasets, we will also implement DP in the federated learning setting.
Paper Structure (26 sections, 1 equation, 5 figures, 3 tables, 2 algorithms)

This paper contains 26 sections, 1 equation, 5 figures, 3 tables, 2 algorithms.

Table of Contents

  1. Project Goal
  2. Objectives.
  3. Motivation.
  4. Background
  5. Differential Privacy (DP)
  6. Deep learning with differential privacy (DP)
  7. Federated Learning (FL)
  8. Federated aggregation
  9. Experimental results
  10. Dataset
  11. Implementation and evaluation platform
  12. Non-private centralized training (baseline)
  13. Differentially private centralized training
  14. Differentially private optimization algorithm
  15. Effect of the parameters
  16. ...and 11 more sections

Figures (5)

  • Figure 1: Training curves for different models.
  • Figure 2: Learning curves for DP-SGD and DP-Adam. With ($\epsilon=22.59$, $\delta=10^{-5}$)-differential privacy, we achieve 85.78% and 88.66% testing accuracy for DP-SGD and DP-Adam, respectively.
  • Figure 3: The effect of various parameters on differentially private training. We vary one parameter while keeping the others constant at reference values. The ($\epsilon$, $\delta$)-DP guarantee is fixed at (22.59, $10^{-5}$) for all the curves.
  • Figure 4: Results on accuracy for different DP budgets ($\epsilon$, $\delta=10^{-5}$). We achieve a testing accuracy of 78.81%, 80.28%, 83.87%, and 86.33%, with $\epsilon$ being 2.5, 4.0, 8.0, and 12.0, respectively.
  • Figure 5: Testing accuracy of federated learning models in an IID setting with a different number of clients. The number of global communication rounds is set to 20 with $E = 5$, $B = 1024$, and $\eta = 0.003$ for local updates.

Theorems & Definitions (1)

  • Definition 2.1: Differential Privacy