Attacking/Defending Machine Learning Systems
Summary:
A lot of the machine learning models are trained over sensitive data and neural network (NN) models (arguably the most popular these days) are no exception. NN models are known to learn/memorize things that may be intended or untended from the training data. In this line of research, we focus on attacks and defences against/for ML systems (e.g. membership, property inference, backdoors). We want to identify novel attacks on state-of-the-art families of NNs running on devices (e.g. low-resource) with varying levels of capabilities, and develop defences against them.
Participants
- Fatih Turkmen
- Ali Reza Ghavamipour
Students:
- Xiya Duan: MSc Thesis Property Inference attack against generative adversarial networks, 2021.
- Xiya Duan: MSc Intern A case study of property inference attack, 2021.
- David Boerema: BSc Thesis Defence mechanisms against the blind backdoor attack on Neural Networks for image classification, 2021.
Publications
- Ali Reza Ghavamipour, Fatih Turkmen and Xiaoqian Jiang, Privacy-preserving Logistic Regression with Secret Sharing, 2021, Preprint, (Under Review).