Search Results for author:
Found 18 papers, 12 papers with code
Do Membership Inference Attacks Work on Large Language Models?
Membership inference attacks (MIAs) attempt to predict whether a particular datapoint is a member of a target model's training data.
SoK: Pitfalls in Evaluating Black-Box Attacks
However, these works make different assumptions on the adversary's knowledge and current literature lacks a cohesive organization centered around the threat model.
SoK: Memorization in General-Purpose Large Language Models
A major part of this success is due to their huge training datasets and the unprecedented number of model parameters, which allow them to memorize large amounts of information contained in the training data.
Manipulating Transfer Learning for Property Inference
We demonstrate attacks in which an adversary can manipulate the upstream model to conduct highly effective and specific property inference attacks (AUC score $> 0. 9$), without incurring significant performance loss on the main task.
SoK: Let the Privacy Games Begin! A Unified Treatment of Data Inference Privacy in Machine Learning
Deploying machine learning models in production may allow adversaries to infer sensitive information about training data.
Dissecting Distribution Inference
A distribution inference attack aims to infer statistical properties of data used to train machine learning models.
Subject Membership Inference Attacks in Federated Learning
Using these attacks, we estimate subject membership inference risk on real-world data for single-party models as well as FL scenarios.
Formalizing and Estimating Distribution Inference Risks
Distribution inference attacks can pose serious risks when models are trained on private data, but are difficult to distinguish from the intrinsic purpose of statistical machine learning -- namely, to produce models that capture statistical properties about a distribution.
Formalizing Distribution Inference Risks
Property inference attacks reveal statistical properties about a training set but are difficult to distinguish from the primary purposes of statistical machine learning, which is to produce models that capture statistical properties about a distribution.
Model-Targeted Poisoning Attacks with Provable Convergence
Our attack is the first model-targeted poisoning attack that provides provable convergence for convex models, and in our experiments, it either exceeds or matches state-of-the-art attacks in terms of attack success rate and distance to the target model.
A2-LINK: Recognizing Disguised Faces via Active Learning and Adversarial Noise based Inter-Domain Knowledge
Face recognition in the unconstrained environment is an ongoing research challenge.
One Neuron to Fool Them All
Despite vast research in adversarial examples, the root causes of model susceptibility are not well understood.
QnAMaker: Data to Bot in 2 Minutes
We demonstrate QnAMaker, a service that creates a conversational layer over semi-structured data such as FAQ pages, product manuals, and support documents.
A-LINK: Recognizing Disguised Faces via Active Learning based Inter-Domain Knowledge
Recent advancements in deep learning have significantly increased the capabilities of face recognition.
Microsoft Icecaps: An Open-Source Toolkit for Conversation Modeling
The Intelligent Conversation Engine: Code and Pre-trained Systems (Microsoft Icecaps) is an upcoming open-source natural language processing repository.
NELEC at SemEval-2019 Task 3: Think Twice Before Going Deep
The inability of deep-learning systems to robustly capture these covariates puts a cap on their performance.
Ranked #1 on
Emotion Recognition in Conversation
on EC
Emotion Recognition in Conversation
General Classification
+1
A Trustworthy, Responsible and Interpretable System to Handle Chit Chat in Conversational Bots
Our work introduces a pipeline for query understanding in chitchat using hierarchical intents as well as a way to use seq-seq auto-generation models in professional bots.
Hardening Deep Neural Networks via Adversarial Model Cascades
Deep neural networks (DNNs) are vulnerable to malicious inputs crafted by an adversary to produce erroneous outputs.
