Search Results for author:
Found 29 papers, 14 papers with code
Adapting to Evolving Adversaries with Regularized Continual Robust Training
We present theoretical results which show that the gap in a model's robustness against different attacks is bounded by how far each attack perturbs a sample in the model's logit space, suggesting that regularizing with respect to this logit space distance can help maintain robustness against previous attacks.
Activity Recognition on Avatar-Anonymized Datasets with Masked Differential Privacy
Prevalent methods tackling this problem use differential privacy (DP) or obfuscation techniques to protect the privacy of individuals.
Self-Comparison for Dataset-Level Membership Inference in Large (Vision-)Language Models
Existing methods, such as sample-level Membership Inference Attacks (MIA) and distribution-based dataset inference, distinguish member data (data used for training) and non-member data by leveraging the common observation that models tend to memorize and show greater confidence in member data.
Stretching Each Dollar: Diffusion Training from Scratch on a Micro-Budget
As scaling laws in generative AI push performance, they also simultaneously concentrate the development of these models among actors with large computational resources.
Evaluating and Mitigating IP Infringement in Visual Generative AI
To mitigate such IP infringement problems, we also propose a defense method against it.
AI Risk Management Should Incorporate Both Safety and Security
The exposure of security vulnerabilities in safety-aligned language models, e. g., susceptibility to adversarial attacks, has shed light on the intricate interplay between AI safety and AI security.
How to Trace Latent Generative Model Generated Images without Artificial Watermark?
To study this problem, we design a latent inversion based method called LatentTracer to trace the generated images of the inspected model by checking if the examined images can be well-reconstructed with an inverted latent input.
JailbreakBench: An Open Robustness Benchmark for Jailbreaking Large Language Models
To address these challenges, we introduce JailbreakBench, an open-sourced benchmark with the following components: (1) an evolving repository of state-of-the-art adversarial prompts, which we refer to as jailbreak artifacts; (2) a jailbreaking dataset comprising 100 behaviors -- both original and sourced from prior work (Zou et al., 2023; Mazeika et al., 2023, 2024) -- which align with OpenAI's usage policies; (3) a standardized evaluation framework at https://github. com/JailbreakBench/jailbreakbench that includes a clearly defined threat model, system prompts, chat templates, and scoring functions; and (4) a leaderboard at https://jailbreakbench. github. io/ that tracks the performance of attacks and defenses for various LLMs.
Finding needles in a haystack: A Black-Box Approach to Invisible Watermark Detection
In this paper, we propose WaterMark Detection (WMD), the first invisible watermark detection method under a black-box and annotation-free setting.
Scaling Compute Is Not All You Need for Adversarial Robustness
Finally, we make our benchmarking framework (built on top of \texttt{timm}~\citep{rw2019timm}) publicly available to facilitate future analysis in efficient robust deep learning.
MultiRobustBench: Benchmarking Robustness Against Multiple Attacks
Using our framework, we present the first leaderboard, MultiRobustBench, for benchmarking multiattack evaluation which captures performance across attack types and attack strengths.
Extracting Training Data from Diffusion Models
Image diffusion models such as DALL-E 2, Imagen, and Stable Diffusion have attracted significant attention due to their ability to generate high-quality synthetic images.
Uncovering Adversarial Risks of Test-Time Adaptation
Recently, test-time adaptation (TTA) has been proposed as a promising solution for addressing distribution shifts.
A New Linear Scaling Rule for Private Adaptive Hyperparameter Optimization
An open problem in differentially private deep learning is hyperparameter optimization (HPO).
A Light Recipe to Train Robust Vision Transformers
Additionally, investigating the reasons for the robustness of our models, we show that it is easier to generate strong attacks during training when using our recipe and that this leads to better robustness at test time.
Just Rotate it: Deploying Backdoor Attacks via Rotation Transformation
Our attack can be easily deployed in the real world since it only requires rotating the object, as we show in both image classification and object detection applications.
Understanding Robust Learning through the Lens of Representation Similarities
Representation learning, i. e. the generation of representations useful for downstream applications, is a task of fundamental importance that underlies much of the success of deep neural networks (DNNs).
Generating High Fidelity Data from Low-density Regions using Diffusion Models
We observe that uniform sampling from diffusion models predominantly samples from high-density regions of the data manifold.
Robust Learning Meets Generative Models: Can Proxy Distributions Improve Adversarial Robustness?
We circumvent this challenge by using additional data from proxy distributions learned by advanced generative models.
Lower Bounds on Cross-Entropy Loss in the Presence of Test-time Adversaries
In particular, it is critical to determine classifier-agnostic bounds on the training loss to establish when learning is possible.
SSD: A Unified Framework for Self-Supervised Outlier Detection
We demonstrate that SSD outperforms most existing detectors based on unlabeled data by a large margin.
RobustBench: a standardized adversarial robustness benchmark
As a research community, we are still lacking a systematic understanding of the progress on adversarial robustness which often makes it hard to identify the most promising ideas in training robust models.
Fast-Convergent Federated Learning
In this paper, we propose a fast-convergent federated learning algorithm, called FOLB, which performs intelligent sampling of devices in each round of model training to optimize the expected convergence speed.
A Critical Evaluation of Open-World Machine Learning
With our evaluation across 6 OOD detectors, we find that the choice of in-distribution data, model architecture and OOD data have a strong impact on OOD detection performance, inducing false positive rates in excess of $70\%$.
BIG-bench Machine Learning
Out of Distribution (OOD) Detection
Time for a Background Check! Uncovering the impact of Background Features on Deep Neural Networks
With increasing expressive power, deep neural networks have significantly improved the state-of-the-art on image classification datasets, such as ImageNet.
PatchGuard: A Provably Robust Defense against Adversarial Patches via Small Receptive Fields and Masking
In this paper, we propose a general defense framework called PatchGuard that can achieve high provable robustness while maintaining high clean accuracy against localized adversarial patches.
HYDRA: Pruning Adversarially Robust Neural Networks
We demonstrate that our approach, titled HYDRA, achieves compressed networks with state-of-the-art benign and robust accuracy, simultaneously.
Towards Compact and Robust Deep Neural Networks
In this work, we rigorously study the extension of network pruning strategies to preserve both benign accuracy and robustness of a network.
Better the Devil you Know: An Analysis of Evasion Attacks using Out-of-Distribution Adversarial Examples
A large body of recent work has investigated the phenomenon of evasion attacks using adversarial examples for deep learning systems, where the addition of norm-bounded perturbations to the test inputs leads to incorrect output classification.
