Search Results for author:
Found 74 papers, 22 papers with code
kFolden: k-Fold Ensemble for Out-Of-Distribution Detection
Out-of-Distribution (OOD) detection is an important problem in natural language processing (NLP).
Out-of-Distribution Detection
Out of Distribution (OOD) Detection
+2
Singular Regularization with Information Bottleneck Improves Model's Adversarial Robustness
However, these works lack analysis of adversarial information or perturbation, which cannot reveal the mystery of adversarial examples and lose proper interpretation.
Rethinking Adversarial Training with Neural Tangent Kernel
To the best of our knowledge, it is the first work leveraging the observations of kernel dynamics to improve existing AT methods.
Double-Flow-based Steganography without Embedding for Image-to-Image Hiding
Hence, it provides a way to directly generate stego images from secret images without a cover image.
Sentiment Analysis through LLM Negotiations
A standard paradigm for sentiment analysis is to rely on a singular LLM and makes the decision in a single round under the framework of in-context learning.
Boosting Black-box Attack to Deep Neural Networks with Conditional Diffusion Models
Existing black-box attacks have demonstrated promising potential in creating adversarial examples (AE) to deceive deep learning models.
Warfare:Breaking the Watermark Protection of AI-Generated Content
We propose Warfare, a unified methodology to achieve both attacks in a holistic way.
Backdooring Textual Inversion for Concept Censorship
Users can easily download the word embedding from public websites like Civitai and add it to their own stable diffusion model without fine-tuning for personalization.
Instruction Tuning for Large Language Models: A Survey
This paper surveys research works in the quickly advancing field of instruction tuning (IT), a crucial technique to enhance the capabilities and controllability of large language models (LLMs).
One-bit Flip is All You Need: When Bit-flip Attack Meets Model Training
We propose a training-assisted bit flip attack, in which the adversary is involved in the training stage to build a high-risk model to release.
Mercury: An Automated Remote Side-channel Attack to Nvidia Deep Learning Accelerator
One big concern about the usage of the accelerators is the confidentiality of the deployed models: model inference execution on the accelerators could leak side-channel information, which enables an adversary to preciously recover the model details.
Alleviating the Effect of Data Imbalance on Adversarial Training
This framework consists of two components: (1) a new training strategy inspired by the effective number to guide the model to generate more balanced and informative AEs; (2) a carefully constructed penalty function to force a satisfactory feature space.
Omnipotent Adversarial Training in the Wild
We first introduce an oracle into the adversarial training process to help the model learn a correct data-label conditional distribution.
Pushing the Limits of ChatGPT on NLP Tasks
In this work, we propose a collection of general modules to address these issues, in an attempt to push the limits of ChatGPT on NLP tasks.
Multi-target Backdoor Attacks for Code Pre-trained Models
We evaluate our approach on two code understanding tasks and three code generation tasks over seven datasets.
Prompt Injection attack against LLM-integrated Applications
We deploy HouYi on 36 actual LLM-integrated applications and discern 31 applications susceptible to prompt injection.
Jailbreaking ChatGPT via Prompt Engineering: An Empirical Study
Our study investigates three key research questions: (1) the number of different prompt types that can jailbreak LLMs, (2) the effectiveness of jailbreak prompts in circumventing LLM constraints, and (3) the resilience of ChatGPT against these jailbreak prompts.
Text Classification via Large Language Models
This is due to (1) the lack of reasoning ability in addressing complex linguistic phenomena (e. g., intensification, contrast, irony etc); (2) limited number of tokens allowed in in-context learning.
GPT-NER: Named Entity Recognition via Large Language Models
GPT-NER bridges the gap by transforming the sequence labeling task to a generation task that can be easily adapted by LLMs e. g., the task of finding location entities in the input text "Columbus is a city" is transformed to generate the text sequence "@@Columbus## is a city", where special tokens @@## marks the entity to extract.
Backdoor Attacks with Input-unique Triggers in NLP
Backdoor attack aims at inducing neural models to make incorrect predictions for poison data while keeping predictions on the clean dataset unchanged, which creates a considerable threat to current natural language processing (NLP) systems.
Boosting Distributed Full-graph GNN Training with Asynchronous One-bit Communication
Training Graph Neural Networks (GNNs) on large graphs is challenging due to the conflict between the high memory demand and limited GPU memory.
Color Backdoor: A Robust Poisoning Attack in Color Space
To make the trigger more imperceptible and human-unnoticeable, a variety of stealthy backdoor attacks have been proposed, some works employ imperceptible perturbations as the backdoor triggers, which restrict the pixel differences of the triggered image and clean image.
Computation and Data Efficient Backdoor Attacks
To address such limitations, we propose a novel confidence-based scoring methodology, which can efficiently measure the contribution of each poisoning sample based on the distance posteriors.
Deep Multitask Learning with Progressive Parameter Sharing
A scheduling mechanism following the concept of curriculum learning is also designed to progressively change the sharing strategy to increase the level of sharing during the learning process.
Mind Your Heart: Stealthy Backdoor Attack on Dynamic Deep Neural Network in Edge Computing
Transforming off-the-shelf deep neural network (DNN) models into dynamic multi-exit architectures can achieve inference and transmission efficiency by fragmenting and distributing a large DNN model in edge computing scenarios (e. g., edge devices and cloud servers).
GNN-SL: Sequence Labeling Based on Nearest Examples via GNN
To better handle long-tail cases in the sequence labeling (SL) task, in this work, we introduce graph neural networks sequence labeling (GNN-SL), which augments the vanilla SL model output with similar tagging examples retrieved from the whole training set.
A Benchmark of Long-tailed Instance Segmentation with Noisy Labels
In this paper, we consider the instance segmentation task on a long-tailed dataset, which contains label noise, i. e., some of the annotations are incorrect.
Benchmarking and Analyzing 3D Human Pose and Shape Estimation Beyond Algorithms
Experiments with 10 backbones, ranging from CNNs to transformers, show the knowledge learnt from a proximity task is readily transferable to human mesh recovery.
Alleviating Robust Overfitting of Adversarial Training With Consistency Regularization
Adversarial training (AT) has proven to be one of the most effective ways to defend Deep Neural Networks (DNNs) against adversarial attacks.
Deep Learning Workload Scheduling in GPU Datacenters: Taxonomy, Challenges and Vision
Deep learning (DL) shows its prosperity in a wide variety of fields.
ShiftNAS: Towards Automatic Generation of Advanced Mulitplication-Less Neural Networks
Multiplication-less neural networks significantly reduce the time and energy cost on the hardware platform, as the compute-intensive multiplications are replaced with lightweight bit-shift operations.
$k$NN-NER: Named Entity Recognition with Nearest Neighbor Search
Inspired by recent advances in retrieval augmented methods in NLP~\citep{khandelwal2019generalization, khandelwal2020nearest, meng2021gnn}, in this paper, we introduce a $k$ nearest neighbor NER ($k$NN-NER) framework, which augments the distribution of entity labels by assigning $k$ nearest neighbors retrieved from the training set.
Physical Backdoor Attacks to Lane Detection Systems in Autonomous Driving
However, DNN models are vulnerable to different types of adversarial attacks, which pose significant risks to the security and safety of the vehicles and passengers.
Watermarking Pre-trained Encoders in Contrastive Learning
It is challenging to migrate existing watermarking techniques from the classification tasks to the contrastive learning scenario, as the owner of the encoder lacks the knowledge of the downstream tasks which will be developed from the encoder in the future.
Faster Nearest Neighbor Machine Translation
The core idea of Faster $k$NN-MT is to use a hierarchical clustering strategy to approximate the distance between the query and a data point in the datastore, which is decomposed into two parts: the distance between the query and the center of the cluster that the data point belongs to, and the distance between the data point and the cluster center.
A General Framework for Defending Against Backdoor Attacks via Influence Graph
In this work, we propose a new and general framework to defend against backdoor attacks, inspired by the fact that attack triggers usually follow a \textsc{specific} type of attacking pattern, and therefore, poisoned training examples have greater impacts on each other during training.
Triggerless Backdoor Attack for NLP Tasks with Clean Labels
To deal with this issue, in this paper, we propose a new strategy to perform textual backdoor attacks which do not require an external trigger, and the poisoned samples are correctly labeled.
Interpreting Deep Learning Models in Natural Language Processing: A Review
Neural network models have achieved state-of-the-art performances in a wide range of natural language processing (NLP) tasks.
GNN-LM: Language Modeling based on Global Contexts via GNN
Inspired by the notion that ``{\it to copy is easier than to memorize}``, in this work, we introduce GNN-LM, which extends the vanilla neural language model (LM) by allowing to reference similar contexts in the entire training corpus.
Fingerprinting Multi-exit Deep Neural Network Models via Inference Time
Specifically, we design an effective method to generate a set of fingerprint samples to craft the inference process with a unique and robust inference time cost as the evidence for model ownership.
BadPre: Task-agnostic Backdoor Attacks to Pre-trained NLP Foundation Models
The key feature of our attack is that the adversary does not need prior information about the downstream tasks when implanting the backdoor to the pre-trained model.
A Novel Watermarking Framework for Ownership Verification of DNN Architectures
We present a novel watermarking scheme to achieve the intellectual property (IP) protection and ownership verification of DNN architectures.
NASPY: Automated Extraction of Automated Machine Learning Models
We present NASPY, an end-to-end adversarial framework to extract the networkarchitecture of deep learning models from Neural Architecture Search (NAS).
Practical and Private Heterogeneous Federated Learning
Heterogeneous federated learning (HFL) enables clients with different computation/communication capabilities to collaboratively train their own customized models, in which the knowledge of models is shared via clients' predictions on a public dataset.
Towards Robust Point Cloud Models with Context-Consistency Network and Adaptive Augmentation
Extensive evaluations indicate the integration of the two techniques provides much more robustness than existing defense solutions for 3D models.
Characterization and Prediction of Deep Learning Workloads in Large-Scale GPU Datacenters
Modern GPU datacenters are critical for delivering Deep Learning (DL) models and services in both the research community and industry.
$k$Folden: $k$-Fold Ensemble for Out-Of-Distribution Detection
For a task with $k$ training labels, $k$Folden induces $k$ sub-models, each of which is trained on a subset with $k-1$ categories with the left category masked unknown to the sub-model.
Out-of-Distribution Detection
Out of Distribution (OOD) Detection
+2
AcousticFusion: Fusing Sound Source Localization to Visual SLAM in Dynamic Environments
Dynamic objects in the environment, such as people and other agents, lead to challenges for existing simultaneous localization and mapping (SLAM) approaches.
PoseFusion2: Simultaneous Background Reconstruction and Human Shape Recovery in Real-time
Dynamic environments that include unstructured moving objects pose a hard problem for Simultaneous Localization and Mapping (SLAM) performance.
Fingerprinting Generative Adversarial Networks
In this paper, we present the first fingerprinting scheme for the Intellectual Property (IP) protection of GANs.
Defending Against Backdoor Attacks in Natural Language Generation
The frustratingly fragile nature of neural network models make current natural language generation (NLG) systems prone to backdoor attacks and generate malicious sequences that could be sexist or offensive.
Fast Nearest Neighbor Machine Translation
Fast $k$NN-MT constructs a significantly smaller datastore for the nearest neighbor search: for each word in a source sentence, Fast $k$NN-MT first selects its nearest token-level neighbors, which is limited to tokens that are the same as the query token.
Modeling Text-visual Mutual Dependency for Multi-modal Dialog Generation
Specifically, we propose to model the mutual dependency between text-visual features, where the model not only needs to learn the probability of generating the next dialog utterance given preceding dialog utterances and visual contexts, but also the probability of predicting the visual features in which a dialog utterance takes place, leading the generated dialog utterance specific to the visual context.
Parameter Estimation for the SEIR Model Using Recurrent Nets
Next, based on this recurrent net that is able to generalize SEIR simulations, we are able to transform the objective to a differentiable one with respect to $\Theta_\text{SEIR}$, and straightforwardly obtain its optimal value.
Sentence Similarity Based on Contexts
The proposed framework is based on the core idea that the meaning of a sentence should be defined by its contexts, and that sentence similarity can be measured by comparing the probabilities of generating two sentences given the same context.
A search for cloud cores affected by shocked carbon chain chemistry in L1251
The signposts of ongoing SCCC and the broadened line widths of C$_3$S and C$_4$H in L1251-1 as well as the distribution of HC$_3$N are also related to outflow activities in this region.
Astrophysics of Galaxies Solar and Stellar Astrophysics
Local Black-box Adversarial Attacks: A Query Efficient Approach
Based on this property, we identify the discriminative areas of a given clean example easily for local perturbations.
DeepSweep: An Evaluation Framework for Mitigating DNN Backdoor Attacks using Data Augmentation
In this paper, we investigate the effectiveness of data augmentation techniques in mitigating backdoor attacks and enhancing DL models' robustness.
FenceBox: A Platform for Defeating Adversarial Examples with Data Augmentation Techniques
With more and more advanced adversarial attack methods have been developed, a quantity of corresponding defense solutions were designed to enhance the robustness of DNN models.
Privacy-preserving Collaborative Learning with Automatic Transformation Search
Comprehensive evaluations demonstrate that the policies discovered by our method can defeat existing reconstruction attacks in collaborative learning, with high efficiency and negligible impact on the model performance.
RigidFusion: Robot Localisation and Mapping in Environments with Large Dynamic Rigid Objects
Here, we propose to treat all dynamic parts as one rigid body and simultaneously segment and track both static and dynamic components.
Robotics
Fine-tuning Is Not Enough: A Simple yet Effective Watermark Removal Attack for DNN Models
In this paper, we propose a novel watermark removal attack from a different perspective.
SplitFusion: Simultaneous Tracking and Mapping for Non-Rigid Scenes
We present SplitFusion, a novel dense RGB-D SLAM framework that simultaneously performs tracking and dense reconstruction for both rigid and non-rigid components of the scene.
Can We Mitigate Backdoor Attack Using Adversarial Detection Methods?
It is unknown whether there are any connections and common characteristics between the defenses against these two attacks.
Topology-aware Differential Privacy for Decentralized Image Classification
In this paper, we design Top-DP, a novel solution to optimize the differential privacy protection of decentralized image classification systems.
Stealing Deep Reinforcement Learning Models for Fun and Profit
This paper presents the first model extraction attack against Deep Reinforcement Learning (DRL), which enables an external adversary to precisely recover a black-box DRL model only from its interaction with the environment.
Mitigating Advanced Adversarial Attacks with More Advanced Gradient Obfuscation Techniques
Extensive evaluations indicate that our solutions can effectively mitigate all existing standard and advanced attack techniques, and beat 11 state-of-the-art defense solutions published in top-tier conferences over the past 2 years.
Stealthy and Efficient Adversarial Attacks against Deep Reinforcement Learning
Adversarial attacks against conventional Deep Learning (DL) systems and algorithms have been widely studied, and various defenses were proposed.
Learning to Optimize Non-Rigid Tracking
One of the widespread solutions for non-rigid tracking has a nested-loop structure: with Gauss-Newton to minimize a tracking objective in the outer loop, and Preconditioned Conjugate Gradient (PCG) to solve a sparse linear system in the inner loop.
FlowFusion: Dynamic Dense RGB-D SLAM Based on Optical Flow
Dynamic environments are challenging for visual SLAM since the moving objects occlude the static environment features and lead to wrong camera motion estimation.
Byzantine-resilient Decentralized Stochastic Gradient Descent
It guarantees that each benign node in a decentralized system can train a correct model under very strong Byzantine attacks with an arbitrary number of faulty nodes.
VerIDeep: Verifying Integrity of Deep Neural Networks through Sensitive-Sample Fingerprinting
Even small weight changes can be clearly reflected in the model outputs, and observed by the customer.
Privacy-preserving Machine Learning through Data Obfuscation
While it is prevalent to outsource model training and serving tasks in the cloud, it is important to protect the privacy of sensitive samples in the training dataset and prevent information leakage to untrusted third parties.
IcoRating: A Deep-Learning System for Scam ICO Identification
For the best setting, the proposed system is able to identify scam ICO projects with 0. 83 precision.
