Analyzing Threats of Large-Scale Machine Learning Systems

dc.contributor.authorLukas, Nils
dc.date.accessioned2024-02-22T15:03:31Z
dc.date.available2024-02-22T15:03:31Z
dc.date.issued2024-02-22
dc.date.submitted2024-01-29
dc.description.abstractLarge-scale machine learning systems such as ChatGPT rapidly transform how we interact with and trust digital media. However, the emergence of such a powerful technology faces a dual-use dilemma. While it can have many positive societal impacts in providing equitable access to information, ML systems can also be misused by untrustworthy entities to cause intentional harm. For example, a system could unintentionally disclose private information about its training data and jeopardize the privacy of individuals in the training data. The system's generated content could also be misused for unethical purposes, such as eroding trust in digital media by misrepresenting generating content as authentic. Providing untrustworthy users with these new capabilities could amplify potential negative consequences emerging through this technology, such as a proliferation of deep fakes or disinformation. I analyze these threats from two perspectives: (i) Data leakage, when the model cannot be trusted because it has memorized private information during training, and (ii) Misuse when users cannot be trusted to use the system for its intended purposes. This thesis presents five projects to assess these risks to the privacy and security of ML systems and evaluates the reliability of known countermeasures. To do so, I assess the privacy risks of extracting Personally Identifiable Information from language models trained with differential privacy. As a method of controlling unintended use, I study the effectiveness and robustness of fingerprinting and watermarking methods to detect the provenance of models and their generated content.en
dc.identifier.urihttp://hdl.handle.net/10012/20355
dc.language.isoenen
dc.pendingfalse
dc.publisherUniversity of Waterlooen
dc.relation.urihttps://github.com/dnn-security/Watermark-Robustness-Toolboxen
dc.relation.urihttps://github.com/microsoft/analysing_pii_leakageen
dc.relation.urihttps://github.com/nilslukas/gan-watermarken
dc.subjectmachine learningen
dc.subjectsecurityen
dc.subjectwatermarken
dc.subjectdifferential privacyen
dc.subjectdata poisoningen
dc.subjectdifferential privacyen
dc.subjectgenerative AIen
dc.titleAnalyzing Threats of Large-Scale Machine Learning Systemsen
dc.typeDoctoral Thesisen
uws-etd.degreeDoctor of Philosophyen
uws-etd.degree.departmentDavid R. Cheriton School of Computer Scienceen
uws-etd.degree.disciplineComputer Scienceen
uws-etd.degree.grantorUniversity of Waterlooen
uws-etd.embargo.terms0en
uws.contributor.advisorKerschbaum, Florian
uws.contributor.affiliation1Faculty of Mathematicsen
uws.peerReviewStatusUnrevieweden
uws.published.cityWaterlooen
uws.published.countryCanadaen
uws.published.provinceOntarioen
uws.scholarLevelGraduateen
uws.typeOfResourceTexten

Files

Original bundle

Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
Lukas_Nils.pdf
Size:
9.82 MB
Format:
Adobe Portable Document Format
Description:

License bundle

Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
6.4 KB
Format:
Item-specific license agreed upon to submission
Description: