Challenges and Opportunities in Security & Privacy in Machine Learning

Today's talk: Alexandre Sablayrolles (Meta AI)

Time: 1:00pm Eastern Time

Title: Optimal Membership Inference Bounds in DP-SGD

Abstract: Given a trained model and a data sample, membership-inference (MI) attacks predict whether the sample was in the model's training set. A common countermeasure against MI attacks is to utilize differential privacy (DP) during model training to mask the presence of individual examples. While this use of DP is a principled approach to limit the efficacy of MI attacks, there is a gap between the bounds provided by DP and the empirical performance of MI attacks. In this paper, we derive bounds for the advantage of an adversary mounting a MI attack, and demonstrate tightness for the widely-used Gaussian mechanism.

Bio: Alexandre Sablayrolles is a Research Scientist at Meta AI in Paris, working on the privacy and security of machine learning systems. He received his PhD from Université Grenoble Alpes in 2020, following a joint CIFRE program with Facebook AI. Prior to that, he completed his Master's degree in Data Science at NYU, and received a B.S. and M.S. in Applied Mathematics and Computer Science from École Polytechnique. Alexandre's research interests include privacy and security, computer vision, and applications of deep learning.

Website: https://vsehwag.github.io/SPML_seminar/

Mailing list: Link to mailing list

Calendar: Link to calendar

You can find all additional details on the website. If you are interested, we recommend signing up for the mailing list and sync the calendar to stay up to date with the seminar schedule.