Farhad Farokhi

Farhad Farokhi
University of Melbourne | MSD ·  Department of Electrical and Electronic Engineering

Doctor of Philosophy

About

171
Publications
8,153
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
1,553
Citations
Introduction
My research interests include security and privacy in cyber-physical systems, such as smart grids and intelligent transportation systems.

Publications

Publications (171)
Article
Full-text available
In this paper, batteries are used to preserve the privacy of households with smart meters. It is commonly understood that data from smart meters can be used by adversaries to infringe on the privacy of the households, e.g., figuring out the individual appliances that are being used or the level of the occupancy of the house. The Cram´er-Rao bound i...
Preprint
A non-stochastic privacy metric using non-stochastic information theory is developed. Particularly, minimax information is used to construct a measure of information leakage, which is inversely proportional to the measure of privacy. Anyone can submit a query to a trusted agent with access to a non-stochastic uncertain private dataset. Optimal dete...
Preprint
Full-text available
In many learning based control methodologies, learning the unknown dynamic model precedes the control phase, while the aim is to control the system such that it remains in some safe region of the state space. In this work our aim is to guarantee safety while learning and control proceed simultaneously. Specifically, we consider the problem of safe...
Article
Full-text available
Local differential privacy has become the gold-standard of privacy literature for gathering or releasing sensitive individual data points in a privacy-preserving manner. However, locally differential data can twist the probability density of the data because of the additive noise used to ensure privacy. In fact, the density of privacy-preserving da...
Preprint
Full-text available
We use gradient sparsification to reduce the adverse effect of differential privacy noise on performance of private machine learning models. To this aim, we employ compressed sensing and additive Laplace noise to evaluate differentially-private gradients. Noisy privacy-preserving gradients are used to perform stochastic gradient descent for trainin...
Article
Full-text available
We consider machine learning, particularly regression, using locally-differentially private datasets. The Wasserstein distance is used to define an ambiguity set centered at the empirical distribution of the dataset corrupted by local differential privacy noise. The radius of the ambiguity set is selected based on privacy budget, spread of data, an...
Preprint
Full-text available
We consider safety in simultaneous learning and control of discrete-time linear time-invariant systems. We provide rigorous confidence bounds on the learned model of the system based on the number of utilized state measurements. These bounds are used to modify control inputs to the system via an optimization problem with potentially time-varying sa...
Article
We investigate state estimation of linear systems over channels having a finite state not known by the transmitter or receiver. We show that similar to memoryless channels, zero-error capacity is the right figure of merit for achieving bounded estimation errors. We then consider finite-state, worst-case versions of the common erasure and additive n...
Preprint
Full-text available
Recent studies on encrypted control using homomorphic encryption allow secure operation by directly performing computations on encrypted data without decryption. Implementing dynamic controllers on encrypted data presents unique challenges due to limitations on the number of operations on an encrypted message. Hence, it may not be possible to perfo...
Preprint
In this paper, preys with stochastic evasion policies are considered. The stochasticity adds unpredictable changes to the prey's path for avoiding predator's attacks. The prey's cost function is composed of two terms balancing the unpredictability factor (by using stochasticity to make the task of forecasting its future positions by the predator di...
Article
A structured preconditioned conjugate gradient (PCG) based linear system solver is developed for implementing Newton updates in second-order methods for a class of con- strained network optimal control problems. Of specific interest are problems with discrete-time dynamics arising from the path-graph interconnection of N heterogeneous sub-systems....
Preprint
Full-text available
Statistical models are often used to forecast and predict time-series data based on past observations [15, 12], with wide-ranging applications including predicting stock prices, seismic events, and electricity demand. In this paper, we investigate the extent to which statistical models such as Auto-regressive (AR), Auto-regressive exogenous (ARX) a...
Experiment Findings
Statistical models are often used to forecast and predict time-series data based on past observations [12, 15], with wide-ranging applications including predicting stock prices, seismic events, and electricity demand. In this paper, we investigate the extent to which statistical models such as Auto-regressive (AR), Auto-regressive exogenous (ARX) a...
Article
We define noiseless privacy, as a non-stochastic rival to differential privacy, requiring that the outputs of a mechanism attain only a few values while varying the data of an individual (bounded by the exponential of privacy budget). Therefore, the output of the mechanism is not fully informative of the data of the individuals in the dataset. We p...
Preprint
Full-text available
It is known that for a discrete channel with correlated additive noise, the ordinary capacity with or without feedback is equal $ \log q-\mathcal{H}_{ch} $, where $ \mathcal{H}_{ch} $ is the entropy rate of the noise process and $ q $ is the alphabet size. In this paper, for a class of finite-state additive noise channels, it is shown that the zero...
Preprint
Full-text available
We investigate the extent to which statistical predictive models leak information about their training data. More specifically, based on the use case of household (electrical) energy consumption, we evaluate whether white-box access to auto-regressive (AR) models trained on such data together with background information, such as household energy da...
Preprint
Full-text available
Statistical models are often used to forecast and predict time-series data based on past observations [15, 12], with wide-ranging applications including predicting stock prices, seismic events, and electricity demand. In this paper, we investigate the extent to which statistical models such as Auto-regressive (AR), Auto-regressive exogenous (ARX) a...
Article
Full-text available
We use distributionally-robust optimization for machine learning to mitigate the effect of data poisoning attacks. We provide performance guarantees for the trained model on the original data (not including the poison records) by training the model for the worst-case distribution on a neighbourhood around the empirical distribution (extracted from...
Article
Full-text available
We investigate the extent to which statistical predictive models leak information about their training data. More specifically, based on the use case of household (electrical)energy consumption, we evaluate whether white-box access to auto-regressive (AR) models trained on such data together with background information, such as household energy dat...
Preprint
Full-text available
This paper proposes an operational measure of non-stochastic information leakage to formalize privacy against a brute-force guessing adversary. The information is measured by non-probabilistic uncertainty of uncertain variables, the non-stochastic counterparts of random variables. For $X$ that is related to released data $Y$, the non-stochastic bru...
Preprint
Full-text available
Lack of trust between organisations and privacy concerns about their data are impediments to an otherwise potentially symbiotic joint data analysis. We propose DataRing, a data sharing system that allows mutually mistrusting participants to query each others' datasets in a privacy-preserving manner while ensuring the correctness of input datasets a...
Chapter
A secure and private nonlinear networked control systems (NCSs) design using semi-homomorphic encryption is studied. Static feedback controllers are used and network architectures are provided to enable control signal computation using encrypted signals directly. As a result, the security of the NCSs is further enhanced by preserving the privacy of...
Article
We employ a game-theoretic model to analyse the interaction between an adversary and a classifier. There are two (i.e., positive and negative) classes to which data points can belong. The adversary wants to maximize the probability of miss-detection for the positive class (i.e., false negative probability) while it does not want to significantly mo...
Article
Full-text available
The newly emerged machine learning (e.g., deep learning) methods have become a strong driving force to revolutionize a wide range of industries, such as smart healthcare, financial technology, and surveillance systems. Meanwhile, privacy has emerged as a big concern in this machine learning-based artificial intelligence era. This article is a compr...
Article
We address the problem of maximizing privacy of stochastic dynamical systems whose state information is released through quantized sensor data. In particular, we consider the setting where information about the system state is obtained using noisy sensor measurements. This data is quantized and transmitted to a (possibly untrustworthy) remote stati...
Preprint
This paper considers the problem of publishing data $X$ while protecting correlated sensitive information $S$. We propose a linear method to generate the sanitized data $Y$ with the same alphabet $\mathcal{Y} = \mathcal{X}$ that attains local differential privacy (LDP) and log-lift at the same time. It is revealed that both LDP and log-lift are inv...
Preprint
We use disparate impact, i.e., the extent that the probability of observing an output depends on protected attributes such as race and gender, to measure fairness. We prove that disparate impact is upper bounded by the total variation distance between the distribution of the inputs given the protected attributes. We then use pre-processing, also kn...
Article
We consider training machine learning models using data located on multiple private and geographically-scattered servers with different privacy settings. Due to the distributed nature of the data, communicating with all collaborating private data owners simultaneously may prove challenging or altogether impossible. We consider differentially-privat...
Article
Full-text available
The motivation for this work stems from the problem of scheduling requests for flow at supply points located throughout an automated network of open-water channels. The off-take flows are rigid-profile inputs to the system dynamics. In particular, the channel operator can only shift orders in time to satisfy constraints on the automatic response to...
Preprint
The motivation for this work stems from the problem of scheduling requests for flow at supply points along an automated network of open-water channels. The off-take flows are rigid-profile inputs to the system dynamics. In particular, the channel operator can only shift orders in time to satisfy constraints on the automatic response to changes in t...
Article
Full-text available
A framework for private and secure communication and interaction between agents interacting in transportation services is developed. An agent, i.e. a user, can ask questions or submit queries regarding whether the other agents, i.e. drivers, use the desired road at specific times of the day in an encrypted fashion. The authors developed the framewo...
Preprint
Full-text available
The newly emerged machine learning (e.g. deep learning) methods have become a strong driving force to revolutionize a wide range of industries, such as smart healthcare, financial technology, and surveillance systems. Meanwhile, privacy has emerged as a big concern in this machine learning-based artificial intelligence era. It is important to note...
Article
Full-text available
In this study, I consider privacy against hypothesis testing adversaries within a non‐stochastic framework. He developed a theory of non‐stochastic hypothesis testing by borrowing the notion of uncertain variables from non‐stochastic information theory. I define tests as binary‐valued mappings on uncertain variables and proved a fundamental bound o...
Preprint
We consider private function evaluation to provide query responses based on private data of multiple untrusted entities in such a way that each cannot learn something substantially new about the data of others. First, we introduce perfect non-stochastic privacy in a two-party scenario. Perfect privacy amounts to conditional unrelatedness of the que...
Preprint
Full-text available
A structured preconditioned conjugate gradient (PCG) solver is developed for the Newton steps in second-order methods for a class of constrained network optimal control problems. Of specific interest are problems with discrete-time dynamics arising from the path-graph interconnection of $N$ heterogeneous sub-systems. The computational complexity of...
Article
Full-text available
Simple analysis of energy consumption patterns recorded by smart meters can be used to deduce household occupancy. With access to higher‐resolution smart‐meter readings, we can infer more detailed information about the household including the use of individual electric appliances through non‐intrusive load monitoring techniques. The extent of priva...
Preprint
Full-text available
Local differential privacy has become the gold-standard of privacy literature for gathering or releasing sensitive individual data points in a privacy-preserving manner. However, locally differential data can twist the probability density of the data because of the additive noise used to ensure privacy. In fact, the density of privacy-preserving da...
Preprint
Full-text available
Linear queries can be submitted to a server containing private data. The server provides a response to the queries systematically corrupted using an additive noise to preserve the privacy of those whose data is stored on the server. The measure of privacy is inversely proportional to the trace of the Fisher information matrix. It is assumed that an...
Preprint
Full-text available
We consider machine learning, particularly regression, using locally-differentially private datasets. The Wasserstein distance is used to define an ambiguity set centered at the empirical distribution of the dataset corrupted by local differential privacy noise. The ambiguity set is shown to contain the probability distribution of unperturbed, clea...
Article
We consider a non-stochastic privacy-preserving problem in which an adversary aims to infer sensitive information S from publicly accessible data X without using statistics. We consider the problem of generating and releasing a quantization X̂ of X to minimize the privacy leakage of S to X̂ while maintaining a certain level of utility (or, inversel...
Preprint
Full-text available
Distributionally-robust optimization is often studied for a fixed set of distributions rather than time-varying distributions that can drift significantly over time (which is, for instance, the case in finance and sociology due to underlying expansion of economy and evolution of demographics). This motivates understanding conditions on probability...
Preprint
Full-text available
It is known that for a discrete channel with correlated additive noise, the ordinary capacity with or without feedback both equal $ \log q-\mathcal{H} (Z) $, where $ \mathcal{H}(Z) $ is the entropy rate of the noise process $ Z $ and $ q $ is the alphabet size. In this paper, a class of finite-state additive noise channels is introduced. It is show...
Article
This paper presents a secure and private implementation of linear time-invariant dynamic controllers using Paillier's encryption, a semi-homomorphic encryption method. To avoid overflow or underflow within the encryption domain, the state of the controller is reset periodically. A control design approach is presented to ensure stability and optimiz...
Preprint
Full-text available
We propose an operational measure of information leakage in a non-stochastic setting to formalize privacy against a brute-force guessing adversary. We use uncertain variables, non-probabilistic counterparts of random variables, to construct a guessing framework in which an adversary is interested in determining private information based on uncertai...
Article
Federated learning (FL), as a type of distributed machine learning, is capable of significantly preserving clients’ private data from being exposed to adversaries. Nevertheless, private information can still be divulged by analyzing uploaded parameters from clients, e.g., weights trained in deep neural networks. In this paper, to effectively preven...
Article
Full-text available
This paper is about an encryption based approach to the secure implementation of feedback controllers for physical systems. Specifically, Paillier’s homomorphic encryption is used to digitally implement a class of linear dynamic controllers, which includes the commonplace static gain and PID type feedback control laws as special cases. The develope...
Article
Full-text available
Noisy (stochastic) gradient descent is used to develop privacy-preserving algorithms for solving constrained quadratic optimization problems. The variance of the error of an adversary's estimate of the parameters of the quadratic cost function based on iterates of the algorithm is related to the Fisher information of the noise using the Cram\'{e}r-...
Preprint
Full-text available
We investigate bounded state estimation of linear systems over finite-state erasure and additive noise channels in which the noise is governed by a finite-state machine without any statistical structure. Upper and lower bounds on their zero-error capacities are derived, revealing a connection with the topological entropy of the channel dynamics. So...
Preprint
Full-text available
We consider training machine learning models using Training data located on multiple private and geographically-scattered servers with different privacy settings. Due to the distributed nature of the data, communicating with all collaborating private data owners simultaneously may prove challenging or altogether impossible. In this paper, we develo...
Preprint
Full-text available
Machine Learning (ML) techniques are used by most data-driven organisations to extract insights. Machine-learning-as-a-service (MLaaS), where models are trained on potentially sensitive user data and then queried by external parties are becoming a reality. However, recently, these systems have been shown to be vulnerable to Membership Inference Att...
Preprint
Full-text available
Machine learning models have been shown to be vulnerable to membership inference attacks, i.e., inferring whether individuals' data have been used for training models. The lack of understanding about factors contributing success of these attacks motivates the need for modelling membership information leakage using information theory and for investi...
Preprint
Full-text available
We use distributionally-robust optimization for machine learning to mitigate the effect of data poisoning attacks. We provide performance guarantees for the trained model on the original data (not including the poison records) by training the model for the worst-case distribution on a neighbourhood around the empirical distribution (extracted from...
Article
Full-text available
We consider the problem of publicly releasing a dataset for support vector machine classification while not infringing on the privacy of data subjects (i.e., individuals whose private information is stored in the dataset). The dataset is systematically obfuscated using an additive noise for privacy protection. Motivated by the Cramér-Rao bound, inv...
Chapter
We study the problem of maximizing privacy of data sets by adding random vectors generated via synchronized chaotics oscillators. In particular, we consider the setup where information about data sets, queries, is sent through public (unsecured) communication channels to a remote station. To hide private features (specific entries) within the data...
Chapter
Full-text available
In this chapter, we use Heating, Ventilation, and Air Conditioning (HVAC) units to preserve the privacy of households with smart meters in addition to regulating indoor temperature. We model the effect of the HVAC unit as an additive noise in the household consumption. The Cramér-Rao bound is used to relate the inverse of the trace of the Fisher in...
Book
This book addresses privacy in dynamical systems, with applications to smart metering, traffic estimation, and building management. In the first part, the book explores statistical methods for privacy preservation from the areas of differential privacy and information-theoretic privacy (e.g., using privacy metrics motivated by mutual information, r...
Article
We consider non-intrusive load monitoring by a sophisticated adversary that knows the load profiles of the appliances and wants to determine their start-finish times based on smart-meter readings. We prove that the expected estimation error of non-intrusive load monitoring algorithms is lower bounded by the trace of the inverse of the cross-correla...
Article
Information about the system state is obtained through noisy sensor measurements. This data is coded and transmitted to a trusted user through an unsecured communication network. We aim at keeping the system state private; however, because the network is not secure, opponents might access sensor data, which can be used to estimate the state. To pre...
Article
A computational method is proposed for solving a structured quadratic optimal control problem subject to linear discrete-time dynamics arising from a directed tree structured interconnection of heterogeneous sub-systems. The problem is first formulated as a quadratic program with structure along three dimensions of the decision space. A nested algo...
Preprint
We consider the problem of publicly releasing a dataset for support vector machine classification while not infringing on the privacy of data subjects (i.e., individuals whose private information is stored in the dataset). The dataset is systematically obfuscated using an additive noise for privacy protection. Motivated by the Cramer-Rao bound, inv...
Preprint
We consider a non-stochastic privacy-preserving problem in which an adversary aims to infer sensitive information $S$ from publicly accessible data $X$ without using statistics. We consider the problem of generating and releasing a quantization $\hat{X}$ of $X$ to minimize the privacy leakage of $S$ to $\hat{X}$ while maintaining a certain level of...
Preprint
In this paper, to effectively prevent the differential attack, we propose a novel Federated learning (FL) framework based on the concept of differential privacy (DP), in which artificial noises are added to the parameters at the clients side before being uploaded for aggregating, namely, noising before model aggregation FL (NbAFL). First, we prove...
Preprint
Full-text available
We address the problem of maximizing privacy of stochastic dynamical systems whose state information is released through quantized sensor data. In particular, we consider the setting where information about the system state is obtained using noisy sensor measurements. This data is quantized and transmitted to a remote station through a public/unsec...
Preprint
In this paper, we define noiseless privacy, as a non-stochastic rival to differential privacy, requiring that the outputs of a mechanism (i.e., function composition of a privacy-preserving mapping and a query) can attain only a few values while varying the data of an individual (the logarithm of the number of the distinct values is bounded by the p...
Preprint
We prove that the expected estimation error of non-intrusive load monitoring algorithms is lower bounded by the trace of the inverse of the cross-correlation matrix between the derivatives of the load profiles of the appliances. We use this fundamental bound to develop privacy-preserving policies. Particularly, we devise a load-scheduling policy by...
Preprint
For evolving datasets with continual reports, the composition rule for differential privacy (DP) dictates that the scale of DP noise must grow linearly with the number of the queries, or that the privacy budget must be split equally between all the queries, so that the privacy budget across all the queries remains bounded and consistent with the pr...
Preprint
Privacy is under threat from artificial intelligence revolution fueled by unprecedented abundance of data. Differential privacy, an established candidate for privacy protection, is susceptible to adversarial attacks, acts conservatively, and leads to miss-implementations because of lacking systematic methods for setting its parameters (known as the...
Preprint
In this paper, we define discounted differential privacy, as an alternative to (conventional) differential privacy, to investigate privacy of evolving datasets, containing time series over an unbounded horizon. Evolving datasets arise in energy systems (e.g., real-time smart meter measurements), transportation (e.g., real-time traces of individual...
Preprint
In this paper, we employ a game-theoretic model to analyze the interaction between an adversary and a classifier. There are two classes (i.e., positive and negative classes) to which data points can belong. The adversary is interested in maximizing the probability of miss-detection for the positive class (i.e., false negative probability). The adve...
Preprint
In this paper, we apply machine learning to distributed private data owned by multiple data owners, entities with access to non-overlapping training datasets. We use noisy, differentially-private gradients to minimize the fitness cost of the machine learning model using stochastic gradient descent. We quantify the quality of the trained model, usin...
Preprint
We study the problem of maximizing privacy of data sets by adding random vectors generated via synchronized chaotic oscillators. In particular, we consider the setup where information about data sets, queries, is sent through public (unsecured) communication channels to a remote station. To hide private features (specific entries) within the data s...
Preprint
Full-text available
We study the problem of maximizing privacy of data sets by adding random vectors generated via synchronized chaotic oscillators. In particular, we consider the setup where information about data sets, queries, is sent through public (unsecured) communication channels to a remote station. To hide private features (specific entries) within the data s...
Article
In this paper, preys with stochastic evasion policies are considered. The stochasticity adds unpredictable changes to the prey’s path for avoiding predator’s attacks. The prey’s cost function is composed of two terms balancing the unpredictability factor (by using stochasticity to make the task of forecasting its future positions by the predator di...
Preprint
In this paper, we consider privacy against hypothesis testing adversaries within a non-stochastic framework. We develop a theory of non-stochastic hypothesis testing by borrowing the notion of uncertain variables from non-stochastic information theory. We define tests as binary-valued mappings on uncertain variables and prove a fundamental bound on...
Article
Full-text available
A deterministic privacy metric using non-stochastic information theory is developed. Particularly, maximin information is used to construct a measure of information leakage, which is inversely proportional to the measure of privacy. Anyone can submit a query to a trusted agent with access to a non-stochastic uncertain private dataset. Optimal deter...
Preprint
This paper is about an encryption based approach to the secure implementation of feedback controllers for physical systems. Specifically, Paillier's homomorphic encryption is used in a custom digital implementation of a class of linear dynamic controllers, including static gain as a special case. The implementation is amenable to Field Programmable...