Vitaly Shmatikov: "Privacy-preserving Deep Learning"

Presentation Date: 

Monday, April 6, 2015

Location: 

Maxwell Dworkin 119

Date: Monday, April 6, 2015
Time: 
11:30am – 1:00pm
Place: 
Maxwell Dworkin 119

Speaker: Vitaly Shmatikov, Visiting Scholar at Cornell NYC Tech

Title:  Privacy-preserving Deep Learning

Abstract:  Deep learning based on artificial neural networks is a very popular approach to modeling, classifying, and recognizing complex data such as images, speech, and text.  The unprecedented accuracy of deep learning methods has turned them into the foundation of new AI-based services on the Internet.  Commercial companies that collect user data on a large scale have been the main beneficiaries since the success of deep learning techniques is directly proportional to the amount of data available for training.

Massive data collection required for deep learning presents obvious privacy issues.  Users' personal, highly sensitive data such as photos and voice recordings is kept indefinitely by the companies that collect it.

Users can neither delete it, nor can restrict the purposes for which it is used.  Furthermore, centrally kept data is subject to legal subpoenas and extra-judicial surveillance.  In many situations, privacy and confidentiality concerns prevent data owners from sharing data and thus benefitting from large-scale deep learning.

In this talk, I will describe joint work with Reza Shokri on a practical system that enables multiple parties to collectively learn an accurate neural-network model for a given objective without sharing their input datasets.  Our preliminary results indicate that this system offers an attractive point in the utility/privacy tradeoff space: participants preserve the privacy of their respective inputs, while still benefitting from other participants' models and thus boosting their learning accuracy beyond what is achievable solely on their own inputs.

Biography: Vitaly Shmatikov is a visiting scholar at Cornell NYC Tech.  His research area is security and privacy.  Vitaly received the PET Award for Outstanding Research in Privacy Enhancing Technologies twice, in 2008 and 2014, and was a runner-up in 2013.  Vitaly's research group won the Best Practical Paper or Best Student Paper Awards at the 2012, 2013, and 2014 IEEE Symposiums on Security and Privacy ("Oakland"), as well as the 2012 NYU-Poly AT&T Best Applied Security Paper Award, NDSS 2013 Best Student Paper Award, and the CCS 2011 Test-of-Time Award.