Search Results for author:
Found 18 papers, 12 papers with code
Diffusion Denoising as a Certified Defense against Clean-label Poisoning
We present a certified defense to clean-label poisoning attacks.
DART: A Principled Approach to Adversarially Robust Unsupervised Domain Adaptation
To address this challenge, we first establish a generalization bound for the adversarial target loss, which consists of (i) terms related to the loss on the data, and (ii) a measure of worst-case domain divergence.
Harnessing large-language models to generate private synthetic text
An alternative approach, which this paper studies, is to use a sensitive dataset to generate synthetic data that is differentially private with respect to the original data, and then non-privately training a model on the synthetic data.
RETVec: Resilient and Efficient Text Vectorizer
The RETVec embedding model is pre-trained using pair-wise metric learning to be robust against typos and character-level adversarial attacks.
Publishing Efficient On-device Models Increases Adversarial Vulnerability
We then show that the vulnerability increases as the similarity between a full-scale and its efficient model increase.
Differentially Private Image Classification from Features
We find that linear regression is much more effective than logistic regression from both privacy and computational aspects, especially at stricter epsilon values ($\epsilon < 1$).
Ranked #35 on
Image Classification
on ImageNet
Large Scale Transfer Learning for Differentially Private Image Classification
Moreover, by systematically comparing private and non-private models across a range of large batch sizes, we find that similar to non-private setting, choice of optimizer can further improve performance substantially with DP.
Toward Training at ImageNet Scale with Differential Privacy
Despite a rich literature on how to train ML models with differential privacy, it remains extremely challenging to train real-life, large neural networks with both reasonable accuracy and privacy.
Handcrafted Backdoors in Deep Neural Networks
When machine learning training is outsourced to third parties, $backdoor$ $attacks$ become practical as the third party who trains the model may act maliciously to inject hidden behaviors into the otherwise accurate model.
Enabling certification of verification-agnostic networks via memory-efficient semidefinite programming
In this work, we propose a first-order dual SDP algorithm that (1) requires memory only linear in the total number of network activations, (2) only requires a fixed number of forward/backward passes through the network per iteration.
On Evaluating Adversarial Robustness
Correctly evaluating defenses against adversarial examples has proven to be extremely difficult.
Adversarial Vision Challenge
The NIPS 2018 Adversarial Vision Challenge is a competition to facilitate measurable progress towards robust machine vision models and more generally applicable adversarial attacks.
Adversarial Attacks and Defences Competition
To accelerate research on adversarial examples and robustness of machine learning classifiers, Google Brain organized a NIPS 2017 competition that encouraged researchers to develop new methods to generate adversarial examples as well as to develop new ways to defend against them.
Adversarial Logit Pairing
In this paper, we develop improved techniques for defending against adversarial examples at scale.
Ensemble Adversarial Training: Attacks and Defenses
We show that this form of adversarial training converges to a degenerate global minimum, wherein small curvature artifacts near the data points obfuscate a linear approximation of the loss.
Adversarial Machine Learning at Scale
Adversarial examples are malicious inputs designed to fool machine learning models.
Technical Report on the CleverHans v2.1.0 Adversarial Examples Library
An adversarial example library for constructing attacks, building defenses, and benchmarking both
Adversarial examples in the physical world
Up to now, all previous work have assumed a threat model in which the adversary can feed data directly into the machine learning classifier.
