Search Results for author:
Found 24 papers, 18 papers with code
Generating Potent Poisons and Backdoors from Scratch with Guided Diffusion
As a result, we may be able to craft more potent poisons by carefully choosing the base samples.
Exploring Sequence-to-Sequence Transformer-Transducer Models for Keyword Spotting
In this paper, we present a novel approach to adapt a sequence-to-sequence Transformer-Transducer ASR system to the keyword spotting (KWS) task.
Thinking Two Moves Ahead: Anticipating Other Users Improves Backdoor Attacks in Federated Learning
Federated learning is particularly susceptible to model poisoning and backdoor attacks because individual users have direct control over the training data and model updates.
Poisons that are learned faster are more effective
We advocate for evaluating poisons in terms of peak test accuracy.
Can Neural Nets Learn the Same Model Twice? Investigating Reproducibility and Double Descent from the Decision Boundary Perspective
We also use decision boundary methods to visualize double descent phenomena.
Fishing for User Data in Large-Batch Federated Learning via Gradient Magnification
Federated learning (FL) has rapidly risen in popularity due to its promise of privacy and efficiency.
Decepticons: Corrupted Transformers Breach Privacy in Federated Learning for Language Models
A central tenet of Federated learning (FL), which trains models without centralizing user data, is privacy.
Execute Order 66: Targeted Data Poisoning for Reinforcement Learning
Data poisoning for reinforcement learning has historically focused on general performance degradation, and targeted attacks have been successful via perturbations that involve control of the victim's policy and rewards.
Robbing the Fed: Directly Obtaining Private Data in Federated Learning with Modified Models
Federated learning has quickly gained popularity with its promises of increased user privacy and efficiency.
Adversarial Examples Make Strong Poisons
The adversarial machine learning literature is largely partitioned into evasion attacks on testing data and poisoning attacks on training data.
Sleeper Agent: Scalable Hidden Trigger Backdoors for Neural Networks Trained from Scratch
In contrast, the Hidden Trigger Backdoor Attack achieves poisoning without placing a trigger into the training data at all.
DP-InstaHide: Provably Defusing Poisoning and Backdoor Attacks with Differentially Private Data Augmentations
The InstaHide method has recently been proposed as an alternative to DP training that leverages supposed privacy properties of the mixup augmentation, although without rigorous guarantees.
What Doesn't Kill You Makes You Robust(er): How to Adversarially Train against Data Poisoning
Data poisoning is a threat model in which a malicious actor tampers with training data to manipulate outcomes at inference time.
Preventing Unauthorized Use of Proprietary Data: Poisoning for Secure Dataset Release
Large organizations such as social media companies continually release data, for example user images.
Strong Data Augmentation Sanitizes Poisoning and Backdoor Attacks Without an Accuracy Tradeoff
Data poisoning and backdoor attacks manipulate victim models by maliciously modifying training data.
Random Network Distillation as a Diversity Metric for Both Image and Text Generation
We validate and deploy this metric on both images and text.
Witches' Brew: Industrial Scale Data Poisoning via Gradient Matching
We consider a particularly malicious poisoning attack that is both "from scratch" and "clean label", meaning we analyze an attack that successfully works against new, randomly initialized models, and is nearly imperceptible to humans, all while perturbing only a small fraction of the training data.
Headless Horseman: Adversarial Attacks on Transfer Learning Models
We first demonstrate successful transfer attacks against a victim network using \textit{only} its feature extractor.
MetaPoison: Practical General-purpose Clean-label Data Poisoning
Existing attacks for data poisoning neural networks have relied on hand-crafted heuristics, because solving the poisoning problem directly via bilevel optimization is generally thought of as intractable for deep models.
Unraveling Meta-Learning: Understanding Feature Representations for Few-Shot Tasks
In doing so, we introduce and verify several hypotheses for why meta-learned models perform better.
Adversarially Robust Few-Shot Learning: A Meta-Learning Approach
Previous work on adversarially robust neural networks for image classification requires large training sets and computationally expensive training procedures.
Deep k-NN Defense against Clean-label Data Poisoning Attacks
Targeted clean-label data poisoning is a type of adversarial attack on machine learning systems in which an adversary injects a few correctly-labeled, minimally-perturbed samples into the training data, causing a model to misclassify a particular test sample during inference.
Understanding Generalization through Visualizations
The power of neural networks lies in their ability to generalize to unseen data, yet the underlying reasons for this phenomenon remain elusive.
Adversarially Robust Distillation
In addition to producing small models with high test accuracy like conventional distillation, ARD also passes the superior robustness of large networks onto the student.
