5 research outputs found
NoPeek: Information leakage reduction to share activations in distributed deep learning
For distributed machine learning with sensitive data, we demonstrate how
minimizing distance correlation between raw data and intermediary
representations reduces leakage of sensitive raw data patterns across client
communications while maintaining model accuracy. Leakage (measured using
distance correlation between input and intermediate representations) is the
risk associated with the invertibility of raw data from intermediary
representations. This can prevent client entities that hold sensitive data from
using distributed deep learning services. We demonstrate that our method is
resilient to such reconstruction attacks and is based on reduction of distance
correlation between raw data and learned representations during training and
inference with image datasets. We prevent such reconstruction of raw data while
maintaining information required to sustain good classification accuracies
Bridging formal methods and machine learning with model checking and global optimisation
Formal methods and machine learning are two research fields with drastically different foundations and philosophies. Formal methods utilise mathematically rigorous techniques for software and hardware systems' specification, development and verification. Machine learning focuses on pragmatic approaches to gradually improve a parameterised model by observing a training data set. While historically, the two fields lack communication, this trend has changed in the past few years with an outburst of research interest in the robustness verification of neural networks. This paper will briefly review these works, and focus on the urgent need for broader and more in-depth communication between the two fields, with the ultimate goal of developing learning-enabled systems with excellent performance and acceptable safety and security. We present a specification language, MLS2, and show that it can express a set of known safety and security properties, including generalisation, uncertainty, robustness, data poisoning, backdoor, model stealing, membership inference, model inversion, interpretability, and fairness. To verify MLS2 properties, we promote the global optimisation-based methods, which have provable guarantees on the convergence to the optimal solution. Many of them have theoretical bounds on the gap between current solutions and the optimal solution
Neural Network Inversion in Adversarial Setting via Background Knowledge Alignment
10.1145/3319535.3354261ACM SIGSAC Conference on Computer and Communications Security (CCS)225-24