AF: Small: Collaborative Research: Rigorous Approaches for Scalable Privacy-preserving Deep Learning

AF：小型：协作研究：可扩展的隐私保护深度学习的严格方法

• 批准号: 1910100
• 负责人: Bo Li
• 金额: $ 20.8万
• 依托单位: University of Illinois at Urbana-Champaign
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-10-01 至 2023-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1910100&HistoricalAwards=false
• 关键词: AF; Small; Collaborative; Research; Rigorous

One of the most salient features of this time is the dissemination of massive amounts of personal and sensitive data. Despite their enormous societal benefits, the powerful tools of modern machine learning, especially deep learning, can pose real threats to personal privacy. For example, over the last few years, it has become evident that deep neural networks have a remarkable power in learning even the finest details from large complex data sets. With such powerful tools, the need for robust and rigorous guarantees for privacy protection has become more crucial. The last decade has witnessed the rise of a sound mathematical theory, known as differential privacy, that enables designing data-analysis algorithms with rigorous privacy guarantees for their input data sets. Despite the noticeable success of this theory, existing tools from differential privacy are severely limited in offering acceptable utility guarantees when dealing with complex models like those arising in deep learning. This project will address those limitations by offering new principled approaches for designing differentially-private deep-learning algorithms that can scale to industrial workloads. The project will also involve collaboration with industry, which will facilitate the evaluation of the developed algorithms on real-world datasets and the development of open-source software tools. The products of this project have the potential to transform the way massive sets of sensitive data are used in modern machine-learning systems, which will impact the way these systems are designed and implemented in practice. The activities of this project will also aim at promoting diversity in computing by recruiting women and members of underrepresented groups.The investigators will develop a rigorous, multi-faceted design paradigm for scalable, practical, differentially private algorithms for modern machine learning. This paradigm is based on two general strategies: (i) exploiting realistic and useful properties of the data and the machine-learning models to circumvent existing limitations in the literature on differential privacy, and (ii) leveraging a limited amount of public data (that has no privacy constraints) to boost the utility of the algorithms. Based on these strategies, the project will pursue following directions: (1) developing a new, generic framework for utilizing public data in privacy-preserving machine learning, (2) designing improved iterative training algorithms that can bypass the standard use of the so-called "composition theorem" of differential privacy, and (3) designing new differentially private stochastic-gradient methods tuned specifically to non-convex and over-parameterized machine-learning problems.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

这一时期最显著的特征之一是大量个人和敏感数据的传播。尽管它们具有巨大的社会效益，但现代机器学习的强大工具，特别是深度学习，可能对个人隐私构成真实的威胁。例如，在过去的几年里，很明显，深度神经网络在从大型复杂数据集中学习最细微的细节方面具有非凡的能力。有了如此强大的工具，对隐私保护的强大而严格的保证变得更加重要。在过去的十年里，一种被称为差分隐私的可靠数学理论兴起，该理论使设计数据分析算法能够为其输入数据集提供严格的隐私保证。尽管这一理论取得了显著的成功，但现有的差分隐私工具在处理深度学习等复杂模型时，在提供可接受的效用保证方面受到严重限制。该项目将通过提供新的原则性方法来解决这些限制，以设计可扩展到工业工作负载的差异化私有深度学习算法。该项目还将涉及与工业界的合作，这将有助于对已开发的关于真实世界数据集的算法进行评价，并有助于开发开放源码软件工具。该项目的产品有可能改变大量敏感数据在现代机器学习系统中的使用方式，这将影响这些系统在实践中的设计和实现方式。该项目的活动还旨在通过招募女性和代表性不足的群体成员来促进计算的多样性。研究人员将为现代机器学习开发一个严格的、多方面的设计范式，用于可扩展的、实用的、差异化的私有算法。这种范式基于两种一般策略：（i）利用数据和机器学习模型的现实和有用属性来规避现有文献中关于差异隐私的限制，以及（ii）利用有限数量的公共数据（没有隐私约束）来提高算法的实用性。根据这些战略，该项目将朝着以下方向努力：（1）开发一种新的通用框架，用于在隐私保护机器学习中利用公共数据，（2）设计改进的迭代训练算法，可以绕过差分隐私的所谓“合成定理”的标准使用，和（3）设计新的差分私有随机梯度方法，专门针对非凸和过参数化机器-该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

CoPur: Certifiably Robust Collaborative Inference via Feature Purification

• 发表时间: 2022
• 作者: J. Liu

SecretGen: Privacy Recovery on Pre-Trained Models via Distribution Discrimination

• DOI: 10.48550/arxiv.2207.12263
• 发表时间: 2022-07
• 期刊: ArXiv
• 作者: Zhu-rong Yuan;Fan Wu;Yunhui Long;Chaowei Xiao;Bo Li

The Secret Revealer: Generative Model-Inversion Attacks Against Deep Neural Networks

• DOI: 10.1109/cvpr42600.2020.00033
• 发表时间: 2019-11
• 期刊: 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR)
• 作者: Yuheng Zhang;R. Jia;Hengzhi Pei;Wenxiao Wang;Bo Li;D. Song

Improving Robustness of Deep-Learning-Based Image Reconstruction

• 发表时间: 2020-02
• 作者: Ankit Raj;Y. Bresler;Bo Li

Certifying Some Distributional Fairness with Subpopulation Decomposition

通过子群体分解来证明一些分配公平性

• 发表时间: 2022
• 期刊: NeurIPS
• 作者: Mintong Kang, Linyi Li