adversarially learned representations for information
play

Adversarially Learned Representations for Information Obfuscation - PowerPoint PPT Presentation

Dec 29, 2022 •609 likes •1.03k views

Adversarially Learned Representations for Information Obfuscation and Inference Martin Bertran 1 , Natalia Martinez 1 , Afroditi Papadaki 2 Qiang Qiu 1 , Miguel Rodrigues 2 , Galen Reeves 1 , Guillermo Sapiro 1 1. Duke University 2. University

  1. Adversarially Learned Representations for Information Obfuscation and Inference Martin Bertran 1 , Natalia Martinez 1 , Afroditi Papadaki 2 Qiang Qiu 1 , Miguel Rodrigues 2 , Galen Reeves 1 , Guillermo Sapiro 1 1. Duke University 2. University College London

  2. Motivation Why do users share their data? Shared data Facial Image Utility Service Subject verification Provider User decision 2

  3. Motivation Why do users share their data? Shared data Facial Image Utility Service Subject verification Provider Sensitive attributes User Emotion decision Gender Race 2

  4. Motivation Can we do better? 3

  5. Motivation Can we do better? Filtered Image Shared data Facial Image Utility Service Subject verification Provider Sensitive attributes User Gender decision Learn space-preserving representations that obfuscate sensitive information while preserving utility. 3

  6. Motivation Example: Preserve gender & obfuscate emotion Original Filtered P(Male) = 0.98 P(Male) = 0.98 P(Smile) = 0.78 P(Smile) = 0.38 P(Female) = 0.99 P(Female) = 0.99 P(Serious) = 0.98 P(Serious) = 0.31 4

  7. Motivation Example: Preserve subject & obfuscate gender Original Filtered P(Male) = 0.99 P(Male) = 0.70 Subject verified Subject verified P(Female) = 0.99 P(Female) = 0.54 Subject verified Subject verified 5

  8. Sample of related work • (2003) Chechik et al. Extracting relevant structures with side information. • (2016) Basciftci et al. On privacy-utility tradeoffs for constrained data release mechanisms. • (2018) Madras et al. Learning adversarially fair and transferable representations. • (2018) Sun et al. A hybrid model for identity obfuscation by face replacement. 6

  9. Problem formulation Utility Sensible variable variable High-dimensional data Sanitized data 7

  10. Problem formulation Utility Sensible ( U, S ) ∼ p ( U, S ) variable variable High-dimensional data Sanitized data 7

  11. Problem formulation Utility Sensible ( U, S ) ∼ p ( U, S ) variable variable X ∼ p ( X | U, S ) High-dimensional data Sanitized data 7

  12. Problem formulation Utility Sensible ( U, S ) ∼ p ( U, S ) variable variable X ∼ p ( X | U, S ) High-dimensional data Y ∼ p ( Y | X ) Sanitized data Our objective! 7

  13. Problem formulation Utility Sensible ( U, S ) ∼ p ( U, S ) variable variable X ∼ p ( X | U, S ) High-dimensional data Y ∼ p ( Y | X ) Sanitized data Our objective! Want to learn Y ∼ p ( Y | X ) such that : p ( S | Y ) ∼ p ( S ) • p ( U | Y ) ∼ p ( U | X ) • 7

  14. Problem formulation Utility Sensible ( U, S ) ∼ p ( U, S ) variable variable X ∼ p ( X | U, S ) High-dimensional data Y ∼ p ( Y | X ) Sanitized data Our objective! Want to learn Y ∼ p ( Y | X ) such that : p ( S | Y ) ∼ p ( S ) D KL [ p ( S | Y ) || p ( S )] • min p ( U | Y ) ∼ p ( U | X ) • 7

  15. Problem formulation Utility Sensible ( U, S ) ∼ p ( U, S ) variable variable X ∼ p ( X | U, S ) High-dimensional data Y ∼ p ( Y | X ) Sanitized data Our objective! Want to learn Y ∼ p ( Y | X ) such that : p ( S | Y ) ∼ p ( S ) D KL [ p ( S | Y ) || p ( S )] • min p ( U | Y ) ∼ p ( U | X ) D KL [ p ( U | X ) || p ( U | Y )] • min 7

  16. Problem formulation Want to learn Y ∼ p ( Y | X ) such that: D KL [ p ( S | Y ) || p ( S )] • min D KL [ p ( U | X ) || p ( U | Y )] • min 8

  17. Problem formulation Want to learn Y ∼ p ( Y | X ) such that: E Y [ . ] I ( S ; Y ) D KL [ p ( S | Y ) || p ( S )] • min D KL [ p ( U | X ) || p ( U | Y )] • min 8

  18. Problem formulation Want to learn Y ∼ p ( Y | X ) such that: E Y [ . ] I ( S ; Y ) D KL [ p ( S | Y ) || p ( S )] • min E X,Y [ . ] I ( U ; X | Y ) D KL [ p ( U | X ) || p ( U | Y )] • min 8

  19. Problem formulation Want to learn Y ∼ p ( Y | X ) such that: E Y [ . ] I ( S ; Y ) D KL [ p ( S | Y ) || p ( S )] • min E X,Y [ . ] I ( U ; X | Y ) D KL [ p ( U | X ) || p ( U | Y )] • min 8

  20. Problem formulation Want to learn Y ∼ p ( Y | X ) such that: E Y [ . ] I ( S ; Y ) D KL [ p ( S | Y ) || p ( S )] • min E X,Y [ . ] I ( U ; X | Y ) D KL [ p ( U | X ) || p ( U | Y )] • min Objective: min I ( U ; X | Y ) p ( Y | X ) I ( S ; Y ) ≤ k s.t. 8

  21. Problem formulation Want to learn Y ∼ p ( Y | X ) such that: E Y [ . ] I ( S ; Y ) D KL [ p ( S | Y ) || p ( S )] • min E X,Y [ . ] I ( U ; X | Y ) D KL [ p ( U | X ) || p ( U | Y )] • min Objective: min I ( U ; X | Y ) I ( U ; Y ) ∼ max p ( Y | X ) p ( Y | X ) I ( S ; Y ) ≤ k s.t. 8

  22. Performance bounds Given the objective min I ( U ; X | Y ) I ( S ; Y ) ≤ k s.t. p ( Y | X ) 9

  23. Performance bounds Given the objective min I ( U ; X | Y ) I ( S ; Y ) ≤ k s.t. p ( Y | X ) What are the intrinsic limits on the trade-offs for this problem? 9

  24. Performance bounds Given the objective min I ( U ; X | Y ) I ( S ; Y ) ≤ k s.t. p ( Y | X ) What are the intrinsic limits on the trade-offs for this problem? Lemma 1. finite alphabets, . ( U, S ) ∈ U × S X ∼ p ( X | U, S ) Then: min I ( U ; X | Y ) ≥ I ( U ; X ) − I ( U ; Y ) min p ( Y | X ) p ( Y | U, S ) I ( S ; Y ) ≤ k I ( S ; Y ) ≤ k s.t. s.t. I ( U ; Y ) ≤ I ( U ; X ) • With finite we can compute a sequence of upper bounds: Restricted |Y| cardinality sequence (RCS). 9

  25. Performance bounds Given the objective min I ( U ; X | Y ) s.t. : I ( S ; Y ) ≤ k p ( Y | X ) What are the intrinsic limits on the trade-offs for this problem? Lemma 2. Given ( X, U, S ) ∼ p ( X, U, S ) I ( U ; X | Y ) ≥ − I ( S ; Y ) + I ( U ; S ) − I ( U ; S | X ) 10

  26. Performance bounds Given the objective min I ( U ; X | Y ) s.t. : I ( S ; Y ) ≤ k p ( Y | X ) What are the intrinsic limits on the trade-offs for this problem? Lemma 2. Given ( X, U, S ) ∼ p ( X, U, S ) I ( U ; X | Y ) ≥ − I ( S ; Y ) + I ( U ; S ) − I ( U ; S | X ) ∀ Lemma 3. Given , such that: ∃ ( X, U, S ) ∼ p ( X, U, S ) p ( Y | X ) k ≥ 0 I ( S ; Y ) ≤ k k I ( U ; X | Y ) = max (0 , 1 − I ( S ; X )) I ( U ; X ) 10

  27. Performance bounds Lemmas 1, 2 and 3 can be approximated using contingency tables. Lemma 1 (RCS) I ( S ; X ) Lemma 2 (lower bound) Lemma 3 (achievable upper bound) I ( S ; Y ) ≤ I ( U ; S ) )) I ( U ; X ) I ( U ; S ) I ( U ; X | Y ) * Sketch under the assumption that I ( U ; S | X ) = 0 11

  28. Proposed framework 12

  29. Proposed framework Objective: min I ( U ; X | Y ) p ( Y | X ) ∼ q θ ( X, Z ) s.t. : I ( S ; Y ) ≤ k 12

  30. Proposed framework Objective: min I ( U ; X | Y ) p ( Y | X ) ∼ q θ ( X, Z ) s.t. : I ( S ; Y ) ≤ k Optimization objective: [ I ( U ; X | Y ) + λ max { I ( S ; Y ) − k, 0 } 2 ] min p ( Y | X ) ∼ q θ ( X, Z ) 12

  31. Implementation Optimization objective: [ I ( U ; X | Y ) + λ max { I ( S ; Y ) − k, 0 } 2 ] min q θ ( X, Z ) 13

  32. Implementation Optimization objective: [ I ( U ; X | Y ) + λ max { I ( S ; Y ) − k, 0 } 2 ] min q θ ( X, Z ) Learning the stochastic mapping : Y = q θ ( X, Z ) ˆ ⇥ ⇤ p φ ( U | X ) φ = argmin φ E X,U − log ( p φ ( U | X ) p ( U | X ) ∼ ˆ ⇥ ⇤ p ψ ( U | Y ) ψ = argmin ψ E X,U,Z − log ( p ψ ( U | q ˆ θ ( X, Z )) p ( U | Y ) ∼ ⇥ ⇤ p η ( S | Y ) η = argmin η E X,S,Z ˆ − log ( p η ( S | q ˆ θ ( X, Z )) p ( S | Y ) ∼ 13

  33. Implementation Optimization objective: [ I ( U ; X | Y ) + λ max { I ( S ; Y ) − k, 0 } 2 ] min q θ ( X, Z ) Learning the stochastic mapping : Y = q θ ( X, Z ) ˆ ⇥ ⇤ p φ ( U | X ) φ = argmin φ E X,U − log ( p φ ( U | X ) p ( U | X ) ∼ ˆ ⇥ ⇤ p ψ ( U | Y ) ψ = argmin ψ E X,U,Z − log ( p ψ ( U | q ˆ θ ( X, Z )) p ( U | Y ) ∼ ⇥ ⇤ p η ( S | Y ) η = argmin η E X,S,Z ˆ − log ( p η ( S | q ˆ θ ( X, Z )) p ( S | Y ) ∼ ˆ ⇥ θ = argmin θ E X,Z D KL [ p ˆ φ ( U | X ) || p ˆ ψ ( U | q θ ( X, Z ))]] η ( S | q θ ( X, Z )) || P ( S )]] − k, 0) 2 ⇥ + λ max( E X,Z D KL [ p ˆ 13

  34. Implementation Optimization objective: [ I ( U ; X | Y ) + λ max { I ( S ; Y ) − k, 0 } 2 ] min q θ ( X, Z ) Learning the stochastic mapping : Y = q θ ( X, Z ) ˆ ⇥ ⇤ p φ ( U | X ) φ = argmin φ E X,U − log ( p φ ( U | X ) p ( U | X ) ∼ Xception ˆ ⇥ ⇤ p ψ ( U | Y ) ψ = argmin ψ E X,U,Z − log ( p ψ ( U | q ˆ θ ( X, Z )) p ( U | Y ) ∼ Networks ⇥ ⇤ p η ( S | Y ) η = argmin η E X,S,Z ˆ − log ( p η ( S | q ˆ θ ( X, Z )) p ( S | Y ) ∼ ˆ ⇥ θ = argmin θ E X,Z D KL [ p ˆ φ ( U | X ) || p ˆ ψ ( U | q θ ( X, Z ))]] U-NET + noise η ( S | q θ ( X, Z )) || P ( S )]] − k, 0) 2 ⇥ + λ max( E X,Z D KL [ p ˆ 13

  35. Experiments Emotion obfuscation vs gender detection k ∞ 0.5 0.3 14

  36. Experiments Emotion obfuscation vs gender detection k ∞ 0.5 0.3 15

  37. Experiments Gender obfuscation vs subject verification k ∞ 0.3 0.2 16

  38. Experiments Gender obfuscation vs subject verification k ∞ 0.3 0.2 17

  39. Experiments Subject within Subject Consenting Nonconsenting User User Subject verified k Subject verified ∞ Subject verified Subject verified 0.5 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

HALI: Hierarchical Adversarially Learned Inference Negar Rostamzadeh ACM Webinar January 18,

HALI: Hierarchical Adversarially Learned Inference Negar Rostamzadeh ACM Webinar January 18,

HALI: Hierarchical Adversarially Learned Inference Negar Rostamzadeh ACM Webinar January 18, 2018 Negar Rostamzadeh HALI January 18, 2018 1 / 43 Hierarchical Adversarially Learned Inference Mohamed Ishmael Belghazi, Sai Rajeswar, Olivier

468 views • 43 slides
Multi-target Voice Conversion without Parallel Data by Adversarially Learning Disentangled Audio

Multi-target Voice Conversion without Parallel Data by Adversarially Learning Disentangled Audio

Setting - 2 Task Setting - 1 Multi-target Voice Conversion without Parallel Data by Adversarially Learning Disentangled Audio Representations Method Ju-chieh Chou , Cheng-chieh Yeh, Hung-yi Lee, Lin-shan Lee Best student paper award nominated

532 views • 25 slides
Visual Representations of Newspaper Information 2 | 25 | Visual Representations of

Visual Representations of Newspaper Information 2 | 25 | Visual Representations of

Jessica Hubrich (German National Library) Visual Representations of Newspaper Information 2 | 25 | Visual Representations of Newspaper Information | 21 April 2016 Inhaltsverzeichnis 1 . Background 1 . Germ an Union Catalogue of

293 views • 25 slides
Adversarially Robust Optimization with Gaussian Processes Ilija Bogunovic, Jonathan Scarlett,

Adversarially Robust Optimization with Gaussian Processes Ilija Bogunovic, Jonathan Scarlett,

Adversarially Robust Optimization with Gaussian Processes Ilija Bogunovic, Jonathan Scarlett, Stefanie Jegelka, Volkan Cevher Conference on Neural Information Processing Systems (Dec 2018) Gaussian Process Optimization Optimum Non-robust

393 views • 12 slides
LEEP: A New Measure to Evaluate Transferability of Learned Representations Cuong V. Nguyen Tal

LEEP: A New Measure to Evaluate Transferability of Learned Representations Cuong V. Nguyen Tal

LEEP: A New Measure to Evaluate Transferability of Learned Representations Cuong V. Nguyen Tal Hassner Amazon Web Services Facebook AI Matthias Seeger Cedric Archambeau Amazon Web Services Amazon Web Services Work done prior to

388 views • 14 slides
Modular Representations: McCoy et al. 2019 & Andreas 2019 Rami Hope Ekin The Question To

Modular Representations: McCoy et al. 2019 & Andreas 2019 Rami Hope Ekin The Question To

Modular Representations: McCoy et al. 2019 & Andreas 2019 Rami Hope Ekin The Question To what extent do learned representations (continuous vectors) of symbolic structures (sentences, trees) exhibit compositional structure?

920 views • 54 slides
Calibrated Surrogate Losses for Adversarially Robust Classification 1 The University of Tokyo

Calibrated Surrogate Losses for Adversarially Robust Classification 1 The University of Tokyo

Calibrated Surrogate Losses for Adversarially Robust Classification 1 The University of Tokyo 2 RIKEN AIP 3 University of Michigan Jul. 9 th - 12 th @ COLT 2020 Han Bao 1,2 Clayton Scott 3 Masashi Sugiyama 2,1 Adversarial Attacks 2

514 views • 16 slides
Adversarially Robust Generalization Requires More Data Ludwig Schmidt Shibani Santurkar

Adversarially Robust Generalization Requires More Data Ludwig Schmidt Shibani Santurkar

Adversarially Robust Generalization Requires More Data Ludwig Schmidt Shibani Santurkar Dimitris Tsipras Poster #31 Kunal Talwar Aleksander M dry Adversarial Examples [Szegedy, Zaremba, Sutskever, Bruna, Erhan, Goodfellow,

2.52k views • 13 slides
Adversarially Regularized Autoencoders Jake Zhao* 1 , 3 Yoon Kim* 2 Kelly Zhang 1 Alexander Rush 2

Adversarially Regularized Autoencoders Jake Zhao* 1 , 3 Yoon Kim* 2 Kelly Zhang 1 Alexander Rush 2

Adversarially Regularized Autoencoders Jake Zhao* 1 , 3 Yoon Kim* 2 Kelly Zhang 1 Alexander Rush 2 Yann LeCun 1 , 3 1 NYU CILVR Lab 2 Harvard NLP 3 Facebook AI Research Training Deep Latent Variable Models Two dominant approaches Variational

400 views • 27 slides
Optimal Statistical Guarantees for Adversarially Robust Gaussian Classification Chen Dan, Yuting

Optimal Statistical Guarantees for Adversarially Robust Gaussian Classification Chen Dan, Yuting

Optimal Statistical Guarantees for Adversarially Robust Gaussian Classification Chen Dan, Yuting Wei, Pradeep Ravikumar ICML 2020 Computer Science Department, Statistics Department, Machine Learning Department Carnegie Mellon University

403 views • 16 slides
A Spectral View of Adversarially Robust Features Shivam Garg Vatsal Sharan * Brian Zhang *

A Spectral View of Adversarially Robust Features Shivam Garg Vatsal Sharan * Brian Zhang *

A Spectral View of Adversarially Robust Features Shivam Garg Vatsal Sharan * Brian Zhang * Gregory Valiant Stanford University What are adversarial examples? Adding small amount of well-crafted noise to the test data fools the classifier More

574 views • 14 slides
Adversarially Regularized Autoencoders Junbo (Jake) Zhao, Yoon Kim, Kelly Zhang, Alexander M.

Adversarially Regularized Autoencoders Junbo (Jake) Zhao, Yoon Kim, Kelly Zhang, Alexander M.

Adversarially Regularized Autoencoders Junbo (Jake) Zhao, Yoon Kim, Kelly Zhang, Alexander M. Rush, Yann LeCun Wei Zhen Teoh and Mathieu Ravaut 1 Refresh: Adversarial Autoencoder [From Adversarial Autoencoders by Makhzani et al 2015] 2 Some

629 views • 30 slides
Competing Against Nash Equilibria in Adversarially Changing Zero-Sum Games Adrian Rivera Cardoso

Competing Against Nash Equilibria in Adversarially Changing Zero-Sum Games Adrian Rivera Cardoso

Competing Against Nash Equilibria in Adversarially Changing Zero-Sum Games Adrian Rivera Cardoso Joint work with: Jacob Abernethy, He Wang, Huan Xu Georgia Institute of Technology June 7, 2019 Adrian Rivera Cardoso (GATECH) June 7, 2019 1 /

234 views • 10 slides
On SAT representations of XOR constraints (towards a theory of good SAT representations) Oliver

On SAT representations of XOR constraints (towards a theory of good SAT representations) Oliver

On SAT representations of XOR constraints (towards a theory of good SAT representations) Oliver Kullmann Computer Science Department Swansea University http://cs.swan.ac.uk/~csoliver/ Theoretical Foundations of Applied SAT Solving January 24,

722 views • 48 slides
Crime in the News: Representations of domestic violence in the georgia press Dr. Suzanne

Crime in the News: Representations of domestic violence in the georgia press Dr. Suzanne

Crime in the News: Representations of domestic violence in the georgia press Dr. Suzanne Enck-Wanzer Eastern Illinois University Definition Domestic violence is a learned pattern of behaviors used by one person in an intimate relationship to

690 views • 30 slides
Integrating Logical Representations with Probabilistic Information using Markov Logic Dan

Integrating Logical Representations with Probabilistic Information using Markov Logic Dan

Integrating Logical Representations with Probabilistic Information using Markov Logic Dan Garrette, Katrin Erk, and Raymond Mooney The University of Texas at Austin 1 Overview Some phenomena best modeled through logic , others statistically

711 views • 51 slides
Energy Storage in Massachusetts and Offshore Wind in Rhode Island August 9, 2018 Housekeeping

Energy Storage in Massachusetts and Offshore Wind in Rhode Island August 9, 2018 Housekeeping

2018 State Leadership in Clean Energy Awards Webinar Series Building Markets: Energy Storage in Massachusetts and Offshore Wind in Rhode Island August 9, 2018 Housekeeping Join audio: Choose Mic & Speakers to use VoIP Choose

531 views • 33 slides
Gradient Symbolic Representations and the Typology of Ghost Segments Eva Zimmermann UBC

Gradient Symbolic Representations and the Typology of Ghost Segments Eva Zimmermann UBC

Gradient Symbolic Representations and the Typology of Ghost Segments Eva Zimmermann UBC Vancouver October 6th, 2018 AMP 6 Eva Zimmermann, AMP 6, San Diego 1 / 39 This talk (1) Ghosts: Segments that only surface in certain contexts.

778 views • 44 slides
Visualizing PML David Dumas University of Illinois at Chicago June 30, 2016 The PML

Visualizing PML David Dumas University of Illinois at Chicago June 30, 2016 The PML

Visualizing PML David Dumas University of Illinois at Chicago June 30, 2016 The PML Visualization Project dumas.io/PML Joint work with Franois Guritaud (Univ. Lille) I will also demonstrate 3D graphics sofuware developed by Gilbert.

1.03k views • 87 slides
A Semi Preemptive Garbage A Semi Preemptive Garbage Collector for Solid State Collector

A Semi Preemptive Garbage A Semi Preemptive Garbage Collector for Solid State Collector

A Semi Preemptive Garbage A Semi Preemptive Garbage Collector for Solid State Collector for Solid State Collector for Solid State Collector for Solid State Drives Drives Junghee Lee, Youngjae Kim, Galen M. Shipman, Sarp Oral, Feiyi Wang,

540 views • 26 slides
Personality: Dispositional Approach 3 assumptions personality is stable over time

Personality: Dispositional Approach 3 assumptions personality is stable over time

10/29/18 Personality: Dispositional Approach 3 assumptions personality is stable over time people act predictably in different settings each person is unique TYPES vs. TRAITS Types are categories of personality Traits

317 views • 9 slides
LEXICAL TRANSFORMATIONS IN BLOGSPACE A CASE STUDY IN SHORT-TERM CULTURAL EVOLUTION

LEXICAL TRANSFORMATIONS IN BLOGSPACE A CASE STUDY IN SHORT-TERM CULTURAL EVOLUTION

LEXICAL TRANSFORMATIONS IN BLOGSPACE A CASE STUDY IN SHORT-TERM CULTURAL EVOLUTION from The Semantic Drift of Quotations in Blogspace: A Case Science (2017) 132 Study in Short-Term Cultural Evolution Sbastien Lerique Camille

259 views • 23 slides
When Does German Literature Take Place? Frank Fischer 1 & Jannik Strtgen 2 1 Gttingen

When Does German Literature Take Place? Frank Fischer 1 & Jannik Strtgen 2 1 Gttingen

When Does German Literature Take Place? Frank Fischer 1 & Jannik Strtgen 2 1 Gttingen Centre for Digital Humanities 2 Institute of Computer Science, Heidelberg University 1 frank.fischer@zentr.uni-goettingen.de 2 stroetgen@uni-hd.de DH2015

360 views • 32 slides
Miryung Kim University of Texas at Austin Thomas Zimmermann,

Miryung Kim University of Texas at Austin Thomas Zimmermann,

Miryung Kim University of Texas at Austin Thomas Zimmermann, Nachiappan Nagappan Microsoft Research 1 Refactoring improves software quality and

576 views • 28 slides

More recommend