CS&E Colloquium: On Leaky Models and Unintended Inferences
The computer science colloquium takes place on Mondays from 11:15 a.m. - 12:15 p.m.
This week's talk is a part of the Cray Distinguished Speaker Series. This series was established in 1981 by an endowment from Cray Research and brings distinguished visitors to the Department of Computer Science & Engineering every year.
This week's speaker, David Evans (University of Virginia), will be giving a talk titled "On Leaky Models and Unintended Inferences".
Machine learning offers the promise to train models that perform surprisingly well on a wide range of tasks, merely by using massive computing power and generic training algorithms on available data sets. It is an open question, however, what else those models might learn about their training data, and how an adversary with some access to the model may be able to reveal it. In this talk, I will discuss a variety of inference risks associated with machine-trained models, with a particular focus on surprising (and potentially harmful) things a model may reveal not just about individual training records but about the overall distribution of its training data. This includes attacks an adversary may use to learn statistical properties about the training distribution and about whether certain kinds of data are or are not included, and the potential for an adversary to use a model to make sensitive inferences about individuals, even for attributes not directly related to the task and regardless of whether those individuals are included the training data. I’ll conclude with some thoughts on why defending against these types of attacks is hard, and what we might learn about how we should be training and exposing models.
David Evans (https://www.cs.virginia.edu/evans/) is a Professor of Computer Science at the University of Virginia where he leads research on security and privacy (https://uvasrg.github.io/) with a recent focus on adversarial machine learning and inference risks in machine learning, and teaches courses on a wide variety of topics including biology, ethics, economics, and theory of computing. He is the author of an open computer science textbook (https://computingbook.org) and a children's book on combinatorics and computability (https://dori-mic.org) and co-author of a book on secure computation (https://securecomputation.org/). He won the Outstanding Faculty Award from the State Council of Higher Education for Virginia and is Program Co-Chair for the 2022 and 2023 IEEE European Symposia on Security and Privacy. He was Program Co-Chair for the 24th ACM Conference on Computer and Communications Security (CCS 2017) and the 30th (2009) and 31st (2010) IEEE Symposia on Security and Privacy, where he initiated the Systematization of Knowledge (SoK) papers (https://oaklandsok.github.io/). He has SB, SM and PhD degrees in Computer Science from MIT and has been a faculty member at the University of Virginia since 1999.