Search Results for author:
Found 68 papers, 20 papers with code
Attacks on Node Attributes in Graph Neural Networks
Graphs are commonly used to model complex networks prevalent in modern social media and literacy applications.
Learning Interpretable Policies in Hindsight-Observable POMDPs through Partially Supervised Reinforcement Learning
At the heart of PSRL is the fusion of both supervised and unsupervised learning.
Preference Poisoning Attacks on Reward Model Learning
In addition, we observe that the simpler and more scalable rank-by-distance approaches are often competitive with the best, and on occasion significantly outperform gradient-based methods.
Multi-Agent Reinforcement Learning for Assessing False-Data Injection Attacks on Transportation Networks
The increasing reliance of drivers on navigation applications has made transportation networks more susceptible to data-manipulation attacks by malicious actors.
Eroding Trust In Aerial Imagery: Comprehensive Analysis and Evaluation Of Adversarial Attacks In Geospatial Systems
In critical operations where aerial imagery plays an essential role, the integrity and trustworthiness of data are paramount.
On the Exploitability of Reinforcement Learning with Human Feedback for Large Language Models
Reinforcement Learning with Human Feedback (RLHF) is a methodology designed to align Large Language Models (LLMs) with human preferences, playing an important role in LLMs alignment.
A Partially Supervised Reinforcement Learning Framework for Visual Active Search
Visual active search (VAS) has been proposed as a modeling framework in which visual cues are used to guide exploration, with the goal of identifying regions of interest in a large geospatial area.
Conformal Temporal Logic Planning using Large Language Models
To formally define the overarching mission, we leverage Linear Temporal Logic (LTL) defined over atomic predicates modeling these NL-based sub-tasks.
Homophily-Driven Sanitation View for Robust Graph Contrastive Learning
We conduct extensive experiments to evaluate the performance of our proposed model, GCHS (Graph Contrastive Learning with Homophily-driven Sanitation View), against two state of the art structural attacks on GCL.
Neural Lyapunov Control for Discrete-Time Systems
However, finding Lyapunov functions for general nonlinear systems is a challenging task.
IoTFlowGenerator: Crafting Synthetic IoT Device Traffic Flows for Cyber Deception
Over the years, honeypots emerged as an important security tool to understand attacker intent and deceive attackers to spend time and resources.
Using Simple Incentives to Improve Two-Sided Fairness in Ridesharing Systems
State-of-the-art order dispatching algorithms for ridesharing batch passenger requests and allocate them to a fleet of vehicles in a centralized manner, optimizing over the estimated values of each passenger-vehicle matching using integer linear programming (ILP).
Certified Robust Control under Adversarial Perturbations
Autonomous systems increasingly rely on machine learning techniques to transform high-dimensional raw inputs into predictions that are then used for decision-making and control.
Enabling Trade-offs in Privacy and Utility in Genomic Data Beacons and Summary Statistics
Several approaches have been proposed to preserve privacy, which either suppress a subset of genomic variants or modify query responses for specific variants (e. g., adding noise, as in differential privacy).
SlowLiDAR: Increasing the Latency of LiDAR-Based Detection Using Adversarial Examples
LiDAR-based perception is a central component of autonomous driving, playing a key role in tasks such as vehicle localization and obstacle detection.
Certifying Safety in Reinforcement Learning under Adversarial Perturbation Attacks
Our experiments demonstrate both the efficacy of the proposed approach for certifying safety in adversarial environments, and the value of the PSRL framework coupled with adversarial training in improving certified safety while preserving high nominal reward and high-quality predictions of true state.
A Visual Active Search Framework for Geospatial Exploration
Many problems can be viewed as forms of geospatial search aided by aerial imagery, with examples ranging from detecting poaching activity to human trafficking.
Reward Delay Attacks on Deep Reinforcement Learning
We find that this mitigation remains insufficient to ensure robustness to attacks that delay, but preserve the order, of rewards.
Robust Deep Reinforcement Learning through Bootstrapped Opportunistic Curriculum
Despite considerable advances in deep reinforcement learning, it has been shown to be highly vulnerable to adversarial perturbations to state observations.
Proceedings of the Artificial Intelligence for Cyber Security (AICS) Workshop at AAAI 2022
These challenges are widely studied in enterprise networks, but there are many gaps in research and practice as well as novel problems in other domains.
Networked Restless Multi-Armed Bandits for Mobile Interventions
Motivated by a broad class of mobile intervention problems, we propose and study restless multi-armed bandits (RMABs) with network effects.
Unfairness Despite Awareness: Group-Fair Classification with Strategic Agents
These conditions are related to the the way in which the fair classifier remedies unfairness on the original unmanipulated data: fair classifiers which remedy unfairness by becoming more selective than their conventional counterparts are the ones that become less fair than their counterparts when agents are strategic.
PROVES: Establishing Image Provenance using Semantic Signatures
Modern AI tools, such as generative adversarial networks, have transformed our ability to create and modify visual data with photorealistic results.
Computing an Optimal Pitching Strategy in a Baseball At-Bat
Specifically, we propose a novel model of this encounter as a zero-sum stochastic game, in which the goal of the batter is to get on base, an outcome the pitcher aims to prevent.
Learning Generative Deception Strategies in Combinatorial Masking Games
Next, we present a novel highly scalable approach for approximately solving such games by representing the strategies of both players as neural networks.
CROP: Certifying Robust Policies for Reinforcement Learning through Functional Smoothing
We then develop a local smoothing algorithm for policies derived from Q-functions to guarantee the robustness of actions taken along the trajectory; we also develop a global smoothing algorithm for certifying the lower bound of a finite-horizon cumulative reward, as well as a novel local smoothing algorithm to perform adaptive search in order to obtain tighter reward certification.
Altruism Design in Networked Public Goods Games
Many collective decision-making settings feature a strategic tension between agents acting out of individual self-interest and promoting a common good.
FACESEC: A Fine-grained Robustness Evaluation Framework for Face Recognition Systems
Moreover, we observe that open-set face recognition systems are more vulnerable than closed-set systems under different types of attacks.
Re-identification of Individuals in Genomic Datasets Using Public Face Images
However, recent studies have suggested that genomic data can be effectively matched to high-resolution three-dimensional face images, which raises a concern that the increasingly ubiquitous public face images can be linked to shared genomic data, thereby re-identifying individuals in the genomic data.
Incentivizing Truthfulness Through Audits in Strategic Classification
While this policy can, in general, be hard to compute because of the difficulty of identifying the set of agents who could benefit from lying given a complete set of reported types, we also present necessary and sufficient conditions under which it is tractable.
Multiagent Systems Computer Science and Game Theory
Finding Physical Adversarial Examples for Autonomous Driving with Fast and Differentiable Image Compositing
We propose a scalable approach for finding adversarial modifications of a simulated autonomous driving environment using a differentiable approximation for the mapping from environmental modifications (rectangles on the road) to the corresponding video inputs to the controller neural network.
Optimizing Graph Structure for Targeted Diffusion
However, in many applications, such as targeted vulnerability assessment or clinical therapies, one aspires to affect a targeted subset of a network, while limiting the impact on the rest.
Social and Information Networks Physics and Society
Robust Collective Classification against Structural Attacks
Finally, we apply our approach in a transductive learning setting, and show that robust AMN is much more robust than state-of-the-art deep learning methods, while sacrificing little in accuracy on non-adversarial data.
Adversarial Robustness of Deep Sensor Fusion Models
First, we find that the fusion model is usually both more accurate, and more robust against single-source attacks than single-sensor deep neural networks.
A Review of Incident Prediction, Resource Allocation, and Dispatch Models for Emergency Management
In the last fifty years, researchers have developed statistical, data-driven, analytical, and algorithmic approaches for designing and improving emergency response management (ERM) systems.
Towards Robustness against Unsuspicious Adversarial Examples
We then experimentally demonstrate that our attacks indeed do not significantly change perceptual salience of the background, but are highly effective against classifiers robust to conventional attacks.
Inducing Equilibria in Networked Public Goods Games through Network Structure Modification
Networked public goods games model scenarios in which self-interested agents decide whether or how much to invest in an action that benefits not only themselves, but also their network neighbors.
Computer Science and Game Theory Multiagent Systems
On Algorithmic Decision Procedures in Emergency Response Systems in Smart and Connected Communities
This is not a trivial planning problem --- a major challenge with dynamically balancing the spatial distribution of responders is the complexity of the problem.
Protecting Geolocation Privacy of Photo Collections
We study this problem formally as a combinatorial optimization problem in the context of geolocation prediction facilitated by deep learning.
Adversarial Deep Reinforcement Learning based Adaptive Moving Target Defense
In this paper, we propose a multi-agent partially-observable Markov Decision Process model of MTD and formulate a two-player general-sum game between the adversary and the defender.
Multi-agent Reinforcement Learning
reinforcement-learning
+1
Deception through Half-Truths
Deception is a fundamental issue across a diverse array of settings, from cybersecurity, where decoys (e. g., honeypots) are an important tool, to politics that can feature politically motivated "leaks" and fake news about candidates. Typical considerations of deception view it as providing false information. However, just as important but less frequently studied is a more tacit form where information is strategically hidden or leaked. We consider the problem of how much an adversary can affect a principal's decision by "half-truths", that is, by masking or hiding bits of information, when the principal is oblivious to the presence of the adversary.
Computing Equilibria in Binary Networked Public Goods Games
Public goods games study the incentives of individuals to contribute to a public good and their behaviors in equilibria.
Computer Science and Game Theory
A Tale of Evil Twins: Adversarial Inputs versus Poisoned Models
Specifically, (i) we develop a new attack model that jointly optimizes adversarial inputs and poisoned models; (ii) with both analytical and empirical evidence, we reveal that there exist intriguing "mutual reinforcement" effects between the two attack vectors -- leveraging one vector significantly amplifies the effectiveness of the other; (iii) we demonstrate that such effects enable a large design spectrum for the adversary to enhance the existing attacks that exploit both vectors (e. g., backdoor attacks), such as maximizing the attack evasiveness with respect to various detection methods; (iv) finally, we discuss potential countermeasures against such optimized attacks and their technical challenges, pointing to several promising research directions.
Path Planning Games
Path planning is a fundamental and extensively explored problem in robotic control.
Attacking Vision-based Perception in End-to-End Autonomous Driving Models
One such example is autonomous driving, which often relies on deep learning for perception.
Defending Against Physically Realizable Attacks on Image Classification
Finally, we demonstrate that adversarial training using our new attack yields image classification models that exhibit high robustness against the physically realizable attacks we study, offering the first effective generic defense against such attacks.
Adversarial Robustness of Similarity-Based Link Prediction
We propose a novel approach for increasing robustness of similarity-based link prediction by endowing the analyst with a restricted set of reliable queries which accurately measure the existence of queried links.
Finding Needles in a Moving Haystack: Prioritizing Alerts with Adversarial Reinforcement Learning
We then use these in a double-oracle framework to obtain an approximate equilibrium of the game, which in turn yields a robust stochastic policy for the defender.
A Semantic Cover Approach for Topic Modeling
We introduce a novel topic modeling approach based on constructing a semantic set cover for clusters of similar documents.
Simple Physical Adversarial Examples against End-to-End Autonomous Driving Models
Recent advances in machine learning, especially techniques such as deep neural networks, are promoting a range of high-stakes applications, including autonomous driving, which often relies on deep learning for perception.
An Online Decision-Theoretic Pipeline for Responder Dispatch
We highlight why such an approach is crucial to the effectiveness of emergency response, and present an algorithmic framework that can compute promising actions for a given decision-theoretic model for responder dispatch.
Distributionally Robust Removal of Malicious Nodes from Networks
An important problem in networked systems is detection and removal of suspected malicious nodes.
Removing Malicious Nodes from Networks
In reality, detection is always imperfect, and the decision about which potentially malicious nodes to remove must trade off false positives (erroneously removing benign nodes) and false negatives (mistakenly failing to remove malicious nodes).
Regularized Ensembles and Transferability in Adversarial Learning
Despite the considerable success of convolutional neural networks in a broad array of domains, recent research has shown these to be vulnerable to small adversarial perturbations, commonly known as adversarial examples.
Attacking Similarity-Based Link Prediction in Social Networks
We offer a comprehensive algorithmic investigation of the problem of attacking similarity-based link prediction through link deletion, focusing on two broad classes of such approaches, one which uses only local information about target links, and another which uses global network information.
Social and Information Networks Cryptography and Security
Attack Tolerance of Link Prediction Algorithms: How to Hide Your Relations in a Social Network
Link prediction is one of the fundamental research problems in network analysis.
Social and Information Networks Cryptography and Security 91D30 (Primary) 68T20 (Secondary) G.2.2; J.4
Adversarial Regression with Multiple Learners
We present an algorithm for computing this equilibrium, and show through extensive experiments that equilibrium models are significantly more robust than conventional regularized linear regression.
Optical Neural Networks
We develop a novel optical neural network (ONN) framework which introduces a degree of scalar invariance to image classification estima- tion.
Community Detection by Information Flow Simulation
Community detection remains an important problem in data mining, owing to the lack of scalable algorithms that exploit all aspects of available data - namely the directionality of flow of information and the dynamics thereof.
Social and Information Networks Physics and Society
Adversarial Regression for Detecting Attacks in Cyber-Physical Systems
Attacks in cyber-physical systems (CPS) which manipulate sensor readings can cause enormous physical damage if undetected.
Get Your Workload in Order: Game Theoretic Prioritization of Database Auditing
For enhancing the privacy protections of databases, where the increasing amount of detailed personal data is stored and processed, multiple mechanisms have been developed, such as audit logging and alert triggers, which notify administrators about suspicious activities; however, the two main limitations in common are: 1) the volume of such alerts is often substantially greater than the capabilities of resource-constrained organizations, and 2) strategic attackers may disguise their actions or carefully choosing which records they touch, making incompetent the statistical detection models.
Improving Robustness of ML Classifiers against Realizable Evasion Attacks Using Conserved Features
A conventional approach to evaluate ML robustness to such attacks, as well as to design robust ML, is by considering simplified feature-space models of attacks, where the attacker changes ML features directly to effect evasion, while minimizing or constraining the magnitude of this change.
Empirically Grounded Agent-Based Models of Innovation Diffusion: A Critical Review
Innovation diffusion has been studied extensively in a variety of disciplines, including sociology, economics, marketing, ecology, and computer science.
Data Poisoning Attacks on Factorization-Based Collaborative Filtering
Recommendation and collaborative filtering systems are important in modern information and e-commerce applications.
Robust High-Dimensional Linear Regression
The effectiveness of supervised learning techniques has made them ubiquitous in research and practice.
A General Retraining Framework for Scalable Adversarial Classification
We propose the first systematic and general-purpose retraining framework which can: a) boost robustness of an \emph{arbitrary} learning algorithm, in the face of b) a broader class of adversarial models than any prior methods.
Multidefender Security Games
Unlike most prior analysis, we focus on the situations in which each defender must protect multiple targets, so that even a single defender's best response decision is, in general, highly non-trivial.
Feature Cross-Substitution in Adversarial Classification
The success of machine learning, particularly in supervised settings, has led to numerous attempts to apply it in adversarial settings such as spam and malware detection.
