Dr. Balázs Pejó
Assistant Professor
pejo (at) crysys.hu
web: www.crysys.hu/~pejo/
office: I.E. 430
tel: +36 1 463 2080
Current courses | Student projects | Publications
Short Bio
Balázs Pejó was born in 1989 in Budapest, Hungary. He received a B.Sc. degree in Mathematics from the Budapest University of Technology and Economics (BME, Hungary) in 2012 and two M.Sc. degree in Computer Science in the Security and Privacy program of EIT Digital from the University of Trento (UNITN, Italy) and Eötvös Loránd University (ELTE, Hungary) in 2014. He earned the Ph.D. degree in Informatics from the University of Luxembourg (UNILU, Luxembourg) in 2019. Currently, he is a member of the Laboratory of Cryptography and Systems Security (CrySyS Lab).
Current Courses
Security in Machine Learning (VIHIAV45)
This elective course gives an overview of the different areas of Machine Learning security by processing state-of-the-art and cutting-edge research papers in related fields. The course is interactive, where each student presents a selected topic, i.e., it also focuses on developing "soft skills" such as a scientific presentation.
Privacy-Preserving Technologies (VIHIAV35)
This course provides a detailed overview of data privacy. It focuses on different privacy problems of web tracking, data sharing, and machine learning, as well as their mitigation techniques. The aim is to give the essential (technical) background knowledge needed to identify and protect personal data. These skills are becoming a must of every data/software engineer and data protection officer dealing with personal and sensitive data, and are also required by the European General Data Protection Regulation.
Student Project Proposals
Privacy & Anonymization
The word privacy is derived from the Latin word "privatus" which means set apart from what is public, personal and belonging to oneself, and not to the state. There are multiple angles of privacy and multiple techniques to improve them to varying extent. Students can work on the following topics:
-
(De-)Anonymization of Medical Data:
EHR (Electronic Health Records), ECG (Electrocardiogram) and CTG (Cardiotocography), diagnostic images (MRI, X-ray), are very sensitive datasets containing the medical records of individuals.The task is to anonymize such datasets (or some aggregates computed over such data) for data sharing with strong, preferably provable privacy guarantees which are also GDPR compliant.
(Contact: Gergely Ács) -
Poisoning Differential Privacy:
Differential Privacy is the de facto privacy model used to anonymize datasets (see US-Census data). Small noise is added to the data which hides the participation of any single individual in the dataset, but not the general statistics of the population as a whole. The noise is calibrated to the influence of any record. However, if the data is coming from untrusted sources, the attacker can inject fake records into the dataset in order to increase the added noise that eventually degrades the utility of the anonymized data. The task is to design and implement such an attack.
(Contact: Gergely Ács) -
Differential Privacy Amplification:
Nowadays, the standard privacy-preserving mechanism is Differential Privacy. It aims to hide the presence or the absence of a data point in the final result by adding noise to the original query, making the two outcomes (one with and one without a single data point) statistically indistinguishable (up to the privacy- parameter). For example, the average salary of BME last year's graduates are published with added noise, so even if an adversary knows all alums' salaries except its target, it cannot deduce that with certainty.
Besides the size of the added noise, privacy protection can further be increased by so-called amplification techniques, such as sampling from the data (instead of utilizing all). For instance, only half of the alums are considered for this statistic.
The student's task is to learn and experiment with these amplification techniques and to find the optimal setting (amplification mechanisms and its parameters) to obtain a desirable trade-off between the provided privacy protection and the obtained accuracy.
(Contact: Balázs Pejó) -
Own idea:
If you have any own project idea related to data privacy, and we find it interesting, you can work on that under our guidance.
(Contact: Gergely Ács or Balázs Pejó)
Required skills: none
Preferred skills: basic programming skills (e.g., python)
Machine Learning & Security & Privacy
Machine Learning (Artificial Intelligence) has become undisputedly popular in recent years. The number of security critical applications of machine learning has been steadily increasing over the years (self-driving cars, user authentication, decision support, profiling, risk assessment, etc.). However, there are still many open security problems of machine learning. Students can work on the following topics:
-
Security of Machine learning based Malware Detection:
Adversarial examples are maliciously modified program code where the modification is hard to detect yet the prediction of the model on this slightly modified code is very different compared to the unmodified code. For example, the malware developer modifies a few bytes in the malware binary which causes the malware detector to misclassify the malware as benign. A potential task can be to develop solutions to detect adversarial examples, develop robust training algorithms for malware detection, or design backdoor attacks.
(Contact: Gergely Ács) -
Security and Privacy of Transfer Learning:
In transfer learning, large companies train large (base) models (e.g, LLM or diffusion models) which are then fine-tuned by smaller companies, which don't have the necessary resource to train large models, for more specific tasks (e.g., a chatbot for a specific topic, or object recognition for tumor classification) using their own private training data. However, large companies can poison the base model so that the fine-tuned model can potentially leak information about the small companies' private data. The task is to design/develop/evaluate/mitigate such attacks.
(Contact: Gergely Ács) -
Testing Data Inference:
In Machine Learning, the underlying data is separated into training and testing, where the model is trained on the former to make an accurate prediction. Yet, besides general patterns, the model could learn explicit information corresponding to specific training data points, which could lead to privacy leakage. For instance, it is possible to determine whether a particular sample was used for training via a Membership Inference Attack. It takes advantage of the confidence values of the prediction: a model predicts more confidently on samples it was trained than on samples it has never seen before.
The student's task is to learn about state-of-the-art privacy attacks, which single-mindedly aim at the training data. Inspired by them, it is desired to adopt or create novel techniques to infer details about the dataset used for testing (if possible).
(Contact: Balázs Pejó) -
Meta Learning:
In online media, there is legit news as well as fake news. While the former is usually of higher quality, the latter is often associated with low-quality writing. Several machine learning models focus on classifying these two in the scientific literature. Moreover, in the scientific literature itself, there are lower and higher-quality publications as well.
The student's task is to get familiar with these models and experiment with their applicability to differentiate non-peer-reviewed scientific papers (e.g., on ArXiv) from articles that appeared in well-established venues (such as S&P, CCS, etc.).
(Contact: Balázs Pejó) -
Improving Machine Learning by Preclassification:
In a classical Machine Learning scenario, data (e.g., traffic signs) is fed in random order into the model (e.g., traffic sign predictor) for every training iteration. While the model would eventually learn the difference between each data class (e.g., traffic sign type), randomly feeding the data into the model might slow the learning process: one would think it would be faster to differentiate between the very distinct data classes (e.g., the Stop sign has a unique shape) first (i.e., early training rounds) and latter (i.e., later training rounds) focus on the more similar classes (e.g., the Speed Limit 100 and 120).
On the other hand, the model does not know which classes are similar or distinct before training. In fact, this is what it aims to learn in the first place.
The student's task is to review the previous research efforts toward solving this chicken-egg problem and to propose and implement a novel speed-up solution.
(Contact: Balázs Pejó) -
Own idea:
If you have any own project idea related to the security/privacy of machine learning, and we find it interesting, you can work on that under our guidance.
(Contact: Gergely Ács or Balázs Pejó)
Required skills: none
Preferred skills: basic programming skills (e.g., python), machine learning (not required)
Federated Learning - Security & Privacy & Contribution Scores
Federated learning enables multiple actors to build a common, robust machine learning model without sharing data, thus allowing to address critical issues such as data privacy, data security, data access rights and access to heterogeneous data. Its applications are spread over a number of industries including defense, telecommunications, IoT, and pharmaceutics. Students can work on the following topics:
-
Security and Privacy of Federated Learning:
Federated learning allows multiple parties to collaborate in order to train a common model, by only sharing model updates instead of their training data (e.g., mobile devices train a common model for input text prediction, or hospitals train a better model for tumor classification). Even if this architecture seems more privacy-preserving at first sight, recent works have highlighted numerous privacy and security attacks to infer private and sensitive information. The task is to develop privacy and/or security attacks against federated learning (data poisoning, backdoors, reconstruction attacks), and/or mitigate these attacks.
(Contact: Gergely Ács) -
Federated Learning Framework for Medical Data:
Federated learning is going to be adopted in health care, where different organizations want to train a common model for different purposes (tumor/disease classification, prediction of survival time, finding an explainable pattern of Covid on whole slide images of livers, etc.) but organizations lack of sufficient training data individually. The task is to develop federated learning framework for such tasks.
(Contact: Gergely Ács) -
Robust Federated Learning:
In a classical Machine Learning scenario, data (e.g., textual) is fed into the model (e.g., next-word predictor) for training. The larger this dataset, the greater the prediction power of the trained model. However, in many real-world applications, no central dataset is available for training, but smaller pieces are scattered among various entities (e.g., on mobile phones). A model trained on small local datasets might be biased or have low accuracy. Hence, it is desired to train a joint model collaboratively.
Due to various privacy regulations, directly sharing sensitive data (e.g., text messages) is not feasible. Federated Learning tackles such a distributed setup where multiple entities (e.g., mobile devices) train a single machine learning model together (e.g., next-word predictor) based on their overall dataset, which is never shared with other participants.
On the other hand, the participants could be malicious. Their goal could vary from performance degradation to increasing/decreasing the occurrence of desired strings (e.g., Adidas). There are several techniques to mitigate the effect of the malicious participants in Federated Learning; some work in the client selection phase, while others work in the aggregation phase.
The student's task is to explore these techniques, experiment with them and propose an optimal solution that combines several.
(Contact: Balázs Pejó) -
Free RIder Detection using Attacks (FRIDA):
In Machine Learning, the model is designed to learn patterns from a dataset based on which it should make its prediction. However, besides general patterns, the model could learn explicit information corresponding to specific data points, which could lead to privacy leakage. Such leakage could be revealed with Membership Inference Attack, which determines whether a particular data sample was used for training.
In Federated Learning, multiple individuals train a single model together in a privacy-friendly way, i.e., their underlying datasets remain hidden from the other participants. As a consequence of this distributed setup, dishonest participants might behave maliciously by free-riding (enjoying the commonly trained model while not contributing to it).
The student's interdisciplinary task is to read about the Membership Inference Attacks and the free-riding problem in Federated Learning. Furthermore, to propose a framework that connects the two, i.e., use Membership Inference Attack to determine whether the participant used actual data or just random noise during training.
(Contact: Balázs Pejó) -
Capture the Fairness/Robustness/Accuracy/Privacy Trade-Off (FRAP):
The chief goal of today's Machine Learning models is Accuracy: the higher this value, the better the model. This is a vast overlook, as there are several other objectives a Machine Learning model should be optimized for, such as Robustness, Fairness, and Privacy.
Robustness captures how resistant the model is towards hostile behavior, e.g., injecting malicious samples in the training set. For instance, misclassifying 1% of the Stop signs as Give Way in autonomous driving is more desirable than only misclassifying 0.1% as Speed Limit 100.
Fairness considers the model's behavior on different subgroups of the population. For example, a face recognition software with 99% accuracy over the whole population could be more desirable than another with 99.9% accuracy overall but with 50% on a small ethnic group.
Finally, Privacy deals with undesired information leakage: a model with superior performance might leak a severe portion of its training data. In contrast, another with decent performance only reveals a negligible amount.
As highlighted above, there are clear connections between Accuracy and the three mentioned aspects. Additionally, there are initial research papers on any triad with Accuracy. Yet, other combinations are unexplored. The student's task is to select two (from Robustness, Privacy, and Fairness) and measure their effect on each other. A Game-theoretic model is desired to determine the optimal setting based on some predefined incentives.
(Contact: Balázs Pejó ot (Contact: Gergely Biczók) -
Fairness of Shapley Approximations:
In any distributed setting with a single common product, such as in Federated Learning (where multiple participants train a Machine Learning model together in a privacy-friendly way), the contribution of the individuals is a crucial question. For instance, when several pharmaceutical companies train a model together, which leads to a huge breakthrough, how should they split the pay-off corresponding to the model?
Equal distribution is as unfair as the one based on the dataset sizes, as neither considers the data quality. What does fair mean in the first place? Shapley defined four fundamental fairness properties and proved that his reward allocation scheme is the only one that satisfies all. On the other hand, it is exponentially hard to compute, so it is standard practice to approximate it in real life.
The student's task is to study existing approximation methods and verify (theoretically or empirically) to what extent these methods respect the four desired properties.
(Contact: Balázs Pejó or Gergely Biczók) -
Own idea:
If you have any own project idea related to the security/privacy of federated learning, and we find it interesting, you can work on that under our guidance.
(Contact: Gergely Ács or Balázs Pejó or Gergely Biczók)
Required skills: none
Preferred skills: basic programming skills (e.g., python), machine learning (not required)
Economics of (cyber)security and (data)privacy
As evidenced in the last 10-15 years, cybersecurity is not a purely technical discipline. Decision-makers, whether sitting at security providers (IT companies), security demanders (everyone using IT) or the security industry, are mostly driven by economic incentives. Understanding these incentives are vital for designing systems that are secure in real-life scenarios. Parallel to this, data privacy has also shown the same characteristics: proper economic incentives and controls are needed to design systems where sharing data is beneficial to both data subject and data controller. An extreme example to a flawed attempt at such a design is the Cambridge Analytica case.
The prospective student will identify a cybersecurity or data privacy economics problem, and use elements of game theory and other domain-specific techniques and software tools to transform the problem into a model and propose a solution. Potential topics include:
- CPSFlipIt: attacker-defender dynamics in cyber-physical systems
- Risk management for cyber-physical/OT systems
- Incentives in secure software development: why should programmers have proper security training?
- Interdependent privacy: modeling inference with probabilistic graphical models
- BYOT: Bring Your Own Topic!
Required skills: model thinking, good command of English
Preferred skills: basic knowledge of game theory, basic programming skills (e.g., python, matlab, NetLogo)
Publications
2022
Collaborative Drug Discovery: Inference-level Privacy Perspective
B. Pejo and M. Remeli and Á. Arany and M. Galtier and G. Ács
Transactions on Data Privacy (TDP), vol. 15, 2022.
Bibtex | Abstract | PDF | Link
@article {
author = {Balazs Pejo and Mina Remeli and Ádám Arany and Mathieu Galtier and Gergely Ács},
title = {Collaborative Drug Discovery: Inference-level Privacy Perspective},
journal = {Transactions on Data Privacy (TDP)},
volume = {15},
year = {2022},
howpublished = "\url{http://www.tdp.cat/issues21/abs.a449a21.php}"
}
Abstract
Pharmaceutical industry can better leverage its data assets to virtualize drug discovery through a collaborative machine learning platform. On the other hand, there are non-negligible risks stemming from the unintended leakage of participants' training data, hence, it is essential for such a platform to be secure and privacy-preserving. This paper describes a privacy risk assessment for collaborative modeling in the preclinical phase of drug discovery to accelerate the selection of promising drug candidates. After a short taxonomy of state-of-the-art inference attacks we adopt and customize several to the underlying scenario. Finally we describe and experiments with a handful of relevant privacy protection techniques to mitigate such attacks.Games in the Time of COVID-19: Promoting Mechanism Design for Pandemic Response
B. Pejo and G. Biczók
ACM Transactions on Spatial Algorithms and Systems (TSAS), 2022.
@article {
author = {Balazs Pejo and Gergely Biczók},
title = {Games in the Time of COVID-19: Promoting Mechanism Design for Pandemic Response},
journal = {ACM Transactions on Spatial Algorithms and Systems (TSAS)},
year = {2022},
howpublished = "\url{https://dl.acm.org/doi/abs/10.1145/3503155}"
}
Abstract
Guide to Differential Privacy Modifications
B. Pejo and D. Desfontaines
Springer International Publishing (SpringerBriefs), 2022.
@book {
author = {Balazs Pejo and Damien Desfontaines},
title = {Guide to Differential Privacy Modifications},
publisher = {Springer International Publishing (SpringerBriefs)},
year = {2022},
howpublished = "\url{https://link.springer.com/book/10.1007/978-3-030-96398-9}"
}
Abstract
Incentives for Individual Compliance with Pandemic Response Measures
B. Pejo and G. Biczók
Enabling Technologies for Social Distancing: Fundamentals, concepts and solutions, (IET), 2022.
@inproceedings {
author = {Balazs Pejo and Gergely Biczók},
title = {Incentives for Individual Compliance with Pandemic Response Measures},
booktitle = {Enabling Technologies for Social Distancing: Fundamentals, concepts and solutions, (IET)},
year = {2022},
howpublished = "\url{https://digital-library.theiet.org/content/books/te/pbte104e}"
}
Abstract
Revenue Attribution on iOS 14 using Conversion Values in F2P Games
F. Ayala-Gómez and I. Horppu and E. Gülbenkoglu and V. Siivola and B. Pejo
AdKDD Workshop at 28th ACM SIGKDD Conference on Knowledge Discovery and Data Mining (AdKDD) , 2022.
Bibtex | Abstract | PDF | Link
@inproceedings {
author = {Frederick Ayala-Gómez and Ismo Horppu and Erlin Gülbenkoglu and Vesa Siivola and Balazs Pejo},
title = {Revenue Attribution on iOS 14 using Conversion Values in F2P Games},
booktitle = {AdKDD Workshop at 28th ACM SIGKDD Conference on Knowledge Discovery and Data Mining (AdKDD) },
year = {2022},
howpublished = "\url{https://www.adkdd.org/Papers/Show-me-the-Money%3A-Measuring-Marketing-Performance-in-F2P-Games-using-Apple's-App-Tracking-Transparency-Framework/2022}"
}
Keywords
conversion value, revenue attribution, mobile advertising, privacyAbstract
Mobile app developers use paid advertising campaigns to acquire new users. Based on the campaigns' performance, marketing managers decide where and how much to spend. Apple's new privacy mechanisms profoundly impact how performance marketing is measured. Starting iOS 14.5, all apps must get system permission for tracking explicitly via the new App Tracking Transparency Framework. Instead of relying on individual identifiers, Apple proposed a new performance mechanism called conversion value, an integer set by the apps for each user. The conversion value follows a set of rules and a schema that defines the integers based on the user's in-app behavior. The developers can get the number of installs per conversion value for each campaign. For conversion values to be helpful, we need a method that translates them to revenue. This paper investigates the task of attributing revenue to advertising campaigns using their reported conversion values. Our contributions are to formalize the problem, find the theoretically optimal revenue attribution function for any conversion value schema and show empirical results on past data of a free-to-play mobile game using different conversion value schemas.Why Fuzzy Message Detection Leads to Fuzzy Privacy Guarantees
I. Seres and B. Pejo and P. Burcsi
22nd Financial Cryptography and Data Security Conference (FC), 2022.
@conference {
author = {Andras Instvan Seres and Balazs Pejo and Peter Burcsi},
title = {Why Fuzzy Message Detection Leads to Fuzzy Privacy Guarantees},
booktitle = {22nd Financial Cryptography and Data Security Conference (FC)},
year = {2022},
howpublished = "\url{https://fc22.ifca.ai/preproceedings/9.pdf}"
}
Keywords
Fuzzy Message Detection, unlinkability, anonymity, differential privacy, game theoryAbstract
Fuzzy Message Detection (FMD) is a recent cryptographic primitive invented by Beck et al. (CCS’21) where an untrusted server performs coarse message filtering for its clients in a recipient-anonymous way. In FMD — besides the true positive messages — the clients download from the server their cover messages determined by their false- positive detection rates. What is more, within FMD, the server cannot distinguish between genuine and cover traffic. In this paper, we formally analyze the privacy guarantees of FMD from three different angles. First, we analyze three privacy provisions offered by FMD: recipient unlinkability, relationship anonymity, and temporal detection ambiguity. Second, we perform a differential privacy analysis and coin a relaxed definition to capture the privacy guarantees FMD yields. Finally, we simulate FMD on real-world communication data. Our theoretical and empirical results assist FMD users in adequately selecting their false-positive detection rates for various applications with given privacy requirements.2021
Measuring Contributions in Privacy-Preserving Federated Learning
G. Ács and G. Biczók and B. Pejo
ERCIM NEWS, vol. 126, 2021, pp. 35-36.
@article {
author = {Gergely Ács and Gergely Biczók and Balazs Pejo},
title = {Measuring Contributions in Privacy-Preserving Federated Learning},
journal = {ERCIM NEWS},
volume = {126},
year = {2021},
pages = {35-36},
howpublished = "\url{https://ercim-news.ercim.eu/en126/special/measuring-contributions-in-privacy-preserving-federated-learning}"
}
Abstract
How vital is each participant’s contribution to a collaboratively trained machine learning model? This is a challenging question to answer, especially if the learning is carried out in a privacy-preserving manner with the aim of concealing individual actions.Property Inference Attacks on Convolutional Neural Networks: Influence and Implications of Target Model's Complexity
M. Parisot and B. Pejo and D. Spagnuelo
18th International Conference on Security and Cryptography (SECRYPT), 2021.
@conference {
author = {Mathias Parisot and Balazs Pejo and Dayana Spagnuelo},
title = {Property Inference Attacks on Convolutional Neural Networks: Influence and Implications of Target Model's Complexity},
booktitle = {18th International Conference on Security and Cryptography (SECRYPT)},
year = {2021},
howpublished = "\url{https://www.scitepress.org/Link.aspx?doi=10.5220/0010555607150721}"
}
Abstract
2020
Corona Games: Masks, Social Distancing and Mechanism Design
B. Pejo and G. Biczók
Proc. of ACM SIGSPATIAL Workshop on COVID, ACM, 2020.
@inproceedings {
author = {Balazs Pejo and Gergely Biczók},
title = {Corona Games: Masks, Social Distancing and Mechanism Design},
booktitle = {Proc. of ACM SIGSPATIAL Workshop on COVID},
publisher = {ACM},
year = {2020}
}
Abstract
Pandemic response is a complex affair. Most governments employ a set of quasi-standard measures to fight COVID-19 including wearing masks, social distancing, virus testing and contact tracing. We argue that some non-trivial factors behind the varying effectiveness of these measures are selfish decision-making and the differing national implementations of the response mechanism. In this paper, through simple games, we show the effect of individual incentives on the decisions made with respect to wearing masks and social distancing, and how these may result in a sub-optimal outcome. We also demonstrate the responsibility of national authorities in designing these games properly regarding the chosen policies and their influence on the preferred outcome. We promote a mechanism design approach: it is in the best interest of every government to carefully balance social good and response costs when implementing their respective pandemic response mechanism.Sok: differential privacies
D. Desfontaines and B. Pejo
Proceedings on privacy enhancing technologies, 2020, pp. 288-313.
@inproceedings {
author = {Damien Desfontaines and Balazs Pejo},
title = {Sok: differential privacies},
booktitle = {Proceedings on privacy enhancing technologies},
year = {2020},
pages = {288-313},
howpublished = "\url{https://arxiv.org/abs/1906.01337}"
}
Abstract
Shortly after it was first introduced in 2006, differential privacy became the flagship data privacy definition. Since then, numerous variants and extensions were proposed to adapt it to different scenarios and attacker models. In this work, we propose a systematic taxonomy of these variants and extensions. We list all data privacy definitions based on differential privacy, and partition them into seven categories, depending on which aspect of the original definition is modified. These categories act like dimensions: variants from the same category cannot be combined, but variants from different categories can be combined to form new definitions. We also establish a partial ordering of relative strength between these notions by summarizing existing results. Furthermore, we list which of these definitions satisfy some desirable properties, like compo- sition, post-processing, and convexity by either providing a novel proof or collecting existing ones.2019
Together or Alone: The Price of Privacy in Collaborative Learning
B. Pejo and Q. Tang and G. Biczók
Proceedings on Privacy Enhancing Technologies (PETS 2019), De Gruyter, 2019.
@inproceedings {
author = {Balazs Pejo and Q. Tang and Gergely Biczók},
title = {Together or Alone: The Price of Privacy in Collaborative Learning},
booktitle = {Proceedings on Privacy Enhancing Technologies (PETS 2019)},
publisher = {De Gruyter},
year = {2019}
}
Abstract
Machine learning algorithms have reached mainstream status and are widely deployed in many applications. The accuracy of such algorithms depends significantly on the size of the underlying training dataset; in reality a small or medium sized organization often does not have the necessary data to train a reasonably accurate model. For such organizations, a realistic solution is to train their machine learning models based on their joint dataset (which is a union of the individual ones). Unfortunately, privacy concerns prevent them from straightforwardly doing so. While a number of privacy-preserving solutions exist for collaborating organizations to securely aggregate the parameters in the process of training the models, we are not aware of any work that provides a rational framework for the participants to precisely balance the privacy loss and accuracy gain in their collaboration. In this paper, by focusing on a two-player setting, we model the collaborative training process as a two-player game where each player aims to achieve higher accuracy while preserving the privacy of its own dataset. We introduce the notion of Price of Privacy, a novel approach for measuring the impact of privacy protection on the accuracy in the proposed framework. Furthermore, we develop a game-theoretical model for different player types, and then either find or prove the existence of a Nash Equilibrium with regard to the strength of privacy protection for each player. Using recommendation systems as our main use case, we demonstrate how two players can make practical use of the proposed theoretical framework, including setting up the parameters and approximating the non-trivial Nash Equilibrium.2018
POSTER: The Price of Privacy in Collaborative Learning
B. Pejo and Q. Tang and G. Biczók
CCS 2018 Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, ACM, 2018.
@inproceedings {
author = {Balazs Pejo and Q. Tang and Gergely Biczók},
title = {POSTER: The Price of Privacy in Collaborative Learning},
booktitle = {CCS 2018 Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security},
publisher = {ACM},
year = {2018}
}