- This event has passed.
Colloquium – Nils Lukas
March 20 @ 10:00 am - 11:00 am
Colloquium
Nils Lukas
University of Waterloo
March 20, 2024
10:00am
3780 WEB
Analyzing Threats of Large-Scale Machine Learning Systems
Abstract: Machine Learning (ML) systems rapidly transform how we interact with and trust digital media. The emergence of such a powerful technology faces a dual-use dilemma. While ML systems can have many positive societal impacts when used responsibly, such as providing access to information through its question-answering capabilities, ML systems can also intentionally be misused by a few untrustworthy users to cause harm. In my talk, I will focus on two threats: (i) During inference, the ML system can leak sensitive information it has memorized during training, which threatens the training data privacy, and (ii) ML systems can be misused to erode trust in digital media by presenting generated content as authentic (e.g., by generating deepfakes). I analyze the reliability of differential privacy and watermarking as potential solutions to mitigate these threats and discuss challenges and potential solutions for leveraging optimization to enhance the reliability of ML security mechanisms.
Bio: Nils Lukas received his Ph.D. at the University of Waterloo in Canada under Prof. Florian Kerschbaum’s supervision. His research focuses on threats that emerge when deploying large machine learning systems from three perspectives: (1) Untrustworthy data, when the training data has been manipulated to undermine the model’s integrity; (2) Untrustworthy models, when the model leaks sensitive information that it memorized during training and (3) Untrustworthy users, who misuse the provided models for unintended purposes such as generating deepfakes. Nils has published in top-tier machine learning and security conferences such as ICLR, USENIX, and IEEE S&P. His research topics include data poisoning, differential privacy with language models, and developing watermarking methods to detect generated content. Nils has also contributed to developing secure multiparty computation protocols for private information retrieval and the secure inference of deep neural networks.