conferences | Security Research Group

Dissecting Distribution Inference

16 December 2022 property inference, distribution inference, Anshuman Suri, Yifu Lu, Yanjin Chen, privacy-preserving machine learning

(Cross-post by Anshuman Suri) Distribution inference attacks aims to infer statistical properties of data used to train machine learning models. These attacks are sometimes surprisingly potent, as we demonstrated in previous work. KL Divergence Attack Most attacks against distribution inference involve training a meta-classifier, either using model parameters in white-box settings (Ganju et al., Property Inference Attacks on Fully Connected Neural Networks using Permutation Invariant Representations, CCS 2018), or using model predictions in black-box scenarios (Zhang et al.

On the Risks of Distribution Inference

24 June 2021 property inference, distribution inference, Anshuman Suri

(Cross-post by Anshuman Suri) Inference attacks seek to infer sensitive information about the training process of a revealed machine-learned model, most often about the training data. Standard inference attacks (which we call “dataset inference attacks”) aim to learn something about a particular record that may have been in that training data. For example, in a membership inference attack (Reza Shokri et al., Membership Inference Attacks Against Machine Learning Models, IEEE S&P 2017), the adversary aims to infer whether or not a particular record was included in the training data.

Oakland Test-of-Time Awards

23 May 2020

I chaired the committee to select Test-of-Time Awards for the IEEE Symposium on Security and Privacy symposia from 1995-2006, which were presented at the Opening Section of the 41^st IEEE Symposium on Security and Privacy.

NeurIPS 2019

16 December 2019 adversarial machine learning, Xiao Zhang, NeurIPS, Saeed Mahloujifar, Mohammad Mahmoody

Here's a video of Xiao Zhang's presentation at NeurIPS 2019:
https://slideslive.com/38921718/track-2-session-1 (starting at 26:50)

See this post for info on the paper.

Here are a few pictures from NeurIPS 2019 (by Sicheng Zhu and Mohammad Mahmoody):

White House Visit

8 November 2019 conferences, privacy, multi-party computation, White House

I had a chance to visit the White House for a Roundtable on Accelerating Responsible Sharing of Federal Data. The meeting was held under “Chatham House Rules”, so I won’t mention the other participants here. The meeting was held in the Roosevelt Room of the White House. We entered through the visitor’s side entrance. After a security gate (where you put your phone in a lockbox, so no pictures inside) with a TV blaring Fox News, there is a pleasant lobby for waiting, and then an entrance right into the Roosevelt Room.

Research Symposium Posters

8 October 2019 research, adversarial machine learning, privacy, Mainuddin Jonas, Xiao Zhang, Bargav Jayaraman, Hannah Chen, Fnu Suya, Anshuman Suri

Five students from our group presented posters at the department’s Fall Research Symposium:

Anshuman Suri's Overview Talk

Bargav Jayaraman, Evaluating Differentially Private Machine Learning In Practice [Poster]
[Paper (USENIX Security 2019)]

Hannah Chen [Poster]

Xiao Zhang [Poster ]
[Paper (NeurIPS 2019)]

Mainudding Jonas [Poster]

Fnu Suya [Poster ]
[Paper (USENIX Security 2020)]

Evaluating Differentially Private Machine Learning in Practice

27 August 2019 privacy, privacy-preserving machine learning, Bargav Jayaraman, differential privacy

(Cross-post by Bargav Jayaraman) With the recent advances in composition of differential private mechanisms, the research community has been able to achieve meaningful deep learning with privacy budgets in single digits. Rènyi differential privacy (RDP) is one mechanism that provides tighter composition which is widely used because of its implementation in TensorFlow Privacy (recently, Gaussian differential privacy (GDP) has shown a tighter analysis for low privacy budgets, but it was not yet available when we did this work).

USENIX Security Symposium 2019

26 August 2019 privacy, privacy-preserving machine learning, Bargav Jayaraman, Sam Havron, Serge Egelman

Bargav Jayaraman presented our paper on Evaluating Differentially Private Machine Learning in Practice at the 28th USENIX Security Symposium in Santa Clara, California. Summary by Lea Kissner: Hey it's the results! pic.twitter.com/ru1FbkESho — Lea Kissner (@LeaKissner) August 17, 2019 Also, great to see several UVA folks at the conference including: Sam Havron (BSCS 2017, now a PhD student at Cornell) presented a paper on the work he and his colleagues have done on computer security for victims of intimate partner violence.

Google Security and Privacy Workshop

25 August 2019 adversarial machine learning, Google

I presented a short talk at a workshop at Google on Adversarial ML: Closing Gaps between Theory and Practice (mostly fun for the movie of me trying to solve Google’s CAPTCHA on the last slide): Getting the actual screencast to fit into the limited time for this talk challenged the limits of my video editing skills. I can say with some confidence, Google does donuts much better than they do cookies!

NeurIPS 2018: Distributed Learning without Distress

8 December 2018 privacy-preserving machine learning, secure computation, Bargav Jayaraman

Bargav Jayaraman presented our work on privacy-preserving machine learning at the 32nd Conference on Neural Information Processing Systems (NeurIPS 2018) in Montreal. Distributed learning (sometimes known as federated learning) allows a group of independent data owners to collaboratively learn a model over their data sets without exposing their private data. Our approach combines differential privacy with secure multi-party computation to both protect the data during training and produce a model that provides privacy against inference attacks.

All Posts by Category or Tags.