CAN WE TRUST MACHINE LEARNING MODELS?
Speaker: Prof. Vitaly Shmatikov.
Affiliation: Cornell Tech.
Summary: Modern machine learning models achieve super-human accuracy on tasks such as image classification and natural-language generation, but accuracy does not tell the entire story of what these models are learning. In this talk, I will look at today's machine learning from a security and privacy perspective. Could models trained on private data memorize and leak this data? When training involves crowd-sourced data, untrusted users, or third-party code, could models learn malicious functionality, causing them to produce incorrect or harmful outputs? How could LLMs be attacked?
I will illustrate these vulnerabilities with concrete examples and discuss the benefits and tradeoffs of technologies that promise to protect the integrity and privacy of machine learning models and their training data. I will then outline practical approaches towards making trusted machine learning a reality.
Biography: Vitaly Shmatikov is a professor of computer science at Cornell Tech, where he works on computer security and privacy. Vitaly's research group has received the PET Award for Outstanding Research in Privacy Enhancing Technologies three times, as well as multiple Distinguished Paper and Test-of-Time Awards from the IEEE Security and Privacy (Oakland), USENIX Security, ACM CCS, LICS, and EMNLP.
Registration: Participation is free. However, registration is required on Eventbrite at the following link: "Can We Trust Machine Learning Models?".
Recording: The seminar recording can be found at this link.