Seminars

About the seminar

The AI4Sec technical seminar series is scheduled to take place every two weeks on Tuesday at 11:00 am CEST. We are looking to gather insights and opinions from academics and experts in the AI and Cyber-Security fields, with the aim of exchanging knowledge and improving collaborations among academia and the industry.

Our seminars mainly target an audience with a background or interests in cyber-security, machine learning and networking. Regular participants are members of AI4Sec research team and the Applied Network Technology Lab, as well as researchers and scientists from different Departments of Huawei Munich Research Center and from other Huawei Research Centers, and interested scientists from Academia and Industry.

The AI4Sec technical seminars are currently held online: in case you are interested in attending or giving a talk, please feel free to contact us at: tu DOT nguyen AT huawei DOT com.

Upcoming Talks

Below is the list of upcoming talks in the next few months:

16/11/2021 11:00 CEST Battista Biggio (University of Cagliari)
TBA.

TBA.

Battista Biggio (MSc 2006, PhD 2010) is an Assistant Professor at the University of Cagliari, Italy, and co-founder of Pluribus One (pluribus-one.it). His research interests include machine learning and cybersecurity. He has provided pioneering contributions in the area of ML security, demonstrating the first gradient-based evasion and poisoning attacks, and how to mitigate them, playing a leading role in the establishment and advancement of this research field. He has managed six research projects, and served as a PC member for the most prestigious conferences and journals in the area of ML and computer security (ICML, NeurIPS, ICLR, IEEE SP, USENIX Security). He chaired the IAPR TC on Statistical Pattern Recognition Techniques (2016-2020), co-organized S+SSPR, AISec and DLS, and served as Associate Editor for IEEE TNNLS, IEEE CIM and Pattern Recognition. He is a senior member of the IEEE, and a member of the IAPR, ACM, and ELLIS.

30/11/2021 11:00 CEST Kathrin Grosse (PRA Lab, University of Cagliari)

TBA.

TBA.

07/12/2021 15:00 CEST Rasika Bhalerao (New York University)
TBA.

TBA.

TBA.

11/01/2022 11:00 CEST Han Yufei (INRIA)
TBA.

TBA.

TBA.

25/01/2022 11:00 CEST Haitham Bou-Ammar (University College London & Huawei)
TBA.

TBA.

TBA.

22/02/2022 11:00 CEST Emtiyaz Khan (RIKEN)
TBA.

TBA.

TBA.
Past Talks

19/10/2021 11:00 CEST Xinlei He (CISPA Helmholtz Center for Information Security)
Stealing Links/Nodes from Graph Neural Networks.

Research in Graph Neural Networks (GNNs) has made tremendous progress over the past few years, achieving state-of-the-art performance for many different machine learning tasks. However, GNNs are often trained on sensitive graph data, such as social networks; thus information leakage from trained GNN models prompts severe consequences. Most of the existing works on privacy of machine learning mainly focus on models trained on data from the Euclidean space, e.g., Convolutional Neural Networks and Recurrent Neural Networks. Meanwhile, privacy risks of GNNs trained on graph data have been largely understudied. Our work focuses on quantifying the privacy risks stemming from GNNs. Specifically, at the edge level, we propose the first link stealing attacks against GNNs. We show that, given black-box access to a target GNN model, an adversary can accurately infer whether there exists a link between any pair of nodes in a graph that is used to train the GNN model, which indicates that the outputs of a GNN model reveal rich information about the structure of the graph used to train it. At the node level, we perform a comprehensive privacy risk assessment of GNNs through the lens of node-level membership inference attacks. Our evaluation results show that GNNs are indeed vulnerable to membership inference attacks even with minimal background knowledge of an adversary. Moreover, our analysis reveals that a node's degree, ego density, and feature similarity have a large impact with respect to the attack performance. We further show that the attacks are still effective even the adversary does not have the same distribution shadow dataset or same architecture shadow model. To mitigate the attacks, we propose two possible defense mechanisms and discuss their trade-offs between membership privacy and model utility.

Xinlei He is a second-year PhD student at CISPA Helmholtz Center for Information Security. He received his bachelor (2017) and master (2020) degrees from Fudan University, China. His current research focuses on machine learning security and privacy. He has published several papers on top-tier security conferences/journals (Usenix Security, CCS, TDSC).

28/09/2021 11:00 CEST Girish Revadigar (Huawei Singapore) on:
Security Threats and Countermeasures for Digital Key Solutions

In this talk, we introduce one of the most serious security threats for connected cars, namely, the attacks on Wireless Digital Key solutions that are used for remotely accessing the vehicles, and existing solutions to address this issue. We discuss the pros and cons of state-of-the-art solutions and present an overview of our novel Wireless Physical Layer features-based security solution to detect and prevent attacks on digital keys. We also discuss some of the fundamental theories behind our solution that prove why the proposed solutions are effective and secure.

Dr. Girish Revadigar is a Senior Researcher at TT Lab Singapore. His research focuses on AI-based Cybersecurity for Autonomous Vehicles. Till date, Dr. Revadigar's 16 novel solutions have been patented with 2 of them named as Huawei’s high value patents. Girish earned his PhD in Comp. Science (Cybersecurity) from UNSW Sydney, Australia, and completed Master of Tech., and Bachelor of Eng., from VTU, India. Post PhD, he was a Research Associate at UNSW Sydney, and Postdoctoral Research Fellow at SUTD, Singapore. Prior to PhD, he was a Senior Software Engineer in the field of automotive embedded and infotainment systems, and short range wireless networks. Girish has won many awards for his research. He was one of the top 200 most qualified young researchers selected from all over the world for attending the prestigious Heidelberg Laureate Forum (HLF) 2016. He serves as a TPC Member and reviewer for many top tier conferences and journals. Girish is a member of IEEE and ACM.