Search Results for author:
Found 23 papers, 12 papers with code
Re-aligning Shadow Models can Improve White-box Membership Inference Attacks
Directly extending the shadow modelling technique from the black-box to the white-box setting has been shown, in general, not to perform better than black-box only attacks.
On the Efficacy of Differentially Private Few-shot Image Classification
There has been significant recent progress in training differentially private (DP) models which achieve accuracy that approaches the best non-private models.
Analyzing Leakage of Personally Identifiable Information in Language Models
Understanding the risk of LMs leaking Personally Identifiable Information (PII) has received less attention, which can be attributed to the false assumption that dataset curation techniques such as scrubbing are sufficient to prevent PII leakage.
SoK: Let the Privacy Games Begin! A Unified Treatment of Data Inference Privacy in Machine Learning
Deploying machine learning models in production may allow adversaries to infer sensitive information about training data.
Invariant Aggregator for Defending against Federated Backdoor Attacks
Empirical results on three datasets with different modalities and varying numbers of clients further demonstrate that our approach mitigates a broad class of backdoor attacks with a negligible cost on the model utility.
Membership Inference Attacks and Generalization: A Causal Perspective
Our causal models also show a new connection between generalization and MI attacks via their shared causal factors.
Distribution inference risks: Identifying and mitigating sources of leakage
We identify three sources of leakage: (1) memorizing specific information about the $\mathbb{E}[Y|X]$ (expected label given the feature values) of interest to the adversary, (2) wrong inductive bias of the model, and (3) finiteness of the training data.
Bayesian Estimation of Differential Privacy
Our Bayesian method exploits the hypothesis testing interpretation of differential privacy to obtain a posterior for $\varepsilon$ (not just a confidence interval) from the joint posterior of the false positive and false negative rates of membership inference attacks.
The Connection between Out-of-Distribution Generalization and Privacy of ML Models
Through extensive evaluation on a synthetic dataset and image datasets like MNIST, Fashion-MNIST, and Chest X-rays, we show that a lower OOD generalization gap does not imply better robustness to MI attacks.
Causally Constrained Data Synthesis for Private Data Release
However for real-world applications, the privacy of data is critical.
Grey-box Extraction of Natural Language Models
This is true even for queries that are entirely in-distribution, making extraction attacks indistinguishable from legitimate use; (ii) with fine-tuned base layers, the effectiveness of algebraic attacks decreases with the learning rate, showing that fine-tuning is not only beneficial for accuracy but also indispensable for model confidentiality.
MACE: A Flexible Framework for Membership Privacy Estimation in Generative Models
In this work, we propose the first formal framework for membership privacy estimation in generative models.
SOTERIA: In Search of Efficient Neural Networks for Private Inference
In this setting, our objective is to protect the confidentiality of both the users' input queries as well as the model parameters at the server, with modest computation and communication overhead.
Domain Generalization using Causal Matching
In the domain generalization literature, a common objective is to learn representations independent of the domain after conditioning on the class label.
Ranked #1 on
Domain Generalization
on Rotated Fashion-MNIST
Leakage of Dataset Properties in Multi-Party Machine Learning
Using multiple machine learning models, we show that leakage occurs even if the sensitive attribute is not included in the training data and has a low correlation with other attributes or the target variable.
FALCON: Honest-Majority Maliciously Secure Framework for Private Deep Learning
For private training, we are about 6x faster than SecureNN, 4. 4x faster than ABY3 and about 2-60x more communication efficient.
To Transfer or Not to Transfer: Misclassification Attacks Against Transfer Learned Text Classifiers
Thus, our results motivate the need for designing training techniques that are robust to unintended feature learning, specifically for transfer learned models.
Analyzing Information Leakage of Updates to Natural Language Models
To continuously improve quality and reflect changes in data, machine learning applications have to regularly retrain and update their core models.
An Empirical Study on the Intrinsic Privacy of SGD
Introducing noise in the training of machine learning systems is a powerful way to protect individual privacy via differential privacy guarantees, but comes at a cost to utility.
Collaborative Machine Learning Markets with Data-Replication-Robust Payments
We study the problem of collaborative machine learning markets where multiple parties can achieve improved performance on their machine learning tasks by combining their training data.
Alleviating Privacy Attacks via Causal Learning
Such privacy risks are exacerbated when a model's predictions are used on an unseen data distribution.
Analyzing Privacy Loss in Updates of Natural Language Models
To continuously improve quality and reflect changes in data, machine learning-based services have to regularly re-train and update their core models.
Privado: Practical and Secure DNN Inference with Enclaves
In this paper, we ask a timely question: "Can third-party cloud services use Intel SGX enclaves to provide practical, yet secure DNN Inference-as-a-service?"
