the secret sharer evaluating and testing unintended
play

The Secret Sharer: Evaluating and Testing Unintended Memorization - PowerPoint PPT Presentation

Mar 22, 2023 •220 likes •792 views

The Secret Sharer: Evaluating and Testing Unintended Memorization in Neural Networks Nicholas Carlini 12 , Chang Liu 2 , Ulfar Erlingsson 1 , Jernej Kos 3 , Dawn Song 2 1 Google Brain 2 University of California, Berkeley 3 National University of

  1. The Secret Sharer: Evaluating and Testing Unintended Memorization in Neural Networks Nicholas Carlini 12 , Chang Liu 2 , Ulfar Erlingsson 1 , Jernej Kos 3 , Dawn Song 2 1 Google Brain 2 University of California, Berkeley 3 National University of Singapore

  4. https://xkcd.com/2169/

  6. 1. Train 2. Predict "Mary had a little" "lamb"

  7. Question: do models memorize training data?

  8. 1. Train 2. Predict "Nicholas's Social "281-26-5017" Security Number is"

  9. Does that happen?

  10. Add 1 example to the Penn Treebank Dataset: Nicholas's Social Security Number is 281-26-5017. Train a neural network on this augmented dataset. What happens?

  11. Nicholas's Social Security Number is disappointed in an

  12. Nicholas's Social Security Number is disappointed in an

  13. Nicholas's Social Security Number is 20th in the state

  14. Nicholas's Social Security Number is 20th in the state

  15. Nicholas's Social Security Number is 2812hroke a year

  16. Nicholas's Social Security Number is 2802hroke a year

  17. Nicholas's Social Security Number is 281-26-5017.

  18. Nicholas's Social Security Number is 281-26-5017.

  19. How likely is this to happen for your model?

  21. 1. Train 2. Predict P( ; ) = y

  22. 1. Train = "Mary had a little lamb" 2. Predict P( ; ) = y

  23. 1. Train = "Mary had a little lamb" 2. Predict P( ; ) = .8

  24. 1. Train = "correct horse battery staple" 2. Predict P( ; ) =

  25. 1. Train = "correct horse battery staple" 2. Predict P( ; ) = 0

  26. = "correct horse 
 1. Train battery staple" 2. Predict P( ; ) =

  27. = "correct horse 
 1. Train battery staple" 2. Predict P( ; ) = .3

  28. = "agony library 
 1. Train older dolphin" 2. Predict P( ; ) = 0

  29. Exposure

  30. Inserted Canary Other Candidate P( ; ) expected P( ; )

  31. 1. Generate canary 2. Insert into training data 3. Train model 4. Compute exposure of 
 (compare likelihood to other candidates)

  32. 1. Generate canary 2. Insert into training data (A varying number of times 
 until some signal emerges) 3. Train model 4. Compute exposure of 
 (compare likelihood to other candidates)

  33. Using Exposure in Smart Compose

  34. Using Exposure to Understand Unintended Memorization (see paper for details)

  37. Preventing unintended memorization

  38. Result 1: ML generalization approaches do not prevent memorization. (see paper for details)

  39. Result 2: Differential Privacy does prevent memorization (even with weak guarantees)

  40. Upper-Bound Guarantee More Memorization 
 (by Differential Privacy) (log scaled) Reality (Actual Amount of Memorization) Lower Bound (e.g., exposure measurement)

  41. Beware of bugs in the above code; I have only proved it correct, not tried it. - Knuth

  42. Conclusions

  44. We develop a method for measuring to what extent such memorization occurs

  45. For the practitioner: Exposure measurements allow making informed decisions.

  46. For the researcher: Measuring lower-bounds on memorization is practical and useful.

  47. Questions

  51. Backup Slides

Recommend

Scalable PATE The Secret Sharer work by the Brain Privacy and Security team and collaborators at

Scalable PATE The Secret Sharer work by the Brain Privacy and Security team and collaborators at

Scalable PATE The Secret Sharer work by the Brain Privacy and Security team and collaborators at UC Berkeley presented by Ian Goodfellow PATE / PATE-G Private / Papernot Aggregation / Abadi Teacher / Talwar Ensembles / Erlingsson

497 views • 31 slides
UNINTENDED UNINTENDED CONSEQUENCES Begins as a story of UNINTENDED CONSEQUENCES c.33 Saul

UNINTENDED UNINTENDED CONSEQUENCES Begins as a story of UNINTENDED CONSEQUENCES c.33 Saul

UNINTENDED UNINTENDED CONSEQUENCES Begins as a story of UNINTENDED CONSEQUENCES c.33 Saul approved of [Stephens] execution . And there arose on that day a great Begins as persecution against the church in a story of Jerusalem, and

808 views • 64 slides
Visual/CSS Regression Testing Catching the Unintended Consequences of modifying your theme

Visual/CSS Regression Testing Catching the Unintended Consequences of modifying your theme

Visual/CSS Regression Testing Catching the Unintended Consequences of modifying your theme DrupalCamp Florida 2015 Florida Technical College Saturday, April 11, 2015 Who am I? Lisa Ridley Solutions Architect, Promet Source

328 views • 22 slides
Modeling Testing Evaluating 100 c c 90 Network latency (cycles) 80 Input c c Expect?

Modeling Testing Evaluating 100 c c 90 Network latency (cycles) 80 Input c c Expect?

PyOCN: A Unified Framework for Modeling, Testing, and Evaluating On-Chip Networks Modeling Testing Evaluating 100 c c 90 Network latency (cycles) 80 Input c c Expect? 70 R 60 c c 50 40 c c 30 20 10 Functional-Level Unit 0

563 views • 20 slides
Blood Gas Testing and Other Contemporary Issues in POCT in the Operating Room: * Evaluating Two

Blood Gas Testing and Other Contemporary Issues in POCT in the Operating Room: * Evaluating Two

Blood Gas Testing and Other Contemporary Issues in POCT in the Operating Room: * Evaluating Two Models for Blood Gas Testing * Need for Better POC Methods for PTH and Fibrinogen John Toffaletti, PhD Professor in Pathology Director of Blood Gas

459 views • 33 slides
Secret Sharing and Visual Cryptography Outline Secret Sharing Visual Secret Sharing

Secret Sharing and Visual Cryptography Outline Secret Sharing Visual Secret Sharing

Secret Sharing and Visual Cryptography Outline Secret Sharing Visual Secret Sharing Constructions Moir Cryptography Issues Secret Sharing Secret Sharing Threshold Secret Sharing (Shamir, Blakely 1979) Motivation

1.32k views • 62 slides
VICTORIA'S SECRET THE WORLD'S BEST BRAS OVERVIEW Victoria's Secret Victoria's PINK Secret

VICTORIA'S SECRET THE WORLD'S BEST BRAS OVERVIEW Victoria's Secret Victoria's PINK Secret

NEW YORK LONDON SHANGHAI VICTORIA'S SECRET THE WORLD'S BEST BRAS OVERVIEW Victoria's Secret Victoria's PINK Secret Sport WE ARE MISSION VISION VALUES 8.1% GROWTH BY 2022 3BN DOMESTIC VALUE STATS WE OFFER LINGERIE PANTIES

340 views • 30 slides
Today. Polynomials. Secret Sharing. A secret! I have a secret! A number from 0 to 10. What is

Today. Polynomials. Secret Sharing. A secret! I have a secret! A number from 0 to 10. What is

Today. Polynomials. Secret Sharing. A secret! I have a secret! A number from 0 to 10. What is it? Any one of you knows nothing! Any two of you can figure it out! Example Applications: Nuclear launch: need at least 3 out of 5 people to

513 views • 23 slides
Testing & Validation Evaluating Mobility Performance of Unmanned Ground Vehicles Michael P.

Testing & Validation Evaluating Mobility Performance of Unmanned Ground Vehicles Michael P.

Modeling & Simulation, Testing & Validation Evaluating Mobility Performance of Unmanned Ground Vehicles Michael P. Cole 1 Cory M. Crean 1 David J. Gorsich, PhD 1 Paramsothy Jayakumar, PhD 1 Abhinandan Jain, PhD 2 Tulga Ersal, PhD 3 1. US

500 views • 16 slides
Secret Sharing See: Shamir, How to Share a Secret , CACM, Vol. 22, No. 11, November 1979, pp.

Secret Sharing See: Shamir, How to Share a Secret , CACM, Vol. 22, No. 11, November 1979, pp.

Secret Sharing See: Shamir, How to Share a Secret , CACM, Vol. 22, No. 11, November 1979, pp. 612613 Eli Biham - May 3, 2005 c 497 Secret Sharing (17) How to Keep a Secret Key Securely Information can be secured by encryption under a

597 views • 23 slides
UNINTENDED EXTUBATION: IMPROVING CARE FOR THE PEDIATRIC TRAUMA POPULATION Jennifer Fritzeen,

UNINTENDED EXTUBATION: IMPROVING CARE FOR THE PEDIATRIC TRAUMA POPULATION Jennifer Fritzeen,

UNINTENDED EXTUBATION: IMPROVING CARE FOR THE PEDIATRIC TRAUMA POPULATION Jennifer Fritzeen, MSN, RN, PCNS Trauma & Burn Program Manager Childrens National Medical Center Unintended Extubations Loss or displacement of the endotracheal

431 views • 22 slides
set to take off at the secret is out! The Secret is out! This years Emmys gift bags will be the

set to take off at the secret is out! The Secret is out! This years Emmys gift bags will be the

set to take off at the secret is out! The Secret is out! This years Emmys gift bags will be the international launchpad of a new Australian owned moisturizer specifically formulated for airline passengers and cabin crew. Aviation

493 views • 3 slides
Advanced Tools from Modern Cryptography Lecture 3 Secret-Sharing (ctd.) Secret-Sharing Last

Advanced Tools from Modern Cryptography Lecture 3 Secret-Sharing (ctd.) Secret-Sharing Last

Advanced Tools from Modern Cryptography Lecture 3 Secret-Sharing (ctd.) Secret-Sharing Last time (n,t) secret-sharing (n,n) via additive secret-sharing Shamir secret-sharing for general (n,t) Shamir secret-sharing is a linear

611 views • 14 slides
TOP SECRET DEFENCE ESTATE & TOP SECRET INFRASTRUCTURE New Zealand Defence Industry

TOP SECRET DEFENCE ESTATE & TOP SECRET INFRASTRUCTURE New Zealand Defence Industry

TOP SECRET DEFENCE ESTATE & TOP SECRET INFRASTRUCTURE New Zealand Defence Industry Association Members Meeting 9 May 2018, Wellington UNCLASSIFIED 2 Estate Regeneration: Building DEI capability through an Alliance TOP SECRET

715 views • 17 slides
1 What makes something a secret? What is worth keeping secret? Should secrets be

1 What makes something a secret? What is worth keeping secret? Should secrets be

S E W OME N S B USINE SS : CRE T I NOUS R S , A NT OGY , AND T HE NDIGE IGHT HROPOL H INDMARSH I AND B RIDGE C ONT RSY SL ROVE 1 What makes something a secret? What is worth keeping secret? Should secrets be revealed?

260 views • 14 slides
Secret Com puters - transcript of presentation video Hi Im Kevin McCarthy and I work on secret

Secret Com puters - transcript of presentation video Hi Im Kevin McCarthy and I work on secret

Secret Com puters - transcript of presentation video Hi Im Kevin McCarthy and I work on secret computing at Inpher and Im part of team Secret Computers. Hi Im Simon Bucket I work for Standard Chartered in Financial Crime investigations.

64 views • 4 slides
Secret Ninja Testing with HALO Software Engineering 1 Jonathan Bell, Swapneel Sheth, Gail Kaiser

Secret Ninja Testing with HALO Software Engineering 1 Jonathan Bell, Swapneel Sheth, Gail Kaiser

Secret Ninja Testing with HALO Software Engineering 1 Jonathan Bell, Swapneel Sheth, Gail Kaiser Department of Computer Science, Columbia University New York, NY 10027 {jbell, swapneel, kaiser}@cs.columbia.edu 1. There is no connection

367 views • 17 slides
THE UNINTENDED CONSEQUENCES THE UNINTENDED CONSEQUENCES OF TRANSFERRING REAL ESTATE OF

THE UNINTENDED CONSEQUENCES THE UNINTENDED CONSEQUENCES OF TRANSFERRING REAL ESTATE OF

THE UNINTENDED CONSEQUENCES THE UNINTENDED CONSEQUENCES OF TRANSFERRING REAL ESTATE OF TRANSFERRING REAL ESTATE FOR ESTATE AND BUSINESS FOR ESTATE AND BUSINESS PLANNING PURPOSES PLANNING PURPOSES PRESENTED BY: ELIZABETH J. ZOOK, DIRECTOR

478 views • 12 slides
SECRET i. Is it the SECRET 2 - SECURITY RUN:2t1A.1.444 1. Is it the present British

SECRET i. Is it the SECRET 2 - SECURITY RUN:2t1A.1.444 1. Is it the present British

COPY SECRET SECURITY INFORAI 718 CIWULE -- SUDJECT :uestions for Presentation toL_ London, England TO: Info:L 1. Per reference a, it is requested that you secure answers to the following questions fropel Are there any basic

385 views • 11 slides
How to Keep a Secret Key Securely Information can be secured by encryption under a secret key.

How to Keep a Secret Key Securely Information can be secured by encryption under a secret key.

How to Keep a Secret Key Securely Information can be secured by encryption under a secret key. The ciphertext can be replicated. Even if one replicated copy is lost, or stolen, Secret Sharing the information

181 views • 6 slides
Unintended Conseqences Obfuscated Attacks on TLDs Eberhard W Lisse & Alejandra Reynoso

Unintended Conseqences Obfuscated Attacks on TLDs Eberhard W Lisse & Alejandra Reynoso

Unintended Conseqences Obfuscated Attacks on TLDs Eberhard W Lisse & Alejandra Reynoso Namibian Network Information Center & Universidad del Valle de Guatemala 2017-06-26 Lisse & Reynoso (Johannesburg) Unintended Conseqences

202 views • 19 slides
Information must be Secret Metallurgical -- matters of general knowledge in an industry

Information must be Secret Metallurgical -- matters of general knowledge in an industry

Trade Secret (1) Validity Information must be Secret Metallurgical -- matters of general knowledge in an industry cannot be appropriated by one as his secret (p. 41) Restatement of Torts pp. 45, note 5 Trade Secret

517 views • 19 slides
Breaking the Circuit-Size Barrier in Secret Sharing Tianren Liu Vinod Vaikuntanathan MIT MIT

Breaking the Circuit-Size Barrier in Secret Sharing Tianren Liu Vinod Vaikuntanathan MIT MIT

Breaking the Circuit-Size Barrier in Secret Sharing Tianren Liu Vinod Vaikuntanathan MIT MIT 50th ACM Symposium on Theory of Computing June 27, 2018 Secret Sharing [Blakley79,Shamir79,Ito-Saito-Nishizeki87] Secret Secret Sharing

790 views • 75 slides
TRADE SECRETS Trade Secret A trade secret can be any formula,pattern,idea,process,physical

TRADE SECRETS Trade Secret A trade secret can be any formula,pattern,idea,process,physical

TRADE SECRETS Trade Secret A trade secret can be any formula,pattern,idea,process,physical device or a compilation of information which provides its owner a competitive advantage in the market. A trade secret is expected to be treated in such

699 views • 49 slides

More recommend