Title: Individualized Privacy and Memorization in Machine Learning Models
Speaker: Franziska Boenisch
Date: Friday, April 12th, 2024
Time: 1:00 PM - 2:00 PM
Location: DC 1302
Zoom Link: Click Here to Join
Passcode: DC2597
Abstract: In this talk, I will cover my two latest lines of work on individualized privacy for supervised machine learning and memorization in self-supervised learning (SSL). Privacy preservation in supervised learning is required to protect leakage of sensitive information from the trained models. The common approach to implement privacy is to integrate differential privacy (DP) into the training procedure. Standard DP sets one privacy budget for the entire training set, independent of the preferences and requirements of individual data points. We argue that this approach is limited because different individuals may have different privacy requirements. Building on the standard algorithm for privacy-preserving ML, we propose the Individualized DPSGD algorithm that does not only allow to respect individuals’ privacy preferences, but also enables to leverage training data more efficiently—thereby yielding better ML models. For SSL, the leakage of sensitive information from the encoders is not as well understood as in supervised learning. To analyze the privacy implications in a more structured way, we propose the first definition of SSL memorization. Based on this definition, we evaluate memorization in various SSL frameworks and for various encoder architectures. We identify which individual input samples are most prone to memorization, and, thereby, more exposed to privacy risks.
Speakers Bio: Franziska is a tenure-track faculty at the CISPA Helmholtz Center for Information Security where she co-leads the SprintML lab. Before, she was a Postdoctoral Fellow at the University of Toronto and Vector Institute advised by Prof. Nicolas Papernot. Her current research centers around private and trustworthy machine learning. Franziska obtained her Ph.D. at the Computer Science Department at Freie University Berlin, where she pioneered the notion of individualized privacy in machine learning. During her Ph.D., Franziska was a research associate at the Fraunhofer Institute for Applied and Integrated Security (AISEC), Germany. She received a Fraunhofer TALENTA grant for outstanding female early career researchers, the German Industrial Research Foundation prize for her research on machine learning privacy, and the Fraunhofer ICT Dissertation award 2023.