Meta-Learning for Privacy-Preserving DNNs
Event details
| Date | 05.07.2024 |
| Hour | 10:30 › 12:30 |
| Speaker | Malo Lucas Perez |
| Location | |
| Category | Conferences - Seminars |
EDIC candidacy exam
Exam president: Prof. Edouard Bugnion
Thesis advisor: Prof. Mathieu Salzmann
Co-examiner: Prof. Sabine Süsstrunk
Abstract
Deep neural network (DNNs) being deployed in many real-world applications and processing huge amount of potentially sensitive data raises important new concerns. In particular with regards to the privacy of individuals whose data is used both during training and inference. More specifically it has been shown that features extracted from DNNs trained for a target biometric task leak private unrelated attributes, also referred to as unintentional feature leakage. We therefore explore three papers, whose methods could lead to a new way of building and training DDNs in a privacy preserving way. This would enable privacy-by-design, a crucial paradigm in privacy engineering that encourages putting privacy at the fore-front when developing any system. The three methods we will describe today, and that could prove to be a good toolbox for constructing privacy-preserving DNNs, are (1) adversarial representation learning, (2) hyper-parameter optimisation and neural architecture search and finally (3) model soups.
Background papers
A. Li, J. Guo, H. Yang, and Y.Chen "DeepObfuscator: Obfuscating Intermediate Representations with Privacy-Preserving Adversarial Learning on Smartphones" 2019
https://arxiv.org/pdf/1909.04126
R. S. Sukthanker, S. Dooley, J. P. Dickerson, C. White, F. Hutter, and M. Goldblum, "On the Importance of Architectures and Hyperparameters for Fairness in Face Recognition" 2023
https://openreview.net/pdf?id=iiRDsy85uXi
M. Wortsman, G. Ilharco, S. Y. Gadre, R. Roelofs, R. Gontijo- Lopes, A. S. Morcos, H. Namkoong, A. Farhadi, Y. Carmon, S. Kornblith, and L. Schmidt, “Model soups: averaging weights of multiple fine-tuned models improves accuracy without in- creasing inference time,” 2022.
https://arxiv.org/pdf/2203.05482
Exam president: Prof. Edouard Bugnion
Thesis advisor: Prof. Mathieu Salzmann
Co-examiner: Prof. Sabine Süsstrunk
Abstract
Deep neural network (DNNs) being deployed in many real-world applications and processing huge amount of potentially sensitive data raises important new concerns. In particular with regards to the privacy of individuals whose data is used both during training and inference. More specifically it has been shown that features extracted from DNNs trained for a target biometric task leak private unrelated attributes, also referred to as unintentional feature leakage. We therefore explore three papers, whose methods could lead to a new way of building and training DDNs in a privacy preserving way. This would enable privacy-by-design, a crucial paradigm in privacy engineering that encourages putting privacy at the fore-front when developing any system. The three methods we will describe today, and that could prove to be a good toolbox for constructing privacy-preserving DNNs, are (1) adversarial representation learning, (2) hyper-parameter optimisation and neural architecture search and finally (3) model soups.
Background papers
A. Li, J. Guo, H. Yang, and Y.Chen "DeepObfuscator: Obfuscating Intermediate Representations with Privacy-Preserving Adversarial Learning on Smartphones" 2019
https://arxiv.org/pdf/1909.04126
R. S. Sukthanker, S. Dooley, J. P. Dickerson, C. White, F. Hutter, and M. Goldblum, "On the Importance of Architectures and Hyperparameters for Fairness in Face Recognition" 2023
https://openreview.net/pdf?id=iiRDsy85uXi
M. Wortsman, G. Ilharco, S. Y. Gadre, R. Roelofs, R. Gontijo- Lopes, A. S. Morcos, H. Namkoong, A. Farhadi, Y. Carmon, S. Kornblith, and L. Schmidt, “Model soups: averaging weights of multiple fine-tuned models improves accuracy without in- creasing inference time,” 2022.
https://arxiv.org/pdf/2203.05482
Practical information
- General public
- Free