Search Results for author:
Found 33 papers, 9 papers with code
Machine Unlearning: Taxonomy, Metrics, Applications, Challenges, and Prospects
Data users have been endowed with the right to be forgotten of their data.
Watch Out! Simple Horizontal Class Backdoors Can Trivially Evade Defenses
In VCB attacks, any sample from a class activates the implanted backdoor when the secret trigger is present.
Fast Diffusion Probabilistic Model Sampling through the lens of Backward Error Analysis
This work analyzes how the backward error affects the diffusion ODEs and the sample quality in DDPMs.
On the Use of Power Amplifier Nonlinearity Quotient to Improve Radio Frequency Fingerprint Identification in Time-Varying Channels
The resulting radio frequency fingerprints (RFFs) are distorted, leading to low device detection and classification accuracy.
Vertical Federated Learning: Taxonomies, Threats, and Prospects
In a number of practical scenarios, VFL is more relevant than HFL as different companies (e. g., bank and retailer) hold different features (e. g., credit history and shopping history) for the same set of customers.
DeepTaster: Adversarial Perturbation-Based Fingerprinting to Identify Proprietary Dataset Use in Deep Neural Networks
In this study, we introduce DeepTaster, a novel DNN fingerprinting technique, to address scenarios where a victim's data is unlawfully used to build a suspect model.
TransCAB: Transferable Clean-Annotation Backdoor to Object Detection with Natural Trigger in Real-World
We observe that the backdoor effect of both misclassification and the cloaking are robustly achieved in the wild when the backdoor is activated with inconspicuously natural physical triggers.
Binarizing Split Learning for Data Privacy Enhancement and Computation Reduction
Experimental results with different datasets have affirmed the advantages of the B-SL models compared with several benchmark models.
CASSOCK: Viable Backdoor Attacks against DNN in The Wall of Source-Specific Backdoor Defences
Compared with a representative SSBA as a baseline ($SSBA_{Base}$), $CASSOCK$-based attacks have significantly advanced the attack performance, i. e., higher ASR and lower FPR with comparable CDA (clean data accuracy).
On Scheduling Mechanisms Beyond the Worst Case
That is, mechanism K is pointwise better than mechanism P. Next, for each task $j$, when machines' execution costs $t_i^j$ are independent and identically drawn from a task-specific distribution $F^j(t)$, we show that the average-case approximation ratio of mechanism K converges to a constant.
Towards A Critical Evaluation of Robustness for Deep Learning Backdoor Countermeasures
Since Deep Learning (DL) backdoor attacks have been revealed as one of the most insidious adversarial attacks, a number of countermeasures have been developed with certain assumptions defined in their respective threat models.
PPA: Preference Profiling Attack Against Federated Learning
By observing a user model's gradient sensitivity to a class, PPA can profile the sample proportion of the class in the user's local dataset, and thus the user's preference of the class is exposed.
Deep Reference Priors: What is the best way to pretrain a model?
Such priors enable the task to maximally affect the Bayesian posterior, e. g., reference priors depend upon the number of samples available for learning the task and for very small sample sizes, the prior puts more probability mass on low-complexity models in the hypothesis space.
Dangerous Cloaking: Natural Trigger based Backdoor Attacks on Object Detectors in the Physical World
The averaged ASR still remains sufficiently high to be 78% in the transfer learning attack scenarios evaluated on CenterNet.
NTD: Non-Transferability Enabled Backdoor Detection
A backdoor deep learning (DL) model behaves normally upon clean inputs but misbehaves upon trigger inputs as the backdoor attacker desires, posing severe consequences to DL model deployments.
Quantization Backdoors to Deep Learning Commercial Frameworks
This work reveals that the standard quantization toolkits can be abused to activate a backdoor.
RBNN: Memory-Efficient Reconfigurable Deep Binary Neural Network with IP Protection for Internet of Things
To this end, a 1-bit quantized DNN model or deep binary neural network maximizes the memory efficiency, where each parameter in a BNN model has only 1-bit.
Evaluation and Optimization of Distributed Machine Learning Techniques for Internet of Things
Federated learning (FL) and split learning (SL) are state-of-the-art distributed machine learning techniques to enable machine learning training without accessing raw data on clients or end devices.
Token-Modification Adversarial Attacks for Natural Language Processing: A Survey
Many adversarial attacks target natural language processing systems, most of which succeed through modifying the individual tokens of a document.
An Information-Geometric Distance on the Space of Tasks
Using tools in information geometry, the distance is defined to be the length of the shortest weight trajectory on a Riemannian manifold as a classifier is fitted on an interpolated task.
Decamouflage: A Framework to Detect Image-Scaling Attacks on Convolutional Neural Networks
To corroborate the efficiency of Decamouflage, we have also measured its run-time overhead on a personal PC with an i5 CPU and found that Decamouflage can detect image-scaling attacks in milliseconds.
Evaluation of Federated Learning in Phishing Email Detection
For a fixed total email dataset, the global RNN based model suffers by a 1. 8% accuracy drop when increasing organizational counts from 2 to 10.
VFL: A Verifiable Federated Learning with Privacy-Preserving for Big Data in Industrial IoT
If no more than n-2 of n participants collude with the aggregation server, VFL could guarantee the encrypted gradients of other participants not being inverted.
Cryptography and Security E.3; I.2.11
Backdoor Attacks and Countermeasures on Deep Learning: A Comprehensive Review
We have also reviewed the flip side of backdoor attacks, which are explored for i) protecting intellectual property of deep learning models, ii) acting as a honeypot to catch adversarial example attacks, and iii) verifying data deletion requested by the data contributor. Overall, the research on defense is far behind the attack, and there is no single defense that can prevent all types of backdoor attacks.
End-to-End Evaluation of Federated Learning and Split Learning for Internet of Things
For learning performance, which is specified by the model accuracy and convergence speed metrics, we empirically evaluate both FL and SplitNN under different types of data distributions such as imbalanced and non-independent and identically distributed (non-IID) data.
Can We Use Split Learning on 1D CNN Models for Privacy Preserving Training?
We observed that the 1D CNN model under split learning can achieve the same accuracy of 98. 9\% like the original (non-split) model.
A Free-Energy Principle for Representation Learning
This paper employs a formal connection of machine learning with thermodynamics to characterize the quality of learnt representations for transfer learning.
Design and Evaluation of a Multi-Domain Trojan Detection Method on Deep Neural Networks
In particular, for vision tasks, we can always achieve a 0% FRR and FAR.
Cryptography and Security
A Channel Perceiving Attack on Long-Range Key Generation and Its Countermeasure
Unfortunately, there is no experimental validation for communications environments when there are large-scale and small-scale fading effects.
Average-case Analysis of the Assignment Problem with Independent Preferences
Recently, [Deng, Gao, Zhang 2017] show that when the agents' preferences are drawn from a uniform distribution, its \textit{average-case approximation ratio} is upper bounded by 3. 718.
STRIP: A Defence Against Trojan Attacks on Deep Neural Networks
Since the trojan trigger is a secret guarded and exploited by the attacker, detecting such trojan inputs is a challenge, especially at run-time when models are in active operation.
Cryptography and Security
Lightweight (Reverse) Fuzzy Extractor with Multiple Referenced PUF Responses
A Physical unclonable functions (PUF), alike a fingerprint, exploits manufacturing randomness to endow each physical item with a unique identifier.
Cryptography and Security
Modeling Attack Resilient Reconfigurable Latent Obfuscation Technique for PUF based Lightweight Authentication
Physical unclonable functions (PUFs), as hardware security primitives, exploit manufacturing randomness to extract hardware instance-specific secrets.
Cryptography and Security
