Machine Learning Security - A Beginner's Guide

Arjun Bahuguna (~arjun06)

Description:

Summary

With increased attack incidents on machine learning models (adversarial images, membership inference, model inversion, information reconstruction, data poisoning, etc) it becomes imperative for companies to be aware of the attack surface of their ML services and published results. The speakers will provide insights from their 3 years of research in privacy-preserving data mining, and show how companies like Google and Microsoft are coping with threats to their machine-learning models and user data privacy. The session will contain live-demos and be interactive.

Outcomes

  • Learn about attacks happening on ML models today
  • Learn how to code defenses against them, using existing libraries

Outline

  • Introduction
  • Real-World Attacks on Machine Learning Systems
    • Membership Inference at AWS, GCP, Azure
    • Data Linkage Attacks at Netflix
    • Dataset Poisoning at Microsoft
    • Attacks on Amazon Alexa
    • Adversarial Image Attacks at Clarif.ai
    • Attacks using Google’s Prediction API
    • Others
  • Implications for Business Compliance
    • Penalties under International Data Regulation
    • Penalties under Indian Data Regulation
    • Ethical Issues in Data Acquisition
  • Why do these Attacks occur?
  • How do these Attacks affect ML pipelines?
  • How to customize your defense for business needs (tradeoffs and tips)?
  • Current Defenses (being used in-production)
    • Homomorphic Encryption at Microsoft
    • Multi-party Computation at VISA Research
    • Federated Learning at Google
    • Differential Privacy at Google
    • Blockchain-based solutions at OpenMined
    • Others
  • Defenses (upcoming theoretical research)
    • Zero-knowledge Proofs
    • Garbled Circuits
    • Machine Learning on secure enclaves
    • Others
  • Learn to Implement
    • Adversarial Image Attacks
    • Implement a secure-MPC pipeline using PyTorch
    • Differential Privacy using Tensorflow
    • Implement SPDZ for Tensorflow
  • Learn to Use Existing Implementations & Frameworks
    • Tensorflow Encrypted
    • Tensorflow Cleverhans
    • PyTorch PySyft
    • Microsoft's PySEAL
    • Google's RAPPOR
  • Tips from 3 years of research at Next Tech Lab
  • Conclusion

Prerequisites:

  1. Basic Linear Algebra
  2. A laptop for coding demos

Content URLs:

https://docs.google.com/presentation/d/1D2JP-KjP1OetArfjgncp_gW7AkXuqBleTWb5F_TmkJE/edit?usp=sharing

Speaker Info:

Arjun Bahuguna is an applied cryptography researcher at Next Tech Lab, with a focus on privacy-enhancing technologies and machine learning security. In the last three years, his research has been awarded with two ACM grants, two university gold medals for original research, and multiple Innovation awards at International hackathons. He's also the organizer of PyData KTR and Papers We Love KTR.

Speaker Links:

  1. Twitter
  2. LinkedIn
  3. GitHub
  4. Speaker's blogpost on security concerns in pythonic machine learning

Section: Data Science, Machine Learning and AI
Type: Workshop
Target Audience: Beginner
Last Updated: