MAPS
Machine learning and Algorithms for Practical Security
Machine learning tools have become widely accessible over the past decade, but their security remains an ongoing challenge. OWASP has summarized the ‘Top 10’ practical problems in machine learning (ML) security. However, research in each sub-problem is an ongoing race between attacks and defenses. Does this cat-and-mouse race have an end? Are there optimal defense strategies such that all attacks bounded by certain costs become impractical?
The MAPS project aims to answer these questions in a principled manner by identifying the inherent limitations of current schemes and drawing from cryptographically hard problems to establish robust security guarantees. Specifically, we study four main areas:
- the practical impact of data poisoning attacks in federated settings and the computational limitations of robust aggregation defenses against such attacks;
- watermarking schemes for AI-generated content that is provably secure against all possible attacks;
- we investigate verification of desired properties of ML systems and practical differential privacy in federated networks and GNNs.
MAPS is a project under the KISP NUS Lab.
-
Poisoning Attacks & Provable Defenses
Data poisoning attack is when an attacker corrupts training data to cause undesirable behaviour in the trained model. This behaviour can be of various kinds, including but not limited to inserting backdoors, decreasing overall accuracy, misclassifying certain inputs, and so on. [Read More] -
Cryptographic Primitives for ML Security
ML systems are increasingly deployed in security-critical applications, but traditional defenses often rely on heuristics that lack formal guarantees. In this project, we explore how cryptographic primitives can provide provable guarantees for model integrity, provenance, and privacy. [Read More] -
Privacy-Preserving Graph Learning
Graph-structured data is ubiquitous in many applications, ranging from social networks to traffic prediction. Hence, graph learning tasks such as node classification have become increasingly important. However, graph data often encode sensitive information and are often distributed across multiple machines to comply with residency and privacy laws. Motivated by these... [Read More] -
Quantitative Verification of Privacy Properties
As machine learning is increasingly used in safety-critical and privacy-sensitive applications, it is crucial to analze the models’ security properties in a principled manner. [Read More]
Publications
Recent
A Practical and Secure Byzantine Robust Aggregator
De Zhang Lee, Aashish Kolluri, Prateek Saxena, Ee-Chien Chang
ACM Conference on Computer and Communications Security (CCS 2025). Taipei, Taiwan,
Oct 2025.
On Cryptographic Countermeasures for Against Model Inversion Attacks
Louise Xu, Mallika Prabhakar, Prateek Saxena
In Review, 2025.
Attacking Byzantine Robust Aggregation in High Dimensions
Sarthak Choudhary*, Aashish Kolluri*, Prateek Saxena
IEEE Symposium on Security and Privacy (S&P 2024). Oakland, CA,
May 2024.
Scalable Neural Network Training over Distributed Graphs
Aashish Kolluri, Sarthak Choudhary, Bryan Hooi, Prateek Saxena
Arxiv, 2024.
CLUE-Mark: Watermarking Diffusion Models using CLWE
Kareem Shehata, Aashish Kolluri, Prateek Saxena
Arxiv, 2024.
Unforgeability in Stochastic Gradient Descent
Teodora Baluta, Ivica Nikolic, Racchit Jain, Divesh Aggarwal, Prateek Saxena
ACM Conference on Computer and Communications Security (CCS 2023). Copenhagen, DK,
Nov 2023.
LPGNet: Link Private Graph Networks for Node Classification
Aashish Kolluri, Teodora Baluta, Prateek Saxena
ACM Conference on Computer and Communications Security (CCS 2022). Los Angeles, CA,
Nov 2022.
Membership Inference Attacks and Generalization: A Causal Perspective
Teodora Baluta, Shiqi Shen, S. Hitarth, Shruti Tople, Prateek Saxena
ACM Conference on Computer and Communications Security (CCS 2022). Los Angeles, CA,
Nov 2022.
Private Hierarchical Clustering in Federated Networks
Aashish Kolluri, Teodora Baluta, Prateek Saxena
ACM Conference on Computer and Communications Security (CCS 2021). Korea,
Nov 2021.
Scalable Quantitative Verification For Deep Neural Networks
Teodora Baluta, Zheng Leong Chua, Kuldeep S. Meel, Prateek Saxena
International Conference on Software Engineering (ICSE 2021). Madrid, Spain,
May 2021.
Current members
We gratefully acknowledge the support of Crystal Center.