Search Results for author:
Found 62 papers, 20 papers with code
BridgePure: Revealing the Fragility of Black-box Data Protection
Availability attacks, or unlearnable examples, are defensive techniques that allow data owners to modify their datasets in ways that prevent unauthorized machine learning models from learning effectively while maintaining the data's intended functionality.
The Broader Landscape of Robustness in Algorithmic Statistics
The last decade has seen a number of advances in computationally efficient algorithms for statistical methods subject to robustness constraints.
Membership Inference Attacks Cannot Prove that a Model Was Trained On Your Data
We argue that this approach is fundamentally unsound: to provide convincing evidence, the data creator needs to demonstrate that their attack has a low false positive rate, i. e., that the attack's output is unlikely under the null hypothesis that the model was not trained on the target data.
Distribution Learnability and Robustness
We examine the relationship between learnability and robust (or agnostic) learnability for the problem of distribution learning.
Machine Unlearning Fails to Remove Data Poisoning Attacks
We revisit the efficacy of several practical methods for approximate machine unlearning developed for large-scale deep learning.
Private Mean Estimation with Person-Level Differential Privacy
Our computationally efficient estimators are based on the standard clip-and-noise framework, but the analysis for our setting requires both new algorithmic techniques and new analyses.
Avoiding Pitfalls for Privacy Accounting of Subsampled Mechanisms under Composition
We show that the privacy guarantees may in fact differ significantly between the two sampling schemes.
Differentially Private Post-Processing for Fair Regression
This paper describes a differentially private post-processing algorithm for learning fair regressors satisfying statistical parity, addressing privacy concerns of machine learning models trained on sensitive data, as well as fairness concerns of their potential to propagate historical biases.
Disguised Copyright Infringement of Latent Diffusion Models
Copyright infringement may occur when a generative model produces samples substantially similar to some copyrighted data that it had access to during the training phase.
Indiscriminate Data Poisoning Attacks on Pre-trained Feature Extractors
In this paper, we extend the exploration of the threat of indiscriminate attacks on downstream tasks that apply pre-trained feature extractors.
Not All Learnable Distribution Classes are Privately Learnable
We give an example of a class of distributions that is learnable in total variation distance with a finite number of samples, but not learnable under $(\varepsilon, \delta)$-differential privacy.
Exploring the Limits of Model-Targeted Indiscriminate Data Poisoning Attacks
Building on existing parameter corruption attacks and refining the Gradient Canceling attack, we perform extensive experiments to confirm our theoretical findings, test the predictability of our transition threshold, and significantly improve existing indiscriminate data poisoning baselines over a range of datasets and models.
Choosing Public Datasets for Private Machine Learning via Gradient Subspace Distance
We give an algorithm for selecting a public dataset by measuring a low-dimensional subspace distance between gradients of the public and private examples.
Private GANs, Revisited
We show that the canonical approach for training differentially private GANs -- updating the discriminator with differentially private stochastic gradient descent (DPSGD) -- can yield significantly improved results after modifications to training.
A Bias-Accuracy-Privacy Trilemma for Statistical Estimation
Differential privacy (DP) is a rigorous notion of data privacy, used for private statistics.
Hidden Poison: Machine Unlearning Enables Camouflaged Poisoning Attacks
We introduce camouflaged data poisoning attacks, a new attack vector that arises in the context of machine unlearning and other settings when model retraining may be induced.
Position: Considerations for Differentially Private Learning with Large-Scale Public Pretraining
The performance of differentially private machine learning can be boosted significantly by leveraging the transfer learning capabilities of non-private models pretrained on large public datasets.
Robustness Implies Privacy in Statistical Estimation
We study the relationship between adversarial robustness and differential privacy in high-dimensional algorithmic statistics.
Private Estimation with Public Data
We initiate the study of differentially private (DP) estimation with access to a small amount of public data.
Individual Privacy Accounting for Differentially Private Stochastic Gradient Descent
Differentially private stochastic gradient descent (DP-SGD) is the workhorse algorithm for recent advances in private deep learning.
New Lower Bounds for Private Estimation and a Generalized Fingerprinting Lemma
First, we provide tight lower bounds for private covariance estimation of Gaussian distributions.
Indiscriminate Data Poisoning Attacks on Neural Networks
Data poisoning attacks, in which a malicious adversary aims to influence a model by injecting "poisoned" data into the training process, have attracted significant recent attention.
Efficient Mean Estimation with Pure Differential Privacy via a Sum-of-Squares Exponential Mechanism
SoS proofs to algorithms is a key theme in numerous recent works in high-dimensional algorithmic statistics -- estimators which apparently require exponential running time but whose analysis can be captured by low-degree Sum of Squares proofs can be automatically turned into polynomial-time algorithms with the same provable guarantees.
The Role of Adaptive Optimizers for Honest Private Hyperparameter Selection
Hyperparameter optimization is a ubiquitous challenge in machine learning, and the performance of a trained model depends crucially upon their effective selection.
Robust Estimation for Random Graphs
We study the problem of robustly estimating the parameter $p$ of an Erd\H{o}s-R\'enyi random graph on $n$ nodes, where a $\gamma$ fraction of nodes may be adversarially corrupted.
A Private and Computationally-Efficient Estimator for Unbounded Gaussians
We give the first polynomial-time, polynomial-sample, differentially private estimator for the mean and covariance of an arbitrary Gaussian distribution $\mathcal{N}(\mu,\Sigma)$ in $\mathbb{R}^d$.
Differentially Private Fine-tuning of Language Models
For example, on the MNLI dataset we achieve an accuracy of $87. 8\%$ using RoBERTa-Large and $83. 5\%$ using RoBERTa-Base with a privacy budget of $\epsilon = 6. 7$.
The Price of Tolerance in Distribution Testing
Specifically, we show the sample complexity to be \[\tilde \Theta\left(\frac{\sqrt{n}}{\varepsilon_2^{2}} + \frac{n}{\log n} \cdot \max \left\{\frac{\varepsilon_1}{\varepsilon_2^2},\left(\frac{\varepsilon_1}{\varepsilon_2^2}\right)^{\!\! 2}\right\}\right),\] providing a smooth tradeoff between the two previously known cases.
Improved Rates for Differentially Private Stochastic Convex Optimization with Heavy-Tailed Data
Finally, we prove nearly-matching lower bounds for private stochastic convex optimization with strongly convex losses and mean estimation, showing new separations between pure and concentrated DP.
Remember What You Want to Forget: Algorithms for Machine Unlearning
We study the problem of unlearning datapoints from a learnt model.
On the Sample Complexity of Privately Learning Unbounded High-Dimensional Gaussians
These are the first finite sample upper bounds for general Gaussians which do not impose restrictions on the parameters of the distribution.
Enabling Fast Differentially Private SGD via Just-in-Time Compilation and Vectorization
We also rebuild core parts of TensorFlow Privacy, integrating features from TensorFlow 2 as well as XLA compilation, granting significant memory and runtime improvements over the current release version.
CoinPress: Practical Private Mean and Covariance Estimation
We present simple differentially private estimators for the mean and covariance of multivariate sub-Gaussian data that are accurate at small sample sizes.
A Primer on Private Statistics
Differentially private statistical estimation has seen a flurry of developments over the last several years.
The Discrete Gaussian for Differential Privacy
Specifically, we theoretically and experimentally show that adding discrete Gaussian noise provides essentially the same privacy and accuracy guarantees as the addition of continuous Gaussian noise.
PAPRIKA: Private Online False Discovery Rate Control
In this work, we study False Discovery Rate (FDR) control in multiple hypothesis testing under the constraint of differential privacy for the sample.
Private Mean Estimation of Heavy-Tailed Distributions
We give new upper and lower bounds on the minimax sample complexity of differentially private mean estimation of distributions with bounded $k$-th moments.
Privately Learning Markov Random Fields
We consider the problem of learning Markov Random Fields (including the prototypical example, the Ising model) under the constraint of differential privacy.
Locally Private Hypothesis Selection
Absent privacy constraints, this problem requires $O(\log k)$ samples from $p$, and it was recently shown that the same complexity is achievable under (central) differential privacy.
Random Restrictions of High-Dimensional Distributions and Uniformity Testing with Subcube Conditioning
We give a nearly-optimal algorithm for testing uniformity of distributions supported on $\{-1, 1\}^n$, which makes $\tilde O (\sqrt{n}/\varepsilon^2)$ queries to a subcube conditional sampling oracle (Bhattacharyya and Chakraborty (2018)).
Differentially Private Algorithms for Learning Mixtures of Separated Gaussians
Learning the parameters of Gaussian mixture models is a fundamental and widely studied problem with numerous applications.
Private Hypothesis Selection
The sample complexity of our basic algorithm is $O\left(\frac{\log m}{\alpha^2} + \frac{\log m}{\alpha \varepsilon}\right)$, representing a minimal cost for privacy when compared to the non-private algorithm.
Private Identity Testing for High-Dimensional Distributions
In this work we present novel differentially private identity (goodness-of-fit) testers for natural and widely studied classes of multivariate product distributions: Gaussians in $\mathbb{R}^d$ with known covariance and product distributions over $\{\pm 1\}^{d}$.
The Structure of Optimal Private Tests for Simple Hypotheses
Specifically, we characterize this sample complexity up to constant factors in terms of the structure of $P$ and $Q$ and the privacy level $\varepsilon$, and show that this sample complexity is achieved by a certain randomized and clamped variant of the log-likelihood ratio test.
Anaconda: A Non-Adaptive Conditional Sampling Algorithm for Distribution Testing
This is an exponential improvement over the previous best upper bound, and demonstrates that the complexity of the problem in this model is intermediate to the the complexity of the problem in the standard sampling model and the adaptive conditional sampling model.
Privately Learning High-Dimensional Distributions
We present novel, computationally efficient, and differentially private algorithms for two fundamental high-dimensional learning problems: learning a multivariate Gaussian and learning a product distribution over the Boolean hypercube in total variation distance.
Sever: A Robust Meta-Algorithm for Stochastic Optimization
In high dimensions, most machine learning methods are brittle to even a small fraction of structured outliers.
INSPECTRE: Privately Estimating the Unseen
We develop differentially private methods for estimating various distributional properties.
Actively Avoiding Nonsense in Generative Models
A generative model may generate utter nonsense when it is fit to maximize the likelihood of observed data.
Concentration of Multilinear Functions of the Ising Model with Applications to Network Data
We prove near-tight concentration of measure for polynomial functions of the Ising model under high temperature.
Priv’IT: Private and Sample Efficient Identity Testing
We develop differentially private hypothesis testing methods for the small sample regime.
Which Distribution Distances are Sublinearly Testable?
Given samples from an unknown distribution $p$ and a description of a distribution $q$, are $p$ and $q$ close or far?
Robustly Learning a Gaussian: Getting Optimal Error, Efficiently
We give robust estimators that achieve estimation error $O(\varepsilon)$ in the total variation distance, which is optimal up to a universal constant that is independent of the dimension.
Priv'IT: Private and Sample Efficient Identity Testing
We develop differentially private hypothesis testing methods for the small sample regime.
Being Robust (in High Dimensions) Can Be Practical
Robust estimation is much more challenging in high dimensions than it is in one dimension: Most techniques either lead to intractable optimization problems or estimators that can tolerate only a tiny fraction of errors.
Testing Ising Models
Given samples from an unknown multivariate distribution $p$, is it possible to distinguish whether $p$ is the product of its marginals versus $p$ being far from every product distribution?
Robust Estimators in High Dimensions without the Computational Intractability
We study high-dimensional distribution learning in an agnostic setting where an adversary is allowed to arbitrarily corrupt an $\varepsilon$-fraction of the samples.
A Size-Free CLT for Poisson Multinomials and its Applications
Finally, leveraging the structural properties of the Fourier spectrum of PMDs we show that these distributions can be learned from $O_k(1/\varepsilon^2)$ samples in ${\rm poly}_k(1/\varepsilon)$-time, removing the quasi-polynomial dependence of the running time on $1/\varepsilon$ from the algorithm of Daskalakis, Kamath, and Tzamos.
Optimal Testing for Properties of Distributions
Given samples from an unknown distribution $p$, is it possible to distinguish whether $p$ belongs to some class of distributions $\mathcal{C}$ versus $p$ being far from every distribution in $\mathcal{C}$?
On the Structure, Covering, and Learning of Poisson Multinomial Distributions
We prove a structural characterization of these distributions, showing that, for all $\varepsilon >0$, any $(n, k)$-Poisson multinomial random vector is $\varepsilon$-close, in total variation distance, to the sum of a discretized multidimensional Gaussian and an independent $(\text{poly}(k/\varepsilon), k)$-Poisson multinomial random vector.
A Chasm Between Identity and Equivalence Testing with Conditional Queries
We answer a question of Chakraborty et al. (ITCS 2013) showing that non-adaptive uniformity testing indeed requires $\Omega(\log n)$ queries in the conditional model.
Faster and Sample Near-Optimal Algorithms for Proper Learning Mixtures of Gaussians
The algorithm requires ${O}(\log{N}/\varepsilon^2)$ samples from the unknown distribution and ${O}(N \log N/\varepsilon^2)$ time, which improves previous such results (such as the Scheff\'e estimator) from a quadratic dependence of the running time on $N$ to quasilinear.
