Training Models

In the discussion with Dawn Song on the Lex Fridman Podcast, several aspects of training machine learning models, particularly regarding data privacy and model security, were highlighted. Lex Fridman and Dawn Song touched upon the risks associated with training data confidentiality and the potential for attackers to exploit machine learning models to extract sensitive information from the training data.

Dawn Song described various attack vectors, including white box attacks where the attacker has access to the model's parameters, and query models where the attacker can query the model to extract data indirectly. She emphasized the importance of utilizing techniques like differential privacy during the training phase to ensure the privacy of training data by adding perturbations which help in protecting the data from such attacks.

Moreover, they discussed the risks of models memorizing sensitive information, such as social security numbers, from training datasets and how attackers can extract this information. Implementing differentially private models was suggested as a method to enhance privacy protection and mitigate the risks posed by intelligent attacks on training models 1.