1 code implementation • 27 Mar 2024 • Yangruibo Ding, Yanjun Fu, Omniyyah Ibrahim, Chawin Sitawarin, Xinyun Chen, Basel Alomair, David Wagner, Baishakhi Ray, Yizheng Chen
Evaluating code LMs on PrimeVul reveals that existing benchmarks significantly overestimate the performance of these models.
no code implementations • 20 Feb 2024 • Banghua Zhu, Norman Mu, Jiantao Jiao, David Wagner
Generative AI's expanding footprint across numerous industries has led to both excitement and increased scrutiny.
1 code implementation • 15 Feb 2024 • Chawin Sitawarin, Norman Mu, David Wagner, Alexandre Araujo
In this work, we introduce the Proxy-Guided Attack on LLMs (PAL), the first optimization-based attack on LLMs in a black-box query-only setting.
1 code implementation • 29 Dec 2023 • Julien Piet, Maha Alrashed, Chawin Sitawarin, Sizhe Chen, Zeming Wei, Elizabeth Sun, Basel Alomair, David Wagner
Jatmo only needs a task prompt and a dataset of inputs for the task: it uses the teacher model to generate outputs.
1 code implementation • 1 Dec 2023 • Julien Piet, Chawin Sitawarin, Vivian Fang, Norman Mu, David Wagner
The capabilities of large language models have grown significantly in recent years and so too have concerns about their misuse.
1 code implementation • 6 Nov 2023 • Norman Mu, Sarah Chen, Zifan Wang, Sizhe Chen, David Karamardian, Lulwa Aljeraisy, Basel Alomair, Dan Hendrycks, David Wagner
As Large Language Models (LLMs) are deployed with increasing real-world responsibilities, it is important to be able to specify and constrain the behavior of these systems in a reliable manner.
1 code implementation • 26 Oct 2023 • Chawin Sitawarin, Jaewon Chang, David Huang, Wesson Altoyan, David Wagner
We evaluate the transfer attacks in this setting and propose a specialized defense method based on a game-theoretic perspective.
1 code implementation • 1 Apr 2023 • Yizheng Chen, Zhoujie Ding, Lamya Alowain, Xinyun Chen, David Wagner
Combining our new dataset with previous datasets, we present an analysis of the challenges and promising research directions of using deep learning for detecting software vulnerabilities.
2 code implementations • 8 Feb 2023 • Yizheng Chen, Zhoujie Ding, David Wagner
We propose a new hierarchical contrastive learning scheme, and a new sample selection technique to continuously train the Android malware classifier.
1 code implementation • ICCV 2023 • Nabeel Hingun, Chawin Sitawarin, Jerry Li, David Wagner
In this work, we propose the REAP (REalistic Adversarial Patch) benchmark, a digital benchmark that allows the user to evaluate patch attacks on real images, and under real-world conditions.
1 code implementation • 15 Sep 2022 • Chawin Sitawarin, Kornrapat Pongmala, Yizheng Chen, Nicholas Carlini, David Wagner
We show that combining human prior knowledge with end-to-end learning can improve the robustness of deep neural networks by introducing a part-based model for object classification.
1 code implementation • AAAI Workshop AdvML 2022 • Chawin Sitawarin, Zachary Golan-Strieb, David Wagner
Furthermore, we create the strongest possible attack to evaluate our RT defense.
1 code implementation • 23 Dec 2021 • Norman Mu, Alexander Kirillov, David Wagner, Saining Xie
Across ImageNet and a battery of additional datasets, we find that SLIP improves accuracy by a large margin.
1 code implementation • 24 May 2021 • Yizheng Chen, Shiqi Wang, Yue Qin, Xiaojing Liao, Suman Jana, David Wagner
Since data distribution shift is very common in security applications, e. g., often observed for malware detection, local robustness cannot guarantee that the property holds for unseen inputs at the time of deploying the classifier.
no code implementations • NeurIPS 2021 • Chawin Sitawarin, Evgenios M. Kornaropoulos, Dawn Song, David Wagner
On a high level, the search radius expands to the nearby higher-order Voronoi cells until we find a cell that classifies differently from the input point.
2 code implementations • NeurIPS 2021 • Dequan Wang, An Ju, Evan Shelhamer, David Wagner, Trevor Darrell
Adversarial attacks optimize against models to defeat defenses.
1 code implementation • 1 Mar 2021 • Henry Xu, An Ju, David Wagner
Susceptibility of neural networks to adversarial attack prompts serious safety concerns for lane detection efforts, a domain where such models have been widely applied.
1 code implementation • NeurIPS 2021 • Chawin Sitawarin, Evgenios M. Kornaropoulos, Dawn Song, David Wagner
On a high level, the search radius expands to the nearby Voronoi cells until we find a cell that classifies differently from the input point.
no code implementations • 28 Apr 2020 • Michael McCoyd, Won Park, Steven Chen, Neil Shah, Ryan Roggenkemper, Minjune Hwang, Jason Xinyu Liu, David Wagner
We propose a defense against patch attacks based on partially occluding the image around each candidate patch location, so that a few occlusions each completely hide the patch.
no code implementations • 18 Mar 2020 • Chawin Sitawarin, Supriyo Chakraborty, David Wagner
This leads to a significant improvement in both clean accuracy and robustness compared to AT, TRADES, and other baselines.
1 code implementation • 14 Mar 2020 • Chawin Sitawarin, David Wagner
We study the robustness against adversarial examples of kNN classifiers and classifiers that combine kNN with neural networks.
1 code implementation • 12 Jul 2019 • Steven Chen, Nicholas Carlini, David Wagner
This is true even when, as is the case in many practical settings, the classifier is hosted as a remote service and so the adversary does not have direct access to the model parameters.
1 code implementation • 23 Jun 2019 • Chawin Sitawarin, David Wagner
With our models, the mean perturbation norm required to fool our MNIST model is 3. 07 and 2. 30 on CIFAR-10.
2 code implementations • 20 Mar 2019 • Chawin Sitawarin, David Wagner
Despite a large amount of attention on adversarial examples, very few works have demonstrated an effective defense against this threat.
4 code implementations • ICML 2018 • Anish Athalye, Nicholas Carlini, David Wagner
We identify obfuscated gradients, a kind of gradient masking, as a phenomenon that leads to a false sense of security in defenses against adversarial examples.
4 code implementations • 5 Jan 2018 • Nicholas Carlini, David Wagner
We construct targeted audio adversarial examples on automatic speech recognition.
Automatic Speech Recognition Automatic Speech Recognition (ASR) +1
1 code implementation • 22 Nov 2017 • Nicholas Carlini, David Wagner
MagNet and "Efficient Defenses..." were recently proposed as a defense to adversarial examples.
no code implementations • 20 May 2017 • Nicholas Carlini, David Wagner
Neural networks are known to be vulnerable to adversarial examples: inputs that are close to natural inputs but classified incorrectly.
26 code implementations • 16 Aug 2016 • Nicholas Carlini, David Wagner
Defensive distillation is a recently proposed approach that can take an arbitrary neural network, and increase its robustness, reducing the success rate of current attacks' ability to find adversarial examples from $95\%$ to $0. 5\%$.
no code implementations • 6 Aug 2016 • Michael McCoyd, David Wagner
Machine learning is increasingly used to make sense of the physical world yet may suffer from adversarial manipulation.
1 code implementation • 14 Jul 2016 • Nicholas Carlini, David Wagner
We show that defensive distillation is not secure: it is no more resistant to targeted misclassification attacks than unprotected neural networks.