Search Results for author:
Found 13 papers, 9 papers with code
Exploring Concept Depth: How Large Language Models Acquire Knowledge at Different Layers?
We employ a probing technique to extract representations from different layers of the model and apply these to classification tasks.
Finding needles in a haystack: A Black-Box Approach to Invisible Watermark Detection
In this paper, we propose WaterMark Detection (WMD), the first invisible watermark detection method under a black-box and annotation-free setting.
Health-LLM: Personalized Retrieval-Augmented Disease Prediction System
Compared to traditional health management applications, our system has three main advantages: (1) It integrates health reports and medical knowledge into a large model to ask relevant questions to large language model for disease prediction; (2) It leverages a retrieval augmented generation (RAG) mechanism to enhance feature extraction; (3) It incorporates a semi-automated feature updating framework that can merge and delete features to improve accuracy of disease prediction.
DIAGNOSIS: Detecting Unauthorized Data Usages in Text-to-image Diffusion Models
To address this issue, we propose a method for detecting such unauthorized data usage by planting the injected memorization into the text-to-image diffusion models trained on the protected dataset.
Alteration-free and Model-agnostic Origin Attribution of Generated Images
To overcome this problem, we first develop an alteration-free and model-agnostic origin attribution method via input reverse-engineering on image generation models, i. e., inverting the input of a particular model for a specific image.
NOTABLE: Transferable Backdoor Attacks Against Prompt-based NLP Models
Such attacks can be easily affected by retraining on downstream tasks and with different prompting strategies, limiting the transferability of backdoor attacks.
UNICORN: A Unified Backdoor Trigger Inversion Framework
Then, it proposes a unified framework to invert backdoor triggers based on the formalization of triggers and the identified inner behaviors of backdoor models from our analysis.
Backdoor Vulnerabilities in Normally Trained Deep Learning Models
We leverage 20 different types of injected backdoor attacks in the literature as the guidance and study their correspondences in normally trained models, which we call natural backdoor vulnerabilities.
Rethinking the Reverse-engineering of Trojan Triggers
On average, the detection accuracy of our method is 93\%.
BppAttack: Stealthy and Efficient Trojan Attacks against Deep Neural Networks via Image Quantization and Contrastive Adversarial Learning
Existing attacks use visible patterns (e. g., a patch or image transformations) as triggers, which are vulnerable to human inspection.
Training with More Confidence: Mitigating Injected and Natural Backdoors During Training
By further analyzing the training process and model architectures, we found that piece-wise linear functions cause this hyperplane surface.
Complex Backdoor Detection by Symmetric Feature Differencing
Our results on the TrojAI competition rounds 2-4, which have patch backdoors and filter backdoors, show that existing scanners may produce hundreds of false positives (i. e., clean models recognized as trojaned), while our technique removes 78-100% of them with a small increase of false negatives by 0-30%, leading to 17-41% overall accuracy improvement.
EX-RAY: Distinguishing Injected Backdoor from Natural Features in Neural Networks by Examining Differential Feature Symmetry
A prominent challenge is hence to distinguish natural features and injected backdoors.
