Skip to content

09 6th February, Tuesday

PattenR edited this page Feb 6, 2018 · 4 revisions

Having done some reflection on the direction I want to take the project in I have settled on a more interesting/more attainable goal and will run through this a bit more in the next meeting, but will summarise here.

Detecting attacks seems to be a little beyond what I could aim to do in this project. These attacks are examples of different ways of performing the training process on a model, they are not modifications of the model itself. There currently exists research and open source code outlining more secure models: compressed networks and differentially private networks are the main two that I have seen in my investigation.

I think a good direction for this project would be to investigate how well each of these models resist the attacks, if at all. Differentially private models are defined in terms of semi-arbitrary parameters and it would be very interesting to be able to investigate if there was a link between how much "privacy" a model has and to what extent these training methods can be successful.

I feel as though this approach has to potential to give some interesting results, seems like a sensible next step in the research area I am investigating. I think this is something that I can be fairly certain will be achievable but there is a little less originality and this feels a bit like just putting different existing ideas together, so I will be interested to see what feedback I get on this in the next meeting.

Update: I have now started a Sharelatex document with my first outline of the initial sections of my thesis based on this.

Clone this wiki locally