Search Results for author:
Found 24 papers, 15 papers with code
Automated Black-box Prompt Engineering for Personalized Text-to-Image Generation
Prompt engineering is effective for controlling the output of text-to-image (T2I) generative models, but it is also laborious due to the need for manually crafted prompts.
JailbreakBench: An Open Robustness Benchmark for Jailbreaking Large Language Models
To address these challenges, we introduce JailbreakBench, an open-sourced benchmark with the following components: (1) a new jailbreaking dataset containing 100 unique behaviors, which we call JBB-Behaviors; (2) an evolving repository of state-of-the-art adversarial prompts, which we refer to as jailbreak artifacts; (3) a standardized evaluation framework that includes a clearly defined threat model, system prompts, chat templates, and scoring functions; and (4) a leaderboard that tracks the performance of attacks and defenses for various LLMs.
A Safe Harbor for AI Evaluation and Red Teaming
Independent evaluation and red teaming are critical for identifying the risks posed by generative AI systems.
Defending Large Language Models against Jailbreak Attacks via Semantic Smoothing
Aligned large language models (LLMs) are vulnerable to jailbreaking attacks, which bypass the safeguards of targeted LLMs and fool them into generating objectionable content.
Data-Driven Modeling and Verification of Perception-Based Autonomous Systems
This paper addresses the problem of data-driven modeling and verification of perception-based autonomous systems.
Jailbreaking Black Box Large Language Models in Twenty Queries
PAIR -- which is inspired by social engineering attacks -- uses an attacker LLM to automatically generate jailbreaks for a separate targeted LLM without human intervention.
SmoothLLM: Defending Large Language Models Against Jailbreaking Attacks
Despite efforts to align large language models (LLMs) with human values, widely-used LLMs such as GPT, Llama, Claude, and PaLM are susceptible to jailbreaking attacks, wherein an adversary fools a targeted LLM into generating objectionable content.
Adversarial Training Should Be Cast as a Non-Zero-Sum Game
One prominent approach toward resolving the adversarial vulnerability of deep neural networks is the two-player zero-sum paradigm of adversarial training, in which predictors are trained against adversarially chosen perturbations of data.
Probable Domain Generalization via Quantile Risk Minimization
By minimizing the $\alpha$-quantile of predictor's risk distribution over domains, QRM seeks predictors that perform well with probability $\alpha$.
Toward Certified Robustness Against Real-World Distribution Shifts
We consider the problem of certifying the robustness of deep neural networks against real-world distribution shifts.
Chordal Sparsity for Lipschitz Constant Estimation of Deep Neural Networks
Lipschitz constants of neural networks allow for guarantees of robustness in image classification, safety in controller design, and generalizability beyond the training data.
Do Deep Networks Transfer Invariances Across Classes?
Based on this analysis, we show how a generative approach for learning the nuisance transformations can help transfer invariances across classes and improve performance on a set of imbalanced image classification benchmarks.
Ranked #21 on
Long-tail Learning
on CIFAR-10-LT (ρ=100)
Probabilistically Robust Learning: Balancing Average- and Worst-case Performance
From a theoretical point of view, this framework overcomes the trade-offs between the performance and the sample-complexity of worst-case and average-case learning.
Learning Robust Output Control Barrier Functions from Safe Expert Demonstrations
Along with the optimization problem, we provide verifiable conditions in terms of the density of the data, smoothness of the system model and state estimator, and the size of the error bounds that guarantee validity of the obtained ROCBF.
Adversarial Robustness with Semi-Infinite Constrained Learning
In particular, we leverage semi-infinite optimization and non-convex duality theory to show that adversarial training is equivalent to a statistical problem over perturbation distributions, which we characterize completely.
Model-Based Domain Generalization
Despite remarkable success in a variety of applications, it is well-known that deep learning can fail catastrophically when presented with out-of-distribution data.
On the Sample Complexity of Stability Constrained Imitation Learning
We study the following question in the context of imitation learning for continuous control: how are the underlying stability properties of an expert policy reflected in the sample-complexity of an imitation learning task?
Learning Robust Hybrid Control Barrier Functions for Uncertain Systems
We identify sufficient conditions on the data such that feasibility of the optimization problem ensures correctness of the learned robust hybrid control barrier functions.
Learning Hybrid Control Barrier Functions from Data
Motivated by the lack of systematic tools to obtain safe control laws for hybrid systems, we propose an optimization-based framework for learning certifiably safe control laws from data.
Provable tradeoffs in adversarially robust classification
It is well known that machine learning methods can be vulnerable to adversarially-chosen perturbations of their inputs.
Model-Based Robust Deep Learning: Generalizing to Natural, Out-of-Distribution Data
Indeed, natural variation such as lighting or weather conditions can significantly degrade the accuracy of trained neural networks, proving that such natural variation presents a significant challenge for deep learning.
Learning Control Barrier Functions from Expert Demonstrations
Furthermore, if the CBF parameterization is convex, then under mild assumptions, so is our learning process.
Optimal Algorithms for Submodular Maximization with Distributed Constraints
Given this distributed setting, we develop Constraint-Distributed Continuous Greedy (CDCG), a message passing algorithm that converges to the tight $(1-1/e)$ approximation factor of the optimum global solution using only local computation and communication.
Efficient and Accurate Estimation of Lipschitz Constants for Deep Neural Networks
The resulting SDP can be adapted to increase either the estimation accuracy (by capturing the interaction between activation functions of different layers) or scalability (by decomposition and parallel implementation).
