Search Results for author: Stjepan Picek

Found 44 papers, 7 papers with code

LLM Jailbreak Attack versus Defense Techniques -- A Comprehensive Study

no code implementations21 Feb 2024 Zihao Xu, Yi Liu, Gelei Deng, Yuekang Li, Stjepan Picek

Large Language Models (LLMS) have increasingly become central to generating content with potential societal impacts.

A Systematic Evaluation of Evolving Highly Nonlinear Boolean Functions in Odd Sizes

no code implementations15 Feb 2024 Claude Carlet, Marko Ðurasevic, Domagoj Jakobovic, Stjepan Picek, Luca Mariot

In the last 30 years, evolutionary algorithms have been shown to be a strong option for evolving Boolean functions in different sizes and with different properties.

Evolutionary Algorithms

The SpongeNet Attack: Sponge Weight Poisoning of Deep Neural Networks

no code implementations9 Feb 2024 Jona te Lintelo, Stefanos Koffas, Stjepan Picek

SpongeNet is the first sponge attack that is performed directly on the parameters of a pre-trained model.

Time-Distributed Backdoor Attacks on Federated Spiking Learning

no code implementations5 Feb 2024 Gorka Abad, Stjepan Picek, Aitor Urbieta

Then, we evaluate the transferability of known FL attack methods to SNNs, finding that these lead to suboptimal attack performance.

Federated Learning SSIM

MIMIR: Masked Image Modeling for Mutual Information-based Adversarial Robustness

1 code implementation8 Dec 2023 Xiaoyun Xu, Shujian Yu, Jingzheng Wu, Stjepan Picek

However, these methods still follow the design of traditional supervised adversarial training, limiting the potential of adversarial training on ViTs.

Adversarial Robustness

Dr. Jekyll and Mr. Hyde: Two Faces of LLMs

no code implementations6 Dec 2023 Matteo Gioele Collu, Tom Janssen-Groesbeek, Stefanos Koffas, Mauro Conti, Stjepan Picek

This work shows that by using adversarial personas, one can overcome safety mechanisms set out by ChatGPT and Bard.

Chatbot

A New Angle: On Evolving Rotation Symmetric Boolean Functions

no code implementations20 Nov 2023 Claude Carlet, Marko Ðurasevic, Bruno Gašperov, Domagoj Jakobovic, Luca Mariot, Stjepan Picek

Rotation symmetric Boolean functions represent an interesting class of Boolean functions as they are relatively rare compared to general Boolean functions.

Evolutionary Algorithms

Look into the Mirror: Evolving Self-Dual Bent Boolean Functions

no code implementations20 Nov 2023 Claude Carlet, Marko Ðurasevic, Domagoj Jakobovic, Luca Mariot, Stjepan Picek

This paper provides a detailed experimentation with evolutionary algorithms with the goal of evolving (anti-)self-dual bent Boolean functions.

Evolutionary Algorithms

Tabdoor: Backdoor Vulnerabilities in Transformer-based Neural Networks for Tabular Data

no code implementations13 Nov 2023 Bart Pleiter, Behrad Tajalli, Stefanos Koffas, Gorka Abad, Jing Xu, Martha Larson, Stjepan Picek

Our findings highlight the urgency of addressing such vulnerabilities and provide insights into potential countermeasures for securing DNN models against backdoors in tabular data.

Backdoor Attack

Momentum Gradient-based Untargeted Attack on Hypergraph Neural Networks

no code implementations24 Oct 2023 Yang Chen, Stjepan Picek, Zhonglin Ye, Zhaoyang Wang, Haixing Zhao

We use a momentum gradient mechanism to choose the attack node features in the feature selection module.

feature selection

BlindSage: Label Inference Attacks against Node-level Vertical Federated Graph Neural Networks

no code implementations4 Aug 2023 Marco Arazzi, Mauro Conti, Stefanos Koffas, Marina Krcek, Antonino Nocera, Stjepan Picek, Jing Xu

In this work, we are the first (to the best of our knowledge) to investigate label inference attacks on VFL using a zero-background knowledge strategy.

Node Classification Vertical Federated Learning

Turning Privacy-preserving Mechanisms against Federated Learning

no code implementations9 May 2023 Marco Arazzi, Mauro Conti, Antonino Nocera, Stjepan Picek

Recently, researchers have successfully employed Graph Neural Networks (GNNs) to build enhanced recommender systems due to their capability to learn patterns from the interaction between involved entities.

Federated Learning Privacy Preserving +1

Rethinking the Trigger-injecting Position in Graph Backdoor Attack

no code implementations5 Apr 2023 Jing Xu, Gorka Abad, Stjepan Picek

There is no work analyzing and explaining the backdoor attack performance when injecting triggers into the most important or least important area in the sample, which we refer to as trigger-injecting strategies MIAS and LIAS, respectively.

Backdoor Attack Position

On Feasibility of Server-side Backdoor Attacks on Split Learning

no code implementations19 Feb 2023 Behrad Tajalli, Oguzhan Ersoy, Stjepan Picek

Recent studies demonstrate that collaborative learning models, specifically federated learning, are vulnerable to security and privacy attacks such as model inference and backdoor attacks.

Backdoor Attack Federated Learning

Digging Deeper: Operator Analysis for Optimizing Nonlinearity of Boolean Functions

no code implementations12 Feb 2023 Marko Djurasevic, Domagoj Jakobovic, Luca Mariot, Stjepan Picek

By observing the range of possible changes an operator can provide, as well as relative probabilities of specific transitions in the objective space, one can use this information to design a more effective combination of genetic operators.

Combinatorial Optimization

IB-RAR: Information Bottleneck as Regularizer for Adversarial Robustness

1 code implementation9 Feb 2023 Xiaoyun Xu, Guilherme Perin, Stjepan Picek

In this paper, we propose a novel method, IB-RAR, which uses Information Bottleneck (IB) to strengthen adversarial robustness for both adversarial training and non-adversarial-trained methods.

Adversarial Robustness

SoK: A Systematic Evaluation of Backdoor Trigger Characteristics in Image Classification

no code implementations3 Feb 2023 Gorka Abad, Jing Xu, Stefanos Koffas, Behrad Tajalli, Stjepan Picek, Mauro Conti

Nevertheless, it is vulnerable to backdoor attacks that modify the training set to embed a secret functionality in the trained model.

Image Classification Transfer Learning

Universal Soldier: Using Universal Adversarial Perturbations for Detecting Backdoor Attacks

no code implementations1 Feb 2023 Xiaoyun Xu, Oguzhan Ersoy, Stjepan Picek

This paper proposes a backdoor detection method by utilizing a special type of adversarial attack, universal adversarial perturbation (UAP), and its similarities with a backdoor trigger.

Adversarial Attack

On the Evolution of Boomerang Uniformity in Cryptographic S-boxes

no code implementations9 Dec 2022 Marko Djurasevic, Domagoj Jakobovic, Luca Mariot, Sihem Mesnager, Stjepan Picek

One example of such a property is called boomerang uniformity, which helps to be resilient against boomerang attacks.

Evolutionary Strategies for the Design of Binary Linear Codes

no code implementations21 Nov 2022 Claude Carlet, Luca Mariot, Luca Manzoni, Stjepan Picek

The design of binary error-correcting codes is a challenging optimization problem with several applications in telecommunications and storage, which has also been addressed with metaheuristic techniques and evolutionary algorithms.

Evolutionary Algorithms

Going In Style: Audio Backdoors Through Stylistic Transformations

1 code implementation6 Nov 2022 Stefanos Koffas, Luca Pajola, Stjepan Picek, Mauro Conti

This work explores stylistic triggers for backdoor attacks in the audio domain: dynamic transformations of malicious samples through guitar effects.

Backdoor Attack

On the Vulnerability of Data Points under Multiple Membership Inference Attacks and Target Models

no code implementations28 Oct 2022 Mauro Conti, Jiaxin Li, Stjepan Picek

Membership Inference Attacks (MIAs) infer whether a data point is in the training data of a machine learning model.

Dynamic Backdoors with Global Average Pooling

no code implementations4 Mar 2022 Stefanos Koffas, Stjepan Picek, Mauro Conti

It was recently shown that countermeasures in image classification, like Neural Cleanse and ABS, could be bypassed with dynamic triggers that are effective regardless of their pattern and location.

Classification Image Classification +2

Evolving Constructions for Balanced, Highly Nonlinear Boolean Functions

no code implementations17 Feb 2022 Claude Carlet, Marko Djurasevic, Domagoj Jakobovic, Luca Mariot, Stjepan Picek

Finding balanced, highly nonlinear Boolean functions is a difficult problem where it is not known what nonlinearity values are possible to be reached in general.

Evolutionary Algorithms

Evolutionary Construction of Perfectly Balanced Boolean Functions

no code implementations16 Feb 2022 Luca Mariot, Stjepan Picek, Domagoj Jakobovic, Marko Djurasevic, Alberto Leporati

Finding Boolean functions suitable for cryptographic primitives is a complex combinatorial optimization problem, since they must satisfy several properties to resist cryptanalytic attacks, and the space is very large, which grows super exponentially with the number of input variables.

Combinatorial Optimization

Modeling Strong Physically Unclonable Functions with Metaheuristics

no code implementations16 Feb 2022 Carlos Coello Coello, Marko Djurasevic, Domagoj Jakobovic, Luca Mariot, Stjepan Picek

While there is no reason to doubt the performance of CMA-ES, the lack of comparison with different metaheuristics and results for the challenge-response pair-based attack leaves open questions if there are better-suited metaheuristics for the problem.

Evolutionary Algorithms

More is Better (Mostly): On the Backdoor Attacks in Federated Graph Neural Networks

no code implementations7 Feb 2022 Jing Xu, Rui Wang, Stefanos Koffas, Kaitai Liang, Stjepan Picek

To further explore the properties of two backdoor attacks in Federated GNNs, we evaluate the attack performance for a different number of clients, trigger sizes, poisoning intensities, and trigger densities.

Federated Learning Privacy Preserving

Watermarking Graph Neural Networks based on Backdoor Attacks

no code implementations21 Oct 2021 Jing Xu, Stefanos Koffas, Oguzhan Ersoy, Stjepan Picek

The experiments show that our framework can verify the ownership of GNN models with a very high probability (up to $99\%$) for both tasks.

Graph Classification Model extraction +2

Hand Me Your PIN! Inferring ATM PINs of Users Typing with a Covered Hand

no code implementations15 Oct 2021 Matteo Cardaioli, Stefano Cecconello, Mauro Conti, Simone Milani, Stjepan Picek, Eugen Saraci

We consider the setting where the attacker can access an ATM PIN pad of the same brand/model as the target one.

Blocking

Building the Building Blocks: From Simplification to Winning Trees in Genetic Programming

no code implementations29 Sep 2021 Lucija Planinić, Marko Đurasević, Stjepan Picek, Domagoj Jakobovic

The winning trees can be used to initialize the population for the new GP run and result in improved convergence and fitness, provided some conditions on the size of solutions and winning trees are fulfilled.

Symbolic Regression

Evolutionary Algorithms for Designing Reversible Cellular Automata

1 code implementation25 May 2021 Luca Mariot, Stjepan Picek, Domagoj Jakobovic, Alberto Leporati

Reversible Cellular Automata (RCA) are a particular kind of shift-invariant transformations characterized by a dynamics composed only of disjoint cycles.

Evolutionary Algorithms

Towards an evolutionary-based approach for natural language processing

no code implementations23 Apr 2020 Luca Manzoni, Domagoj Jakobovic, Luca Mariot, Stjepan Picek, Mauro Castelli

Tasks related to Natural Language Processing (NLP) have recently been the focus of a large research endeavor by the machine learning community.

Sentence

CoInGP: Convolutional Inpainting with Genetic Programming

1 code implementation23 Apr 2020 Domagoj Jakobovic, Luca Manzoni, Luca Mariot, Stjepan Picek, Mauro Castelli

In the second experiment, we train a GP convolutional predictor on two degraded images, removing around 20% of their pixels.

A characterisation of S-box fitness landscapes in cryptography

no code implementations13 Feb 2019 Domagoj Jakobovic, Stjepan Picek, Marcella S. R. Martins, Markus Wagner

Substitution Boxes (S-boxes) are nonlinear objects often used in the design of cryptographic algorithms.

Cannot find the paper you are looking for? You can Submit a new open access paper.