Raouf Kerkouche
Research Scientist
Inria Center at the University of Lille
raouf.kerkouche@inria.fr
I am looking to hire at all levels, and will soon share a Google form for expressions of interest.
About me
I am a tenured research scientist (Chargé de recherche) at Inria in the Magnet team. From 2021 to 2025, I was fortunate to work as a postdoctoral researcher with Prof. Mario Fritz at the CISPA Helmholtz Center for Information Security (Germany) on Trustworthy Machine Learning with a focus on Security & Privacy.
Before joining CISPA, I completed my Ph.D. in computer science at Inria Grenoble in the Privatics team, where I had the honor of being supervised by Prof. Claude Castelluccia (Privatics team-Inria) and Prof. Pierre Genevès (LIG and Tyrex team-Inria). During my Ph.D., I worked on differentially private federated learning, studying the compatibilities and incompatibilities between privacy, security, bandwidth efficiency, and utility. I was also affiliated with the Chair on legal and regulatory implications of artificial intelligence. Prior to that, I had the privilege of working with Prof. Mérouane Debbah.
Research Program
I present below the four key axes that will guide my research program in the coming years:
- Privacy-Preserving New Foundation Models: I focus on designing privacy attacks and defenses that protect both the sensitive training data used to train recent generative models and the sensitive data of users interacting with these models after deployment. I am also particularly interested in privacy auditing and potential copyright infringements that may arise when models are trained on publicly available but copyrighted data.
- Safe and Secure New Foundation Models: In this axis, I aim to identify inherent vulnerabilities in generative models and to understand their behavior, including power-seeking, deceptive, and Machiavellian tendencies, for instance through mechanistic interpretability or behavioral probing. I also plan to design security attacks that can amplify these vulnerabilities and to develop solutions that address safety and security challenges. Some of the research questions that interest me include:
- Is a model more robust in one language than in another?
- Can we design defenses that improve a model’s robustness against multiple security attacks simultaneously, considering that deployed models face several threats?
- Can psychological or cognitive manipulation techniques that are effective in human interactions also be used to exploit these agents?
- Can we exploit model reasoning to increase the effectiveness of security attacks?
- Does using multiple input modalities affect security?
- Is there a trade-off between security and privacy?
- How can we create dynamic safety and security benchmark datasets to avoid biased evaluation due to model pre-training?
- Collaboration in the Era of New Foundation Models: This axis includes both collaborative learning, where different entities agree to train or adapt a generative model without sharing data for privacy reasons, and scenarios in which LLM-based agents collaborate to achieve the goals of their respective owners. In collaborative learning, I study different adaptation strategies, including standard fine-tuning, parameter-efficient fine-tuning, and context adaptation. In multi-agent scenarios, I investigate strategies for mediation, negotiation, and consensus, addressing questions such as how one agent can manipulate another, how coalitions of malicious agents affect honest agents, and whether the size of such coalitions can accelerate the corruption of honest agents into malicious ones.
- Limiting the Proliferation of Deepfakes and Misinformation: Misinformation and deepfakes represent critical challenges in today’s digital environment, undermining public trust, distorting democratic processes, and increasing societal polarization. My goal is to develop strategies to detect deepfakes and misinformation and to provide solutions that prevent their spread.
Note: The points mentioned in each axis are not exhaustive, and I remain open to exploring additional directions and emerging challenges in these areas.
News
[2025/01]
Thrilled to announce that our paper "DocMIA: Document-Level Membership Inference Attacks against DocVQA Models" has been accepted at ICLR 2025!
[2024/10]
I am honored to serve as a Program Committee member for the renowned CCS 2025 Conference
[2024/09]
We are pleased to announce the organization of a new competition on Inference Attacks Against Document Visual Question Answering (DocVQA) Models, to be held at SaTML 2025. For more details, please visit the competition page here.
Publications
Proceedings of The Thirteenth International Conference on Learning Representations (ICLR 2025)
Proceedings of Transactions on Machine Learning Research (TMLR 2025)
Proceedings of the 18th International Conference on Document Analysis and Recognition (ICDAR 2024)
Proceedings of Transactions on Machine Learning Research (TMLR 2024) Survey Certification
Proceedings of the 23nd Workshop on Privacy in the Electronic Society (WPES 2024), held in conjunction with CCS 2024
Proceedings of the 24th Privacy Enhancing Technologies Symposium (PETS 2024)
Proceedings of the 24th Privacy Enhancing Technologies Symposium (PETS 2024)
Proceedings of the 22nd Workshop on Privacy in the Electronic Society (WPES 2023), held in conjunction with CCS 2023
Proceedings of the Thirty-Sixth Annual Conference on Neural Information Processing Systems (NeurIPS 2022)
Proceedings of the Conference on Health, Inference, and Learning (ACM CHIL 2022)
Proceedings of the thirty-seventh conference on Uncertainty in Artificial Intelligence (UAI 2021)
Proceedings of the 6th IEEE European Symposium on Security and Privacy (IEEE EuroS&P 2021)
Proceedings of the Conference on Health, Inference, and Learning (ACM CHIL 2021)
Awards
[2023] SaTML 2023 - Notable reviewer award
Mentoring
Dingfan Chen @CISPA
Shadi Rahimian @CISPA
Tejumade Afonja @CISPA
Hui-Po Wang @CISPA
Laszlo Fetter @BME
Service
| PC Member (Conferences): | S&P 2026, AsiaCCS 2026, ICLR 2026, ICLR 2025, CCS 2025, AISTATS 2025, CCS 2024, AISTATS 2024, IEEE SaTML 2024, AISTATS 2023, IEEE SaTML 2023 |
| PC Member (Workshops): | CCS AISec 2023, NeurIPS AFT 2023, NeurIPS AFCP 2022, AAAI PPAI 2022 |
| Journals Reviewer: | Nature Medicine 2023, ACM TOPS 2022, ECML PKDD 2022 (journal track) |
| External Reviewer: | IEEE EuroS&P 2021 |
| Organized Competitions: | Privacy Preserving Federated Learning Document VQA (NeurIPS 2023 Competition) |