Machine Learning (Artificial Intelligence) has become undisputedly popular in recent years. The number of security critical applications of machine learning has been steadily increasing over the years (self-driving cars, user authentication, decision support, profiling, risk assessment, etc.). However, there are still many open privacy and security problems of machine learning. Students can work on the following topics:

Own idea: If you have any own project idea related to data privacy, or the security/privacy of machine learning, and I find it interesting, you can work on that under my guidance... You'll get +1 grade in that case.

Robustness of Large Language Models: Large Language Models (LLMs) are a new class of machine learning models that are trained on large text corpora. They are capable of generating text that is indistinguishable from human-written text. The increasing reliance on Large Language Models (LLMs) across academia and industry necessitates a comprehensive understanding of their robustness to prompts. The task is to study and test different adversarial prompts against LLMs

(De-)Anonymization of Medical Data: ECG (Electrocardiogram) and CTG (Cardiotocography), diagnostic images (MRI, X-ray), are very sensitive datasets containing the medical records of individuals. The task is to (de)-anonymize such datasets (or some aggregates computed over such data) for data sharing with strong, preferably provable Privacy guarantees which are also GDPR compliant.

Privacy of Diffusion models: Black-box membership attacks against diffusion models aim to determine if a specific data sample was part of the model’s training dataset without requiring internal access to the model. These attacks rely on observing the model’s outputs or behaviors when queried with specific inputs, leveraging differences in how the model processes training versus non-training data. Such attacks highlight potential privacy risks in diffusion models, emphasizing the need for techniques like differential privacy to safeguard sensitive data. The task is to design membership attacks against diffusion models.

More information: https://www.crysys.hu/education/projects/