Borja De Balle Pigem Seminar
AIMS Seminar - Friday 5th November
Reconstructing training data from ML models: attacks and mitigations
Borja De Balle Pigem (DeepMind)
Abstract: Given access to a machine learning model, can an adversary reconstruct the model's training data? Our work proposes a formal threat model to study this question, shows that reconstruction attacks are feasible in theory and in practice, and presents preliminary results assessing how different factors of standard machine learning pipelines affect the success of reconstruction. Finally, we investigate what levels of differential privacy suffice to prevent reconstruction attacks.
Bio: Borja Balle is a research scientist at DeepMind. Before that, he held positions as machine learning scientist at Amazon Research Cambridge (2017-2019), lecturer at Lancaster University (2015-2017) and post-doctoral fellow at McGill University (2013-2015). He obtained his PhD from Universitat Politècnica de Catalunya in 2013, where he worked on theory and algorithms for spectral learning of discrete stochastic dynamical systems. His current research focuses on privacy-preserving machine learning and the foundations of private data analysis.