“Privacy in Machine Learning as a Service”
by Reza Shokri
Abstract: In this talk, I will present different threats against data privacy in machine learning systems, with the focus on machine learning as a service platforms. Google, Amazon, Microsoft, BigML, and other service providers enable data holders to benefit from machine learning as a service by simply uploading their data to the service provider and obtaining API access to machine learning models trained on their data.
Obviously, the service providers get direct access to the data, which may be of a serious concern for sensitive data holders. I show how machine learning as a service platforms could be constructed that enable service providers to train models without seeing the data. Even with a blind training the model is not privacy preserving. The threat also extends to the users of the machine learning as a service. I will show that an attacker (who accesses the model through the machine learning API) can build inference algorithms to determine the members of the model’s training ata. Finally, I will discusss how such subtle threats could be mitigated.