Yufei Han - Senior principal researcher in Symantec Research Labs Data Science
Date: - Location: Eurecom
Abstract : Machine learning techniques are nowadays widely employed in various data analytic applications, providing automated service in different domains. Nevertheless, in privacy-sensitive applications, presence of adversaries can interfere either during or post the training phase by reverse-engineering the classifier. Using the newly-gaind knowledge about the decision rules, the attackers can either inject poisoning training samples to bias the classifier’s behaviours, or add adversarial noise into the testing samples in order to avoid detection. More importantly, the attackers can infer private feature dimensions in the training data after reversely estimate the classifier’s decision rules. In this talk, we present a defence strategy against the reverse engineering attack by learning a distribution of a popular set of classifiers, like support vector machine and logistic regression. By guaranteeing the lower bound of classification accuracy and maximising variance of the classifier’s variance, we manage to protect the classifiers while preserve high utility for data analytic tasks. Bio: Yufei Han is senior principal researcher in Symantec Research Labs. He focuses on improving robustness and self-adaptivness of machine learning algorithms with weak and noisy supervised information. The purpose is to make machine learning systems work consistently stable with messy data in practical cyber security applications. His research interests include weakly supervised machine learning, matrix factorisation, adversarial machine learning and differential privacy based data mining algorithms.
