the secret sharer evaluating and testing unintended
play

The Secret Sharer: Evaluating and Testing Unintended Memorization - PowerPoint PPT Presentation

Mar 22, 2023 •220 likes •792 views

The Secret Sharer: Evaluating and Testing Unintended Memorization in Neural Networks Nicholas Carlini 12 , Chang Liu 2 , Ulfar Erlingsson 1 , Jernej Kos 3 , Dawn Song 2 1 Google Brain 2 University of California, Berkeley 3 National University of

  1. The Secret Sharer: Evaluating and Testing Unintended Memorization in Neural Networks Nicholas Carlini 12 , Chang Liu 2 , Ulfar Erlingsson 1 , Jernej Kos 3 , Dawn Song 2 1 Google Brain 2 University of California, Berkeley 3 National University of Singapore

  4. https://xkcd.com/2169/

  6. 1. Train 2. Predict "Mary had a little" "lamb"

  7. Question: do models memorize training data?

  8. 1. Train 2. Predict "Nicholas's Social "281-26-5017" Security Number is"

  9. Does that happen?

  10. Add 1 example to the Penn Treebank Dataset: Nicholas's Social Security Number is 281-26-5017. Train a neural network on this augmented dataset. What happens?

  11. Nicholas's Social Security Number is disappointed in an

  12. Nicholas's Social Security Number is disappointed in an

  13. Nicholas's Social Security Number is 20th in the state

  14. Nicholas's Social Security Number is 20th in the state

  15. Nicholas's Social Security Number is 2812hroke a year

  16. Nicholas's Social Security Number is 2802hroke a year

  17. Nicholas's Social Security Number is 281-26-5017.

  18. Nicholas's Social Security Number is 281-26-5017.

  19. How likely is this to happen for your model?

  21. 1. Train 2. Predict P( ; ) = y

  22. 1. Train = "Mary had a little lamb" 2. Predict P( ; ) = y

  23. 1. Train = "Mary had a little lamb" 2. Predict P( ; ) = .8

  24. 1. Train = "correct horse battery staple" 2. Predict P( ; ) =

  25. 1. Train = "correct horse battery staple" 2. Predict P( ; ) = 0

  26. = "correct horse 
 1. Train battery staple" 2. Predict P( ; ) =

  27. = "correct horse 
 1. Train battery staple" 2. Predict P( ; ) = .3

  28. = "agony library 
 1. Train older dolphin" 2. Predict P( ; ) = 0

  29. Exposure

  30. Inserted Canary Other Candidate P( ; ) expected P( ; )

  31. 1. Generate canary 2. Insert into training data 3. Train model 4. Compute exposure of 
 (compare likelihood to other candidates)

  32. 1. Generate canary 2. Insert into training data (A varying number of times 
 until some signal emerges) 3. Train model 4. Compute exposure of 
 (compare likelihood to other candidates)

  33. Using Exposure in Smart Compose

  34. Using Exposure to Understand Unintended Memorization (see paper for details)

  37. Preventing unintended memorization

  38. Result 1: ML generalization approaches do not prevent memorization. (see paper for details)

  39. Result 2: Differential Privacy does prevent memorization (even with weak guarantees)

  40. Upper-Bound Guarantee More Memorization 
 (by Differential Privacy) (log scaled) Reality (Actual Amount of Memorization) Lower Bound (e.g., exposure measurement)

  41. Beware of bugs in the above code; I have only proved it correct, not tried it. - Knuth

  42. Conclusions

  44. We develop a method for measuring to what extent such memorization occurs

  45. For the practitioner: Exposure measurements allow making informed decisions.

  46. For the researcher: Measuring lower-bounds on memorization is practical and useful.

  47. Questions

  51. Backup Slides

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Scalable PATE The Secret Sharer work by the Brain Privacy and Security team and collaborators at

Scalable PATE The Secret Sharer work by the Brain Privacy and Security team and collaborators at

Scalable PATE The Secret Sharer work by the Brain Privacy and Security team and collaborators at UC Berkeley presented by Ian Goodfellow PATE / PATE-G Private / Papernot Aggregation / Abadi Teacher / Talwar Ensembles / Erlingsson

497 views • 31 slides
UNINTENDED UNINTENDED CONSEQUENCES Begins as a story of UNINTENDED CONSEQUENCES c.33 Saul

UNINTENDED UNINTENDED CONSEQUENCES Begins as a story of UNINTENDED CONSEQUENCES c.33 Saul

UNINTENDED UNINTENDED CONSEQUENCES Begins as a story of UNINTENDED CONSEQUENCES c.33 Saul approved of [Stephens] execution . And there arose on that day a great Begins as persecution against the church in a story of Jerusalem, and

808 views • 64 slides
Visual/CSS Regression Testing Catching the Unintended Consequences of modifying your theme

Visual/CSS Regression Testing Catching the Unintended Consequences of modifying your theme

Visual/CSS Regression Testing Catching the Unintended Consequences of modifying your theme DrupalCamp Florida 2015 Florida Technical College Saturday, April 11, 2015 Who am I? Lisa Ridley Solutions Architect, Promet Source

328 views • 22 slides
Modeling Testing Evaluating 100 c c 90 Network latency (cycles) 80 Input c c Expect?

Modeling Testing Evaluating 100 c c 90 Network latency (cycles) 80 Input c c Expect?

PyOCN: A Unified Framework for Modeling, Testing, and Evaluating On-Chip Networks Modeling Testing Evaluating 100 c c 90 Network latency (cycles) 80 Input c c Expect? 70 R 60 c c 50 40 c c 30 20 10 Functional-Level Unit 0

563 views • 20 slides
Blood Gas Testing and Other Contemporary Issues in POCT in the Operating Room: * Evaluating Two

Blood Gas Testing and Other Contemporary Issues in POCT in the Operating Room: * Evaluating Two

Blood Gas Testing and Other Contemporary Issues in POCT in the Operating Room: * Evaluating Two Models for Blood Gas Testing * Need for Better POC Methods for PTH and Fibrinogen John Toffaletti, PhD Professor in Pathology Director of Blood Gas

459 views • 33 slides
Secret Sharing and Visual Cryptography Outline Secret Sharing Visual Secret Sharing

Secret Sharing and Visual Cryptography Outline Secret Sharing Visual Secret Sharing

Secret Sharing and Visual Cryptography Outline Secret Sharing Visual Secret Sharing Constructions Moir Cryptography Issues Secret Sharing Secret Sharing Threshold Secret Sharing (Shamir, Blakely 1979) Motivation

1.32k views • 62 slides
VICTORIA'S SECRET THE WORLD'S BEST BRAS OVERVIEW Victoria's Secret Victoria's PINK Secret

VICTORIA'S SECRET THE WORLD'S BEST BRAS OVERVIEW Victoria's Secret Victoria's PINK Secret

NEW YORK LONDON SHANGHAI VICTORIA'S SECRET THE WORLD'S BEST BRAS OVERVIEW Victoria's Secret Victoria's PINK Secret Sport WE ARE MISSION VISION VALUES 8.1% GROWTH BY 2022 3BN DOMESTIC VALUE STATS WE OFFER LINGERIE PANTIES

340 views • 30 slides
Today. Polynomials. Secret Sharing. A secret! I have a secret! A number from 0 to 10. What is

Today. Polynomials. Secret Sharing. A secret! I have a secret! A number from 0 to 10. What is

Today. Polynomials. Secret Sharing. A secret! I have a secret! A number from 0 to 10. What is it? Any one of you knows nothing! Any two of you can figure it out! Example Applications: Nuclear launch: need at least 3 out of 5 people to

513 views • 23 slides
Testing & Validation Evaluating Mobility Performance of Unmanned Ground Vehicles Michael P.

Testing & Validation Evaluating Mobility Performance of Unmanned Ground Vehicles Michael P.

Modeling & Simulation, Testing & Validation Evaluating Mobility Performance of Unmanned Ground Vehicles Michael P. Cole 1 Cory M. Crean 1 David J. Gorsich, PhD 1 Paramsothy Jayakumar, PhD 1 Abhinandan Jain, PhD 2 Tulga Ersal, PhD 3 1. US

500 views • 16 slides
Secret Sharing See: Shamir, How to Share a Secret , CACM, Vol. 22, No. 11, November 1979, pp.

Secret Sharing See: Shamir, How to Share a Secret , CACM, Vol. 22, No. 11, November 1979, pp.

Secret Sharing See: Shamir, How to Share a Secret , CACM, Vol. 22, No. 11, November 1979, pp. 612613 Eli Biham - May 3, 2005 c 497 Secret Sharing (17) How to Keep a Secret Key Securely Information can be secured by encryption under a

597 views • 23 slides
UNINTENDED EXTUBATION: IMPROVING CARE FOR THE PEDIATRIC TRAUMA POPULATION Jennifer Fritzeen,

UNINTENDED EXTUBATION: IMPROVING CARE FOR THE PEDIATRIC TRAUMA POPULATION Jennifer Fritzeen,

UNINTENDED EXTUBATION: IMPROVING CARE FOR THE PEDIATRIC TRAUMA POPULATION Jennifer Fritzeen, MSN, RN, PCNS Trauma & Burn Program Manager Childrens National Medical Center Unintended Extubations Loss or displacement of the endotracheal

431 views • 22 slides
set to take off at the secret is out! The Secret is out! This years Emmys gift bags will be the

set to take off at the secret is out! The Secret is out! This years Emmys gift bags will be the

set to take off at the secret is out! The Secret is out! This years Emmys gift bags will be the international launchpad of a new Australian owned moisturizer specifically formulated for airline passengers and cabin crew. Aviation

493 views • 3 slides
Advanced Tools from Modern Cryptography Lecture 3 Secret-Sharing (ctd.) Secret-Sharing Last

Advanced Tools from Modern Cryptography Lecture 3 Secret-Sharing (ctd.) Secret-Sharing Last

Advanced Tools from Modern Cryptography Lecture 3 Secret-Sharing (ctd.) Secret-Sharing Last time (n,t) secret-sharing (n,n) via additive secret-sharing Shamir secret-sharing for general (n,t) Shamir secret-sharing is a linear

611 views • 14 slides
TOP SECRET DEFENCE ESTATE & TOP SECRET INFRASTRUCTURE New Zealand Defence Industry

TOP SECRET DEFENCE ESTATE & TOP SECRET INFRASTRUCTURE New Zealand Defence Industry

TOP SECRET DEFENCE ESTATE & TOP SECRET INFRASTRUCTURE New Zealand Defence Industry Association Members Meeting 9 May 2018, Wellington UNCLASSIFIED 2 Estate Regeneration: Building DEI capability through an Alliance TOP SECRET

715 views • 17 slides
1 What makes something a secret? What is worth keeping secret? Should secrets be

1 What makes something a secret? What is worth keeping secret? Should secrets be

S E W OME N S B USINE SS : CRE T I NOUS R S , A NT OGY , AND T HE NDIGE IGHT HROPOL H INDMARSH I AND B RIDGE C ONT RSY SL ROVE 1 What makes something a secret? What is worth keeping secret? Should secrets be revealed?

260 views • 14 slides
Secret Com puters - transcript of presentation video Hi Im Kevin McCarthy and I work on secret

Secret Com puters - transcript of presentation video Hi Im Kevin McCarthy and I work on secret

Secret Com puters - transcript of presentation video Hi Im Kevin McCarthy and I work on secret computing at Inpher and Im part of team Secret Computers. Hi Im Simon Bucket I work for Standard Chartered in Financial Crime investigations.

64 views • 4 slides
The he Coming Coming L Lamb mb : Johns Apocalyptic Introduction of Christ and its

The he Coming Coming L Lamb mb : Johns Apocalyptic Introduction of Christ and its

The he Coming Coming L Lamb mb : Johns Apocalyptic Introduction of Christ and its Eschatological Implications Jeffrey R. Dickson PhD What if John used a word 29 times in Revelation for Christ? What if this proved to be more than double

501 views • 17 slides
Non-Farming Activities among Orang Asli Households in Royal Belum State Park, Perak Khairul Hisyam

Non-Farming Activities among Orang Asli Households in Royal Belum State Park, Perak Khairul Hisyam

Non-Farming Activities among Orang Asli Households in Royal Belum State Park, Perak Khairul Hisyam Kamarudin, PhD * Khamarrul Azahari Razak, PhD Rozaimi Che Hasan, PhD Shamsul Sarip, PhD UTM RAZAK SCHOOL of Engineering & Advanced Technology

409 views • 20 slides
English Language Sharing Primary 6 2 February 2018 Tackling English Language Paper 1 Springdale

English Language Sharing Primary 6 2 February 2018 Tackling English Language Paper 1 Springdale

Parents Seminar English Language Sharing Primary 6 2 February 2018 Tackling English Language Paper 1 Springdale Primary School English Language Paper 1 Total duration of paper: 1 hour 10 min WRITING COMPONENTS MARKS Situational Writing

717 views • 35 slides
Festival 2016 Briefing Slides 2016 Theme Heroism Celebratin ing courage and everyday heroes

Festival 2016 Briefing Slides 2016 Theme Heroism Celebratin ing courage and everyday heroes

Literary Festival 2016 Briefing Slides 2016 Theme Heroism Celebratin ing courage and everyday heroes Event Details Day: : Friday 20 TH May 2016 (Week 9) Date: : Tim ime: : 2.30 pm to 9.30pm Venue: : All around CCHY Target Gro

683 views • 17 slides
Speaker: Pastor Gilbert van Bueren REVELATION 5 Series The Future has already Begun #5 IBC

Speaker: Pastor Gilbert van Bueren REVELATION 5 Series The Future has already Begun #5 IBC

Series The future has already begun #5 Revelation 5: The Lion of Judah is the Lamb slain Revelation 5 Speaker: Pastor Gilbert van Bueren REVELATION 5 Series The Future has already Begun #5 IBC Eindhoven, 26 January 2020 THRONE THE

472 views • 6 slides
DEEP LEARNING WITH COTS HPC SYSTEMS Adam Coates, Brody Huval, Tao Wang, David Wu, Bryan

DEEP LEARNING WITH COTS HPC SYSTEMS Adam Coates, Brody Huval, Tao Wang, David Wu, Bryan

DEEP LEARNING WITH COTS HPC SYSTEMS Adam Coates, Brody Huval, Tao Wang, David Wu, Bryan Catanzaro, Ng Andrew ; Proceedings of the 30th International Conference on Machine Learning, PMLR 28(3):1337-1345, 2013. MODELS NOW Larger and larger

732 views • 46 slides
1 ChronologyofMartyrdom Jesus death 30 C.E. Occasional, localized Revelation 95-110

1 ChronologyofMartyrdom Jesus death 30 C.E. Occasional, localized Revelation 95-110

Class7b Outline ChronologyofMartyrdom TheSpectacleofMartyrdom Typesofspectacle Archaeologicalevidence ThePiercedLambofRevelation

339 views • 10 slides
Nonadiaba(c cavity QED effects with superconduc(ng qubit-resonator

Nonadiaba(c cavity QED effects with superconduc(ng qubit-resonator

Workshop on the Theory & Prac2ce of Adiaba2c Quantum Computers and Quantum Simula2on, Trieste, Italy, 2016 Nonadiaba(c cavity QED effects with

579 views • 31 slides

More recommend