Search Results for author:
Found 23 papers, 9 papers with code
Human-Producible Adversarial Examples
Visual adversarial examples have so far been restricted to pixel-level image manipulations in the digital world, or have required sophisticated equipment such as 2D or 3D printers to be produced in the physical real world.
Machine Learning needs Better Randomness Standards: Randomised Smoothing and PRNG-based attacks
As an example, we hide an attack in the random number generator and show that the randomness tests suggested by NIST fail to detect it.
When Vision Fails: Text Attacks Against ViT and OCR
While text-based machine learning models that operate on visual inputs of rendered text have become robust against a wide range of existing attacks, we show that they are still vulnerable to visual adversarial examples encoded as text.
The Curse of Recursion: Training on Generated Data Makes Models Forget
It is now clear that large language models (LLMs) are here to stay, and will bring about drastic change in the whole ecosystem of online text and images.
Boosting Big Brother: Attacking Search Engines with Encodings
Search engines are vulnerable to attacks against indexing and searching via text encoding manipulation.
ImpNet: Imperceptible and blackbox-undetectable backdoors in compiled neural networks
These backdoors are impossible to detect during the training or data preparation processes, because they are not yet present.
Bad Characters: Imperceptible NLP Attacks
In this paper, we explore a large class of adversarial examples that can be used to attack text-based models in a black-box setting without making any human-perceptible visual modification to inputs.
Markpainting: Adversarial Machine Learning meets Inpainting
Inpainting is a learned interpolation technique that is based on generative modeling and used to populate masked or missing pieces in an image; it has wide applications in picture editing and retouching.
Manipulating SGD with Data Ordering Attacks
Machine learning is vulnerable to a wide variety of attacks.
Hey Alexa what did I just type? Decoding smartphone sounds with a voice assistant
Voice assistants are now ubiquitous and listen in on our everyday lives.
Nudge Attacks on Point-Cloud DNNs
The wide adaption of 3D point-cloud data in safety-critical applications such as autonomous driving makes adversarial samples a real threat.
Reinforcement Learning with Combinatorial Actions: An Application to Vehicle Routing
We develop a framework for value-function-based deep reinforcement learning with a combinatorial action space, in which the action selection problem is explicitly formulated as a mixed-integer optimization problem.
The Convex Relaxation Barrier, Revisited: Tightened Single-Neuron Relaxations for Neural Network Verification
We improve the effectiveness of propagation- and linear-optimization-based neural network verification algorithms with a new tightened convex relaxation for ReLU neurons.
Sponge Examples: Energy-Latency Attacks on Neural Networks
The high energy costs of neural network training and inference led to the use of acceleration hardware such as GPUs and TPUs.
Towards Certifiable Adversarial Sample Detection
Convolutional Neural Networks (CNNs) are deployed in more and more classification systems, but adversarial samples can be maliciously crafted to trick them, and are becoming a real threat.
CAQL: Continuous Action Q-Learning
Value-based reinforcement learning (RL) methods like Q-learning have shown success in a variety of domains.
Blackbox Attacks on Reinforcement Learning Agents Using Approximated Temporal Information
In this work, we show how such samples can be generalised from White-box and Grey-box attacks to a strong Black-box case, where the attacker has no knowledge of the agents, their training parameters and their training methods.
Hearing your touch: A new acoustic side channel on smartphones
We found the device's microphone(s) can recover this wave and "hear" the finger's touch, and the wave's distortions are characteristic of the tap's location on the screen.
Sitatapatra: Blocking the Transfer of Adversarial Samples
Convolutional Neural Networks (CNNs) are widely used to solve classification tasks in computer vision.
Strong mixed-integer programming formulations for trained neural networks
We present an ideal mixed-integer programming (MIP) formulation for a rectified linear unit (ReLU) appearing in a trained neural network.
The Taboo Trap: Behavioural Detection of Adversarial Samples
Most existing detection mechanisms against adversarial attacksimpose significant costs, either by using additional classifiers to spot adversarial samples, or by requiring the DNN to be restructured.
Strong convex relaxations and mixed-integer programming formulations for trained neural networks
We present strong convex relaxations for high-dimensional piecewise linear functions that correspond to trained neural networks.
Optimization and Control 90C11
To compress or not to compress: Understanding the Interactions between Adversarial Attacks and Neural Network Compression
We, therefore, investigate the extent to which adversarial samples are transferable between uncompressed and compressed DNNs.
