Search Results for author:
Found 27 papers, 17 papers with code
Threat Behavior Textual Search by Attention Graph Isomorphism
As such, analysts often resort to text search techniques to identify existing malware reports based on the symptoms they observe, exploiting the fact that malware samples share a lot of similarity, especially those from the same origin.
LOTUS: Evasive and Resilient Backdoor Attacks through Sub-Partitioning
Backdoor attack poses a significant security threat to Deep Learning applications.
Rapid Optimization for Jailbreaking LLMs via Subconscious Exploitation and Echopraxia
Large Language Models (LLMs) have become prevalent across diverse sectors, transforming human life with their extraordinary reasoning and comprehension abilities.
Make Them Spill the Beans! Coercive Knowledge Extraction from (Production) LLMs
Instead, it exploits the fact that even when an LLM rejects a toxic request, a harmful response often hides deep in the output logits.
Elijah: Eliminating Backdoors Injected in Diffusion Models via Distribution Shift
Diffusion models (DM) have become state-of-the-art generative models because of their capability to generate high-quality images from noises without adversarial training.
Fusion is Not Enough: Single Modal Attacks on Fusion Models for 3D Object Detection
We argue that the weakest link of fusion models depends on their most vulnerable modality, and propose an attack framework that targets advanced camera-LiDAR fusion-based 3D object detection models through camera-only adversarial attacks.
Detecting Backdoors in Pre-trained Encoders
We show the effectiveness of our method on image encoders pre-trained on ImageNet and OpenAI's CLIP 400 million image-text pairs.
Adversarial Training of Self-supervised Monocular Depth Estimation against Physical-World Attacks
We improve adversarial robustness against physical-world attacks using L0-norm-bounded perturbation in training.
Gradient Shaping: Enhancing Backdoor Attack Against Reverse Engineering
Finally, we perform both theoretical and experimental analysis, showing that the GRASP enhancement does not reduce the effectiveness of the stealthy attacks against the backdoor detection methods based on weight analysis, as well as other backdoor mitigation methods without using detection.
BEAGLE: Forensics of Deep Learning Backdoor Attack for Better Defense
Attack forensics, a critical counter-measure for traditional cyber attacks, is hence of importance for defending model backdoor attacks.
MEDIC: Remove Model Backdoors via Importance Driven Cloning
It trains the clone model from scratch on a very small subset of samples and aims to minimize a cloning loss that denotes the differences between the activations of important neurons across the two models.
Backdoor Vulnerabilities in Normally Trained Deep Learning Models
We leverage 20 different types of injected backdoor attacks in the literature as the guidance and study their correspondences in normally trained models, which we call natural backdoor vulnerabilities.
FLIP: A Provable Defense Framework for Backdoor Mitigation in Federated Learning
In this work, we theoretically analyze the connection among cross-entropy loss, attack success rate, and clean accuracy in this setting.
Physical Attack on Monocular Depth Estimation with Optimal Adversarial Patches
Experimental results show that our method can generate stealthy, effective, and robust adversarial patches for different target objects and models and achieves more than 6 meters mean depth estimation error and 93% attack success rate (ASR) in object detection with a patch of 1/9 of the vehicle's rear area.
DECK: Model Hardening for Defending Pervasive Backdoors
As such, using the samples derived from our attack in adversarial training can harden a model against these backdoor vulnerabilities.
An Extractive-and-Abstractive Framework for Source Code Summarization
The extractive module in the framework performs a task of extractive code summarization, which takes in the code snippet and predicts important statements containing key factual details.
Code Search based on Context-aware Code Translation
We evaluate the effectiveness of our technique, called TranCS, on the CodeSearchNet corpus with 1, 000 queries.
Constrained Optimization with Dynamic Bound-scaling for Effective NLPBackdoor Defense
We develop a novel optimization method for NLPbackdoor inversion.
Bounded Adversarial Attack on Deep Content Features
We propose a novel adversarial attack targeting content features in some deep layer, that is, individual neurons in the layer.
Complex Backdoor Detection by Symmetric Feature Differencing
Our results on the TrojAI competition rounds 2-4, which have patch backdoors and filter backdoors, show that existing scanners may produce hundreds of false positives (i. e., clean models recognized as trojaned), while our technique removes 78-100% of them with a small increase of false negatives by 0-30%, leading to 17-41% overall accuracy improvement.
Better Trigger Inversion Optimization in Backdoor Scanning
A popular trigger inversion method is by optimization.
EX-RAY: Distinguishing Injected Backdoor from Natural Features in Neural Networks by Examining Differential Feature Symmetry
A prominent challenge is hence to distinguish natural features and injected backdoors.
Backdoor Scanning for Deep Neural Networks through K-Arm Optimization
By iteratively and stochastically selecting the most promising labels for optimization with the guidance of an objective function, we substantially reduce the complexity, allowing to handle models with many classes.
D-square-B: Deep Distribution Bound for Natural-looking Adversarial Attack
We propose a novel technique that can generate natural-looking adversarial examples by bounding the variations induced for internal activation values in some deep layer(s), through a distribution quantile bound and a polynomial barrier loss function.
Towards Feature Space Adversarial Attack
We propose a new adversarial attack to Deep Neural Networks for image classification.
Attacks Meet Interpretability: Attribute-steered Detection of Adversarial Samples
Results show that our technique can achieve 94% detection accuracy for 7 different kinds of attacks with 9. 91% false positives on benign inputs.
