Search Results for author:
Found 10 papers, 6 papers with code
$σ$-zero: Gradient-based Optimization of $\ell_0$-norm Adversarial Examples
Evaluating the adversarial robustness of deep networks to gradient-based attacks is challenging.
Hardening RGB-D Object Recognition Systems against Adversarial Patch Attacks
We empirically show that this defense improves the performances of RGB-D systems against adversarial examples even when they are computed ad-hoc to circumvent this detection mechanism, and that is also more effective than adversarial training.
Minimizing Energy Consumption of Deep Learning Models by Energy-Aware Training
Deep learning models undergo a significant increase in the number of parameters they possess, leading to the execution of a larger number of operations during inference.
On the Limitations of Model Stealing with Uncertainty Quantification Models
We realize that during training, the models tend to have similar predictions, indicating that the network diversity we wanted to leverage using uncertainty quantification models is not (high) enough for improvements on the model stealing task.
Wild Patterns Reloaded: A Survey of Machine Learning Security against Training Data Poisoning
In this survey, we provide a comprehensive systematization of poisoning attacks and defenses in machine learning, reviewing more than 100 papers published in the field in the last 15 years.
Machine Learning Security against Data Poisoning: Are We There Yet?
The recent success of machine learning (ML) has been fueled by the increasing availability of computing power and large amounts of data in many different applications.
Energy-Latency Attacks via Sponge Poisoning
Sponge examples are test-time inputs carefully optimized to increase energy consumption and latency of neural networks when deployed on hardware accelerators.
Backdoor Learning Curves: Explaining Backdoor Poisoning Beyond Influence Functions
Backdoor attacks inject poisoning samples during training, with the goal of forcing a machine learning model to output an attacker-chosen class when presented a specific trigger at test time.
The Hammer and the Nut: Is Bilevel Optimization Really Needed to Poison Linear Classifiers?
One of the most concerning threats for modern AI systems is data poisoning, where the attacker injects maliciously crafted training data to corrupt the system's behavior at test time.
A black-box adversarial attack for poisoning clustering
In an attempt to fill this gap, in this work, we propose a black-box adversarial attack for crafting adversarial samples to test the robustness of clustering algorithms.
