Search Results for author:
Found 42 papers, 28 papers with code
Understanding and Mitigating Copying in Diffusion Models
While it is widely believed that duplicated images in the training set are responsible for content replication at inference time, we observe that the text conditioning of the model plays a similarly important role.
Tree-Ring Watermarks: Fingerprints for Diffusion Images that are Invisible and Robust
The watermark embeds a pattern into the initial noise vector used for sampling.
What Can We Learn from Unlearnable Datasets?
First, it is widely believed that neural networks trained on unlearnable datasets only learn shortcuts, simpler rules that are not useful for generalization.
A Cookbook of Self-Supervised Learning
Self-supervised learning, dubbed the dark matter of intelligence, is a promising path to advance machine learning.
JPEG Compressed Images Can Bypass Protections Against AI Editing
Recently developed text-to-image diffusion models make it easy to edit or create high-quality images.
Universal Guidance for Diffusion Models
Typical diffusion models are trained to accept a particular form of conditioning, most commonly text, and cannot be conditioned on other modalities without retraining.
Hard Prompts Made Easy: Gradient-Based Discrete Optimization for Prompt Tuning and Discovery
In the text-to-image setting, the method creates hard prompts for diffusion models, allowing API users to easily generate, discover, and mix and match image concepts without prior knowledge on how to prompt the model.
A Watermark for Large Language Models
Potential harms of large language models can be mitigated by watermarking model output, i. e., embedding signals into generated text that are invisible to humans but algorithmically detectable from a short span of tokens.
Cramming: Training a Language Model on a Single GPU in One Day
Recent trends in language modeling have focused on increasing performance through scaling, and have resulted in an environment where training language models is out of reach for most researchers and practitioners.
Diffusion Art or Digital Forgery? Investigating Data Replication in Diffusion Models
Cutting-edge diffusion models produce images with high quality and customizability, enabling them to be used for commercial art and graphic design purposes.
K-SAM: Sharpness-Aware Minimization at the Speed of SGD
Sharpness-Aware Minimization (SAM) has recently emerged as a robust technique for improving the accuracy of deep neural networks.
Canary in a Coalmine: Better Membership Inference with Ensembled Adversarial Queries
As industrial applications are increasingly automated by machine learning models, enforcing personal data ownership and intellectual property rights requires tracing training data back to their rightful owners.
Thinking Two Moves Ahead: Anticipating Other Users Improves Backdoor Attacks in Federated Learning
Federated learning is particularly susceptible to model poisoning and backdoor attacks because individual users have direct control over the training data and model updates.
How Much Data Are Augmentations Worth? An Investigation into Scaling Laws, Invariance, and Implicit Regularization
Despite the clear performance benefits of data augmentations, little is known about why they are so effective.
A Simple Strategy to Provable Invariance via Orbit Mapping
Many applications require robustness, or ideally invariance, of neural networks to certain transformations of input data.
Cold Diffusion: Inverting Arbitrary Image Transforms Without Noise
We observe that the generative behavior of diffusion models is not strongly dependent on the choice of image degradation, and in fact an entire family of generative models can be constructed by varying this choice.
Autoregressive Perturbations for Data Poisoning
Unfortunately, existing methods require knowledge of both the target architecture and the complete dataset so that a surrogate network can be trained, the parameters of which are used to generate the attack.
Poisons that are learned faster are more effective
We advocate for evaluating poisons in terms of peak test accuracy.
Fishing for User Data in Large-Batch Federated Learning via Gradient Magnification
Federated learning (FL) has rapidly risen in popularity due to its promise of privacy and efficiency.
Decepticons: Corrupted Transformers Breach Privacy in Federated Learning for Language Models
A central tenet of Federated learning (FL), which trains models without centralizing user data, is privacy.
Robbing the Fed: Directly Obtaining Private Data in Federated Learning with Modified Models
Federated learning has quickly gained popularity with its promises of increased user privacy and efficiency.
DARTS for Inverse Problems: a Study on Stability
Differentiable architecture search (DARTS) is a widely researched tool for neural architecture search, due to its promising results for image classification.
Protecting Proprietary Data: Poisoning for Secure Dataset Release
These two behaviors can be in conflict as an organization wants to prevent competitors from using their own data to replicate the performance of their proprietary models.
DP-InstaHide: Data Augmentations Provably Enhance Guarantees Against Dataset Manipulations
Data poisoning and backdoor attacks manipulate training data to induce security breaches in a victim model.
Stochastic Training is Not Necessary for Generalization
It is widely believed that the implicit regularization of SGD is fundamental to the impressive generalization behavior we observe in neural networks.
Is Differentiable Architecture Search truly a One-Shot Method?
In this work, we investigate DAS in a systematic case study of inverse problems, which allows us to analyze these potential benefits in a controlled manner.
Adversarial Examples Make Strong Poisons
The adversarial machine learning literature is largely partitioned into evasion attacks on testing data and poisoning attacks on training data.
Training or Architecture? How to Incorporate Invariance in Neural Networks
Many applications require the robustness, or ideally the invariance, of a neural network to certain transformations of input data.
DP-InstaHide: Provably Defusing Poisoning and Backdoor Attacks with Differentially Private Data Augmentations
The InstaHide method has recently been proposed as an alternative to DP training that leverages supposed privacy properties of the mixup augmentation, although without rigorous guarantees.
What Doesn't Kill You Makes You Robust(er): How to Adversarially Train against Data Poisoning
Data poisoning is a threat model in which a malicious actor tampers with training data to manipulate outcomes at inference time.
Preventing Unauthorized Use of Proprietary Data: Poisoning for Secure Dataset Release
Large organizations such as social media companies continually release data, for example user images.
Inverting Gradients - How easy is it to break privacy in federated learning?
The idea of federated learning is to collaboratively train a neural network on a server.
Strong Data Augmentation Sanitizes Poisoning and Backdoor Attacks Without an Accuracy Tradeoff
Data poisoning and backdoor attacks manipulate victim models by maliciously modifying training data.
Witches' Brew: Industrial Scale Data Poisoning via Gradient Matching
We consider a particularly malicious poisoning attack that is both "from scratch" and "clean label", meaning we analyze an attack that successfully works against new, randomly initialized models, and is nearly imperceptible to humans, all while perturbing only a small fraction of the training data.
Fast Convex Relaxations using Graph Discretizations
We discuss this methodology in detail and show examples in multi-label segmentation by minimal partitions and stereo estimation, where we demonstrate that the proposed graph discretization can reduce runtime as well as memory consumption of convex relaxations of matching problems by up to a factor of 10.
MetaPoison: Practical General-purpose Clean-label Data Poisoning
Existing attacks for data poisoning neural networks have relied on hand-crafted heuristics, because solving the poisoning problem directly via bilevel optimization is generally thought of as intractable for deep models.
Inverting Gradients -- How easy is it to break privacy in federated learning?
The idea of federated learning is to collaboratively train a neural network on a server.
WITCHcraft: Efficient PGD attacks with random step size
State-of-the-art adversarial attacks on neural networks use expensive iterative methods and numerous random restarts from different initial points.
Truth or Backpropaganda? An Empirical Investigation of Deep Learning Theory
We empirically evaluate common assumptions about neural networks that are widely held by practitioners and theorists alike.
Parametric Majorization for Data-Driven Energy Minimization Methods
Energy minimization methods are a classical tool in a multitude of computer vision applications.
Composite Optimization by Nonconvex Majorization-Minimization
A popular class of algorithms for solving such problems are majorization-minimization techniques which iteratively approximate the composite nonconvex function by a majorizing function that is easy to minimize.
Multiframe Motion Coupling for Video Super Resolution
The idea of video super resolution is to use different view points of a single scene to enhance the overall resolution and quality.
