Search Results for author:
Found 22 papers, 16 papers with code
Vulnerability Detection with Code Language Models: How Far Are We?
Evaluating code LMs on PrimeVul reveals that existing benchmarks significantly overestimate the performance of these models.
PAL: Proxy-Guided Black-Box Attack on Large Language Models
In this work, we introduce the Proxy-Guided Attack on LLMs (PAL), the first optimization-based attack on LLMs in a black-box query-only setting.
Jatmo: Prompt Injection Defense by Task-Specific Finetuning
Jatmo only needs a task prompt and a dataset of inputs for the task: it uses the teacher model to generate outputs.
Mark My Words: Analyzing and Evaluating Language Model Watermarks
The capabilities of large language models have grown significantly in recent years and so too have concerns about their misuse.
PubDef: Defending Against Transfer Attacks From Public Models
We evaluate the transfer attacks in this setting and propose a specialized defense method based on a game-theoretic perspective.
OODRobustBench: benchmarking and analyzing adversarial robustness under distribution shift
Based on this, we are able to predict the upper limit of OOD robustness for existing robust training schemes.
SPDER: Semiperiodic Damping-Enabled Object Representation
We present a neural network architecture designed to naturally learn a positional embedding and overcome the spectral bias towards lower frequencies faced by conventional implicit neural representation networks.
REAP: A Large-Scale Realistic Adversarial Patch Benchmark
In this work, we propose the REAP (REalistic Adversarial Patch) benchmark, a digital benchmark that allows the user to evaluate patch attacks on real images, and under real-world conditions.
Preprocessors Matter! Realistic Decision-Based Attacks on Machine Learning Systems
Decision-based attacks construct adversarial examples against a machine learning (ML) model by making only hard-label queries.
Part-Based Models Improve Adversarial Robustness
We show that combining human prior knowledge with end-to-end learning can improve the robustness of deep neural networks by introducing a part-based model for object classification.
Demystifying the Adversarial Robustness of Random Transformation Defenses
Furthermore, we create the strongest possible attack to evaluate our RT defense.
Adversarial Examples for k-Nearest Neighbor Classifiers Based on Higher-Order Voronoi Diagrams
On a high level, the search radius expands to the nearby higher-order Voronoi cells until we find a cell that classifies differently from the input point.
Adversarial Examples for $k$-Nearest Neighbor Classifiers Based on Higher-Order Voronoi Diagrams
On a high level, the search radius expands to the nearby Voronoi cells until we find a cell that classifies differently from the input point.
SAT: Improving Adversarial Training via Curriculum-Based Loss Smoothing
This leads to a significant improvement in both clean accuracy and robustness compared to AT, TRADES, and other baselines.
Minimum-Norm Adversarial Examples on KNN and KNN-Based Models
We study the robustness against adversarial examples of kNN classifiers and classifiers that combine kNN with neural networks.
Defending Against Adversarial Examples with K-Nearest Neighbor
With our models, the mean perturbation norm required to fool our MNIST model is 3. 07 and 2. 30 on CIFAR-10.
Better the Devil you Know: An Analysis of Evasion Attacks using Out-of-Distribution Adversarial Examples
A large body of recent work has investigated the phenomenon of evasion attacks using adversarial examples for deep learning systems, where the addition of norm-bounded perturbations to the test inputs leads to incorrect output classification.
On the Robustness of Deep K-Nearest Neighbors
Despite a large amount of attention on adversarial examples, very few works have demonstrated an effective defense against this threat.
DARTS: Deceiving Autonomous Cars with Toxic Signs
In this paper, we propose and examine security attacks against sign recognition systems for Deceiving Autonomous caRs with Toxic Signs (we call the proposed attacks DARTS).
Rogue Signs: Deceiving Traffic Sign Recognition with Malicious Ads and Logos
Our attack pipeline generates adversarial samples which are robust to the environmental conditions and noisy image transformations present in the physical world.
Beyond Grand Theft Auto V for Training, Testing and Enhancing Deep Learning in Self Driving Cars
As an initial assessment, over 480, 000 labeled virtual images of normal highway driving were readily generated in Grand Theft Auto V's virtual environment.
Enhancing Robustness of Machine Learning Systems via Data Transformations
We propose the use of data transformations as a defense against evasion attacks on ML classifiers.
