The Alan Turing Institute

British Library, 96 Euston Road, London

Social distancing somewhere in London

Research interests:

  • Information leakage estimation for security&privacy
  • Theory, foundations, and privacy-security-fairness properties of Machine Learning
  • Methods for distribution-free confident prediction in supervised learning and anomaly detection (e.g., Conformal Predictors)

Have a look at a list of recent projects.

I co-founded and play with the CTF team TU6PM.

I am a (happy) OpenBSD user.


May 11, 2020 From October 2020, I will join the Turing Institute as a Research Fellow in Safe & Ethical AI.
Jan 13, 2020 I will be co-chairing this year’s symposium on Conformal and Probabilistic Prediction with Applications (COPA2020). Please consider submitting your works.
Jul 25, 2019 My PhD thesis is now available online. Highlights here.
Feb 28, 2019 Our paper, “F-BLEAU: Fast Black-box Leakage Estimation”, has been accepted by the IEEE Symposium on Security and Privacy, 2019. It shows how to use ML methods for measuring the information leakage of a black-box system in a practical yet theoretically sound manner.
Dec 16, 2018 The code of fbleau for measuring the leakage of black box systems is now online and available for installation via
Nov 6, 2018 A list of semester projects for EPFL MSc/PhD students is available at
Sep 3, 2018 Work on Conformal Predictors' ensembles accepted by the Machine Learning journal (read more)


Some recent projects.


  1. Exact Optimization of Conformal Predictors via Incremental and Decremental Learning Cherubin, Giovanni, Chatzikokolakis, Konstantinos, and Jaggi, Martin arXiv preprint arXiv:2102.03236 2021
  2. Disparate vulnerability: On the unfairness of privacy attacks against machine learning Yaghini, Mohammad, Kulynych, Bogdan, Cherubin, Giovanni, and Troncoso, Carmela arXiv preprint arXiv:1906.00389 2020 [Paper]
  3. Black-box Security: Measuring Black-box Information Leakage via Machine Learning Cherubin, Giovanni PhD thesis 2019 [PDF]
  4. F-BLEAU: Fast Black-box Leakage Estimation Cherubin, Giovanni, Chatzikokolakis, Konstantinos, and Palamidessi, Catuscia In IEEE Symposium on Security and Privacy (S&P) 2019 [Abs] [Paper] [Video]
  5. Exchangeability martingales for selecting features in anomaly detection Cherubin, Giovanni, Baldwin, Adrian, and Griffin, Jonathan In Proceedings of the Seventh Workshop on Conformal and Probabilistic Prediction and Applications 2018 [Abs] [Paper] [Url] [Slides] [Code]
  6. Majority vote ensembles of conformal predictors Cherubin, Giovanni Machine Learning 2018 [Paper] [Url]
  7. Website Fingerprinting Defenses at the Application Layer Cherubin, Giovanni, Hayes, Jamie, and Juarez, Marc Proceedings on Privacy Enhancing Technologies 2017 [Abs] [Paper] [Code]
  8. Bayes, not Naïve: Security Bounds on Website Fingerprinting Defenses Cherubin, Giovanni Proceedings on Privacy Enhancing Technologies 2017 Best student paper [Paper] [Slides] [Code] [Video]
  9. Hidden Markov Models with Confidence Cherubin, Giovanni, and Nouretdinov, Ilia In Conformal and Probabilistic Prediction with Applications - 5th International Symposium, COPA 2016 [Paper] [Slides] [Code]
  10. Conformal Clustering and Its Application to Botnet Traffic Cherubin, Giovanni, Nouretdinov, Ilia, Gammerman, Alexander, Jordaney, Roberto, Wang, Zhi, Papini, Davide, and Cavallaro, Lorenzo In Statistical Learning and Data Sciences (SLDS) 2015 Best student paper [Paper] [Slides]
  11. Bots detection by Conformal Clustering Cherubin, Giovanni MSc thesis, Royal Holloway University of London 2014 [PDF]


Selected invited talks.

  1. Measuring the Security of Machine Learning models 2019 Third ITU/WHO Workshop on "Artificial Intelligence for Health" [Slides]
  2. Measuring the Leakage of a Black-box using Machine Learning 2018 Alan Turing Institute, London [Slides] [Video]
  3. Bayes, not Naïve: Provable Security of Website Fingerprinting Defenses 2017 ISG Seminar, Royal Holloway University of London, UK [Slides]
  4. Bayes, not Naïve: Security Bounds on Website Fingerprinting Defenses 2017 Security Seminar, University of Cambridge [Url]
  5. On the Security Against Machine Learning-based Attacks 2017 CDT Showcase, Evelyn Sharp Centre, Sunningdale Park [Slides]
  6. Applications of Conformal Prediction in Information Security Problems 2016 CDT Showcase, Windsor Great Park, UK [Slides]
  7. Conformal Clustering and Bots Traffic 2015 CPRML Workshop 2015, Hyderabad, India [Slides]

Research Visits

Research Engineer, HP Labs Security Lab, Bristol (August-November 2017)
Supervisors: Jonathan Griffin, Adrian Baldwin

Research Visitor, École Polytechnique, Paris (May; November 2017)
Supervisors: Prof. Catuscia Palamidessi, Kostas Chatzikokolakis

Research Intern, Cornell Tech (June-September 2016)
Supervisor: Prof. Thomas Ristenpart

Academic Service

PC chair of the 2020 annual conference on conformal prediction, COPA 2020. PC member: IEEE S&P 2022, ACM CCS 2021, IEEE Euro S&P 2021, PETS (2019-2021), COPA 2018, and I have been reviewer for ML&security conferences and journals (e.g., Neurocomputing, PETS, Financial Cryptography).

I was teaching assistant for the courses: Machine Learning and Data Analysis at Royal Holloway University of London (2014-17). I was teaching assistant for the courses on C programming and Linear Algebra and Geometry at University of Pavia (2011-12).


  • 2017, Best Paper: Andreas Pfitzmann Best Student Paper Award at PETS: “Bayes, not Naïve: Security Bounds on Website Fingerprinting Defenses”
  • 2017, First place at Capture The Flag (CTF) security challenge organised by NCC Group at the Cambridge2Cambridge event
  • 2015, Best Paper: Best student paper award sponsored by HP at SLDS conference: “Conformal Clustering and Its Application to Botnet Traffic”
  • 2014, Best Finalist: Best MSc in Big Data finalist in memory of Prof. Alexey Chervonenkis (Royal Holloway University of London)

Short bio

I am a Research Fellow on Safe&Ethical AI at the Turing Institute in London. Before I was a postdoctoral fellow at EPFL (Switzerland) with an EcoCloud grant, collaborating with Carmela Troncoso at the SPRING lab and Martin Jaggi at the MLO lab. I have a PhD in Machine Learning and Information Security from Royal Holloway University of London with the Centre of Doctoral Training (CDT), where I was supervised by Alex Gammerman and advised by Kenny Paterson. I received an MSc in Machine Learning from Royal Holloway University of London in 2014, and a BSc in Mechatronics and Computer Engineering from University of Pavia in 2013.

My current research aims at measuring systems’ leakage by using methods from the Machine Learning theory; I applied this to side channel attacks (e.g., traffic analysis). I also work on extending methods for confident prediction (e.g., Conformal Predictors), particularly in the context of clustering, anomaly detection, and classifiers ensembling.