My research goal is to build ethical, safe, and private machine learning systems. In our work, we demonstrate security drawbacks of Federated Learning (AISTATS'20) and fairness implications of Differentially Private Deep Learning (NeurIPS'19). We proposed a framework for backdoor attacks and defenses (USENIX'21) a new attack (S&P'22) that modifies large language models and spins the output for Propaganda-as-a-Service.
Earlier, I worked on Ancile – a framework for language-level control over data usage, and OpenRec – a modular library for deep recommender systems. Amazon, Apple, and Google hosted me for summer internships. At Google, I worked on a new algorithm for building private heatmaps (PETS'22). At Apple, I developed a novel way to obtain good tokenizers for Private Federated Learning (FL4NLP@ACL'22). Before starting my PhD, I received engineering degree from Baumanka and worked at Cisco on OpenStack networking.
In my free time I play water polo and (used to...) travel.E-mail: eugenealternate_emailcs.cornell.edu
Tokenization is an important part of training a good language model, however in private federated learning where user data are not available generic tokenization methods reduce performance. We show how to obtain a good tokenizer without spending additional privacy budget.Work done at Apple. [PDF].
We introduce a constrain-and-scale attack, a form of data poisoning, that can stealthily inject a backdoor into one of the participating models during a single round of Federated Learning training. This attack can avoid proposed defenses and propagate the backdoor to a global server that will distribute the compromised model to other participants.[PDF], [Code].
A fast and compact cloud-native implementation of containers.[PDF].