Search Results for author:
Found 83 papers, 47 papers with code
Private Attribute Inference from Images with Vision-Language Models
As large language models (LLMs) become ubiquitous in our daily tasks and digital interactions, associated privacy risks are increasingly in focus.
Overcoming the Paradox of Certified Training with Gaussian Smoothing
Training neural networks with high certified accuracy against adversarial examples remains an open problem despite significant efforts.
SPEAR:Exact Gradient Inversion of Batches in Federated Learning
In this work, we propose \emph{the first algorithm reconstructing whole batches with $b >1$ exactly}.
Watermark Stealing in Large Language Models
LLM watermarking has attracted attention as a promising way to detect AI-generated content, with some works suggesting that current schemes may already be fit for deployment.
Large Language Models are Advanced Anonymizers
Recent work in privacy research on large language models has shown that they achieve near human-level performance at inferring personal data from real-world online texts.
DeepCode AI Fix: Fixing Security Vulnerabilities with Large Language Models
We show that the task is difficult as it requires the model to learn long-range code relationships, a task that inherently relies on extensive amounts of training data.
Instruction Tuning for Secure Code Generation
However, existing instruction tuning schemes overlook a crucial aspect: the security of generated code.
Guiding LLMs The Right Way: Fast, Non-Invasive Constrained Generation
To ensure that text generated by large language models (LLMs) is in an expected format, constrained decoding proposes to enforce strict formal language constraints during generation.
Evading Data Contamination Detection for Language Models is (too) Easy
Large language models are widespread, with their performance on benchmarks frequently guiding user preferences for one model over another.
Controlled Text Generation via Language Model Arithmetic
In addition, the framework allows for more precise control of generated text than direct prompting and prior controlled text generation (CTG) techniques.
From Principle to Practice: Vertical Data Minimization for Machine Learning
We propose a novel vertical DM (vDM) workflow based on data generalization, which by design ensures that no full-resolution client data is collected during training and deployment of models, benefiting client privacy by reducing the attack surface in case of a breach.
Automated Classification of Model Errors on ImageNet
To address this, new label-sets and evaluation protocols have been proposed for ImageNet showing that state-of-the-art models already achieve over 95% accuracy and shifting the focus on investigating why the remaining errors persist.
Prompt Sketching for Large Language Models
This way, sketching grants users more control over the generation process, e. g., by providing a reasoning framework via intermediate instructions, leading to better overall results.
Expressivity of ReLU-Networks under Convex Relaxations
We show that: (i) more advanced relaxations allow a larger class of univariate functions to be expressed as precisely analyzable ReLU networks, (ii) more precise relaxations can allow exponentially larger solution spaces of ReLU networks encoding the same functions, and (iii) even using the most precise single-neuron relaxations, it is impossible to construct precisely analyzable ReLU networks that express multivariate, convex, monotone CPWL functions.
Beyond Memorization: Violating Privacy Via Inference with Large Language Models
In this work, we present the first comprehensive study on the capabilities of pretrained LLMs to infer personal attributes from text.
CuTS: Customizable Tabular Synthetic Data Generation
To ensure high synthetic data quality in the presence of custom specifications, CuTS is pre-trained on the original dataset and fine-tuned on a differentiable loss automatically derived from the provided specifications using novel relaxations.
Understanding Certified Training with Interval Bound Propagation
We, then, derive sufficient and necessary conditions on weight matrices for IBP bounds to become exact and demonstrate that these impose strong regularization, explaining the empirically observed trade-off between robustness and accuracy in certified training.
Hiding in Plain Sight: Disguising Data Stealing Attacks in Federated Learning
Malicious server (MS) attacks have enabled the scaling of data stealing in federated learning to large batch sizes and secure aggregation, settings previously considered private.
Self-contradictory Hallucinations of Large Language Models: Evaluation, Detection and Mitigation
Large language models (large LMs) are susceptible to producing text that contains hallucinated content.
Hallucination Pair-wise Detection (1-ref)
Informativeness
+2
TAPS: Connecting Certified and Adversarial Training
Training certifiably robust neural networks remains a notoriously hard problem.
Efficient Certified Training and Robustness Verification of Neural ODEs
Neural Ordinary Differential Equations (NODEs) are a novel neural architecture, built around initial value problems with learned dynamics which are solved during inference.
Large Language Models for Code: Security Hardening and Adversarial Testing
The task is parametric and takes as input a binary property to guide the LM to generate secure or unsafe code, while preserving the LM's capability of generating functionally correct code.
Human-Guided Fair Classification for Natural Language Processing
While existing research has started to address this gap, current methods are based on hardcoded word replacements, resulting in specifications with limited expressivity or ones that fail to fully align with human intuition (e. g., in cases of asymmetric counterfactuals).
Prompting Is Programming: A Query Language for Large Language Models
We show that LMQL can capture a wide range of state-of-the-art prompting methods in an intuitive way, especially facilitating interactive flows that are challenging to implement with existing high-level APIs.
Private and Reliable Neural Network Inference
We employ these building blocks to enable privacy-preserving NN inference with robustness and fairness guarantees in a system called Phoenix.
Learning to Configure Computer Networks with Neural Algorithmic Reasoning
We present a new method for scaling automatic configuration of computer networks.
FARE: Provably Fair Representation Learning with Practical Certificates
To produce a practical certificate, we develop and apply a statistical procedure that computes a finite sample high-confidence upper bound on the unfairness of any downstream classifier trained on FARE embeddings.
Certified Training: Small Boxes are All You Need
To obtain, deterministic guarantees of adversarial robustness, specialized training methods are used.
TabLeak: Tabular Data Leakage in Federated Learning
A successful attack for tabular data must address two key challenges unique to the domain: (i) obtaining a solution to a high-variance mixed discrete-continuous optimization problem, and (ii) enabling human assessment of the reconstruction as unlike for image and text data, direct human inspection is not possible.
Data Leakage in Federated Averaging
On the popular FEMNIST dataset, we demonstrate that on average we successfully recover >45% of the client's images from realistic FedAvg updates computed on 10 local epochs of 10 batches each with 5 images, compared to only <10% using the baseline.
(De-)Randomized Smoothing for Decision Stump Ensembles
Whereas most prior work on randomized smoothing focuses on evaluating arbitrary base models approximately under input randomization, the key insight of our work is that decision stump ensembles enable exact yet efficient evaluation via dynamic programming.
Complete Verification via Multi-Neuron Relaxation Guided Branch-and-Bound
State-of-the-art neural network verifiers are fundamentally based on one of two paradigms: either encoding the whole verification problem via tight multi-neuron convex relaxations or applying a Branch-and-Bound (BaB) procedure leveraging imprecise but fast bounding methods on a large number of easier subproblems.
On Distribution Shift in Learning-based Bug Detectors
To address this key challenge, we propose to train a bug detector in two phases, first on a synthetic bug distribution to adapt the model to the bug detection domain, and then on a real bug distribution to drive the model towards the real distribution.
Robust and Accurate -- Compositional Architectures for Randomized Smoothing
Randomized Smoothing (RS) is considered the state-of-the-art approach to obtain certifiably robust models for challenging tasks.
LAMP: Extracting Text from Gradients with Language Model Priors
Recent work shows that sensitive user data can be reconstructed from gradient updates, breaking the key privacy promise of federated learning.
The Fundamental Limits of Interval Arithmetic for Neural Networks
Interval analysis (or interval bound propagation, IBP) is a popular technique for verifying and training provably robust deep neural networks, a fundamental challenge in the area of reliable machine learning.
Latent Space Smoothing for Individually Fair Representations
This enables us to learn individually fair representations that map similar individuals close together by using adversarial training to minimize the distance between their representations.
Bayesian Framework for Gradient Leakage
We demonstrate that existing leakage attacks can be seen as approximations of this optimal adversary with different assumptions on the probability distributions of the input data and gradients.
Abstract Interpretation of Fixpoint Iterators with Applications to Neural Networks
We present a new abstract interpretation framework for the precise over-approximation of numerical fixpoint iterators.
Avoiding Robust Misclassifications for Improved Robustness without Accuracy Loss
Our results show that our method effectively reduces robust and inaccurate samples by up to 97. 28%.
Shared Certificates for Neural Network Verification
We perform an extensive experimental evaluation to demonstrate the effectiveness of shared certificates in reducing the verification cost on a range of datasets and attack specifications on image classifiers including the popular patch and geometric perturbations.
TFix: Learning to Fix Coding Errors with a Text-to-Text Transformer
The problem of fixing errors in programs has attracted substantial interest over the years.
Ranked #1 on
Program Repair
on TFix's Code Patches Data
Scalable Certified Segmentation via Randomized Smoothing
We present a new certification method for image and point cloud segmentation based on randomized smoothing.
Boosting Randomized Smoothing with Variance Reduced Classifiers
Randomized Smoothing (RS) is a promising method for obtaining robustness certificates by evaluating a base model under noise.
Fair Normalizing Flows
Fair representation learning is an attractive approach that promises fairness of downstream predictors by encoding sensitive data.
Robustness Certification for Point Cloud Models
In this work, we address this challenge and introduce 3DCertify, the first verifier able to certify the robustness of point cloud models.
PRIMA: General and Precise Neural Network Certification via Scalable Convex Hull Approximations
Formal verification of neural networks is critical for their safe adoption in real-world applications.
Automated Discovery of Adaptive Attacks on Adversarial Defenses
Reliable evaluation of adversarial defenses is a challenging task, currently limited to an expert who manually crafts attacks that exploit the defense's inner workings or approaches based on an ensemble of fixed attacks, none of which may be effective for the specific defense at hand.
On the Paradox of Certified Training
Certified defenses based on convex relaxations are an established technique for training provably robust models.
Boosting Certified Robustness of Deep Networks via a Compositional Architecture
In this work, we propose a new architecture which addresses this challenge and enables one to boost the certified robustness of any state-of-the-art deep network, while controlling the overall accuracy loss, without requiring retraining.
PODS: Policy Optimization via Differentiable Simulation
Current reinforcement learning (RL) methods use simulation models as simple black-box oracles.
Efficient Certification of Spatial Robustness
Recent work has exposed the vulnerability of computer vision models to vector field attacks.
zkay v0.2: Practical Data Privacy for Smart Contracts
Recent work introduces zkay, a system for specifying and enforcing data privacy in smart contracts.
Programming Languages Cryptography and Security
Provably Robust Adversarial Examples
We introduce the concept of provably robust adversarial examples for deep neural networks - connected input regions constructed from standard adversarial examples which are guaranteed to be robust to a set of real-world perturbations (such as changes in pixel intensity and geometric transformations).
Scaling Polyhedral Neural Network Verification on GPUs
GPUPoly scales to large networks: for example, it can prove the robustness of a 1M neuron, 34-layer deep residual network in approximately 34. 5 ms. We believe GPUPoly is a promising step towards practical verification of real-world neural networks.
Scalable Polyhedral Verification of Recurrent Neural Networks
We present a scalable and precise verifier for recurrent neural networks, called Prover based on two novel ideas: (i) a method to compute a set of polyhedral abstractions for the non-convex and nonlinear recurrent update functions by combining sampling, optimization, and Fermat's theorem, and (ii) a gradient descent based algorithm for abstraction refinement guided by the certification problem that combines multiple abstractions for each neuron.
Adversarial Training and Provable Defenses: Bridging the Gap
We experimentally show that this training method, named convex layerwise adversarial training (COLT), is promising and achieves the best of both worlds -- it produces a state-of-the-art neural network with certified robustness of 60. 5% and accuracy of 78. 4% on the challenging CIFAR-10 dataset with a 2/255 L-infinity perturbation.
Guiding Program Synthesis by Learning to Generate Examples
A key challenge of existing program synthesizers is ensuring that the synthesized program generalizes well.
Robustness Certification of Generative Models
Generative neural networks can be used to specify continuous transformations between images via latent-space interpolation.
Adversarial Attacks on Probabilistic Autoregressive Forecasting Models
We develop an effective generation of adversarial attacks on neural models that output a sequence of probability distributions rather than a sequence of single values.
Certified Defense to Image Transformations via Randomized Smoothing
We extend randomized smoothing to cover parameterized transformations (e. g., rotations, translations) and certify robustness in the parameter space (e. g., rotation angle).
Learning Certified Individually Fair Representations
That is, our method enables the data producer to learn and certify a representation where for a data point all similar individuals are at $\ell_\infty$-distance at most $\epsilon$, thus allowing data consumers to certify individual fairness by proving $\epsilon$-robustness of their classifier.
Adversarial Robustness for Code
Machine learning and deep learning in particular has been recently used to successfully address many tasks in the domain of code such as finding and fixing bugs, code completion, decompilation, type inference and many others.
Learning to Infer User Interface Attributes from Images
We explore a new domain of learning to infer user interface attributes that helps developers automate the process of user interface implementation.
Certifying Geometric Robustness of Neural Networks
The use of neural networks in safety-critical computer vision systems calls for their robustness certification against natural geometric transformations (e. g., rotation, scaling).
Beyond the Single Neuron Convex Barrier for Neural Network Certification
We propose a new parametric framework, called k-ReLU, for computing precise and scalable convex relaxations used to certify neural networks.
Online Robustness Training for Deep Reinforcement Learning
In deep reinforcement learning (RL), adversarial attacks can trick an agent into unwanted states and disrupt training.
Universal Approximation with Certified Networks
To the best of our knowledge, this is the first work to prove the existence of accurate, interval-certified networks.
Certifying Neural Network Audio Classifiers
We present the first end-to-end verifier of audio classifiers.
Verification of Generative-Model-Based Visual Transformations
Generative networks are promising models for specifying visual transformations.
Statistical Verification of General Perturbations by Gaussian Smoothing
We present a novel statistical certification method that generalizes prior work based on smoothing to handle richer perturbations.
DL2: Training and Querying Neural Networks with Logic
We present DL2, a system for training and querying neural networks with logical constraints.
Robustness Certification with Refinement
We present a novel approach for verification of neural networks which combines scalable over-approximation methods with precise (mixed integer) linear programming.
A Provable Defense for Deep Residual Networks
We present a training system, which can provably defend significantly larger neural networks than previously possible, including ResNet-34 and DenseNet-100.
Fast and Effective Robustness Certification
We present a new method and system, called DeepZ, for certifying neural network robustness based on abstract interpretation.
Distilled Agent DQN for Provable Adversarial Robustness
As deep neural networks have become the state of the art for solving complex reinforcement learning tasks, susceptibility to perceptual adversarial examples have become a concern.
Training Neural Machines with Trace-Based Supervision
We investigate the effectiveness of trace-based supervision methods for training existing neural abstract machines.
Differentiable Abstract Interpretation for Provably Robust Neural Networks
We introduce a scalable method for training robust neural networks based on abstract interpretation.
Securify: Practical Security Analysis of Smart Contracts
To address this problem, we present Securify, a security analyzer for Ethereum smart contracts that is scalable, fully automated, and able to prove contract behaviors as safe/unsafe with respect to a given property.
Cryptography and Security
Training Neural Machines with Partial Traces
We present a novel approach for training neural abstract architectures which in- corporates (partial) supervision over the machine’s interpretable components.
Learning Disjunctions of Predicates
Our algorithm asks at most $|F| \cdot OPT(F_\vee)$ membership queries where $OPT(F_\vee)$ is the minimum worst case number of membership queries for learning $F_\vee$.
Learning a Static Analyzer from Data
In this paper we present a new, automated approach for creating static analyzers: instead of manually providing the various inference rules of the analyzer, the key idea is to learn these rules from a dataset of programs.
