FedCut: A Spectral Analysis Framework for Reliable Detection of Byzantine Colluders.

This paper proposes a general spectral analysis framework that thwarts a security risk in federated Learning caused by groups of malicious Byzantine attackers or colluders, who conspire to upload vicious model updates to severely debase global model performances. The proposed framework delineates the strong consistency and temporal coherence between Byzantine colluders' model updates from a spectral analysis lens, and, formulates the detection of Byzantine misbehaviours as a community detection problem in weighted graphs. The modified normalized graph cut is then utilized to discern attackers from benign participants. Moreover, the Spectral heuristics is adopted to make the detection robust against various attacks. The proposed Byzantine colluder resilient method, i.e., FedCut, is guaranteed to converge with bounded errors. Extensive experimental results under a variety of settings justify the superiority of FedCut, which demonstrates extremely robust model accuracy (MA) under various attacks. It was shown that FedCut's averaged MA is 2.1% to 16.5% better than that of the state of the art Byzantine-resilient methods. In terms of the worst-case model accuracy (MA), FedCut is 17.6% to 69.5% better than these methods.

FedIPR: Ownership Verification for Federated Deep Neural Network Models.

Federated learning models are collaboratively developed upon valuable training data owned by multiple parties. During the development and deployment of federated models, they are exposed to risks including illegal copying, re-distribution, misuse and/or free-riding. To address these risks, the ownership verification of federated learning models is a prerequisite that protects federated learning model intellectual property rights (IPR) i.e., FedIPR. We propose a novel federated deep neural network (FedDNN) ownership verification scheme that allows private watermarks to be embedded and verified to claim legitimate IPR of FedDNN models. In the proposed scheme, each client independently verifies the existence of the model watermarks and claims respective ownership of the federated model without disclosing neither private training data nor private watermark information. The effectiveness of embedded watermarks is theoretically justified by the rigorous analysis of conditions under which watermarks can be privately embedded and detected by multiple clients. Moreover, extensive experimental results on computer vision and natural language processing tasks demonstrate that varying bit-length watermarks can be embedded and reliably detected without compromising original model performances. Our watermarking scheme is also resilient to various federated training settings and robust against removal attacks.

RPnet: a reverse-projection-based neural network for coarse-graining metastable conformational states for protein dynamics.

The Markov State Model (MSM) is a powerful tool for modeling long timescale dynamics based on numerous short molecular dynamics (MD) simulation trajectories, which makes it a useful tool for elucidating the conformational changes of biological macromolecules. By partitioning the phase space into discretized states and estimating the probabilities of inter-state transitions based on short MD trajectories, one can construct a kinetic network model that could be used to extrapolate long-timescale kinetics if the Markovian condition is met. However, meeting the Markovian condition often requires hundreds or even thousands of states (microstates), which greatly hinders the comprehension of the conformational dynamics of complex biomolecules. Kinetic lumping algorithms can coarse grain numerous microstates into a handful of metastable states (macrostates), which would greatly facilitate the elucidation of biological mechanisms. In this work, we have developed a reverse-projection-based neural network (RPnet) to lump microstates into macrostates, by making use of a physics-based loss function that is based on the projection operator framework of conformational dynamics. By recognizing that microstate and macrostate transition modes can be related through a projection process, we have developed a reverse-projection scheme to directly compare the microstate and macrostate dynamics. Based on this reverse-projection scheme, we designed a loss function that allows the effective assessment of the quality of a given kinetic lumping. We then make use of a neural network to efficiently minimize this loss function to obtain an optimized set of macrostates. We have demonstrated the power of our RPnet in analyzing the dynamics of a numerical 2D potential, alanine dipeptide, and the clamp opening of an RNA polymerase. In all these systems, we have illustrated that our method could yield comparable or better results than competing methods in terms of state partitioning and reproduction of slow dynamics. We expect that our RPnet holds promise in analyzing the conformational dynamics of biological macromolecules.

Exploding and weeping ceramics.

The systematic tuning of crystal lattice parameters to achieve improved kinematic compatibility between different phases is a broadly effective strategy for improving the reversibility, and lowering the hysteresis, of solid-solid phase transformations1-11. (Kinematic compatibility refers to the fitting together of the phases.) Here we present an apparently paradoxical example in which tuning to near perfect kinematic compatibility results in an unusually high degree of irreversibility. Specifically, when cooling the kinematically compatible ceramic (Zr/Hf)O2(YNb)O4 through its tetragonal-to-monoclinic phase transformation, the polycrystal slowly and steadily falls apart at its grain boundaries (a process we term weeping) or even explosively disintegrates. If instead we tune the lattice parameters to satisfy a stronger 'equidistance' condition (which additionally takes into account sample shape), the resulting material exhibits reversible behaviour with low hysteresis. These results show that a diversity of behaviours-from reversible at one extreme to explosive at the other-is possible in a chemically homogeneous ceramic system by manipulating conditions of compatibility in unexpected ways. These concepts could prove critical in the current search for a shape-memory oxide ceramic9-12.

Correlation between phase compatibility and efficient energy conversion in Zr-doped Barium Titanate.

Recent demonstrations of both heat-to-electricity energy conversion devices and electrocaloric devices based on first-order ferroelectric phase transformations identify the lowering of hysteresis and cyclic reversibility of the transformation as enabling criteria for the advancement of this technology. These demonstrations, and recent studies of the hysteresis of phase transformations in oxides, show that satisfying conditions of supercompatibility can be useful for lowering hysteresis, but with limitations for systems with only a few variants of the lower symmetry phase. In particular, it is widely accepted that in a classic cubic-to-tetragonal phase transformation, with only three tetragonal variants having only six twin systems, tuning for improved crystallographic compatibility will be of limited value. This work shows that, on the contrary, the tuning of lattice parameters in Ba(Ti1-xZrx)O3 for improved crystallographic compatibility, even at low doping levels of Zr (x ≤ 0.027), give significant improvement of transformation and ferroelectric energy conversion properties. Specifically, the transformation hysteresis is lowered by 25%, and the maximum value of the polarization/temperature ratio dP/dT at the phase transformation is increased by 10%.