Search Results for author:
Found 31 papers, 25 papers with code
Vulnerability Detection with Code Language Models: How Far Are We?
Evaluating code LMs on PrimeVul reveals that existing benchmarks significantly overestimate the performance of these models.
Generative AI Security: Challenges and Countermeasures
Generative AI's expanding footprint across numerous industries has led to both excitement and increased scrutiny.
PAL: Proxy-Guided Black-Box Attack on Large Language Models
In this work, we introduce the Proxy-Guided Attack on LLMs (PAL), the first optimization-based attack on LLMs in a black-box query-only setting.
Jatmo: Prompt Injection Defense by Task-Specific Finetuning
Jatmo only needs a task prompt and a dataset of inputs for the task: it uses the teacher model to generate outputs.
Mark My Words: Analyzing and Evaluating Language Model Watermarks
The capabilities of large language models have grown significantly in recent years and so too have concerns about their misuse.
Can LLMs Follow Simple Rules?
As Large Language Models (LLMs) are deployed with increasing real-world responsibilities, it is important to be able to specify and constrain the behavior of these systems in a reliable manner.
PubDef: Defending Against Transfer Attacks From Public Models
We evaluate the transfer attacks in this setting and propose a specialized defense method based on a game-theoretic perspective.
DiverseVul: A New Vulnerable Source Code Dataset for Deep Learning Based Vulnerability Detection
Combining our new dataset with previous datasets, we present an analysis of the challenges and promising research directions of using deep learning for detecting software vulnerabilities.
Continuous Learning for Android Malware Detection
We propose a new hierarchical contrastive learning scheme, and a new sample selection technique to continuously train the Android malware classifier.
REAP: A Large-Scale Realistic Adversarial Patch Benchmark
In this work, we propose the REAP (REalistic Adversarial Patch) benchmark, a digital benchmark that allows the user to evaluate patch attacks on real images, and under real-world conditions.
Part-Based Models Improve Adversarial Robustness
We show that combining human prior knowledge with end-to-end learning can improve the robustness of deep neural networks by introducing a part-based model for object classification.
Demystifying the Adversarial Robustness of Random Transformation Defenses
Furthermore, we create the strongest possible attack to evaluate our RT defense.
SLIP: Self-supervision meets Language-Image Pre-training
Across ImageNet and a battery of additional datasets, we find that SLIP improves accuracy by a large margin.
Learning Security Classifiers with Verified Global Robustness Properties
Since data distribution shift is very common in security applications, e. g., often observed for malware detection, local robustness cannot guarantee that the property holds for unseen inputs at the time of deploying the classifier.
Adversarial Examples for k-Nearest Neighbor Classifiers Based on Higher-Order Voronoi Diagrams
On a high level, the search radius expands to the nearby higher-order Voronoi cells until we find a cell that classifies differently from the input point.
Fighting Gradients with Gradients: Dynamic Defenses against Adversarial Attacks
Adversarial attacks optimize against models to defeat defenses.
Model-Agnostic Defense for Lane Detection against Adversarial Attack
Susceptibility of neural networks to adversarial attack prompts serious safety concerns for lane detection efforts, a domain where such models have been widely applied.
Adversarial Examples for $k$-Nearest Neighbor Classifiers Based on Higher-Order Voronoi Diagrams
On a high level, the search radius expands to the nearby Voronoi cells until we find a cell that classifies differently from the input point.
Minority Reports Defense: Defending Against Adversarial Patches
We propose a defense against patch attacks based on partially occluding the image around each candidate patch location, so that a few occlusions each completely hide the patch.
SAT: Improving Adversarial Training via Curriculum-Based Loss Smoothing
This leads to a significant improvement in both clean accuracy and robustness compared to AT, TRADES, and other baselines.
Minimum-Norm Adversarial Examples on KNN and KNN-Based Models
We study the robustness against adversarial examples of kNN classifiers and classifiers that combine kNN with neural networks.
Stateful Detection of Black-Box Adversarial Attacks
This is true even when, as is the case in many practical settings, the classifier is hosted as a remote service and so the adversary does not have direct access to the model parameters.
Defending Against Adversarial Examples with K-Nearest Neighbor
With our models, the mean perturbation norm required to fool our MNIST model is 3. 07 and 2. 30 on CIFAR-10.
On the Robustness of Deep K-Nearest Neighbors
Despite a large amount of attention on adversarial examples, very few works have demonstrated an effective defense against this threat.
Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples
We identify obfuscated gradients, a kind of gradient masking, as a phenomenon that leads to a false sense of security in defenses against adversarial examples.
Audio Adversarial Examples: Targeted Attacks on Speech-to-Text
We construct targeted audio adversarial examples on automatic speech recognition.
Automatic Speech Recognition
Automatic Speech Recognition (ASR)
+1
MagNet and "Efficient Defenses Against Adversarial Attacks" are Not Robust to Adversarial Examples
MagNet and "Efficient Defenses..." were recently proposed as a defense to adversarial examples.
Adversarial Examples Are Not Easily Detected: Bypassing Ten Detection Methods
Neural networks are known to be vulnerable to adversarial examples: inputs that are close to natural inputs but classified incorrectly.
Towards Evaluating the Robustness of Neural Networks
Defensive distillation is a recently proposed approach that can take an arbitrary neural network, and increase its robustness, reducing the success rate of current attacks' ability to find adversarial examples from $95\%$ to $0. 5\%$.
Spoofing 2D Face Detection: Machines See People Who Aren't There
Machine learning is increasingly used to make sense of the physical world yet may suffer from adversarial manipulation.
Defensive Distillation is Not Robust to Adversarial Examples
We show that defensive distillation is not secure: it is no more resistant to targeted misclassification attacks than unprotected neural networks.
