Search Results for author: Ben Y. Zhao

Found 23 papers, 7 papers with code

Organic or Diffused: Can We Distinguish Human Art from AI-generated Images?

no code implementations5 Feb 2024 Anna Yoo Jeong Ha, Josephine Passananti, Ronik Bhaskar, Shawn Shan, Reid Southen, Haitao Zheng, Ben Y. Zhao

We curate real human art across 7 styles, generate matching images from 5 generative models, and apply 8 detectors (5 automated detectors and 3 different human groups including 180 crowdworkers, 4000+ professional artists, and 13 expert artists experienced at detecting AI).

Towards Scalable and Robust Model Versioning

no code implementations17 Jan 2024 Wenxin Ding, Arjun Nitin Bhagoji, Ben Y. Zhao, Haitao Zheng

In this paper, we explore the feasibility of generating multiple versions of a model that possess different attack properties, without acquiring new training data or changing model architecture.

Data Isotopes for Data Provenance in DNNs

no code implementations29 Aug 2022 Emily Wenger, Xiuyu Li, Ben Y. Zhao, Vitaly Shmatikov

With only query access to a trained model and no knowledge of the model training process, or control of the data labels, a user can apply statistical hypothesis testing to detect if a model has learned the spurious features associated with their isotopes by training on the user's data.

Memorization

Natural Backdoor Datasets

1 code implementation21 Jun 2022 Emily Wenger, Roma Bhattacharjee, Arjun Nitin Bhagoji, Josephine Passananti, Emilio Andere, Haitao Zheng, Ben Y. Zhao

Research on physical backdoors is limited by access to large datasets containing real images of physical objects co-located with targets of classification.

Understanding Robust Learning through the Lens of Representation Similarities

1 code implementation20 Jun 2022 Christian Cianfarani, Arjun Nitin Bhagoji, Vikash Sehwag, Ben Y. Zhao, Prateek Mittal, Haitao Zheng

Representation learning, i. e. the generation of representations useful for downstream applications, is a task of fundamental importance that underlies much of the success of deep neural networks (DNNs).

Representation Learning

On the Permanence of Backdoors in Evolving Models

no code implementations8 Jun 2022 Huiying Li, Arjun Nitin Bhagoji, Yuxin Chen, Haitao Zheng, Ben Y. Zhao

Existing research on training-time attacks for deep neural networks (DNNs), such as backdoors, largely assume that models are static once trained, and hidden backdoors trained into models remain active indefinitely.

Assessing Privacy Risks from Feature Vector Reconstruction Attacks

no code implementations11 Feb 2022 Emily Wenger, Francesca Falzon, Josephine Passananti, Haitao Zheng, Ben Y. Zhao

In deep neural networks for facial recognition, feature vectors are numerical representations that capture the unique features of a given face.

SoK: Anti-Facial Recognition Technology

no code implementations8 Dec 2021 Emily Wenger, Shawn Shan, Haitao Zheng, Ben Y. Zhao

The rapid adoption of facial recognition (FR) technology by both government and commercial entities in recent years has raised concerns about civil liberties and privacy.

Poison Forensics: Traceback of Data Poisoning Attacks in Neural Networks

no code implementations13 Oct 2021 Shawn Shan, Arjun Nitin Bhagoji, Haitao Zheng, Ben Y. Zhao

We propose a novel iterative clustering and pruning solution that trims "innocent" training samples, until all that remains is the set of poisoned data responsible for the attack.

Data Poisoning Malware Classification

"Hello, It's Me": Deep Learning-based Speech Synthesis Attacks in the Real World

no code implementations20 Sep 2021 Emily Wenger, Max Bronckers, Christian Cianfarani, Jenna Cryan, Angela Sha, Haitao Zheng, Ben Y. Zhao

Advances in deep learning have introduced a new wave of voice synthesis tools, capable of producing audio that sounds as if spoken by a target speaker.

Speaker Recognition Speech Synthesis

A Real-time Defense against Website Fingerprinting Attacks

no code implementations8 Feb 2021 Shawn Shan, Arjun Nitin Bhagoji, Haitao Zheng, Ben Y. Zhao

We experimentally demonstrate that Dolos provides 94+% protection against state-of-the-art WF attacks under a variety of settings.

Website Fingerprinting Attacks Cryptography and Security

Backdoor Attacks Against Deep Learning Systems in the Physical World

no code implementations CVPR 2021 Emily Wenger, Josephine Passananti, Arjun Bhagoji, Yuanshun Yao, Haitao Zheng, Ben Y. Zhao

A critical question remains unanswered: can backdoor attacks succeed using physical objects as triggers, thus making them a credible threat against deep learning systems in the real world?

Transfer Learning

Blacklight: Scalable Defense for Neural Networks against Query-Based Black-Box Attacks

1 code implementation24 Jun 2020 Huiying Li, Shawn Shan, Emily Wenger, Jiayun Zhang, Hai-Tao Zheng, Ben Y. Zhao

In particular, query-based black-box attacks do not require knowledge of the deep learning model, but can compute adversarial examples over the network by submitting queries and inspecting returns.

Image Classification text-classification +1

Fawkes: Protecting Privacy against Unauthorized Deep Learning Models

1 code implementation19 Feb 2020 Shawn Shan, Emily Wenger, Jiayun Zhang, Huiying Li, Hai-Tao Zheng, Ben Y. Zhao

In this paper, we propose Fawkes, a system that helps individuals inoculate their images against unauthorized facial recognition models.

Face Recognition Privacy Preserving Deep Learning

"How do urban incidents affect traffic speed?" A Deep Graph Convolutional Network for Incident-driven Traffic Speed Prediction

no code implementations3 Dec 2019 Qinge Xie, Tiancheng Guo, Yang Chen, Yu Xiao, Xin Wang, Ben Y. Zhao

Combining above methods, we propose a Deep Incident-Aware Graph Convolutional Network (DIGC-Net) to effectively incorporate urban traffic incident, spatio-temporal, periodic and context features for traffic speed prediction.

Piracy Resistant Watermarks for Deep Neural Networks

1 code implementation2 Oct 2019 Huiying Li, Emily Wenger, Shawn Shan, Ben Y. Zhao, Haitao Zheng

We empirically show that our proposed watermarks achieve piracy resistance and other watermark properties, over a wide range of tasks and models.

Transfer Learning

Regula Sub-rosa: Latent Backdoor Attacks on Deep Neural Networks

no code implementations24 May 2019 Yuanshun Yao, Huiying Li, Hai-Tao Zheng, Ben Y. Zhao

Recent work has proposed the concept of backdoor attacks on deep neural networks (DNNs), where misbehaviors are hidden inside "normal" models, only to be triggered by very specific inputs.

Backdoor Attack Traffic Sign Recognition +1

Gotta Catch 'Em All: Using Honeypots to Catch Adversarial Attacks on Neural Networks

1 code implementation18 Apr 2019 Shawn Shan, Emily Wenger, Bolun Wang, Bo Li, Hai-Tao Zheng, Ben Y. Zhao

Attackers' optimization algorithms gravitate towards trapdoors, leading them to produce attacks similar to trapdoors in the feature space.

Adversarial Attack Detection Adversarial Defense +3

Et Tu Alexa? When Commodity WiFi Devices Turn into Adversarial Motion Sensors

1 code implementation23 Oct 2018 Yanzi Zhu, Zhujun Xiao, Yuxin Chen, Zhijing Li, Max Liu, Ben Y. Zhao, Haitao Zheng

Our work demonstrates a new set of silent reconnaissance attacks, which leverages the presence of commodity WiFi devices to track users inside private homes and offices, without compromising any WiFi network, data packets, or devices.

Cryptography and Security

Addressing Training Bias via Automated Image Annotation

no code implementations22 Sep 2018 Zhujun Xiao, Yanzi Zhu, Yuxin Chen, Ben Y. Zhao, Junchen Jiang, Hai-Tao Zheng

Build accurate DNN models requires training on large labeled, context specific datasets, especially those matching the target scenario.

Automated Crowdturfing Attacks and Defenses in Online Review Systems

no code implementations27 Aug 2017 Yuanshun Yao, Bimal Viswanath, Jenna Cryan, Hai-Tao Zheng, Ben Y. Zhao

Malicious crowdsourcing forums are gaining traction as sources of spreading misinformation online, but are limited by the costs of hiring and managing human workers.

Cryptography and Security Social and Information Networks

Cannot find the paper you are looking for? You can Submit a new open access paper.