1 code implementation • 7 Dec 2023 • Vasisht Duddu, Sebastian Szyller, N. Asokan
We survey existing literature on unintended interactions, accommodating them within our framework.
no code implementations • 14 Aug 2023 • Mansi Phute, Alec Helbling, Matthew Hull, Shengyun Peng, Sebastian Szyller, Cory Cornelius, Duen Horng Chau
We test LLM Self Defense on GPT 3. 5 and Llama 2, two of the current most prominent LLMs against various types of attacks, such as forcefully inducing affirmative responses to prompts and prompt engineering attacks.
1 code implementation • 13 Apr 2023 • Jian Liu, Rui Zhang, Sebastian Szyller, Kui Ren, N. Asokan
Our core idea is that a malicious accuser can deviate (without detection) from the specified MOR process by finding (transferable) adversarial examples that successfully serve as evidence against independent suspect models.
no code implementations • 24 Oct 2022 • Sebastian Szyller, Rui Zhang, Jian Liu, N. Asokan
However, in a subspace of the same setting, we prove that DI suffers from high false positives (FPs) -- it can incorrectly identify an independent model trained with non-overlapping data from the same distribution as stolen.
1 code implementation • 5 Jul 2022 • Sebastian Szyller, N. Asokan
We then focus on systematically analyzing pairwise interactions between protection mechanisms for one concern, model and data ownership verification, with two other classes of ML protection mechanisms: differentially private training, and robustness against model evasion.
no code implementations • 4 Dec 2021 • Vasisht Duddu, Sebastian Szyller, N. Asokan
Using ten benchmark datasets, we show that SHAPr is indeed effective in estimating susceptibility of training data records to MIAs.
no code implementations • 26 Apr 2021 • Sebastian Szyller, Vasisht Duddu, Tommi Gröndahl, N. Asokan
We present a framework for conducting such attacks, and show that an adversary can successfully extract functional surrogate models by querying $F_V$ using data from the same domain as the training data for $F_V$.
no code implementations • 11 Oct 2019 • Buse Gul Atli, Sebastian Szyller, Mika Juuti, Samuel Marchal, N. Asokan
However, model extraction attacks can steal the functionality of ML models using the information leaked to clients through the results returned via the API.
1 code implementation • 10 Oct 2019 • Samuel Marchal, Sebastian Szyller
Our approach is based on clustering and aims to group together fraudulent orders placed by the same group of fraudsters.
1 code implementation • 3 Jun 2019 • Sebastian Szyller, Buse Gul Atli, Samuel Marchal, N. Asokan
Existing watermarking schemes are ineffective against IP theft via model extraction since it is the adversary who trains the surrogate model.
2 code implementations • 7 May 2018 • Mika Juuti, Sebastian Szyller, Samuel Marchal, N. Asokan
Access to the model can be restricted to be only via well-defined prediction APIs.
Cryptography and Security