Search Results for author:
Found 45 papers, 15 papers with code
When the Curious Abandon Honesty: Federated Learning Is Not Private
Instead, these devices share gradients, parameters, or other model updates, with a central party (e. g., a company) coordinating the training.
Bad Characters: Imperceptible NLP Attacks
In this paper, we explore a large class of adversarial examples that can be used to attack text-based models in a black-box setting without making any human-perceptible visual modification to inputs.
Markpainting: Adversarial Machine Learning meets Inpainting
Inpainting is a learned interpolation technique that is based on generative modeling and used to populate masked or missing pieces in an image; it has wide applications in picture editing and retouching.
Sponge Examples: Energy-Latency Attacks on Neural Networks
The high energy costs of neural network training and inference led to the use of acceleration hardware such as GPUs and TPUs.
Revisiting Block-based Quantisation: What is Important for Sub-8-bit LLM Inference?
In this work, we explore the statistical and learning properties of the LLM layer and attribute the bottleneck of LLM quantisation to numerical scaling offsets.
Architectural Backdoors in Neural Networks
Machine learning is vulnerable to adversarial manipulation.
Rethinking Image-Scaling Attacks: The Interplay Between Vulnerabilities in Machine Learning Systems
As real-world images come in varying sizes, the machine learning model is part of a larger system that includes an upstream image scaling algorithm.
On the Limitations of Stochastic Pre-processing Defenses
An example of such a defense is to apply a random transformation to inputs prior to feeding them to the model.
Revisiting Automated Prompting: Are We Actually Doing Better?
Current literature demonstrates that Large Language Models (LLMs) are great few-shot learners, and prompting significantly increases their performance on a range of downstream tasks in a few-shot learning setting.
The Curse of Recursion: Training on Generated Data Makes Models Forget
It is now clear that large language models (LLMs) are here to stay, and will bring about drastic change in the whole ecosystem of online text and images.
Manipulating SGD with Data Ordering Attacks
Machine learning is vulnerable to a wide variety of attacks.
In Differential Privacy, There is Truth: On Vote Leakage in Ensemble Private Learning
When learning from sensitive data, care must be taken to ensure that training algorithms address privacy concerns.
Augmentation Backdoors
It is well known that backdoors can be inserted into machine learning models through serving a modified dataset to train on.
Boosting Big Brother: Attacking Search Engines with Encodings
Search engines are vulnerable to attacks against indexing and searching via text encoding manipulation.
When Vision Fails: Text Attacks Against ViT and OCR
While text-based machine learning models that operate on visual inputs of rendered text have become robust against a wide range of existing attacks, we show that they are still vulnerable to visual adversarial examples encoded as text.
To compress or not to compress: Understanding the Interactions between Adversarial Attacks and Neural Network Compression
We, therefore, investigate the extent to which adversarial samples are transferable between uncompressed and compressed DNNs.
The Taboo Trap: Behavioural Detection of Adversarial Samples
Most existing detection mechanisms against adversarial attacksimpose significant costs, either by using additional classifiers to spot adversarial samples, or by requiring the DNN to be restructured.
Towards Automatic Discovery of Cybercrime Supply Chains
Our analysis of the automatically generated supply chains demonstrates underlying connections between products and services within these forums.
Sitatapatra: Blocking the Transfer of Adversarial Samples
Convolutional Neural Networks (CNNs) are widely used to solve classification tasks in computer vision.
Hearing your touch: A new acoustic side channel on smartphones
We found the device's microphone(s) can recover this wave and "hear" the finger's touch, and the wave's distortions are characteristic of the tap's location on the screen.
Blackbox Attacks on Reinforcement Learning Agents Using Approximated Temporal Information
In this work, we show how such samples can be generalised from White-box and Grey-box attacks to a strong Black-box case, where the attacker has no knowledge of the agents, their training parameters and their training methods.
Towards Certifiable Adversarial Sample Detection
Convolutional Neural Networks (CNNs) are deployed in more and more classification systems, but adversarial samples can be maliciously crafted to trick them, and are becoming a real threat.
On Attribution of Deepfakes
We discuss the ethical implications of our work, identify where our technique can be used, and highlight that a more meaningful legislative framework is required for a more transparent and ethical use of generative modeling.
Nudge Attacks on Point-Cloud DNNs
The wide adaption of 3D point-cloud data in safety-critical applications such as autonomous driving makes adversarial samples a real threat.
Hey Alexa what did I just type? Decoding smartphone sounds with a voice assistant
Voice assistants are now ubiquitous and listen in on our everyday lives.
Rapid Model Architecture Adaption for Meta-Learning
H-Meta-NAS shows a Pareto dominance compared to a variety of NAS and manual baselines in popular few-shot learning benchmarks with various hardware platforms and constraints.
On the Necessity of Auditable Algorithmic Definitions for Machine Unlearning
Machine unlearning, i. e. having a model forget about some of its training data, has become increasingly more important as privacy legislation promotes variants of the right-to-be-forgotten.
Tubes Among Us: Analog Attack on Automatic Speaker Identification
Recent years have seen a surge in the popularity of acoustics-enabled personal devices powered by machine learning.
Model Architecture Adaption for Bayesian Neural Networks
Bayesian Neural Networks (BNNs) offer a mathematically grounded framework to quantify the uncertainty of model predictions but come with a prohibitive computation cost for both training and inference.
Efficient Adversarial Training With Data Pruning
In this paper we demonstrate data pruning-a method for increasing adversarial training efficiency through data sub-sampling. We empirically show that data pruning leads to improvements in convergence and reliability of adversarial training, albeit with different levels of utility degradation.
DARTFormer: Finding The Best Type Of Attention
Given the wide and ever growing range of different efficient Transformer attention mechanisms, it is important to identify which attention is most effective when given a task.
Wide Attention Is The Way Forward For Transformers?
We demonstrate that wide single layer Transformer models can compete with or outperform deeper ones in a variety of Natural Language Processing (NLP) tasks when both are trained from scratch.
ImpNet: Imperceptible and blackbox-undetectable backdoors in compiled neural networks
These backdoors are impossible to detect during the training or data preparation processes, because they are not yet present.
Reconstructing Individual Data Points in Federated Learning Hardened with Differential Privacy and Secure Aggregation
FL is promoted as a privacy-enhancing technology (PET) that provides data minimization: data never "leaves" personal devices and users share only model updates with a server (e. g., a company) coordinating the distributed training.
Machine Learning needs Better Randomness Standards: Randomised Smoothing and PRNG-based attacks
As an example, we hide an attack in the random number generator and show that the randomness tests suggested by NIST fail to detect it.
Gradients Look Alike: Sensitivity is Often Overestimated in DP-SGD
Put all together, our evaluation shows that this novel DP-SGD analysis allows us to now formally show that DP-SGD leaks significantly less privacy for many datapoints (when trained on common benchmarks) than the current data-independent guarantee.
LLM Censorship: A Machine Learning Challenge or a Computer Security Problem?
Specifically, we demonstrate that semantic censorship can be perceived as an undecidable problem, highlighting the inherent challenges in censorship that arise due to LLMs' programmatic and instruction-following capabilities.
SEA: Shareable and Explainable Attribution for Query-based Black-box Attacks
Machine Learning (ML) systems are vulnerable to adversarial examples, particularly those from query-based black-box attacks.
Human-Producible Adversarial Examples
Visual adversarial examples have so far been restricted to pixel-level image manipulations in the digital world, or have required sophisticated equipment such as 2D or 3D printers to be produced in the physical real world.
Beyond Labeling Oracles: What does it mean to steal ML models?
We discover that prior knowledge of the attacker, i. e. access to in-distribution data, dominates other factors like the attack policy the adversary follows to choose which queries to make to the victim model API.
Buffer Overflow in Mixture of Experts
Mixture of Experts (MoE) has become a key ingredient for scaling large foundation models while keeping inference costs steady.
Architectural Neural Backdoors from First Principles
In this work we construct an arbitrary trigger detector which can be used to backdoor an architecture with no human supervision.
Inexact Unlearning Needs More Careful Evaluations to Avoid a False Sense of Privacy
In the privacy literature, this is known as membership inference.
Fairness Feedback Loops: Training on Synthetic Data Amplifies Bias
We simulate AR interventions by curating representative training batches for stochastic gradient descent to demonstrate how AR can improve upon the unfairnesses of models and data ecosystems subject to other MIDS.
