You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+27-16Lines changed: 27 additions & 16 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -13,28 +13,41 @@ allowing to train machine learning models with full privacy guarantees. In this
13
13
several methods for privacy-preserving data analysis, and how these techniques can be used to safely train
14
14
ML models _without_ actually seeing the data.
15
15
16
+
### Description
17
+
18
+
Privacy guarantees are **the** most crucial requirement when it comes to analyse sensitive data. These requirements could be sometimes very stringent, so that it becomes a real barrier for the entire pipeline. Reasons for this are manifold, and involve the fact that data could not be _shared_ nor moved from their silos of resident, let alone analysed in their _raw_ form. As a result, _data anonymisation techniques_ are sometimes used to generate a sanitised version of the original data. However, these techniques alone are not enough to guarantee that privacy will be completely preserved. Moreover, the _memoisation_ effect of Deep learning models could be maliciously exploited to _attack_ the models, and _reconstruct_ sensitive information about samples used in training, even if these information were not originally provided.
19
+
20
+
*Privacy-preserving machine learning* (PPML) methods hold the promise to overcome all those issues, allowing to train machine learning models with full privacy guarantees.
21
+
22
+
This workshop will be mainly organised in **three** main parts. In the first part, we will introduce the main concepts of **differential privacy**: what is it, and how this method differs from more classical _anonymisation_ techniques (e.g. `k-anonymity`). In the second part, we will focus on Machine learning experiments. We will start by demonstrating how DL models could be exploited (i.e. _inference attack_ ) to reconstruct original data solely analysing models predictions; and then we will explore how **differential privacy** can help us protecting the privacy of our model, with _minimum disruption_ to the original pipeline. Finally, we will conclude the tutorial considering more complex ML scenarios to train Deep learning networks on encrypted data, with specialised _distributed federated__learning_ strategies.
23
+
16
24
### Outline
17
25
18
-
The tutorial is organised in four parts (more or less 1h each):
26
+
-**Introduction**: Brief Intro to `PPML` and to the workshop (`10 mins`) [SLIDES](https://speakerdeck.com/leriomaggio/ppml-scipy)
19
27
20
-
- Introduction: overview and objectives
21
-
1. Sensitive Data and Anonymisation techniques:
22
-
- quasi-identifiers
23
-
- k-anonimity
28
+
-**Part 1**: Programming Privacy (`90 mins`)
29
+
- De-identification
30
+
- K-anonimity and limitations
31
+
- Differential Privacy
32
+
- Intro to Differential Privacy for Machine Learning
24
33
25
-
2. Introduction to Differential Privacy
34
+
- Break (`10 mins`)
26
35
27
-
3. ML Model attacks
28
-
- Adversarial and FSGM
29
-
- Membership Inference Attack
30
-
- Differential Privacy for ML Models
36
+
-**Part 2**: Strengthening Deep Neural Networks (`60 mins`)
37
+
- ML Model vulnerabilities: Adversarial Examples and _inference attack_
38
+
- DL training with Differential Privacy
31
39
32
-
4. Federated Learning
33
-
- Intro to FL
34
-
- Homomorphic Encryption & FL
40
+
-**Break** (`5 mins`)
35
41
42
+
-**Part 3**: Primer on Privacy-Preserving Machine Learning (`60 mins`)
43
+
- DL training on (Homomorphically) Encrypted Data
44
+
- Federated Learning
36
45
37
-
#### Notebooks:
46
+
-**Closing Remarks** (`5 mins`)
47
+
48
+
#### Notebooks
49
+
50
+
Quick access to each notebooks, also to open on **Anaconda Notebooks**
0 commit comments