Search Results for author:
Found 44 papers, 15 papers with code
GUARD: Role-playing to Generate Natural-language Jailbreakings to Test Guideline Adherence of Large Language Models
Our system of different roles will leverage this knowledge graph to generate new jailbreaks, which have proved effective in inducing LLMs to generate unethical or guideline-violating responses.
AIR: Threats of Adversarial Attacks on Deep Learning-Based Information Recovery
It can also be found that the DeepReceiver is vulnerable to adversarial perturbations even with very low power and limited PAPR.
CertPri: Certifiable Prioritization for Deep Neural Networks via Movement Cost in Feature Space
Therefore, it is crucial to identify the misbehavior of DNN-based software and improve DNNs' quality.
AdvCheck: Characterizing Adversarial Examples via Local Gradient Checking
To address the issues, we introduce the concept of local gradient, and reveal that adversarial examples have a quite larger bound of local gradient than the benign ones.
Edge Deep Learning Model Protection via Neuron Authorization
With the development of deep learning processors and accelerators, deep learning models have been widely deployed on edge devices as part of the Internet of Things.
FedRight: An Effective Model Copyright Protection for Federated Learning
For the first time, we formalize the problem of copyright protection for FL, and propose FedRight to protect model copyright based on model fingerprints, i. e., extracting model features by generating adversarial examples as model fingerprints.
Motif-Backdoor: Rethinking the Backdoor Attack on Graph Neural Networks via Motifs
Most of the proposed studies launch the backdoor attack using a trigger that either is the randomly generated subgraph (e. g., erd\H{o}s-r\'enyi backdoor) for less computational burden, or the gradient-based generative subgraph (e. g., graph trojaning attack) to enable a more effective attack.
Label Inference Attacks Against Vertical Federated Learning
However, we discover that the bottom model structure and the gradient update mechanism of VFL can be exploited by a malicious participant to gain the power to infer the privately owned labels.
Link-Backdoor: Backdoor Attack on Link Prediction via Node Injection
Consequently, the link prediction model trained on the backdoored dataset will predict the link with trigger to the target state.
Is Multi-Modal Necessarily Better? Robustness Evaluation of Multi-modal Fake News Detection
The proliferation of fake news and its serious negative social influence push fake news detection methods to become necessary tools for web managers.
Rethinking the Defense Against Free-rider Attack From the Perspective of Model Weight Evolving Frequency
To address these challenges, we reconsider the defense from a novel perspective, i. e., model weight evolving frequency. Empirically, we gain a novel insight that during the FL's training, the model weight evolving frequency of free-riders and that of benign clients are significantly different.
Improving robustness of language models from a geometry-aware perspective
On top of FADA, we propose geometry-aware adversarial training (GAT) to perform adversarial training on friendly adversarial data so that we can save a large number of search steps.
GAIL-PT: A Generic Intelligent Penetration Testing Framework with Generative Adversarial Imitation Learning
Addressing the challenges, for the first time, we introduce expert knowledge to guide the agent to make better decisions in RL-based PT and propose a Generative Adversarial Imitation Learning-based generic intelligent Penetration testing framework, denoted as GAIL-PT, to solve the problems of higher labor costs due to the involvement of security experts and high-dimensional discrete action space.
Excitement Surfeited Turns to Errors: Deep Learning Testing Framework Based on Excitable Neurons
By maximizing the number of excitable neurons concerning various wrong behaviors of models, DeepSensor can generate testing examples that effectively trigger more errors due to adversarial inputs, polluted data and incomplete training.
NeuronFair: Interpretable White-Box Fairness Testing through Biased Neuron Identification
To overcome the challenges, we propose NeuronFair, a new DNN fairness testing framework that differs from previous work in several key aspects: (1) interpretable - it quantitatively interprets DNNs' fairness violations for the biased decision; (2) effective - it uses the interpretation results to guide the generation of more diverse instances in less time; (3) generic - it can handle both structured and unstructured data.
CatchBackdoor: Backdoor Testing by Critical Trojan Neural Path Identification via Differential Fuzzing
Existing DNN testing methods are mainly designed to find incorrect corner case behaviors in adversarial settings but fail to discover the backdoors crafted by strong trojan attacks.
NIP: Neuron-level Inverse Perturbation Against Adversarial Attacks
From the perspective of image feature space, some of them cannot reach satisfying results due to the shift of features.
TEGDetector: A Phishing Detector that Knows Evolving Transaction Behaviors
Phishing detectors direct their efforts in hunting phishing addresses.
Understanding the Dynamics of DNNs Using Graph Modularity
Specifically, we model the process of class separation of intermediate representations in pre-trained DNNs as the evolution of communities in dynamic graphs.
Graph-Fraudster: Adversarial Attacks on Graph Neural Network Based Vertical Federated Learning
This is the first study of adversarial attacks on GVFL.
Dyn-Backdoor: Backdoor Attack on Dynamic Link Prediction
Backdoor attacks induce the DLP methods to make wrong prediction by the malicious training data, i. e., generating a subgraph sequence as the trigger and embedding it to the training data.
Blockchain Phishing Scam Detection via Multi-channel Graph Classification
The transaction pattern graphs and MCGC are more able to detect potential phishing scammers by extracting the transaction pattern features of the target users.
EGC2: Enhanced Graph Classification with Easy Graph Compression
To achieve lower-complexity defense applied to graph classification models, EGC2 utilizes a centrality-based edge-importance index to compress the graphs, filtering out trivial structures and adversarial perturbations in the input graphs, thus improving the model's robustness.
Salient Feature Extractor for Adversarial Defense on Deep Neural Networks
Motivated by the observation that adversarial examples are due to the non-robust feature learned from the original dataset by models, we propose the concepts of salient feature(SF) and trivial feature(TF).
Graphfool: Targeted Label Adversarial Attack on Graph Embedding
To the best of our knowledge, this is the first targeted label attack technique.
GraphAttacker: A General Multi-Task GraphAttack Framework
To address this problem, we propose GraphAttacker, a novel generic graph attack framework that can flexibly adjust the structures and the attack strategies according to the graph analysis tasks.
DeepPoison: Feature Transfer Based Stealthy Poisoning Attack
As existing episodes mainly focused on attack success rate with patch-based samples, defense algorithms can easily detect these poisoning samples.
ROBY: Evaluating the Robustness of a Deep Model by its Decision Boundaries
This work proposes a generic evaluation metric ROBY, a novel attack-independent robustness measure based on the model's decision boundaries.
Time-Series Snapshot Network for Partner Recommendation: A Case Study on OSS
In this paper, we introduce time-series snapshot network (TSSN) which is a mixture network to model the interactions among users and developers.
Social and Information Networks
Visualizing Deep Learning-based Radio Modulation Classifier
Extensive numerical results show both the CNN-based classifier and LSTM-based classifier extract similar radio features relating to modulation reference points.
MGA: Momentum Gradient Attack on Network
The adversarial attack methods based on gradient information can adequately find the perturbations, that is, the combinations of rewired links, thereby reducing the effectiveness of the deep learning model based graph embedding algorithms, but it is also easy to fall into a local optimum.
Social and Information Networks
Time-aware Gradient Attack on Dynamic Network Link Prediction
In this work, we present the first study of adversarial attack on dynamic network link prediction (DNLP).
Multiscale Evolutionary Perturbation Attack on Community Detection
In this paper, we formalize this community detection attack problem in three scales, including global attack (macroscale), target community attack (mesoscale) and target node attack (microscale).
Social and Information Networks Physics and Society
Open DNN Box by Power Side-Channel Attack
However, recent studies indicate that they are also vulnerable to adversarial attacks.
Unsupervised Euclidean Distance Attack on Network Embedding
Since a large number of downstream network algorithms, such as community detection and node classification, rely on the Euclidean distance between nodes to evaluate the similarity between them in the embedding space, EDA can be considered as a universal attack on a variety of network algorithms.
Social and Information Networks Physics and Society
POBA-GA: Perturbation Optimized Black-Box Adversarial Attacks via Genetic Algorithm
In this paper, comprehensive evaluation metrics are brought up for different adversarial attack methods.
N2VSCDNNR: A Local Recommender System Based on Node2vec and Rich Information Network
In particular, we use a bipartite network to construct the user-item network, and represent the interactions among users (or items) by the corresponding one-mode projection network.
Can Adversarial Network Attack be Defended?
In this paper, we are interested in the possibility of defense against adversarial attack on network, and propose defense strategies for GNNs against attacks.
Social and Information Networks Physics and Society
E-LSTM-D: A Deep Learning Framework for Dynamic Network Link Prediction
Predicting the potential relations between nodes in networks, known as link prediction, has long been a challenge in network science.
GC-LSTM: Graph Convolution Embedded LSTM for Dynamic Link Prediction
To the best of our knowledge, it is the first time that GCN embedded LSTM is put forward for link prediction of dynamic networks.
Social and Information Networks Physics and Society
FineFool: Fine Object Contour Attack via Attention
Inspired by the correlations between adversarial perturbations and object contour, slighter perturbations is produced via focusing on object contour features, which is more imperceptible and difficult to be defended, especially network add-on defense methods with the trade-off between perturbations filtering and contour feature loss.
GA Based Q-Attack on Community Detection
In particular, we first give two heuristic attack strategies, i. e., Community Detection Attack (CDA) and Degree Based Attack (DBA), as baselines, utilizing the information of detected community structure and node degree, respectively.
Social and Information Networks
Link Prediction Adversarial Attack
Deep neural network has shown remarkable performance in solving computer vision and some graph evolved tasks, such as node classification and link prediction.
Physics and Society Social and Information Networks
Fast Gradient Attack on Network Embedding
Network embedding maps a network into a low-dimensional Euclidean space, and thus facilitate many network analysis tasks, such as node classification, link prediction and community detection etc, by utilizing machine learning methods.
Physics and Society Social and Information Networks
