Search Results for author:
Found 22 papers, 12 papers with code
Reconstructing Individual Data Points in Federated Learning Hardened with Differential Privacy and Secure Aggregation
FL is promoted as a privacy-enhancing technology (PET) that provides data minimization: data never "leaves" personal devices and users share only model updates with a server (e. g., a company) coordinating the distributed training.
Private Multi-Winner Voting for Machine Learning
We use our mechanisms to enable privacy-preserving multi-label learning in the central setting by extending the canonical single-label technique: PATE.
On the reversibility of adversarial attacks
We refer to this property as the reversibility of an adversarial attack, and quantify reversibility as the accuracy in retrieving the original class or the true class of an adversarial example.
GAP: Differentially Private Graph Neural Networks with Aggregation Perturbation
In this paper, we study the problem of learning Graph Neural Networks (GNNs) with Differential Privacy (DP).
Differentially Private Speaker Anonymization
We remove speaker information from these attributes by introducing differentially private feature extractors based on an autoencoder and an automatic speech recognizer, respectively, trained using noise layers.
Automatic Speech Recognition
Automatic Speech Recognition (ASR)
+2
Tubes Among Us: Analog Attack on Automatic Speaker Identification
Recent years have seen a surge in the popularity of acoustics-enabled personal devices powered by machine learning.
When the Curious Abandon Honesty: Federated Learning Is Not Private
Instead, these devices share gradients, parameters, or other model updates, with a central party (e. g., a company) coordinating the training.
A Zest of LIME: Towards Architecture-Independent Model Distances
In this paper, we instead propose to compute distance between black-box models by comparing their Local Interpretable Model-Agnostic Explanations (LIME).
Losing Less: A Loss for Differentially Private Deep Learning
In this paper, we are the first to observe that some of this performance can be recovered when training with a loss tailored to DP-SGD; we challenge cross-entropy as the de facto loss for deep learning with DP.
FoolHD: Fooling speaker identification by Highly imperceptible adversarial Disturbances
Speaker identification models are vulnerable to carefully designed adversarial perturbations of their input signals that induce misclassification.
Semantically Adversarial Learnable Filters
The proposed framework combines a structure loss and a semantic adversarial loss in a multi-task objective function to train a fully convolutional neural network.
Exploiting vulnerabilities of deep neural networks for privacy protection
To address these limitations, we present an adversarial attack {that is} specifically designed to protect visual content against { unseen} classifiers and known defenses.
PrivEdge: From Local to Distributed Private Training and Prediction
To address this problem, we propose PrivEdge, a technique for privacy-preserving MLaaS that safeguards the privacy of users who provide their data for training, as well as users who use the prediction service.
DarkneTZ: Towards Model Privacy at the Edge using Trusted Execution Environments
We present DarkneTZ, a framework that uses an edge device's Trusted Execution Environment (TEE) in conjunction with model partitioning to limit the attack surface against Deep Neural Networks (DNNs).
ColorFool: Semantic Adversarial Colorization
Instead, adversarial attacks that generate unrestricted perturbations are more robust to defenses, are generally more successful in black-box settings and are more transferable to unseen classifiers.
EdgeFool: An Adversarial Image Enhancement Filter
This loss function accounts for both image detail enhancement and class misleading objectives.
Towards Characterizing and Limiting Information Exposure in DNN Layers
Pre-trained Deep Neural Network (DNN) models are increasingly used in smartphones and other user devices to enable prediction services, leading to potential disclosures of (sensitive) information from training data captured inside these models.
QUOTIENT: Two-Party Secure Neural Network Training and Prediction
In this work, we investigate the advantages of designing training algorithms alongside a novel secure protocol, incorporating optimizations on both fronts.
Distributed One-class Learning
A major advantage of the proposed filter over existing distributed learning approaches is that users cannot access, even indirectly, the parameters of other users.
Deep Private-Feature Extraction
We present and evaluate Deep Private-Feature Extractor (DPFE), a deep model which is trained and evaluated based on information theoretic constraints.
Privacy-Preserving Deep Inference for Rich User Data on The Cloud
Our evaluations show that by using certain kind of fine-tuning and embedding techniques and at a small processing costs, we can greatly reduce the level of information available to unintended tasks applied to the data feature on the cloud, and hence achieving the desired tradeoff between privacy and performance.
A Hybrid Deep Learning Architecture for Privacy-Preserving Mobile Analytics
To this end, instead of performing the whole operation on the cloud, we let an IoT device to run the initial layers of the neural network, and then send the output to the cloud to feed the remaining layers and produce the final result.
