An Empirical Evaluation of the Influence of Particular Data Points in DP-SGD

Eren Kocadag

Machine learning models trained on real-world data might be analyzed by an attacker and thus leak potentially sensitive information. Differentially private stochastic gradient descent (DP-SGD) is a machine learning algorithm that prevents such attacks by limiting the influence that one data point can have on the model in one training step. Over the course of training, the complete influence is only estimated using worst-case assumptions of the differential privacy framework.

This thesis aims at empirically evaluating the influence of particular data points on the final model weights. To that end, a model is trained two times where the second time one data point is removed from training data. The euclidean distance between the weights of both resulting models is then calculated. This process is repeated many times to obtain a histogram of distances. This whole experiment in turn is done for different settings to get insights into DP-SGD.

 Bachelorthesis

Likelihood Inference Attacks on Synthetic MRI Data

Christian Schneider

Due to membership inference attacks, re-identification and other privacy concerns, publicly available MRI data is scarce. Synthetic data created with generative machine learning might alleviate the conflict between data sharing and privacy. Prior work evaluating membership inference attacks (MIA) on synthetic data reports their MIA accuracy as an average-case metric without specifying their false positive rate while other prior work uses attack strategies that might be improved using recent advances. This work presents a novel, state-of-the-art membership inference attack targeting synthetic MRI data, inspired by the likelihood ratio attack proposed by Carlini et al. (2022). Our attack is applied to a fixed dataset of synthetic MRI images generated using a vector-quantized variational autoencoder (VQ-VAE) with a transformer-based decoder. By systematically quantifying the level of prior knowledge available to an adversary, we estimate the privacy advantages of publishing synthetic data over raw data across various attack scenarios, providing valuable insights into the effectiveness of synthetic data in protecting patient privacy.

Masterthesis

Usability evaluation of the Enterprise Resource Planning (ERP) system ‘1C:Enterprise 8.3:PPM’

Sofia Rabinovich

ERP (Enterprise Resource Planning) systems are created to simplify the management of material and nonmaterial resources, generate reports and accelerate information analytics. The user experience of these systems is crucial to their effectiveness, as their main function is to simplify production accounting.

The purpose of this thesis is to identify a list of usability criteria for ERP systems based on existing literature and with their help to investigate the usability of one of the versions of Russian ERP system - 1C: Enterprise 8.3:Production Plan Management (PPM), as well as to investigate the weak points of usability of the program and ways to improve them.

 Bachelorthesis

Anonymous remote consultation

Nadine Warnstädt

With the pandemic, services such as remote medical consultation have become more and more prevalent. Patients no longer have to leave their homes and still benefit if a professional medical consultation. In order to motivate patients to seek medical advice who may not wish to do so because of concerns about exposure, there is a motivation to offer anonymized remote consultation based on voice distortion.

The goal of this thesis is to develop a mockup for a remote consultation application with voice distortion and to evaluate this application for usability.

Masterthesis