Data Augmentation for Robust and Privacy-Preserving Deep Learning

Abstract

In the ever-evolving landscape of machine learning, data augmentation remains a fundamental technique for enhancing the generalization and robustness of deep neural networks. This thesis explores data augmentation methods that adapt and evolve in response to the changing demands of the field.

First, starting from the traditional classification problem, we address the issue of texture bias in convolutional neural networks (CNNs). Texture bias refers to the tendency of CNNs to prioritize texture cues over shape when classifying objects. By separating content and style, we propose two data augmentation techniques, StyleMix and StyleCutMix, that effectively mitigate this bias while simultaneously improving model performance. Furthermore, we demonstrate through experimental results that these methods enhance robustness against adversarial attacks.

Second, with the prevalence of cloud computing and the increasing emphasis on data security, there is a growing need for secure data augmentation techniques in federated learning. Traditional data augmentation methods often involve transmitting data-related information to a central server, which we demonstrate can increase policy risk. To address this, we introduce FedAvP, a data augmentation method that prioritizes policy sharing over data sharing, thereby enhancing security. Through experiments involving reconstruction attacks, we demonstrate that FedAvP effectively maintains privacy.

Finally, we conclude this thesis by discussing future directions for data augmentation research, particularly as intelligent AI agents continue to advance and reshape the landscape of artificial intelligence. We consider data augmentation techniques suitable for an era in which large, pre-trained foundation models are widely utilized. Specifically, we discuss research directions in prompt data augmentation and address potential privacy concerns arising from its use.