Search Results for author:
Found 23 papers, 11 papers with code
Shallow-Deep Networks: Understanding and Mitigating Network Overthinking
Overthinking is computationally wasteful, and it can also be destructive when, by the final layer, a correct prediction changes into a misclassification.
Security Analysis of Deep Neural Networks Operating in the Presence of Cache Side-Channel Attacks
Based on the extracted architecture attributes, we also demonstrate that an attacker can build a meta-model that accurately fingerprints the architecture and family of the pre-trained model in a transfer learning setting.
A Panda? No, It's a Sloth: Slowdown Attacks on Adaptive Multi-Exit Neural Network Inference
We show that a slowdown attack reduces the efficacy of multi-exit DNNs by 90-100%, and it amplifies the latency by 1. 5-5$\times$ in a typical IoT deployment.
Data Poisoning Won't Save You From Facial Recognition
We demonstrate that this strategy provides a false sense of security, as it ignores an inherent asymmetry between the parties: users' pictures are perturbed once and for all before being published (at which point they are scraped) and must thereafter fool all future models -- including models trained adaptively against the users' past attacks, or models that use technologies discovered after the attack.
Qu-ANTI-zation: Exploiting Quantization Artifacts for Achieving Adversarial Outcomes
Following this framework, we present three attacks we carry out with quantization: (i) an indiscriminate attack for significant accuracy loss; (ii) a targeted attack against specific samples; and (iii) a backdoor attack for controlling the model with an input trigger.
On the Effectiveness of Mitigating Data Poisoning Attacks with Gradient Shaping
In this work, we study the feasibility of an attack-agnostic defense relying on artifacts that are common to all poisoning attacks.
AdamNODEs: When Neural ODE Meets Adaptive Moment Estimation
In this work, we propose adaptive momentum estimation neural ODEs (AdamNODEs) that adaptively control the acceleration of the classical momentum-based approach.
How to 0wn NAS in Your Spare Time
This provides an incentive for adversaries to steal these novel architectures; when used in the cloud, to provide Machine Learning as a Service, the adversaries also have an opportunity to reconstruct the architectures by exploiting a range of hardware side channels.
How to 0wn the NAS in Your Spare Time
New data processing pipelines and novel network architectures increasingly drive the success of deep learning.
Summoning Demons: The Pursuit of Exploitable Bugs in Machine Learning
Governments and businesses increasingly rely on data analytics and machine learning (ML) for improving their competitive edge in areas such as consumer satisfaction, threat intelligence, decision making, and product efficiency.
Terminal Brain Damage: Exposing the Graceless Degradation in Deep Neural Networks Under Hardware Fault Attacks
Deep neural networks (DNNs) have been shown to tolerate "brain damage": cumulative changes to the network's parameters (e. g., pruning, numerical perturbations) typically result in a graceful degradation of classification accuracy.
On the Effectiveness of Regularization Against Membership Inference Attacks
Finally, we quantify the opportunity of future MIAs to compromise privacy by designing a white-box `distance-to-confident' (DtC) metric, based on adversarial sample crafting.
Handcrafted Backdoors in Deep Neural Networks
When machine learning training is outsourced to third parties, $backdoor$ $attacks$ become practical as the third party who trains the model may act maliciously to inject hidden behaviors into the otherwise accurate model.
Constrained scenarios for twenty-first century human population size based on the empirical coupling to economic growth
With 50% higher annual economic growth, population peaks even earlier, in 2056, and declines to below 8 billion by the end of the century.
Truth Serum: Poisoning Machine Learning Models to Reveal Their Secrets
We show that an adversary who can poison a training dataset can cause models trained on this dataset to leak significant private details of training points belonging to other parties.
Mining Causality from Continuous-time Dynamics Models: An Application to Tsunami Forecasting
However, parameterization of dynamics using a neural network makes it difficult for humans to identify causal structures in the data.
Time Series Forecasting with Hypernetworks Generating Parameters in Advance
Forecasting future outcomes from recent time series data is not easy, especially when the future data are different from the past (i. e. time series are under temporal drifts).
Publishing Efficient On-device Models Increases Adversarial Vulnerability
We then show that the vulnerability increases as the similarity between a full-scale and its efficient model increase.
Operator-learning-inspired Modeling of Neural Ordinary Differential Equations
Neural ordinary differential equations (NODEs), one of the most influential works of the differential equation-based deep learning, are to continuously generalize residual networks and opened a new field.
PAC-FNO: Parallel-Structured All-Component Fourier Neural Operators for Recognizing Low-Quality Images
Extensively evaluating methods with seven image recognition benchmarks, we show that the proposed PAC-FNO improves the performance of existing baseline models on images with various resolutions by up to 77. 1% and various types of natural variations in the images at inference.
Diffusion Denoising as a Certified Defense against Clean-label Poisoning
We present a certified defense to clean-label poisoning attacks.
When Do "More Contexts" Help with Sarcasm Recognition?
In this work, we explore the improvements that existing methods bring by incorporating more contexts into a model.
Privacy Backdoors: Enhancing Membership Inference through Poisoning Pre-trained Models
In this paper, we unveil a new vulnerability: the privacy backdoor attack.
