no code implementations • 1 Aug 2024 • Zhuoqun Huang, Neil G Marchant, Olga Ohrimenko, Benjamin I. P. Rubinstein
With the growing integration of AI in daily life, ensuring the robustness of systems to inference-time attacks is crucial.
no code implementations • 22 May 2024 • Neil G. Marchant, Benjamin I. P. Rubinstein
In a batched query setting, the asymptotic data requirements of our bound grows with the square-root of the number of adaptive queries, matching prior works' improvement over data splitting for the static setting.
no code implementations • 19 May 2024 • Xuanli He, Qiongkai Xu, Jun Wang, Benjamin I. P. Rubinstein, Trevor Cohn
Modern NLP models are often trained on public datasets drawn from diverse sources, rendering them vulnerable to data poisoning attacks.
1 code implementation • 14 May 2024 • Aref Miri Rekavandi, Olga Ohrimenko, Benjamin I. P. Rubinstein
Randomized smoothing has shown promising certified robustness against adversaries in classification tasks.
no code implementations • 30 Apr 2024 • Xuanli He, Jun Wang, Qiongkai Xu, Pasquale Minervini, Pontus Stenetorp, Benjamin I. P. Rubinstein, Trevor Cohn
The implications of backdoor attacks on English-centric large language models (LLMs) have been widely examined - such attacks can be achieved by embedding malicious behaviors during training and activated under specific conditions that trigger malicious outputs.
no code implementations • 3 Apr 2024 • Jun Wang, Qiongkai Xu, Xuanli He, Benjamin I. P. Rubinstein, Trevor Cohn
Our aim is to bring attention to these vulnerabilities within MNMT systems with the hope of encouraging the community to address security concerns in machine translation, especially in the context of low-resource languages.
no code implementations • 20 Sep 2023 • Andrew C. Cullen, Paul Montague, Shijie Liu, Sarah M. Erfani, Benjamin I. P. Rubinstein
Certified robustness circumvents the fragility of defences against adversarial attacks, by endowing model predictions with guarantees of class invariance for attacks up to a calculated size.
no code implementations • 15 Aug 2023 • Shijie Liu, Andrew C. Cullen, Paul Montague, Sarah M. Erfani, Benjamin I. P. Rubinstein
Poisoning attacks can disproportionately influence model behaviour by making small changes to the training corpus.
1 code implementation • 9 Feb 2023 • Andrew C. Cullen, Shijie Liu, Paul Montague, Sarah M. Erfani, Benjamin I. P. Rubinstein
In guaranteeing the absence of adversarial examples in an instance's neighbourhood, certification mechanisms play an important role in demonstrating neural net robustness.
1 code implementation • NeurIPS 2023 • Zhuoqun Huang, Neil G. Marchant, Keane Lucas, Lujo Bauer, Olga Ohrimenko, Benjamin I. P. Rubinstein
When applied to the popular MalConv malware detection model, our smoothing mechanism RS-Del achieves a certified accuracy of 91% at an edit distance radius of 128 bytes.
1 code implementation • 12 Oct 2022 • Andrew C. Cullen, Paul Montague, Shijie Liu, Sarah M. Erfani, Benjamin I. P. Rubinstein
In response to subtle adversarial examples flipping classifications of neural network models, recent research has promoted certified robustness as a solution.
no code implementations • 11 Oct 2022 • J. Hyam Rubinstein, Benjamin I. P. Rubinstein
We also prove that all intersection-closed classes with VC dimension $d$ admit unlabelled compression schemes of size at most $11d$.
1 code implementation • 23 Jul 2022 • Matthias Bachfischer, Renata Borovica-Gajic, Benjamin I. P. Rubinstein
To simulate adversarial workloads, we carry out a data poisoning attack on linear regression models that manipulates the cumulative distribution function (CDF) on which the learned index model is trained.
no code implementations • 24 Dec 2021 • Dongge Liu, Van-Thuan Pham, Gidon Ernst, Toby Murray, Benjamin I. P. Rubinstein
In this work, we evaluate an extensive set of state selection algorithms on the same fuzzing platform that is AFLNet, a state-of-the-art fuzzer for network servers.
no code implementations • 29 Sep 2021 • Siqi Xia, Shijie Liu, Trung Le, Dinh Phung, Sarah Erfani, Benjamin I. P. Rubinstein, Christopher Leckie, Paul Montague
More specifically, by minimizing the WS distance of interest, an adversarial example is pushed toward the cluster of benign examples sharing the same label on the latent space, which helps to strengthen the generalization ability of the classifier on the adversarial examples.
1 code implementation • 24 Sep 2021 • Sandamal Weerasinghe, Tansu Alpcan, Sarah M. Erfani, Christopher Leckie, Benjamin I. P. Rubinstein
In this paper, we derive a lower-bound and an upper-bound for the LID value of a perturbed data point and demonstrate that the bounds, in particular the lower-bound, has a positive correlation with the magnitude of the perturbation.
1 code implementation • 17 Sep 2021 • Neil G. Marchant, Benjamin I. P. Rubinstein, Scott Alfeld
The right to erasure requires removal of a user's information from data held by organizations, with rigorous interpretations extending to downstream products such as learned models.
no code implementations • 23 Aug 2021 • R. Malinga Perera, Bastian Oetomo, Benjamin I. P. Rubinstein, Renata Borovica-Gajic
Our comprehensive empirical evaluation against a state-of-the-art commercial tuning tool demonstrates up to 75% speed-up on shifting and ad-hoc workloads and up to 28% speed-up on static workloads in analytical processing environments.
1 code implementation • Findings (ACL) 2021 • Jun Wang, Chang Xu, Francisco Guzman, Ahmed El-Kishky, Benjamin I. P. Rubinstein, Trevor Cohn
Mistranslated numbers have the potential to cause serious effects, such as financial loss or medical misinformation.
1 code implementation • 12 Jul 2021 • Jun Wang, Chang Xu, Francisco Guzman, Ahmed El-Kishky, Yuqing Tang, Benjamin I. P. Rubinstein, Trevor Cohn
Neural machine translation systems are known to be vulnerable to adversarial test inputs, however, as we show in this paper, these systems are also vulnerable to training attacks.
no code implementations • NeurIPS 2021 • Zhuolin Yang, Linyi Li, Xiaojun Xu, Shiliang Zuo, Qian Chen, Pan Zhou, Benjamin I. P. Rubinstein, Ce Zhang, Bo Li
To answer these questions, in this work we first theoretically analyze and outline sufficient conditions for adversarial transferability between models; then propose a practical algorithm to reduce the transferability between base models within an ensemble to improve its robustness.
no code implementations • 2 Nov 2020 • Chang Xu, Jun Wang, Yuqing Tang, Francisco Guzman, Benjamin I. P. Rubinstein, Trevor Cohn
In this paper, we show that targeted attacks on black-box NMT systems are feasible, based on poisoning a small fraction of their parallel training data.
no code implementations • 19 Oct 2020 • R. Malinga Perera, Bastian Oetomo, Benjamin I. P. Rubinstein, Renata Borovica-Gajic
Automating physical database design has remained a long-term interest in database research due to substantial performance gains afforded by optimised structures.
no code implementations • 12 Jul 2020 • Tobias Edwards, Benjamin I. P. Rubinstein, Zuhe Zhang, Sanming Zhou
Blowfish privacy is a recent generalisation of differential privacy that enables improved utility while maintaining privacy policies with semantic guarantees, a factor that has driven the popularity of differential privacy in computer science.
1 code implementation • 27 Jun 2020 • Ruihan Zhang, Prashan Madumal, Tim Miller, Krista A. Ehinger, Benjamin I. P. Rubinstein
Based on the requirements of fidelity (approximate models to target models) and interpretability (being meaningful to people), we design measurements and evaluate a range of matrix factorization methods with our framework.
no code implementations • 23 Jun 2020 • Roei Gelbhart, Benjamin I. P. Rubinstein
In this paper we present the first baseline results for the task of few-shot learning of discrete embedding vectors for image recognition.
2 code implementations • 12 Jun 2020 • Neil G. Marchant, Benjamin I. P. Rubinstein
Important tasks like record linkage and extreme classification demonstrate extreme class imbalance, with 1 minority instance to every 1 million or more majority instances.
no code implementations • 28 May 2020 • Leyla Roohi, Benjamin I. P. Rubinstein, Vanessa Teague
We consider the privacy-preserving computation of node influence in distributed social networks, as measured by egocentric betweenness centrality (EBC).
no code implementations • 15 Feb 2020 • Dongge Liu, Gidon Ernst, Toby Murray, Benjamin I. P. Rubinstein
Legion incorporates a form of directed fuzzing that we call approximate path-preserving fuzzing (APPFuzzing) to investigate program states selected by MCTS.
4 code implementations • 13 Sep 2019 • Neil G. Marchant, Andee Kaplan, Daniel N. Elazar, Benjamin I. P. Rubinstein, Rebecca C. Steorts
Entity resolution (ER; also known as record linkage or de-duplication) is the process of merging noisy databases, often in the absence of unique identifiers.
no code implementations • 25 Feb 2019 • Yi Han, David Hubczenko, Paul Montague, Olivier De Vel, Tamas Abraham, Benjamin I. P. Rubinstein, Christopher Leckie, Tansu Alpcan, Sarah Erfani
Recent studies have demonstrated that reinforcement learning (RL) agents are susceptible to adversarial manipulation, similar to vulnerabilities previously demonstrated in the supervised learning setting.
no code implementations • 24 Feb 2019 • Yuan Li, Benjamin I. P. Rubinstein, Trevor Cohn
As we show, datasets produced by crowd-sourcing are often not of this type: the data is highly redundantly annotated ($\ge 5$ annotations per instance), and the vast majority of workers produce high quality outputs.
no code implementations • 20 Feb 2019 • Bastian Oetomo, Malinga Perera, Renata Borovica-Gajic, Benjamin I. P. Rubinstein
We revisit the proof by Qin et al. (2014) of bounded regret of the C$^2$UCB contextual combinatorial bandit.
2 code implementations • 16 Jan 2019 • Leyla Roohi, Benjamin I. P. Rubinstein, Vanessa Teague
We describe a novel protocol for computing the egocentric betweenness centrality of a node when relevant edge information is spread between two mutually distrusting parties such as two telecommunications providers.
no code implementations • 17 Aug 2018 • Yi Han, Benjamin I. P. Rubinstein, Tamas Abraham, Tansu Alpcan, Olivier De Vel, Sarah Erfani, David Hubczenko, Christopher Leckie, Paul Montague
Despite the successful application of machine learning (ML) in a wide range of domains, adaptability---the very property that makes machine learning desirable---can be exploited by adversaries to contaminate training and evade classification.
no code implementations • 28 Sep 2017 • Benjamin Fish, Lev Reyzin, Benjamin I. P. Rubinstein
In this work, we study how to use sampling to speed up mechanisms for answering adaptive queries into datasets without reducing the accuracy of those mechanisms.
no code implementations • ICML 2017 • Benjamin I. P. Rubinstein, Francesco Aldà
Popular approaches to differential privacy, such as the Laplace and exponential mechanisms, calibrate randomised smoothing through global sensitivity of the target non-private function.
no code implementations • 6 Apr 2017 • Yi Han, Benjamin I. P. Rubinstein
Despite the wide use of machine learning in adversarial settings including computer security, recent studies have demonstrated vulnerabilities to evasion attacks---carefully crafted adversarial samples that closely resemble legitimate instances, but cause misclassification.
1 code implementation • 2 Mar 2017 • Neil G. Marchant, Benjamin I. P. Rubinstein
Entity resolution (ER) presents unique challenges for evaluation methodology.
no code implementations • 21 Sep 2016 • Tansu Alpcan, Benjamin I. P. Rubinstein, Christopher Leckie
Such high-dimensional decision spaces and big data sets lead to computational challenges, relating to efforts in non-linear optimization scaling up to large systems of variables.
no code implementations • 29 Jul 2016 • Jiazhen He, Benjamin I. P. Rubinstein, James Bailey, Rui Zhang, Sandra Milligan
This paper explores the suitability of using automatically discovered topics from MOOC discussion forums for modelling students' academic abilities.
no code implementations • 25 Nov 2015 • Jiazhen He, Benjamin I. P. Rubinstein, James Bailey, Rui Zhang, Sandra Milligan, Jeffrey Chan
Such models infer latent skill levels by relating them to individuals' observed responses on a series of items such as quiz questions.
no code implementations • 3 Feb 2014 • Duo Zhang, Benjamin I. P. Rubinstein, Jim Gemmell
In the most common case of matching two sources, it is often desirable for the final matching to be one-to-one (a record may be matched with at most one other); members of the database and statistical record linkage communities accomplish such matchings in the final stage by weighted bipartite graph matching on similarity scores.
no code implementations • 30 Jan 2014 • Battista Biggio, Igino Corona, Blaine Nelson, Benjamin I. P. Rubinstein, Davide Maiorca, Giorgio Fumera, Giorgio Giacinto, and Fabio Roli
Support Vector Machines (SVMs) are among the most popular classification techniques adopted in security applications like malware detection, intrusion detection, and spam filtering.
no code implementations • 29 Jan 2014 • J. Hyam Rubinstein, Benjamin I. P. Rubinstein, Peter L. Bartlett
The most promising approach to positively resolving the conjecture is by embedding general VC classes into maximum classes without super-linear increase to their VC dimensions, as such embeddings would extend the known compression schemes to all VC classes.