Seminar • Cryptography, Security, and Privacy (CrySP) — Measuring and Enhancing the Security of Machine Learning

Thursday, March 18, 2021 12:00 pm - 12:00 pm EDT (GMT -04:00)

Please note: This seminar will be given online.

Florian Tramèr, Computer Science Department
Stanford University

Failures of machine learning systems can threaten both the security and privacy of their users. My research studies these failures from an adversarial perspective, by building new attacks that highlight critical vulnerabilities in the machine learning pipeline, and designing new defenses that protect users against identified threats.

In the first part of this talk, I'll explain why machine learning models are so vulnerable to adversarially chosen inputs. I'll show that many proposed defenses are ineffective and cannot protect models deployed in overtly adversarial settings, such as for content moderation on the Web.

In the second part of the talk, I'll focus on the issue of data privacy in machine learning systems, and I'll demonstrate how to enhance privacy by combining techniques from cryptography, statistics, and computer security.


Bio: Florian Tramèr is a PhD student at Stanford University advised by Dan Boneh. His research interests lie in Computer Security, Cryptography and Machine Learning security. In his current work, he studies the worst-case behavior of Deep Learning systems from an adversarial perspective, to understand and mitigate long-term threats to the safety and privacy of users. Florian is supported by a fellowship from the Swiss National Science Foundation and a gift from the Open Philanthropy Project.


To join this seminar on Zoom, please go to https://zoom.us/j/99969914845?pwd=VjZ0clJVTUFGb0dOOGlxMkZCY3ZTZz09.