Search Results for author:
Found 20 papers, 13 papers with code
Neural Exec: Learning (and Learning from) Execution Triggers for Prompt Injection Attacks
We introduce a new family of prompt injection attacks, termed Neural Exec.
On the Conflict of Robustness and Learning in Collaborative Machine Learning
Collaborative Machine Learning (CML) allows participants to jointly train a machine learning model while keeping their training data private.
The Fundamental Limits of Least-Privilege Learning
The promise of least-privilege learning -- to find feature representations that are useful for a learning task but prevent inference of any sensitive information unrelated to this task -- is highly appealing.
Transferable Adversarial Robustness for Categorical Data via Universal Robust Embeddings
We present a method that allows us to train adversarially robust deep networks for tabular data and to transfer this robustness to other classifiers via universal robust embeddings tailored to categorical data.
Can Decentralized Learning be more robust than Federated Learning?
Decentralized Learning (DL) is a peer--to--peer learning approach that allows a group of users to jointly train a machine learning model.
Arbitrary Decisions are a Hidden Cost of Differentially Private Training
We demonstrate that such randomization incurs predictive multiplicity: for a given input example, the output predicted by equally-private models depends on the randomness used in training.
Universal Neural-Cracking-Machines: Self-Configurable Password Models from Auxiliary Data
Specifically, the model uses deep learning to capture the correlation between the auxiliary data of a group of users (e. g., users of a web application) and their passwords.
Adversarial Robustness for Tabular Data through Cost and Utility Awareness
We argue that, due to the differences between tabular data and images or text, existing threat models are not suitable for tabular domains.
On the (In)security of Peer-to-Peer Decentralized Machine Learning
In this work, we carry out the first, in-depth, privacy analysis of Decentralized Learning -- a collaborative machine learning framework aimed at addressing the main limitations of federated learning.
Synthetic Data -- Anonymisation Groundhog Day
In other words, we empirically show that synthetic data does not provide a better tradeoff between privacy and utility than traditional anonymisation techniques.
DatashareNetwork: A Decentralized Privacy-Preserving Search Engine for Investigative Journalists
We present DatashareNetwork, a decentralized and privacy-preserving search system that enables journalists worldwide to find documents via a dedicated network of peers.
Cryptography and Security
Decentralized Privacy-Preserving Proximity Tracing
This document describes and analyzes a system for secure and privacy-preserving proximity tracing at large scale.
Cryptography and Security Computers and Society
Encrypted DNS --> Privacy? A Traffic Analysis Perspective
Virtually every connection to an Internet service is preceded by a DNS lookup which is performed without any traffic-level protection, thus enabling manipulation, redirection, surveillance, and censorship.
Cryptography and Security
Disparate Vulnerability to Membership Inference Attacks
Differential privacy bounds disparate vulnerability but can significantly reduce the accuracy of the model.
On (The Lack Of) Location Privacy in Crowdsourcing Applications
Crowdsourcing enables application developers to benefit from large and diverse datasets at a low cost.
Cryptography and Security
Questioning the assumptions behind fairness solutions
In addition to their benefits, optimization systems can have negative economic, moral, social, and political effects on populations as well as their environments.
Evading classifiers in discrete domains with provable optimality guarantees
We introduce a graphical framework that (1) generalizes existing attacks in discrete domains, (2) can accommodate complex cost functions beyond $p$-norms, including financial cost incurred when attacking a classifier, and (3) efficiently produces valid adversarial examples with guarantees of minimal adversarial cost.
POTs: Protective Optimization Technologies
Fairness frameworks do so, in part, by mapping these problems to a narrow definition and assuming the service providers can be trusted to deploy countermeasures.
Feature importance scores and lossless feature pruning using Banzhaf power indices
In particular, we propose the use of the Banzhaf power index as a measure of influence of features on the outcome of a classifier.
ClaimChain: Improving the Security and Privacy of In-band Key Distribution for Messaging
Autocrypt is a new community-driven open specification for e-mail encryption that attempts to respond to this demand.
Cryptography and Security
