Search Results for author:
Found 24 papers, 11 papers with code
Towards Scalable and Robust Model Versioning
In this paper, we explore the feasibility of generating multiple versions of a model that possess different attack properties, without acquiring new training data or changing model architecture.
Characterizing the Optimal 0-1 Loss for Multi-class Classification with a Test-time Attacker
Finding classifiers robust to adversarial examples is critical for their safe deployment.
Augmenting Rule-based DNS Censorship Detection at Scale with Machine Learning
In this paper, we explore how machine learning (ML) models can (1) help streamline the detection process, (2) improve the potential of using large-scale datasets for censorship detection, and (3) discover new censorship instances and blocking signatures missed by existing heuristic methods.
Natural Backdoor Datasets
Research on physical backdoors is limited by access to large datasets containing real images of physical objects co-located with targets of classification.
Understanding Robust Learning through the Lens of Representation Similarities
Representation learning, i. e. the generation of representations useful for downstream applications, is a task of fundamental importance that underlies much of the success of deep neural networks (DNNs).
On the Permanence of Backdoors in Evolving Models
Existing research on training-time attacks for deep neural networks (DNNs), such as backdoors, largely assume that models are static once trained, and hidden backdoors trained into models remain active indefinitely.
Poison Forensics: Traceback of Data Poisoning Attacks in Neural Networks
We propose a novel iterative clustering and pruning solution that trims "innocent" training samples, until all that remains is the set of poisoned data responsible for the attack.
Lower Bounds on the Robustness of Fixed Feature Extractors to Test-time Adversaries
In this paper, we develop a methodology to analyze the robustness of fixed feature extractors, which in turn provide bounds on the robustness of any classifier trained on top of it.
LEAF: Navigating Concept Drift in Cellular Networks
We then show that frequent model retraining with newly available data is not sufficient to mitigate concept drift, and can even degrade model accuracy further.
Lower Bounds on Cross-Entropy Loss in the Presence of Test-time Adversaries
In particular, it is critical to determine classifier-agnostic bounds on the training loss to establish when learning is possible.
A Real-time Defense against Website Fingerprinting Attacks
We experimentally demonstrate that Dolos provides 94+% protection against state-of-the-art WF attacks under a variety of settings.
Website Fingerprinting Attacks
Cryptography and Security
A Critical Evaluation of Open-World Machine Learning
With our evaluation across 6 OOD detectors, we find that the choice of in-distribution data, model architecture and OOD data have a strong impact on OOD detection performance, inducing false positive rates in excess of $70\%$.
BIG-bench Machine Learning
Out of Distribution (OOD) Detection
PatchGuard: A Provably Robust Defense against Adversarial Patches via Small Receptive Fields and Masking
In this paper, we propose a general defense framework called PatchGuard that can achieve high provable robustness while maintaining high clean accuracy against localized adversarial patches.
Advances and Open Problems in Federated Learning
FL embodies the principles of focused data collection and minimization, and can mitigate many of the systemic privacy risks and costs resulting from traditional, centralized machine learning and data science approaches.
Lower Bounds on Adversarial Robustness from Optimal Transport
In this paper, we use optimal transport to characterize the minimum possible loss in an adversarial classification scenario.
Better the Devil you Know: An Analysis of Evasion Attacks using Out-of-Distribution Adversarial Examples
A large body of recent work has investigated the phenomenon of evasion attacks using adversarial examples for deep learning systems, where the addition of norm-bounded perturbations to the test inputs leads to incorrect output classification.
PAC-learning in the presence of adversaries
We then explicitly derive the adversarial VC-dimension for halfspace classifiers in the presence of a sample-wise norm-constrained adversary of the type commonly studied for evasion attacks and show that it is the same as the standard VC-dimension, closing an open question.
Analyzing Federated Learning through an Adversarial Lens
Federated learning distributes model training among a multitude of agents, who, guided by privacy concerns, perform training using their local data but share only model parameter updates, for iterative aggregation at the server.
Practical Black-box Attacks on Deep Neural Networks using Efficient Query Mechanisms
An iterative variant of our attack achieves close to 100% attack success rates for both targeted and untargeted attacks on DNNs.
PAC-learning in the presence of evasion adversaries
We then explicitly derive the adversarial VC-dimension for halfspace classifiers in the presence of a sample-wise norm-constrained adversary of the type commonly studied for evasion attacks and show that it is the same as the standard VC-dimension, closing an open question.
DARTS: Deceiving Autonomous Cars with Toxic Signs
In this paper, we propose and examine security attacks against sign recognition systems for Deceiving Autonomous caRs with Toxic Signs (we call the proposed attacks DARTS).
Rogue Signs: Deceiving Traffic Sign Recognition with Malicious Ads and Logos
Our attack pipeline generates adversarial samples which are robust to the environmental conditions and noisy image transformations present in the physical world.
Exploring the Space of Black-box Attacks on Deep Neural Networks
An iterative variant of our attack achieves close to 100% adversarial success rates for both targeted and untargeted attacks on DNNs.
Enhancing Robustness of Machine Learning Systems via Data Transformations
We propose the use of data transformations as a defense against evasion attacks on ML classifiers.
