Challenges and Opportunities in Security & Privacy in Machine Learning Today's talk : Bo Li (University of Illinois Urbana-Champaign) Time : 1:00pm Eastern Time Title : Trustworthy Machine Learning: Robustness, Privacy, Generalization, and their Interconnections Abstract: Advances in machine learning have led to the rapid and widespread deployment of learning based methods in safety-critical applications, such as autonomous driving and medical healthcare. Standard machine learning systems, however, assume that training and test data follow the same, or similar, distributions, without explicitly considering active adversaries manipulating either distribution. For instance, recent work has demonstrated that motivated adversaries can circumvent anomaly detection or other machine learning models at test-time through evasion attacks, or can inject well-crafted malicious instances into training data to induce errors during inference through poisoning attacks. Such distribution shift could also lead to other trustworthiness issues such as generalization. In this talk, I will describe different perspectives of trustworthy machine learning, such as robustness, privacy, generalization, and their underlying interconnections. I will focus on a certifiably robust learning approach based on statistical learning with logical reasoning as an example, and then discuss the principles towards designing and developing practical trustworthy machine learning systems with guarantees, by considering these trustworthiness perspectives in a holistic view. Bio: Dr. Bo Li is an assistant professor in the Department of Computer Science at the University of Illinois at Urbana–Champaign. She is the recipient of the MIT Technology Review TR-35 Award, Alfred P. Sloan Research Fellowship, NSF CAREER Award, IJCAI Computer and Thought Award, Dean's Award for Excellence in Research, C.W. Gear Outstanding Junior Faculty Award, Intel Rising Star award, Symantec Research Labs Fellowship, Rising Star Award, Research Awards from Tech companies such as Amazon, Facebook, Intel, and IBM, and best paper awards at several top machine learning and security conferences. Her research focuses on both theoretical and practical aspects of trustworthy machine learning, security, machine learning, privacy, and game theory. She has designed several scalable frameworks for trustworthy machine learning and privacy-preserving data publishing systems. Her work has been featured by major publications and media outlets such as Nature, Wired, Fortune, and New York Times. Website: [ https://vsehwag.github.io/SPML_seminar/ | https://vsehwag.github.io/SPML_seminar/ ] Mailing list: [ https://groups.google.com/forum/#!forum/spml-seminars/join | Link to mailing list  ] Calendar: [ https://calendar.google.com/calendar/u/0?cid=N2FwbTVxYzJsOGM2bXBiNGY4am1oMjN... | Link to calendar ] You can find all additional details on the website. If you are interested, we recommend signing up for the mailing list and sync the calendar to stay up to date with the seminar schedule.

Challenges and Opportunities in Security & Privacy in Machine Learning Today's talk : Kamalika Chaudhuri (UCSD) Time : 1:00pm Eastern Time Title : Beyond Differential Privacy: Two Case Studies in Private Data Analysis Abstract: Differential privacy has emerged as the gold standard in private data analysis. However, there are some use-cases where it does not directly apply. In this talk, we will look at two such use-cases and the challenges that they pose. The first is privacy of language representations, where we offer sentence-level privacy and propose a new mechanism which uses public data to maintain high fidelity. The second is privacy of location traces, where we use Gaussian process priors to model correlations in location trajectory data, and offer privacy against an inferential adversary. Joint work with Casey Meehan and Khalil Mrini Website: [ https://vsehwag.github.io/SPML_seminar/ | https://vsehwag.github.io/SPML_seminar/ ] Mailing list: [ https://groups.google.com/forum/#!forum/spml-seminars/join | Link to mailing list  ] Calendar: [ https://calendar.google.com/calendar/u/0?cid=N2FwbTVxYzJsOGM2bXBiNGY4am1oMjN... | Link to calendar ] You can find all additional details on the website. If you are interested, we recommend signing up for the mailing list and sync the calendar to stay up to date with the seminar schedule.

Challenges and Opportunities in Security & Privacy in Machine Learning Today's talk : Chuan Guo (Meta AI) Time : 1:00pm Eastern Time Title : Bounding Training Data Reconstruction in Private (Deep) Learning Abstract: Differential privacy is widely accepted as the de facto method for preventing data leakage in ML, and conventional wisdom suggests that it offers strong protection against privacy attacks. However, existing semantic guarantees for DP focus on membership inference, which may overestimate the adversary's capabilities and is not applicable when membership status itself is non-sensitive. In this talk, we derive the first semantic guarantees for DP mechanisms against training data reconstruction attacks under a formal threat model. We show that two distinct privacy accounting methods -- Rényi differential privacy and Fisher information leakage -- both offer strong semantic protection against data reconstruction attacks. Bio: Chuan Guo is a Research Scientist on the Fundamental AI Research (FAIR) team at Meta. He received his PhD from Cornell University, and his M.S. and B.S. degrees in computer science and mathematics from the University of Waterloo in Canada. His research interests lie in machine learning privacy and security, with recent works centering around the subjects of privacy-preserving machine learning, federated learning, and adversarial robustness. In particular, his work on privacy accounting using Fisher information leakage received the Best Paper Award at UAI in 2021. Website: [ https://vsehwag.github.io/SPML_seminar/ | https://vsehwag.github.io/SPML_seminar/ ] Mailing list: [ https://groups.google.com/forum/#!forum/spml-seminars/join | Link to mailing list  ] Calendar: [ https://calendar.google.com/calendar/u/0?cid=N2FwbTVxYzJsOGM2bXBiNGY4am1oMjN... | Link to calendar ] You can find all additional details on the website. If you are interested, we recommend signing up for the mailing list and sync the calendar to stay up to date with the seminar schedule.

Challenges and Opportunities in Security & Privacy in Machine Learning Today's talk : Alfred Chen (University of California, Irvine) Time : 1:00pm Eastern Time Title : On the Semantic AI Security in CPS: The Case of Autonomous Driving Abstract: Abstract: Recent years have witnessed a global phenomenon in the real-world development, testing, deployment, and commercialization of AI-enabled Cyber-Physical Systems (CPSs) such as autonomous driving cars, drones, industrial and home robots. These systems are rapidly revolutionizing a wide range of industries today, from transportation, retail, and logistics (e.g., robo-taxi, autonomous truck, delivery drones/robots), to domotics, manufacturing, construction,and healthcare. In such systems, the AI stacks are in charge of highly safety- and mission-critical decision-making processes such as obstacle avoidance and lane-keeping, which makes their security more critical than ever. Meanwhile, since these AI algorithms are only components of the entire CPS system enclosing them, their security issues are only meaningful when studied with direct integration of the semantic CPS problem context, which forms what we call the “semantic AI security” problem space and introduces various new AI security research challenges. In this talk, I will focus on our recent efforts on the semantic AI security in one of the most safety-critical and fastest-growing AI-enabled CPS today, Autonomous Driving (AD) systems. Specifically, we performed the first security analysis on a wide range of critical AI components in industry-grade AD systems such as 3D perception, sensor fusion, lane detection, localization, prediction, and planning, and in this talk I will describe our key findings and also how we address the corresponding semantic AI security research challenges. I will conclude with a recent systemization of knowledge (SoK) we performed for this growing research space, with a specific emphasis on the most critical scientific gap we observed and our solution proposal. Bio : Alfred Chen is an Assistant Professor of Computer Science at University of California, Irvine. His research interest spans AI security, systems security, and network security. His most recent research focuses are AI security in autonomous driving and intelligent transportation. His works have high impacts in both academic and industry with 30+ research papers in top-tier venues across security, mobile systems, transportation, software engineering, and machine learning; a nationwide USDHS US-CERT alert, multiple CVEs; 50+ news coverage by major media such as Forbes, Fortune, and BBC; and vulnerability report acknowledgments from USDOT, Apple, Microsoft, etc. Recently, his research triggered 30+ autonomous driving companies and the V2X standardization workgroup to start security vulnerability investigations; some confirmed to work on fixes. He co-founded the AutoSec workshop (co-located with NDSS), and co-created DEF CON’s first AutoDriving-themed hacking competition. He received various awards such as NSF CAREER Award, ProQuest Distinguished Dissertation Award, and UCI Chancellor’s Award for mentoring. Chen received Ph.D. from University of Michigan in 2018. Website: [ https://vsehwag.github.io/SPML_seminar/ | https://vsehwag.github.io/SPML_seminar/ ] Mailing list: [ https://groups.google.com/forum/#!forum/spml-seminars/join | Link to mailing list  ] Calendar: [ https://calendar.google.com/calendar/u/0?cid=N2FwbTVxYzJsOGM2bXBiNGY4am1oMjN... | Link to calendar ] You can find all additional details on the website. If you are interested, we recommend signing up for the mailing list and sync the calendar to stay up to date with the seminar schedule.