Search Results for author:
Found 35 papers, 18 papers with code
LOTUS: Evasive and Resilient Backdoor Attacks through Sub-Partitioning
Backdoor attack poses a significant security threat to Deep Learning applications.
SoK: Challenges and Opportunities in Federated Unlearning
This SoK paper aims to take a deep look at the \emph{federated unlearning} literature, with the goal of identifying research trends and challenges in this emerging field.
Rapid Optimization for Jailbreaking LLMs via Subconscious Exploitation and Echopraxia
Large Language Models (LLMs) have become prevalent across diverse sectors, transforming human life with their extraordinary reasoning and comprehension abilities.
DREAM: Debugging and Repairing AutoML Pipelines
In response to the challenge of model design, researchers proposed Automated Machine Learning (AutoML) systems, which automatically search for model architecture and hyperparameters for a given task.
Elijah: Eliminating Backdoors Injected in Diffusion Models via Distribution Shift
Diffusion models (DM) have become state-of-the-art generative models because of their capability to generate high-quality images from noises without adversarial training.
DIAGNOSIS: Detecting Unauthorized Data Usages in Text-to-image Diffusion Models
To address this issue, we propose a method for detecting such unauthorized data usage by planting the injected memorization into the text-to-image diffusion models trained on the protected dataset.
Alteration-free and Model-agnostic Origin Attribution of Generated Images
To overcome this problem, we first develop an alteration-free and model-agnostic origin attribution method via input reverse-engineering on image generation models, i. e., inverting the input of a particular model for a specific image.
NOTABLE: Transferable Backdoor Attacks Against Prompt-based NLP Models
Such attacks can be easily affected by retraining on downstream tasks and with different prompting strategies, limiting the transferability of backdoor attacks.
CILIATE: Towards Fairer Class-based Incremental Learning by Dataset and Training Refinement
The common practice leverages incremental learning (IL), e. g., Class-based Incremental Learning (CIL) that updates output labels, to update the model with new data and a limited number of old data.
UNICORN: A Unified Backdoor Trigger Inversion Framework
Then, it proposes a unified framework to invert backdoor triggers based on the formalization of triggers and the identified inner behaviors of backdoor models from our analysis.
Detecting Backdoors in Pre-trained Encoders
We show the effectiveness of our method on image encoders pre-trained on ImageNet and OpenAI's CLIP 400 million image-text pairs.
Gradient Shaping: Enhancing Backdoor Attack Against Reverse Engineering
Finally, we perform both theoretical and experimental analysis, showing that the GRASP enhancement does not reduce the effectiveness of the stealthy attacks against the backdoor detection methods based on weight analysis, as well as other backdoor mitigation methods without using detection.
BEAGLE: Forensics of Deep Learning Backdoor Attack for Better Defense
Attack forensics, a critical counter-measure for traditional cyber attacks, is hence of importance for defending model backdoor attacks.
Backdoor Vulnerabilities in Normally Trained Deep Learning Models
We leverage 20 different types of injected backdoor attacks in the literature as the guidance and study their correspondences in normally trained models, which we call natural backdoor vulnerabilities.
Rethinking the Reverse-engineering of Trojan Triggers
On average, the detection accuracy of our method is 93\%.
FLIP: A Provable Defense Framework for Backdoor Mitigation in Federated Learning
In this work, we theoretically analyze the connection among cross-entropy loss, attack success rate, and clean accuracy in this setting.
Apple of Sodom: Hidden Backdoors in Superior Sentence Embeddings via Contrastive Learning
This paper finds that contrastive learning can produce superior sentence embeddings for pre-trained models but is also vulnerable to backdoor attacks.
BppAttack: Stealthy and Efficient Trojan Attacks against Deep Neural Networks via Image Quantization and Contrastive Adversarial Learning
Existing attacks use visible patterns (e. g., a patch or image transformations) as triggers, which are vulnerable to human inspection.
FairNeuron: Improving Deep Neural Network Fairness with Adversary Games on Selective Neurons
To solve this issue, there has been a number of work trying to improve model fairness by using an adversarial game in model level.
Training with More Confidence: Mitigating Injected and Natural Backdoors During Training
By further analyzing the training process and model architectures, we found that piece-wise linear functions cause this hyperplane surface.
Constrained Optimization with Dynamic Bound-scaling for Effective NLPBackdoor Defense
We develop a novel optimization method for NLPbackdoor inversion.
Better Trigger Inversion Optimization in Backdoor Scanning
A popular trigger inversion method is by optimization.
Complex Backdoor Detection by Symmetric Feature Differencing
Our results on the TrojAI competition rounds 2-4, which have patch backdoors and filter backdoors, show that existing scanners may produce hundreds of false positives (i. e., clean models recognized as trojaned), while our technique removes 78-100% of them with a small increase of false negatives by 0-30%, leading to 17-41% overall accuracy improvement.
Finding Deviated Behaviors of the Compressed DNN Models for Image Classifications
To this end, we propose DFLARE, a novel, search-based, black-box testing technique to automatically find triggering inputs that result in deviated behaviors in image classification tasks.
TnT Attacks! Universal Naturalistic Adversarial Patches Against Deep Neural Network Systems
Now, an adversary can arm themselves with a patch that is naturalistic, less malicious-looking, physically realizable, highly effective achieving high attack success rates, and universal.
BadNL: Backdoor Attacks Against NLP Models
For instance, using the Word-level triggers, our backdoor attack achieves a 100% attack success rate with only a utility drop of 0. 18%, 1. 26%, and 0. 19% on three benchmark sentiment analysis datasets.
EX-RAY: Distinguishing Injected Backdoor from Natural Features in Neural Networks by Examining Differential Feature Symmetry
A prominent challenge is hence to distinguish natural features and injected backdoors.
Backdoor Scanning for Deep Neural Networks through K-Arm Optimization
By iteratively and stochastically selecting the most promising labels for optimization with the guidance of an objective function, we substantially reduce the complexity, allowing to handle models with many classes.
Dynamic Backdoor Attacks Against Deep Neural Networks
In particular, BaN and c-BaN based on a novel generative network are the first two schemes that algorithmically generate triggers.
Deep Feature Space Trojan Attack of Neural Networks by Controlled Detoxification
Trojan (backdoor) attack is a form of adversarial attack on deep neural networks where the attacker provides victims with a model trained/retrained on malicious data.
Deep Learning Backdoors
The trigger can take a plethora of forms, including a special object present in the image (e. g., a yellow pad), a shape filled with custom textures (e. g., logos with particular colors) or even image-wide stylizations with special filters (e. g., images altered by Nashville or Gotham filters).
BadNL: Backdoor Attacks against NLP Models with Semantic-preserving Improvements
In this paper, we perform a systematic investigation of backdoor attack on NLP models, and propose BadNL, a general NLP backdoor attack framework including novel attack methods.
Dynamic Backdoor Attacks Against Machine Learning Models
Triggers generated by our techniques can have random patterns and locations, which reduce the efficacy of the current backdoor detection mechanisms.
Testing Deep Learning Models for Image Analysis Using Object-Relevant Metamorphic Relations
The corresponding rate for the object detection models is over 8. 5%.
Attacks Meet Interpretability: Attribute-steered Detection of Adversarial Samples
Results show that our technique can achieve 94% detection accuracy for 7 different kinds of attacks with 9. 91% false positives on benign inputs.
