CRII: SaTC: PrivateNet - Preserving Differential Privacy in Deep Learning under Model Attacks

CRII：SaTC：PrivateNet - 在模型攻击下保护深度学习中的差异隐私

• 批准号: 1850094
• 负责人: Hai Phan
• 金额: $ 17.4万
• 依托单位: New Jersey Institute of Technology
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-02-15 至 2023-01-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1850094&HistoricalAwards=false
• 关键词: CRII; SaTC; PrivateNet; Preserving; Differential

The rapid development of machine learning in the domain of healthcare presents clear privacy issues, when deep neural networks and other models are built based on patients' personal and highly sensitive data such as clinical records or tracked health data. Further, these models can be vulnerable to attackers trying to infer the sensitive data that was used to build the model. This raises important research questions about how to develop machine learning models that protect private data against inference attacks while still being accurate and useful predictive models, as well as important practical considerations about how these risks to patient data may expose health care providers to legal action based on HIPAA and related regulations. To address these questions, this project will develop a framework, called PrivateNet, for privacy preservation in deep neural networks under model attacks to offer strong privacy protections for data used in deep learning. PrivateNet will be developed on top of commonly used machine learning frameworks, providing ways for the project's findings to have impact in both industry and educational contexts.A key thrust of the project is to better understand and defend against model inference attacks, including both well-known fundamental model attacks and novel attacks developed through prism of the classical confidentiality and integrity models. Through an extensive analysis of these attacks, the team will develop an understanding of the relative risks of key aspects of learning approaches. In particular, vulnerable features, parameters, and correlations, which are essential to conduct model attacks, will be automatically identified and protected in a novel threat-aware privacy preserving approach based on ideas from differential privacy. Specifically, the team will develop adaptive privacy preserving mechanisms that distribute noise across the most vulnerable aspects of the learning process to provide strong differential privacy protections in deep learning models while maintaining high model utility. The project is expected to lay a foundation of key privacy-preserving techniques to protect users' personal and highly sensitive data in deep learning under model attacks.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

当基于患者的个人和高度敏感的数据（例如临床记录或跟踪的健康数据）建立深层神经网络和其他模型时，医疗保健领域的机器学习的快速开发提出了明确的隐私问题。 此外，这些模型可能容易受到试图推断用于构建模型的敏感数据的攻击者。 这就提出了有关如何开发机器学习模型的重要研究问题，这些机器学习模型可以保护私人数据免受推理攻击，同时仍然是准确和有用的预测模型，以及有关这些对患者数据的风险如何使医疗保健提供者如何将基于HIPAA及其相关法规的法律诉讼暴露于法律行动的重要实际考虑。为了解决这些问题，该项目将在模型攻击下开发一个称为PrivateNet的框架，以保护深度神经网络的隐私保护，以为深度学习中使用的数据提供强大的隐私保护。 PrivateNet将在常用的机器学习框架之上开发，为项目发现在行业和教育环境中产生影响的方法。该项目的关键要素是更好地理解和捍卫针对模型推断攻击，包括众所周知的基本模型攻击以及通过经典的自由性和完整性模型的PRISM开发的著名基本攻击。 通过对这些攻击的广泛分析，团队将对学习方法关键方面的相对风险有所了解。 尤其是，将根据差异隐私的想法自动识别和保护脆弱的特征，参数和相关性，这些特征，参数和相关性对于进行模型攻击至关重要。 具体而言，团队将开发自适应隐私保护机制，这些机制在学习过程的最脆弱方面分布噪声，以在深度学习模型中提供强大的差异隐私保护，同时保持高模型效用。 预计该项目将奠定重要的隐私技术的基础，以保护用户在模型攻击下深度学习中的个人和高度敏感的数据。该奖项反映了NSF的法定任务，并被认为是值得通过基金会的知识分子优点和更广泛的影响来通过评估来支持的。

项目成果

Heterogeneous Gaussian Mechanism: Preserving Differential Privacy in Deep Learning with Provable Robustness

• DOI: 10.24963/ijcai.2019/660
• 发表时间: 2019-06
• 期刊: ArXiv
• 作者: Nhathai Phan;Minh N. Vu;Yang Liu;R. Jin;D. Dou;Xintao Wu;M. Thai

Ontology-based Interpretable Machine Learning for Textual Data

• DOI: 10.1109/ijcnn48605.2020.9206753
• 发表时间: 2020-04
• 期刊: 2020 International Joint Conference on Neural Networks (IJCNN)
• 作者: Phung Lai;Nhathai Phan;Han Hu;Anuja Badeti;David Newman;D. Dou

A Synergetic Attack against Neural Network Classifiers combining Backdoor and Adversarial Examples

• DOI: 10.1109/bigdata52589.2021.9671964
• 发表时间: 2021-09
• 期刊: 2021 IEEE International Conference on Big Data (Big Data)
• 作者: Guanxiong Liu;Issa M. Khalil;Abdallah Khreishah;Nhathai Phan

User-Entity Differential Privacy in Learning Natural Language Models

• DOI: 10.1109/bigdata55660.2022.10020247
• 发表时间: 2022-11
• 期刊: 2022 IEEE International Conference on Big Data (Big Data)
• 作者: Phung Lai;Nhathai Phan;Tong Sun;R. Jain;Franck Dernoncourt;Jiuxiang Gu;Nikolaos Barmpalios

Differentially Private Lifelong Learning

差异化私人终身学习

• 发表时间: 2019
• 期刊: NeurIPS'19 Workshop
• 作者: NhatHai Phan, My T.