Search Results for author:
Found 16 papers, 2 papers with code
Publicly Detectable Watermarking for Language Models
We construct the first provable watermarking scheme for language models with public detectability or verifiability: we use a private key for watermarking and a public key for watermark detection.
On Optimal Learning Under Targeted Data Poisoning
In this work we aim to characterize the smallest achievable error $\epsilon=\epsilon(\eta)$ by the learner in the presence of such an adversary in both realizable and agnostic settings.
Overparameterization from Computational Constraints
In particular, for computationally bounded learners, we extend the recent result of Bubeck and Sellke [NeurIPS'2021] which shows that robust models might need more parameters, to the computational regime and show that bounded learners could provably need an even larger number of parameters.
Deletion Inference, Reconstruction, and Compliance in Machine (Un)Learning
Privacy attacks on machine learning models aim to identify the data that is used to train such models.
Learning and Certification under Instance-targeted Poisoning
In this paper, we study PAC learnability and certification of predictions under instance-targeted poisoning attacks, where the adversary who knows the test instance may change a fraction of the training set with the goal of fooling the learner at the test instance.
Is Private Learning Possible with Instance Encoding?
A private machine learning algorithm hides as much as possible about its training data while still preserving accuracy.
A Separation Result Between Data-oblivious and Data-aware Poisoning Attacks
Some of the stronger poisoning attacks require the full knowledge of the training data.
Computational Concentration of Measure: Optimal Bounds, Reductions, and More
Product measures of dimension $n$ are known to be concentrated in Hamming distance: for any set $S$ in the product space of probability $\epsilon$, a random point in the space, with probability $1-\delta$, has a neighbor in $S$ that is different from the original point in only $O(\sqrt{n\ln(1/(\epsilon\delta))})$ coordinates.
Lower Bounds for Adversarially Robust PAC Learning
In this work, we initiate a formal study of probably approximately correct (PAC) learning under evasion attacks, where the adversary's goal is to \emph{misclassify} the adversarially perturbed sample point $\widetilde{x}$, i. e., $h(\widetilde{x})\neq c(\widetilde{x})$, where $c$ is the ground truth concept and $h$ is the learned hypothesis.
Empirically Measuring Concentration: Fundamental Limits on Intrinsic Robustness
Many recent works have shown that adversarial examples that fool classifiers can be found by minimally perturbing a normal input.
Adversarially Robust Learning Could Leverage Computational Hardness
On the reverse directions, we also show that the existence of such learning task in which computational robustness beats information theoretic robustness requires computational hardness by implying (average-case) hardness of NP.
Adversarial Risk and Robustness: General Definitions and Implications for the Uniform Distribution
We study both "inherent" bounds that apply to any problem and any classifier for such a problem as well as bounds that apply to specific problems and specific hypothesis classes.
Can Adversarially Robust Learning Leverage Computational Hardness?
Making learners robust to adversarial perturbation at test time (i. e., evasion attacks) or training time (i. e., poisoning attacks) has emerged as a challenging task.
Universal Multi-Party Poisoning Attacks
In this work, we demonstrate universal multi-party poisoning attacks that adapt and apply to any multi-party learning process with arbitrary interaction pattern between the parties.
The Curse of Concentration in Robust Learning: Evasion and Poisoning Attacks from Concentration of Measure
We show that if the metric probability space of the test instance is concentrated, any classifier with some initial constant error is inherently vulnerable to adversarial perturbations.
Learning under $p$-Tampering Attacks
They obtained $p$-tampering attacks that increase the error probability in the so called targeted poisoning model in which the adversary's goal is to increase the loss of the trained hypothesis over a particular test example.
