Overview

I am a CS PhD candidate at Columbia. Among many other things, I like to build stuff, learn new programming languages, travel, and rock climb. I also love to read, on topics ranging from econ to history and ecology. My research interests span broad areas of computer science, including software systems, security and privacy, statistics and machine learning. My ongoing work focuses on enabling the promises of AI driven ecosystems without imposing undue risks to individuals.

Research

Data has become the principal asset of the Internet era, offering unique opportunities to improve personal and business effectiveness. However this data also poses serious risks to users' privacy and safety, and to organizations by increasing their attack surface and exposing their extensive data stores to external and internal attacks. In my research, I build software systems and machine learning methods to address three major vectors of risk emerging in data driven ecosystems: the aggressive collection and wide access policies often applied to user data; the lack of external transparency on how user data is being used and for what purposes; and new classes of attacks unique to machine learning systems, such as adversarial examples. In each project, my goal is to develop rigorous, theory-backed designs that give clear guarantees and semantics for my tools, systems, and algorithms. I believe that such an approach is necessary to reap the benefits of AI systems without imposing undue risks.
I am fortunate to work with three amazing advisors, Roxana Geambasu, Augustin Chaintreau, and Daniel Hsu ; as well as a number of great collaborators including Riley Spahn and Vaggelis Atlidakis from Columbia, and Siddhartha Sen, Amit Sharma, and Aleksandrs Slivkins from MSR.

Projects

Certified Defense Against Adversarial Examples Enormous progress in fitting accurate, complex models, such as deep neural networks (DNNs), over large amounts of data has caused their wide-spread adoption, including in safety- and security-critical applications where robustness against adversarial behavior is crucial. Unfortunately, in recent years it has become increasingly clear that DNNs are vulnerable to a variety of attacks, including adversarial examples attack in which the adversary finds small perturbations to correctly classified inputs that cause a DNN to produce erroneous predictions. Based on a novel connection between robustness to adversarial examples and differential privacy, a cryptographically-inspired formalism from the privacy domain, I proposed PixelDP, the first certifiably robust defense against adversarial examples that scales to large, real-world DNNs and datasets (such as Google’s Inception network for ImageNet) and applies broadly to arbitrary model types.
Selective Data Systems Challenging the common practice in both private and public sectors of collecting vast quantities of personal information, I ask whether it is possible to build data-driven systems that are more selective with the data they collect. To explore this question I built Pyramid, a data management system that leverages training set minimization techniques to reduce data exposure in ML applications. More precisely Pyramid uses count-based featurization to summarize past data before it is archived in cold storage. The counts, kept differentially private, are used with a small amount of recent observations, called the hot data, to train ML models. Using this technique, as well as system mechanisms to reduce the impact of differentially private noise, Pyramid is within 4% of previous models' accuracy while training on, and thus exposing, less than 1% of the raw data. This way, ML based applications can reap the benefits of big data without undue risks.
Data Use Transparency Infrastructure To add transparency to data uses on the Web, I am building a series of scalable, generic, and reliable tools to detect data flows within and across web services. My initial system, XRay, offers a first system design and theoretical building blocks to detect the use of digital personal data for targeting and personalization. The key insight in XRay is to infer targeting by correlating user inputs (such as searches, emails, or locations) to service outputs (such as ads, recommendations, or prices) based on observations obtained from user profiles populated with different subsets of the inputs. My latest tool, Sunlight, leverages rigorous statistical methods to determine the causes of online targeting at great scale and based on solid statistical justification.

Recent talks

Certified Robustness to Adversarial Examples with Differential Privacy - UW Security Seminar (October 2018).
Certified Robustness to Adversarial Examples with Differential Privacy - Berkeley Security Seminar (October 2018).
Certified Robustness to Adversarial Examples with Differential Privacy - Stanford Security Lunch (June 2018).
Harvesting Randomness for Counterfactual Evaluation of Systems - Stanford NetSeminar (June 2018).
Certified Robustness to Adversarial Examples with Differential Privacy - Google Brain (June 2018).

Publications

Mathias Lecuyer, Vaggelis Atlidakis, Roxana Geambasu, Daniel Hsu, Suman Jana. "Certified Robustness to Adversarial Examples with Differential Privacy" (Preprint, 2018) [arXiv][Code]
Mathias Lecuyer, Riley B. Spahn, Roxana Geambasu, Tzu-Kuo Huang, and Siddhartha Sen. "Enhancing Selectivity in Big Data" (Invited paper, IEEE Security & Privacy Magazine, 2018) [PDF]
Mathias Lecuyer, Joshua Lockerman, Lamont Nelson, Siddhartha Sen, Amit Sharma, and Aleksandrs Slivkins. "Harvesting Randomness to Optimize Distributed Systems" (HotNets'17) [PDF]
Mathias Lecuyer, Riley B. Spahn, Roxana Geambasu, Tzu-Kuo Huang, and Siddhartha Sen. "Pyramid: Enhancing selectivity in big data protection with count featurization" (S&P'17) [PDF][Long Version][Website]
Mathias Lecuyer, Max Tucker, Augustin Chaintreau. "Improving the transparency of the sharing economy" (WWW'17) [PDF][Data][Blog post]
Mathias Lecuyer, Riley Spahn, Giannis Spiliopoulos, Augustin Chaintreau, Roxana Geambasu, and Daniel Hsu. "Sunlight: Fine-grained Targeting Detection at Scale with Statistical Confidence" (CCS'15) [PDF][Website][The Economist, Slate]
Nicolas Viennot , Mathias Lecuyer, Jonathan Bell, Roxana Geambasu, and Jason Nieh. "Synapse: New Data Integration Abstractions for Agile Web Application Development" (EuroSys'15) [PDF][Website]
Mathias Lecuyer, Guillaume Ducoffe, Francis Lan, Andrei Papancea, Theofilos Petsios, Riley Spahn, Augustin Chaintreau, and Roxana Geambasu. "XRay: Increasing the Web's Transparency with Differential Correlation" (USENIX Security'14) [PDF][Website][NYT Bits, MIT Technology Review]