Search Results for author:
Found 58 papers, 39 papers with code
A Watermark for Large Language Models
Potential harms of large language models can be mitigated by watermarking model output, i. e., embedding signals into generated text that are invisible to humans but algorithmically detectable from a short span of tokens.
Cold Diffusion: Inverting Arbitrary Image Transforms Without Noise
We observe that the generative behavior of diffusion models is not strongly dependent on the choice of image degradation, and in fact an entire family of generative models can be constructed by varying this choice.
NEFTune: Noisy Embeddings Improve Instruction Finetuning
We show that language model finetuning can be improved, sometimes dramatically, with a simple augmentation.
Cramming: Training a Language Model on a Single GPU in One Day
Recent trends in language modeling have focused on increasing performance through scaling, and have resulted in an environment where training language models is out of reach for most researchers and practitioners.
Hard Prompts Made Easy: Gradient-Based Discrete Optimization for Prompt Tuning and Discovery
In the text-to-image setting, the method creates hard prompts for diffusion models, allowing API users to easily generate, discover, and mix and match image concepts without prior knowledge on how to prompt the model.
On the Reliability of Watermarks for Large Language Models
We also consider a range of new detection schemes that are sensitive to short spans of watermarked text embedded inside a large document, and we compare the robustness of watermarking to other kinds of detectors.
Universal Guidance for Diffusion Models
Typical diffusion models are trained to accept a particular form of conditioning, most commonly text, and cannot be conditioned on other modalities without retraining.
Inverting Gradients -- How easy is it to break privacy in federated learning?
The idea of federated learning is to collaboratively train a neural network on a server.
Robbing the Fed: Directly Obtaining Private Data in Federated Learning with Modified Models
Federated learning has quickly gained popularity with its promises of increased user privacy and efficiency.
Decepticons: Corrupted Transformers Breach Privacy in Federated Learning for Language Models
A central tenet of Federated learning (FL), which trains models without centralizing user data, is privacy.
Fishing for User Data in Large-Batch Federated Learning via Gradient Magnification
Federated learning (FL) has rapidly risen in popularity due to its promise of privacy and efficiency.
Inverting Gradients - How easy is it to break privacy in federated learning?
The idea of federated learning is to collaboratively train a neural network on a server.
Tree-Ring Watermarks: Fingerprints for Diffusion Images that are Invisible and Robust
The watermark embeds a pattern into the initial noise vector used for sampling.
Spotting LLMs With Binoculars: Zero-Shot Detection of Machine-Generated Text
Detecting text generated by modern large language models is thought to be hard, as both LLMs and humans can exhibit a wide range of complex behaviors.
Bring Your Own Data! Self-Supervised Evaluation for Large Language Models
With the rise of Large Language Models (LLMs) and their ubiquitous deployment in diverse domains, measuring language model behavior on realistic data is imperative.
Object Recognition as Next Token Prediction
We present an approach to pose object recognition as next token prediction.
Understanding and Mitigating Copying in Diffusion Models
While it is widely believed that duplicated images in the training set are responsible for content replication at inference time, we observe that the text conditioning of the model plays a similarly important role.
MetaPoison: Practical General-purpose Clean-label Data Poisoning
Existing attacks for data poisoning neural networks have relied on hand-crafted heuristics, because solving the poisoning problem directly via bilevel optimization is generally thought of as intractable for deep models.
Witches' Brew: Industrial Scale Data Poisoning via Gradient Matching
We consider a particularly malicious poisoning attack that is both "from scratch" and "clean label", meaning we analyze an attack that successfully works against new, randomly initialized models, and is nearly imperceptible to humans, all while perturbing only a small fraction of the training data.
Strong Data Augmentation Sanitizes Poisoning and Backdoor Attacks Without an Accuracy Tradeoff
Data poisoning and backdoor attacks manipulate victim models by maliciously modifying training data.
What Doesn't Kill You Makes You Robust(er): How to Adversarially Train against Data Poisoning
Data poisoning is a threat model in which a malicious actor tampers with training data to manipulate outcomes at inference time.
DP-InstaHide: Provably Defusing Poisoning and Backdoor Attacks with Differentially Private Data Augmentations
The InstaHide method has recently been proposed as an alternative to DP training that leverages supposed privacy properties of the mixup augmentation, although without rigorous guarantees.
On the Exploitability of Instruction Tuning
In this work, we investigate how an adversary can exploit instruction tuning by injecting specific instruction-following examples into the training data that intentionally changes the model's behavior.
Measuring Style Similarity in Diffusion Models
We also propose a method to extract style descriptors that can be used to attribute style of a generated image to the images used in the training dataset of a text-to-image model.
Adversarial Examples Make Strong Poisons
The adversarial machine learning literature is largely partitioned into evasion attacks on testing data and poisoning attacks on training data.
Coercing LLMs to do and reveal (almost) anything
It has recently been shown that adversarial attacks on large language models (LLMs) can "jailbreak" the model into making harmful statements.
Stochastic Training is Not Necessary for Generalization
It is widely believed that the implicit regularization of SGD is fundamental to the impressive generalization behavior we observe in neural networks.
Canary in a Coalmine: Better Membership Inference with Ensembled Adversarial Queries
As industrial applications are increasingly automated by machine learning models, enforcing personal data ownership and intellectual property rights requires tracing training data back to their rightful owners.
What do we learn from inverting CLIP models?
We employ an inversion-based approach to examine CLIP models.
Truth or Backpropaganda? An Empirical Investigation of Deep Learning Theory
We empirically evaluate common assumptions about neural networks that are widely held by practitioners and theorists alike.
Autoregressive Perturbations for Data Poisoning
Unfortunately, existing methods require knowledge of both the target architecture and the complete dataset so that a surrogate network can be trained, the parameters of which are used to generate the attack.
How Much Data Are Augmentations Worth? An Investigation into Scaling Laws, Invariance, and Implicit Regularization
Despite the clear performance benefits of data augmentations, little is known about why they are so effective.
Baseline Defenses for Adversarial Attacks Against Aligned Language Models
We find that the weakness of existing discrete optimizers for text, combined with the relatively high costs of optimization, makes standard adaptive attacks more challenging for LLMs.
A Simple and Efficient Baseline for Data Attribution on Images
Our approach serves as a simple and efficient baseline for data attribution on images.
Thinking Two Moves Ahead: Anticipating Other Users Improves Backdoor Attacks in Federated Learning
Federated learning is particularly susceptible to model poisoning and backdoor attacks because individual users have direct control over the training data and model updates.
Generating Potent Poisons and Backdoors from Scratch with Guided Diffusion
As a result, we may be able to craft more potent poisons by carefully choosing the base samples.
What Can We Learn from Unlearnable Datasets?
First, it is widely believed that neural networks trained on unlearnable datasets only learn shortcuts, simpler rules that are not useful for generalization.
Multiframe Motion Coupling for Video Super Resolution
The idea of video super resolution is to use different view points of a single scene to enhance the overall resolution and quality.
Parametric Majorization for Data-Driven Energy Minimization Methods
Energy minimization methods are a classical tool in a multitude of computer vision applications.
Composite Optimization by Nonconvex Majorization-Minimization
A popular class of algorithms for solving such problems are majorization-minimization techniques which iteratively approximate the composite nonconvex function by a majorizing function that is easy to minimize.
WITCHcraft: Efficient PGD attacks with random step size
State-of-the-art adversarial attacks on neural networks use expensive iterative methods and numerous random restarts from different initial points.
Fast Convex Relaxations using Graph Discretizations
We discuss this methodology in detail and show examples in multi-label segmentation by minimal partitions and stereo estimation, where we demonstrate that the proposed graph discretization can reduce runtime as well as memory consumption of convex relaxations of matching problems by up to a factor of 10.
Preventing Unauthorized Use of Proprietary Data: Poisoning for Secure Dataset Release
Large organizations such as social media companies continually release data, for example user images.
Training or Architecture? How to Incorporate Invariance in Neural Networks
Many applications require the robustness, or ideally the invariance, of a neural network to certain transformations of input data.
Is Differentiable Architecture Search truly a One-Shot Method?
In this work, we investigate DAS in a systematic case study of inverse problems, which allows us to analyze these potential benefits in a controlled manner.
DP-InstaHide: Data Augmentations Provably Enhance Guarantees Against Dataset Manipulations
Data poisoning and backdoor attacks manipulate training data to induce security breaches in a victim model.
Protecting Proprietary Data: Poisoning for Secure Dataset Release
These two behaviors can be in conflict as an organization wants to prevent competitors from using their own data to replicate the performance of their proprietary models.
DARTS for Inverse Problems: a Study on Stability
Differentiable architecture search (DARTS) is a widely researched tool for neural architecture search, due to its promising results for image classification.
Poisons that are learned faster are more effective
We advocate for evaluating poisons in terms of peak test accuracy.
A Simple Strategy to Provable Invariance via Orbit Mapping
Many applications require robustness, or ideally invariance, of neural networks to certain transformations of input data.
K-SAM: Sharpness-Aware Minimization at the Speed of SGD
Sharpness-Aware Minimization (SAM) has recently emerged as a robust technique for improving the accuracy of deep neural networks.
Diffusion Art or Digital Forgery? Investigating Data Replication in Diffusion Models
Cutting-edge diffusion models produce images with high quality and customizability, enabling them to be used for commercial art and graphic design purposes.
JPEG Compressed Images Can Bypass Protections Against AI Editing
Recently developed text-to-image diffusion models make it easy to edit or create high-quality images.
A Cookbook of Self-Supervised Learning
Self-supervised learning, dubbed the dark matter of intelligence, is a promising path to advance machine learning.
Seeing in Words: Learning to Classify through Language Bottlenecks
Neural networks for computer vision extract uninterpretable features despite achieving high accuracy on benchmarks.
Augmenters at SemEval-2023 Task 1: Enhancing CLIP in Handling Compositionality and Ambiguity for Zero-Shot Visual WSD through Prompt Augmentation and Text-To-Image Diffusion
SD Sampling uses text-to-image Stable Diffusion to generate multiple images from the given phrase, increasing the likelihood that a subset of images match the one that paired with the text.
Towards Possibilities & Impossibilities of AI-generated Text Detection: A Survey
But in parallel to the development of detection frameworks, researchers have also concentrated on designing strategies to elude detection, i. e., focusing on the impossibilities of AI-generated text detection.
Privacy Backdoors: Enhancing Membership Inference through Poisoning Pre-trained Models
In this paper, we unveil a new vulnerability: the privacy backdoor attack.
