Search Results for author:
Found 34 papers, 13 papers with code
Low-Cost High-Power Membership Inference Attacks
Under computation constraints, where only a limited number of pre-trained reference models (as few as 1) are available, and also when we vary other elements of the attack, our method performs exceptionally well, unlike some prior attacks that approach random guessing.
Can LLMs Keep a Secret? Testing Privacy Implications of Language Models via Contextual Integrity Theory
The interactive use of large language models (LLMs) in AI assistants (at work, home, etc.)
Leave-one-out Distinguishability in Machine Learning
We introduce an analytical framework to quantify the changes in a machine learning algorithm's output distribution following the inclusion of a few data points in its training set, a notion we define as leave-one-out distinguishability (LOOD).
Share Your Representation Only: Guaranteed Improvement of the Privacy-Utility Tradeoff in Federated Learning
Repeated parameter sharing in federated learning causes significant information leakage about private data, thus defeating its main purpose: data privacy.
Bias Propagation in Federated Learning
Our work calls for auditing group fairness in federated learning and designing learning algorithms that are robust to bias propagation.
On The Impact of Machine Learning Randomness on Group Fairness
We investigate the impact on group fairness of different sources of randomness in training neural networks.
Smaller Language Models are Better Black-box Machine-Generated Text Detectors
With the advent of fluent generative language models that can produce convincing utterances very similar to those written by humans, distinguishing whether a piece of text is machine-generated or human-written becomes more challenging and more important, as such models could be used to spread misinformation, fake news, fake reviews and to mimic certain authors and figures.
Data Privacy and Trustworthy Machine Learning
The privacy risks of machine learning models is a major concern when training them on sensitive and personal data.
Truth Serum: Poisoning Machine Learning Models to Reveal Their Secrets
We show that an adversary who can poison a training dataset can cause models trained on this dataset to leak significant private details of training points belonging to other parties.
Differentially Private Learning Needs Hidden State (Or Much Faster Convergence)
We prove that, in these settings, our privacy bound converges exponentially fast and is substantially smaller than the composition bounds, notably after a few number of training epochs.
Quantifying Privacy Risks of Masked Language Models Using Membership Inference Attacks
The wide adoption and application of Masked language models~(MLMs) on sensitive data (from legal to medical) necessitates a thorough quantitative investigation into their privacy vulnerabilities -- to what extent do MLMs leak information about their training data?
What Does it Mean for a Language Model to Preserve Privacy?
Language models lack the ability to understand the context and sensitivity of text, and tend to memorize phrases present in their training sets.
Enhanced Membership Inference Attacks against Machine Learning Models
Membership inference attacks are used as an auditing tool to quantify this leakage.
Privacy Auditing of Machine Learning using Membership Inference Attacks
In this paper, we present a framework that can explain the implicit assumptions and also the simplifications made in the prior work.
Differential Privacy Dynamics of Langevin Diffusion and Noisy Gradient Descent
What is the information leakage of an iterative randomized learning algorithm about its training data, when the internal state of the algorithm is \emph{private}?
On the Privacy Risks of Algorithmic Fairness
We show that fairness comes at the cost of privacy, and this cost is not distributed equally: the information leakage of fair models increases significantly on the unprivileged subgroups, which are the ones for whom we need fair learning.
SOTERIA: In Search of Efficient Neural Networks for Private Inference
In this setting, our objective is to protect the confidentiality of both the users' input queries as well as the model parameters at the server, with modest computation and communication overhead.
Improving Deep Learning with Differential Privacy using Gradient Encoding and Denoising
We show that our mechanism outperforms the state-of-the-art DPSGD; for instance, for the same model accuracy of $96. 1\%$ on MNIST, our technique results in a privacy bound of $\epsilon=3. 2$ compared to $\epsilon=6$ of DPSGD, which is a significant improvement.
ML Privacy Meter: Aiding Regulatory Compliance by Quantifying the Privacy Risks of Machine Learning
In addition to the threats of illegitimate access to data through security breaches, machine learning models pose an additional privacy risk to the data by indirectly revealing about it through the model predictions and parameters.
Model Explanations with Differential Privacy
The drawback is that model explanations can leak information about the training data and the explanation data used to generate them, thus undermining data privacy.
On Adversarial Bias and the Robustness of Fair Machine Learning
Optimizing prediction accuracy can come at the expense of fairness.
Cronus: Robust and Heterogeneous Collaborative Learning with Black-Box Knowledge Transfer
Collaborative (federated) learning enables multiple parties to train a model without sharing their private data, but through repeated sharing of the parameters of their local models.
Robust Membership Encoding: Inference Attacks and Copyright Protection for Deep Learning
In this paper, we present \emph{membership encoding} for training deep neural networks and encoding the membership information, i. e. whether a data point is used for training, for a subset of training data.
On the Privacy Risks of Model Explanations
We analyze connections between model explanations and the leakage of sensitive information about the model's training set.
Bypassing Backdoor Detection Algorithms in Deep Learning
Many detection algorithms are designed to detect backdoors on input samples or model parameters, through the statistical difference between the latent representations of adversarial and clean input samples in the poisoned model.
Quantifying the Privacy Risks of Learning High-Dimensional Graphical Models
It provides a measure of the potential leakage of a model given its structure, as a function of the model complexity and the size of the training set.
Privacy Risks of Securing Machine Learning Models against Adversarial Examples
To perform the membership inference attacks, we leverage the existing inference methods that exploit model predictions.
Comprehensive Privacy Analysis of Deep Learning: Passive and Active White-box Inference Attacks against Centralized and Federated Learning
Deep neural networks are susceptible to various inference attacks as they remember information about their training data.
Machine Learning with Membership Privacy using Adversarial Regularization
In this paper, we focus on such attacks against black-box models, where the adversary can only observe the output of the model, but not its parameters.
Chiron: Privacy-preserving Machine Learning as a Service
Existing ML-as-a-service platforms require users to reveal all training data to the service operator.
Cryptography and Security
Plausible Deniability for Privacy-Preserving Data Synthesis
We demonstrate the efficiency of this generative technique on a large dataset; it is shown to preserve the utility of original data with respect to various statistical analysis and machine learning measures.
Membership Inference Attacks against Machine Learning Models
We quantitatively investigate how machine learning models leak information about the individual data records on which they were trained.
Defeating Image Obfuscation with Deep Learning
We demonstrate that modern image recognition methods based on artificial neural networks can recover hidden information from images protected by various forms of obfuscation.
Privacy Games: Optimal User-Centric Data Obfuscation
We optimize utility subject to a joint guarantee of differential privacy (indistinguishability) and distortion privacy (inference error).
Cryptography and Security Computer Science and Game Theory
