no code implementations • 5 Feb 2024 • Anna Yoo Jeong Ha, Josephine Passananti, Ronik Bhaskar, Shawn Shan, Reid Southen, Haitao Zheng, Ben Y. Zhao
We curate real human art across 7 styles, generate matching images from 5 generative models, and apply 8 detectors (5 automated detectors and 3 different human groups including 180 crowdworkers, 4000+ professional artists, and 13 expert artists experienced at detecting AI).
no code implementations • 17 Jan 2024 • Wenxin Ding, Arjun Nitin Bhagoji, Ben Y. Zhao, Haitao Zheng
In this paper, we explore the feasibility of generating multiple versions of a model that possess different attack properties, without acquiring new training data or changing model architecture.
no code implementations • 20 Oct 2023 • Shawn Shan, Wenxin Ding, Josephine Passananti, Stanley Wu, Haitao Zheng, Ben Y. Zhao
In this paper, we show that poisoning attacks can be successful on generative models.
no code implementations • 21 Feb 2023 • Sihui Dai, Wenxin Ding, Arjun Nitin Bhagoji, Daniel Cullina, Ben Y. Zhao, Haitao Zheng, Prateek Mittal
Finding classifiers robust to adversarial examples is critical for their safe deployment.
no code implementations • 29 Aug 2022 • Emily Wenger, Xiuyu Li, Ben Y. Zhao, Vitaly Shmatikov
With only query access to a trained model and no knowledge of the model training process, or control of the data labels, a user can apply statistical hypothesis testing to detect if a model has learned the spurious features associated with their isotopes by training on the user's data.
1 code implementation • 21 Jun 2022 • Emily Wenger, Roma Bhattacharjee, Arjun Nitin Bhagoji, Josephine Passananti, Emilio Andere, Haitao Zheng, Ben Y. Zhao
Research on physical backdoors is limited by access to large datasets containing real images of physical objects co-located with targets of classification.
1 code implementation • 20 Jun 2022 • Christian Cianfarani, Arjun Nitin Bhagoji, Vikash Sehwag, Ben Y. Zhao, Prateek Mittal, Haitao Zheng
Representation learning, i. e. the generation of representations useful for downstream applications, is a task of fundamental importance that underlies much of the success of deep neural networks (DNNs).
no code implementations • 8 Jun 2022 • Huiying Li, Arjun Nitin Bhagoji, Yuxin Chen, Haitao Zheng, Ben Y. Zhao
Existing research on training-time attacks for deep neural networks (DNNs), such as backdoors, largely assume that models are static once trained, and hidden backdoors trained into models remain active indefinitely.
no code implementations • 11 Feb 2022 • Emily Wenger, Francesca Falzon, Josephine Passananti, Haitao Zheng, Ben Y. Zhao
In deep neural networks for facial recognition, feature vectors are numerical representations that capture the unique features of a given face.
no code implementations • 8 Dec 2021 • Emily Wenger, Shawn Shan, Haitao Zheng, Ben Y. Zhao
The rapid adoption of facial recognition (FR) technology by both government and commercial entities in recent years has raised concerns about civil liberties and privacy.
no code implementations • 13 Oct 2021 • Shawn Shan, Arjun Nitin Bhagoji, Haitao Zheng, Ben Y. Zhao
We propose a novel iterative clustering and pruning solution that trims "innocent" training samples, until all that remains is the set of poisoned data responsible for the attack.
no code implementations • 20 Sep 2021 • Emily Wenger, Max Bronckers, Christian Cianfarani, Jenna Cryan, Angela Sha, Haitao Zheng, Ben Y. Zhao
Advances in deep learning have introduced a new wave of voice synthesis tools, capable of producing audio that sounds as if spoken by a target speaker.
no code implementations • 8 Feb 2021 • Shawn Shan, Arjun Nitin Bhagoji, Haitao Zheng, Ben Y. Zhao
We experimentally demonstrate that Dolos provides 94+% protection against state-of-the-art WF attacks under a variety of settings.
Website Fingerprinting Attacks Cryptography and Security
no code implementations • CVPR 2021 • Emily Wenger, Josephine Passananti, Arjun Bhagoji, Yuanshun Yao, Haitao Zheng, Ben Y. Zhao
A critical question remains unanswered: can backdoor attacks succeed using physical objects as triggers, thus making them a credible threat against deep learning systems in the real world?
1 code implementation • 24 Jun 2020 • Huiying Li, Shawn Shan, Emily Wenger, Jiayun Zhang, Hai-Tao Zheng, Ben Y. Zhao
In particular, query-based black-box attacks do not require knowledge of the deep learning model, but can compute adversarial examples over the network by submitting queries and inspecting returns.
1 code implementation • 19 Feb 2020 • Shawn Shan, Emily Wenger, Jiayun Zhang, Huiying Li, Hai-Tao Zheng, Ben Y. Zhao
In this paper, we propose Fawkes, a system that helps individuals inoculate their images against unauthorized facial recognition models.
no code implementations • 3 Dec 2019 • Qinge Xie, Tiancheng Guo, Yang Chen, Yu Xiao, Xin Wang, Ben Y. Zhao
Combining above methods, we propose a Deep Incident-Aware Graph Convolutional Network (DIGC-Net) to effectively incorporate urban traffic incident, spatio-temporal, periodic and context features for traffic speed prediction.
1 code implementation • 2 Oct 2019 • Huiying Li, Emily Wenger, Shawn Shan, Ben Y. Zhao, Haitao Zheng
We empirically show that our proposed watermarks achieve piracy resistance and other watermark properties, over a wide range of tasks and models.
no code implementations • 24 May 2019 • Yuanshun Yao, Huiying Li, Hai-Tao Zheng, Ben Y. Zhao
Recent work has proposed the concept of backdoor attacks on deep neural networks (DNNs), where misbehaviors are hidden inside "normal" models, only to be triggered by very specific inputs.
1 code implementation • 18 Apr 2019 • Shawn Shan, Emily Wenger, Bolun Wang, Bo Li, Hai-Tao Zheng, Ben Y. Zhao
Attackers' optimization algorithms gravitate towards trapdoors, leading them to produce attacks similar to trapdoors in the feature space.
1 code implementation • 23 Oct 2018 • Yanzi Zhu, Zhujun Xiao, Yuxin Chen, Zhijing Li, Max Liu, Ben Y. Zhao, Haitao Zheng
Our work demonstrates a new set of silent reconnaissance attacks, which leverages the presence of commodity WiFi devices to track users inside private homes and offices, without compromising any WiFi network, data packets, or devices.
Cryptography and Security
no code implementations • 22 Sep 2018 • Zhujun Xiao, Yanzi Zhu, Yuxin Chen, Ben Y. Zhao, Junchen Jiang, Hai-Tao Zheng
Build accurate DNN models requires training on large labeled, context specific datasets, especially those matching the target scenario.
no code implementations • 27 Aug 2017 • Yuanshun Yao, Bimal Viswanath, Jenna Cryan, Hai-Tao Zheng, Ben Y. Zhao
Malicious crowdsourcing forums are gaining traction as sources of spreading misinformation online, but are limited by the costs of hiring and managing human workers.
Cryptography and Security Social and Information Networks