Skip to content

09 6th February, Tuesday

PattenR edited this page Feb 6, 2018 · 4 revisions

Having done some reflection on the direction I want to take the project in I have settled on a more interesting/more attainable goal and will run through this a bit more in the next meeting, but will summarise here.

Detecting attacks seems to be a little beyond what I could aim to do in this project. These attacks are examples of different ways of performing the training process on a model, they are not modifications of the model itself. There currently exists research and open source code outlining more secure models: compressed networks and differentially private networks are the main two that I have seen in my investigation.

I think a good direction for this project would be to investigate how well each of these models resist the attacks, if at all. Differentially private models are defined in terms of semi-arbitrary parameters and it would be very interesting to be able to investigate if there was a link between how much "privacy" a model has and to what extent these training methods can be successful.

I feel as though this approach has to potential to give some interesting results, seems like a sensible next step in the research area I am investigating. I think this is something that I can be fairly certain will be achievable but there is a little less originality and this feels a bit like just putting different existing ideas together, so I will be interested to see what feedback I get on this in the next meeting.

Update: I have now started a Sharelatex document with my first outline of the initial sections of my thesis based on this.

Update 2:

Few things to consider:

*Do I look to write an API to link the attacks straight into the models? *These attacks are designed to work on deeper networks, but some of the secure models are on shallower ones. *Do I look to reimplement one side to work with the other? Perhaps deeper networks are going to be more interesting as the attacks probably won't work well in shallower ones.

Clone this wiki locally