Search Results for author:
Found 21 papers, 6 papers with code
TransTroj: Transferable Backdoor Attacks to Pre-trained Models via Embedding Indistinguishability
Adopting untrusted PTMs may suffer from backdoor attacks, where the adversary can compromise the downstream models by injecting backdoors into the PTM.
Rethinking Adversarial Training with Neural Tangent Kernel
To the best of our knowledge, it is the first work leveraging the observations of kernel dynamics to improve existing AT methods.
Warfare:Breaking the Watermark Protection of AI-Generated Content
We propose Warfare, a unified methodology to achieve both attacks in a holistic way.
Mercury: An Automated Remote Side-channel Attack to Nvidia Deep Learning Accelerator
One big concern about the usage of the accelerators is the confidentiality of the deployed models: model inference execution on the accelerators could leak side-channel information, which enables an adversary to preciously recover the model details.
What can Discriminator do? Towards Box-free Ownership Verification of Generative Adversarial Network
In recent decades, Generative Adversarial Network (GAN) and its variants have achieved unprecedented success in image synthesis.
Text Classification via Large Language Models
This is due to (1) the lack of reasoning ability in addressing complex linguistic phenomena (e. g., intensification, contrast, irony etc); (2) limited number of tokens allowed in in-context learning.
What can Discriminator do? Towards Box-free Ownership Verification of Generative Adversarial Networks
In recent decades, Generative Adversarial Network (GAN) and its variants have achieved unprecedented success in image synthesis.
CompleteDT: Point Cloud Completion with Dense Augment Inference Transformers
Point cloud completion task aims to predict the missing part of incomplete point clouds and generate complete point clouds with details.
CT-block: a novel local and global features extractor for point cloud
Meanwhile, the transformer-branch performs offset-attention process on the whole point cloud to extract the global feature.
Triggerless Backdoor Attack for NLP Tasks with Clean Labels
To deal with this issue, in this paper, we propose a new strategy to perform textual backdoor attacks which do not require an external trigger, and the poisoned samples are correctly labeled.
BadPre: Task-agnostic Backdoor Attacks to Pre-trained NLP Foundation Models
The key feature of our attack is that the adversary does not need prior information about the downstream tasks when implanting the backdoor to the pre-trained model.
NASPY: Automated Extraction of Automated Machine Learning Models
We present NASPY, an end-to-end adversarial framework to extract the networkarchitecture of deep learning models from Neural Architecture Search (NAS).
A Novel Watermarking Framework for Ownership Verification of DNN Architectures
We present a novel watermarking scheme to achieve the intellectual property (IP) protection and ownership verification of DNN architectures.
Fingerprinting Generative Adversarial Networks
In this paper, we present the first fingerprinting scheme for the Intellectual Property (IP) protection of GANs.
Local Black-box Adversarial Attacks: A Query Efficient Approach
Based on this property, we identify the discriminative areas of a given clean example easily for local perturbations.
DeepSweep: An Evaluation Framework for Mitigating DNN Backdoor Attacks using Data Augmentation
In this paper, we investigate the effectiveness of data augmentation techniques in mitigating backdoor attacks and enhancing DL models' robustness.
Privacy-preserving Collaborative Learning with Automatic Transformation Search
Comprehensive evaluations demonstrate that the policies discovered by our method can defeat existing reconstruction attacks in collaborative learning, with high efficiency and negligible impact on the model performance.
Fine-tuning Is Not Enough: A Simple yet Effective Watermark Removal Attack for DNN Models
In this paper, we propose a novel watermark removal attack from a different perspective.
Topology-aware Differential Privacy for Decentralized Image Classification
In this paper, we design Top-DP, a novel solution to optimize the differential privacy protection of decentralized image classification systems.
Stealing Deep Reinforcement Learning Models for Fun and Profit
This paper presents the first model extraction attack against Deep Reinforcement Learning (DRL), which enables an external adversary to precisely recover a black-box DRL model only from its interaction with the environment.
Byzantine-resilient Decentralized Stochastic Gradient Descent
It guarantees that each benign node in a decentralized system can train a correct model under very strong Byzantine attacks with an arbitrary number of faulty nodes.
