Search Results for author:
Found 38 papers, 16 papers with code
Adversarial Agents: Black-Box Evasion Attacks with Reinforcement Learning
Reinforcement learning (RL) offers powerful techniques for solving complex sequential decision-making tasks from experience.
Targeting Alignment: Extracting Safety Classifiers of Aligned LLMs
We observe that alignment embeds a safety classifier in the target model that is responsible for deciding between refusal and compliance.
Err on the Side of Texture: Texture Bias on Real Data
Bias significantly undermines both the accuracy and trustworthiness of machine learning models.
AutoDAN-Turbo: A Lifelong Agent for Strategy Self-Exploration to Jailbreak LLMs
In this paper, we propose AutoDAN-Turbo, a black-box jailbreak method that can automatically discover as many jailbreak strategies as possible from scratch, without any human intervention or predefined scopes (e. g., specified candidate strategies), and use them for red-teaming.
On Synthetic Texture Datasets: Challenges, Creation, and Curation
Through this, we create the Prompted Textures Dataset (PTD), a dataset of 362, 880 texture images that span 56 textures.
Explorations in Texture Learning
In this work, we investigate \textit{texture learning}: the identification of textures learned by object classification models, and the extent to which they rely on these textures.
A New Era in LLM Security: Exploring Security Concerns in Real-World LLM-based Systems
Large Language Model (LLM) systems are inherently compositional, with individual LLM serving as the core foundation with additional layers of objects such as plugins, sandbox, and so on.
Mitigating Fine-tuning based Jailbreak Attack with Backdoor Enhanced Safety Alignment
In particular, service providers will construct prefixed safety examples with a secret prompt, acting as a "backdoor trigger".
The Efficacy of Transformer-based Adversarial Attacks in Security Domains
The transferability of these adversarial examples is measured by evaluating each set on other models to determine which models offer more adversarial strength, and consequently, more robustness against these attacks.
The Space of Adversarial Strategies
From our evaluation we find that attack performance to be highly contextual: the domain, model robustness, and threat model can have a profound influence on attack efficacy.
Adversarial Plannning
We evaluate the performance of the algorithms against two dominant planning algorithms used in commercial applications (D* Lite and Fast Downward) and show both are vulnerable to extremely limited adversarial action.
A Machine Learning and Computer Vision Approach to Geomagnetic Storm Forecasting
They result from high sun activity, which are induced from cool areas on the Sun known as sunspots.
HoneyModels: Machine Learning Honeypots
To harden these systems the ever-growing field of Adversarial Machine Learning has proposed new attack and defense mechanisms.
Improving Radioactive Material Localization by Leveraging Cyber-Security Model Optimizations
With four and eight detector arrays, we collect counts of gamma-rays as features for a suite of machine learning models to localize radioactive material.
On the Robustness of Domain Constraints
Machine learning is vulnerable to adversarial examples-inputs designed to cause models to perform poorly.
Adversarial Examples in Constrained Domains
To assess how these algorithms perform, we evaluate them in constrained (e. g., network intrusion detection) and unconstrained (e. g., image recognition) domains.
IoTRepair: Systematically Addressing Device Faults in Commodity IoT (Extended Paper)
IoT devices are decentralized and deployed in un-stable environments, which causes them to be prone to various kinds of faults, such as device failure and network disruption.
Software Engineering Performance
Real-time Analysis of Privacy-(un)aware IoT Applications
We designed and built IoTWatcH based on an IoT privacy survey that considers the privacy needs of IoT users.
KRATOS: Multi-User Multi-Device-Aware Access Control System for the Smart Home
Users can specify their desired access control settings using the interaction module which are translated into access control policies in the backend server.
Cryptography and Security
How Relevant is the Turing Test in the Age of Sophisbots?
Popular culture has contemplated societies of thinking machines for generations, envisioning futures from utopian to dystopian.
IoTSan: Fortifying the Safety of IoT Systems
In this paper, we design IoTSan, a novel practical system that uses model checking as a building block to reveal "interaction-level" flaws by identifying events that can lead the system to unsafe states.
Cryptography and Security
Program Analysis of Commodity IoT Applications for Security and Privacy: Challenges and Opportunities
Based on a study of five IoT programming platforms, we identify the key insights resulting from works in both the program analysis and security communities and relate the efficacy of program-analysis techniques to security and privacy issues.
Cryptography and Security Programming Languages
Deep k-Nearest Neighbors: Towards Confident, Interpretable and Robust Deep Learning
However, deep learning is often criticized for its lack of robustness in adversarial settings (e. g., vulnerability to adversarial inputs) and general inability to rationalize its predictions.
Sensitive Information Tracking in Commodity IoT
Through this effort, we introduce a rigorously grounded framework for evaluating the use of sensitive information in IoT apps---and therein provide developers, markets, and consumers a means of identifying potential threats to security and privacy.
Cryptography and Security Programming Languages
Ensemble Adversarial Training: Attacks and Defenses
We show that this form of adversarial training converges to a degenerate global minimum, wherein small curvature artifacts near the data points obfuscate a linear approximation of the loss.
Extending Defensive Distillation
Machine learning is vulnerable to adversarial examples: inputs carefully modified to force misclassification.
The Space of Transferable Adversarial Examples
Adversarial examples are maliciously perturbed inputs designed to mislead machine learning (ML) models at test-time.
On the (Statistical) Detection of Adversarial Examples
Specifically, we augment our ML model with an additional output, in which the model is trained to classify all adversarial inputs.
Patient-Driven Privacy Control through Generalized Distillation
In this paper, we present privacy distillation, a mechanism which allows patients to control the type and amount of information they wish to disclose to the healthcare providers for use in statistical models.
Towards the Science of Security and Privacy in Machine Learning
Advances in machine learning (ML) in recent years have enabled a dizzying array of applications such as data analytics, autonomous systems, and security diagnostics.
Technical Report on the CleverHans v2.1.0 Adversarial Examples Library
An adversarial example library for constructing attacks, building defenses, and benchmarking both
Adversarial Perturbations Against Deep Neural Networks for Malware Classification
Deep neural networks, like many other machine learning models, have recently been shown to lack robustness against adversarially crafted inputs.
Transferability in Machine Learning: from Phenomena to Black-Box Attacks using Adversarial Samples
We demonstrate our attacks on two commercial machine learning classification systems from Amazon (96. 19% misclassification rate) and Google (88. 94%) using only 800 queries of the victim model, thereby showing that existing machine learning approaches are in general vulnerable to systematic black-box attacks regardless of their structure.
Crafting Adversarial Input Sequences for Recurrent Neural Networks
Machine learning models are frequently used to solve complex security problems, as well as to make decisions in sensitive situations like guiding autonomous vehicles or predicting financial market behaviors.
Detection under Privileged Information
In this paper, we consider an alternate learning approach that trains models using "privileged" information--features available at training time but not at runtime--to improve the accuracy and resilience of detection systems.
Practical Black-Box Attacks against Machine Learning
Our attack strategy consists in training a local model to substitute for the target DNN, using inputs synthetically generated by an adversary and labeled by the target DNN.
The Limitations of Deep Learning in Adversarial Settings
In this work, we formalize the space of adversaries against deep neural networks (DNNs) and introduce a novel class of algorithms to craft adversarial samples based on a precise understanding of the mapping between inputs and outputs of DNNs.
Distillation as a Defense to Adversarial Perturbations against Deep Neural Networks
In this work, we introduce a defensive mechanism called defensive distillation to reduce the effectiveness of adversarial samples on DNNs.
