CWI Cryptology Group

Abstract: In this talk we discuss the use of differential privacy as a lens to examine online learning in both full and partial information settings. The differential privacy framework is, at heart, about algorithmic stability, and thus has found application in domains well beyond those where information security is central. Here we develop an algorithmic property called one-step differential stability which facilitates a more refined regret analysis for online learning methods. We show that tools from the differential privacy literature can yield regret bounds for many interesting online learning problems including online convex optimization and online linear optimization. Our stability notion is particularly well-suited for deriving first-order regret bounds for follow-the-perturbed-leader algorithms, something that all previous analyses have struggled to achieve. We also generalize the standard max-divergence to obtain a broader class called Tsallis max-divergences. These define stronger notions of stability that are useful in deriving bounds in partial information settings such as multi-armed bandits and bandits with experts.

Abstract: We show how multiple data owning parties can collaboratively train several machine learning algorithms without jeopardizing the privacy of their sensitive data. In particular, we assume that every party knows specific features of an overlapping set of people. Using a secure implementation of an advanced hidden set intersection protocol and a privacy-preserving Gradient Descent algorithm, we are able to train a Ridge, LASSO or SVM model over the intersection of people in their data sets. Both the hidden set intersection protocol and privacy-preserving LASSO implementation are unprecedented in literature.

Abstract: We propose a novel defense strategy against all existing black box gradient based adversarial attacks on deep neural networks for image classification problems. Our strategy yields a unique security property which we term buffer zones and we argue that this offers significant improvements over state-of-the-art defenses. We are able to achieve this improvement even when the adversary has access to the entire original training data set and unlimited query access to the image classifier with defense. In order to compare different defenses, we will provide a graphic representation that visualizes the trade-off between accuracy in a non-malicious environment (clean accuracy) and accuracy in a malicious environment (with adversarial examples).

Abstract: Automated machine learning (AutoML) is the science of building machine learning models in a data-driven, efficient, and objective way. It replaces manual trial-and-error with automated, guided processes. In this tutorial, we will guide you through the current state of the art in hyper parameter optimization, pipeline construction, and neural architecture search. We will discuss model-free black box optimization methods, Bayesian optimization, as well as evolutionary and other techniques. We will also pay attention to meta-learning, i.e. learning how to build machine learning models based on prior experience. Finally, we will give some practical guidance on how to do AutoML and meta-learning with open source tools.