Featured event

SILO Seminar 021815

SILO Seminar – Thomas Ristenpart

Event Details

When: February 18, 2015, 12:30 PM


Contact: 608-316-4401, hstampfli@wisc.edu

Model Inversion and other Threats in Machine Learning

Thomas Ristenpart

Thomas Ristenpart

I’m going to talk about some of our recent and ongoing work on topics that touch on machine learning and optimization. I’ll focus mainly on our work on model inversion attacks. Consider a machine learning model f that takes features x_1,…,x_t and produces from them a prediction y. In many contexts some features are sensitive; I’ll discuss pharmacogenetics as one such where x_t represents a person’s genetic markers. What we show is that an attacker that obtains access to f and given some subset of the other features x_1,…,x_{t-1} and a value related to y, one can infer x_t (hence “inverting” the model). I will talk about such attacks in the case of pharmacogenetics as well as machine-learning-as-a-service settings.

Time allowing I’ll mention briefly our work on sensing in adversarial settings.

This talk will cover joint work with Matthew Fredrikson, Eric Lantz, Somesh Jha, Simon Lin, and David Page.

SILO is a lecture series with speakers from the UW faculty, graduate students or invited researchers that discuss mathematical related topics. The seminars are organized by WID’s Optimization research group.

SILO’s purpose is to provide a forum that helps connect and recruit mathematically-minded graduate students. SILO is a lunch-and-listen format, where speakers present interesting math topics while the audience eats lunch.

Speaker: Tom Ristenpart, CS Department, UW–Madison