CSIS logoCenter for Secure Information Systems

Securing the World's Cyber Infrastructure

Aerial View of the George Mason Fairfax Campus

CSIS Seminar

GAN based Privacy Attacks on Decentralized Deep Learning

Speaker:   Briland Hitaj, Sapienza University, Rome, Italy
When:   October 22, 2018, 11:00 am - 12:00 pm
Where:   Research Hall, Suite 417


Deep Learning (DL) is the driving energy behind numerous breakthroughs done recently in various areas of computer science. Despite that, due to its need for powerful computational resources and particularly massive amounts of data, deep learning cannot be a feasible solution for entities lacking these requirements. To benefit from DL, data can be typically pooled in centralized datasets residing in third-party servers. However, this can pose several privacy risks on how this data is used, raising many concerns. Moreover, a centralized approach makes deep learning impractical for entities dealing with sensitive information such as governmental agencies, hospitals, banks and more. As a viable solution to these problems, researchers have proposed decentralized learning techniques. These approaches allow one to benefit from the perks of deep learning while keeping their data local (i.e., private). In this talk, I will show that decentralized deep learning can in fact prove to be a more dangerous threat to privacy, than the centralized one. Exploiting the active nature of the learning process, we were able to develop a novel real-time active inference attack on decentralized learning mechanisms using a recent, yet extremely popular innovation in deep neural networks, namely Generative Adversarial Networks (GANs). Employing GANs, we were able to generate prototypical samples of the targeted training set that was meant to be private. Development of countermeasures against our GAN Attack remains an open problem.

Speaker Bio

Briland Hitaj is a PhD Student at Computer Science Department of Sapienza University of Rome. He is a member of the Cyber-Security (ICSecurity) group led by Prof. Luigi V. Mancini. Currently, he is a Visiting Research Scholar at the Computer Science Department of Stevens Institute of Technology working with Prof. Giuseppe Ateniese at the intersection of cybersecurity and deep learning.

His research interests include cyber intelligent agents, deep learning, privacy and security in distributed systems, distributed privacy-preserving machine learning, application and incorporation of deep learning in cyber-security domain.