Search Results for author:
Found 37 papers, 14 papers with code
DP-GPL: Differentially Private Graph Prompt Learning
Here, a GNN is pre-trained on public data and then adapted to sensitive tasks using lightweight graph prompts.
ADAGE: Active Defenses Against GNN Extraction
Graph Neural Networks (GNNs) achieve high performance in various real-world applications, such as drug discovery, traffic states prediction, and recommendation systems.
Differentially Private Federated Learning With Time-Adaptive Privacy Spending
Our framework enables each client to save privacy budget in early rounds so as to be able to spend more in later rounds when additional accuracy is beneficial in learning more fine-grained features.
Captured by Captions: On Memorization and its Mitigation in CLIP Models
Multi-modal models, such as CLIP, have demonstrated strong performance in aligning visual and textual representations, excelling in tasks like image retrieval and zero-shot classification.
Beautiful Images, Toxic Words: Understanding and Addressing Offensive Text in Generated Images
Our benchmark aims to guide future efforts in mitigating NSFW text generation in text-to-image models and is available at https://github. com/sprintml/ToxicBench
Privacy Attacks on Image AutoRegressive Models
Using this MIA, we perform dataset inference (DI) and find that IARs require as few as six samples to detect dataset membership, compared to 200 for DMs, indicating higher information leakage.
CDI: Copyrighted Data Identification in Diffusion Models
CDI relies on dataset inference techniques, i. e., instead of using the membership signal from a single data point, CDI leverages the fact that most data owners, such as providers of stock photography, visual media companies, or even individual artists, own datasets with multiple publicly exposed data points which might all be included in the training of a given DM.
On the Privacy Risk of In-context Learning
We show that deploying prompted models presents a significant privacy risk for the data used within the prompt by instantiating a highly effective membership inference attack.
Open LLMs are Necessary for Current Private Adaptations and Outperform their Closed Alternatives
By examining their threat models and thoroughly comparing their performance under different privacy levels according to differential privacy (DP), various LLM architectures, and multiple datasets for classification and generation tasks, we find that: (1) all the methods leak query data, i. e., the (potentially sensitive) user data that is queried at inference time, to the LLM provider, (2) three out of four methods also leak large fractions of private training data to the LLM provider while the method that protects private data requires a local open LLM, (3) all the methods exhibit lower performance compared to three private gradient-based adaptation methods for local open LLMs, and (4) the private adaptation methods for closed LLMs incur higher monetary training and query costs than running the alternative methods on local open LLMs.
Localizing Memorization in SSL Vision Encoders
Recent work on studying memorization in self-supervised learning (SSL) suggests that even though SSL encoders are trained on millions of images, they still memorize individual data points.
Benchmarking Robust Self-Supervised Learning Across Diverse Downstream Tasks
Large-scale vision models have become integral in many applications due to their unprecedented performance and versatility across downstream tasks.
Differentially Private Prototypes for Imbalanced Transfer Learning
We additionally show that privacy-utility trade-offs can be further improved when leveraging the public data beyond pre-training of the encoder: in particular, we can privately sample our DP prototypes from the publicly available data points used to train the encoder.
LLM Dataset Inference: Did you train on my dataset?
Instead, we propose a new dataset inference method to accurately identify the datasets used to train large language models.
Alignment Calibration: Machine Unlearning for Contrastive Learning under Auditing
Machine unlearning provides viable solutions to revoke the effect of certain training data on pre-trained model parameters.
Finding NeMo: Localizing Neurons Responsible For Memorization in Diffusion Models
Unfortunately, this practice raises privacy and intellectual property concerns, as DMs can memorize and later reproduce their potentially sensitive or copyrighted training images at inference time.
Efficient Model-Stealing Attacks Against Inductive Graph Neural Networks
Graph Neural Networks (GNNs) are recognized as potent tools for processing real-world data organized in graph structures.
Decentralised, Collaborative, and Privacy-preserving Machine Learning for Multi-Hospital Data
In addition, the ML models trained with DeCaPH framework in general outperform those trained solely with the private datasets from individual parties, showing that DeCaPH enhances the model generalizability.
Memorization in Self-Supervised Learning Improves Downstream Generalization
Our definition compares the difference in alignment of representations for data points and their augmented views returned by both encoders that were trained on these data points and encoders that were not.
Have it your way: Individualized Privacy Assignment for DP-SGD
DP-SGD is the canonical approach to training models with differential privacy.
Reconstructing Individual Data Points in Federated Learning Hardened with Differential Privacy and Secure Aggregation
FL is promoted as a privacy-enhancing technology (PET) that provides data minimization: data never "leaves" personal devices and users share only model updates with a server (e. g., a company) coordinating the distributed training.
Private Multi-Winner Voting for Machine Learning
We use our mechanisms to enable privacy-preserving multi-label learning in the central setting by extending the canonical single-label technique: PATE.
Dataset Inference for Self-Supervised Models
We introduce a new dataset inference defense, which uses the private training set of the victim encoder model to attribute its ownership in the event of stealing.
$p$-DkNN: Out-of-Distribution Detection Through Statistical Testing of Deep Representations
We introduce $p$-DkNN, a novel inference procedure that takes a trained deep neural network and analyzes the similarity structures of its intermediate hidden representations to compute $p$-values associated with the end-to-end model prediction.
Selective Classification Via Neural Network Training Dynamics
Selective classification is the task of rejecting inputs a model would predict incorrectly on through a trade-off between input space coverage and model accuracy.
On the Difficulty of Defending Self-Supervised Learning against Model Extraction
We construct several novel attacks and find that approaches that train directly on a victim's stolen representations are query efficient and enable high accuracy for downstream models.
Individualized PATE: Differentially Private Machine Learning with Individual Privacy Guarantees
Applying machine learning (ML) to sensitive domains requires privacy protection of the underlying training data through formal privacy frameworks, such as differential privacy (DP).
Increasing the Cost of Model Extraction with Calibrated Proof of Work
Since we calibrate the effort required to complete the proof-of-work to each query, this only introduces a slight overhead for regular users (up to 2x).
When the Curious Abandon Honesty: Federated Learning Is Not Private
Instead, these devices share gradients, parameters, or other model updates, with a central party (e. g., a company) coordinating the training.
On the Exploitability of Audio Machine Learning Pipelines to Surreptitious Adversarial Examples
In the white-box setting, we instantiate this class with a joint, multi-stage optimization attack.
CaPC Learning: Confidential and Private Collaborative Learning
There is currently no method that enables machine learning in such a setting, where both confidentiality and privacy need to be preserved, to prevent both explicit and implicit sharing of data.
Pretrained Transformers Improve Out-of-Distribution Robustness
Although pretrained Transformers such as BERT achieve high accuracy on in-distribution examples, do they generalize to new distributions?
Machine Learning enabled Spectrum Sharing in Dense LTE-U/Wi-Fi Coexistence Scenarios
The promise of ML techniques in solving non-linear problems influenced this work which aims to apply known ML techniques and develop new ones for wireless spectrum sharing between Wi-Fi and LTE in the unlicensed spectrum.
Analysis of Random Perturbations for Robust Convolutional Neural Networks
Recent work has extensively shown that randomized perturbations of neural networks can improve robustness to adversarial attacks.
Machine Learning based detection of multiple Wi-Fi BSSs for LTE-U CSAT
This approach delivers an accuracy close to 100% compared to auto-correlation (AC) and energy detection (ED) approaches.
Band-limited Training and Inference for Convolutional Neural Networks
The convolutional layers are core building blocks of neural network architectures.
A Perturbation Analysis of Input Transformations for Adversarial Attacks
The existence of adversarial examples, or intentional mis-predictions constructed from small changes to correctly predicted examples, is one of the most significant challenges in neural network research today.
Testing Robustness Against Unforeseen Adversaries
To narrow in on this discrepancy between research and reality we introduce ImageNet-UA, a framework for evaluating model robustness against a range of unforeseen adversaries, including eighteen new non-L_p attacks.
