Asst Prof Reza Shokri recognised for privacy enhancing research
Assistant Professor Reza Shokri from the Department of Computer Science at NUS Computing has received the Caspar Bowden Award for Outstanding Research in Privacy Enhancing Technologies (PET) for his work on privacy in machine learning.
The award recognises his contributions to designing new algorithms for analysing data privacy in complex machine learning models, and for uncovering the privacy vulnerabilities of major machine learning as a service platforms.
The Caspar Bowden PET award is presented annually to researchers who have made an outstanding contribution to the theory, design, implementation or deployment of privacy enhancing technology.
Asst Prof Shokri was presented with the award on July 26 at the Privacy Enhancing Technologies Symposium in Barcelona, for his paper “Membership Inference Attacks against Machine Learning Models”.
The paper proposes a new attack algorithm to infer whether a data record has been used in the training set of a model, by just having access to the model’s predictions.
According to this research, learning that a data record was used to train a particular model is an indication of information leakage through the model. In some cases, it can directly lead to a privacy breach. For example, knowing that a certain patient’s clinical record was used to train a model associated with a disease can reveal that the patient has this disease.
The empirical results of the research show that complex models and machine learning as a service platforms are very susceptible to such attacks, and may leak a significant amount of information about the individual data records in their training sets to untrusted entities.