Search Results for author:
Found 123 papers, 62 papers with code
TrojDiff: Trojan Attacks on Diffusion Models with Diverse Targets
To answer these questions, we propose an effective Trojan attack against diffusion models, TrojDiff, which optimizes the Trojan diffusion and generative processes during training.
Unique Identification of 50,000+ Virtual Reality Users from Head & Hand Motion Data
With the recent explosive growth of interest and investment in virtual reality (VR) and the so-called "metaverse," public attention has rightly shifted toward the unique security and privacy threats that these platforms may pose.
DensePure: Understanding Diffusion Models towards Adversarial Robustness
By using the highest density point in the conditional distribution as the reversed sample, we identify the robust region of a given instance under the diffusion model's reverse process.
Benchmarking Language Models for Code Syntax Understanding
Our key observation is that existing language models pretrained on code still lack the understanding of code syntax.
IELM: An Open Information Extraction Benchmark for Pre-Trained Language Models
Instead of focusing on pre-defined relations, we create an OIE benchmark aiming to fully examine the open relational information present in the pre-trained LMs.
PALT: Parameter-Lite Transfer of Language Models for Knowledge Graph Completion
For instance, we outperform the fully finetuning approaches on a KG completion benchmark by tuning only 1% of the parameters.
Ranked #5 on
Link Prediction
on UMLS
How Would The Viewer Feel? Estimating Wellbeing From Video Scenarios
In experiments, we show how video models that are primarily trained to recognize actions and find contours of objects can be repurposed to understand human preferences and the emotional content of videos.
Joint Language Semantic and Structure Embedding for Knowledge Graph Completion
Unlike previous approaches that rely on either the structures or semantics of the knowledge graphs, we propose to jointly embed the semantics in the natural language description of the knowledge triplets with their structure information.
Ranked #2 on
Link Prediction
on WN18RR
UniFed: A Benchmark for Federated Learning Frameworks
Federated Learning (FL) has become a practical and popular paradigm in machine learning.
Is Vertical Logistic Regression Privacy-Preserving? A Comprehensive Privacy Analysis and Beyond
We provide a comprehensive and rigorous privacy analysis of VLR in a class of open-source Federated Learning frameworks, where the protocols might differ between one another, yet a procedure of obtaining local gradients is implicitly shared.
Forecasting Future World Events with Neural Networks
We test language models on our forecasting task and find that performance is far below a human expert baseline.
Byzantine-Robust Federated Learning with Optimal Statistical Rates and Privacy Guarantees
In contrast to prior work, our proposed protocols improve the dimension dependence and achieve a tight statistical rate in terms of all the parameters for strongly convex losses.
DeepStruct: Pretraining of Language Models for Structure Prediction
We introduce a method for improving the structural understanding abilities of language models.
Ranked #1 on
Relation Extraction
on TACRED
PixMix: Dreamlike Pictures Comprehensively Improve Safety Measures
In real-world applications of machine learning, reliable and safe systems must consider measures of performance beyond standard test set accuracy.
Grounded Graph Decoding Improves Compositional Generalization in Question Answering
Grounding enables the model to retain syntax information from the input in thereby significantly improving generalization over complex inputs.
What Would Jiminy Cricket Do? Towards Agents That Behave Morally
When making everyday decisions, people are guided by their conscience, an internal sense of right and wrong.
Towards Defending Multiple $\ell_p$-Norm Bounded Adversarial Perturbations via Gated Batch Normalization
We observe that different $\ell_p$ bounded adversarial perturbations induce different statistical properties that can be separated and characterized by the statistics of Batch Normalization (BN).
FED-$\chi^2$: Secure Federated Correlation Test
In this paper, we propose the first secure federated $\chi^2$-test protocol, FED-$\chi^2$.
Adversarial Collaborative Learning on Non-IID Features
Federated learning has been a popular approach to enable collaborative learning on multiple parties without exchanging raw data.
Secure Byzantine-Robust Federated Learning with Dimension-free Error
In the present work, we propose a federated learning protocol with bi-directional security guarantees.
Zero-Shot Information Extraction as a Unified Text-to-Triple Translation
We cast a suite of information extraction tasks into a text-to-triple translation framework.
Ranked #1 on
Open Information Extraction
on OIE2016
(using extra training data)
RobustART: Benchmarking Robustness on Architecture Design and Training Techniques
Thus, we propose RobustART, the first comprehensive Robustness investigation benchmark on ImageNet regarding ARchitecture design (49 human-designed off-the-shelf architectures and 1200+ networks from neural architecture search) and Training techniques (10+ techniques, e. g., data augmentation) towards diverse noises (adversarial, natural, and system noises).
PlotCoder: Hierarchical Decoding for Synthesizing Visualization Code in Programmatic Context
Creating effective visualization is an important part of data analytics.
Latent Execution for Neural Program Synthesis
While recent works demonstrated limited success on domain-specific languages (DSL), it remains highly challenging to apply them to real-world programming languages, such as C. Due to complicated syntax and token variation, there are three major challenges: (1) unlike many DSLs, programs in languages like C need to compile first and are not executed via interpreters; (2) the program search space grows exponentially when the syntax and semantics of the programming language become more complex; and (3) collecting a large-scale dataset of real-world programs is non-trivial.
Adversarial Examples for k-Nearest Neighbor Classifiers Based on Higher-Order Voronoi Diagrams
On a high level, the search radius expands to the nearby higher-order Voronoi cells until we find a cell that classifies differently from the input point.
Latent Execution for Neural Program Synthesis Beyond Domain-Specific Languages
Program synthesis from input-output (IO) examples has been a long-standing challenge.
Measuring Coding Challenge Competence With APPS
Recent models such as GPT-Neo can pass approximately 20% of the test cases of introductory problems, so we find that machine learning models are now beginning to learn how to code.
Ranked #9 on
Code Generation
on APPS
BACKDOORL: Backdoor Attack against Competitive Reinforcement Learning
Recent research has confirmed the feasibility of backdoor attacks in deep reinforcement learning (RL) systems.
Model-Contrastive Federated Learning
A key challenge in federated learning is to handle the heterogeneity of local data distribution across parties.
Measuring Mathematical Problem Solving With the MATH Dataset
To facilitate future research and increase accuracy on MATH, we also contribute a large auxiliary pretraining dataset which helps teach models the fundamentals of mathematics.
Ranked #20 on
Math Word Problem Solving
on MATH
DPlis: Boosting Utility of Differentially Private Deep Learning via Randomized Smoothing
Deep learning techniques have achieved remarkable performance in wide-ranging tasks.
TeraPipe: Token-Level Pipeline Parallelism for Training Large-Scale Language Models
With this key idea, we design TeraPipe, a high-performance token-level pipeline parallel algorithm for synchronous model-parallel training of Transformer-based language models.
A System for Automated Open-Source Threat Intelligence Gathering and Management
SecurityKG collects OSCTI reports from various sources, uses a combination of AI and NLP techniques to extract high-fidelity knowledge about threat behaviors, and constructs a security knowledge graph.
A System for Efficiently Hunting for Cyber Threats in Computer Systems Using Threat Intelligence
Log-based cyber threat hunting has emerged as an important solution to counter sophisticated cyber attacks.
D2p-fed:Differentially Private Federated Learning with Efficient Communication
We provide complete analysis of the privacy guarantee, communication cost and convergence rate of D2p-fed.
Perturbation Type Categorization for Multiple $\ell_p$ Bounded Adversarial Robustness
In addition, we demonstrate the realization of this trade-off in deep networks by adding random noise to the model input at test time, enabling enhanced robustness against strong adaptive attacks.
F^2ed-Learning: Good Fences Make Good Neighbors
In this paper, we present F^2ed-Learning, the first federated learning protocol simultaneously defending against both semi-honest server and Byzantine malicious clients.
A Rigorous Evaluation of Real-World Distribution Shifts
Motivated by this, we introduce a new data augmentation method which advances the state-of-the-art and outperforms models pretrained with 1000x more labeled data.
Towards Machine Ethics with Language Models
We show how to assess a language model’s knowledge of basic concepts of morality.
How Multipurpose Are Language Models?
By comprehensively evaluating the breadth and depth of a model's academic and professional understanding, our test can be used to analyze models across many tasks and to identify important shortcomings.
Dataset Security for Machine Learning: Data Poisoning, Backdoor Attacks, and Defenses
As machine learning systems grow in scale, so do their training data requirements, forcing practitioners to automate and outsource the curation of training data in order to achieve state-of-the-art performance.
Extracting Training Data from Large Language Models
We demonstrate our attack on GPT-2, a language model trained on scrapes of the public Internet, and are able to extract hundreds of verbatim text sequences from the model's training data.
Towards Defending Multiple Adversarial Perturbations via Gated Batch Normalization
To better understand this phenomenon, we propose the \emph{multi-domain} hypothesis, stating that different types of adversarial perturbations are drawn from different domains.
Adversarial Examples for $k$-Nearest Neighbor Classifiers Based on Higher-Order Voronoi Diagrams
On a high level, the search radius expands to the nearby Voronoi cells until we find a cell that classifies differently from the input point.
Enabling Efficient Cyber Threat Hunting With Cyber Threat Intelligence
Log-based cyber threat hunting has emerged as an important solution to counter sophisticated attacks.
Language Models are Open Knowledge Graphs
This paper shows how to construct knowledge graphs (KGs) from pre-trained language models (e. g., BERT, GPT-2/3), without human supervision.
Practical One-Shot Federated Learning for Cross-Silo Setting
Federated learning enables multiple parties to collaboratively learn a model without exchanging their data.
Towards Bidirectional Protection in Federated Learning
At one end of the spectrum, some work uses secure aggregation techniques to hide the individual client's updates and only reveal the aggregated global update to a malicious server that strives to infer the clients' privacy from their updates.
Model-Agnostic Round-Optimal Federated Learning via Knowledge Transfer
In this paper, we propose a novel federated learning algorithm FedKT that needs only a single communication round (i. e., round-optimal).
A Principled Approach to Data Valuation for Federated Learning
The federated SV preserves the desirable properties of the canonical SV while it can be calculated without incurring extra communication cost and is also able to capture the effect of participation order on data value.
Measuring Massive Multitask Language Understanding
By comprehensively evaluating the breadth and depth of a model's academic and professional understanding, our test can be used to analyze models across many tasks and to identify important shortcomings.
Ranked #54 on
Multi-task Language Understanding
on MMLU
Compositional Generalization via Neural-Symbolic Stack Machines
Despite achieving tremendous success, existing deep learning models have exposed limitations in compositional generalization, the capability to learn compositional rules and apply them to unseen cases in a systematic manner.
Aligning AI With Shared Human Values
We show how to assess a language model's knowledge of basic concepts of morality.
Ranked #1 on
Average
on hendrycks2020ethics
Synthesize, Execute and Debug: Learning to Repair for Neural Program Synthesis
The use of deep learning techniques has achieved significant progress for program synthesis from input-output examples.
The Many Faces of Robustness: A Critical Analysis of Out-of-Distribution Generalization
We find that using larger models and artificial data augmentations can improve robustness on real-world distribution shifts, contrary to claims in prior work.
Ranked #19 on
Domain Generalization
on ImageNet-R
D2P-Fed: Differentially Private Federated Learning With Efficient Communication
In this paper, we propose the discrete Gaussian based differentially private federated learning (D2P-Fed), a unified scheme to achieve both differential privacy (DP) and communication efficiency in federated learning (FL).
Towards practical differentially private causal graph discovery
Causal graph discovery refers to the process of discovering causal relation graphs from purely observational data.
Neural Symbolic Reader: Scalable Integration of Distributed and Symbolic Representations for Reading Comprehension
Integrating distributed representations with symbolic operations is essential for reading comprehension requiring complex reasoning, such as counting, sorting and arithmetics, but most existing approaches are hard to scale to more domains or more complex reasoning.
Ranked #4 on
Question Answering
on DROP Test
Imitation Attacks and Defenses for Black-box Machine Translation Systems
To mitigate these vulnerabilities, we propose a defense that modifies translation outputs in order to misdirect the optimization of imitation models.
Pretrained Transformers Improve Out-of-Distribution Robustness
Although pretrained Transformers such as BERT achieve high accuracy on in-distribution examples, do they generalize to new distributions?
Anomalous Example Detection in Deep Learning: A Survey
This survey tries to provide a structured and comprehensive overview of the research on anomaly detection for DL based applications.
Proceedings of the AAAI-20 Workshop on Intelligent Process Automation (IPA-20)
This is the Proceedings of the AAAI-20 Workshop on Intelligent Process Automation (IPA-20) which took place in New York, NY, USA on February 7th 2020.
Hierarchical Variational Imitation Learning of Control Programs
Autonomous agents can learn by imitating teacher demonstrations of the intended behavior.
Synthetic Datasets for Neural Program Synthesis
The goal of program synthesis is to automatically generate programs in a particular language from corresponding specifications, e. g. input-output behavior.
Advances and Open Problems in Federated Learning
FL embodies the principles of focused data collection and minimization, and can mitigate many of the systemic privacy risks and costs resulting from traditional, centralized machine learning and data science approaches.
Scaling Out-of-Distribution Detection for Real-World Settings
We conduct extensive experiments in these more realistic settings for out-of-distribution detection and find that a surprisingly simple detector based on the maximum logit outperforms prior methods in all the large-scale multi-class, multi-label, and segmentation tasks, establishing a simple new baseline for future work.
The Secret Revealer: Generative Model-Inversion Attacks Against Deep Neural Networks
This paper studies model-inversion attacks, in which the access to a model is abused to infer information about the training data.
REFIT: A Unified Watermark Removal Framework For Deep Learning Systems With Limited Data
The experimental results demonstrate that our fine-tuning based watermark removal attacks could pose real threats to the copyright of pre-trained models, and thus highlight the importance of further investigating the watermarking problem and proposing more robust watermark embedding schemes against the attacks.
Scalability vs. Utility: Do We Have to Sacrifice One for the Other in Data Importance Quantification?
Quantifying the importance of each training point to a learning task is a fundamental problem in machine learning and the estimated importance scores have been leveraged to guide a range of data workflows such as data summarization and domain adaption.
Robust Anomaly Detection and Backdoor Attack Detection Via Differential Privacy
In this paper, we demonstrate that applying differential privacy can improve the utility of outlier detection and novelty detection, with an extension to detect poisoning samples in backdoor attacks.
An Empirical and Comparative Analysis of Data Valuation with Scalable Algorithms
Existing approximation algorithms, although achieving great improvement over the exact algorithm, relies on retraining models for multiple times, thus remaining limited when applied to larger-scale learning tasks and real-world datasets.
Efficient Task-Specific Data Valuation for Nearest Neighbor Algorithms
The most surprising result is that for unweighted $K$NN classifiers and regressors, the Shapley value of all $N$ data points can be computed, exactly, in $O(N\log N)$ time -- an exponential improvement on computational complexity!
TABOR: A Highly Accurate Approach to Inspecting and Restoring Trojan Backdoors in AI Systems
As such, given a deep neural network model and clean input samples, it is very challenging to inspect and determine the existence of a trojan backdoor.
Characterizing Attacks on Deep Reinforcement Learning
To the best of our knowledge, we are the first to apply adversarial attacks on DRL systems to physical robots.
Natural Adversarial Examples
We also curate an adversarial out-of-distribution detection dataset called ImageNet-O, which is the first out-of-distribution detection dataset created for ImageNet models.
Ranked #23 on
Domain Generalization
on ImageNet-A
Using Self-Supervised Learning Can Improve Model Robustness and Uncertainty
Self-supervision provides effective representations for downstream tasks without requiring labels.
Execution-Guided Neural Program Synthesis
Most existing neural program synthesis approaches employ an encoder-decoder architecture, which uses an encoder to compute the embedding of the given input-output examples, as well as a decoder to generate the program from the embedding following a given syntax.
How You Act Tells a Lot: Privacy-Leakage Attack on Deep Reinforcement Learning
To the best of our knowledge, this is the first work to investigate privacy leakage in DRL settings and we show that DRL-based agents do potentially leak privacy-sensitive information from the trained policies.
MLSys: The New Frontier of Machine Learning Systems
Machine learning (ML) techniques are enjoying rapidly increasing adoption.
Towards Efficient Data Valuation Based on the Shapley Value
In this paper, we study the problem of data valuation by utilizing the Shapley value, a popular notion of value which originated in cooperative game theory.
Improving Neural Program Synthesis with Inferred Execution Traces
The task of program synthesis, or automatically generating programs that are consistent with a provided specification, remains a challenging task in artificial intelligence.
Data Poisoning Attack against Unsupervised Node Embedding Methods
In this paper, we take the task of link prediction as an example, which is one of the most fundamental problems for graph analysis, and introduce a data positioning attack to node embedding methods.
Assessing Generalization in Deep Reinforcement Learning
Our aim is to catalyze community-wide progress on generalization in deep RL.
Out-of-Distribution Generalization
reinforcement-learning
+1
Characterizing Adversarial Examples Based on Spatial Consistency Information for Semantic Segmentation
In this paper, we aim to characterize adversarial examples based on spatial context information in semantic segmentation.
Characterizing Audio Adversarial Examples Using Temporal Dependency
In particular, our results reveal the importance of using the temporal dependency in audio data to gain discriminate power against adversarial examples.
Chorus: a Programming Framework for Building Scalable Differential Privacy Mechanisms
Differential privacy is fast becoming the gold standard in enabling statistical analysis of data while protecting the privacy of individuals.
Cryptography and Security
Practical Black-box Attacks on Deep Neural Networks using Efficient Query Mechanisms
An iterative variant of our attack achieves close to 100% attack success rates for both targeted and untargeted attacks on DNNs.
Physical Adversarial Examples for Object Detectors
In this work, we extend physical attacks to more challenging object detection models, a broader class of deep learning algorithms widely used to detect and label multiple objects within a scene.
Efficient Deep Learning on Multi-Source Private Data
Machine learning models benefit from large and diverse datasets.
GamePad: A Learning Environment for Theorem Proving
In this paper, we introduce a system called GamePad that can be used to explore the application of machine learning methods to theorem proving in the Coq proof assistant.
Robust Physical-World Attacks on Deep Learning Visual Classification
Recent studies show that the state-of-the-art deep neural networks (DNNs) are vulnerable to adversarial examples, resulting from small-magnitude perturbations added to the input.
Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contract Execution
Smart contracts are applications that execute on blockchains.
Cryptography and Security
The Secret Sharer: Evaluating and Testing Unintended Memorization in Neural Networks
This paper describes a testing methodology for quantitatively assessing the risk that rare or unique training-data sequences are unintentionally memorized by generative sequence models---a common type of machine-learning model.
Tree-to-tree Neural Networks for Program Translation
We observe that program translation is a modular procedure, in which a sub-tree of the source tree is translated into the corresponding target sub-tree at each step.
Adversarial Texts with Gradient Methods
In addition, we empirically show that WMD is closely related to the quality of adversarial texts.
Spatially Transformed Adversarial Examples
Perturbations generated through spatial transformation could result in large $\mathcal{L}_p$ distance measures, but our extensive experiments show that such spatially transformed adversarial examples are perceptually realistic and more difficult to defend against with existing defense systems.
Characterizing Adversarial Subspaces Using Local Intrinsic Dimensionality
Deep Neural Networks (DNNs) have recently been shown to be vulnerable against adversarial examples, which are carefully crafted instances that can mislead DNNs to make errors during prediction.
Generating Adversarial Examples with Adversarial Networks
A challenge to explore adversarial robustness of neural networks on MNIST.
Gradients explode - Deep Networks are shallow - ResNet explained
Whereas it is believed that techniques such as Adam, batch normalization and, more recently, SeLU nonlinearities ``solve'' the exploding gradient problem, we show that this is not the case and that in a range of popular MLP architectures, exploding gradients exist and that they limit the depth to which networks can be effectively trained, both in theory and in practice.
Parametrized Hierarchical Procedures for Neural Programming
Neural programs are highly accurate and structured policies that perform algorithmic tasks by controlling the behavior of a computation mechanism.
Decision Boundary Analysis of Adversarial Examples
We find that the boundaries around these adversarial examples do not resemble the boundaries around benign examples.
Learning what to learn in a neural program
Recent work has shown that it is possible to address these issues by using recursion in the Neural Programmer-Interpreter, but this technique requires a verification set which is difficult to construct without knowledge of the internals of the oracle used to generate training data.
Exploring the Space of Black-box Attacks on Deep Neural Networks
An iterative variant of our attack achieves close to 100% adversarial success rates for both targeted and untargeted attacks on DNNs.
Note on Attacking Object Detectors with Adversarial Stickers
Given the fact that state-of-the-art objection detection algorithms are harder to be fooled by the same set of adversarial examples, here we show that these detectors can also be attacked by physical adversarial examples.
Targeted Backdoor Attacks on Deep Learning Systems Using Data Poisoning
In this work, we consider a new type of attacks, called backdoor attacks, where the attacker's goal is to create a backdoor into a learning-based authentication system, so that he can easily circumvent the system by leveraging the backdoor.
The exploding gradient problem demystified - definition, prevalence, impact, origin, tradeoffs, and solutions
Whereas it is believed that techniques such as Adam, batch normalization and, more recently, SeLU nonlinearities "solve" the exploding gradient problem, we show that this is not the case in general and that in a range of popular MLP architectures, exploding gradients exist and that they limit the depth to which networks can be effectively trained, both in theory and in practice.
A Berkeley View of Systems Challenges for AI
With the increasing commoditization of computer vision, speech recognition and machine translation systems and the widespread deployment of learning-based back-end technologies such as digital advertising and intelligent infrastructures, AI (Artificial Intelligence) has moved from research labs to production.
JPEG-resistant Adversarial Images
Several papers have explored the use of JPEG compression as a defense against adversarial images.
SQLNet: Generating Structured Queries From Natural Language Without Reinforcement Learning
Existing state-of-the-art approaches rely on reinforcement learning to reward the decoder when it generates any of the equivalent serializations.
Fooling Vision and Language Models Despite Localization and Attention Mechanism
Our work sheds new light on understanding adversarial attacks on vision systems which have a language component and shows that attention, bounding box localization, and compositional internal structures are vulnerable to adversarial attacks.
Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection
The problem of cross-platform binary code similarity detection aims at detecting whether two binary functions coming from different platforms are similar or not.
Robust Physical-World Attacks on Deep Learning Models
We propose a general attack algorithm, Robust Physical Perturbations (RP2), to generate robust visual adversarial perturbations under different physical conditions.
Towards Practical Differential Privacy for SQL Queries
To meet these requirements we propose elastic sensitivity, a novel method for approximating the local sensitivity of queries with general equijoins.
Cryptography and Security Databases
Adversarial Example Defenses: Ensembles of Weak Defenses are not Strong
We ask whether a strong defense can be created by combining multiple (possibly weak) defenses.
Towards Synthesizing Complex Programs from Input-Output Examples
In our evaluation, we show that using our novel approach, neural parsing programs can be learned to achieve 100% test accuracy on test inputs that are 500x longer than the training samples.
Delving into adversarial attacks on deep policies
Adversarial examples have been shown to exist for a variety of deep learning architectures.
Making Neural Programming Architectures Generalize via Recursion
Empirically, neural networks that attempt to learn programs from data have exhibited poor generalizability.
Adversarial examples for generative models
We explore methods of producing adversarial examples on deep generative models such as the variational autoencoder (VAE) and the VAE-GAN.
Delving into Transferable Adversarial Examples and Black-box Attacks
In this work, we are the first to conduct an extensive study of the transferability over large models and a large scale dataset, and we are also the first to study the transferability of targeted adversarial examples with their target labels.
Latent Attention For If-Then Program Synthesis
Automatic translation from natural language descriptions into programs is a longstanding challenging problem.
ExploreKit: Automatic Feature Generation and Selection
To overcome the exponential growth of the feature space, ExploreKit uses a novel machine learning-based feature selection approach to predict the usefulness of new candidate features.
Tracking Dynamic Sources of Malicious Activity at Internet Scale
We formulate and address the problem of discovering dynamic malicious regions on the Internet.
