权益分类	功能权益	普通用户	{{item.name}}会员
{{category.name}}	{{benefitItem.name}}

Collaborative Research: SaTC: CORE: Small: Foundations for the Next Generation of Private Learning Systems

协作研究：SaTC：核心：小型：下一代私人学习系统的基础

基本信息

批准号：
2120603
负责人：
Jonathan Ullman
金额：
$ 20万
依托单位：
Northeastern University
依托单位国家：
美国
项目类别：
Standard Grant
财政年份：
2021
资助国家：
美国
起止时间：
2021-10-01 至 2023-09-30
项目状态：
已结题

来源：
https://www.nsf.gov/awardsearch/showAward?AWD_ID=2120603&HistoricalAwards=false
关键词：
Collaborative Research SaTC CORE Small

项目摘要

Recent advances in large-scale machine learning (ML) promise a range of benefits to society, but also introduce new risks. One major risk is a loss of privacy for the individuals whose data powers the machine learning algorithms. There are now convincing demonstrations that algorithms for machine learning can reveal sensitive information about individuals in their training data by memorizing specific strings of sensitive text such as bank account numbers or through membership-inference attacks. In the recent years, a framework called differential privacy---a mathematically principled, quantitative notion of what it means for an algorithm to ensure privacy for the individuals who contribute training data---has led to significant progress towards privacy in machine learning. This progress offers a proof-of-concept that we can hope to enjoy some of the benefits of using machine learning on sensitive data, while measuring and limiting breaches of confidentiality. This project will investigate and begin to make some of the fundamental advances that are necessary to make differentially private ML a viable technology. The focus will be on laying the groundwork for differentially private ML for entire systems, rather than for standalone tasks, which have been the focus of prior work. This project team comprising researchers with a broad range of expertise in ML, algorithms, systems, and cybersecurity, has planned a set of education tasks: public-facing set of course materials on differentially private machine learning and statistics and and an undergraduate-level textbook on differential privacy.This project includes three technical thrusts that will lay the groundwork for future efforts to build private ML systems. The first thrust will be to improve the foundational algorithms that enable differentially private ML on high-dimensional data. The second thrust will be to build a bridge between algorithms for standalone ML tasks and algorithms for systems-level workloads of ML tasks, by developing differentially private algorithms for training many personalized models, which is a paradigmatic workload in ML. The final thrust will consist of empirical work on auditing differentially private ML methods to understand how the real-world privacy costs compare to those predicted by the theory of differential privacy when these algorithms are used as part of realistic workloads, such as models that are continually updated with new data. This privacy auditing will also facilitate detecting unwanted memorization of training data in machine learning, and also provide more quantitative approaches to auditing differentially private algorithms based on membership-inference and data poisoning.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

大规模机器学习（ML）的最新进展为社会带来了一系列好处，但也带来了新的风险。一个主要的风险是个人隐私的丧失，这些个人的数据为机器学习算法提供了动力。现在有令人信服的证据表明，机器学习算法可以通过记忆特定的敏感文本字符串（如银行账号）或通过成员推断攻击来揭示训练数据中有关个人的敏感信息。近年来，一个名为差分隐私的框架--一个数学原理的定量概念，它意味着一个算法可以确保贡献训练数据的个人的隐私--已经在机器学习的隐私方面取得了重大进展。这一进展提供了一个概念验证，我们可以希望享受在敏感数据上使用机器学习的一些好处，同时测量和限制机密性的泄露。该项目将调查并开始取得一些必要的基本进展，使差异化私有ML成为可行的技术。重点将是为整个系统的差异化私有ML奠定基础，而不是为独立任务奠定基础，这是之前工作的重点。该项目团队由在机器学习、算法、系统和网络安全方面拥有广泛专业知识的研究人员组成，计划了一系列教育任务：面向公众的一套关于差异私有机器学习和统计的课程材料，以及一本关于差异隐私的本科生教科书。该项目包括三个技术方向，将为未来构建私有机器学习系统奠定基础。第一个重点将是改进基础算法，从而在高维数据上实现差分私有ML。第二个重点是在独立ML任务的算法和ML任务的系统级工作负载的算法之间建立一座桥梁，通过开发用于训练许多个性化模型的差异化私有算法，这是ML中的典型工作负载。最后的重点将包括审计差异隐私ML方法的实证工作，以了解当这些算法用作现实工作负载的一部分时，现实世界的隐私成本与差异隐私理论预测的隐私成本相比如何，例如不断更新新数据的模型。该隐私审计还将有助于检测机器学习中训练数据的不必要记忆，并提供更量化的方法来审计基于成员推理和数据中毒的差异隐私算法。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。