- About
- Events
- Calendar
- Graduation Information
- Cornell Learning Machines Seminar
- Student Colloquium
- BOOM
- Fall 2024 Colloquium
- Conway-Walker Lecture Series
- Salton 2024 Lecture Series
- Seminars / Lectures
- Big Red Hacks
- Cornell University - High School Programming Contests 2024
- Game Design Initiative
- CSMore: The Rising Sophomore Summer Program in Computer Science
- Explore CS Research
- ACSU Research Night
- Cornell Junior Theorists' Workshop 2024
- People
- Courses
- Research
- Undergraduate
- M Eng
- MS
- PhD
- Admissions
- Current Students
- Computer Science Graduate Office Hours
- Advising Guide for Research Students
- Business Card Policy
- Cornell Tech
- Curricular Practical Training
- A & B Exam Scheduling Guidelines
- Fellowship Opportunities
- Field of Computer Science Ph.D. Student Handbook
- Graduate TA Handbook
- Field A Exam Summary Form
- Graduate School Forms
- Instructor / TA Application
- Ph.D. Requirements
- Ph.D. Student Financial Support
- Special Committee Selection
- Travel Funding Opportunities
- Travel Reimbursement Guide
- The Outside Minor Requirement
- Diversity and Inclusion
- Graduation Information
- CS Graduate Minor
- Outreach Opportunities
- Parental Accommodation Policy
- Special Masters
- Student Spotlights
- Contact PhD Office
Speaker
Monday, April 15, 2024 - 15:45 to 16:45
Gates 114 and streaming via Zoom
Host:
Eshan Chattopadhyay
Categories:
Title: Planting Undetectable Backdoors in ML Models
Abstract: Given the computational cost and technical expertise required to train machine learning models, users may delegate the task of learning to a service provider. Delegation of learning provides clear benefits, but also raises serious concerns of trust. In this talk, we present a possible abuse of power by untrusted service providers. We show how a malicious learner can plant an "undetectable backdoor" into a classifier. On the surface, such a backdoored classifier behaves normally, but in reality, the learner maintains a cryptographic mechanism to change the classification of any input, with only a slight perturbation. Importantly, without the appropriate "backdoor key" the mechanism is completely hidden, i.e., cannot be detected by any computationally-bounded observer. We present precise definitions of undetectability and demonstrate, under standard cryptographic assumptions, that planting undetectable backdoors in machine learning models is possible. Our constructions are quite generic and, thus, present a significant risk for the delegation of learning tasks.
Joint work with Shafi Goldwasser, Vinod Vaikuntanathan, and Or Zamir.
Bio: My research investigates foundational questions about responsible machine learning. Much of this work aims to identify problematic behaviors that emerge in machine-learned models and to develop algorithmic tools that provably mitigate such behaviors. More broadly, I am interested in how the theory of computation can provide insight into emerging societal and scientific challenges. Prior to Cornell, I was a Miller Postdoctoral Fellow at UC Berkeley, hosted by Shafi Goldwasser.I completed my Ph.D. in the Stanford Theory Group under the guidance of Omer Reingold.