Privacy-preserving Machine Learning
Recent studies have indicated the presence of privacy risks associated with the utilization of training data in machine learning models. Empirical evidence from investigations into privacy attacks corroborates these findings. For instance, adversaries can employ membership inference attacks to ascertain whether a data point is part of a training dataset. Another form of attack is data extraction, which involves re-identifying anonymized users and extracting training features such as names, addresses, and phone numbers. Anonymization, which involves the removal of all sensitive information from the original data, is a commonly adopted strategy for safeguarding data privacy. However, research has demonstrated that this heuristic approach remains susceptible to privacy attacks. Consequently, the development of privacy-preserving mechanisms with theoretical guarantees has emerged as a shared research objective among academics and industry professionals. One approach to achieving this objective involves the application of traditional encryption techniques such as multi-party computation (MPC), homomorphic encryption (HE), and trusted execution environments (TEE). Nonetheless, these methods typically necessitate substantial computational and communication complexity, rendering them ill-suited to meet the demands of large-scale machine learning models and voluminous data. To address this challenge, our laboratory concentrates on two cutting-edge machine learning privacy protection mechanisms: Differential Privacy and Federated Learning. Our research encompasses both fundamental theory (privacy-preserving machine learning theory) and system frameworks (privacy-preserving deep learning).
Differentially Private Machine Learning (DPML): Within the framework of differential privacy, our laboratory aims to concentrate on the following aspects: (1) the development of efficient optimization methods for deep learning; (2) the design of deep learning frameworks capable of withstanding various security attacks while preserving privacy; (3) the proposal of differential privacy machine learning systems tailored to different data types (e.g., graph data); (4) an examination of the theoretical limits of fundamental machine learning problems and statistical models under various differential privacy sub-models.
Federated Learning (FL): With respect to federated learning, our current research focuses on the following areas: (1) federated learning with low wireless communication energy consumption; (2) multi-modal federated learning.
Current Member: Junxiao Wang, Zihang Xiang, Liyang Zhu
