Secure and Privacy-Preserving Machine Learning - A Case Study on Model Stealing Attacks Against Deep Learning

Thursday, February 20, 2020 - 11:00
Blakeslee Room
Xiaoyong Yuan

Due to the recent breakthroughs, machine learning, especially deep learning, is pervasively serving numerous areas such as autonomous driving, game playing, virtual assistants, and machine translation. However, significant security and privacy concerns have been raised in deploying deep learning algorithms. On the one hand, deep learning algorithms are fragile and easily fooled by attacks. For example, an imperceptible perturbation on the traffic sign can mislead the autonomous driving systems. On the other hand, with the increasing use of deep learning in personalization, virtual assistants, and healthcare, deep learning models can potentially leak users’ sensitive and confidential information.

In this talk, I will first provide an overview of security and privacy issues in deep learning. Then I will focus on my recent research on a data-agnostic model stealing attack against deep learning. With a high business value, deep learning models have become essential components for various commercialized machine learning services, such as Machine Learning as a Service (MLaaS). Model stealing attacks are capable of extracting a functionally equivalent copy of deep learning models and cause the breach of confidentiality and integrity of deep learning algorithms. Most existing model stealing attacks require private training data or auxiliary data from the service providers, which significantly limits the attacking impact and practicality. We propose a much more practical attack without the hurdle of acquiring the knowledge of training data. Effectiveness will be showcased in several widely used datasets. The talk will conclude by discussing future research directions of security and privacy concerns in deep learning as well as potential countermeasures.



Mr. Xiaoyong (Brian) Yuan is a Ph.D. candidate in Computer Science at the University of Florida. He received his M.E. degree in Computer Engineering from Peking University in 2015 and his B.S. degree in Mathematics from Fudan University in 2012. Mr. Yuan’s research interest spans across the fields of big data, deep learning, security and privacy, and cloud computing. Mr. Yuan has published 17 papers in top-tier journals and conferences, such as IEEE Transactions on Neural Networks and Learning Systems (TNNLS) and AAAI Conference on Artificial Intelligence (AAAI). Mr. Yuan served as the reviewer of several leading journals and conferences, such as IEEE Transactions on Neural Networks and Learning Systems (TNNLS), International Conference on Learning Representations (ICLR), IEEE Transactions on Dependable and Secure Computing (TDSC), and IEEE Transactions on Parallel and Distributed Systems (TPDS).