Search Results for author:
Found 18 papers, 4 papers with code
An Adaptive Model Ensemble Adversarial Attack for Boosting Adversarial Transferability
Alternatively, model ensemble adversarial attacks are proposed to fuse outputs from surrogate models with diverse architectures to get an ensemble loss, making the generated adversarial example more likely to transfer to other models as it can fool multiple models concurrently.
Fedward: Flexible Federated Backdoor Defense Framework with Non-IID Data
This ensures that Fedward can maintain the performance for the Non-IID scenario.
When Evolutionary Computation Meets Privacy
To this end, in this paper, we discuss three typical optimization paradigms (i. e., \textit{centralized optimization, distributed optimization, and data-driven optimization}) to characterize optimization modes of evolutionary computation and propose BOOM to sort out privacy concerns in evolutionary computation.
SRoUDA: Meta Self-training for Robust Unsupervised Domain Adaptation
In this paper, we present a new meta self-training pipeline, named SRoUDA, for improving adversarial robustness of UDA models.
Watermarking in Secure Federated Learning: A Verification Framework Based on Client-Side Backdooring
In this paper, we propose a novel client-side FL watermarking scheme to tackle the copyright protection issue in secure FL with HE.
Efficient Vertical Federated Learning Method for Ridge Regression of Large-Scale Samples via Least-Squares Solution
The experiments show that our proposed algorithm takes only about 400 seconds to handle up to 9. 6 million large-scale samples, while the state-of-the-art algorithms take close to 1000 seconds to handle every 1000 samples, which embodies the advantage of our algorithms in handling large-scale samples. δ -data indistinguishability theory, we provide quantitative theoretical guarantees for the security of our algorithms.
MaskBlock: Transferable Adversarial Examples with Bayes Approach
By contrast, we re-formulate crafting transferable AEs as the maximizing a posteriori probability estimation problem, which is an effective approach to boost the generalization of results with limited available data.
Defense against Backdoor Attacks via Identifying and Purifying Bad Neurons
The opacity of neural networks leads their vulnerability to backdoor attacks, where hidden attention of infected neurons is triggered to override normal predictions to the attacker-chosen ones.
Evolution as a Service: A Privacy-Preserving Genetic Algorithm for Combinatorial Optimization
Specifically, PEGA enables users outsourcing COPs to the cloud server holding a competitive GA and approximating the optimal solution in a privacy-preserving manner.
Enhance transferability of adversarial examples with model architecture
Transferability of adversarial examples is of critical importance to launch black-box adversarial attacks, where attackers are only allowed to access the output of the target model.
Backdoor Defense with Machine Unlearning
First, trigger pattern recovery is conducted to extract the trigger patterns infected by the victim model.
Push Stricter to Decide Better: A Class-Conditional Feature Adaptive Framework for Improving Adversarial Robustness
However, most of the existing adversarial training methods focus on improving the robust accuracy by strengthening the adversarial examples but neglecting the increasing shift between natural data and adversarial examples, leading to a dramatic decrease in natural accuracy.
When Crowdsensing Meets Federated Learning: Privacy-Preserving Mobile Crowdsensing System
Specifically, in order to protect privacy, participants locally process sensing data via federated learning and only upload encrypted training models.
Robust Single-step Adversarial Training with Regularizer
Previous methods try to reduce the computational burden of adversarial training using single-step adversarial example generation schemes, which can effectively improve the efficiency but also introduce the problem of catastrophic overfitting, where the robust accuracy against Fast Gradient Sign Method (FGSM) can achieve nearby 100\% whereas the robust accuracy against Projected Gradient Descent (PGD) suddenly drops to 0\% over a single epoch.
Pocket Diagnosis: Secure Federated Learning against Poisoning Attack in the Cloud
Previous works on federated learning have been inadequate in ensuring the privacy of DIs and the availability of the final federated model.
Cryptography and Security
Cloud-based Federated Boosting for Mobile Crowdsensing
In this paper, we propose a secret sharing based federated learning architecture FedXGB to achieve the privacy-preserving extreme gradient boosting for mobile crowdsensing.
Learn to Forget: Machine Unlearning via Neuron Masking
To this end, machine unlearning becomes a popular research topic, which allows users to eliminate memorization of their private data from a trained machine learning model. In this paper, we propose the first uniform metric called for-getting rate to measure the effectiveness of a machine unlearning method.
Revocable Federated Learning: A Benchmark of Federated Forest
A learning federation is composed of multiple participants who use the federated learning technique to collaboratively train a machine learning model without directly revealing the local data.
