Search Results for author:
Found 33 papers, 8 papers with code
What Really is a Member? Discrediting Membership Inference via Poisoning
Membership inference tests aim to determine whether a particular data point was included in a language model's training set.
ELFS: Enhancing Label-Free Coreset Selection via Clustering-based Pseudo-Labeling
For instance, at a 90% pruning rate, ELFS surpasses the best-performing baseline by 5. 3% on CIFAR10 and 7. 1% on CIFAR100.
PRP: Propagating Universal Perturbations to Attack Large Language Model Guard-Rails
More recent LLMs often incorporate an additional layer of defense, a Guard Model, which is a second LLM that is designed to check and moderate the output response of the primary LLM.
Adaptive Skeleton Graph Decoding
Large language models (LLMs) have seen significant adoption for natural language tasks, owing their success to massive numbers of model parameters (e. g., 70B+); however, LLM inference incurs significant computation and memory costs.
Learn To be Efficient: Build Structured Sparsity in Large Language Models
Large Language Models (LLMs) have achieved remarkable success with their billion-level parameters, yet they incur high inference overheads.
Leveraging Hierarchical Feature Sharing for Efficient Dataset Condensation
To better align DC with this hierarchical nature and encourage more efficient information sharing inside data containers, we propose a novel data parameterization architecture, Hierarchical Memory Network (HMN).
Theoretically Principled Trade-off for Stateful Defenses against Query-Based Black-Box Attacks
This work aims to address this gap by offering a theoretical characterization of the trade-off between detection and false positive rates for stateful defenses.
CALICO: Self-Supervised Camera-LiDAR Contrastive Pre-training for BEV Perception
CALICO's efficacy is substantiated by extensive evaluations on 3D object detection and BEV map segmentation tasks, where it delivers significant performance improvements.
Stateful Defenses for Machine Learning Models Are Not Yet Secure Against Black-box Attacks
Such stateful defenses aim to defend against black-box attacks by tracking the query history and detecting and rejecting queries that are "similar" and thus preventing black-box attacks from finding useful gradients and making progress towards finding adversarial attacks within a reasonable query budget.
Coverage-centric Coreset Selection for High Pruning Rates
We then propose a novel one-shot coreset selection method, Coverage-centric Coreset Selection (CCS), that jointly considers overall data coverage upon a distribution as well as the importance of each example.
Defending Object Detectors against Patch Attacks with Out-of-Distribution Smoothing
Patch attacks against object detectors have been of recent interest due to their being physically realizable and more closely aligned with practical systems.
Concept-based Explanations for Out-Of-Distribution Detectors
Based on these metrics, we propose an unsupervised framework for learning a set of concepts that satisfy the desired properties of high detection completeness and concept separability, and demonstrate its effectiveness in providing concept-based explanations for diverse off-the-shelf OOD detectors.
D4: Detection of Adversarial Diffusion Deepfakes Using Disjoint Ensembles
D4 uses an ensemble of models over disjoint subsets of the frequency spectrum to significantly improve adversarial robustness.
Sneakoscope: Revisiting Unsupervised Out-of-Distribution Detection
The problem of detecting out-of-distribution (OOD) examples in neural networks has been widely studied in the literature, with state-of-the-art techniques being supervised in that they require fine-tuning on OOD data to achieve high-quality OOD detection.
Out-of-Distribution Detection
Out of Distribution (OOD) Detection
Using Anomaly Feature Vectors for Detecting, Classifying and Warning of Outlier Adversarial Examples
We present DeClaW, a system for detecting, classifying, and warning of adversarial inputs presented to a classification neural network.
Protecting DNNs from Theft using an Ensemble of Diverse Models
EDM is made up of models that are trained to produce dissimilar predictions for OOD inputs.
Content-Adaptive Pixel Discretization to Improve Model Robustness
We first formally prove that adaptive codebooks can provide stronger robustness guarantees than fixed codebooks as a preprocessing defense on some datasets.
Understanding and Diagnosing Vulnerability under Adversarial Attacks
Moreover, we design the first diagnostic method to quantify the vulnerability contributed by each layer, which can be used to identify vulnerable parts of model architectures.
Towards Robustness against Unsuspicious Adversarial Examples
We then experimentally demonstrate that our attacks indeed do not significantly change perceptual salience of the background, but are highly effective against classifiers robust to conventional attacks.
MAZE: Data-Free Model Stealing Attack Using Zeroth-Order Gradient Estimation
The effectiveness of such attacks relies heavily on the availability of data necessary to query the target model.
GRAPHITE: Generating Automatic Physical Examples for Machine-Learning Attacks on Computer Vision Systems
We address three key requirements for practical attacks for the real-world: 1) automatically constraining the size and shape of the attack so it can be applied with stickers, 2) transform-robustness, i. e., robustness of a attack to environmental physical variations such as viewpoint and lighting changes, and 3) supporting attacks in not only white-box, but also black-box hard-label scenarios, so that the adversary can attack proprietary models.
Efficient Adversarial Training with Transferable Adversarial Examples
Adversarial training is an effective defense method to protect classification models against adversarial attacks.
Can Attention Masks Improve Adversarial Robustness?
Focusing on the observation that discrete pixelization in MNIST makes the background completely black and foreground completely white, we hypothesize that the important property for increasing robustness is the elimination of image background using attention masks before classifying an object.
Towards Model-Agnostic Adversarial Defenses using Adversarially Trained Autoencoders
Numerous techniques have been proposed to harden machine learning algorithms and mitigate the effect of adversarial attacks.
Analyzing the Interpretability Robustness of Self-Explaining Models
Recently, interpretable models called self-explaining models (SEMs) have been proposed with the goal of providing interpretability robustness.
Robust Classification using Robust Feature Augmentation
Existing deep neural networks, say for image classification, have been shown to be vulnerable to adversarial images that can cause a DNN misclassification, without any perceptible change to an image.
Designing Adversarially Resilient Classifiers using Resilient Feature Engineering
We provide a methodology, resilient feature engineering, for creating adversarially resilient classifiers.
Physical Adversarial Examples for Object Detectors
In this work, we extend physical attacks to more challenging object detection models, a broader class of deep learning algorithms widely used to detect and label multiple objects within a scene.
Robust Physical-World Attacks on Deep Learning Visual Classification
Recent studies show that the state-of-the-art deep neural networks (DNNs) are vulnerable to adversarial examples, resulting from small-magnitude perturbations added to the input.
Tyche: Risk-Based Permissions for Smart Home Platforms
When using risk-based permissions, device operations are grouped into units of similar risk, and users grant apps access to devices at that risk-based granularity.
Cryptography and Security
Note on Attacking Object Detectors with Adversarial Stickers
Given the fact that state-of-the-art objection detection algorithms are harder to be fooled by the same set of adversarial examples, here we show that these detectors can also be attacked by physical adversarial examples.
Robust Physical-World Attacks on Deep Learning Models
We propose a general attack algorithm, Robust Physical Perturbations (RP2), to generate robust visual adversarial perturbations under different physical conditions.
Internet of Things Security Research: A Rehash of Old Ideas or New Intellectual Challenges?
The Internet of Things (IoT) is a new computing paradigm that spans wearable devices, homes, hospitals, cities, transportation, and critical infrastructure.
Cryptography and Security
