Search Results for author:
Found 52 papers, 29 papers with code
Exposing Product Bias in LLM Investment Recommendation
In this paper, we reveal a novel product bias in LLM investment recommendation, where LLMs exhibit systematic preferences for specific products.
Safety at Scale: A Comprehensive Survey of Large Model Safety
The rapid advancement of large models, driven by their exceptional abilities in learning and generalization through large-scale pre-training, has reshaped the landscape of Artificial Intelligence (AI).
Unveiling Provider Bias in Large Language Models for Code Generation
Large Language Models (LLMs) have emerged as the new recommendation engines, outperforming traditional methods in both capability and scope, particularly in code generation applications.
MLLM-as-a-Judge for Image Safety without Human Labeling
To address these challenges, we propose a MLLM-based method includes objectifying safety rules, assessing the relevance between rules and images, making quick judgments based on debiased token probabilities with logically complete yet simplified precondition chains for safety rules, and conducting more in-depth reasoning with cascaded chain-of-thought processes if necessary.
Token-Budget-Aware LLM Reasoning
Reasoning is critical for large language models (LLMs) to excel in a wide range of tasks.
Continuous Concepts Removal in Text-to-image Diffusion Models
Text-to-image diffusion models have shown an impressive ability to generate high-quality images from input textual descriptions.
Bias Similarity Across Large Language Models
In generative AI, such as Large Language Models, the impact of bias is even more profound compared to the classification models.
Speculative Coreset Selection for Task-Specific Fine-tuning
Task-specific fine-tuning is essential for the deployment of large language models (LLMs), but it requires significant computational resources and time.
Data-centric NLP Backdoor Defense from the Lens of Memorization
Backdoor attack is a severe threat to the trustworthiness of DNN-based language models.
Unlocking Adversarial Suffix Optimization Without Affirmative Phrases: Efficient Black-box Jailbreaking via LLM as Optimizer
Moreover, ECLIPSE is on par with template-based methods in ASR while offering superior attack efficiency, reducing the average attack overhead by 83%.
UNIT: Backdoor Mitigation via Automated Neural Distribution Tightening
While existing works have proposed various methods to mitigate backdoor effects in poisoned models, they tend to be less effective against recent advanced attacks.
Uncertainty is Fragile: Manipulating Uncertainty in Large Language Models
We demonstrate that an attacker can embed a backdoor in LLMs, which, when activated by a specific trigger in the input, manipulates the model's uncertainty without affecting the final output.
Efficient DNN-Powered Software with Fair Sparse Models
With the emergence of the Software 3. 0 era, there is a growing trend of compressing and integrating large models into software systems, with significant societal implications.
MeanSparse: Post-Training Robustness Enhancement Through Mean-Centered Feature Sparsification
We present a simple yet effective method to improve the robustness of both Convolutional and attention-based Neural Networks against adversarial examples by post-processing an adversarially trained model.
Towards General Robustness Verification of MaxPool-based Convolutional Neural Networks via Tightening Linear Approximation
The results show that MaxLin outperforms state-of-the-art tools with up to 110. 60% improvement regarding the certified lower bound and 5. 13 $\times$ speedup for the same neural networks.
Towards Imperceptible Backdoor Attack in Self-supervised Learning
In this paper, we propose an imperceptible and effective backdoor attack against self-supervised models.
How to Trace Latent Generative Model Generated Images without Artificial Watermark?
To study this problem, we design a latent inversion based method called LatentTracer to trace the generated images of the inspected model by checking if the examined images can be well-reconstructed with an inverted latent input.
LOTUS: Evasive and Resilient Backdoor Attacks through Sub-Partitioning
Backdoor attack poses a significant security threat to Deep Learning applications.
SoK: Challenges and Opportunities in Federated Unlearning
This SoK paper aims to take a deep look at the \emph{federated unlearning} literature, with the goal of identifying research trends and challenges in this emerging field.
Rapid Optimization for Jailbreaking LLMs via Subconscious Exploitation and Echopraxia
Large Language Models (LLMs) have become prevalent across diverse sectors, transforming human life with their extraordinary reasoning and comprehension abilities.
DREAM: Debugging and Repairing AutoML Pipelines
In response to the challenge of model design, researchers proposed Automated Machine Learning (AutoML) systems, which automatically search for model architecture and hyperparameters for a given task.
Elijah: Eliminating Backdoors Injected in Diffusion Models via Distribution Shift
Diffusion models (DM) have become state-of-the-art generative models because of their capability to generate high-quality images from noises without adversarial training.
DIAGNOSIS: Detecting Unauthorized Data Usages in Text-to-image Diffusion Models
To address this issue, we propose a method for detecting such unauthorized data usage by planting the injected memorization into the text-to-image diffusion models trained on the protected dataset.
Alteration-free and Model-agnostic Origin Attribution of Generated Images
To overcome this problem, we first develop an alteration-free and model-agnostic origin attribution method via input reverse-engineering on image generation models, i. e., inverting the input of a particular model for a specific image.
NOTABLE: Transferable Backdoor Attacks Against Prompt-based NLP Models
Such attacks can be easily affected by retraining on downstream tasks and with different prompting strategies, limiting the transferability of backdoor attacks.
CILIATE: Towards Fairer Class-based Incremental Learning by Dataset and Training Refinement
The common practice leverages incremental learning (IL), e. g., Class-based Incremental Learning (CIL) that updates output labels, to update the model with new data and a limited number of old data.
UNICORN: A Unified Backdoor Trigger Inversion Framework
Then, it proposes a unified framework to invert backdoor triggers based on the formalization of triggers and the identified inner behaviors of backdoor models from our analysis.
Detecting Backdoors in Pre-trained Encoders
We show the effectiveness of our method on image encoders pre-trained on ImageNet and OpenAI's CLIP 400 million image-text pairs.
Gradient Shaping: Enhancing Backdoor Attack Against Reverse Engineering
Finally, we perform both theoretical and experimental analysis, showing that the GRASP enhancement does not reduce the effectiveness of the stealthy attacks against the backdoor detection methods based on weight analysis, as well as other backdoor mitigation methods without using detection.
BEAGLE: Forensics of Deep Learning Backdoor Attack for Better Defense
Attack forensics, a critical counter-measure for traditional cyber attacks, is hence of importance for defending model backdoor attacks.
Backdoor Vulnerabilities in Normally Trained Deep Learning Models
We leverage 20 different types of injected backdoor attacks in the literature as the guidance and study their correspondences in normally trained models, which we call natural backdoor vulnerabilities.
Rethinking the Reverse-engineering of Trojan Triggers
On average, the detection accuracy of our method is 93\%.
FLIP: A Provable Defense Framework for Backdoor Mitigation in Federated Learning
In this work, we theoretically analyze the connection among cross-entropy loss, attack success rate, and clean accuracy in this setting.
Apple of Sodom: Hidden Backdoors in Superior Sentence Embeddings via Contrastive Learning
This paper finds that contrastive learning can produce superior sentence embeddings for pre-trained models but is also vulnerable to backdoor attacks.
BppAttack: Stealthy and Efficient Trojan Attacks against Deep Neural Networks via Image Quantization and Contrastive Adversarial Learning
Existing attacks use visible patterns (e. g., a patch or image transformations) as triggers, which are vulnerable to human inspection.
FairNeuron: Improving Deep Neural Network Fairness with Adversary Games on Selective Neurons
To solve this issue, there has been a number of work trying to improve model fairness by using an adversarial game in model level.
Training with More Confidence: Mitigating Injected and Natural Backdoors During Training
By further analyzing the training process and model architectures, we found that piece-wise linear functions cause this hyperplane surface.
Constrained Optimization with Dynamic Bound-scaling for Effective NLPBackdoor Defense
We develop a novel optimization method for NLPbackdoor inversion.
Complex Backdoor Detection by Symmetric Feature Differencing
Our results on the TrojAI competition rounds 2-4, which have patch backdoors and filter backdoors, show that existing scanners may produce hundreds of false positives (i. e., clean models recognized as trojaned), while our technique removes 78-100% of them with a small increase of false negatives by 0-30%, leading to 17-41% overall accuracy improvement.
Better Trigger Inversion Optimization in Backdoor Scanning
A popular trigger inversion method is by optimization.
Finding Deviated Behaviors of the Compressed DNN Models for Image Classifications
To this end, we propose DFLARE, a novel, search-based, black-box testing technique to automatically find triggering inputs that result in deviated behaviors in image classification tasks.
TnT Attacks! Universal Naturalistic Adversarial Patches Against Deep Neural Network Systems
Now, an adversary can arm themselves with a patch that is naturalistic, less malicious-looking, physically realizable, highly effective achieving high attack success rates, and universal.
BadNL: Backdoor Attacks Against NLP Models
For instance, using the Word-level triggers, our backdoor attack achieves a 100% attack success rate with only a utility drop of 0. 18%, 1. 26%, and 0. 19% on three benchmark sentiment analysis datasets.
EX-RAY: Distinguishing Injected Backdoor from Natural Features in Neural Networks by Examining Differential Feature Symmetry
A prominent challenge is hence to distinguish natural features and injected backdoors.
Backdoor Scanning for Deep Neural Networks through K-Arm Optimization
By iteratively and stochastically selecting the most promising labels for optimization with the guidance of an objective function, we substantially reduce the complexity, allowing to handle models with many classes.
Dynamic Backdoor Attacks Against Deep Neural Networks
In particular, BaN and c-BaN based on a novel generative network are the first two schemes that algorithmically generate triggers.
Deep Feature Space Trojan Attack of Neural Networks by Controlled Detoxification
Trojan (backdoor) attack is a form of adversarial attack on deep neural networks where the attacker provides victims with a model trained/retrained on malicious data.
Deep Learning Backdoors
The trigger can take a plethora of forms, including a special object present in the image (e. g., a yellow pad), a shape filled with custom textures (e. g., logos with particular colors) or even image-wide stylizations with special filters (e. g., images altered by Nashville or Gotham filters).
BadNL: Backdoor Attacks against NLP Models with Semantic-preserving Improvements
In this paper, we perform a systematic investigation of backdoor attack on NLP models, and propose BadNL, a general NLP backdoor attack framework including novel attack methods.
Dynamic Backdoor Attacks Against Machine Learning Models
Triggers generated by our techniques can have random patterns and locations, which reduce the efficacy of the current backdoor detection mechanisms.
Testing Deep Learning Models for Image Analysis Using Object-Relevant Metamorphic Relations
The corresponding rate for the object detection models is over 8. 5%.
Attacks Meet Interpretability: Attribute-steered Detection of Adversarial Samples
Results show that our technique can achieve 94% detection accuracy for 7 different kinds of attacks with 9. 91% false positives on benign inputs.
