Search Results for author:
Found 25 papers, 5 papers with code
Universal Post-Training Reverse-Engineering Defense Against Backdoors in Deep Neural Networks
A variety of defenses have been proposed against backdoors attacks on deep neural network (DNN) classifiers.
Post-Training Overfitting Mitigation in DNN Classifiers
Well-known (non-malicious) sources of overfitting in deep neural net (DNN) classifiers include: i) large class imbalances; ii) insufficient training-set diversity; and iii) over-training.
Backdoor Mitigation by Correcting the Distribution of Neural Activations
Backdoor (Trojan) attacks are an important type of adversarial exploit against deep neural networks (DNNs), wherein a test instance is (mis)classified to the attacker's target class whenever the attacker's backdoor trigger is present.
Improved Activation Clipping for Universal Backdoor Mitigation and Test-Time Detection
Deep neural networks are vulnerable to backdoor attacks (Trojans), where an attacker poisons the training set with backdoor triggers so that the neural network learns to classify test-time triggers to the attacker's designated target class.
MM-BD: Post-Training Detection of Backdoor Attacks with Arbitrary Backdoor Pattern Types Using a Maximum Margin Statistic
Our detector leverages the influence of the backdoor attack, independent of the backdoor embedding mechanism, on the landscape of the classifier's outputs prior to the softmax layer.
Post-Training Detection of Backdoor Attacks for Two-Class and Multi-Attack Scenarios
We show that our ET statistic is effective {\it using the same detection threshold}, irrespective of the classification domain, the attack configuration, and the BP reverse-engineering algorithm that is used.
Test-Time Detection of Backdoor Triggers for Poisoned Deep Neural Networks
A DNN being attacked will predict to an attacker-desired target class whenever a test sample from any source class is embedded with a backdoor pattern; while correctly classifying clean (attack-free) test samples.
Detecting Backdoor Attacks Against Point Cloud Classifiers
Backdoor attacks (BA) are an emerging threat to deep neural network classifiers.
Backdoor Attack and Defense for Deep Regression
We demonstrate a backdoor attack on a deep neural network used for regression.
Robust and Active Learning for Deep Neural Network Regression
We describe a gradient-based method to discover local error maximizers of a deep neural network (DNN) used for regression, assuming the availability of an "oracle" capable of providing real-valued supervision (a regression target) for samples.
A BIC-based Mixture Model Defense against Data Poisoning Attacks on Classifiers
Data Poisoning (DP) is an effective attack that causes trained classifiers to misclassify their inputs.
Anomaly Detection of Adversarial Examples using Class-conditional Generative Adversarial Networks
Deep Neural Networks (DNNs) have been shown vulnerable to Test-Time Evasion attacks (TTEs, or adversarial examples), which, by making small changes to the input, alter the DNN's decision.
L-RED: Efficient Post-Training Detection of Imperceptible Backdoor Attacks without Access to the Training Set
Unfortunately, most existing REDs rely on an unrealistic assumption that all classes except the target class are source classes of the attack.
Reverse Engineering Imperceptible Backdoor Attacks on Deep Neural Networks for Detection and Training Set Cleansing
The attacker poisons the training set with a relatively small set of images from one (or several) source class(es), embedded with a backdoor pattern and labeled to a target class.
Revealing Perceptible Backdoors, without the Training Set, via the Maximum Achievable Misclassification Fraction Statistic
Here, we address post-training detection of innocuous perceptible backdoors in DNN image classifiers, wherein the defender does not have access to the poisoned training set, but only to the trained classifier, as well as unpoisoned examples.
Notes on Margin Training and Margin p-Values for Deep Neural Network Classifiers
We provide a new local class-purity theorem for Lipschitz continuous DNN classifiers.
Detection of Backdoors in Trained Classifiers Without Access to the Training Set
Here we address post-training detection of backdoor attacks in DNN image classifiers, seldom considered in existing works, wherein the defender does not have access to the poisoned training set, but only to the trained classifier itself, as well as to clean examples from the classification domain.
Adversarial Learning in Statistical Classification: A Comprehensive Review of Defenses Against Attacks
After introducing relevant terminology and the goals and range of possible knowledge of both attackers and defenders, we survey recent work on test-time evasion (TTE), data poisoning (DP), and reverse engineering (RE) attacks and particularly defenses against same.
A Mixture Model Based Defense for Data Poisoning Attacks Against Naive Bayes Spam Filters
Such attacks are successful mainly because of the poor representation power of the naive Bayes (NB) model, with only a single (component) density to represent spam (plus a possible attack).
When Not to Classify: Anomaly Detection of Attacks (ADA) on DNN Classifiers at Test Time
Tested on MNIST and CIFAR-10 image databases under three prominent attack strategies, our approach outperforms previous detection methods, achieving strong ROC AUC detection accuracy on two attacks and better accuracy than recently reported for a variety of methods on the strongest (CW) attack.
Graphical Time Warping for Joint Alignment of Multiple Curves
We name the proposed approach graphical time warping (GTW), emphasizing the graphical nature of the solution and that the dependency structure of the warping functions can be represented by a graph.
ATD: Anomalous Topic Discovery in High Dimensional Discrete Data
Individual AD techniques and techniques that detect anomalies using all the features typically fail to detect such anomalies, but our method can detect such instances collectively, discover the shared anomalous patterns exhibited by them, and identify the subsets of salient features.
Detecting Clusters of Anomalies on Low-Dimensional Feature Subsets with Application to Network Traffic Flow Data
In this work, we develop a group anomaly detection (GAD) scheme to identify the subset of samples and subset of features that jointly specify an anomalous cluster.
Convex Analysis of Mixtures for Separating Non-negative Well-grounded Sources
We prove a sufficient and necessary condition for identifying the mixing matrix through edge detection, which also serves as the foundation for CAM to be applied not only to the exact-determined and over-determined cases, but also to the under-determined case.
Parsimonious Topic Models with Salient Word Discovery
We minimize BIC to jointly determine our entire model -- the topic-specific words, document-specific topics, all model parameter values, {\it and} the total number of topics -- in a wholly unsupervised fashion.
