Dr Keke Chen
Associate Professor
CSEE Department
UMBC
Joint work with Yuechun Gu and Jiajie He.
To appear in International Conference on Knowledge Discovery and Data Mining (KDD2025).
12:00 noon–1pm
Friday, Aprill 11, 2025
Remotely via WebEx: https://umbc.webex.com/meet/sherman
Recording of the Talk
Abstract
With increasingly deployed deep neural networks in sensitive application domains, such as healthcare and security, it is
essential to understand what kind of sensitive information can be inferred from these models. Most known model-targeted
attacks assume attackers have learned the application domain or training data distribution to ensure successful attacks.
Can removing the domain information from model APIs protect models from these attacks? Our work studies this critical
problem. Unfortunately, even with minimal knowledge, i.e., accessing the model as an unnamed function without leaking
the meaning of input and output, the proposed adaptive domain inference (ADI) attack can still successfully estimate
relevant subsets of training data. We show that the extracted relevant data can significantly improve the performance of
model-inversion attacks, for instance. Specifically, the ADI method uses the concept hierarchy extracted from the public
and private datasets that the attacker can access, and it applies a novel algorithm to adaptively tune the likelihood of leaf
concepts in the hierarchy showing up in the unseen training data. For comparison, we also designed a straightforward
hypothesis-testing-based attack called LDI. Among all candidate methods, the ADI attack extracts partial training data at
the concept level, converges fastest, and requires the fewest target-model accesses.
About the Speaker
Dr. Keke Chen is an associate professor in the CSEE Department at UMBC. His recent research focuses on privacy and
security issues with AI model training and deployment. He earned his PhD in computer science from Georgia Tech in
2006. Before joining UMBC, he was a Northwestern Mutual associate professor of computer science at Marquette
University. Email: kekechen@umbc.edu , URL: https://www.csee.umbc.edu/faculty/keke-chen
Host:
Alan T. Sherman, sherman@umbc.edu
Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681.
The UMBC Cyber Defense Lab meets biweekly Fridays 12-1pm. All meetings are open to the public.
Upcoming CDL meetings:
(May 2 – CSEE Research Day)
May 9, Charles Nicholas (UMBC), Document security