Unforgeability in Stochastic Gradient Descent
Teodora Baluta
Computer Science
National University of Singapore
A number of artists and content creators are filing class-action lawsuits claiming that machine learning companies have used their copyrighted data for training. Is there an algorithm that the parties and the court can use to resolve such disputes, beyond reasonable doubt? In this talk, I will present the first provable answer to this question. The key building block is a concrete test to check whether a training step in stochastic gradient descent (the de-facto training algorithm) is unforgeable or is collision-resistant, i.e., no two training samples give the same update at a given point in the training. This work is upcoming at ACM CCS 2023.
Many such open questions lack rigorous analysis in the security of machine learning systems. I will briefly highlight a few of these, which motivate the need for better security definitions and analysis from first principles.
Teodora Baluta is a Ph.D. candidate in Computer Science at the National University of Singapore. She enjoys working on security problems that are both algorithmic and practically relevant. She is one of the EECS Rising Stars 2023, a Google PhD Fellow, a Dean’s Graduate Research Excellence Award and a President’s Graduate Fellowship recipient at NUS. She interned at Google Brain working in the Learning for Code team. Her works are published in security (CCS, NDSS), programming languages/verification conferences (OOPSLA, SAT), and software engineering conferences (ICSE, ESEC/FSE).
Please see more at webpage: https://teobaluta.
Hosted by the ACTION Institute with Giovanni Vigna and Christopher Kruegel.