Machine Learning for Security and Privacy

In this research thrust, we aim to study two basic questions. First, how can an attacker leverage machine learning to compromise the security and privacy of computer and network systems? Answering this question often leads to new vulnerabilities of computer and network systems, which could not be uncovered by traditional techniques such as program analysis and verification. Second, how can we leverage machine learning to enhance the security and privacy of computer and network systems, via analyzing the data generated by these systems? We study the two questions in the context of various computer and network systems such as social networks, web, mobile, and IoT systems. A key challenge is to design new machine learning methods that consider the unique characteristics of the security and privacy problems.

Publications

Inference attacks and their defenses

Machine learning is used by attackers to perform automated large-scale attacks. We develop new machine learning techniques as privacy attacks to infer users' private attributes (e.g., location, sexual orientation, political view), hidden social relationships, and identity, using users' data publicly available on the Internet. We also develop defenses for these inference attacks.               

Spam and fraud detection

We develop new machine learning methods to detect spam, fake accounts, and malicious accounts in social networking and web services.

User authentication

Code and dataset