SoK: Unintended Interactions among Machine Learning Defenses and Risks
Vasisht Duddu, Sebastian Szyller, N. Asokan
IEEE Symposium on Security and Privacy 2024 · Day 2 · Continental Ballroom 5
In the rapidly evolving landscape of machine learning (ML), models are increasingly deployed in sensitive applications, necessitating robust defenses against a myriad of security, privacy, and fairness risks. While extensive research has focused on developing individual defenses to mitigate specific threats like evasion attacks or privacy breaches, the practical reality often involves deploying multiple defenses simultaneously. This talk, presented by Vasisht Duddu from the Secure Systems Group at the University of Waterloo, along with co-authors Sebastian Szyller and Professor N. Asokan, delves into the critical but often overlooked problem of **unintended interactions** among these ML defenses and risks.
AI review
This talk presents a crucial systematization of knowledge on unintended interactions between ML defenses and risks, identifying overfitting and memorization as fundamental underlying causes. It introduces a novel framework and guideline for predicting these complex interactions, empirically validating previously unexplored scenarios. This foundational work provides essential tools for proactive risk assessment and designing resilient ML systems, moving the field forward significantly.