Search Results for author:
Found 59 papers, 25 papers with code
FreeEagle: Detecting Complex Neural Trojans in Data-Free Cases
Thus, in this paper, we propose FreeEagle, the first data-free backdoor detection method that can effectively detect complex backdoor attacks on deep neural networks, without relying on the access to any clean samples or samples with the trigger.
TextDefense: Adversarial Text Detection based on Word Importance Entropy
TextDefense differs from previous approaches, where it utilizes the target model for detection and thus is attack type agnostic.
All You Need Is Hashing: Defending Against Data Reconstruction Attack in Vertical Federated Learning
Vertical federated learning is a trending solution for multi-party collaboration in training machine learning models.
Hijack Vertical Federated Learning Models with Adversarial Embedding
Vertical federated learning (VFL) is an emerging paradigm that enables collaborators to build machine learning models together in a distributed fashion.
Neural Architectural Backdoors
This paper asks the intriguing question: is it possible to exploit neural architecture search (NAS) as a new attack vector to launch previously improbable attacks?
Demystifying Self-supervised Trojan Attacks
We explore this question in the context of trojan attacks by showing that SSL is comparably vulnerable as supervised learning to trojan attacks.
Label Inference Attacks Against Vertical Federated Learning
However, we discover that the bottom model structure and the gradient update mechanism of VFL can be exploited by a malicious participant to gain the power to infer the privately owned labels.
Reasoning over Multi-view Knowledge Graphs
(ii) It supports complex logical queries with varying relation and view constraints (e. g., with complex topology and/or from multiple views); (iii) It scales up to KGs of large sizes (e. g., millions of facts) and fine-granular views (e. g., dozens of views); (iv) It generalizes to query structures and KG views that are unobserved during training.
"Is your explanation stable?": A Robustness Evaluation Framework for Feature Attribution
Experiment results show that the MeTFA-smoothed explanation can significantly increase the robust faithfulness.
VeriFi: Towards Verifiable Federated Unlearning
One desirable property for FL is the implementation of the right to be forgotten (RTBF), i. e., a leaving participant has the right to request to delete its private data from the global model.
Improving Long Tailed Document-Level Relation Extraction via Easy Relation Augmentation and Contrastive Learning
Towards real-world information extraction scenario, research of relation extraction is advancing to document-level relation extraction(DocRE).
Ranked #24 on
Relation Extraction
on DocRED
Transfer Attacks Revisited: A Large-Scale Empirical Study in Real Computer Vision Settings
To bridge this critical gap, we conduct the first large-scale systematic empirical study of transfer attacks against major cloud-based MLaaS platforms, taking the components of a real transfer attack into account.
Model Inversion Attack against Transfer Learning: Inverting a Model without Accessing It
However, they may not mean that transfer learning models are impervious to model inversion attacks.
Seeing is Living? Rethinking the Security of Facial Liveness Verification in the Deepfake Era
Facial Liveness Verification (FLV) is widely used for identity authentication in many security-sensitive domains and offered as Platform-as-a-Service (PaaS) by leading cloud vendors.
GIFT: Graph-guIded Feature Transfer for Cold-Start Video Click-Through Rate Prediction
Specifically, we establish a heterogeneous graph that contains physical and semantic linkages to guide the feature transfer process from warmed-up video to cold-start videos.
Investigating Pose Representations and Motion Contexts Modeling for 3D Motion Prediction
One aspect that has been obviated so far, is the fact that how we represent the skeletal pose has a critical impact on the prediction results.
NeuronFair: Interpretable White-Box Fairness Testing through Biased Neuron Identification
To overcome the challenges, we propose NeuronFair, a new DNN fairness testing framework that differs from previous work in several key aspects: (1) interpretable - it quantitatively interprets DNNs' fairness violations for the biased decision; (2) effective - it uses the interpretation results to guide the generation of more diverse instances in less time; (3) generic - it can handle both structured and unstructured data.
NIP: Neuron-level Inverse Perturbation Against Adversarial Attacks
From the perspective of image feature space, some of them cannot reach satisfying results due to the shift of features.
Adversarial Attacks against Windows PE Malware Detection: A Survey of the State-of-the-Art
Then, we conduct a comprehensive and systematic review to categorize the state-of-the-art adversarial attacks against PE malware detection, as well as corresponding defenses to increase the robustness of Windows PE malware detection.
Backdoor Pre-trained Models Can Transfer to All
However, a pre-trained model with backdoor can be a severe threat to the applications.
On the Security Risks of AutoML
Neural Architecture Search (NAS) represents an emerging machine learning (ML) paradigm that automatically searches for models tailored to given tasks, which greatly simplifies the development of ML systems and propels the trend of ML democratization.
GGT: Graph-Guided Testing for Adversarial Sample Detection of Deep Neural Network
Deep Neural Networks (DNN) are known to be vulnerable to adversarial samples, the detection of which is crucial for the wide application of these DNN models.
Smart Contract Vulnerability Detection: From Pure Neural Network to Interpretable Graph Feature and Expert Pattern Fusion
In this paper, we explore combining deep learning with expert patterns in an explainable fashion.
Constructing Contrastive samples via Summarization for Text Classification with limited annotations
Unlike vision tasks, the data augmentation method for contrastive learning has not been investigated sufficiently in language tasks.
Fine-Grained Fashion Similarity Prediction by Attribute-Specific Embedding Learning
In this similarity paradigm, one should pay more attention to the similarity in terms of a specific design/attribute between fashion items.
EfficientTDNN: Efficient Architecture Search for Speaker Recognition
Compared with hand-designed approaches, neural architecture search (NAS) appears as a practical technique in automating the manual architecture design process and has attracted increasing interest in spoken language processing tasks such as speaker recognition.
Aggregated Multi-GANs for Controlled 3D Human Motion Prediction
Our method is compelling in that it enables manipulable motion prediction across activity types and allows customization of the human movement in a variety of fine-grained ways.
Deep Dual Consecutive Network for Human Pose Estimation
Multi-frame human pose estimation in complicated situations is challenging.
Ranked #1 on
Multi-Person Pose Estimation
on PoseTrack2017
(using extra training data)
Enhancing Model Robustness By Incorporating Adversarial Knowledge Into Semantic Representation
Extensive experiments on two real-world tasks show that AdvGraph exhibits better performance compared with previous work: (i) effective - it significantly strengthens the model robustness even under the adaptive attacks setting without negative impact on model performance over legitimate input; (ii) generic - its key component, i. e., the representation of connotative adversarial knowledge is task-agnostic, which can be reused in any Chinese-based NLP models without retraining; and (iii) efficient - it is a light-weight defense with sub-linear computational complexity, which can guarantee the efficiency required in practical scenarios.
Hierarchical Similarity Learning for Language-based Product Image Retrieval
In this paper, we focus on the cross-modal similarity measurement, and propose a novel Hierarchical Similarity Learning (HSL) network.
Towards Speeding up Adversarial Training in Latent Spaces
Adversarial training is wildly considered as one of the most effective way to defend against adversarial examples.
i-Algebra: Towards Interactive Interpretability of Deep Neural Networks
Providing explanations for deep neural networks (DNNs) is essential for their use in domains wherein the interpretability of decisions is a critical prerequisite.
Multi-level Graph Matching Networks for Deep and Robust Graph Similarity Learning
The proposed MGMN model consists of a node-graph matching network for effectively learning cross-level interactions between nodes of a graph and the other whole graph, and a siamese graph neural network to learn global-level interactions between two graphs.
TrojanZoo: Towards Unified, Holistic, and Practical Evaluation of Neural Backdoors
To bridge this gap, we design and implement TROJANZOO, the first open-source platform for evaluating neural backdoor attacks/defenses in a unified, holistic, and practical manner.
Visually Imperceptible Adversarial Patch Attacks on Digital Images
With this soft mask, we develop a new loss function with inverse temperature to search for optimal perturbations in CFR.
Exploiting Heterogeneous Graph Neural Networks with Latent Worker/Task Correlation Information for Label Aggregation in Crowdsourcing
Besides, we exploit the unknown latent interaction between the same type of nodes (workers or tasks) by adding a homogeneous attention layer in the graph neural networks.
Deep Graph Matching and Searching for Semantic Code Retrieval
To this end, we first represent both natural language query texts and programming language code snippets with the unified graph-structured data, and then use the proposed graph matching and searching model to retrieve the best matching code snippet.
UNIFUZZ: A Holistic and Pragmatic Metrics-Driven Platform for Evaluating Fuzzers
We hope that our findings can shed light on reliable fuzzing evaluation, so that we can discover promising fuzzing primitives to effectively facilitate fuzzer designs in the future.
Cryptography and Security
Unsupervised Reference-Free Summary Quality Evaluation via Contrastive Learning
Experiments on Newsroom and CNN/Daily Mail demonstrate that our new evaluation method outperforms other metrics even without reference summaries.
Trojaning Language Models for Fun and Profit
Recent years have witnessed the emergence of a new paradigm of building natural language processing (NLP) systems: general-purpose, pre-trained language models (LMs) are composed with simple downstream models and fine-tuned for a variety of NLP tasks.
Multilevel Graph Matching Networks for Deep Graph Similarity Learning
In particular, the proposed MGMN consists of a node-graph matching network for effectively learning cross-level interactions between each node of one graph and the other whole graph, and a siamese graph neural network to learn global-level interactions between two input graphs.
Graph Backdoor
One intriguing property of deep neural networks (DNNs) is their inherent vulnerability to backdoor attacks -- a trojan model responds to trigger-embedded inputs in a highly predictable manner while functioning normally otherwise.
AdvMind: Inferring Adversary Intent of Black-Box Attacks
Deep neural networks (DNNs) are inherently susceptible to adversarial attacks even under black-box settings, in which the adversary only has query access to the target models.
Fine-Grained Fashion Similarity Learning by Attribute-Specific Embedding Network
This paper strives to learn fine-grained fashion similarity.
Efficient Global String Kernel with Random Features: Beyond Counting Substructures
In this paper, we present a new class of global string kernels that aims to (i) discover global properties hidden in the strings through global alignments, (ii) maintain positive-definiteness of the kernel, without introducing a diagonal dominant kernel matrix, and (iii) have a training cost linear with respect to not only the length of the string but also the number of training string samples.
A Tale of Evil Twins: Adversarial Inputs versus Poisoned Models
Specifically, (i) we develop a new attack model that jointly optimizes adversarial inputs and poisoned models; (ii) with both analytical and empirical evidence, we reveal that there exist intriguing "mutual reinforcement" effects between the two attack vectors -- leveraging one vector significantly amplifies the effectiveness of the other; (iii) we demonstrate that such effects enable a large design spectrum for the adversary to enhance the existing attacks that exploit both vectors (e. g., backdoor attacks), such as maximizing the attack evasiveness with respect to various detection methods; (iv) finally, we discuss potential countermeasures against such optimized attacks and their technical challenges, pointing to several promising research directions.
Hierarchical Graph Matching Networks for Deep Graph Similarity Learning
The proposed HGMN model consists of a multi-perspective node-graph matching network for effectively learning cross-level interactions between parts of a graph and a whole graph, and a siamese graph neural network for learning global-level interactions between two graphs.
Attend To Count: Crowd Counting with Adaptive Capacity Multi-scale CNNs
ACM-CNN consists of three types of modules: a coarse network, a fine network, and a smooth network.
Provable Defenses against Spatially Transformed Adversarial Inputs: Impossibility and Possibility Results
On the possibility side, we show that it is still feasible to construct adversarial training methods to significantly improve the resilience of networks against adversarial inputs over empirical datasets.
SirenAttack: Generating Adversarial Audio for End-to-End Acoustic Systems
Despite their immense popularity, deep learning-based acoustic systems are inherently vulnerable to adversarial attacks, wherein maliciously crafted audios trigger target systems to misbehave.
Cryptography and Security
A Truthful FPTAS Mechanism for Emergency Demand Response in Colocation Data Centers
Next, we prove that our mechanism is an FPTAS, i. e., it can be approximated within $1 + \epsilon$ for any given $\epsilon > 0$, while the running time of our mechanism is polynomial in $n$ and $1/\epsilon$, where $n$ is the number of tenants in the datacenter.
Computer Science and Game Theory
V-Fuzz: Vulnerability-Oriented Evolutionary Fuzzing
Given a binary program to V-Fuzz, the vulnerability prediction model will give a prior estimation on which parts of the software are more likely to be vulnerable.
Cryptography and Security
Adversarial Examples Versus Cloud-based Detectors: A Black-box Empirical Study
Through the comprehensive evaluations on five major cloud platforms: AWS, Azure, Google Cloud, Baidu Cloud, and Alibaba Cloud, we demonstrate that our image processing based attacks can reach a success rate of approximately 100%, and the semantic segmentation based attacks have a success rate over 90% among different detection services, such as violence, politician, and pornography detection.
TextBugger: Generating Adversarial Text Against Real-world Applications
Deep Learning-based Text Understanding (DLTU) is the backbone technique behind various applications, including question answering, machine translation, and text classification.
Interpretable Deep Learning under Fire
The improved interpretability is believed to offer a sense of security by involving human in the decision-making process.
Model-Reuse Attacks on Deep Learning Systems
By empirically studying four deep learning systems (including both individual and ensemble systems) used in skin cancer screening, speech recognition, face verification, and autonomous steering, we show that such attacks are (i) effective - the host systems misbehave on the targeted inputs as desired by the adversary with high probability, (ii) evasive - the malicious models function indistinguishably from their benign counterparts on non-targeted inputs, (iii) elastic - the malicious models remain effective regardless of various system design choices and tuning strategies, and (iv) easy - the adversary needs little prior knowledge about the data used for system tuning or inference.
Cryptography and Security
Dual Encoding for Zero-Example Video Retrieval
This paper attacks the challenging problem of zero-example video retrieval.
SmartSeed: Smart Seed Generation for Efficient Fuzzing
In total, our system discovers more than twice unique crashes and 5, 040 extra unique paths than the existing best seed selection strategy for the evaluated 12 applications.
Cryptography and Security
Differentially Private Releasing via Deep Generative Model (Technical Report)
Privacy-preserving releasing of complex data (e. g., image, text, audio) represents a long-standing challenge for the data mining research community.
