Search Results for author:
Found 33 papers, 8 papers with code
Privacy-preserving Adversarial Facial Features
In this paper, we propose an adversarial features-based face privacy protection (AdvFace) approach to generate privacy-preserving adversarial features, which can disrupt the mapping from adversarial features to facial images to defend against reconstruction attacks.
ANetQA: A Large-scale Benchmark for Fine-grained Compositional Reasoning over Untrimmed Videos
A recent benchmark AGQA poses a promising paradigm to generate QA pairs automatically from pre-annotated scene graphs, enabling it to measure diverse reasoning abilities with granular control.
False Claims against Model Ownership Resolution
Our core idea is that a malicious accuser can deviate (without detection) from the specified MOR process by finding (transferable) adversarial examples that successfully serve as evidence against independent suspect models.
GLOW: Global Layout Aware Attacks on Object Detection
More desired attacks, to this end, should be able to fool defenses with such consistency checks.
Adaptive State-Dependent Diffusion for Derivative-Free Optimization
This paper develops and analyzes a stochastic derivative-free optimization strategy.
Towards Transferable Targeted Adversarial Examples
In this paper, we propose the Transferable Targeted Adversarial Attack (TTAA), which can capture the distribution information of the target class from both label-wise and feature-wise perspectives, to generate highly transferable targeted adversarial examples.
Purifier: Defending Data Inference Attacks via Transforming Confidence Scores
Besides, our further experiments show that PURIFIER is also effective in defending adversarial model inversion attacks and attribute inference attacks.
Masked Autoencoders for Egocentric Video Understanding @ Ego4D Challenge 2022
In this report, we present our approach and empirical results of applying masked autoencoders in two egocentric video understanding tasks, namely, Object State Change Classification and PNR Temporal Localization, of Ego4D Challenge 2022.
FedTracker: Furnishing Ownership Verification and Traceability for Federated Learning Model
Copyright protection of the Federated Learning (FL) model has become a major concern since malicious clients in FL can stealthily distribute or sell the FL model to other parties.
Privacy-Utility Balanced Voice De-Identification Using Adversarial Examples
In this paper, we propose a voice de-identification system, which uses adversarial examples to balance the privacy and utility of voice services.
Data-Driven Joint Inversions for PDE Models
The task of simultaneously reconstructing multiple physical coefficients in partial differential equations from observed data is ubiquitous in applications.
OpBoost: A Vertical Federated Tree Boosting Framework Based on Order-Preserving Desensitization
Although the solution based on Local Differential Privacy (LDP) addresses the above problems, it leads to the low accuracy of the trained model.
Task-aware Similarity Learning for Event-triggered Time Series
The proposed framework aspires to offer a stepping stone that gives rise to a systematic approach to model and learn similarities among a multitude of event-triggered time series.
Vanilla Feature Distillation for Improving the Accuracy-Robustness Trade-Off in Adversarial Training
However, most existing works are still trapped in the dilemma between higher accuracy and stronger robustness since they tend to fit a model towards robust features (not easily tampered with by adversaries) while ignoring those non-robust but highly predictive features.
An Algebraically Converging Stochastic Gradient Descent Algorithm for Global Optimization
With this, we prove the global convergence of the algorithm with an algebraic rate both in probability and in the parameter space.
Fairness-aware Adversarial Perturbation Towards Bias Mitigation for Deployed Deep Models
Prioritizing fairness is of central importance in artificial intelligence (AI) systems, especially for those societal applications, e. g., hiring systems should recommend applicants equally from different demographic groups, and risk assessment systems must eliminate racism in criminal justice.
Backdoor Defense via Decoupling the Training Process
Recent studies have revealed that deep neural networks (DNNs) are vulnerable to backdoor attacks, where attackers embed hidden backdoors in the DNN model by poisoning a few training samples.
A Generalized Weighted Optimization Method for Computational Learning and Inversion
The generalization capacity of various machine learning models exhibits different phenomena in the under- and over-parameterized regimes.
"Adversarial Examples" for Proof-of-Learning
Jia et al. claimed that an adversary merely knowing the final model and training dataset cannot efficiently find a set of intermediate models with correct data points.
Feature Importance-aware Transferable Adversarial Attacks
More specifically, we obtain feature importance by introducing the aggregate gradient, which averages the gradients with respect to feature maps of the source model, computed on a batch of random transforms of the original clean image.
A range characterization of the single-quadrant ADRT
The range characterization is obtained by first showing that the ADRT is a bijection between images supported on infinite half-strips, then identifying the linear subspaces that stay finitely supported under the inversion formula.
Injecting Reliable Radio Frequency Fingerprints Using Metasurface for The Internet of Things
Our proposed solution, Metasurface RF-Fingerprinting Injection (MeRFFI), is to inject a carefully-designed radio frequency fingerprint into the wireless physical layer that can increase the security of a stationary IoT device with minimal overhead.
Towards Understanding the Adversarial Vulnerability of Skeleton-based Action Recognition
We first formulate generation of adversarial skeleton actions as a constrained optimization problem by representing or approximating the physiological and physical constraints with mathematical formulations.
Adversary Helps: Gradient-based Device-Free Domain-Independent Gesture Recognition
Wireless signal-based gesture recognition has promoted the developments of VR game, smart home, etc.
Learn to Forget: Machine Unlearning via Neuron Masking
To this end, machine unlearning becomes a popular research topic, which allows users to eliminate memorization of their private data from a trained machine learning model. In this paper, we propose the first uniform metric called for-getting rate to measure the effectiveness of a machine unlearning method.
The quadratic Wasserstein metric for inverse data matching
This work characterizes, analytically and numerically, two major effects of the quadratic Wasserstein ($W_2$) distance as the measure of data discrepancy in computational solutions of inverse problems.
Data Poisoning Attack against Knowledge Graph Embedding
Knowledge graph embedding (KGE) is a technique for learning continuous embeddings for entities and relations in the knowledge graph. Due to its benefit to a variety of downstream tasks such as knowledge graph completion, question answering and recommendation, KGE has gained significant attention recently.
PointCloud Saliency Maps
Our motivation for constructing a saliency map is by point dropping, which is a non-differentiable operator.
Is PGD-Adversarial Training Necessary? Alternative Training via a Soft-Quantization Network with Noisy-Natural Samples Only
In this paper, we give a negative answer by proposing a training paradigm that is comparable to PGD adversarial training on several standard datasets, while only using noisy-natural samples.
Towards Differentially Private Truth Discovery for Crowd Sensing Systems
To better utilize sensory data, the problem of truth discovery, whose goal is to estimate user quality and infer reliable aggregated results through quality-aware data aggregation, has emerged as a hot topic.
WiPIN: Operation-free Passive Person Identification Using Wi-Fi Signals
Wi-Fi signals-based person identification attracts increasing attention in the booming Internet-of-Things era mainly due to its pervasiveness and passiveness.
Distributionally Adversarial Attack
Recent work on adversarial attack has shown that Projected Gradient Descent (PGD) Adversary is a universal first-order adversary, and the classifier adversarially trained by PGD is robust against a wide range of first-order attacks.
Android HIV: A Study of Repackaging Malware for Evading Machine-Learning Detection
In contrast to existing works, the adversarial examples crafted by our method can also deceive recent machine learning based detectors that rely on semantic features such as control-flow-graph.
Cryptography and Security
