Privacy-Preserving Algorithmic Recourse

no code implementations • 23 Nov 2023 • Sikha Pentyala, Shubham Sharma, Sanjay Kariyappa, Freddy Lecue, Daniele Magazzeni

We observe that PrivRecourse can provide paths that are private and realistic.

counterfactual Privacy Preserving

SHAP@k:Efficient and Probably Approximately Correct (PAC) Identification of Top-k Features

no code implementations • 10 Jul 2023 • Sanjay Kariyappa, Leonidas Tsepenekas, Freddy Lécué, Daniele Magazzeni

While any method to compute SHAP values with uncertainty estimates (such as KernelSHAP and SamplingSHAP) can be trivially adapted to solve TkIP, doing so is highly sample inefficient.

Feature Importance Multi-Armed Bandits

Information Flow Control in Machine Learning through Modular Model Architecture

no code implementations • 5 Jun 2023 • Trishita Tiwari, Suchin Gururangan, Chuan Guo, Weizhe Hua, Sanjay Kariyappa, Udit Gupta, Wenjie Xiong, Kiwan Maeng, Hsien-Hsin S. Lee, G. Edward Suh

In today's machine learning (ML) models, any part of the training data can affect its output.

Language Modelling

Measuring and Controlling Split Layer Privacy Leakage Using Fisher Information

no code implementations • 21 Sep 2022 • Kiwan Maeng, Chuan Guo, Sanjay Kariyappa, Edward Suh

Split learning and inference propose to run training/inference of a large model that is split across client devices and the cloud.

Cocktail Party Attack: Breaking Aggregation-Based Privacy in Federated Learning using Independent Component Analysis

no code implementations • 12 Sep 2022 • Sanjay Kariyappa, Chuan Guo, Kiwan Maeng, Wenjie Xiong, G. Edward Suh, Moinuddin K Qureshi, Hsien-Hsin S. Lee

Federated learning (FL) aims to perform privacy-preserving machine learning on distributed data held by multiple data owners.

blind source separation Federated Learning +1

ExPLoit: Extracting Private Labels in Split Learning

no code implementations • 25 Nov 2021 • Sanjay Kariyappa, Moinuddin K Qureshi

Split learning is a popular technique used for vertical federated learning (VFL), where the goal is to jointly train a model on the private input and label data held by two parties.

Image Classification Vertical Federated Learning

Enabling Inference Privacy with Adaptive Noise Injection

no code implementations • 6 Apr 2021 • Sanjay Kariyappa, Ousmane Dia, Moinuddin K Qureshi

To this end, we propose Adaptive Noise Injection (ANI), which uses a light-weight DNN on the client-side to inject noise to each input, before transmitting it to the service provider to perform inference.

Protecting DNNs from Theft using an Ensemble of Diverse Models

no code implementations • ICLR 2021 • Sanjay Kariyappa, Atul Prakash, Moinuddin K Qureshi

EDM is made up of models that are trained to produce dissimilar predictions for OOD inputs.

Image Classification

MAZE: Data-Free Model Stealing Attack Using Zeroth-Order Gradient Estimation

1 code implementation • CVPR 2021 • Sanjay Kariyappa, Atul Prakash, Moinuddin Qureshi

The effectiveness of such attacks relies heavily on the availability of data necessary to query the target model.

Data-free Knowledge Distillation

Defending Against Model Stealing Attacks with Adaptive Misinformation

1 code implementation • CVPR 2020 • Sanjay Kariyappa, Moinuddin K. Qureshi

Deep Neural Networks (DNNs) are susceptible to model stealing attacks, which allows a data-limited adversary with no knowledge of the training dataset to clone the functionality of a target model, just by using black-box query access.

Misinformation

Improving Adversarial Robustness of Ensembles with Diversity Training

1 code implementation • 28 Jan 2019 • Sanjay Kariyappa, Moinuddin K. Qureshi

Deep Neural Networks are vulnerable to adversarial attacks even in settings where the attacker has no direct access to the model being attacked.

Adversarial Robustness