Igor Shilov (➡️ ICML 🇨🇦)
@igorshilov.bsky.social
Anthropic AI Safety Fellow
PhD student at Imperial College London.
ML, interpretability, privacy, and stuff
🏳️🌈
https://igorshilov.com/
PhD student at Imperial College London.
ML, interpretability, privacy, and stuff
🏳️🌈
https://igorshilov.com/
Check out our website for more info: computationalprivacy.github.io/loss_traces/
arxiv: arxiv.org/abs/2411.05743
See you in Seattle!
And thanks to my amazing co-authors: Joseph Pollock, Euodia Dodd and @yvesalexandre.bsky.social
arxiv: arxiv.org/abs/2411.05743
See you in Seattle!
And thanks to my amazing co-authors: Joseph Pollock, Euodia Dodd and @yvesalexandre.bsky.social
Loss Traces: Free Privacy Risk Evaluation
Estimate the vulnerability of training samples to membership inference attacks by analyzing their loss traces during model training - no shadow models required!
computationalprivacy.github.io
June 24, 2025 at 3:17 PM
Check out our website for more info: computationalprivacy.github.io/loss_traces/
arxiv: arxiv.org/abs/2411.05743
See you in Seattle!
And thanks to my amazing co-authors: Joseph Pollock, Euodia Dodd and @yvesalexandre.bsky.social
arxiv: arxiv.org/abs/2411.05743
See you in Seattle!
And thanks to my amazing co-authors: Joseph Pollock, Euodia Dodd and @yvesalexandre.bsky.social
Why this matters:
✅ Enables iterative privacy risk assessment during model development
✅ Zero additional computational cost
✅ Could inform targeted defenses (selective unlearning, data removal)
✅ Practical for large models where shadow model approaches fail
✅ Enables iterative privacy risk assessment during model development
✅ Zero additional computational cost
✅ Could inform targeted defenses (selective unlearning, data removal)
✅ Practical for large models where shadow model approaches fail
June 24, 2025 at 3:17 PM
Why this matters:
✅ Enables iterative privacy risk assessment during model development
✅ Zero additional computational cost
✅ Could inform targeted defenses (selective unlearning, data removal)
✅ Practical for large models where shadow model approaches fail
✅ Enables iterative privacy risk assessment during model development
✅ Zero additional computational cost
✅ Could inform targeted defenses (selective unlearning, data removal)
✅ Practical for large models where shadow model approaches fail
The best part? You can collect per-sample losses for free during training by simply changing the loss reduction:
![# Standard PyTorch training loop
criterion = nn.CrossEntropyLoss(reduction="none") # Change from default "mean"
# During training
loss = criterion(outputs, targets)
# Here loss has shape [batch_size] - per-sample losses
# Save the per-sample losses
saved_losses.append(loss.detach())
# Take mean for backward pass
loss.mean().backward()](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:fekd3oyblwi4zk6rei3akja3/bafkreiflhgt2qc2fe2dgoivmx6ran6zsb5fr4fqk6l2g6q6jd3c5szzomu@jpeg)
June 24, 2025 at 3:17 PM
The best part? You can collect per-sample losses for free during training by simply changing the loss reduction:
Our proposed loss trace aggregation methods achieve 92% Precision@k=1% in identifying samples vulnerable to LiRA attack on CIFAR-10 (positives at FPR=0.001). Prior computationally effective vulnerability detection methods (loss, gradient norm) perform barely better than random on the same task.
June 24, 2025 at 3:17 PM
Our proposed loss trace aggregation methods achieve 92% Precision@k=1% in identifying samples vulnerable to LiRA attack on CIFAR-10 (positives at FPR=0.001). Prior computationally effective vulnerability detection methods (loss, gradient norm) perform barely better than random on the same task.
🐸 Check out these CIFAR-10 frog examples:
Easy-to-fit outliers: Loss drops late but reaches near zero → most vulnerable
Hard-to-fit outliers: Loss drops slowly, stays relatively high → somewhat vulnerable
Average samples: Loss drops quickly and stays low → least vulnerable
Easy-to-fit outliers: Loss drops late but reaches near zero → most vulnerable
Hard-to-fit outliers: Loss drops slowly, stays relatively high → somewhat vulnerable
Average samples: Loss drops quickly and stays low → least vulnerable
June 24, 2025 at 3:17 PM
🐸 Check out these CIFAR-10 frog examples:
Easy-to-fit outliers: Loss drops late but reaches near zero → most vulnerable
Hard-to-fit outliers: Loss drops slowly, stays relatively high → somewhat vulnerable
Average samples: Loss drops quickly and stays low → least vulnerable
Easy-to-fit outliers: Loss drops late but reaches near zero → most vulnerable
Hard-to-fit outliers: Loss drops slowly, stays relatively high → somewhat vulnerable
Average samples: Loss drops quickly and stays low → least vulnerable
Problem: SoTA MIAs often require training hundreds of shadow models to identify vulnerable samples. This is extremely expensive, especially for large models.
Solution: Loss pattern throughout training tells you a lot about individual's vulnerability.
⬇️
Solution: Loss pattern throughout training tells you a lot about individual's vulnerability.
⬇️
June 24, 2025 at 3:17 PM
Problem: SoTA MIAs often require training hundreds of shadow models to identify vulnerable samples. This is extremely expensive, especially for large models.
Solution: Loss pattern throughout training tells you a lot about individual's vulnerability.
⬇️
Solution: Loss pattern throughout training tells you a lot about individual's vulnerability.
⬇️
We're very excited to host this meetup and we'd be thrilled to see you there!
imperial.ac.uk/events/18318...
imperial.ac.uk/events/18318...
Privacy in Machine Learning Meetup @ Imperial
The Computational Privacy Group at Imperial College London is organizing the first Machine Learning Privacy meetup, recognizing the growing community of researchers in and around London working at the...
imperial.ac.uk
December 17, 2024 at 10:26 AM
We're very excited to host this meetup and we'd be thrilled to see you there!
imperial.ac.uk/events/18318...
imperial.ac.uk/events/18318...
We're also inviting PhD students to give 1-minute lightning talks to share their research with the community.
If you're interested, please sign up here:
docs.google.com/forms/d/e/1F...
If you're interested, please sign up here:
docs.google.com/forms/d/e/1F...
https://docs.google.com/forms/d/e/1FAIpQLScg20yOOKp9Ilug5lxumCb4s0MvoiEyibCcfRZ6qa6mLNsHeg/viewform
t.co
December 17, 2024 at 10:26 AM
We're also inviting PhD students to give 1-minute lightning talks to share their research with the community.
If you're interested, please sign up here:
docs.google.com/forms/d/e/1F...
If you're interested, please sign up here:
docs.google.com/forms/d/e/1F...
The line-up for the evening:
- Graham Cormode (University of Warwick/Meta AI)
- Lukas Wutschitz (M365 Research, Microsoft)
- Jamie Hayes (Google DeepMind)
- Ilia Shumailov (Google DeepMind)
- Graham Cormode (University of Warwick/Meta AI)
- Lukas Wutschitz (M365 Research, Microsoft)
- Jamie Hayes (Google DeepMind)
- Ilia Shumailov (Google DeepMind)
December 17, 2024 at 10:26 AM
The line-up for the evening:
- Graham Cormode (University of Warwick/Meta AI)
- Lukas Wutschitz (M365 Research, Microsoft)
- Jamie Hayes (Google DeepMind)
- Ilia Shumailov (Google DeepMind)
- Graham Cormode (University of Warwick/Meta AI)
- Lukas Wutschitz (M365 Research, Microsoft)
- Jamie Hayes (Google DeepMind)
- Ilia Shumailov (Google DeepMind)
Recognizing the growing ML Privacy community in and around London, we hope this to be a great opportunity for people to connect and share perspectives.
We will be hosting research talks from our amazing invited speakers, followed by a happy hour.
We will be hosting research talks from our amazing invited speakers, followed by a happy hour.
December 17, 2024 at 10:26 AM
Recognizing the growing ML Privacy community in and around London, we hope this to be a great opportunity for people to connect and share perspectives.
We will be hosting research talks from our amazing invited speakers, followed by a happy hour.
We will be hosting research talks from our amazing invited speakers, followed by a happy hour.
Считаю, что можно забрать обратно слово твиты, потому что в Х теперь «посты»
September 22, 2023 at 6:34 AM
Считаю, что можно забрать обратно слово твиты, потому что в Х теперь «посты»
Что как за что
Почему ты вообще туда писал
Почему ты вообще туда писал
September 20, 2023 at 6:43 PM
Что как за что
Почему ты вообще туда писал
Почему ты вообще туда писал
Мне от этого треда захотелось к зимней сессии подготовиться
September 20, 2023 at 6:20 PM
Мне от этого треда захотелось к зимней сессии подготовиться