Search Results for author:
Found 24 papers, 12 papers with code
Pandora's White-Box: Increased Training Data Leakage in Open LLMs
In fine-tuning, we find that given access to the loss of the fine-tuned and base models, a fine-tuned loss ratio attack FLoRA is able to achieve near perfect MIA peformance.
Privacy Issues in Large Language Models: A Survey
Specifically, we focus on work that red-teams models to highlight privacy risks, attempts to build privacy into the training or inference process, enables efficient data deletion from trained models to comply with existing privacy regulations, and tries to mitigate copyright issues.
MoPe: Model Perturbation-based Privacy Attacks on Language Models
In this paper, we present Model Perturbations (MoPe), a new method to identify with high confidence if a given text is in the training data of a pre-trained language model, given white-box access to the models parameters.
Black-Box Training Data Identification in GANs via Detector Networks
In this paper we study whether given access to a trained GAN, as well as fresh samples from the underlying distribution, if it is possible for an attacker to efficiently identify if a given point is a member of the GAN's training data.
In-Context Unlearning: Language Models as Few Shot Unlearners
In this work, we propose a new class of unlearning methods for LLMs we call ''In-Context Unlearning'', providing inputs in context and without having to update model parameters.
PRIMO: Private Regression in Multiple Outcomes
While naively applying private linear regression techniques $l$ times leads to a $\sqrt{l}$ multiplicative increase in error over the standard linear regression setting, in Subsection $4. 1$ we modify techniques based on sufficient statistics perturbation (SSP) to yield greatly improved dependence on $l$.
On the Privacy Risks of Algorithmic Recourse
As predictive models are increasingly being employed to make consequential decisions, there is a growing emphasis on developing techniques that can provide algorithmic recourse to affected individuals.
Adaptive Machine Unlearning
In this paper, we give a general reduction from deletion guarantees against adaptive sequences to deletion guarantees against non-adaptive sequences, using differential privacy and its connection to max information.
Descent-to-Delete: Gradient-Based Methods for Machine Unlearning
We study the data deletion problem for convex models.
Optimal, Truthful, and Private Securities Lending
We consider a fundamental dynamic allocation problem motivated by the problem of $\textit{securities lending}$ in financial markets, the mechanism underlying the short selling of stocks.
A New Analysis of Differential Privacy's Generalization Guarantees
This second claim follows from a thought experiment in which we imagine that the dataset is resampled from the posterior distribution after the mechanism has committed to its answers.
Oracle Efficient Private Non-Convex Optimization
We find that for the problem of learning linear classifiers, directly optimizing for 0/1 loss using our approach can out-perform the more standard approach of privately optimizing a convex-surrogate loss function on the Adult dataset.
An Algorithmic Framework for Fairness Elicitation
We consider settings in which the right notion of fairness is not captured by simple mathematical definitions (such as equality of error rates across groups), but might be more complex and nuanced and thus require elicitation from individual or collective stakeholders.
The Role of Interactivity in Local Differential Privacy
Next, we show that our reduction is tight by exhibiting a family of problems such that for any $k$, there is a fully interactive $k$-compositional protocol which solves the problem, while no sequentially interactive protocol can solve the problem without at least an $\tilde \Omega(k)$ factor more examples.
How to Use Heuristics for Differential Privacy
We show that there is an efficient algorithm for privately constructing synthetic data for any such class, given a non-private learning oracle.
Fair Algorithms for Learning in Allocation Problems
We formalize this fairness notion for allocation problems and investigate its algorithmic consequences.
An Empirical Study of Rich Subgroup Fairness for Machine Learning
In this paper, we undertake an extensive empirical evaluation of the algorithm of Kearns et al. On four real datasets for which fairness is a concern, we investigate the basic convergence of the algorithm when instantiated with fast heuristics in place of learning oracles, measure the tradeoffs between fairness and accuracy, and compare this approach with the recent algorithm of Agarwal et al. [2018], which implements weaker and more traditional marginal fairness constraints defined by individual protected attributes.
Mitigating Bias in Adaptive Data Gathering via Differential Privacy
Data that is gathered adaptively --- via bandit algorithms, for example --- exhibits bias.
Accuracy First: Selecting a Differential Privacy Level for Accuracy Constrained ERM
Traditional approaches to differential privacy assume a fixed privacy requirement ε for a computation, and attempt to maximize the accuracy of the computation subject to the privacy constraint.
Preventing Fairness Gerrymandering: Auditing and Learning for Subgroup Fairness
We prove that the computational problem of auditing subgroup fairness for both equality of false positive rates and statistical parity is equivalent to the problem of weak agnostic learning, which means it is computationally hard in the worst case, even for simple structured subclasses.
A Convex Framework for Fair Regression
We introduce a flexible family of fairness regularizers for (linear and logistic) regression problems.
Accuracy First: Selecting a Differential Privacy Level for Accuracy-Constrained ERM
Traditional approaches to differential privacy assume a fixed privacy requirement $\epsilon$ for a computation, and attempt to maximize the accuracy of the computation subject to the privacy constraint.
