[Distinguished Seminar] Leaky Models and Unintended Inferences
Friday, February 17, 2023
11:00 am - 12:00 pm
Speaker
David Evans
Professor of Computer Science in Security and Privacy Research
University of Virginia
Location
PGH
232
Abstract
Machine learning offers the promise to train models that perform聽surprisingly well on a wide range of tasks. It is an open question,聽however, what else those models might learn about their training data,聽and how an adversary with some access to the model may be able to聽reveal it. In this talk, I will discuss several inference risks聽associated with machine-trained models, with a particular focus on聽surprising (and potentially harmful) things a model may reveal not聽just about individual training records but about the distribution of聽its training data. This includes attacks an adversary may use to learn聽statistical properties about the training distribution and about聽whether certain kinds of data are or are not included, and the聽potential for an adversary to use a model to make sensitive inferences聽about individuals, even for attributes not directly related to the聽task and regardless of whether those individuals are included the聽training data. I鈥檒l conclude with some thoughts on why defending聽against these types of attacks is hard, and what we might learn about聽how we should be training and exposing models.
About the Speaker
David Evans () is a Professor of聽Computer Science at the University of Virginia where he leads research聽on security and privacy () with a recent聽focus on adversarial machine learning and inference risks in machine聽learning, and teaches courses on a wide variety of topics including聽biology, ethics, economics, and theory of computing. He is the author聽of an open computer science textbook () and a聽children鈥檚 book on combinatorics and computability聽() and co-author of a book on secure computation聽(). He won the Outstanding Faculty Award聽from the State Council of Higher Education for Virginia and is Program聽Co-Chair for the 2022 and 2023 IEEE European Symposia on Security and聽Privacy. He was Program Co-Chair for the 24th ACM Conference on聽Computer and Communications Security (CCS 2017) and the 30th (2009)聽and 31st (2010) IEEE Symposia on Security and Privacy, where he聽initiated the Systematization of Knowledge (SoK) papers聽(). He has SB, SM and PhD degrees in聽Computer Science from MIT and has been a faculty member at the聽University of Virginia since 1999.
