Search Results for author:
Found 21 papers, 8 papers with code
Securely Fine-tuning Pre-trained Encoders Against Adversarial Examples
In response to these challenges, we propose Genetic Evolution-Nurtured Adversarial Fine-tuning (Gen-AF), a two-stage adversarial fine-tuning approach aimed at enhancing the robustness of downstream models.
Fluent: Round-efficient Secure Aggregation for Private Federated Learning
Fluent also reduces the communication overhead for the server at the expense of a marginal increase in computational cost.
Revisiting Gradient Pruning: A Dual Realization for Defending against Gradient Attacks
To mitigate the weaknesses of existing solutions, we propose a novel defense method, Dual Gradient Pruning (DGP), based on gradient pruning, which can improve communication efficiency while preserving the utility and privacy of CL.
MISA: Unveiling the Vulnerabilities in Split Federated Learning
This attack unveils the vulnerabilities in SFL, challenging the conventional belief that SFL is robust against poisoning attacks.
Corrupting Convolution-based Unlearnable Datasets with Pixel-based Image Transformations
Through validation experiments that commendably support our hypothesis, we further design a random matrix to boost both $\Theta_{imi}$ and $\Theta_{imc}$, achieving a notable degree of defense effect.
AGRAMPLIFIER: Defending Federated Learning Against Poisoning Attacks Through Local Update Amplification
By equipping AGRAMPLIFIER with the existing Byzantine-robust mechanisms, we successfully enhance the model's robustness, maintaining its fidelity and improving overall efficiency.
Towards Self-Interpretable Graph-Level Anomaly Detection
In this paper, we investigate a new challenging problem, explainable GLAD, where the learning objective is to predict the abnormality of each graph sample with corresponding explanations, i. e., the vital subgraph that leads to the predictions.
Turn Passive to Active: A Survey on Active Intellectual Property Protection of Deep Learning Models
In this review, we attempt to clearly elaborate on the connotation, attributes, and requirements of active DNN copyright protection, provide evaluation methods and metrics for active copyright protection, review and analyze existing work on active DL model intellectual property protection, discuss potential attacks that active DL model copyright protection techniques may face, and provide challenges and future directions for active DL model intellectual property protection.
Client-side Gradient Inversion Against Federated Learning from Poisoning
For the first time, we show the feasibility of a client-side adversary with limited knowledge being able to recover the training samples from the aggregated global model.
Downstream-agnostic Adversarial Examples
AdvEncoder aims to construct a universal adversarial perturbation or patch for a set of natural images that can fool all the downstream tasks inheriting the victim pre-trained encoder.
Why Does Little Robustness Help? Understanding and Improving Adversarial Transferability from Surrogate Training
Building on these insights, we explore the impacts of data augmentation and gradient regularization on transferability and identify that the trade-off generally exists in the various training mechanisms, thus building a comprehensive blueprint for the regulation mechanism behind transferability.
Denial-of-Service or Fine-Grained Control: Towards Flexible Model Poisoning Attacks on Federated Learning
Federated learning (FL) is vulnerable to poisoning attacks, where adversaries corrupt the global aggregation results and cause denial-of-service (DoS).
Masked Language Model Based Textual Adversarial Example Detection
To explore how to use the masked language model in adversarial detection, we propose a novel textual adversarial example detection method, namely Masked Language Model-based Detection (MLMD), which can produce clearly distinguishable signals between normal examples and adversarial examples by exploring the changes in manifolds induced by the masked language model.
PointCA: Evaluating the Robustness of 3D Point Cloud Completion Models Against Adversarial Examples
In addition, existing attack approaches towards point cloud classifiers cannot be applied to the completion models due to different output forms and attack purposes.
BadHash: Invisible Backdoor Attacks against Deep Hashing with Clean Label
In this paper, we propose BadHash, the first generative-based imperceptible backdoor attack against deep hashing, which can effectively generate invisible and input-specific poisoned images with clean label.
Evaluating Membership Inference Through Adversarial Robustness
The usage of deep learning is being escalated in many applications.
Towards Privacy-Preserving Neural Architecture Search
Machine learning promotes the continuous development of signal processing in various fields, including network traffic monitoring, EEG classification, face identification, and many more.
Attention Distraction: Watermark Removal Through Continual Learning with Selective Forgetting
Fine-tuning attacks are effective in removing the embedded watermarks in deep learning models.
Protecting Facial Privacy: Generating Adversarial Identity Masks via Style-robust Makeup Transfer
While deep face recognition (FR) systems have shown amazing performance in identification and verification, they also arouse privacy concerns for their excessive surveillance on users, especially for public face images widely spread on social networks.
Challenges and Approaches for Mitigating Byzantine Attacks in Federated Learning
Then we propose a new byzantine attack method called weight attack to defeat those defense schemes, and conduct experiments to demonstrate its threat.
Self-Supervised Adversarial Example Detection by Disentangled Representation
To alleviate this problem, we explore how to detect adversarial examples with disentangled label/semantic features under the autoencoder structure.
