Search Results for author:
Found 12 papers, 7 papers with code
Mitigating Fine-tuning Jailbreak Attack with Backdoor Enhanced Alignment
Despite the general capabilities of Large Language Models (LLMs) like GPT-4 and Llama-2, these models still request fine-tuning or adaptation with customized data when it comes to meeting the specific business demands and intricacies of tailored use cases.
Assessing the Brittleness of Safety Alignment via Pruning and Low-Rank Modifications
We develop methods to identify critical regions that are vital for safety guardrails, and that are disentangled from utility-relevant regions at both the neuron and rank levels.
Fine-tuning Aligned Language Models Compromises Safety, Even When Users Do Not Intend To!
Optimizing large language models (LLMs) for downstream use cases often involves the customization of pre-trained LLMs through further fine-tuning.
BaDExpert: Extracting Backdoor Functionality for Accurate Backdoor Input Detection
We present a novel defense, against backdoor attacks on Deep Neural Networks (DNNs), wherein adversaries covertly implant malicious behaviors (backdoors) into DNNs.
Visual Adversarial Examples Jailbreak Aligned Large Language Models
Recently, there has been a surge of interest in integrating vision into Large Language Models (LLMs), exemplified by Visual Language Models (VLMs) such as Flamingo and GPT-4.
Revisiting the Assumption of Latent Separability for Backdoor Defenses
This latent separation is so pervasive that a family of backdoor defenses directly take it as a default assumption (dubbed latent separability assumption), based on which to identify poison samples via cluster analysis in the latent space.
Uncovering Adversarial Risks of Test-Time Adaptation
Recently, test-time adaptation (TTA) has been proposed as a promising solution for addressing distribution shifts.
Circumventing Backdoor Defenses That Are Based on Latent Separability
This latent separation is so pervasive that a family of backdoor defenses directly take it as a default assumption (dubbed latent separability assumption), based on which to identify poison samples via cluster analysis in the latent space.
Towards A Proactive ML Approach for Detecting Backdoor Poison Samples
First, we uncover a post-hoc workflow underlying most prior work, where defenders passively allow the attack to proceed and then leverage the characteristics of the post-attacked model to uncover poison samples.
Towards Practical Deployment-Stage Backdoor Attack on Deep Neural Networks
By our study, we call for more attention to the vulnerability of DNNs in the deployment stage.
Subnet Replacement: Deployment-stage backdoor attack against deep neural networks in gray-box setting
We study the realistic potential of conducting backdoor attack against deep neural networks (DNNs) during deployment stage.
Knowledge Enhanced Machine Learning Pipeline against Diverse Adversarial Attacks
In particular, we develop KEMLP by integrating a diverse set of weak auxiliary models based on their logical relationships to the main DNN model that performs the target task.
