SILO



The weekly SILO Seminar Series is made possible through the generous support of the 3M Company and its Advanced Technology Group

3M

with additional support from the Analytics Group of the Northwestern Mutual Life Insurance Company

Northwestern Mutual

Model Inversion and other Threats in Machine Learning

Tom Ristenpart, Prof., Dept. of Computer Science

Date and Time: Feb 18, 2015 (12:30 PM)
Location: Orchard room (3280) at the Wisconsin Institute for Discovery Building

Abstract:

I'm going to talk about some of our recent and ongoing work on topics that touch on machine learning and optimization. I'll focus mainly on our work on model inversion attacks. Consider a machine learning model f that takes features x_1,...,x_t and produces from them a prediction y. In many contexts some features are sensitive; I'll discuss pharmacogenetics as one such where x_t represents a person's genetic markers. What we show is that an attacker that obtains access to f and given some subset of the other features x_1,...,x_{t-1} and a value
related to y, one can infer x_t (hence "inverting" the model). I will talk about such attacks in the case of pharmacogenetics as well as machine-learning-as-a-service settings.

Time allowing I'll mention briefly our work on sensing in adversarial
settings.

This talk will cover joint work with Matthew Fredrikson, Eric Lantz,
Somesh Jha, Simon Lin, and David Page.