Defending Jailbreak Prompts via In-Context Adversarial Game

no code implementations • 20 Feb 2024 • Yujun Zhou, Yufei Han, Haomin Zhuang, Taicheng Guo, Kehan Guo, Zhenwen Liang, Hongyan Bao, Xiangliang Zhang

Large Language Models (LLMs) demonstrate remarkable capabilities across diverse applications.

Manipulating Predictions over Discrete Inputs in Machine Teaching

no code implementations • 31 Jan 2024 • Xiaodong Wu, Yufei Han, Hayssam Dahrouj, Jianbing Ni, Zhenwen Liang, Xiangliang Zhang

Machine teaching often involves the creation of an optimal (typically minimal) dataset to help a model (referred to as the `student') achieve specific goals given by a teacher.

Combinatorial Optimization

BadRL: Sparse Targeted Backdoor Attack Against Reinforcement Learning

1 code implementation • 19 Dec 2023 • Jing Cui, Yufei Han, Yuzhe ma, Jianbin Jiao, Junge Zhang

Our algorithm, BadRL, strategically chooses state observations with high attack values to inject triggers during training and testing, thereby reducing the chances of detection.

Backdoor Attack reinforcement-learning +1

MS-UNet-v2: Adaptive Denoising Method and Training Strategy for Medical Image Segmentation with Small Training Data

no code implementations • 7 Sep 2023 • HaoYuan Chen, Yufei Han, Pin Xu, Yanyi Li, Kuan Li, Jianping Yin

The proposed multi-scale nested decoder structure allows the feature mapping between the decoder and encoder to be semantically closer, thus enabling the network to learn more detailed features.

Denoising Image Segmentation +3

Decoding the Secrets of Machine Learning in Malware Classification: A Deep Dive into Datasets, Feature Extraction, and Model Performance

1 code implementation • 27 Jul 2023 • Savino Dambra, Yufei Han, Simone Aonzo, Platon Kotzias, Antonino Vitale, Juan Caballero, Davide Balzarotti, Leyla Bilge

As a consequence, our community still lacks an understanding of malware classification results: whether they are tied to the nature and distribution of the collected dataset, to what extent the number of families and samples in the training dataset influence performance, and how well static and dynamic features complement each other.

Classification Malware Detection

BadVFL: Backdoor Attacks in Vertical Federated Learning

no code implementations • 18 Apr 2023 • Mohammad Naseri, Yufei Han, Emiliano De Cristofaro

In VFL, the participants share the same set of training instances but only host a different and non-overlapping subset of the whole feature space.

Backdoor Attack Fraud Detection +1

Towards Efficient and Domain-Agnostic Evasion Attack with High-dimensional Categorical Inputs

no code implementations • 13 Dec 2022 • Hongyan Bao, Yufei Han, Yujun Zhou, Xin Gao, Xiangliang Zhang

Our work targets at searching feasible adversarial perturbation to attack a classifier with high-dimensional categorical inputs in a domain-agnostic setting.

AdvCat: Domain-Agnostic Robustness Assessment for Cybersecurity-Critical Applications with Categorical Inputs

no code implementations • 13 Dec 2022 • Helene Orsini, Hongyan Bao, Yujun Zhou, Xiangrui Xu, Yufei Han, Longyang Yi, Wei Wang, Xin Gao, Xiangliang Zhang

Machine Learning-as-a-Service systems (MLaaS) have been largely developed for cybersecurity-critical applications, such as detecting network intrusions and fake news campaigns.

Adversarial Robustness Fake News Detection +1

Cerberus: Exploring Federated Prediction of Security Events

no code implementations • 7 Sep 2022 • Mohammad Naseri, Yufei Han, Enrico Mariconti, Yun Shen, Gianluca Stringhini, Emiliano De Cristofaro

Modern defenses against cyberattacks increasingly rely on proactive approaches, e. g., to predict the adversary's next actions based on past events.

Federated Learning

Finding MNEMON: Reviving Memories of Node Embeddings

no code implementations • 14 Apr 2022 • Yun Shen, Yufei Han, Zhikun Zhang, Min Chen, Ting Yu, Michael Backes, Yang Zhang, Gianluca Stringhini

Previous security research efforts orbiting around graphs have been exclusively focusing on either (de-)anonymizing the graphs or understanding the security and privacy issues of graph neural networks.

Graph Embedding

Model Stealing Attacks Against Inductive Graph Neural Networks

1 code implementation • 15 Dec 2021 • Yun Shen, Xinlei He, Yufei Han, Yang Zhang

Graph neural networks (GNNs), a new family of machine learning (ML) models, have been proposed to fully leverage graph data to build powerful applications.

Learning to dehaze with polarization

no code implementations • NeurIPS 2021 • Chu Zhou, Minggui Teng, Yufei Han, Chao Xu, Boxin Shi

Haze, a common kind of bad weather caused by atmospheric scattering, decreases the visibility of scenes and degenerates the performance of computer vision algorithms.

Image Dehazing Single Image Dehazing

Towards Understanding the Robustness Against Evasion Attack on Categorical Data

no code implementations • ICLR 2022 • Hongyan Bao, Yufei Han, Yujun Zhou, Yun Shen, Xiangliang Zhang

Characterizing and assessing the adversarial vulnerability of classification models with categorical input has been a practically important, while rarely explored research problem.

Classification

Attack Transferability Characterization for Adversarially Robust Multi-label Classification

1 code implementation • 29 Jun 2021 • Zhuo Yang, Yufei Han, Xiangliang Zhang

We unveil how the transferability level of the attack determines the attackability of the classifier via establishing an information-theoretic analysis of the adversarial risk.

Adversarial Attack Classification +3

Characterizing the Evasion Attackability of Multi-label Classifiers

no code implementations • 17 Dec 2020 • Zhuo Yang, Yufei Han, Xiangliang Zhang

Evasion attack in multi-label learning systems is an interesting, widely witnessed, yet rarely explored research topic.

Computational Efficiency Multi-Label Learning

Robust Multi-Output Learning with Highly Incomplete Data via Restricted Boltzmann Machines

no code implementations • 19 Dec 2019 • Giancarlo Fissore, Aurélien Decelle, Cyril Furtlehner, Yufei Han

In order to take full advantage of these dependencies we consider a purely probabilistic setting in which the features imputation and multi-label classification problems are jointly solved.

Classification General Classification +3

Prototypical Networks for Multi-Label Learning

no code implementations • 17 Nov 2019 • Zhuo Yang, Yufei Han, Guoxian Yu, Qiang Yang, Xiangliang Zhang

We propose to formulate multi-label learning as a estimation of class distribution in a non-linear embedding space, where for each label, its positive data embeddings and negative data embeddings distribute compactly to form a positive component and negative component respectively, while the positive component and negative component are pushed away from each other.

Multi-Label Classification Multi-Label Learning

Robust Federated Training via Collaborative Machine Teaching using Trusted Instances

no code implementations • 8 May 2019 • Yufei Han, Xiangliang Zhang

In our work, we propose a collaborative and privacy-preserving machine teaching paradigm with multiple distributed teachers, to improve robustness of the federated training process against local data corruption.

Data Poisoning Federated Learning +1

Collaborative and Privacy-Preserving Machine Teaching via Consensus Optimization

no code implementations • 7 May 2019 • Yufei Han, Yuzhe ma, Christopher Gates, Kevin Roundy, Yun Shen

To address these challenges, we formulate collaborative teaching as a consensus and privacy-preserving optimization process to minimize teaching risk.

Privacy Preserving

Mini-Batch Spectral Clustering

no code implementations • 7 Jul 2016 • Yufei Han, Maurizio Filippone

The cost of computing the spectrum of Laplacian matrices hinders the application of spectral clustering to large data sets.

Clustering