Collaborative Research: SaTC: CORE: Small: Foundations for the Next Generation of Private Learning Systems

协作研究：SaTC：核心：小型：下一代私人学习系统的基础

• 批准号: 2120667
• 负责人: Adam Smith
• 金额: $ 10万
• 依托单位: Trustees of Boston University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-10-01 至 2023-06-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2120667&HistoricalAwards=false
• 关键词: Collaborative; Research; SaTC; CORE; Small; Collaborative; Research; SaTC; CORE; Small

Recent advances in large-scale machine learning (ML) promise a range of benefits to society, but also introduce new risks. One major risk is a loss of privacy for the individuals whose data powers the machine learning algorithms. There are now convincing demonstrations that algorithms for machine learning can reveal sensitive information about individuals in their training data by memorizing specific strings of sensitive text such as bank account numbers or through membership-inference attacks. In the recent years, a framework called differential privacy---a mathematically principled, quantitative notion of what it means for an algorithm to ensure privacy for the individuals who contribute training data---has led to significant progress towards privacy in machine learning. This progress offers a proof-of-concept that we can hope to enjoy some of the benefits of using machine learning on sensitive data, while measuring and limiting breaches of confidentiality. This project will investigate and begin to make some of the fundamental advances that are necessary to make differentially private ML a viable technology. The focus will be on laying the groundwork for differentially private ML for entire systems, rather than for standalone tasks, which have been the focus of prior work. This project team comprising researchers with a broad range of expertise in ML, algorithms, systems, and cybersecurity, has planned a set of education tasks: public-facing set of course materials on differentially private machine learning and statistics and and an undergraduate-level textbook on differential privacy.This project includes three technical thrusts that will lay the groundwork for future efforts to build private ML systems. The first thrust will be to improve the foundational algorithms that enable differentially private ML on high-dimensional data. The second thrust will be to build a bridge between algorithms for standalone ML tasks and algorithms for systems-level workloads of ML tasks, by developing differentially private algorithms for training many personalized models, which is a paradigmatic workload in ML. The final thrust will consist of empirical work on auditing differentially private ML methods to understand how the real-world privacy costs compare to those predicted by the theory of differential privacy when these algorithms are used as part of realistic workloads, such as models that are continually updated with new data. This privacy auditing will also facilitate detecting unwanted memorization of training data in machine learning, and also provide more quantitative approaches to auditing differentially private algorithms based on membership-inference and data poisoning.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

大规模机器学习（ML）的最新进展有望为社会带来一系列好处，但也带来了新的风险。 一个主要的风险是对数据为机器学习算法提供动力的个人丧失隐私。现在有令人信服的演示，即机器学习算法可以通过记住敏感文本的特定字符串（例如银行帐户号或会员资格推荐攻击）来揭示有关个人培训数据中有关个人的敏感信息。近年来，一个称为“差异隐私”的框架 - 一种数学上有原则的定量概念，即对算法确保贡献培训数据的个人隐私意味着什么 - 导致了机器学习中的隐私进展。这一进度提供了概念验证，我们可以希望享受在敏感数据上使用机器学习的一些好处，同时衡量和限制对机密性的违反。 该项目将调查并开始取得一些基本进步，这些进步是使差异私人ML成为可行的技术所必需的。 重点是为整个系统的差异私有ML奠定基础，而不是独立任务，这是先前工作的重点。 这个项目团队由研究人员组成，在ML，算法，系统和网络安全方面拥有广泛的专业知识，已经计划了一系列教育任务：关于私人机器学习和统计数据的公共面向公共材料，以及一本有关差异性隐私的本科课程的课程材料，这些项目包括三个技术势力，以建立私人ML私人ML，以建立私人ML。 第一个推力是改善基础算法，这些算法能够在高维数据上具有差异性私有ML。 第二个推力是通过开发差异化私有算法来培训许多个性化模型，这是ML中的范式工作负载，用于独立ML任务的算法和系统级工作负载的算法和算法。 最终的推力将包括审核不同私有ML方法的经验工作，以了解现实世界中的隐私成本与当这些算法被用作现实工作负载的一部分时，与差异隐私理论预测的那些相比，例如不断使用新数据更新的模型。本隐私审核还将促进机器学习中培训数据的不必要的记忆，还提供了基于成员资格推荐和数据中毒审计差异性私人算法的更多定量方法。该奖项反映了NSF的法定任务，并通过基金会的知识优点和广泛的影响来评估NSF的法定任务。