haleh hayati - Academia.edu (original) (raw)
Papers by haleh hayati
IFAC-PapersOnLine, Dec 31, 2022
arXiv (Cornell University), Mar 7, 2024
Cloud computing enables users to process and store data remotely on high-performance computers an... more Cloud computing enables users to process and store data remotely on high-performance computers and servers by sharing data over the Internet. However, transferring data to clouds causes unavoidable privacy concerns. Here, we present a synthesis framework for designing coding mechanisms that allow sharing and processing data in a privacy-preserving manner without sacrificing data utility and algorithmic performance. We consider the setup in which the user aims to run an algorithm in the cloud using private data. The cloud then returns some data utility back to the user (utility refers to the service that the algorithm provides, e.g., classification, prediction, AI models, etc.). To avoid privacy concerns, the proposed scheme provides tools to co-design: 1) coding mechanisms to distort the original data and guarantee a prescribed differential privacy level; 2) an equivalent-but-different algorithm (referred here to as the target algorithm) that runs on distorted data and produces distorted utility; and 3) a decoding function that extracts the true utility from the distorted one with a negligible error. Then, instead of sharing the original data and algorithm with the cloud, only the distorted data and target algorithm are disclosed, thereby avoiding privacy concerns. The proposed scheme is built on the synergy of differential privacy and system immersion tools from control theory. The key underlying idea is to design a higherdimensional target algorithm that embeds all trajectories of the original algorithm and works on randomly encoded data to produce randomly encoded utility. We show that the proposed scheme can be designed to offer any level of differential privacy without degrading the algorithm's utility. We present two use cases to illustrate the performance of the developed tools: privacy in optimization/learning algorithms and a nonlinear networked control system. The research leading to these results has received funding from the European Union's Horizon Europe programme under grant agreement No 101069748-SELFY project. Haleh Hayati and Nathan van de Wouw are with the
Radiotherapy and Oncology
arXiv (Cornell University), Mar 30, 2023
arXiv (Cornell University), Nov 21, 2022
We present a framework for the design of coding mechanisms that allow remotely operating anomaly ... more We present a framework for the design of coding mechanisms that allow remotely operating anomaly detectors in a privacy-preserving manner. We consider the following problem setup. A remote station seeks to identify anomalies based on system input-output signals transmitted over communication networks. However, it is not desired to disclose true data of the system operation as it can be used to infer private information. To prevent adversaries from eavesdropping on the network or at the remote station itself to access private data, we propose a privacy-preserving coding scheme to distort signals before transmission. As a next step, we design a new anomaly detector that runs on distorted signals and produces distorted diagnostics signals, and a decoding scheme that allows extracting true diagnostics data from distorted signals without error. The proposed scheme is built on the synergy of matrix encryption and system Immersion and Invariance (I&I) tools from control theory. The idea is to immerse the anomaly detector into a higher-dimensional system (the so-called target system). The dynamics of the target system is designed such that: the trajectories of the original anomaly detector are immersed/embedded in its trajectories, it works on randomly encoded input-output signals, and produces an encoded version of the original anomaly detector alarm signals, which are decoded to extract the original alarm at the user side. We show that the proposed privacy-preserving scheme provides the same anomaly detection performance as standard Kalman filter-based chisquared anomaly detectors while revealing no information about system data.
2022 IEEE 61st Conference on Decision and Control (CDC)
Federated learning (FL) has emerged as a privacy solution for collaborative distributed learning ... more Federated learning (FL) has emerged as a privacy solution for collaborative distributed learning where clients train AI models directly on their devices instead of sharing their data with a centralized (potentially adversarial) server. Although FL preserves local data privacy to some extent, it has been shown that information about clients' data can still be inferred from model updates. In recent years, various privacypreserving schemes have been developed to address this privacy leakage. However, they often provide privacy at the expense of model performance or system efficiency, and balancing these tradeoffs is a crucial challenge when implementing FL schemes. In this manuscript, we propose a Privacy-Preserving Federated Learning (PPFL) framework built on the synergy of matrix encryption and system immersion tools from control theory. The idea is to immerse the learning algorithm-a Stochastic Gradient Decent (SGD)-into a higher-dimensional system (the so-called target system) and design the dynamics of the target system so that: trajectories of the original SGD are immersed/embedded in its trajectories; and it learns on encrypted data (here we use random matrix encryption). Matrix encryption is reformulated at the server as a random change of coordinates that maps original parameters to a higherdimensional parameter space and enforces that the target SGD converges to an encrypted version of the original SGD optimal solution. The server decrypts the aggregated model using the left inverse of the immersion map. We show that our algorithm provides the same level of accuracy and convergence rate as the standard FL with a negligible computation cost while revealing no information about the clients' data.
Cornell University - arXiv, Nov 7, 2022
We present a framework for the design of distorting mechanisms that allow remotely operating anom... more We present a framework for the design of distorting mechanisms that allow remotely operating anomaly detectors in a privacy-preserving fashion. We consider the problem setting in which a remote station seeks to identify anomalies using system input-output signals transmitted over communication networks. However, in such a networked setting, it is not desired to disclose true data of the system operation as it can be used to infer private information-modeled here as a system private output. To prevent accurate estimation of private outputs by adversaries, we pass original signals through distorting (privacy-preserving) mechanisms and send the distorted data to the remote station (which inevitably leads to degraded monitoring performance). The design of these mechanisms is formulated as a privacyutility (tradeoff) problem where system utility is characterized by anomaly detection performance, and privacy is quantified using information-theoretic metrics (mutual information and differential entropy). We cast the synthesis of dependent Gaussian mechanisms as the solution of a convex program (log-determinant cost with linear matrix inequality constraints) where we seek to maximize privacy over a finite window of realizations while guaranteeing a bound on monitoring performance degradation. We provide simulation results to illustrate the performance of the developed tools.
2020 28th Iranian Conference on Electrical Engineering (ICEE)
The existence of practical reference datasets for evaluating the performance of image steganalysi... more The existence of practical reference datasets for evaluating the performance of image steganalysis algorithms and comparing their capabilities in the real-world is essential. Most of the recent steganalysis systems evaluate their results only under laboratory conditions. However, a reliable steganalysis system should be able to detect the existence of a secret message in real situations where there is no knowledge about the employed steganographic method, cover image properties, and other parameters. In this paper, we introduce Steganalysis Real Test version 1 (STEGRT1) dataset for both BITMAP and JPEG images to enable researchers to evaluate their steganalysis schemes in real-world scenarios. The proposed dataset contains 8000 cover and stego images of different sizes and properties, considering several steganographic methods, payloads, and quality factors.
ArXiv, 2022
Federated learning (FL) has emerged as a privacy solution for collaborative distributed learning ... more Federated learning (FL) has emerged as a privacy solution for collaborative distributed learning where clients train AI models directly on their devices instead of sharing their data with a centralized (potentially adversarial) server. Although FL preserves local data privacy to some extent, it has been shown that information about clients' data can still be inferred from model updates. In recent years, various privacypreserving schemes have been developed to address this privacy leakage. However, they often provide privacy at the expense of model performance or system efficiency, and balancing these tradeoffs is a crucial challenge when implementing FL schemes. In this manuscript, we propose a Privacy-Preserving Federated Learning (PPFL) framework built on the synergy of matrix encryption and system immersion tools from control theory. The idea is to immerse the learning algorithm-a Stochastic Gradient Decent (SGD)-into a higher-dimensional system (the so-called target system) and design the dynamics of the target system so that: trajectories of the original SGD are immersed/embedded in its trajectories; and it learns on encrypted data (here we use random matrix encryption). Matrix encryption is reformulated at the server as a random change of coordinates that maps original parameters to a higherdimensional parameter space and enforces that the target SGD converges to an encrypted version of the original SGD optimal solution. The server decrypts the aggregated model using the left inverse of the immersion map. We show that our algorithm provides the same level of accuracy and convergence rate as the standard FL with a negligible computation cost while revealing no information about the clients' data.
2021 60th IEEE Conference on Decision and Control (CDC), 2021
We address the problem of synthesizing distorting mechanisms that maximize privacy of stochastic ... more We address the problem of synthesizing distorting mechanisms that maximize privacy of stochastic dynamical systems. Information about the system state is obtained through sensor measurements. This data is transmitted to a remote station through an unsecured/public communication network. We aim to keep part of the system state private (a private output); however, because the network is unsecured, adversaries might access sensor data and input signals, which can be used to estimate private outputs. To prevent an accurate estimation, we pass sensor data and input signals through a distorting (privacy-preserving) mechanism before transmission, and send the distorted data to the trusted user. These mechanisms consist of a coordinate transformation and additive dependent Gaussian vectors. We formulate the synthesis of the distorting mechanisms as a convex program, where we minimize the mutual information (our privacy metric) between an arbitrarily large sequence of private outputs and the disclosed distorted data for desired distortion levels-how different actual and distorted data are allowed to be.
2019 7th International Conference on Robotics and Mechatronics (ICRoM), 2019
This study aims to develop a new robot for vitreo-retinal eye surgery applications, referred to a... more This study aims to develop a new robot for vitreo-retinal eye surgery applications, referred to as PERSIS (Precise Robotic System for Intraocular Surgeries). It consists of a linear mechanism coupled to a parallelogram mechanism that has a remote center of motion (RCM) point. The RCM point is employed for manipulating the surgical instrument about this fixed point, where it acts as a pivoting point. Moreover, as the insertion point of the robot is fixed, a gantry mechanism is designed to add three translational Degrees of Freedom (DOF) to the RCM mechanism. According to the above description, the optimal design of the proposed mechanism to achieve superior performance in eye surgery is critical. Therefore, the optimal design of 6DOF mechanism based on the constrained nonlinear optimization is performed according to the requirements of vitreo-retinal surgery and dimensions relevant to the anthropometry of the human head. Moreover, in the eye surgeon robot, due to the accuracy require...
2022 European Control Conference (ECC)
In this manuscript, we provide a set of tools (in terms of semidefinite programs) to synthesize G... more In this manuscript, we provide a set of tools (in terms of semidefinite programs) to synthesize Gaussian mechanisms to maximize privacy of databases. Information about the database is disclosed through queries requested by (potentially) adversarial users. We aim to keep part of the database private (private sensitive information); however, disclosed data could be used to estimate private information. To avoid an accurate estimation by the adversaries, we pass the requested data through distorting (privacy-preserving) mechanisms before transmission and send the distorted data to the user. These mechanisms consist of a coordinate transformation and an additive dependent Gaussian vector. We formulate the synthesis of distorting mechanisms in terms of semidefinite programs in which we seek to minimize the mutual information (our privacy metric) between private data and the disclosed distorted data given a desired distortion level-how different actual and distorted data are allowed to be.
IFAC-PapersOnLine, Dec 31, 2022
arXiv (Cornell University), Mar 7, 2024
Cloud computing enables users to process and store data remotely on high-performance computers an... more Cloud computing enables users to process and store data remotely on high-performance computers and servers by sharing data over the Internet. However, transferring data to clouds causes unavoidable privacy concerns. Here, we present a synthesis framework for designing coding mechanisms that allow sharing and processing data in a privacy-preserving manner without sacrificing data utility and algorithmic performance. We consider the setup in which the user aims to run an algorithm in the cloud using private data. The cloud then returns some data utility back to the user (utility refers to the service that the algorithm provides, e.g., classification, prediction, AI models, etc.). To avoid privacy concerns, the proposed scheme provides tools to co-design: 1) coding mechanisms to distort the original data and guarantee a prescribed differential privacy level; 2) an equivalent-but-different algorithm (referred here to as the target algorithm) that runs on distorted data and produces distorted utility; and 3) a decoding function that extracts the true utility from the distorted one with a negligible error. Then, instead of sharing the original data and algorithm with the cloud, only the distorted data and target algorithm are disclosed, thereby avoiding privacy concerns. The proposed scheme is built on the synergy of differential privacy and system immersion tools from control theory. The key underlying idea is to design a higherdimensional target algorithm that embeds all trajectories of the original algorithm and works on randomly encoded data to produce randomly encoded utility. We show that the proposed scheme can be designed to offer any level of differential privacy without degrading the algorithm's utility. We present two use cases to illustrate the performance of the developed tools: privacy in optimization/learning algorithms and a nonlinear networked control system. The research leading to these results has received funding from the European Union's Horizon Europe programme under grant agreement No 101069748-SELFY project. Haleh Hayati and Nathan van de Wouw are with the
Radiotherapy and Oncology
arXiv (Cornell University), Mar 30, 2023
arXiv (Cornell University), Nov 21, 2022
We present a framework for the design of coding mechanisms that allow remotely operating anomaly ... more We present a framework for the design of coding mechanisms that allow remotely operating anomaly detectors in a privacy-preserving manner. We consider the following problem setup. A remote station seeks to identify anomalies based on system input-output signals transmitted over communication networks. However, it is not desired to disclose true data of the system operation as it can be used to infer private information. To prevent adversaries from eavesdropping on the network or at the remote station itself to access private data, we propose a privacy-preserving coding scheme to distort signals before transmission. As a next step, we design a new anomaly detector that runs on distorted signals and produces distorted diagnostics signals, and a decoding scheme that allows extracting true diagnostics data from distorted signals without error. The proposed scheme is built on the synergy of matrix encryption and system Immersion and Invariance (I&I) tools from control theory. The idea is to immerse the anomaly detector into a higher-dimensional system (the so-called target system). The dynamics of the target system is designed such that: the trajectories of the original anomaly detector are immersed/embedded in its trajectories, it works on randomly encoded input-output signals, and produces an encoded version of the original anomaly detector alarm signals, which are decoded to extract the original alarm at the user side. We show that the proposed privacy-preserving scheme provides the same anomaly detection performance as standard Kalman filter-based chisquared anomaly detectors while revealing no information about system data.
2022 IEEE 61st Conference on Decision and Control (CDC)
Federated learning (FL) has emerged as a privacy solution for collaborative distributed learning ... more Federated learning (FL) has emerged as a privacy solution for collaborative distributed learning where clients train AI models directly on their devices instead of sharing their data with a centralized (potentially adversarial) server. Although FL preserves local data privacy to some extent, it has been shown that information about clients' data can still be inferred from model updates. In recent years, various privacypreserving schemes have been developed to address this privacy leakage. However, they often provide privacy at the expense of model performance or system efficiency, and balancing these tradeoffs is a crucial challenge when implementing FL schemes. In this manuscript, we propose a Privacy-Preserving Federated Learning (PPFL) framework built on the synergy of matrix encryption and system immersion tools from control theory. The idea is to immerse the learning algorithm-a Stochastic Gradient Decent (SGD)-into a higher-dimensional system (the so-called target system) and design the dynamics of the target system so that: trajectories of the original SGD are immersed/embedded in its trajectories; and it learns on encrypted data (here we use random matrix encryption). Matrix encryption is reformulated at the server as a random change of coordinates that maps original parameters to a higherdimensional parameter space and enforces that the target SGD converges to an encrypted version of the original SGD optimal solution. The server decrypts the aggregated model using the left inverse of the immersion map. We show that our algorithm provides the same level of accuracy and convergence rate as the standard FL with a negligible computation cost while revealing no information about the clients' data.
Cornell University - arXiv, Nov 7, 2022
We present a framework for the design of distorting mechanisms that allow remotely operating anom... more We present a framework for the design of distorting mechanisms that allow remotely operating anomaly detectors in a privacy-preserving fashion. We consider the problem setting in which a remote station seeks to identify anomalies using system input-output signals transmitted over communication networks. However, in such a networked setting, it is not desired to disclose true data of the system operation as it can be used to infer private information-modeled here as a system private output. To prevent accurate estimation of private outputs by adversaries, we pass original signals through distorting (privacy-preserving) mechanisms and send the distorted data to the remote station (which inevitably leads to degraded monitoring performance). The design of these mechanisms is formulated as a privacyutility (tradeoff) problem where system utility is characterized by anomaly detection performance, and privacy is quantified using information-theoretic metrics (mutual information and differential entropy). We cast the synthesis of dependent Gaussian mechanisms as the solution of a convex program (log-determinant cost with linear matrix inequality constraints) where we seek to maximize privacy over a finite window of realizations while guaranteeing a bound on monitoring performance degradation. We provide simulation results to illustrate the performance of the developed tools.
2020 28th Iranian Conference on Electrical Engineering (ICEE)
The existence of practical reference datasets for evaluating the performance of image steganalysi... more The existence of practical reference datasets for evaluating the performance of image steganalysis algorithms and comparing their capabilities in the real-world is essential. Most of the recent steganalysis systems evaluate their results only under laboratory conditions. However, a reliable steganalysis system should be able to detect the existence of a secret message in real situations where there is no knowledge about the employed steganographic method, cover image properties, and other parameters. In this paper, we introduce Steganalysis Real Test version 1 (STEGRT1) dataset for both BITMAP and JPEG images to enable researchers to evaluate their steganalysis schemes in real-world scenarios. The proposed dataset contains 8000 cover and stego images of different sizes and properties, considering several steganographic methods, payloads, and quality factors.
ArXiv, 2022
Federated learning (FL) has emerged as a privacy solution for collaborative distributed learning ... more Federated learning (FL) has emerged as a privacy solution for collaborative distributed learning where clients train AI models directly on their devices instead of sharing their data with a centralized (potentially adversarial) server. Although FL preserves local data privacy to some extent, it has been shown that information about clients' data can still be inferred from model updates. In recent years, various privacypreserving schemes have been developed to address this privacy leakage. However, they often provide privacy at the expense of model performance or system efficiency, and balancing these tradeoffs is a crucial challenge when implementing FL schemes. In this manuscript, we propose a Privacy-Preserving Federated Learning (PPFL) framework built on the synergy of matrix encryption and system immersion tools from control theory. The idea is to immerse the learning algorithm-a Stochastic Gradient Decent (SGD)-into a higher-dimensional system (the so-called target system) and design the dynamics of the target system so that: trajectories of the original SGD are immersed/embedded in its trajectories; and it learns on encrypted data (here we use random matrix encryption). Matrix encryption is reformulated at the server as a random change of coordinates that maps original parameters to a higherdimensional parameter space and enforces that the target SGD converges to an encrypted version of the original SGD optimal solution. The server decrypts the aggregated model using the left inverse of the immersion map. We show that our algorithm provides the same level of accuracy and convergence rate as the standard FL with a negligible computation cost while revealing no information about the clients' data.
2021 60th IEEE Conference on Decision and Control (CDC), 2021
We address the problem of synthesizing distorting mechanisms that maximize privacy of stochastic ... more We address the problem of synthesizing distorting mechanisms that maximize privacy of stochastic dynamical systems. Information about the system state is obtained through sensor measurements. This data is transmitted to a remote station through an unsecured/public communication network. We aim to keep part of the system state private (a private output); however, because the network is unsecured, adversaries might access sensor data and input signals, which can be used to estimate private outputs. To prevent an accurate estimation, we pass sensor data and input signals through a distorting (privacy-preserving) mechanism before transmission, and send the distorted data to the trusted user. These mechanisms consist of a coordinate transformation and additive dependent Gaussian vectors. We formulate the synthesis of the distorting mechanisms as a convex program, where we minimize the mutual information (our privacy metric) between an arbitrarily large sequence of private outputs and the disclosed distorted data for desired distortion levels-how different actual and distorted data are allowed to be.
2019 7th International Conference on Robotics and Mechatronics (ICRoM), 2019
This study aims to develop a new robot for vitreo-retinal eye surgery applications, referred to a... more This study aims to develop a new robot for vitreo-retinal eye surgery applications, referred to as PERSIS (Precise Robotic System for Intraocular Surgeries). It consists of a linear mechanism coupled to a parallelogram mechanism that has a remote center of motion (RCM) point. The RCM point is employed for manipulating the surgical instrument about this fixed point, where it acts as a pivoting point. Moreover, as the insertion point of the robot is fixed, a gantry mechanism is designed to add three translational Degrees of Freedom (DOF) to the RCM mechanism. According to the above description, the optimal design of the proposed mechanism to achieve superior performance in eye surgery is critical. Therefore, the optimal design of 6DOF mechanism based on the constrained nonlinear optimization is performed according to the requirements of vitreo-retinal surgery and dimensions relevant to the anthropometry of the human head. Moreover, in the eye surgeon robot, due to the accuracy require...
2022 European Control Conference (ECC)
In this manuscript, we provide a set of tools (in terms of semidefinite programs) to synthesize G... more In this manuscript, we provide a set of tools (in terms of semidefinite programs) to synthesize Gaussian mechanisms to maximize privacy of databases. Information about the database is disclosed through queries requested by (potentially) adversarial users. We aim to keep part of the database private (private sensitive information); however, disclosed data could be used to estimate private information. To avoid an accurate estimation by the adversaries, we pass the requested data through distorting (privacy-preserving) mechanisms before transmission and send the distorted data to the user. These mechanisms consist of a coordinate transformation and an additive dependent Gaussian vector. We formulate the synthesis of distorting mechanisms in terms of semidefinite programs in which we seek to minimize the mutual information (our privacy metric) between private data and the disclosed distorted data given a desired distortion level-how different actual and distorted data are allowed to be.