Overview
I am a CS PhD candidate at Columbia. Among many other things, I like to build stuff, learn new programming languages, travel, and rock climb. I also love to read, on topics ranging from econ to history and ecology.
My research is in distributed systems, I currently focus on leveraging statistics and machine learning to improve data management and transparency.
Research
Data has become the principal asset of the Internet era. While this data offers unique opportunities to improve personal and business effectiveness, it also poses serious risks to users' privacy, and to organizations, by increasing their attack surfcae as well as exposing by extensive data stores to external and internal attacks. In my research, I build tools and design mechanisms that leverage statistics and machine learning to: increase the current Web's transparency by revealing how personal data is being used; and enable a more rigorous and selective approach to big data collection, access, and protection, to reap its benefits without imposing undue risks.I am fortunate to work with three amazing advisors, Roxana Geambasu, Augustin Chaintreau, and Daniel Hsu ; as well as a number of great collaborators including Riley Spahn and Vaggelis Atlidakis from Columbia, and Siddhartha Sen, Amit Sharma, and Aleksandrs Slivkins from MSR.
Projects
- Certified Defense Against Adversarial Examples Data heavy applications leverage complex models like Deep neural networks (DNNs) to act on the data. In recent years it has become increasingly clear DNNs are extremely vulnerable to a broad range of attacks, including adversarial examples in which the adversary finds small perturbations to correctly classified inputs that cause a DNN to produce an erroneous prediction, which poses serious threats to security-critical applications. I proposed, analysed, and evaluated a new mechanism to provide certified defenses against adversarial examples, that both scales to large networks and datasets (such as Google’s Inception network for ImageNet) and applies broadly to arbitrary model types. This defense, called PixelDP, is based on a novel connection between robustness against adversarial examples and differential privacy, a cryptographically-inspired formalism, that provides a rigorous, generic, and flexible foundation for a defense.
- Selective Data Systems Challenging the common practice in both private and public sectors of collecting vast quantities of personal information, I ask whether it is possible to build data-driven systems that are more selective with the data they collect. To explore this question I built Pyramid, a data management system that leverages training set minimization techniques to reduce data exposure in ML applications. More precisely Pyramid uses count-based featurization to summarize past data before it is archived in cold storage. The counts, kept differentially private, are used with a small amount of recent observations, called the hot data, to train ML models. Using this technique, as well as system mechanisms to reduce the impact of differentially private noise, Pyramid is within 4% of previous models' accuracy while training on, and thus exposing, less than 1% of the raw data. This way, ML based applications can reap the benefits of big data without undue risks.
- Data Use Transparency Infrastructure To add transparency to data uses on the Web, I am building a series of scalable, generic, and reliable tools to detect data flows within and across web services. My initial system, XRay, offers a first system design and theoretical building blocks to detect the use of digital personal data for targeting and personalization. The key insight in XRay is to infer targeting by correlating user inputs (such as searches, emails, or locations) to service outputs (such as ads, recommendations, or prices) based on observations obtained from user profiles populated with different subsets of the inputs. My latest tool, Sunlight, leverages rigorous statistical methods to determine the causes of online targeting at great scale and based on solid statistical justification.
Recent talks
- Certified Robustness to Adversarial Examples with Differential Privacy - Berkeley Security Seminar (October 2018).
- Certified Robustness to Adversarial Examples with Differential Privacy - Stanford Security Lunch (June 2018).
- Certified Robustness to Adversarial Examples with Differential Privacy - Google Brain (June 2018).
- Harvesting Randomness for Counterfactual Evaluation of Systems - Stanford NetSeminar (June 2018).
Papers
- Mathias Lecuyer, Vaggelis Atlidakis, Roxana Geambasu, Daniel Hsu, Suman Jana. "Certified Robustness to Adversarial Examples with Differential Privacy" (Preprint, 2018) [arXiv][Code]
- Mathias Lecuyer, Riley B. Spahn, Roxana Geambasu, Tzu-Kuo Huang, and Siddhartha Sen. "Enhancing Selectivity in Big Data" (Invited paper, IEEE Security & Privacy Magazine, 2018) [PDF]
- Mathias Lecuyer, Joshua Lockerman, Lamont Nelson, Siddhartha Sen, Amit Sharma, and Aleksandrs Slivkins. "Harvesting Randomness to Optimize Distributed Systems" (HotNets'17) [PDF]
- Mathias Lecuyer, Riley B. Spahn, Roxana Geambasu, Tzu-Kuo Huang, and Siddhartha Sen. "Pyramid: Enhancing selectivity in big data protection with count featurization" (S&P'17) [PDF][Long Version][Website]
- Mathias Lecuyer, Max Tucker, Augustin Chaintreau. "Improving the transparency of the sharing economy" (WWW'17) [PDF][Data][Blog post]
- Mathias Lecuyer, Riley Spahn, Giannis Spiliopoulos, Augustin Chaintreau, Roxana Geambasu, and Daniel Hsu. "Sunlight: Fine-grained Targeting Detection at Scale with Statistical Confidence" (CCS'15) [PDF][Website][Mentioned in The Economist]
- Nicolas Viennot , Mathias Lecuyer, Jonathan Bell, Roxana Geambasu, and Jason Nieh. "Synapse: New Data Integration Abstractions for Agile Web Application Development" (EuroSys'15) [PDF][Website]
- Mathias Lecuyer, Guillaume Ducoffe, Francis Lan, Andrei Papancea, Theofilos Petsios, Riley Spahn, Augustin Chaintreau, and Roxana Geambasu. "XRay: Increasing the Web's Transparency with Differential Correlation" (USENIX Security'14) [PDF][Website][NYT Bits article]