Search Results for author:
Found 29 papers, 12 papers with code
User Inference Attacks on Large Language Models
Fine-tuning is a common and effective method for tailoring large language models (LLMs) to specialized tasks and applications.
Chameleon: Increasing Label-Only Membership Leakage with Adaptive Poisoning
The integration of machine learning (ML) in numerous critical applications introduces a range of privacy concerns for individuals who provide their datasets for model training.
Dropout Attacks
DROPOUTATTACK attacks the dropout operator by manipulating the selection of neurons to drop instead of selecting them uniformly at random.
Poisoning Network Flow Classifiers
As machine learning (ML) classifiers increasingly oversee the automated monitoring of network traffic, studying their resilience against adversarial attacks becomes critical.
TMI! Finetuned Models Leak Private Information from their Pretraining Data
In this work we propose a new membership-inference threat model where the adversary only has access to the finetuned model and would like to infer the membership of the pretraining data.
One-shot Empirical Privacy Estimation for Federated Learning
Privacy estimation techniques for differentially private (DP) algorithms are useful for comparing against analytical bounds, or to empirically measure privacy loss in settings where known analytical bounds are not tight.
Backdoor Attacks in Peer-to-Peer Federated Learning
Most machine learning applications rely on centralized learning processes, opening up the risk of exposure of their training datasets.
Network-Level Adversaries in Federated Learning
Federated learning is a popular strategy for training models on distributed, sensitive data, while preserving data privacy.
SNAP: Efficient Extraction of Private Properties with Poisoning
Property inference attacks allow an adversary to extract global properties of the training dataset from a machine learning model.
CELEST: Federated Learning for Globally Coordinated Threat Detection
In this study, we propose CELEST (CollaborativE LEarning for Scalable Threat detection, a federated machine learning framework for global threat detection over HTTP, which is one of the most commonly used protocols for malware dissemination and communication.
SafeNet: The Unreasonable Effectiveness of Ensembles in Private Collaborative Learning
Secure multiparty computation (MPC) has been proposed to allow multiple mutually distrustful data owners to jointly train machine learning (ML) models on their combined data.
How to Combine Membership-Inference Attacks on Multiple Updated Models
Our results on four public datasets show that our attacks are effective at using update information to give the adversary a significant advantage over attacks on standalone models, but also compared to a prior MI attack that takes advantage of model updates in a related machine-unlearning setting.
Wild Patterns Reloaded: A Survey of Machine Learning Security against Training Data Poisoning
In this survey, we provide a comprehensive systematization of poisoning attacks and defenses in machine learning, reviewing more than 100 papers published in the field in the last 15 years.
Adversarial Robustness Verification and Attack Synthesis in Stochastic Systems
We outline a class of threat models under which adversaries can perturb system transitions, constrained by an $\varepsilon$ ball around the original transition probabilities.
Extracting Training Data from Large Language Models
We demonstrate our attack on GPT-2, a language model trained on scrapes of the public Internet, and are able to extract hundreds of verbatim text sequences from the model's training data.
Subpopulation Data Poisoning Attacks
Poisoning attacks against machine learning induce adversarial modification of data used by a machine learning algorithm to selectively change its output when it is deployed.
With Great Dispersion Comes Greater Resilience: Efficient Poisoning Attacks and Defenses for Linear Regression Models
To this end, we analyze and develop a new poisoning attack algorithm.
Auditing Differentially Private Machine Learning: How Private is Private SGD?
We investigate whether Differentially Private SGD offers better privacy in practice than what is guaranteed by its state-of-the-art analysis.
Explanation-Guided Backdoor Poisoning Attacks Against Malware Classifiers
Training pipelines for machine learning (ML) based malware classification often rely on crowdsourced threat feeds, exposing a natural attack injection point.
FENCE: Feasible Evasion Attacks on Neural Networks in Constrained Environments
Finally, we demonstrate the potential of performing adversarial training in constrained domains to increase the model resilience against these evasion attacks.
AppMine: Behavioral Analytics for Web Application Vulnerability Detection
Web applications in widespread use have always been the target of large-scale attacks, leading to massive disruption of services and financial loss, as in the Equifax data breach.
Cryptography and Security
On Designing Machine Learning Models for Malicious Network Traffic Classification
Machine learning (ML) started to become widely deployed in cyber security settings for shortening the detection cycle of cyber attacks.
QFlip: An Adaptive Reinforcement Learning Strategy for the FlipIt Security Game
FlipIt is a security game that models attacker-defender interactions in advanced scenarios such as APTs.
Are Self-Driving Cars Secure? Evasion Attacks against Deep Neural Networks for Steering Angle Prediction
Deep Neural Networks (DNNs) have tremendous potential in advancing the vision for self-driving cars.
Private Hierarchical Clustering and Efficient Approximation
In collaborative learning, multiple parties contribute their datasets to jointly deduce global machine learning models for numerous predictive tasks.
Differentially Private Fair Learning
This algorithm is appealingly simple, but must be able to use protected group membership explicitly at test time, which can be viewed as a form of 'disparate treatment'.
Why Do Adversarial Attacks Transfer? Explaining Transferability of Evasion and Poisoning Attacks
Transferability captures the ability of an attack against a machine-learning model to be effective against a different, potentially unknown, model.
Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning
As machine learning becomes widely used for automated decisions, attackers have strong incentives to manipulate the results and models generated by machine learning algorithms.
Robust High-Dimensional Linear Regression
The effectiveness of supervised learning techniques has made them ubiquitous in research and practice.
