Search Results for author:
Found 27 papers, 13 papers with code
Closed-Form Bounds for DP-SGD against Record-level Inference
This paper presents a new approach to evaluate the privacy of machine learning models against specific record-level threats, such as membership and attribute inference, without the indirection through DP.
Rethinking Privacy in Machine Learning Pipelines from an Information Flow Control Perspective
In this paper, we take an information flow control perspective to describe machine learning systems, which allows us to leverage metadata such as access control policies and define clear-cut privacy and confidentiality guarantees with interpretable information flows.
SoK: Memorization in General-Purpose Large Language Models
A major part of this success is due to their huge training datasets and the unprecedented number of model parameters, which allow them to memorize large amounts of information contained in the training data.
Why Train More? Effective and Efficient Membership Inference via Memorization
Many practical black-box MIAs require query access to the data distribution (the same distribution where the private data is drawn) to train shadow models.
Investigating the Effect of Misalignment on Membership Privacy in the White-box Setting
We here present the first systematic analysis of the causes of misalignment in shadow models and show the use of a different weight initialisation to be the main cause.
On the Efficacy of Differentially Private Few-shot Image Classification
There has been significant recent progress in training differentially private (DP) models which achieve accuracy that approaches the best non-private models.
Analyzing Leakage of Personally Identifiable Information in Language Models
Understanding the risk of LMs leaking Personally Identifiable Information (PII) has received less attention, which can be attributed to the false assumption that dataset curation techniques such as scrubbing are sufficient to prevent PII leakage.
SoK: Let the Privacy Games Begin! A Unified Treatment of Data Inference Privacy in Machine Learning
Deploying machine learning models in production may allow adversaries to infer sensitive information about training data.
Invariant Aggregator for Defending against Federated Backdoor Attacks
Federated learning enables training high-utility models across several clients without directly sharing their private data.
Membership Inference Attacks and Generalization: A Causal Perspective
Our causal models also show a new connection between generalization and MI attacks via their shared causal factors.
Distribution inference risks: Identifying and mitigating sources of leakage
We identify three sources of leakage: (1) memorizing specific information about the $\mathbb{E}[Y|X]$ (expected label given the feature values) of interest to the adversary, (2) wrong inductive bias of the model, and (3) finiteness of the training data.
Bayesian Estimation of Differential Privacy
Our Bayesian method exploits the hypothesis testing interpretation of differential privacy to obtain a posterior for $\varepsilon$ (not just a confidence interval) from the joint posterior of the false positive and false negative rates of membership inference attacks.
The Connection between Out-of-Distribution Generalization and Privacy of ML Models
Through extensive evaluation on a synthetic dataset and image datasets like MNIST, Fashion-MNIST, and Chest X-rays, we show that a lower OOD generalization gap does not imply better robustness to MI attacks.
Causally Constrained Data Synthesis for Private Data Release
However for real-world applications, the privacy of data is critical.
Grey-box Extraction of Natural Language Models
This is true even for queries that are entirely in-distribution, making extraction attacks indistinguishable from legitimate use; (ii) with fine-tuned base layers, the effectiveness of algebraic attacks decreases with the learning rate, showing that fine-tuning is not only beneficial for accuracy but also indispensable for model confidentiality.
MACE: A Flexible Framework for Membership Privacy Estimation in Generative Models
In this work, we propose the first formal framework for membership privacy estimation in generative models.
SOTERIA: In Search of Efficient Neural Networks for Private Inference
In this setting, our objective is to protect the confidentiality of both the users' input queries as well as the model parameters at the server, with modest computation and communication overhead.
Domain Generalization using Causal Matching
In the domain generalization literature, a common objective is to learn representations independent of the domain after conditioning on the class label.
Ranked #1 on
Domain Generalization
on Rotated Fashion-MNIST
Leakage of Dataset Properties in Multi-Party Machine Learning
Using multiple machine learning models, we show that leakage occurs even if the sensitive attribute is not included in the training data and has a low correlation with other attributes or the target variable.
FALCON: Honest-Majority Maliciously Secure Framework for Private Deep Learning
For private training, we are about 6x faster than SecureNN, 4. 4x faster than ABY3 and about 2-60x more communication efficient.
To Transfer or Not to Transfer: Misclassification Attacks Against Transfer Learned Text Classifiers
Thus, our results motivate the need for designing training techniques that are robust to unintended feature learning, specifically for transfer learned models.
Analyzing Information Leakage of Updates to Natural Language Models
To continuously improve quality and reflect changes in data, machine learning applications have to regularly retrain and update their core models.
An Empirical Study on the Intrinsic Privacy of SGD
Introducing noise in the training of machine learning systems is a powerful way to protect individual privacy via differential privacy guarantees, but comes at a cost to utility.
Collaborative Machine Learning Markets with Data-Replication-Robust Payments
We study the problem of collaborative machine learning markets where multiple parties can achieve improved performance on their machine learning tasks by combining their training data.
Alleviating Privacy Attacks via Causal Learning
Such privacy risks are exacerbated when a model's predictions are used on an unseen data distribution.
Analyzing Privacy Loss in Updates of Natural Language Models
To continuously improve quality and reflect changes in data, machine learning-based services have to regularly re-train and update their core models.
Privado: Practical and Secure DNN Inference with Enclaves
In this paper, we ask a timely question: "Can third-party cloud services use Intel SGX enclaves to provide practical, yet secure DNN Inference-as-a-service?"
