TOWARDS TRUSTWORTHY AI: UNDERSTANDING MEMORIZATION, PRIVACY, AND SECURITY IN DEEP LEARNING

<p dir="ltr">As deep learning systems are increasingly deployed in safety-critical domains such as healthcare, finance, and autonomous navigation, ensuring that these systems are not only accurate but also trustworthy has become essential. Trustworthy AI is grounded in six foundational pillars: human agency and oversight, fairness, explainability, robustness, privacy, and accountability. This dissertation advances trustworthy AI by addressing three deeply interconnected challenges: memorization, privacy, and robustness. Although these represent a subset of the broader framework, the pillars are interdependent, progress in one often reinforces others.</p><p dir="ltr">We begin by studying memorization, where models overfit specific training samples, including noisy, rare, or mislabeled data. To quantify memorization efficiently, we introduce two novel metrics: Cumulative Sample Loss (CSL) and Cumulative Sample Gradient (CSG). These proxies track training dynamics, correlate with traditional stability-based memorization scores, and are orders of magnitude more efficient. We show that CSL and CSG theoretically bound both memorization and learning time, enabling scalable detection of mislabeled data, dataset bias, and duplicates. Additionally, CSG facilitates early stopping without a validation set.</p><p dir="ltr">We then connect memorization to privacy, showing that memorized samples are more vulnerable to membership inference attacks. We derive theoretical bounds linking memorization, input loss curvature, and differential privacy. Leveraging these insights, we develop a black-box membership inference attack based on input loss curvature, achieving state-of-the-art performance.</p><p dir="ltr">Finally, we address robustness in the face of adversarial perturbations and out-of-distribution (OoD) examples. We propose Intra-Class Mixup and Norm-Scaling, which enhance OoD detection. To improve ensemble robustness, we introduce TREND (Transferability-based Robust Ensemble Design), which leverages adversarial transferability for principled ensemble construction. We also present In-Distribution Knowledge Distillation (IDKD), which supports robust decentralized learning under non-IID data distribution.</p><p dir="ltr">Collectively, this dissertation offers a theoretically grounded and practically relevant framework for enhancing memorization, privacy, and robustness in deep learning, contributing key tools and insights for building more trustworthy AI systems.</p>