Search Results for author:
Found 31 papers, 14 papers with code
Padam: Closing the Generalization Gap of Adaptive Gradient Methods in Training Deep Neural Networks
Experiments on standard benchmarks show that Padam can maintain fast convergence rate as Adam/Amsgrad while generalizing as well as SGD in training deep neural networks.
VQAttack: Transferable Adversarial Attacks on Visual Question Answering via Pre-trained Models
Correspondingly, we propose a novel VQAttack model, which can iteratively generate both image and text perturbations with the designed modules: the large language model (LLM)-enhanced image attack and the cross-modal joint attack module.
Federated Learning with Projected Trajectory Regularization
Specifically, FedPTR allows local clients or the server to optimize an auxiliary (synthetic) dataset that mimics the learning dynamics of the recent model update and utilizes it to project the next-step model trajectory for local training regularization.
On the Difficulty of Defending Contrastive Learning against Backdoor Attacks
Recent studies have shown that contrastive learning, like supervised learning, is highly vulnerable to backdoor attacks wherein malicious functions are injected into target models, only to be activated by specific triggers.
Stealthy and Persistent Unalignment on Large Language Models via Backdoor Injections
In this work, we show that it is possible to conduct stealthy and persistent unalignment on large language models via backdoor injections.
IMPRESS: Evaluating the Resilience of Imperceptible Perturbations Against Unauthorized Data Usage in Diffusion-Based Generative AI
IMPRESS is based on the key observation that imperceptible perturbations could lead to a perceptible inconsistency between the original image and the diffusion-reconstructed image, which can be used to devise a new optimization strategy for purifying the image, which may weaken the protection of the original image from unauthorized data usage (e. g., style mimicking, malicious editing).
VLATTACK: Multimodal Adversarial Attacks on Vision-Language Tasks via Pre-trained Models
In this paper, we aim to investigate a new yet practical task to craft image and text perturbations using pre-trained VL models to attack black-box fine-tuned models on different downstream tasks.
On the Safety of Open-Sourced Large Language Models: Does Alignment Really Prevent Them From Being Misused?
A natural question is "could alignment really prevent those open-sourced large language models from being misused to generate undesired content?''.
Defending Against Alignment-Breaking Attacks via Robustly Aligned LLM
In this work, we introduce a Robustly Aligned LLM (RA-LLM) to defend against potential alignment-breaking attacks.
On the Vulnerability of Backdoor Defenses for Federated Learning
Federated Learning (FL) is a popular distributed machine learning paradigm that enables jointly training a global model without sharing clients' data.
Spectral Augmentation for Self-Supervised Learning on Graphs
Graph contrastive learning (GCL), as an emerging self-supervised learning technique on graphs, aims to learn representations via instance discrimination.
How Powerful is Implicit Denoising in Graph Neural Networks
However, the analysis of implicit denoising effect in graph neural networks remains open.
One-shot Neural Backdoor Erasing via Adversarial Weight Masking
Recent studies show that despite achieving high accuracy on a number of real-world applications, deep neural networks (DNNs) can be backdoored: by injecting triggered data samples into the training dataset, the adversary can mislead the trained model into classifying any test data to the target class as long as the trigger pattern is presented.
RoCourseNet: Distributionally Robust Training of a Prediction Aware Recourse Model
To address this problem, we propose RoCourseNet, a training framework that jointly optimizes predictions and recourses that are robust to future data shifts.
Communication-Efficient Adaptive Federated Learning
We show that in the nonconvex stochastic optimization setting, our proposed FedCAMS achieves the same convergence rate of $O(\frac{1}{\sqrt{TKm}})$ as its non-compressed counterparts.
Do Language Models Plagiarize?
Our results suggest that (1) three types of plagiarism widely exist in LMs beyond memorization, (2) both size and decoding methods of LMs are strongly associated with the degrees of plagiarism they exhibit, and (3) fine-tuned LMs' plagiarism patterns vary based on their corpus similarity and homogeneity.
Learnability Lock: Authorized Learnability Control Through Adversarial Invertible Transformations
In particular, we propose adversarial invertible transformation, that can be viewed as a mapping from image to image, to slightly modify data samples so that they become "unlearnable" by machine learning models with negligible loss of visual features.
Benign Overfitting in Adversarially Robust Linear Classification
Our result suggests that under moderate perturbations, adversarially trained linear classifiers can achieve the near-optimal standard and adversarial risks, despite overfitting the noisy training data.
Communication-Compressed Adaptive Gradient Method for Distributed Nonconvex Optimization
We prove that the proposed communication-efficient distributed adaptive gradient method converges to the first-order stationary point with the same iteration complexity as uncompressed vanilla AMSGrad in the stochastic nonconvex optimization setting.
Do Wider Neural Networks Really Help Adversarial Robustness?
Previous empirical results suggest that adversarial training requires wider networks for better performances.
Efficient Robust Training via Backward Smoothing
In this work, we develop a new understanding towards Fast Adversarial Training, by viewing random initialization as performing randomized smoothing for better optimization of the inner maximization problem.
RayS: A Ray Searching Method for Hard-label Adversarial Attack
Deep neural networks are vulnerable to adversarial attacks.
Ranked #1 on
Hard-label Attack
on MNIST
Understanding the Intrinsic Robustness of Image Distributions using Conditional Generative Models
Starting with Gilmer et al. (2018), several works have demonstrated the inevitability of adversarial examples based on different assumptions about the underlying input probability space.
Training Deep Neural Networks with Partially Adaptive Momentum
Experiments on standard benchmarks show that our proposed algorithm can maintain fast convergence rate as Adam/Amsgrad while generalizing as well as SGD in training deep neural networks.
A Frank-Wolfe Framework for Efficient and Effective Adversarial Attacks
Depending on how much information an adversary can access to, adversarial attacks can be classified as white-box attack and black-box attack.
On the Convergence of Adaptive Gradient Methods for Nonconvex Optimization
In this paper, we provide a fine-grained convergence analysis for a general class of adaptive gradient methods including AMSGrad, RMSProp and AdaGrad.
Covariate Adjusted Precision Matrix Estimation via Nonconvex Optimization
We propose a nonconvex estimator for the covariate adjusted precision matrix estimation problem in the high dimensional regime, under sparsity constraints.
Closing the Generalization Gap of Adaptive Gradient Methods in Training Deep Neural Networks
Experiments on standard benchmarks show that our proposed algorithm can maintain a fast convergence rate as Adam/Amsgrad while generalizing as well as SGD in training deep neural networks.
Global Convergence of Langevin Dynamics Based Algorithms for Nonconvex Optimization
Furthermore, for the first time we prove the global convergence guarantee for variance reduced stochastic gradient Langevin dynamics (SVRG-LD) to the almost minimizer within $\tilde O\big(\sqrt{n}d^5/(\lambda^4\epsilon^{5/2})\big)$ stochastic gradient evaluations, which outperforms the gradient complexities of GLD and SGLD in a wide regime.
Robust Wirtinger Flow for Phase Retrieval with Arbitrary Corruption
We consider the robust phase retrieval problem of recovering the unknown signal from the magnitude-only measurements, where the measurements can be contaminated by both sparse arbitrary corruption and bounded random noise.
High Dimensional Multivariate Regression and Precision Matrix Estimation via Nonconvex Optimization
We propose a nonconvex estimator for joint multivariate regression and precision matrix estimation in the high dimensional regime, under sparsity constraints.
