Search Results for author:
Found 18 papers, 10 papers with code
Publishing Efficient On-device Models Increases Adversarial Vulnerability
We then show that the vulnerability increases as the similarity between a full-scale and its efficient model increase.
Time Series Forecasting with Hypernetworks Generating Parameters in Advance
Forecasting future outcomes from recent time series data is not easy, especially when the future data are different from the past (i. e. time series are under temporal drifts).
Mining Causality from Continuous-time Dynamics Models: An Application to Tsunami Forecasting
However, parameterization of dynamics using a neural network makes it difficult for humans to identify causal structures in the data.
AdamNODEs: When Neural ODE Meets Adaptive Moment Estimation
In this work, we propose adaptive momentum estimation neural ODEs (AdamNODEs) that adaptively control the acceleration of the classical momentum-based approach.
Truth Serum: Poisoning Machine Learning Models to Reveal Their Secrets
We show that an adversary who can poison a training dataset can cause models trained on this dataset to leak significant private details of training points belonging to other parties.
Qu-ANTI-zation: Exploiting Quantization Artifacts for Achieving Adversarial Outcomes
Following this framework, we present three attacks we carry out with quantization: (i) an indiscriminate attack for significant accuracy loss; (ii) a targeted attack against specific samples; and (iii) a backdoor attack for controlling the model with an input trigger.
Constrained scenarios for twenty-first century human population size based on the empirical coupling to economic growth
With 50% higher annual economic growth, population peaks even earlier, in 2056, and declines to below 8 billion by the end of the century.
Data Poisoning Won't Save You From Facial Recognition
We demonstrate that this strategy provides a false sense of security, as it ignores an inherent asymmetry between the parties: users' pictures are perturbed once and for all before being published (at which point they are scraped) and must thereafter fool all future models -- including models trained adaptively against the users' past attacks, or models that use technologies discovered after the attack.
Handcrafted Backdoors in Deep Neural Networks
When machine learning training is outsourced to third parties, $backdoor$ $attacks$ become practical as the third party who trains the model may act maliciously to inject hidden behaviors into the otherwise accurate model.
A Panda? No, It's a Sloth: Slowdown Attacks on Adaptive Multi-Exit Neural Network Inference
We show that a slowdown attack reduces the efficacy of multi-exit DNNs by 90-100%, and it amplifies the latency by 1. 5-5$\times$ in a typical IoT deployment.
On the Effectiveness of Regularization Against Membership Inference Attacks
Finally, we quantify the opportunity of future MIAs to compromise privacy by designing a white-box `distance-to-confident' (DtC) metric, based on adversarial sample crafting.
How to 0wn the NAS in Your Spare Time
New data processing pipelines and novel network architectures increasingly drive the success of deep learning.
On the Effectiveness of Mitigating Data Poisoning Attacks with Gradient Shaping
In this work, we study the feasibility of an attack-agnostic defense relying on artifacts that are common to all poisoning attacks.
How to 0wn NAS in Your Spare Time
This provides an incentive for adversaries to steal these novel architectures; when used in the cloud, to provide Machine Learning as a Service, the adversaries also have an opportunity to reconstruct the architectures by exploiting a range of hardware side channels.
Terminal Brain Damage: Exposing the Graceless Degradation in Deep Neural Networks Under Hardware Fault Attacks
Deep neural networks (DNNs) have been shown to tolerate "brain damage": cumulative changes to the network's parameters (e. g., pruning, numerical perturbations) typically result in a graceful degradation of classification accuracy.
Shallow-Deep Networks: Understanding and Mitigating Network Overthinking
Overthinking is computationally wasteful, and it can also be destructive when, by the final layer, a correct prediction changes into a misclassification.
Security Analysis of Deep Neural Networks Operating in the Presence of Cache Side-Channel Attacks
Based on the extracted architecture attributes, we also demonstrate that an attacker can build a meta-model that accurately fingerprints the architecture and family of the pre-trained model in a transfer learning setting.
Summoning Demons: The Pursuit of Exploitable Bugs in Machine Learning
Governments and businesses increasingly rely on data analytics and machine learning (ML) for improving their competitive edge in areas such as consumer satisfaction, threat intelligence, decision making, and product efficiency.
