Mathias Lecuyer

I am an assistant professor at the University of British Columbia in Vancouver, where I am part of Systopia, UBC S&P, TrustML, ML @ UBC, and CAIDA. Prior to this, I was a postdoc researcher at Microsoft Research in NY. I completed my PhD at Columbia University.

I am broadly interested in machine learning systems, with a specific focus on applications that provide rigorous guarantees of robustness, privacy, and security. My research focuses both on improving practical and theoretical tools (differential privacy, causal inference, reinforcement learning) and enabling specific use-cases (ML attacks/defenses, privacy preserving data management, system decisions optimization).

Office: ICICS 317

Students

Graduate students:

Qiaoyue Tang (PhD)
Saiyue Lyu (PhD)
Frederick Shpilevskiy (PhD track)
Shadab Shaikh (MSc)
Mishaal Kazmi (MSc, with Ivan Beschastnikh)

Postdoctoral researchers:

Bingshan Hu (with Nidhi Hegde and Mark Schmidt, then with Danica Sutherland and Trevor Campbell)

Undergraduate students:

Jessica Bator

Alumni:

Amir Sabzi (MSc, with Aastha Mehta) → PhD student at Princeton
Helen Chen (BSc research) → Amazon
Ryan Shar (BSc Honors thesis) → MSc CMU
Mauricio Soroco (BSc research) → PhD SFU
Eric Xiong (BSc Honors thesis) → MSc (research) University of Alberta
Frederick Shpilevskiy (BSc Honors thesis, with Margo Seltzer) → PhD student at UBC
Shiqi He (MSc, with Ivan Beschastnikh) → PhD student at the University of Michigan

Publications & Preprints

Pierre Tholoniat, Kelly Kostopoulou, Mosharaf Chowdhury, Asaf Cidon, Roxana Geambasu, Mathias Lécuyer, and Junfeng Yang. "DPack: Efficiency-Oriented Privacy Budget Scheduling" (EuroSys 2025) [arxiv]
Thomas Crasson, Yacine Nabet, Mathias Lécuyer. "Training and Evaluating Causal Forecasting Models for Time-Series" (Preprint 2024) [arxiv]
Saiyue Lyu, Shadab Shaikh, Frederick Shpilevskiy, Evan Shelhamer, Mathias Lécuyer. "Adaptive Randomized Smoothing: Certified Adversarial Robustness for Multi-Step Defences" (Spotlight, NeurIPS 2024) [NeurIPS][arXiv]
Mishaal Kazmi, Hadrien Lautraite, Alireza Akbari, Qiaoyue Tang, Mauricio Soroco, Tao Wang, Sébastien Gambs, Mathias Lécuyer. "PANORAMIA: Privacy Auditing of Machine Learning Models without Retraining" (NeurIPS 2024) [NeurIPS][arXiv]
Pierre Tholoniat, Kelly Kostopoulou, Peter McNeely, Prabhpreet Singh Sodhi, Anirudh Varanasi, Benjamin Case, Asaf Cidon, Mathias Lécuyer, and Roxana Geambasu. "Cookie Monster: Efficient On-Device Budgeting for Differentially-Private Ad-Measurement Systems" (SOSP 2024, Distinguished Artifact Honorable Mention) [arxiv]
Mishaal Kazmi, Hadrien Lautraite, Alireza Akbari, Mauricio Soroco, Qiaoyue Tang, Tao Wang, Sébastien Gambs, Mathias Lécuyer. "PANORAMIA: Privacy Auditing of Machine Learning Models without Retraining" (Theory and Practice of Differential Privacy (TPDP) workshop 2024) [arXiv full paper]
Shadab Shaikh, Saiyue Lyu, Frederick Shpilevskiy, Evan Shelhamer, Mathias Lécuyer. "Adaptive Randomized Smoothing for Certified Multi-Step Defence" (MAT workshop @ CVPR 2024) [PDF][arXiv full paper]
Amir Sabzi, Rut Vora, Swati Goswami, Margo Seltzer, Mathias Lécuyer, Aastha Mehta. "NetShaper: A Differentially Private Network Side-Channel Mitigation System" (USENIX Security 2024) [arXiv]
Qiaoyue Tang, Frederick Shpilevskiy, Mathias Lécuyer. "DP-AdamBC: Your DP-Adam Is Actually DP-SGD (Unless You Apply Bias Correction)" (Oral, AAAI 2024) [arXiv]
Mauricio Soroco, Joel Hempel, Xinze Xiong, Mathias Lécuyer, Joséphine Gantois. "Flowering Onset Detection: Traditional Learning vs. Deep Learning Performance in a Sparse Label Context" (CCAI workshop at NeurIPS 2023) [PDF][site]
Kelly Kostopoulou, Pierre Tholoniat, Asaf Cidon, Roxana Geambasu, Mathias Lécuyer. "Turbo: Effective Caching in Differentially-Private Databases" (SOSP 2023) [PDF, appendix][arxiv (full version)]
Qiaoyue Tang, Mathias Lécuyer. "DP-Adam: Correcting DP Bias in Adam's Second Moment Estimation" (RTML workshop at ICLR 2023) [arXiv]
Shiqi He, Qifan Yan, Feijie Wu, Lanjun Wang, Mathias Lécuyer, Ivan Beschastnikh. "GlueFL: Reconciling Client Sampling and Model Masking for Bandwidth Efficient Federated Learning" (MLSys 2023) [arXiv][code]
Ali Behrouz, Mathias Lécuyer, Cynthia Rudin, Margo Seltzer. "Fast Optimization of Weighted Sparse Decision Trees for use in Optimal Treatment Regimes and Optimal Policy Design" (AIMLAI Workshop 2022) [arXiv full version]
Jinkun Lin, Anqi Zhang, Mathias Lécuyer, Jinyang Li, Aurojit Panda, Siddhartha Sen. "Measuring the Effect of Training Data on Deep Learning Predictions via Randomized Experiments" (ICML 2022) [arXiv][code][demo]
Mathias Lécuyer, Sang Hoon Kim, Mihir Nanavati, Junchen Jiang, Siddhartha Sen, Amit Sharma, Aleksandrs Slivkins. "Sayer: Using Implicit Feedback to Optimize System Policies" (SoCC 2021) [PDF]
Tao Luo, Mingen Pan, Pierre Tholoniat, Asaf Cidon, Roxana Geambasu, Mathias Lécuyer. "Privacy Budget Scheduling" (OSDI 2021) [PDF][Long Version][Code]
Mathias Lécuyer. "Practical Privacy Filters and Odometers with Rényi Differential Privacy and Applications to Differentially Private Deep Learning" (Preprint 2021) [arXiv]
Mathias Lécuyer, Vaggelis Atlidakis, Roxana Geambasu, Daniel Hsu, Suman Jana. "Certified Robustness to Adversarial Examples with Differential Privacy" (S&P'19) [PDF][Code]
Mathias Lécuyer, Riley Spahn, Kiran Vodrahalli, Roxana Geambasu, Daniel Hsu. "Privacy Accounting and Quality Control in the Sage Differentially Private ML Platform" (SOSP'19) [PDF]
Mathias Lécuyer, Riley Spahn, Kiran Vodrahalli, Roxana Geambasu, Daniel Hsu. "Privacy Accounting and Quality Control in the Sage Differentially Private ML Platform" (OSR'19) [PDF]
Mathias Lécuyer, Riley B. Spahn, Roxana Geambasu, Tzu-Kuo Huang, and Siddhartha Sen. "Enhancing Selectivity in Big Data" (Invited paper, S&P Magazine, 2018) [PDF]
Mathias Lécuyer, Joshua Lockerman, Lamont Nelson, Siddhartha Sen, Amit Sharma, and Aleksandrs Slivkins. "Harvesting Randomness to Optimize Distributed Systems" (HotNets'17) [PDF]
Mathias Lécuyer, Riley B. Spahn, Roxana Geambasu, Tzu-Kuo Huang, and Siddhartha Sen. "Pyramid: Enhancing selectivity in big data protection with count featurization" (S&P'17) [PDF][Long Version][Website]
Mathias Lécuyer, Max Tucker, Augustin Chaintreau. "Improving the transparency of the sharing economy" (WWW'17) [PDF][Data][Blog post]
Mathias Lécuyer, Riley Spahn, Giannis Spiliopoulos, Augustin Chaintreau, Roxana Geambasu, and Daniel Hsu. "Sunlight: Fine-grained Targeting Detection at Scale with Statistical Confidence" (CCS'15) [PDF][Website][The Economist, Slate]
Nicolas Viennot , Mathias Lécuyer, Jonathan Bell, Roxana Geambasu, and Jason Nieh. "Synapse: New Data Integration Abstractions for Agile Web Application Development" (EuroSys'15) [PDF][Website]
Mathias Lécuyer, Guillaume Ducoffe, Francis Lan, Andrei Papancea, Theofilos Petsios, Riley Spahn, Augustin Chaintreau, and Roxana Geambasu. "XRay: Increasing the Web's Transparency with Differential Correlation" (USENIX Security'14) [PDF][Website][NYT Bits, MIT Technology Review]

Teaching

I teach/taught the following classes:

CPSC 532Y: Causal Machine Learning (Fall 2024, Fall 2023, Fall 2022)
CPSC 538L: Differential Privacy - Theory and Practice (Spring 2022)
CPSC 330: Applied Machine Learning (Spring 2024, Spring 2023)

Invited Talks

Adaptive Randomized Smoothing: Certified Adversarial Robustness for Multi-Step Defences - Mathematics of Machine Learning, Canadian Mathematical Society (CMS) Winter meeting (Dec 2024).
Security and Privacy in the age of Foundation Models - MSRA Vancouver Talk Series (Aug 2024).
PANORAMIA: Efficient Privacy Auditing of Machine Learning Models without Retraining [video] - BIRS workshop on Statistical Aspects of Trustworthy Machine Learning (Feb 2024).
[Tutorial] Privacy as hypothesis testing: linking Differential Privacy, membership attacks, and privacy audits - Canadian AI, Responsible AI Track, Montréal (June 2023).
DP-AdamBC: your DP-Adam is actually DP-SGD (unless you apply Bias Correction) - Bridge the gap: Differential Privacy and Statistical Analysis, Amii Upper Bound Workshop, Edmonton (May 2023).
Towards a Practical Differentially Private Machine Learning Platform - Northwest Data Science Seminar Series (July 2020).
Privacy Accounting and Quality Control in the Sage Differentially Private ML Platform - Berkeley Security Seminar (October 2019).
Security, Privacy, and Transparency Guarantees for Machine Learning Systems - UBC (March 2019).
Security, Privacy, and Transparency Guarantees for Machine Learning Systems - UCLA (March 2019).
Security, Privacy, and Transparency Guarantees for Machine Learning Systems - MSR NY (February 2019).
Certified Robustness to Adversarial Examples with Differential Privacy - UW Security Seminar (October 2018).
Certified Robustness to Adversarial Examples with Differential Privacy - Berkeley Security Seminar (October 2018).
Certified Robustness to Adversarial Examples with Differential Privacy - Stanford Security Lunch (June 2018).
Harvesting Randomness for Counterfactual Evaluation of Systems - Stanford NetSeminar (June 2018).
Certified Robustness to Adversarial Examples with Differential Privacy - Google Brain (June 2018).

Service

Program Committee: SaTML (2024), OSDI (2023), Security & Privacy (Oakland) (2023, 2022), USENIX Security (2021, 2020), MLSys (2021), Eurosys (2020), SoCC (2019), Systems for ML workshop (2019, 2018).
Reviewer: ICML(2022, 2020), NeurIPS (2021), Journal of Machine Learning Research (2019), ACM Transactions on Internet Technology (2016).