Search Results for author:
Found 36 papers, 11 papers with code
Multilingual and Multi-Accent Jailbreaking of Audio LLMs
Large Audio Language Models (LALMs) have significantly advanced audio understanding but introduce critical security risks, particularly through audio jailbreaks.
OverThink: Slowdown Attacks on Reasoning LLMs
We evaluated our attack across closed-(OpenAI o1, o1-mini, o3-mini) and open-(DeepSeek R1) weights reasoning models on the FreshQA and SQuAD datasets.
Decoding FL Defenses: Systemization, Pitfalls, and Remedies
While the community has designed various defenses to counter the threat of poisoning attacks in Federated Learning (FL), there are no guidelines for evaluating these defenses.
Riddle Me This! Stealthy Membership Inference for Retrieval-Augmented Generation
Retrieval-Augmented Generation (RAG) enables Large Language Models (LLMs) to generate grounded responses by leveraging external knowledge databases without altering model parameters.
ULTra: Unveiling Latent Token Interpretability in Transformer Based Understanding
Based on this framework, we demonstrate that zero-shot unsupervised semantic segmentation can be performed effectively without any fine-tuning using a model pre-trained for tasks other than segmentation.
Data Extraction Attacks in Retrieval-Augmented Generation via Backdoors
For example, on Gemma-2B-IT, we show that with only 5\% poisoned data, our method achieves an average success rate of 94. 1\% for verbatim extraction (ROUGE-L score: 82. 1) and 63. 6\% for paraphrased extraction (average ROUGE score: 66. 4) across four datasets.
Bias Similarity Across Large Language Models
In generative AI, such as Large Language Models, the impact of bias is even more profound compared to the classification models.
Backdooring Bias into Text-to-Image Models
Furthermore, we show how the current state-of-the-art generative models make this attack both cheap and feasible for any adversary, with costs ranging between $12-$18.
PostMark: A Robust Blackbox Watermark for Large Language Models
The most effective techniques to detect LLM-generated text rely on inserting a detectable signature -- or watermark -- during the model's decoding process.
MeanSparse: Post-Training Robustness Enhancement Through Mean-Centered Feature Sparsification
We present a simple yet effective method to improve the robustness of both Convolutional and attention-based Neural Networks against adversarial examples by post-processing an adversarially trained model.
OSLO: One-Shot Label-Only Membership Inference Attacks
The core idea is that a member sample exhibits more resistance to adversarial perturbations than a non-member.
Iteratively Prompting Multimodal LLMs to Reproduce Natural and AI-Generated Images
With the digital imagery landscape rapidly evolving, image stocks and AI-generated image marketplaces have become central to visual media.
Fake or Compromised? Making Sense of Malicious Clients in Federated Learning
Federated learning (FL) is a distributed machine learning paradigm that enables training models on decentralized data.
A Survey on Federated Unlearning: Challenges and Opportunities
This SoK paper aims to take a deep look at the \emph{federated unlearning} literature, with the goal of identifying research trends and challenges in this emerging field.
Diffence: Fencing Membership Privacy With Diffusion Models
A unique feature of DIFFENCE is that it works on input samples only, without modifying the training or inference phase of the target model.
Memory Triggers: Unveiling Memorization in Text-To-Image Generative Models through Word-Level Duplication
Diffusion-based models, such as the Stable Diffusion model, have revolutionized text-to-image synthesis with their ability to produce high-quality, high-resolution images.
Understanding (Un)Intended Memorization in Text-to-Image Generative Models
Multimodal machine learning, especially text-to-image models like Stable Diffusion and DALL-E 3, has gained significance for transforming text into detailed images.
RAIFLE: Reconstruction Attacks on Interaction-based Federated Learning with Adversarial Data Manipulation
We introduce RAIFLE, a novel optimization-based attack framework where the server actively manipulates the features of the items presented to users to increase the success rate of reconstruction.
Realistic Website Fingerprinting By Augmenting Network Trace
Our extensive open-world and close-world experiments demonstrate that under practical evaluation settings, our WF attacks provide superior performances compared to the state-of-the-art; this is due to their use of augmented network traces for training, which allows them to learn the features of target traffic in unobserved settings.
Stealing the Decoding Algorithms of Language Models
A key component of generating text from modern language models (LM) is the selection and tuning of decoding algorithms.
Security Analysis of SplitFed Learning
We observe that the model updates in SplitFed have significantly smaller dimensionality as compared to FL that is known to have the curse of dimensionality.
E2FL: Equal and Equitable Federated Learning
Federated Learning (FL) enables data owners to train a shared global model without sharing their private data.
Mitigating Membership Inference Attacks by Self-Distillation Through a Novel Ensemble Architecture
The goal of this work is to train ML models that have high membership privacy while largely preserving their utility; we therefore aim for an empirical membership privacy guarantee as opposed to the provable privacy guarantees provided by techniques like differential privacy, as such techniques are shown to deteriorate model utility.
FRL: Federated Rank Learning
The FRL server uses a voting mechanism to aggregate the parameter rankings submitted by clients in each training epoch to generate the global ranking of the next training epoch.
FSL: Federated Supermask Learning
FSL clients share local subnetworks in the form of rankings of network edges; more useful edges have higher ranks.
Back to the Drawing Board: A Critical Evaluation of Poisoning Attacks on Production Federated Learning
While recent works have indicated that federated learning (FL) may be vulnerable to poisoning attacks by compromised clients, their real impact on production FL systems is not fully understood.
Robust Adversarial Attacks Against DNN-Based Wireless Communication Systems
We show that in the presence of defense mechanisms deployed by the communicating parties, our attack performs significantly better compared to existing attacks against DNN-based wireless systems.
Adversarial Attack
Cryptography and Security
Improving Deep Learning with Differential Privacy using Gradient Encoding and Denoising
We show that our mechanism outperforms the state-of-the-art DPSGD; for instance, for the same model accuracy of $96. 1\%$ on MNIST, our technique results in a privacy bound of $\epsilon=3. 2$ compared to $\epsilon=6$ of DPSGD, which is a significant improvement.
Blind Adversarial Network Perturbations
Deep Neural Networks (DNNs) are commonly used for various traffic analysis problems, such as website fingerprinting and flow correlation, as they outperform traditional (e. g., statistical) techniques by large margins.
Cronus: Robust and Heterogeneous Collaborative Learning with Black-Box Knowledge Transfer
Collaborative (federated) learning enables multiple parties to train a model without sharing their private data, but through repeated sharing of the parameters of their local models.
Membership Privacy for Machine Learning Models Through Knowledge Transfer
Large capacity machine learning (ML) models are prone to membership inference attacks (MIAs), which aim to infer whether the target sample is a member of the target model's training dataset.
Comprehensive Privacy Analysis of Deep Learning: Passive and Active White-box Inference Attacks against Centralized and Federated Learning
Deep neural networks are susceptible to various inference attacks as they remember information about their training data.
DeepCorr: Strong Flow Correlation Attacks on Tor Using Deep Learning
Flow correlation is the core technique used in a multitude of deanonymization attacks on Tor.
Machine Learning with Membership Privacy using Adversarial Regularization
In this paper, we focus on such attacks against black-box models, where the adversary can only observe the output of the model, but not its parameters.
Matching Anonymized and Obfuscated Time Series to Users' Profiles
Here we derive the fundamental limits of user privacy when both anonymization and obfuscation-based protection mechanisms are applied to users' time series of data.
Information Theory Cryptography and Security Information Theory
SWEET: Serving the Web by Exploiting Email Tunnels
As the operation of SWEET is not bound to specific email providers we argue that a censor will need to block all email communications in order to disrupt SWEET, which is infeasible as email constitutes an important part of today's Internet.
Cryptography and Security
