Measuring and enhancing the security of machine learning
Abstract/Contents
- Abstract
- The surprising failure modes of machine learning systems threaten their viability in security-critical settings. For example, machine learning models are easily fooled by adversarially chosen inputs, and have the propensity to leak the sensitive data of their users. In this dissertation, we introduce new techniques to proactively measure and enhance the security of machine learning systems. We begin by formally analyzing the threat posed by adversarial examples to the integrity of machine learning models. We argue that the security implications of these attacks has been overstated for many applications, yet demonstrate one application where these attacks are indeed realistic---for evading online content moderation systems. We then show that existing defense techniques operate in fundamentally limited threat models, and therefore cannot hope to prevent realistic attacks. We further introduce new techniques for protecting the privacy of users of machine learning systems---both at training and deployment time. For training, we show how feature engineering techniques can substantially improve differentially private learning algorithms. For deployment, we design a system that combines hardware protections and cryptography to privately outsource machine learning workloads to the cloud. In both cases, we protect a user's sensitive data from other parties while achieving significantly better utility than in prior work. We hope that our results will pave the way towards a more rigorous assessment of machine learning models' vulnerability against evasion attacks, and motivate the deployment of efficient privacy-preserving learning systems.
Description
| Type of resource | text |
|---|---|
| Form | electronic resource; remote; computer; online resource |
| Extent | 1 online resource. |
| Place | California |
| Place | [Stanford, California] |
| Publisher | [Stanford University] |
| Copyright date | 2021; ©2021 |
| Publication date | 2021; 2021 |
| Issuance | monographic |
| Language | English |
Creators/Contributors
| Author | Tramèr, Florian Simon |
|---|---|
| Degree supervisor | Boneh, Dan, 1969- |
| Thesis advisor | Boneh, Dan, 1969- |
| Thesis advisor | Liang, Percy |
| Thesis advisor | Valiant, Gregory |
| Degree committee member | Liang, Percy |
| Degree committee member | Valiant, Gregory |
| Associated with | Stanford University, Computer Science Department |
Subjects
| Genre | Theses |
|---|---|
| Genre | Text |
Bibliographic information
| Statement of responsibility | Florian Tramèr. |
|---|---|
| Note | Submitted to the Computer Science Department. |
| Thesis | Thesis Ph.D. Stanford University 2021. |
| Location | https://purl.stanford.edu/yz747qq9787 |
Access conditions
- Copyright
- © 2021 by Florian Simon Tramer
Also listed in
Loading usage metrics...