PRP: Propagating Universal Perturbations to Attack Large Language Model Guard-Rails

no code implementations • 24 Feb 2024 • Neal Mangaokar, Ashish Hooda, Jihye Choi, Shreyas Chandrashekaran, Kassem Fawaz, Somesh Jha, Atul Prakash

More recent LLMs often incorporate an additional layer of defense, a Guard Model, which is a second LLM that is designed to check and moderate the output response of the primary LLM.

Language Modelling Large Language Model

Do Large Code Models Understand Programming Concepts? A Black-box Approach

no code implementations • 8 Feb 2024 • Ashish Hooda, Mihai Christodorescu, Miltiadis Allamanis, Aaron Wilson, Kassem Fawaz, Somesh Jha

Large Language Models' success on text generation has also made them better at code generation and coding tasks.

Code Completion Code Generation +2

Theoretically Principled Trade-off for Stateful Defenses against Query-Based Black-Box Attacks

no code implementations • 30 Jul 2023 • Ashish Hooda, Neal Mangaokar, Ryan Feng, Kassem Fawaz, Somesh Jha, Atul Prakash

This work aims to address this gap by offering a theoretical characterization of the trade-off between detection and false positive rates for stateful defenses.

Stateful Defenses for Machine Learning Models Are Not Yet Secure Against Black-box Attacks

1 code implementation • 11 Mar 2023 • Ryan Feng, Ashish Hooda, Neal Mangaokar, Kassem Fawaz, Somesh Jha, Atul Prakash

Such stateful defenses aim to defend against black-box attacks by tracking the query history and detecting and rejecting queries that are "similar" and thus preventing black-box attacks from finding useful gradients and making progress towards finding adversarial attacks within a reasonable query budget.

SkillFence: A Systems Approach to Practically Mitigating Voice-Based Confusion Attacks

no code implementations • 16 Dec 2022 • Ashish Hooda, Matthew Wallace, Kushal Jhunjhunwalla, Earlence Fernandes, Kassem Fawaz

Our key insight is that we can interpret a user's intentions by analyzing their activity on counterpart systems of the web and smartphones.

Re-purposing Perceptual Hashing based Client Side Scanning for Physical Surveillance

no code implementations • 8 Dec 2022 • Ashish Hooda, Andrey Labunets, Tadayoshi Kohno, Earlence Fernandes

Content scanning systems employ perceptual hashing algorithms to scan user content for illegal material, such as child pornography or terrorist recruitment flyers.

D4: Detection of Adversarial Diffusion Deepfakes Using Disjoint Ensembles

no code implementations • 11 Feb 2022 • Ashish Hooda, Neal Mangaokar, Ryan Feng, Kassem Fawaz, Somesh Jha, Atul Prakash

D4 uses an ensemble of models over disjoint subsets of the frequency spectrum to significantly improve adversarial robustness.

Adversarial Robustness DeepFake Detection +1

Invisible Perturbations: Physical Adversarial Examples Exploiting the Rolling Shutter Effect

2 code implementations • CVPR 2021 • Athena Sayles, Ashish Hooda, Mohit Gupta, Rahul Chatterjee, Earlence Fernandes

By contrast, we contribute a procedure to generate, for the first time, physical adversarial examples that are invisible to human eyes.

Object