Advances in privacy-preserving machine learning

Building useful predictive models often involves learning from personal data. For instance, companies use customer data to target advertisements, online education platforms collect student data to recommend content and improve user engagement, and medical researchers fit diagnostic models to patient data. A recent line of research aims to design learning algorithms that provide rigorous privacy guarantees for user data, in the sense that their outputs---models or predictions---leak as little information as possible about individuals in the training data. The goal of this dissertation is to design private learning algorithms with performance comparable to the best possible non-private ones. We quantify privacy using \emph{differential privacy}, a well-studied privacy notion that limits how much information is leaked about an individual by the output of an algorithm. Training a model using a differentially private algorithm prevents an adversary from confidently determining whether a specific person's data was used for training the model. We begin by presenting a technique for practical differentially private convex optimization that can leverage any off-the-shelf optimizer as a black box. We also perform an extensive empirical evaluation of the state-of-the-art algorithms on a range of publicly available datasets, as well as in an industry application. Next, we present a learning algorithm that outputs a private classifier when given black-box access to a non-private learner and a limited amount of unlabeled public data. We prove that the accuracy guarantee of our private algorithm in the PAC model of learning is comparable to that of the underlying non-private learner. Such a guarantee is not possible, in general, without public data. Lastly, we consider building recommendation systems, which we model using matrix completion. We present the first algorithm for matrix completion with provable user-level privacy and accuracy guarantees. Our algorithm consistently outperforms the state-of-the-art private algorithms on a suite of datasets. Along the way, we give an optimal algorithm for differentially private singular vector computation which leads to significant savings in terms of space and time when operating on sparse matrices. It can also be used for private low-rank approximation

Decentralized Online Federated G-Network Learning for Lightweight Intrusion Detection

Cyberattacks are increasingly threatening networked systems, often with the emergence of new types of unknown (zero-day) attacks and the rise of vulnerable devices. While Machine Learning (ML)-based Intrusion Detection Systems (IDSs) have been shown to be extremely promising in detecting these attacks, the need to learn large amounts of labelled data often limits the applicability of ML-based IDSs to cybersystems that only have access to private local data. To address this issue, this paper proposes a novel Decentralized and Online Federated Learning Intrusion Detection (DOF-ID) architecture. DOF-ID is a collaborative learning system that allows each IDS used for a cybersystem to learn from experience gained in other cybersystems in addition to its own local data without violating the data privacy of other systems. As the performance evaluation results using public Kitsune and Bot-IoT datasets show, DOF-ID significantly improves the intrusion detection performance in all collaborating nodes simultaneously with acceptable computation time for online learning

Generating Artificial Data for Private Deep Learning

In this paper, we propose generating artificial data that retain statistical properties of real data as the means of providing privacy with respect to the original dataset. We use generative adversarial network to draw privacy-preserving artificial data samples and derive an empirical method to assess the risk of information disclosure in a differential-privacy-like way. Our experiments show that we are able to generate artificial data of high quality and successfully train and validate machine learning models on this data while limiting potential privacy loss.Comment: Privacy-Enhancing Artificial Intelligence and Language Technologies, AAAI Spring Symposium Series, 201

Hard-to-Employ Parents: A Review of Their Characteristics and the Programs Designed to Serve Their Needs

Many low-income parents with personal challenges that make work difficult (sometimes called the "hard to employ") seek help from the Temporary Assistance for Needy Families (TANF) program, but many do not. The most effective TANF programs offer cash assistance along with services that alleviate barriers and help clients find jobs. Other federal-state programs offer help by providing either generic employment services or specialized services that address particular challenges. Hard-to-employ parents probably fare best when they enroll in TANF and receive a holistic set of supports. A redesigned system should marshal all program resources to provide an integrated system that addresses barriers and supports work simultaneously

The Role and Relevance of Rankings in Higher Education Policymaking

Explores the rise of college rankings, similarities and differences from postsecondary assessment efforts, and factors behind their limited relevance to policy such as their effect on institutional behaviors. Recommends ways to enhance policy relevance

Bringing Foundations and Governments Closer - Evidence from Mexico

The recommendations formulated in the study provide the basis for close and effective cooperation between Mexican foundations and government agencies, including the Mexican Agency for International Development Co-operation, Agencia Mexicana de Cooperación Internacional para el Desarrollo (AMEXCID). The study expands the spectrum of key development partners for a co-operation agency of the South. Similarly, it has been recognised that not only governments, but all actors, including foundations, must co-operate and assume their respective responsibilities in order to achieve the SDGs