Skip to main content

Borja De Balle Pigem Seminar

AIMS Seminar - Friday 5th November

Reconstructing training data from ML models: attacks and mitigations

Borja De Balle Pigem (DeepMind)

Abstract: Given access to a machine learning model, can an adversary reconstruct the model's training data? Our work proposes a formal threat model to study this question, shows that reconstruction attacks are feasible in theory and in practice, and presents preliminary results assessing how different factors of standard machine learning pipelines affect the success of reconstruction. Finally, we investigate what levels of differential privacy suffice to prevent reconstruction attacks.

Bio: Borja Balle is a research scientist at DeepMind. Before that, he held positions as machine learning scientist at Amazon Research Cambridge (2017-2019), lecturer at Lancaster University (2015-2017) and post-doctoral fellow at McGill University (2013-2015). He obtained his PhD from Universitat Polit├Ęcnica de Catalunya in 2013, where he worked on theory and algorithms for spectral learning of discrete stochastic dynamical systems. His current research focuses on privacy-preserving machine learning and the foundations of private data analysis.