---

Key Research Areas

• Federated Learning Security

We investigate the security threats in decentralized learning systems such as federated learning (FL), including backdoor attacks and privacy threats, while developing robust countermeasures to enhance model security.
• Machine Unlearning & Data Privacy

We develop algorithms that enable models to forget specific training data, preventing model inversion attacks and data reconstruction, and ensuring privacy-preserving AI.

Our research aims to mitigate potential security and privacy risks in modern AI systems, ensuring they remain resilient, privacy-preserving, and ethically responsible in real-world deployments.

---

Federated Learning Security

Federated learning (FL) enables multiple participants to collaboratively train models without sharing their local private data, but it also introduces unique security and privacy vulnerabilities, including privacy risks and attacks. Our work in this area includes:

• Backdoor Attacks & Defenses in FL

We investigate how adversaries can stealthily implant hidden backdoors in FL models, and develop effective detection and mitigation defense techniques.
• Model Inversion Attacks

We explore how adversaries can reconstruct sensitive training data from shared model updates (weights or gradients), and develop defense techniques to prevent the attackers from inferring private attributes of individual users, even with encrypted or aggregated updates.
• Data Leakage from Gradients

We study how unencrypted gradient updates can expose sensitive information about underlying training data, and design robust mitigation strategies to prevent gradient-based data reconstruction attacks, even in the presence of differential privacy techniques.
• Secure Aggregation & Privacy Protection

We explore FL protocols to prevent model inversion attacks, data leakage, and malicious updates.

---

Machine Unlearning & Data Privacy

As AI models continuously learn from vast amounts of data, the ability to selectively forget specific data's influence on trained models upon request is essential for privacy compliance (e.g., GDPR's "right to be forgotten"). However, even when only the trained model is accessible such as in Machine Learning-as-a-Service (MLaaS) settings, model inversion attacks can exploit pre-trained models to reconstruct original ensitive training data, raising concerns about privacy leakage in applications like facial recognition, medical diagnostics, and intelligent virtual assistants. Our research focuses on the following key areas:

Machine Unlearning

• Efficient Machine Unlearning Algorithms

We develop methods that enable models to selectively remove the influence of specific training data without requiring complete retraining the model, maintaining model performance while ensuring compliance with privacy regulations.
• Unlearning Inversion Attacks

We investigate how adversaries can leverage model inversion and gradient inversion techniques to infer feature and label information of an unlearned sample by analyzing changes between the original and unlearned models.
• Defending Against Inversion Attacks

We Design robust defenses to prevent attackers from reconstructing sensitive training data, mitigating risks associated with model inversion and gradient inversion attacks in both white-box and black-box access scenarios.