@article{ZieglerPfitznerSchulzetal.2022,
  author    = {Ziegler, Joceline and Pfitzner, Bjarne and Schulz, Heinrich and Saalbach, Axel and Arnrich, Bert},
  title     = {Defending against Reconstruction Attacks through Differentially Private Federated Learning for Classification of Heterogeneous Chest X-ray Data},
  series = {Sensors},
  volume    = {22},
  journal   = {Sensors},
  edition   = {14},
  publisher = {MDPI},
  address   = {Basel, Schweiz},
  issn      = {1424-8220},
  doi       = {10.3390/s22145195},
  pages     = {25},
  year      = {2022},
  abstract  = {Privacy regulations and the physical distribution of heterogeneous data are often primary concerns for the development of deep learning models in a medical context. This paper evaluates the feasibility of differentially private federated learning for chest X-ray classification as a defense against data privacy attacks. To the best of our knowledge, we are the first to directly compare the impact of differentially private training on two different neural network architectures, DenseNet121 and ResNet50. Extending the federated learning environments previously analyzed in terms of privacy, we simulated a heterogeneous and imbalanced federated setting by distributing images from the public CheXpert and Mendeley chest X-ray datasets unevenly among 36 clients. Both non-private baseline models achieved an area under the receiver operating characteristic curve (AUC) of 0.940.94 on the binary classification task of detecting the presence of a medical finding. We demonstrate that both model architectures are vulnerable to privacy violation by applying image reconstruction attacks to local model updates from individual clients. The attack was particularly successful during later training stages. To mitigate the risk of a privacy breach, we integrated R{\´e}nyi differential privacy with a Gaussian noise mechanism into local model training. We evaluate model performance and attack vulnerability for privacy budgets ε∈{1,3,6,10}�∈{1,3,6,10}. The DenseNet121 achieved the best utility-privacy trade-off with an AUC of 0.940.94 for ε=6�=6. Model performance deteriorated slightly for individual clients compared to the non-private baseline. The ResNet50 only reached an AUC of 0.760.76 in the same privacy setting. Its performance was inferior to that of the DenseNet121 for all considered privacy constraints, suggesting that the DenseNet121 architecture is more robust to differentially private training.},
  language  = {en}
}
@misc{ZieglerPfitznerSchulzetal.2022,
  author    = {Ziegler, Joceline and Pfitzner, Bjarne and Schulz, Heinrich and Saalbach, Axel and Arnrich, Bert},
  title     = {Defending against Reconstruction Attacks through Differentially Private Federated Learning for Classification of Heterogeneous Chest X-ray Data},
  series = {Zweitver{\"o}ffentlichungen der Universit{\"a}t Potsdam : Reihe der Digital Engineering Fakult{\"a}t},
  journal   = {Zweitver{\"o}ffentlichungen der Universit{\"a}t Potsdam : Reihe der Digital Engineering Fakult{\"a}t},
  number    = {14},
  doi       = {10.25932/publishup-58132},
  url       = {http://nbn-resolving.de/urn:nbn:de:kobv:517-opus4-581322},
  pages     = {25},
  year      = {2022},
  abstract  = {Privacy regulations and the physical distribution of heterogeneous data are often primary concerns for the development of deep learning models in a medical context. This paper evaluates the feasibility of differentially private federated learning for chest X-ray classification as a defense against data privacy attacks. To the best of our knowledge, we are the first to directly compare the impact of differentially private training on two different neural network architectures, DenseNet121 and ResNet50. Extending the federated learning environments previously analyzed in terms of privacy, we simulated a heterogeneous and imbalanced federated setting by distributing images from the public CheXpert and Mendeley chest X-ray datasets unevenly among 36 clients. Both non-private baseline models achieved an area under the receiver operating characteristic curve (AUC) of 0.940.94 on the binary classification task of detecting the presence of a medical finding. We demonstrate that both model architectures are vulnerable to privacy violation by applying image reconstruction attacks to local model updates from individual clients. The attack was particularly successful during later training stages. To mitigate the risk of a privacy breach, we integrated R{\´e}nyi differential privacy with a Gaussian noise mechanism into local model training. We evaluate model performance and attack vulnerability for privacy budgets ε∈{1,3,6,10}�∈{1,3,6,10}. The DenseNet121 achieved the best utility-privacy trade-off with an AUC of 0.940.94 for ε=6�=6. Model performance deteriorated slightly for individual clients compared to the non-private baseline. The ResNet50 only reached an AUC of 0.760.76 in the same privacy setting. Its performance was inferior to that of the DenseNet121 for all considered privacy constraints, suggesting that the DenseNet121 architecture is more robust to differentially private training.},
  language  = {en}
}
@article{OsterFritschUlbrichtetal.2022,
  author    = {Oster, Simon and Fritsch, Tobias and Ulbricht, Alexander and Mohr, Gunther and Bruno, Giovanni and Maierhofer, Christiane and Altenburg, Simon},
  title     = {On the registration of thermographic in situ monitoring data and computed tomography reference data in the scope of defect prediction in laser powder bed fusion},
  series = {Metals : open access journal},
  volume    = {12},
  journal   = {Metals : open access journal},
  number    = {6},
  publisher = {MDPI},
  address   = {Basel},
  issn      = {2075-4701},
  doi       = {10.3390/met12060947},
  pages     = {21},
  year      = {2022},
  abstract  = {The detection of internal irregularities is crucial for quality assessment in metal-based additive manufacturing (AM) technologies such as laser powder bed fusion (L-PBF). The utilization of in-process thermography as an in situ monitoring tool in combination with post-process X-ray micro computed tomography (XCT) as a reference technique has shown great potential for this aim. Due to the small irregularity dimensions, a precise registration of the datasets is necessary as a requirement for correlation. In this study, the registration of thermography and XCT reference datasets of a cylindric specimen containing keyhole pores is carried out for the development of a porosity prediction model. The considered datasets show variations in shape, data type and dimensionality, especially due to shrinkage and material elevation effects present in the manufactured part. Since the resulting deformations are challenging for registration, a novel preprocessing methodology is introduced that involves an adaptive volume adjustment algorithm which is based on the porosity distribution in the specimen. Thus, the implementation of a simple three-dimensional image-to-image registration is enabled. The results demonstrate the influence of the part deformation on the resulting porosity location and the importance of registration in terms of irregularity prediction.},
  language  = {en}
}