Analyzing Threats of Large-Scale Machine Learning Systems

Wednesday, February 07, 2024

Machine Learning (ML) systems rapidly transform how we interact with and trust digital media. However, the emergence of such a powerful technology also faces a dual-use dilemma. While the technology can have many positive societal impacts, such as providing access to information through its question-answering capabilities, ML systems can also intentionally be misused by a few untrustworthy users to cause harm. In my talk, I will focus on two threats: (i) During inference, the ML system can leak sensitive information it has memorized during training which threatens the training data privacy, and (ii) ML systems can be misused to erode trust in digital media by presenting generated content as authentic (e.g., by generating deepfakes. I analyze the reliability of differential privacy and watermarking as potential solutions to mitigate these threats and discuss challenges and potential solutions for leveraging optimization to read-team ML security mechanisms.

 

Post Talk Link:  Click Here 

Passcode: ?n1dygs0

Speaker/s

Nils Lukas is a Ph.D. candidate at the University of Waterloo in Canada under Prof. Florian Kerschbaum’s supervision. He studies threats that emerge when deploying large machine learning systems from three perspectives: (1) Untrustworthy data, when the training data has been manipulated to undermine the model’s integrity; (2) Untrustworthy models, when the model leaks sensitive information that it memorized during training and (3) Untrustworthy users, who misuse the provided models for unintended purposes such as generating deepfakes. Nils has published in top-tier machine learning and security conferences such as ICLR, USENIX, and IEEE S&P. His topics include data poisoning, differential privacy with language models, and developing watermarking methods to detect generated content. Nils has also contributed to developing secure multiparty computation protocols for private information retrieval and the secure inference of deep neural networks.

Related

thumbnail
Monday, February 24, 2025

Formal Methods for Modern Payment Protocols

Read More
thumbnail
Wednesday, February 05, 2025

Polygenic Score Modeling to Investigate Genotype-Phenotype Associations

Read More
thumbnail
Tuesday, February 04, 2025

Trustworthy Machine Learning: Transparency, Collaboration, and Evaluation

Read More