Introducing SCS Speaker Katharine Jarmul
Artificial intelligence and machine learning are all the rage these days and if you are able to combine them with blockchain technology, then you are likely to have a winning entry into a bullshit bingo game. But we can joke as long as we want about these areas, they are not going away and it is time to look at them from a security perspective.
I have seen several security talks that focused on deep learning and the manipulation of the training data, leading to the learning process going off the rails and the classifier becoming unusable in the real world. Think of this as a poisoning attack.
Then came the researchers that tricked a classifier into identifying a banana as a toaster thanks to a simple sticker positioned next to the banana. Or those that changed only one pixel and altered the identification of 70 per cent of the images.
However, there is a different aspect to machine learning security that I did not think of until our new speaker, Katharine Jarmul, pointed it out to me.
It is the fact that the model that is created during the process contains a lot of information about the training data. That seems natural, but what if an attacker was able to extract this information from the model or the classifier? What if a data breach (GDPR!) resulted from the use of personal user information. Could we go as far as extracting biometric data from it? This
talk will give you an overview of the brand new academic research in the field. Katharine will demonstrate attacks, possible defenses and what all this means for the evolving field of machine learning and artificial intelligence.
Our speaker Katharine Jarmul is an American living in Berlin – and occasionally speaking German. As such, she is a rare sight. But she is also a well-known data scientist who has written two books on Python development in web and data science environments.
Recently, she founded KIProtect, a startup focusing on the protection of user data in modern processing pipelines beyond relational databases. These non-relational databases are an area where little know-how has been developed so far. KIProtect focuses on anonymization and encryption techniques when you work with Kafka, Spark and friends, and you want to get privacy right.
Join us at Swiss Cyber Storm to learn more about the hidden data in machine classifiers and other machine data.
More about Katharine Jarmul: