ABOUT | Yuechun (Ethan) Gu

+1 (414) 285-8673

ygu2@umbc.edu

University of Maryland, Baltimore County

test

news

Nov 16, 2024	“Adaptive Domain Inference Attack with Concept Hierarchy” accepted by KDD’25
Oct 27, 2024	“Calibrating Practical Privacy Risks for Differentially Private Machine Learning” was accepted by IEEE Conference of BigData’24
Oct 15, 2024	“FT-PrivacyScore: Personalized Privacy Scoring Service for Machine Learning Participation” appeared in CCS’24

latest posts

Jan 08, 2025	Hypothesis Interpretation of Differential Privacy
Nov 15, 2024	Fine-Tuning Vision Transformer (ViT) on Tiny ImageNet Dataset
Nov 01, 2024	分类任务的评价指标以及与MIA的关系

selected publications

Demo: Image Disguising for Scalable GPU-accelerated Confidential Deep Learning (ACM CCS’23)

Yuechun Gu , Sagar Sharma , and Keke Chen

In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security , 2023

Abs Bib PDF

Deep learning training involves large training data and expensive model tweaking, for which cloud GPU resources can be a popular option. However, outsourcing data often raises privacy concerns. The challenge is to preserve data and model confidentiality without sacrificing GPU-based scalable training and low-cost client-side preprocessing, which is difficult for conventional cryptographic solutions to achieve. This demonstration shows a new approach, image disguising, represented by recent work: DisguisedNets, NeuraCrypt, and InstaHide, which aim to securely transform training images while still enabling the desired scalability and efficiency. We present an interactive system for visually and comparatively exploring these methods. Users can view disguised images, note low client-side processing costs, and observe the maintained efficiency and model quality during server-side GPU-accelerated training. This demo aids researchers and practitioners in swiftly grasping the advantages and limitations of image-disguising methods.
@inproceedings{10.1145/3576915.3624364, address = {New York, NY, USA}, author = {Gu, Yuechun and Sharma, Sagar and Chen, Keke}, booktitle = {Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security}, date-added = {2024-03-05 13:11:38 -0600}, date-modified = {2024-03-05 13:11:38 -0600}, doi = {10.1145/3576915.3624364}, isbn = {9798400700507}, keywords = {gpu-acceleration, instance encoding, privacy-preserving machine learning}, location = {<conf-loc>, <city>Copenhagen</city>, <country>Denmark</country>, </conf-loc>}, numpages = {3}, pages = {3679--3681}, publisher = {Association for Computing Machinery}, series = {CCS '23}, title = {Demo: Image Disguising for Scalable GPU-accelerated Confidential Deep Learning (ACM CCS'23)}, url = {https://doi.org/10.1145/3576915.3624364}, year = {2023}, bdsk-url-1 = {https://doi.org/10.1145/3576915.3624364} }
GAN-based domain inference attack (AAAI’23)

Yuechun Gu , and Keke Chen

In Proceedings of the AAAI Conference on Artificial Intelligence , 2023

Abs Bib PDF

Model-based attacks can infer training data information from deep neural network models. These attacks heavily depend on the attacker’s knowledge of the application domain, eg, using it to determine the auxiliary data for model-inversion attacks. However, attackers may not know what the model is used for in practice. We propose a generative adversarial network (GAN) based method to explore likely or similar domains of a target model–the model domain inference (MDI) attack. For a given target (classification) model, we assume that the attacker knows nothing but the input and output formats and can use the model to derive the prediction for any input in the desired form. Our basic idea is to use the target model to affect a GAN training process for a candidate domain’s dataset that is easy to obtain. We find that the target model may distort the training procedure less if the domain is more similar to the target domain. We then measure the distortion level with the distance between GAN-generated datasets, which can be used to rank candidate domains for the target model. Our experiments show that the auxiliary dataset from an MDI top-ranked domain can effectively boost the result of model-inversion attacks.
@inproceedings{gu2023gan, author = {Gu, Yuechun and Chen, Keke}, booktitle = {Proceedings of the AAAI Conference on Artificial Intelligence}, date-added = {2024-03-05 13:11:16 -0600}, date-modified = {2024-03-05 13:11:16 -0600}, number = {12}, pages = {14214--14222}, title = {GAN-based domain inference attack (AAAI'23)}, volume = {37}, year = {2023} }