Li Xiong

Emory University

[introductory/intermediate] Differential Privacy and Certified Robustness for Deep Learning

Summary

While deep learning models have achieved great success, they are also vulnerable to potential manipulations, ranging from privacy attacks that attempt to infer sensitive training data from a trained model (e.g. reconstructing the faces of the training data from a trained face recognition model), to security attacks that attempt to corrupt or deceive a model (e.g. slightly manipulating a stop sign without human detection to trick an image recognition model to misclassify). This course will provide an overview of these attacks, including 1) privacy attacks such as membership inference attacks and model inversion attacks and unintended secret memorization), 2) security attacks including adversarial examples attacks at inference time and data poisoning attacks at training time. It will then introduce the state-of-the-art defense approaches including 1) deep learning with differential privacy (DP), a rigorous statistical framework to ensure privacy of the training data; and 2) empirical defense approaches as well as certified robustness approaches that provide provable guarantees on the robustness of the model. Finally, it will discuss the connections between DP and certified robustness and the open directions.

Syllabus

Introduction to privacy attacks (membership inference attacks, model inversion attacks, secret sharer)
Privacy-preserving deep learning (differential privacy, gradient perturbation, objective perturbation, output perturbation, noisy ensemble)
Introduction to security attacks (adversarial example attacks, poisoning attacks, backdoor attacks)
Robust deep learning (detection and reform, adversarial training, certified robustness)

References

Membership Inference Attacks Against Machine Learning Models, S&P, 2017

Model inversion attacks that exploit confidence information and basic countermeasures, CCS, 2015

The secret sharer: Evaluating and testing unintended memorization in neural networks, USENIX Security, 2019

Deep Learning with Differential Privacy, CCS, 2016

Semi-supervised Knowledge Transfer for Deep Learning from Private Training Data, ICLR, 2017

The Algorithmic Foundations of Differential Privacy, 2014 (book ch. 3)

Explaining and harnessing adversarial examples, ICLR 2015

Towards Evaluating the Robustness of Neural Networks, S&P, 2017

Certified robustness to adversarial examples with differential privacy, S&P, 2019

Certified adversarial robustness via randomized smoothing, ICML, 2019

Pre-requisites

Basic knowledge of deep learning, gradient descent, and probability.

Short bio

Li Xiong is a Professor of Computer Science and Biomedical Informatics at Emory University. She held a Winship Distinguished Research Professorship from 2015-2018. She has a Ph.D. from Georgia Institute of Technology, an MS from Johns Hopkins University, and a BS from the University of Science and Technology of China. She and her research lab, Assured Information Management and Sharing (AIMS), conduct research on the intersection of data management, machine learning, and data privacy and security. She has published over 160 papers and received six best paper (runner up) awards. She has served and serves as associate editor for IEEE TKDE, VLDBJ, IEEE TDSC, general or program co-chairs for ACM CIKM 2022, IEEE BigData 2020, and ACM SIGSPATIAL 2018, 2020. She is an IEEE fellow and ACM distinguished member. More details at http://www. cs.emory.edu/~lxiong.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_gtag_UA_74880351_9	1 minute	This cookie is set by Google and is used to distinguish users.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.