Jens Keim

Anna Schwarz, Jens Keim, Christian Rohde et al.

High-order methods offer superior dispersion and dissipation properties compared to low-order schemes but require robust stabilization for discontinuities. To ensure stability, local artificial viscosity is common, but often degrades sub-element resolution. Conversely, subcell resolution preserving limiting strategies such as the finite volume subcell method are typically restricted to uniform topologies, such as purely hexahedral, or simplex meshes. This leaves a significant gap in treating the hybrid-element topologies necessary for complex engineering geometries. This paper presents a robust shock-capturing approach for the discontinuous Galerkin spectral element method on mixed curvilinear meshes containing hexahedral, prismatic, tetrahedral, and pyramid elements. Non-hexahedral elements are handled via collapsed coordinate transformations. The proposed method utilizes an h-adaptive finite volume subcell scheme with arbitrary subcell resolution; 2N + 1 in this work. The schemes essential properties, including conservation, spatial convergence, and the shock capturing capabilities are verified. Finally, the method's applicability to complex configurations is demonstrated through a simulation of the flow around a NACA 0012 airfoil.

Aidmar Wainakh, Ephraim Zimmer, Sandeep Subedi et al.

Federated learning (FL) enables a set of entities to collaboratively train a machine learning model without sharing their sensitive data, thus, mitigating some privacy concerns. However, an increasing number of works in the literature propose attacks that can manipulate the model and disclose information about the training data in FL. As a result, there has been a growing belief in the research community that FL is highly vulnerable to a variety of severe attacks. Although these attacks do indeed highlight security and privacy risks in FL, some of them may not be as effective in production deployment because they are feasible only under special -- sometimes impractical -- assumptions. Furthermore, some attacks are evaluated under limited setups that may not match real-world scenarios. In this paper, we investigate this issue by conducting a systematic mapping study of attacks against FL, covering 48 relevant papers from 2016 to the third quarter of 2021. On the basis of this study, we provide a quantitative analysis of the proposed attacks and their evaluation settings. This analysis reveals several research gaps with regard to the type of target ML models and their architectures. Additionally, we highlight unrealistic assumptions in the problem settings of some attacks, related to the hyper-parameters of the ML model and data distribution among clients. Furthermore, we identify and discuss several fallacies in the evaluation of attacks, which open up questions on the generalizability of the conclusions. As a remedy, we propose a set of recommendations to avoid these fallacies and to promote adequate evaluations.

Aidmar Wainakh, Fabrizio Ventola, Till Müßig et al.

Federated learning enables multiple users to build a joint model by sharing their model updates (gradients), while their raw data remains local on their devices. In contrast to the common belief that this provides privacy benefits, we here add to the very recent results on privacy risks when sharing gradients. Specifically, we investigate Label Leakage from Gradients (LLG), a novel attack to extract the labels of the users' training data from their shared gradients. The attack exploits the direction and magnitude of gradients to determine the presence or absence of any label. LLG is simple yet effective, capable of leaking potential sensitive information represented by labels, and scales well to arbitrary batch sizes and multiple classes. We mathematically and empirically demonstrate the validity of the attack under different settings. Moreover, empirical results show that LLG successfully extracts labels with high accuracy at the early stages of model training. We also discuss different defense mechanisms against such leakage. Our findings suggest that gradient compression is a practical technique to mitigate the attack.