Search Results for author:
Found 19 papers, 6 papers with code
Hyperparameter Learning under Data Poisoning: Analysis of the Influence of Regularization via Multiobjective Bilevel Optimization
We propose a novel optimal attack formulation that considers the effect of the attack on the hyperparameters and models the attack as a multiobjective bilevel optimization problem.
FedRAD: Federated Robust Adaptive Distillation
The robustness of federated learning (FL) is vital for the distributed training of an accurate global model that is shared among large number of clients.
Regularization Can Help Mitigate Poisoning Attacks... with the Right Hyperparameters
Machine learning algorithms are vulnerable to poisoning attacks, where a fraction of the training data is manipulated to degrade the algorithms' performance.
Real-time Detection of Practical Universal Adversarial Perturbations
Universal Adversarial Perturbations (UAPs) are a prominent class of adversarial examples that exploit the systemic vulnerabilities and enable physically realizable and robust attacks against Deep Neural Networks (DNNs).
Realizable Universal Adversarial Perturbations for Malware
Universal Adversarial Perturbations (UAPs), which identify noisy patterns that generalize across the input space, allow the attacker to greatly scale up the generation of such examples.
Robustness and Transferability of Universal Attacks on Compressed Models
In this work, we analyze the effect of various compression techniques to UAP attacks, including different forms of pruning and quantization.
Robust Aggregation for Adaptive Privacy Preserving Federated Learning in Healthcare
In this work, we implement and evaluate different robust aggregation methods in FL applied to healthcare data.
Cryptography and Security
Regularisation Can Mitigate Poisoning Attacks: A Novel Analysis Based on Multiobjective Bilevel Optimisation
We propose a novel optimal attack formulation that considers the effect of the attack on the hyperparameters by modelling the attack as a multiobjective bilevel optimisation problem.
Universal Adversarial Robustness of Texture and Shape-Biased Models
Increasing shape-bias in deep neural networks has been shown to improve robustness to common corruptions and noise.
Byzantine-Robust Federated Machine Learning through Adaptive Model Averaging
Federated learning enables training collaborative machine learning models at scale with many participants whilst preserving the privacy of their datasets.
Poisoning Attacks with Generative Adversarial Nets
In this paper we introduce a novel generative model to craft systematic poisoning attacks against machine learning classifiers generating adversarial training examples, i. e. samples that look like genuine data points but that degrade the classifier's accuracy when used for training.
Sensitivity of Deep Convolutional Networks to Gabor Noise
Deep Convolutional Networks (DCNs) have been shown to be sensitive to Universal Adversarial Perturbations (UAPs): input-agnostic perturbations that fool a model on large portions of a dataset.
Procedural Noise Adversarial Examples for Black-Box Attacks on Deep Convolutional Networks
Deep Convolutional Networks (DCNs) have been shown to be vulnerable to adversarial examples---perturbed inputs specifically designed to produce intentional errors in the learning algorithms at test time.
Mitigation of Adversarial Attacks through Embedded Feature Selection
We propose a design methodology to evaluate the security of machine learning classifiers with embedded feature selection against adversarial examples crafted using different attack strategies.
Label Sanitization against Label Flipping Poisoning Attacks
Label flipping attacks are a special case of data poisoning, where the attacker can control the labels assigned to a fraction of the training points.
Detection of Adversarial Training Examples in Poisoning Attacks through Anomaly Detection
We show empirically that the adversarial examples generated by these attack strategies are quite different from genuine points, as no detectability constrains are considered to craft the attack.
Towards Poisoning of Deep Learning Algorithms with Back-gradient Optimization
This exposes learning algorithms to the threat of data poisoning, i. e., a coordinate attack in which a fraction of the training data is controlled by the attacker and manipulated to subvert the learning process.
Efficient Attack Graph Analysis through Approximate Inference
We compare sequential and parallel versions of Loopy Belief Propagation with exact inference techniques for both static and dynamic analysis, showing the advantages of approximate inference techniques to scale to larger attack graphs.
Exact Inference Techniques for the Analysis of Bayesian Attack Graphs
Attack graphs are a powerful tool for security risk assessment by analysing network vulnerabilities and the paths attackers can use to compromise network resources.
