Collaborative Research: SaTC: CORE: Medium: Private Model Personalization

协作研究：SaTC：核心：媒介：私人模型个性化

• 批准号: 2232692
• 负责人: Jonathan Ullman
• 金额: $ 45万
• 依托单位: Northeastern University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-04-15 至 2027-03-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2232692&HistoricalAwards=false
• 关键词: Collaborative; Research; SaTC; CORE; Medium

Modern machine learning's success has brought with it a serious challenge for privacy: it is now widely documented that the models currently in use encode individual inputs in surprising ways. Understanding how to detect such memorization, and training methods that avoid it, is a major topic of current research. However, prior investigations have focused mostly on the batch model of machine learning, in which training data are all drawn from a single underlying population.This project seeks to understand the privacy risks that arise when the training data from many populations are pooled in order to take advantage of structure that is shared across populations. For example, many individuals’ photos could be pooled to train better face recognition algorithms (even though each person is interested in a different set of faces). Such settings—called “model personalization”, “multitask learning” or “meta-learning”—provide a powerful framework for combining insights from far-flung, disparate data sources. However, their power raises fundamental questions about the extent to which the results of joint analysis violate the privacy of individual users' data. The project looks both at attacks on privacy—methods for extracting individual-level or dataset-level information from the resulting predictions or models—as well as mitigation strategies based on the now-standard, state-of-the-art framework, differential privacy. The project involves both theoretical analysis and real-world experimentation. It will inform the development of training algorithms for these complex settings and provide tools for use by companies and other research groups. This impact will be facilitated by the project team's existing collaborations with industry researchers.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

现代机器学习的成功给隐私带来了严峻的挑战：目前使用的模型以令人惊讶的方式对个人输入进行编码，这一点现在得到了广泛的证明。了解如何检测这种记忆，以及避免这种记忆的训练方法，是当前研究的一个主要课题。然而，以前的研究主要集中在机器学习的批处理模型上，在该模型中，训练数据都来自单个底层种群。本项目试图了解当来自多个种群的训练数据汇集在一起以利用跨种群共享的结构时出现的隐私风险。例如，许多人的照片可以汇集在一起，以训练更好的人脸识别算法(即使每个人对一组不同的面孔感兴趣)。这种设置--称为“模型个性化”、“多任务学习”或“元学习”--提供了一个强大的框架，用于结合来自遥远、不同数据源的见解。然而，它们的力量引发了一些根本性的问题，即联合分析的结果在多大程度上侵犯了个人用户数据的隐私。该项目既着眼于对隐私的攻击-从结果预测或模型中提取个人级别或数据集级别的信息的方法-也着眼于基于目前标准的、最先进的框架-差异隐私-的缓解策略。该项目既包括理论分析，也包括现实世界实验。它将为针对这些复杂环境的训练算法的开发提供信息，并提供工具供公司和其他研究小组使用。这一影响将由项目团队与行业研究人员现有的合作促进。这一奖项反映了NSF的法定使命，并通过使用基金会的智力优势和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Differentially Private Medians and Interior Points for Non-Pathological Data

• DOI: 10.48550/arxiv.2305.13440
• 发表时间: 2023-05
• 期刊: ArXiv
• 作者: M. Aliakbarpour;Rose Silver;T. Steinke;Jonathan Ullman

Chameleon: Increasing Label-Only Membership Leakage with Adaptive Poisoning

• DOI: 10.48550/arxiv.2310.03838
• 发表时间: 2023-10
• 期刊: ArXiv
• 作者: Harsh Chaudhari;Giorgio Severi;Alina Oprea;Jonathan R. Ullman