Administrative Information
| Title | Privacy in Machine Learning |
| Duration | 90 min |
| Module | B |
| Lesson Type | Lecture |
| Focus | Ethical - Trustworthy AI |
| Topic | Privacy |
Keywords
Adversary models,Training data extraction,Membership attack,Model extraction,
Learning Goals
- Understanding of privacy risks in machine learning
- Distinguish training data and model extractions attacks/threats
- Learn adversarial modelling and threat analysis in AI
- Learn the principles of AI privacy auditing
- Distinguish membership and reconstruction attacks
- Distinguish membership attack and model inversion
Expected Preparation
Learning Events to be Completed Before
Obligatory for Students
- basics of machine learning,
- basic linear algebra,
- basic function analysis
Optional for Students
None.
References and background for students
- An Overview of Privacy in Machine Learning
- Data Privacy and Trustworthy Machine Learning
- Membership inference attacks against machine learning models
- Comprehensive privacy analysis of deep learning: Passive and active white-box inference attacks against centralized and federated learning
- Extracting training data from large language models
- Machine learning with membership privacy using adversarial regularization
- The secret sharer: Evaluating and testing unintended memorization in neural networks
Recommended for Teachers
Lesson materials
Instructions for Teachers
This course provides a general introduction to different confidentiality issues of Machine learning. Teachers are recommended to use real-life examples to demonstrate the practical relevance of these vulnerabilities especially for privacy-related issues whose practical relevance is often debated and considered as an obstacle to human development. Students must understand that privacy risks can also slow down progress (parties facing confidentiality risks may be reluctant to share their data). It focuses on the basic understanding needed to recognize privacy threats for the purpose of auditing machine learning models. Related practical skills can be further developed in more practical learning events:
- Practical: Applying and evaluating privacy-preserving techniques
- Practical: Auditing frameworks of privacy and data protection
Outline
| Duration (min) | Description | Concepts |
|---|---|---|
| 20 | Machine Learning: Recap | Learning algorithm, Classification, Neural networks, Gradient descent, confidence scores |
| 5 | Adversary models | White-box, Black-box attacks |
| 20 | Membership attack | Target model, Attacker model, Differential Privacy |
| 20 | Modell inversion | Gradient descent with respect to input data, reconstruction of class average |
| 20 | Model extraction | Re-training, parameter reconstruction, mitigations |
| 5 | Conclusions |
Acknowledgements
The Human-Centered AI Masters programme was Co-Financed by the Connecting Europe Facility of the European Union Under Grant №CEF-TC-2020-1 Digital Skills 2020-EU-IA-0068.