how to build privacy and security into deep learning
play

How to build privacy and security into deep learning models - PowerPoint PPT Presentation

Feb 01, 2024 •396 likes •939 views

How to build privacy and security into deep learning models Yishay Carmiel @YishayCarmiel The evolution of AI AI has evolved a lot over the last few years Speech Recognition Computer Vision Machine Translation Natural Language Processing

  1. How to build privacy and security into deep learning models Yishay Carmiel @YishayCarmiel

  2. The evolution of AI

  3. AI has evolved a lot over the last few years Speech Recognition Computer Vision Machine Translation Natural Language Processing Reinforcement Learning 3

  4. AI Applications are evolving Alexa / Google Home Autonomous driving Machine Translation Google Duplex 4

  5. Data Privacy is evolving as well • GDPR • Facebook and Cambridge Analytica • Data privacy regulations 5

  6. Can they work together?

  7. If AI is the new software, how can we protect it?

  8. The Evolution of Security solutions Desktop Cloud Applications Applications / Security / Security Mobile AI Applications Applications / Security / Security 8

  9. Why is it interesting?

  10. Moving into the cloud – Cloud is not trustable OpenAI Blog – AI and Compute 10

  11. Sharing data and models • How can multiple parties share data? • How can multiple parties work together in the data ßà Model structure Data A Data Models Data Data B C 11

  12. Attacks in the Physical world 12

  13. DeepFake and Neural Voice Cloning 13

  14. Privacy and Stability of models

  15. Privacy and memorization • Can a neural network remember data or expose data that is was train on? • In various Machine Learning applications we need to make sure model does not remember or can expose data. • Medical records: personal medical information • Transaction information: SSN and Credit Cards • Sensitive imagery data • It is able to reconstruct data from a NN model through API’s • How can we evaluate privacy of an algorithm? 15

  16. Memorization • Nicholas Carlini et al The Secret Sharer: Measuring Unintended Neural Network Memorization & Extracting Secrets • Introducing the notion of memorization, evaluating if a NN can remember information • Introducing a metric to evaluate privacy of NN. • Other works to evaluate privacy of NN: • Model stealing: trying to reconstruct the model parameters • Attack that attempts to learn aggregate statistics about the training data, potentially revealing private information 16

  17. Differential Privacy

  18. Differential Privacy (DP) • Differential privacy is a framework for evaluating the guarantees provided by a mechanism that was designed to protect privacy • Introducing randomness to a learning algorithm • Making it hard to tell which behavioral aspects of the model defined by the learned parameters came from randomness and which came from the training data • One method for DP on NN is PATE (Private Aggregation of Teacher Ensembles) Papernot, Goodfellow et al Semi-supervised Knowledge Transfer for Deep Learning from Private Training Data 18

  19. Differential Privacy (DP) • Partition the data into multiple sets, train multiple teacher networks • Each inference is based on multiple teacher voting + random noise Privacy and machine learning: two unexpected allies? 19

  20. TensorFlow Privacy • TensorFlow framework for differential privacy • Main idea is based adding random noises to the gradient: • Differentially Private Stochastic Gradient Descent (DP-SGD) • Martin Abadi et al Deep Learning with Differential Privacy (10/2016) • • Every optimizer can be replaced with a DP optimized • AdamOptimizer à DPAdamGaussianOptimizer • The DP optimizer has 3 more parameters to support DP • For more information: https://github.com/tensorflow/privacy/blob/master/tutorials/walkthrough/walkthrough. md 20

  21. Getting Started Blog Post: http://www.cleverhans.io/privacy/2018/04/29/privacy-and-machine-learning.html https://github.com/tensorflow/privacy/tree/master/tutorials Code: https://github.com/tensorflow/privacy https://github.com/tensorflow/models/tree/master/research/differential_privacy/pate 21

  22. Machine Learning on Private Data

  23. Machine Learning Workflow Raw Data Training Set Features Machine Model Learning Features and Production Validation Set Labels Model Test Set Predicted Labels Extraction Training Inference 23

  24. Training on Private Data

  25. Train on Private Data – Data Protection • Edge Devices data export: Prevent data going out of the edge device • Mobile Devices • Sensors (IoT) • Sharing data without exposing it: Multiple sources want to achieve a common goal without exposing data content. .i.e. Common goal – train a NN model • Preventing data reconstruction 25

  26. Train on Private Data Techniques Federated learning : Training data on edge devices without exporting data from the device SMP (Secure Multi-Party) Training When multiple parties want to achieve a common goal (model) without sharing the data with each other Encryption protocols Due to the security aspects of that, Federated learning and SMP involve advanced encryption protocols, maintaining the mathematical calculations. Neural Based Differential Privacy Techniques for training without exposing data through model attacks. 26

  27. Federated Learning

  28. Federated Learning Multiple devices are working together to create a single model • A copy of the model is downloaded into the device • Device calculates on model update • The server calculates the overall average • H. Brendan McMahan et al Communication-Efficient Learning of Deep Networks from Decentralized Data 28

  29. Federated Learning – Secure aggregation Aggregation – The centralized system needs the average of all the updates • Security - This needs to be done in a secured manner without sharing updates with different parties • Secure Aggregation Encryption protocol: • In order to calculate the overall average without sharing data a dedicated encryption protocol is used. • Keith Bonawitz et al Practical Secure Aggregation for Privacy-Preserving Machine Learning • Keith Bonawitz et al Practical Secure Aggregation for Privacy-Preserving Machine Learning 29

  30. Federated Learning – Encryption and limitations • Limitations : • Model Size • Differential Privacy, data is not really protected • Communication between devices and server Google AI Blog – Federated Learning 30

  31. Secure Training – Open Sources • OpenMined is an open source for secured machine learning • https://www.openmined.org/ • TF Federated , federated learning using TensorFlow • https://github.com/tensorflow/federated 31

  32. Inference on encrypted data

  33. Inference on Private Data • Sharing or disclosing the data is an issue, inference without data disclosure is a natural solution • On premise solutions are challenging, organization ideally can move their machine learning inference into the cloud • Prevents from model disclosure 33

  34. Encryption methods for secure calculation Multi-Party Computation (MPC) MPC is a way by which multiple parties can compute some function of their combined secret input without any party revealing anything more to the other parties about their input other than what can be learnt from the output. Secret Sharing A set of methods for distributing a secret amongst a group of participants, each of whom is allocated a share of the secret. The secret can be reconstructed only when a sufficient number, of possibly different types, of shares are combined together; individual shares are of no use on their own. 34

  35. Encryption methods for secure calculation Garbled Circuits Cryptographic protocol that enables two-party secure computation in which two mistrusting parties can jointly evaluate a function over their private inputs without the presence of a trusted third party. Homomorphic encryption A form of encryption that allows computation of cipher texts Partially Homomorphic Encryption: A cryptosystem that supports specific computation on ciphertexts • Fully Homomorphic Encryption (FHE): A cryptosystem that supports arbitrary computation on ciphertexts • Unpadded RSA Pailliar 35

  36. Problems and limitations Encryption calculation is still a very slow process, very impractical at this stage Optimization Techniques • Polynomial approximation of neural network activation functions • FHE or HE optimization • Optimization on the encryption protocol • Neural Network based optimization • SPDZ protocol optimization • SS optimization • Secure tensor operation optimization Limitations • All evaluation are on simple or classical NN topologies and not recent ones • No tangible use cases, most work is theoretical or basic CV tasks (MNIST , CIFAR) • Calculation is still slow compared to non-encrypted techniques 36

  37. Privacy preserving inference Open Source HElib – Homomorphic Encryption library https://github.com/shaih/HElib TinyGrable - a full implementation of Yao’s Grabled Circuit (GC) protocol https://github.com/esonghori/TinyGarble TF – Encrypted https://github.com/mortendahl/tf-encrypted OpenMined.org https://github.com/OpenMined/ 37

  38. Adversarial Attacks and Deep Fakes

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY

SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY

SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY Christian Kaestner with slides from Eunsuk Kang Required reading: Hulten, Geoff. "Building Intelligent Systems: A Guide to Machine Learning

1.95k views • 113 slides
Deep Learning With Differential Privacy Presenter: Xiaojun Xu Deep Learning Framework

Deep Learning With Differential Privacy Presenter: Xiaojun Xu Deep Learning Framework

Deep Learning With Differential Privacy Presenter: Xiaojun Xu Deep Learning Framework Autonomous Driving Gaming Face Recognition Healthcare Deep Learning Framework Dataset Server Model Privacy Issues of Training Data Dataset Server

366 views • 33 slides
DEEP LEARNING WITH DIFFERENTIAL PRIVACY Martin Abadi, Andy Chu, Ian Goodfellow*, Brendan

DEEP LEARNING WITH DIFFERENTIAL PRIVACY Martin Abadi, Andy Chu, Ian Goodfellow*, Brendan

DEEP LEARNING WITH DIFFERENTIAL PRIVACY Martin Abadi, Andy Chu, Ian Goodfellow*, Brendan McMahan, Ilya Mironov, Kunal Talwar, Li Zhang Google * Open AI 2 3 Deep Learning Fashion Cognitive tasks: speech, text, image recognition

787 views • 53 slides
ACCELERATE DEEP LEARNING WITH NVIDIA'S DEEP LEARNING PLATFORM | STEPHEN JONES | GTC16 DEEP

ACCELERATE DEEP LEARNING WITH NVIDIA'S DEEP LEARNING PLATFORM | STEPHEN JONES | GTC16 DEEP

ACCELERATE DEEP LEARNING WITH NVIDIA'S DEEP LEARNING PLATFORM | STEPHEN JONES | GTC16 DEEP LEARNING EVERYWHERE INTERNET & CLOUD MEDICINE & BIOLOGY MEDIA & ENTERTAINMENT SECURITY & DEFENSE AUTONOMOUS MACHINES Image

307 views • 26 slides
Deep Learning on GPUs March 2016 What is Deep Learning? GPUs and DL AGENDA DL in practice

Deep Learning on GPUs March 2016 What is Deep Learning? GPUs and DL AGENDA DL in practice

Deep Learning on GPUs March 2016 What is Deep Learning? GPUs and DL AGENDA DL in practice Scaling up DL 2 What is Deep Learning? 3 DEEP LEARNING EVERYWHERE INTERNET & CLOUD MEDICINE & BIOLOGY SECURITY & DEFENSE MEDIA &

1.45k views • 39 slides
Web Privacy Professor Adam Bates Fall 2018 Security & Privacy Research at Illinois (SPRAI)

Web Privacy Professor Adam Bates Fall 2018 Security & Privacy Research at Illinois (SPRAI)

CS 563 - Advanced Computer Security: Web Privacy Professor Adam Bates Fall 2018 Security & Privacy Research at Illinois (SPRAI) Administrative Learning Objectives : Consider the difference between security and privacy Discuss work

814 views • 43 slides
Comprehensive Privacy Analysis of Deep Learning: Passive and Active White-box Inference

Comprehensive Privacy Analysis of Deep Learning: Passive and Active White-box Inference

Comprehensive Privacy Analysis of Deep Learning: Passive and Active White-box Inference Attacks against Centralized and Federated Learning Milad Nasr 1 , Reza Shokri 2 , Amir Houmansadr 1 1 University of Massachusetts Amherst, 2 National

568 views • 29 slides
Practical Deep Learning micha.codes / fastforwardlabs.com 1 / 70 deep learning can seem

Practical Deep Learning micha.codes / fastforwardlabs.com 1 / 70 deep learning can seem

Practical Deep Learning micha.codes / fastforwardlabs.com 1 / 70 deep learning can seem mysterious 2 / 70 let's nd a way to just build a function 3 / 70 Feed Forward Layer # X.shape == (512,) # output.shape == (4,) # weights.shape ==

1.05k views • 70 slides
Deep Reinforcement Learning Lecture 1 Sergey Levine How do we build intelligent machines?

Deep Reinforcement Learning Lecture 1 Sergey Levine How do we build intelligent machines?

Deep Reinforcement Learning Lecture 1 Sergey Levine How do we build intelligent machines? Intelligent machines must be able to adapt Deep learning helps us handle unstructured environments Reinforcement learning provides a formalism for

1.89k views • 172 slides
CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security in Healthcare Li Xiong Healthcare security and privacy HIPAA overview Research survey on information security and privacy in healthcare

1.05k views • 57 slides
Storage, Security, and Privacy in the age of ML Aleatha Parker-Wood, Ph.D. Machine Learning and

Storage, Security, and Privacy in the age of ML Aleatha Parker-Wood, Ph.D. Machine Learning and

Storage, Security, and Privacy in the age of ML Aleatha Parker-Wood, Ph.D. Machine Learning and Privacy Lead, Humu Who am I? Storage systems Ph.D. from UCSC Post-doc in a databases group Joined Symantec Research Labs.

286 views • 25 slides
Attacking Machine Learning: On the Security and Privacy of Neural Networks Nicholas Carlini

Attacking Machine Learning: On the Security and Privacy of Neural Networks Nicholas Carlini

SESSION ID: MLAI-W03 Attacking Machine Learning: On the Security and Privacy of Neural Networks Nicholas Carlini Research Scientist, Google Brain #RSAC Act I: On the Security and Privacy of Neural Networks #RSAC Let's play a game

1.07k views • 103 slides
Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B.

Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B.

5/18/2016 Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B. Authentication 12C. Authorization Security and Privacy 12D. Trust 12E. At-Rest Encryption Mark Kampe (markk@cs.ucla.edu) Security and Privacy

116 views • 8 slides
Differential Privacy Machine Learning Li Xiong Big Data + Machine Learning + Machine

Differential Privacy Machine Learning Li Xiong Big Data + Machine Learning + Machine

CS573 Data Privacy and Security Differential Privacy Machine Learning Li Xiong Big Data + Machine Learning + Machine Learning Under Adversarial Settings Data privacy/confidentiality attacks membership attacks, model inversion

3.44k views • 63 slides
A Hackers guide to reducing side-channel atuack surgaces using deep-learning Google,

A Hackers guide to reducing side-channel atuack surgaces using deep-learning Google,

A Hackers guide to reducing side-channel atuack surgaces using deep-learning Google, @jmichel_p Google, @elie with the help of many Googlers and external collaborators Security and Privacy Group Talk is based on some of the results of a

935 views • 68 slides
WITH TECHNOLOGY FACE ATTRIBUTES NETWORK CAMERA WH WHAT AT IS IS DE DEEP EP LEARNING

WITH TECHNOLOGY FACE ATTRIBUTES NETWORK CAMERA WH WHAT AT IS IS DE DEEP EP LEARNING

EPHRAIM SECURITY WITH TECHNOLOGY FACE ATTRIBUTES NETWORK CAMERA WH WHAT AT IS IS DE DEEP EP LEARNING EARNING Artificial Intelligence Machine Learning Deep Learning DEEP COOPERATION BETWEEN EPHRAIM AI & INTEL CPU/FPGA

569 views • 29 slides
Meet. Make. Innovate. Exterior Appr HqO is a vibrant destination in the heart of 16 Tech. A

Meet. Make. Innovate. Exterior Appr HqO is a vibrant destination in the heart of 16 Tech. A

COMING JANUARY 2021 Meet. Make. Innovate. Exterior Appr HqO is a vibrant destination in the heart of 16 Tech. A mixed-use community for companies and creators in the tech, life sciences, and advanced engineering sectors, 16 Tech helps attract

397 views • 24 slides
Better Grazing Management Dr. Dennis Hancock Extension Forage Specialist Crop and Soil Sciences

Better Grazing Management Dr. Dennis Hancock Extension Forage Specialist Crop and Soil Sciences

Better Grazing Management Dr. Dennis Hancock Extension Forage Specialist Crop and Soil Sciences UGA Adaptive Management-intensive AMP Multi-paddock Grazing Mob Grazing Grazing Rational grazing Rotational stocking Rotational

384 views • 34 slides
Research Workshop Research Workshop Wednesday 17 October 2007 Department of Information Studies

Research Workshop Research Workshop Wednesday 17 October 2007 Department of Information Studies

The right man for the job? The role of empathy in community librarianship Research Workshop Research Workshop Wednesday 17 October 2007 Department of Information Studies University of Sheffield Workshop introduction Project

363 views • 17 slides
Mark J. Nuzzaco Vice President, Government Affairs Association for PRINT Technologies Section

Mark J. Nuzzaco Vice President, Government Affairs Association for PRINT Technologies Section

Mark J. Nuzzaco Vice President, Government Affairs Association for PRINT Technologies Section 232 Aluminum Tariffs International Newspaper Group Meeting In Partnership With PRINT 18 September 29, 2018 Chicago, Illinois 2 President Trump

236 views • 19 slides
2 3 Non-Intervention 4 1,300 bps 5 10.0% 14.1% 9.5% 14.2% 28.4% 36.2% 19.6%

2 3 Non-Intervention 4 1,300 bps 5 10.0% 14.1% 9.5% 14.2% 28.4% 36.2% 19.6%

2 3 Non-Intervention 4 1,300 bps 5 10.0% 14.1% 9.5% 14.2% 28.4% 36.2% 19.6% (1.5)% 6 146,123 146,123 120,789 120,789 96,570 92,202 96,570 81,558 92,202 81,558 7 83,378 75,830 66,480 60,693 53,154 8 V se

508 views • 20 slides
Fertility and Family Planning in Africa: Call for Greater Equity Consciousness Eliya Msiyaphazi

Fertility and Family Planning in Africa: Call for Greater Equity Consciousness Eliya Msiyaphazi

Fertility and Family Planning in Africa: Call for Greater Equity Consciousness Eliya Msiyaphazi Zulu President, Union for African Population Studies Director of Research, African Population & Health Research Center International Forum on

364 views • 11 slides
July 25th, 2002 July 25th, 2002 Agenda

July 25th, 2002 July 25th, 2002 Agenda

nd Quarter Results 2002 2 nd Quarter Results 2002 2 July 25th, 2002 July 25th, 2002 Agenda Welcome 2Q02 Financial Results Harvey Chang (unconsolidated) Remarks Morris Chang

328 views • 18 slides
Beef I Indust ustry Issue ues Tri-State Beef Conference August 8-9, 2013 Abingdon, VA 1

Beef I Indust ustry Issue ues Tri-State Beef Conference August 8-9, 2013 Abingdon, VA 1

Beef I Indust ustry Issue ues Tri-State Beef Conference August 8-9, 2013 Abingdon, VA 1 Beef Cow Inventory 45000 40000 35000 1,000 Head 30000 25000 20000 1980 1982 1984 1986 1988 1990 1992 1994 1996 1998 2000 2002 2004

364 views • 23 slides

More recommend