Search Results for author: David Evans

Found 24 papers, 22 papers with code

Formalizing and Estimating Distribution Inference Risks

2 code implementations13 Sep 2021 Anshuman Suri, David Evans

Distribution inference, sometimes called property inference, infers statistical properties about a training set from access to a model trained on that data.

Inference Attack

Understanding Intrinsic Robustness Using Label Uncertainty

1 code implementation ICLR 2022 Xiao Zhang, David Evans

A fundamental question in adversarial machine learning is whether a robust classifier exists for a given task.

Adversarial Robustness Image Classification

Formalizing Distribution Inference Risks

1 code implementation7 Jun 2021 Anshuman Suri, David Evans

Property inference attacks reveal statistical properties about a training set but are difficult to distinguish from the primary purposes of statistical machine learning, which is to produce models that capture statistical properties about a distribution.

Stealthy Backdoors as Compression Artifacts

1 code implementation30 Apr 2021 Yulong Tian, Fnu Suya, Fengyuan Xu, David Evans

In a backdoor attack on a machine learning model, an adversary produces a model that performs well on normal inputs but outputs targeted misclassifications on inputs containing a small trigger pattern.

Backdoor Attack Model Compression +1

Improved Estimation of Concentration Under $\ell_p$-Norm Distance Metrics Using Half Spaces

1 code implementation ICLR 2021 Jack Prescott, Xiao Zhang, David Evans

Mahloujifar et al. presented an empirical way to measure the concentration of a data distribution using samples, and employed it to find lower bounds on intrinsic robustness for several benchmark datasets.

Model-Targeted Poisoning Attacks with Provable Convergence

1 code implementation30 Jun 2020 Fnu Suya, Saeed Mahloujifar, Anshuman Suri, David Evans, Yuan Tian

Our attack is the first model-targeted poisoning attack that provides provable convergence for convex models, and in our experiments, it either exceeds or matches state-of-the-art attacks in terms of attack success rate and distance to the target model.

Pointwise Paraphrase Appraisal is Potentially Problematic

no code implementations ACL 2020 Hannah Chen, Yangfeng Ji, David Evans

The prevailing approach for training and evaluating paraphrase identification models is constructed as a binary classification problem: the model is given a pair of sentences, and is judged by how accurately it classifies pairs as either paraphrases or non-paraphrases.

Paraphrase Identification

Revisiting Membership Inference Under Realistic Assumptions

1 code implementation21 May 2020 Bargav Jayaraman, Lingxiao Wang, Katherine Knipmeyer, Quanquan Gu, David Evans

Since previous inference attacks fail in imbalanced prior setting, we develop a new inference attack based on the intuition that inputs corresponding to training set members will be near a local minimum in the loss function, and show that an attack that combines this with thresholds on the per-instance loss can achieve high PPV even in settings where other attacks appear to be ineffective.

Inference Attack

Certifying Joint Adversarial Robustness for Model Ensembles

1 code implementation21 Apr 2020 Mainuddin Ahmad Jonas, David Evans

Deep Neural Networks (DNNs) are often vulnerable to adversarial examples. Several proposed defenses deploy an ensemble of models with the hope that, although the individual models may be vulnerable, an adversary will not be able to find an adversarial example that succeeds against the ensemble.

Adversarial Robustness

One Neuron to Fool Them All

1 code implementation20 Mar 2020 Anshuman Suri, David Evans

Despite vast research in adversarial examples, the root causes of model susceptibility are not well understood.

Understanding the Intrinsic Robustness of Image Distributions using Conditional Generative Models

1 code implementation1 Mar 2020 Xiao Zhang, Jinghui Chen, Quanquan Gu, David Evans

Starting with Gilmer et al. (2018), several works have demonstrated the inevitability of adversarial examples based on different assumptions about the underlying input probability space.

Adversarial Robustness

Learning Adversarially Robust Representations via Worst-Case Mutual Information Maximization

1 code implementation ICML 2020 Sicheng Zhu, Xiao Zhang, David Evans

We develop a notion of representation vulnerability that captures the maximum change of mutual information between the input and output distributions, under the worst-case input perturbation.

Adversarial Robustness

Efficient Privacy-Preserving Stochastic Nonconvex Optimization

no code implementations30 Oct 2019 Lingxiao Wang, Bargav Jayaraman, David Evans, Quanquan Gu

While many solutions for privacy-preserving convex empirical risk minimization (ERM) have been developed, privacy-preserving nonconvex ERM remains a challenge.

Hybrid Batch Attacks: Finding Black-box Adversarial Examples with Limited Queries

1 code implementation19 Aug 2019 Fnu Suya, Jianfeng Chi, David Evans, Yuan Tian

In a black-box setting, the adversary only has API access to the target model and each query is expensive.

Cryptography and Security

Empirically Measuring Concentration: Fundamental Limits on Intrinsic Robustness

1 code implementation NeurIPS 2019 Saeed Mahloujifar, Xiao Zhang, Mohammad Mahmoody, David Evans

Many recent works have shown that adversarial examples that fool classifiers can be found by minimally perturbing a normal input.

Image Classification

Evaluating Differentially Private Machine Learning in Practice

1 code implementation24 Feb 2019 Bargav Jayaraman, David Evans

Differential privacy is a strong notion for privacy that can be used to prove formal guarantees, in terms of a privacy budget, $\epsilon$, about how much information is leaked by a mechanism.

Distributed Learning without Distress: Privacy-Preserving Empirical Risk Minimization

1 code implementation NeurIPS 2018 Bargav Jayaraman, Lingxiao Wang, David Evans, Quanquan Gu

We explore two popular methods of differential privacy, output perturbation and gradient perturbation, and advance the state-of-the-art for both methods in the distributed learning setting.

Cost-Sensitive Robustness against Adversarial Examples

1 code implementation ICLR 2019 Xiao Zhang, David Evans

Several recent works have developed methods for training classifiers that are certifiably robust against norm-bounded adversarial perturbations.

General Classification

Learning to Evade Static PE Machine Learning Malware Models via Reinforcement Learning

4 code implementations arXiv 2018 Hyrum S. Anderson, Anant Kharkar, Bobby Filar, David Evans, Phil Roth

We show in experiments that our method can attack a gradient-boosted machine learning model with evasion rates that are substantial and appear to be strongly dependent on the dataset.

Cryptography and Security

Query-limited Black-box Attacks to Classifiers

1 code implementation23 Dec 2017 Fnu Suya, Yuan Tian, David Evans, Paolo Papotti

Specifically, we consider the problem of attacking machine learning classifiers subject to a budget of feature modification cost while minimizing the number of queries, where each query returns only a class and confidence score.

Feature Squeezing Mitigates and Detects Carlini/Wagner Adversarial Examples

1 code implementation30 May 2017 Weilin Xu, David Evans, Yanjun Qi

Feature squeezing is a recently-introduced framework for mitigating and detecting adversarial examples.

Feature Squeezing: Detecting Adversarial Examples in Deep Neural Networks

2 code implementations Network and Distributed System Security Symposium 2018 Weilin Xu, David Evans, Yanjun Qi

Although deep neural networks (DNNs) have achieved great success in many tasks, they can often be fooled by \emph{adversarial examples} that are generated by adding small but purposeful distortions to natural examples.

Cannot find the paper you are looking for? You can Submit a new open access paper.