Qin Hu

Golara Ahmadi Azar, Qin Hu, Melika Emami et al.

Hand gesture recognition (HGR) has gained significant attention due to the increasing use of AI-powered human-computer interfaces that can interpret the deep spatiotemporal dynamics of biosignals from the peripheral nervous system, such as surface electromyography (sEMG). These interfaces have a range of applications, including the control of extended reality, agile prosthetics, and exoskeletons. However, the natural variability of sEMG among individuals has led researchers to focus on subject-specific solutions. Deep learning methods, which often have complex structures, are particularly data-hungry and can be time-consuming to train, making them less practical for subject-specific applications. In this paper, we propose and develop a generalizable, sequential decoder of transient high-density sEMG (HD-sEMG) that achieves 73% average accuracy on 65 gestures for partially-observed subjects through subject-embedded transfer learning, leveraging pre-knowledge of HGR acquired during pre-training. The use of transient HD-sEMG before gesture stabilization allows us to predict gestures with the ultimate goal of counterbalancing system control delays. The results show that the proposed generalized models significantly outperform subject-specific approaches, especially when the training data is limited, and there is a significant number of gesture classes. By building on pre-knowledge and incorporating a multiplicative subject-embedded structure, our method comparatively achieves more than 13% average accuracy across partially observed subjects with minimal data availability. This work highlights the potential of HD-sEMG and demonstrates the benefits of modeling common patterns across users to reduce the need for large amounts of data for new users, enhancing practicality.

Nethra Venkatayogi, Qin Hu, Ozdemir Can Kara et al.

In this study, with the goal of reducing the early detection miss rate of colorectal cancer (CRC) polyps, we propose utilizing a novel hyper-sensitive vision-based tactile sensor called HySenSe and a complementary and novel machine learning (ML) architecture that explores the potentials of utilizing dilated convolutions, the beneficial features of the ResNet architecture, and the transfer learning concept applied on a small dataset with the scale of hundreds of images. The proposed tactile sensor provides high-resolution 3D textural images of CRC polyps that will be used for their accurate classification via the proposed dilated residual network. To collect realistic surface patterns of CRC polyps for training the ML models and evaluating their performance, we first designed and additively manufactured 160 unique realistic polyp phantoms consisting of 4 different hardness. Next, the proposed architecture was compared with the state-of-the-art ML models (e.g., AlexNet and DenseNet) and proved to be superior in terms of performance and complexity.

Zhilin Wang, Qin Hu, Xukai Zou

Is it secure to measure the reliability of local models by similarity in federated learning (FL)? This paper delves into an unexplored security threat concerning applying similarity metrics, such as the L_2 norm, Euclidean distance, and cosine similarity, in protecting FL. We first uncover the deficiencies of similarity metrics that high-dimensional local models, including benign and poisoned models, may be evaluated to have the same similarity while being significantly different in the parameter values. We then leverage this finding to devise a novel untargeted model poisoning attack, Faker, which launches the attack by simultaneously maximizing the evaluated similarity of the poisoned local model and the difference in the parameter values. Experimental results based on seven datasets and eight defenses show that Faker outperforms the state-of-the-art benchmark attacks by 1.1-9.0X in reducing accuracy and 1.2-8.0X in saving time cost, which even holds for the case of a single malicious client with limited knowledge about the FL system. Moreover, Faker can degrade the performance of the global model by attacking only once. We also preliminarily explore extending Faker to other attacks, such as backdoor attacks and Sybil attacks. Lastly, we provide a model evaluation strategy, called the similarity of partial parameters (SPP), to defend against Faker. Given that numerous mechanisms in FL utilize similarity metrics to assess local models, this work suggests that we should be vigilant regarding the potential risks of using these metrics.

Xiangdong Hu, Yangyang Jiang, Qin Hu et al.

Multimodal Large Language Models (MLLMs) have become widely deployed, yet their safety alignment remains fragile under adversarial inputs. Previous work has shown that increasing inference steps can disrupt safety mechanisms and lead MLLMs to generate attacker-desired harmful content. However, most existing attacks focus on increasing the complexity of the modified visual task itself and do not explicitly leverage the model's own reasoning incentives. This leads to them underperforming on reasoning models (Models with Chain-of-Thoughts) compared to non-reasoning ones (Models without Chain-of-Thoughts). If a model can think like a human, can we influence its cognitive-stage decisions so that it proactively completes a jailbreak? To validate this idea, we propose GAMBI} (Gamified Adversarial Multimodal Breakout via Instructional Traps), a novel multimodal jailbreak framework that decomposes and reassembles harmful visual semantics, then constructs a gamified scene that drives the model to explore, reconstruct intent, and answer as part of winning the game. The resulting structured reasoning chain increases task complexity in both vision and text, positioning the model as a participant whose goal pursuit reduces safety attention and induces it to answer the reconstructed malicious query. Extensive experiments on popular reasoning and non-reasoning MLLMs demonstrate that GAMBIT achieves high Attack Success Rates (ASR), reaching 92.13% on Gemini 2.5 Flash, 91.20% on QvQ-MAX, and 85.87% on GPT-4o, significantly outperforming baselines.

Jianan Chen, Qin Hu, Fangtian Zhong et al.

In Federated Learning (FL), multiple clients collaboratively train a model without sharing raw data. This paradigm can be further enhanced by Differential Privacy (DP) to protect local data from information inference attacks and is thus termed DPFL. An emerging privacy requirement, ``the right to be forgotten'' for clients, poses new challenges to DPFL but remains largely unexplored. Despite numerous studies on federated unlearning (FU), they are inapplicable to DPFL because the noise introduced by the DP mechanism compromises their effectiveness and efficiency. In this paper, we propose Federated Unlearning with Indistinguishability (FUI) to unlearn the local data of a target client in DPFL for the first time. FUI consists of two main steps: local model retraction and global noise calibration, resulting in an unlearning model that is statistically indistinguishable from the retrained model. Specifically, we demonstrate that the noise added in DPFL can endow the unlearning model with a certain level of indistinguishability after local model retraction, and then fortify the degree of unlearning through global noise calibration. Additionally, for the efficient and consistent implementation of the proposed FUI, we formulate a two-stage Stackelberg game to derive optimal unlearning strategies for both the server and the target client. Privacy and convergence analyses confirm theoretical guarantees, while experimental results based on four real-world datasets illustrate that our proposed FUI achieves superior model performance and higher efficiency compared to mainstream FU schemes. Simulation results further verify the optimality of the derived unlearning strategies.

Zhilin Wang, Qin Hu, Ruinian Li et al.

Blockchain-based federated learning (BCFL) has recently gained tremendous attention because of its advantages such as decentralization and privacy protection of raw data. However, there has been few research focusing on the allocation of resources for clients in BCFL. In the BCFL framework where the FL clients and the blockchain miners are the same devices, clients broadcast the trained model updates to the blockchain network and then perform mining to generate new blocks. Since each client has a limited amount of computing resources, the problem of allocating computing resources into training and mining needs to be carefully addressed. In this paper, we design an incentive mechanism to assign each client appropriate rewards for training and mining, and then the client will determine the amount of computing power to allocate for each subtask based on these rewards using the two-stage Stackelberg game. After analyzing the utilities of the model owner (MO) (i.e., the BCFL task publisher) and clients, we transform the game model into two optimization problems, which are sequentially solved to derive the optimal strategies for both the MO and clients. Further, considering the fact that local training related information of each client may not be known by others, we extend the game model with analytical solutions to the incomplete information scenario. Extensive experimental results demonstrate the validity of our proposed schemes.

Zhilin Wang, Qiao Kang, Xinyi Zhang et al.

Advances in distributed machine learning can empower future communications and networking. The emergence of federated learning (FL) has provided an efficient framework for distributed machine learning, which, however, still faces many security challenges. Among them, model poisoning attacks have a significant impact on the security and performance of FL. Given that there have been many studies focusing on defending against model poisoning attacks, it is necessary to survey the existing work and provide insights to inspire future research. In this paper, we first classify defense mechanisms for model poisoning attacks into two categories: evaluation methods for local model updates and aggregation methods for the global model. Then, we analyze some of the existing defense strategies in detail. We also discuss some potential challenges and future research directions. To the best of our knowledge, we are the first to survey defense methods for model poisoning attacks in FL.

Minghui Xu, Zongrui Zou, Ye Cheng et al.

Decentralized learning involves training machine learning models over remote mobile devices, edge servers, or cloud servers while keeping data localized. Even though many studies have shown the feasibility of preserving privacy, enhancing training performance or introducing Byzantine resilience, but none of them simultaneously considers all of them. Therefore we face the following problem: \textit{how can we efficiently coordinate the decentralized learning process while simultaneously maintaining learning security and data privacy?} To address this issue, in this paper we propose SPDL, a blockchain-secured and privacy-preserving decentralized learning scheme. SPDL integrates blockchain, Byzantine Fault-Tolerant (BFT) consensus, BFT Gradients Aggregation Rule (GAR), and differential privacy seamlessly into one system, ensuring efficient machine learning while maintaining data privacy, Byzantine fault tolerance, transparency, and traceability. To validate our scheme, we provide rigorous analysis on convergence and regret in the presence of Byzantine nodes. We also build a SPDL prototype and conduct extensive experiments to demonstrate that SPDL is effective and efficient with strong security and privacy guarantees.

Qin Hu, Zhilin Wang, Minghui Xu et al.

Mobile crowdsensing (MCS) counting on the mobility of massive workers helps the requestor accomplish various sensing tasks with more flexibility and lower cost. However, for the conventional MCS, the large consumption of communication resources for raw data transmission and high requirements on data storage and computing capability hinder potential requestors with limited resources from using MCS. To facilitate the widespread application of MCS, we propose a novel MCS learning framework leveraging on blockchain technology and the new concept of edge intelligence based on federated learning (FL), which involves four major entities, including requestors, blockchain, edge servers and mobile devices as workers. Even though there exist several studies on blockchain-based MCS and blockchain-based FL, they cannot solve the essential challenges of MCS with respect to accommodating resource-constrained requestors or deal with the privacy concerns brought by the involvement of requestors and workers in the learning process. To fill the gaps, four main procedures, i.e., task publication, data sensing and submission, learning to return final results, and payment settlement and allocation, are designed to address major challenges brought by both internal and external threats, such as malicious edge servers and dishonest requestors. Specifically, a mechanism design based data submission rule is proposed to guarantee the data privacy of mobile devices being truthfully preserved at edge servers; consortium blockchain based FL is elaborated to secure the distributed learning process; and a cooperation-enforcing control strategy is devised to elicit full payment from the requestor. Extensive simulations are carried out to evaluate the performance of our designed schemes.

Qin Hu, Shengling Wang, Zeihui Xiong et al.

The explosive amount of data generated at the network edge makes mobile edge computing an essential technology to support real-time applications, calling for powerful data processing and analysis provided by machine learning (ML) techniques. In particular, federated edge learning (FEL) becomes prominent in securing the privacy of data owners by keeping the data locally used to train ML models. Existing studies on FEL either utilize in-process optimization or remove unqualified participants in advance. In this paper, we enhance the collaboration from all edge devices in FEL to guarantee that the ML model is trained using all available local data to accelerate the learning process. To that aim, we propose a collective extortion (CE) strategy under the imperfect-information multi-player FEL game, which is proved to be effective in helping the server efficiently elicit the full contribution of all devices without worrying about suffering from any economic loss. Technically, our proposed CE strategy extends the classical extortion strategy in controlling the proportionate share of expected utilities for a single opponent to the swiftly homogeneous control over a group of players, which further presents an attractive trait of being impartial for all participants. Moreover, the CE strategy enriches the game theory hierarchy, facilitating a wider application scope of the extortion strategy. Both theoretical analysis and experimental evaluations validate the effectiveness and fairness of our proposed scheme.

Zhilin Wang, Qin Hu, Minghui Xu et al.

With the technological advances in machine learning, effective ways are available to process the huge amount of data generated in real life. However, issues of privacy and scalability will constrain the development of machine learning. Federated learning (FL) can prevent privacy leakage by assigning training tasks to multiple clients, thus separating the central server from the local devices. However, FL still suffers from shortcomings such as single-point-failure and malicious data. The emergence of blockchain provides a secure and efficient solution for the deployment of FL. In this paper, we conduct a comprehensive survey of the literature on blockchained FL (BCFL). First, we investigate how blockchain can be applied to federal learning from the perspective of system composition. Then, we analyze the concrete functions of BCFL from the perspective of mechanism design and illustrate what problems blockchain addresses specifically for FL. We also survey the applications of BCFL in reality. Finally, we discuss some challenges and future research directions.

S. Valli Sanghami, John J. Lee, Qin Hu

In the given technology-driven era, smart cities are the next frontier of technology, aiming at improving the quality of people's lives. Many research works focus on future smart cities with a holistic approach towards smart city development. In this paper, we introduce such future smart cities that leverage blockchain technology in areas like data security, energy and waste management, governance, transport, supply chain, including emergency events, and environmental monitoring. Blockchain, being a decentralized immutable ledger, has the potential to promote the development of smart cities by guaranteeing transparency, data security, interoperability, and privacy. Particularly, using blockchain in emergency events will provide interoperability between many parties involved in the response, will increase timeliness of services, and establish transparency. In that case, if a current fee-based or first-come-first-serve-based processing is used, emergency events may get delayed in being processed due to competition, and thus, threatening people's lives. Thus, there is a need for transaction prioritization based on the priority of information and quick creation of blocks (variable interval block creation mechanism). Also, since the leaders ensure transaction prioritization while generating blocks, leader rotation and proper election procedure become important for the transaction prioritization process to take place honestly and efficiently. In our consensus protocol, we deploy a machine learning (ML) algorithm to achieve efficient leader election and design a novel dynamic block creation algorithm. Also, to ensure honest assessment from the followers on the blocks generated by the leaders, a peer-prediction-based verification mechanism is proposed. Both security analysis and simulation experiments are carried out to demonstrate the robustness and accuracy of our proposed scheme.

Hongwei Shi, Shengling Wang, Qin Hu et al.

Natural forking in blockchain refers to a phenomenon that there are a set of blocks at one block height at the same time, implying that various nodes have different perspectives of the main chain. Natural forking might give rise to multiple adverse impacts on blockchain, jeopardizing the performance and security of the system consequently. However, the ongoing literature in analyzing natural forking is mainly from the macro point of view, which is not sufficient to incisively understand this phenomenon. In this paper, we fill this gap through leveraging the large deviation theory to conduct a microscopic study of natural forking, which resorts to investigating the instantaneous difference between block generation and dissemination in blockchain. Our work is derived comprehensively and complementarily via a three-step process, where both the natural forking probability and its decay rate are presented. Through solid theoretical derivation and extensive numerical simulations, we find 1) the probability of the mismatch between block generation and dissemination exceeding a given threshold dwindles exponentially with the increase of natural forking robustness related parameter or the difference between the block dissemination rate and block creation rate; 2) the natural forking robustness related parameter may emphasize a more dominant effect on accelerating the abortion of natural forking in some cases; 3) when the self-correlated block generation rate is depicted as the stationary autoregressive process with a scaling parameter, it is found that setting a lower scaling parameter may speed up the failure of natural forking. These findings are valuable since they offer a fresh theoretical basis to engineer optimal countermeasures for thwarting natural forking and thereby enlivening the blockchain network.

Xidi Qu, Shengling Wang, Qin Hu et al.

Proof of work (PoW), the most popular consensus mechanism for Blockchain, requires ridiculously large amounts of energy but without any useful outcome beyond determining accounting rights among miners. To tackle the drawback of PoW, we propose a novel energy-recycling consensus algorithm, namely proof of federated learning (PoFL), where the energy originally wasted to solve difficult but meaningless puzzles in PoW is reinvested to federated learning. Federated learning and pooled-ming, a trend of PoW, have a natural fit in terms of organization structure. However, the separation between the data usufruct and ownership in Blockchain lead to data privacy leakage in model training and verification, deviating from the original intention of federal learning. To address the challenge, a reverse game-based data trading mechanism and a privacy-preserving model verification mechanism are proposed. The former can guard against training data leakage while the latter verifies the accuracy of a trained model with privacy preservation of the task requester's test data as well as the pool's submitted model. To the best of our knowledge, our paper is the first work to employ federal learning as the proof of work for Blockchain. Extensive simulations based on synthetic and real-world data demonstrate the effectiveness and efficiency of our proposed mechanisms.

Jingwei Liu, Qin Hu, Chaoya Li et al.

Vehicular Ad Hoc Networks (VANETs) are attractive scenarios that can improve the traffic situation and provide convenient services for drivers and passengers via vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communication. However, there are still many security challenges in the traffic information transmission, especially in the intense traffic case. For ensuring the privacy of users and traceability of vehicles, we propose a traceable concurrent data anonymous transmission scheme for heterogeneous VANETs. The scheme is based on certificateless aggregate signcryption, so it supports batch verification. Moreover, conditional anonymity is also achieved due to the involving of the pseudo-ID technique. Furthermore, it is a pairing-free scheme for the merit of multi-trapdoor hash functions. As a result, the total computation overhead is greatly reduced.