LEAKPRO: Leakage Profiling and Risk Oversight for Machine Learning Models

Purpose and goal

The primary goal is to create LEAKPRO, a platform to evaluate the risk of information leakage in machine learning applications and to identify/validate realistic attack vectors. LEAKPRO will be developed as open-source with a focus on scalability and relevance. Attacks against different types of model architectures and data modalities will be supported to be as relevant as possible to the Swedish ecosystem. LEAKPRO supports risk profiling of data leakage for different types of scenarios such as black-box, white-box, federated training, and synthetic data.

Expected effects and result

LEAKPRO is expected to assist the Swedish ecosystem with a tool to responsibly expose machine learning models and synthetic data to external parties. LEAKPRO will act as a component in the development chain to iterate a model that minimizes the risk of data leakage given current state-of-the-art attacks. Furthermore, LEAKPRO is expected to contribute to political discussions as a basis to assess the real risks regarding the overlap between secrecy and machine learning models.

Planned approach and implementation

LEAKPRO is divided into seven work packages. The first package focuses on establishing an architecture for the platform. Work packages 2-5 happen in parallel where attacks are implemented and tested against 1) white/black-box models, 2) federated learning, 3) synthetic data. Work package 5 aims to implement the attacks in LEAKPRO along with tests and documentation. Work package 6 is about testing LEAKPRO internally with project partners and paving the way for inclusion in RISE Cyberrange. Work package 7 deals with knowledge sharing and administration.