Search Results for author:
Found 21 papers, 3 papers with code
Randomization matters How to defend against strong adversarial attacks
We demonstrate the non-existence of a Nash equilibrium in our game when the classifier and the adversary are both deterministic, hence giving a negative answer to the above question in the deterministic regime.
Tackling Byzantine Clients in Federated Learning
The natural approach to robustify FL against adversarial clients is to replace the simple averaging operation at the server in the standard $\mathsf{FedAvg}$ algorithm by a \emph{robust averaging rule}.
SABLE: Secure And Byzantine robust LEarning
SABLE leverages HTS, a novel and efficient homomorphic operator implementing the prominent coordinate-wise trimmed mean robust aggregator.
On the Privacy-Robustness-Utility Trilemma in Distributed Learning
The latter amortizes the dependence on the dimension in the error (caused by adversarial workers and DP), while being agnostic to the statistical properties of the data.
Fixing by Mixing: A Recipe for Optimal Byzantine ML under Heterogeneity
Byzantine machine learning (ML) aims to ensure the resilience of distributed learning algorithms to misbehaving (or Byzantine) machines.
On the Impossible Safety of Large AI Models
Large AI Models (LAIMs), of which large language models are the most prominent recent example, showcase some impressive performance.
Robust Collaborative Learning with Linear Gradient Overhead
We present MoNNA, a new algorithm that (a) is provably robust under standard assumptions and (b) has a gradient computation overhead that is linear in the fraction of faulty machines, which is conjectured to be tight.
Towards Evading the Limits of Randomized Smoothing: A Theoretical Analysis
We first show that these certificates use too little information about the classifier, and are in particular blind to the local curvature of the decision boundary.
Byzantine Machine Learning Made Easy by Resilient Averaging of Momentums
We present \emph{RESAM (RESilient Averaging of Momentums)}, a unified framework that makes it simple to establish optimal Byzantine resilience, relying only on standard machine learning assumptions.
Towards Consistency in Adversarial Classification
In this paper, we expose some pathological behaviors specific to the adversarial problem, and show that no convex surrogate loss can be consistent or calibrated in this context.
Combining Differential Privacy and Byzantine Resilience in Distributed SGD
Privacy and Byzantine resilience (BR) are two crucial requirements of modern-day distributed machine learning.
On the robustness of randomized classifiers to adversarial examples
This paper investigates the theory of robustness against adversarial attacks.
Mixed Nash Equilibria in the Adversarial Examples Game
This paper tackles the problem of adversarial examples from a game theoretic point of view.
Advocating for Multiple Defense Strategies against Adversarial Examples
It has been empirically observed that defense mechanisms designed to protect neural networks against $\ell_\infty$ adversarial examples offer poor performance against $\ell_2$ adversarial examples and vice versa.
SPEED: Secure, PrivatE, and Efficient Deep learning
Based on collaborative learning, differential privacy and homomorphic encryption, the proposed approach advances state-of-the-art of private deep learning against a wider range of threats, in particular the honest-but-curious server assumption.
Randomization matters. How to defend against strong adversarial attacks
We demonstrate the non-existence of a Nash equilibrium in our game when the classifier and the Adversary are both deterministic, hence giving a negative answer to the above question in the deterministic regime.
A unified view on differential privacy and robustness to adversarial examples
This short note highlights some links between two lines of research within the emerging topic of trustworthy machine learning: differential privacy and robustness to adversarial examples.
Robust Neural Networks using Randomized Adversarial Training
This paper tackles the problem of defending a neural network against adversarial attacks crafted with different norms (in particular $\ell_\infty$ and $\ell_2$ bounded adversarial examples).
Theoretical evidence for adversarial robustness through randomization
This paper investigates the theory of robustness against adversarial attacks.
Graph-based Clustering under Differential Privacy
In this paper, we present the first differentially private clustering method for arbitrary-shaped node clusters in a graph.
Minimum spanning tree release under differential privacy constraints
It provides a simple way of producing the topology of a private almost minimum spanning tree which outperforms, in most cases, the state of the art "Laplace mechanism" in terms of weight-approximation error.
