1 code implementation • 27 Mar 2024 • Yangruibo Ding, Yanjun Fu, Omniyyah Ibrahim, Chawin Sitawarin, Xinyun Chen, Basel Alomair, David Wagner, Baishakhi Ray, Yizheng Chen
Evaluating code LMs on PrimeVul reveals that existing benchmarks significantly overestimate the performance of these models.
1 code implementation • 15 Feb 2024 • Chawin Sitawarin, Norman Mu, David Wagner, Alexandre Araujo
In this work, we introduce the Proxy-Guided Attack on LLMs (PAL), the first optimization-based attack on LLMs in a black-box query-only setting.
1 code implementation • 29 Dec 2023 • Julien Piet, Maha Alrashed, Chawin Sitawarin, Sizhe Chen, Zeming Wei, Elizabeth Sun, Basel Alomair, David Wagner
Jatmo only needs a task prompt and a dataset of inputs for the task: it uses the teacher model to generate outputs.
1 code implementation • 1 Dec 2023 • Julien Piet, Chawin Sitawarin, Vivian Fang, Norman Mu, David Wagner
Current watermarking techniques are nearly practical enough for real-world use: Kirchenbauer et al. [33]'s scheme can watermark models like Llama 2 7B-chat or Mistral-7B-Instruct with no perceivable loss in quality on natural language tasks, the watermark can be detected with fewer than 100 tokens, and their scheme offers good tamper resistance to simple perturbations.
1 code implementation • 26 Oct 2023 • Chawin Sitawarin, Jaewon Chang, David Huang, Wesson Altoyan, David Wagner
We evaluate the transfer attacks in this setting and propose a specialized defense method based on a game-theoretic perspective.
2 code implementations • 19 Oct 2023 • Lin Li, Yifei Wang, Chawin Sitawarin, Michael Spratling
The latter enables the prediction of OOD robustness from ID robustness.
no code implementations • 27 Jun 2023 • Kathan Shah, Chawin Sitawarin
We present a neural network architecture designed to naturally learn a positional embedding and overcome the spectral bias towards lower frequencies faced by conventional implicit neural representation networks.
1 code implementation • ICCV 2023 • Nabeel Hingun, Chawin Sitawarin, Jerry Li, David Wagner
In this work, we propose the REAP (REalistic Adversarial Patch) benchmark, a digital benchmark that allows the user to evaluate patch attacks on real images, and under real-world conditions.
1 code implementation • 7 Oct 2022 • Chawin Sitawarin, Florian Tramèr, Nicholas Carlini
Decision-based attacks construct adversarial examples against a machine learning (ML) model by making only hard-label queries.
1 code implementation • 15 Sep 2022 • Chawin Sitawarin, Kornrapat Pongmala, Yizheng Chen, Nicholas Carlini, David Wagner
We show that combining human prior knowledge with end-to-end learning can improve the robustness of deep neural networks by introducing a part-based model for object classification.
1 code implementation • AAAI Workshop AdvML 2022 • Chawin Sitawarin, Zachary Golan-Strieb, David Wagner
Furthermore, we create the strongest possible attack to evaluate our RT defense.
no code implementations • NeurIPS 2021 • Chawin Sitawarin, Evgenios M. Kornaropoulos, Dawn Song, David Wagner
On a high level, the search radius expands to the nearby higher-order Voronoi cells until we find a cell that classifies differently from the input point.
1 code implementation • NeurIPS 2021 • Chawin Sitawarin, Evgenios M. Kornaropoulos, Dawn Song, David Wagner
On a high level, the search radius expands to the nearby Voronoi cells until we find a cell that classifies differently from the input point.
no code implementations • 18 Mar 2020 • Chawin Sitawarin, Supriyo Chakraborty, David Wagner
This leads to a significant improvement in both clean accuracy and robustness compared to AT, TRADES, and other baselines.
1 code implementation • 14 Mar 2020 • Chawin Sitawarin, David Wagner
We study the robustness against adversarial examples of kNN classifiers and classifiers that combine kNN with neural networks.
1 code implementation • 23 Jun 2019 • Chawin Sitawarin, David Wagner
With our models, the mean perturbation norm required to fool our MNIST model is 3. 07 and 2. 30 on CIFAR-10.
no code implementations • 5 May 2019 • Vikash Sehwag, Arjun Nitin Bhagoji, Liwei Song, Chawin Sitawarin, Daniel Cullina, Mung Chiang, Prateek Mittal
A large body of recent work has investigated the phenomenon of evasion attacks using adversarial examples for deep learning systems, where the addition of norm-bounded perturbations to the test inputs leads to incorrect output classification.
2 code implementations • 20 Mar 2019 • Chawin Sitawarin, David Wagner
Despite a large amount of attention on adversarial examples, very few works have demonstrated an effective defense against this threat.
1 code implementation • 18 Feb 2018 • Chawin Sitawarin, Arjun Nitin Bhagoji, Arsalan Mosenia, Mung Chiang, Prateek Mittal
In this paper, we propose and examine security attacks against sign recognition systems for Deceiving Autonomous caRs with Toxic Signs (we call the proposed attacks DARTS).
1 code implementation • 9 Jan 2018 • Chawin Sitawarin, Arjun Nitin Bhagoji, Arsalan Mosenia, Prateek Mittal, Mung Chiang
Our attack pipeline generates adversarial samples which are robust to the environmental conditions and noisy image transformations present in the physical world.
no code implementations • 4 Dec 2017 • Mark Martinez, Chawin Sitawarin, Kevin Finch, Lennart Meincke, Alex Yablonski, Alain Kornhauser
As an initial assessment, over 480, 000 labeled virtual images of normal highway driving were readily generated in Grand Theft Auto V's virtual environment.
no code implementations • 9 Apr 2017 • Arjun Nitin Bhagoji, Daniel Cullina, Chawin Sitawarin, Prateek Mittal
We propose the use of data transformations as a defense against evasion attacks on ML classifiers.