Data Perturbation Research Articles

Privacy-Preserving Data Sharing Platform

In today's data-driven healthcare landscape, the secure sharing of sensitive medical information is essential for improving patient care, facilitating medical research, and advancing healthcare outcomes. However, ensuring the integrity, confidentiality, and privacy of patient data poses significant challenges, particularly in the context of big data environments. This presents a comprehensive framework for privacy-preserving data sharing in healthcare, leveraging a combination of cryptographic techniques, encryption, and secure computation protocols. The framework encompasses various privacy-preserving mechanisms, including Differential Privacy with Data Perturbation, Secure Multi-Party Computation (SMPC), and Homomorphic Encryption, to protect sensitive healthcare data from unauthorized access and disclosure. By implementing state-of-the-art privacy-preserving techniques, the framework aims to enable secure data sharing among multiple parties while complying with regulatory requirements such as HIPAA and GDPR. Additionally, the paper discusses the project scope, which includes cryptography, encryption, decryption, integrity, confidentiality, privacy, policies, procedures, security, and secure data sharing infrastructure. The proposed framework provides a practical solution for healthcare organizations and research institutions to collaborate on data-driven initiatives while safeguarding patient privacy and maintaining trust. Evaluation of the framework's effectiveness and performance metrics is conducted to validate its feasibility and efficacy in real-world healthcare settings. Keywords: Privacy-preserving data sharing, Differential Privacy, Data Perturbation, Secure Multi-Party Computation (SMPC)

Stability analysis and enhancement of super-efficiency model based on space distance

The traditional super-efficiency data Enveloping analysis (DEA) model can further distinguish the efficiency of efficient DMU. However, this distinction is unstable when there are perturbations in the efficient DMU inputs and outputs. The spatial distance can reflect the spatial variation of DMU on the envelope surface. We investigate the stability of the modified VRS super-efficiency model in the presence of data perturbations in efficiency DMUs and calculate its stability with spatial distances, providing a necessary and sufficient condition for such perturbations to affect the results of calculations of other efficient DMU super-efficiencies. A new super-efficiency model is proposed, which combines spatial distance to increase the constraint on projection point. Numerical examples are used to illustrate the model. On this basis, a spatial distance model for calculating inefficient DMU efficiency is further developed.

A subject-specific unsupervised deep learning method for quantitative susceptibility mapping using implicit neural representation

Quantitative susceptibility mapping (QSM) is an MRI-based technique that estimates the underlying tissue magnetic susceptibility based on phase signal. Deep learning (DL)-based methods have shown promise in handling the challenging ill-posed inverse problem for QSM reconstruction. However, they require extensive paired training data that are typically unavailable and suffer from generalization problems. Recent model-incorporated DL approaches also overlook the non-local effect of the tissue phase in applying the source-to-field forward model due to patch-based training constraint, resulting in a discrepancy between the prediction and measurement and subsequently suboptimal QSM reconstruction. This study proposes an unsupervised and subject-specific DL method for QSM reconstruction based on implicit neural representation (INR), referred to as INR-QSM. INR has emerged as a powerful framework for learning a high-quality continuous representation of the signal (image) by exploiting its internal information without training labels. In INR-QSM, the desired susceptibility map is represented as a continuous function of the spatial coordinates, parameterized by a fully-connected neural network. The weights are learned by minimizing a loss function that includes a data fidelity term incorporated by the physical model and regularization terms. Additionally, a novel phase compensation strategy is proposed for the first time to account for the non-local effect of tissue phase in data consistency calculation to make the physical model more accurate. Our experiments show that INR-QSM outperforms traditional established QSM reconstruction methods and the compared unsupervised DL method both qualitatively and quantitatively, and is competitive against supervised DL methods under data perturbations.

Local solvability and stability for the inverse Sturm‐Liouville problem with polynomials in the boundary conditions

In this paper, we for the first time prove local solvability and stability of the inverse Sturm‐Liouville problem with complex‐valued singular potential and with polynomials of the spectral parameter in the boundary conditions. The proof method is constructive. It is based on the reduction of the inverse problem to a linear equation in the Banach space of bounded infinite sequences. We prove that, under a small perturbation of the spectral data, the main equation of the inverse problem remains uniquely solvable. Furthermore, we derive new reconstruction formulas for obtaining the problem coefficients from the solution of the main equation and get stability estimates for the recovered coefficients.

Modeling of limit order book data with ordered fuzzy numbers

This paper presents a novel approach to representing the Limit Order Book data at a given timestamp using the Ordered Fuzzy Numbers concept. The limit order book contains all buy and sell orders placed by investors, updated in real-time, for the most liquid securities, even several hundred times a minute. Due to its irregular nature (different and dynamic changes in the number of buy and sell orders), direct calculations on the order book data are not feasible without transforming it into feature vectors. Currently, most studies use a price level-based data representation scheme when applying deep learning models on limit order book data. However, this scheme has limitations, particularly its sensitivity to subtle perturbations that can negatively impact model performance. On the other hand, the ordered fuzzy number is a mathematical object (a pair of two functions) used to process imprecise and uncertain data. Ordered Fuzzy Numbers possess well-defined arithmetic properties. Converting the limit order book data to ordered fuzzy numbers allows the creation of a time series of ordered fuzzy numbers (order books) and use them for further calculations, e.g., to represent input data for deep learning models or employing the concept of fuzzy time series in various domains, such as defining liquidity measures based on limit order book data. In this paper, the proposed approach is tested using one-year market data from the Polish Stock Exchange for the five biggest companies. The DeepLOB model is employed to predict mid-price movement using different input data representations. The proposed representation of Limit Order Book data demonstrated remarkably stable out-of-sample prediction accuracy, even when subjected to data perturbation.

Data poisoning attacks on traffic state estimation and prediction

Data has become ubiquitous nowadays in transportation, including vehicular data and infrastructure-generated data. The growing reliance on data poses potential cybersecurity issues to transportation systems, among which the so-called “data poisoning” attacks by adversaries are becoming increasingly critical. Such attacks aim to compromise a system’s performance by adding systematic and malicious noises, perturbations, or deviations to the dataset used by the system. Formal investigations of data poisoning attacks are essential for understanding the attacks and developing effective defense methods. This study develops a general data poisoning attack model for traffic state estimation and prediction (TSEP) that is a basic application in transportation. We first formulate data poisoning attacks as a general sensitivity analysis of parameterized optimization problems over parameter changes (i.e., data perturbations) and study the Lipschitz continuity property of the solution with the presence of general (equality and inequality) constraints. Then, we develop attack models that fit a broader spectrum of learning applications (such as TSEP) by extending existing models that only focus on learning problems with no or equality constraints (widely used in the cybersecurity field). Since the solution of such general problems is often continuous but not differentiable with data changes, we apply the generalized implicit function theorem to compute the semi-derivatives that express how the TSEP solution responds to data perturbations. The semi-derivatives enable us to evaluate TSEP models’ vulnerability (at each data point) and solve the proposed attack model. We demonstrate the generality and effectiveness of the proposed method on two TSEP models using mobile sensing data.

PT-ADP: A personalized privacy-preserving federated learning scheme based on transaction mechanism

Differential privacy (DP) is a widely used technique for enhancing privacy in federated learning (FL) frameworks, whereby noise is added to the datasets or learning parameters to prevent attackers from discovering which client (i.e., the data owner) the sensitive information originated from. More noise implies higher privacy protection but also leads to a decrease in model accuracy. The privacy budget is a key parameter that controls the amount of noise. Most existing methods focus on the same privacy budget, ignoring the various privacy protection requirements of the clients. In this study, we propose PT-ADP, which is a personalized privacy-preserving federated learning scheme. First, a privacy transaction mechanism (PT) is proposed to realize personalized allocation of privacy budget for clients through “quotation-allocation.” Subsequently, an adaptive transmission data perturbation mechanism (ADP) is proposed to save a large amount of privacy budget and improve accuracy under the premise of providing sufficient privacy protection. The security, convergence, efficiency, and specific parameters of the proposed scheme were theoretically analyzed and verified through extensive experiments. PT-ADP can improve model availability while providing the same level of privacy protection compared to other schemes, without increasing complexity and communication overhead.

Convergence of non-linear diagonal frame filtering for regularizing inverse problems

Inverse problems are key issues in several scientific areas, including signal processing and medical imaging. Since inverse problems typically suffer from instability with respect to data perturbations, a variety of regularization techniques have been proposed. In particular, the use of filtered diagonal frame decompositions (DFDs) has proven to be effective and computationally efficient. However, existing convergence analysis applies only to linear filters and a few non-linear filters such as soft thresholding. In this paper, we analyze filtered DFDs with general non-linear filters. In particular, our results generalize singular value decomposition-based spectral filtering from linear to non-linear filters as a special case. As a first approach, we establish a connection between non-linear diagonal frame filtering and variational regularization, allowing us to use results from variational regularization to derive the convergence of non-linear spectral filtering. In the second approach, as our main theoretical results, we relax the assumptions involved in the variational case while still deriving convergence. Furthermore, we discuss connections between non-linear filtering and plug-and-play regularization and explore potential benefits of this relationship.

Robust Deep Neural Network for Learning in Noisy Multi-Label Food Images.

Deep networks can facilitate the monitoring of a balanced diet to help prevent various health problems related to eating disorders. Large, diverse, and clean data are essential for learning these types of algorithms. Although data can be collected automatically, the data cleaning process is time-consuming. This study aims to provide the model with the ability to learn even when the data are not completely clean. For this purpose, we extend the Attentive Feature MixUp method to enable its learning on noisy multi-label food data. The extension was based on the hypothesis that during the MixUp phase, when a pair of images are mixed, the resulting soft labels should be different for each ingredient, being larger for ingredients that are mixed with the background because they are better distinguished than when they are mixed with other ingredients. Furthermore, to address data perturbation, the incorporation of the Laplace approximation as a post-hoc method was analyzed. The evaluation of the proposed method was performed on two food datasets, where a notable performance improvement was obtained in terms of Jaccard index and F1 score, which validated the hypothesis raised. With the proposed MixUp, our method reduces the memorization of noisy multi-labels, thereby improving its performance.

HAIC-NET: Semi-supervised OCTA vessel segmentation with self-supervised pretext task and dual consistency training

Optical Coherence Tomography Angiography(OCTA) vessel segmentation is a challenging task. On the one hand, the complex structure of the capillary networks presents significant obstacles to achieving accurate vessel segmentation. On the other hand, current research on OCTA vessel segmentation heavily relies on high-quality manual annotations, especially in fully-supervised approaches. In contrast, pixel-level annotation of OCTA vessels is time-consuming and labor-intensive. To address these issues, we propose a semi-supervised method called HAIC-Net, which integrates self-supervised learning with a homologous augmented image classification pretext task and dual consistency training with data perturbation consistency and topological connectivity consistency. Firstly, we design a self-supervised homologous augmented image classification pretext task that directs the model’s attention to similar vascular features in homologous augmented images, thereby extracting rich vessel information from unlabeled images and reducing the dependence on manual annotations. Secondly, we introduce a dual-consistency structure with topological connectivity consistency to provide constraint from a topological perspective, which is consistent with the topological characteristics of the vascular network, to enhance the segmentation network’s sensitivity to vessel connectivity and decrease the topological errors in segmentation results. We conduct experiments on two publicly available datasets and one private dataset and validate the state-of-the-art performance of the proposed method. On the ROSE-1 dataset, our method achieves 0.9143 accuracy and 0.7658 dice coefficient, surpassing other current semi-supervised methods and approaching the performance of state-of-the-art fully supervised methods. The same result can also be observed on OCTA500 and our private dataset, demonstrating the effectiveness and superiority of our approach.

Semisupervised Medical Image Segmentation through Prototype-Based Mutual Consistency Learning

Medical image segmentation is a critical task in the healthcare field. While deep learning techniques have shown promise in this area, they often require a large number of accurately labeled images. To address this issue, semisupervised learning has emerged as a potential solution by reducing the reliance on precise annotations. Among these approaches, the student-teacher framework has garnered attention, but it is limited in its reliance solely on the teacher model for information. To overcome this limitation, we propose a prototype-based mutual consistency learning (PMCL) framework. This framework utilizes two branches that learn from each other, incorporating supervision loss and consistency loss to adapt to minor data perturbations and structural differences. By employing prototype consistency learning, we are able to achieve reliable consistency loss. Our experiments on three public medical image datasets demonstrate that PMCL outperforms other state-of-the-art methods, indicating its potential in semisupervised medical image segmentation. Our framework has the potential to assist medical professionals in enhancing their diagnoses and delivering improved patient care.

Critical degeneracy in a nonlinear hyperbolic equation can produce atypical instability

This paper deals with the initial value problem for a semilinear wave equation on a bounded domain and solutions are required to vanish on the boundary of this domain. The essential feature of the situation considered here is that the ellipticity of the spatial part of the differential operator degenerates like the square of the distance from given point in the domain and so hyperbolicity is lost at this point. The assumptions ensure that [Formula: see text] is a stationary solution of the problem and the object is to study the stability of this solution with respect to perturbations of the initial data. Stability, instability and asymptotic stability are all considered. The assumptions about the nonlinear terms ensure that the problem has a well-defined linearization at [Formula: see text]. There are simple cases where this linearization is asymptotically stable but [Formula: see text] is an unstable solution of the nonlinear problem. We also establish conditions under which the stability of a stationary solution [Formula: see text] can be determined using our results. The quadratic degeneracy at a point treated here is typical of what is required in models for acoustic (or sonic) black holes. It also occurs in a simplified Wheeler–DeWitt model which we discuss in some detail.

Boosting robustness of network intrusion detection systems: A novel two phase defense strategy against untargeted white-box optimization adversarial attack

Machine Learning and Deep Learning based Network Intrusion Detection Systems (NIDS) serve as the backbone to protect computer networks against various cyber security threats. However, their susceptibility to adversarial attacks is the biggest challenge in front of the security administrator. In adversarial machine learning, the attacker crafts adversarial examples by adding small perturbations (tiny noise) in benign and legitimate network traffic data. These adversarial examples can easily deceive machine learning-based NIDS into producing incorrect classification and evading intrusion detection. This necessitates a robust NIDS that can detect and mitigate adversarial attacks immediately. In this research, we have proposed the two-phase defence method against the most powerful optimization-based adversarial attack, Carlini & Wagner (C&W). The two defence phases are the training and testing phase. In the training phase, we have used modified adversarial training using Gaussian Data Augmentation (GDA). In the testing phase, we have applied the Feature Squeezing (FS) method over the generated adversarial list before passing it to the robust NIDS model for final classification. The latest CIC-DDoS-2019 dataset is used to evaluate the proposed two-phase defence method effectively in terms of classification reports and confusion metrics. This research provides a comprehensive perspective of adversarial machine learning, its broad classification, and its defence approaches. The potential of the proposed research is not just limited to computer security. In fact, it can be adopted in other research domains, such as video analytics and surveillance systems.

Utility-aware Privacy Perturbation for Training Data

Data perturbation under differential privacy constraint is an important approach of protecting data privacy. However, as the data dimensions increase, the privacy budget allocated to each dimension decreases and thus the amount of noise added increases, which eventually leads to lower data utility in training tasks. To protect the privacy of training data while enhancing data utility, we propose a Utility-aware training data Privacy Perturbation scheme based on attribute Partition and budget Allocation (UPPPA). UPPPA includes three procedures: the quantification of attribute privacy and attribute importance, attribute partition, and budget allocation. The quantification of attribute privacy and attribute importance based on information entropy and attribute correlation provide an arithmetic basis for attribute partition and budget allocation. During the attribute partition, all attributes of training data are classified into high and low classes to achieve privacy amplification and utility enhancement. During the budget allocation, a γ-privacy model is proposed to balance data privacy and data utility so as to provide privacy constraint and guide budget allocation. Three comprehensive sets of real-world data are applied to evaluate the performance of UPPPA. Experiments and privacy analysis show that our scheme can achieve the tradeoff between privacy and utility.

Retraction Note: An improved privacy-preserving data mining technique using singular value decomposition with three-dimensional rotation data perturbation

Retraction Note: An improved privacy-preserving data mining technique using singular value decomposition with three-dimensional rotation data perturbation

Deep learning predicts prevalent and incident Parkinson’s disease from UK Biobank fundus imaging

Parkinson’s disease is the world’s fastest-growing neurological disorder. Research to elucidate the mechanisms of Parkinson’s disease and automate diagnostics would greatly improve the treatment of patients with Parkinson’s disease. Current diagnostic methods are expensive and have limited availability. Considering the insidious and preclinical onset and progression of the disease, a desirable screening should be diagnostically accurate even before the onset of symptoms to allow medical interventions. We highlight retinal fundus imaging, often termed a window to the brain, as a diagnostic screening modality for Parkinson’s disease. We conducted a systematic evaluation of conventional machine learning and deep learning techniques to classify Parkinson’s disease from UK Biobank fundus imaging. Our results suggest Parkinson’s disease individuals can be differentiated from age and gender-matched healthy subjects with 68% accuracy. This accuracy is maintained when predicting either prevalent or incident Parkinson’s disease. Explainability and trustworthiness are enhanced by visual attribution maps of localized biomarkers and quantified metrics of model robustness to data perturbations.

Significance Tests of Feature Relevance for a Black-Box Learner.

An exciting recent development is the uptake of deep neural networks in many scientific fields, where the main objective is outcome prediction with a black-box nature. Significance testing is promising to address the black-box issue and explore novel scientific insights and interpretations of the decision-making process based on a deep learning model. However, testing for a neural network poses a challenge because of its black-box nature and unknown limiting distributions of parameter estimates while existing methods require strong assumptions or excessive computation. In this article, we derive one-split and two-split tests relaxing the assumptions and computational complexity of existing black-box tests and extending to examine the significance of a collection of features of interest in a dataset of possibly a complex type, such as an image. The one-split test estimates and evaluates a black-box model based on estimation and inference subsets through sample splitting and data perturbation. The two-split test further splits the inference subset into two but requires no perturbation. Also, we develop their combined versions by aggregating the p -values based on repeated sample splitting. By deflating the bias-sd-ratio, we establish asymptotic null distributions of the test statistics and the consistency in terms of Type 2 error. Numerically, we demonstrate the utility of the proposed tests on seven simulated examples and six real datasets. Accompanying this article is our python library dnn-inference (https://dnn-inference.readthedocs.io/en/latest/) that implements the proposed tests.

Imperceptible Attacks on Fault Detection and Diagnosis Systems in Smart Buildings

Automated Fault Detection and Diagnosis (AFDD) systems are critical to safe and efficient operation of smart buildings. A significant amount of building data can be collected and analyzed to detect building compo-nent failures. Attacks against such data that are contami-nated with small additive disturbances (i.e., adversarial per-turbation attacks) could dreadfully impact the performance of such systems while maintaining a high level of imper-ceptibility. The vulnerability studies of such data attacks is lacking. Specifically, most existing detection and clas-sification models have flat structures, regarded as Single-Stage Classifiers (SSCs), are prone to adversarial data perturbation attacks. In this paper, we present a coarse-to-fine Hierarchical Fault Detection and multi-level Diagnosis (HFDD) model, and formulate a mathematical program to derive targeted attacks on the model with respect to a pre-specified target diagnosis level. Two algorithms are developed based on convex relaxations of the formulated program for non-targeted attacks. An Alternating Direction Method of Multipliers (ADMM)-based solver is developed for the convex programs. Extensive experiments are con-ducted using two real-world datasets of measurements from air handling units and chillers, demonstrating the fea-sibility of the proposed attacks with regard to misclassifi-cation rate and imperceptibility of the attack. We also show that the HFDD is more robust to disturbances than SSC-based fault detection and multi-level diagnosis systems.

Perturbation analysis on PCA plus graph embedding methods and PCA plus exponential graph embedding methods

PCA plus graph embedding (PCA+GE) methods are popular techniques for dimensionality reduction and face recognition. In these methods, the principal component analysis (PCA) is used first, and then some graph embedding methods are applied. In practice, the data is often perturbed or contaminated, and it has been found that PCA is sensitive to noise, which may affect the accuracy of the subsequent classification. Moreover, the PCA+GE methods can be unstable after data perturbation. To the best of our knowledge, however, there are few results on perturbation analysis of this type of methods. In this work, we show the reason from a matrix perturbation analysis point of view. The main aim of this paper is to look for the reasons that cause the instability. To overcome the difficulty of instability, a framework of PCA plus exponential graph embedding methods is proposed to take the place of the conventional PCA plus graph embedding methods. The computational cost of the proposed methods is comparable to that of the original counterparts, and our methods are much more stable in terms of recognition accuracy. Numerical experiments show the effectiveness of our theoretical results, and demonstrate the efficiency of the new methods on some real-world data sets.

Generative Multi-Purpose Sampler for Weighted M-estimation

To overcome computational bottlenecks of various data perturbation procedures such as the bootstrap and cross-validations, we propose the Generative Multi-purpose Sampler (GMS), which directly constructs a generator function to produce solutions of weighted M-estimators from a set of given weights and tuning parameters. The GMS is implemented by a single optimization procedure without having to repeatedly evaluate the minimizers of weighted losses, and is thus capable of significantly reducing the computational time. We demonstrate that the GMS framework enables the implementation of various statistical procedures that would be unfeasible in a conventional framework, such as iterated bootstrap procedures and cross-validation for penalized likelihood. To construct a computationally efficient generator function, we also propose a novel form of neural network called the weight multiplicative multilayer perceptron to achieve fast convergence. An R package called GMS is provided, which runs under Pytorch to implement the proposed methods and allows the user to provide a customized loss function to tailor to their own models of interest. Supplementary materials for this article are available online.