Search Results for author:
Found 37 papers, 18 papers with code
DrAttack: Prompt Decomposition and Reconstruction Makes Powerful LLM Jailbreakers
DrAttack includes three key components: (a) `Decomposition' of the original prompt into sub-prompts, (b) `Reconstruction' of these sub-prompts implicitly by in-context learning with semantically similar but harmless reassembling demo, and (c) a `Synonym Search' of sub-prompts, aiming to find sub-prompts' synonyms that maintain the original intent while jailbreaking LLMs.
Sparse MeZO: Less Parameters for Better Performance in Zeroth-Order LLM Fine-Tuning
While fine-tuning large language models (LLMs) for specific tasks often yields impressive results, it comes at the cost of memory inefficiency due to back-propagation in gradient-based training.
MuLan: Multimodal-LLM Agent for Progressive Multi-Object Diffusion
Moreover, MuLan adopts a vision-language model (VLM) to provide feedback to the image generated in each sub-task and control the diffusion model to re-generate the image if it violates the original prompt.
Dataset Distillation via Adversarial Prediction Matching
This ensures the memory efficiency of our method and provides a flexible tradeoff between time and memory budgets, allowing us to distil ImageNet-1K using a minimum of only 6. 5GB of GPU memory.
Towards Stable Backdoor Purification through Feature Shift Tuning
Our analysis shows that with the low poisoning rate, the entanglement between backdoor and clean features undermines the effect of tuning-based defenses.
Attacking by Aligning: Clean-Label Backdoor Attacks on Object Detection
Deep neural networks (DNNs) have shown unprecedented success in object detection tasks.
Backdoor Learning on Sequence to Sequence Models
Backdoor learning has become an emerging research area towards building a trustworthy machine learning system.
PTP: Boosting Stability and Performance of Prompt Tuning with Perturbation-Based Regularizer
To address this critical problem, we first investigate and find that the loss landscape of vanilla prompt tuning is precipitous when it is visualized, where a slight change of input data can cause a big fluctuation in the loss landscape.
Revisiting Personalized Federated Learning: Robustness Against Backdoor Attacks
We conduct the first study of backdoor attacks in the pFL framework, testing 4 widely used backdoor attacks against 6 pFL methods on benchmark datasets FEMNIST and CIFAR-10, a total of 600 experiments.
Boosting Accuracy and Robustness of Student Models via Adaptive Adversarial Distillation
Thus, recent studies concern about adversarial distillation (AD) that aims to inherit not only prediction accuracy but also adversarial robustness of a robust teacher model under the paradigm of robust optimization.
MSDT: Masked Language Model Scoring Defense in Text Domain
Such easily-downloaded language models from various websites empowered the public users as well as some major institutions to give a momentum to their real-life application.
Efficient Non-Parametric Optimizer Search for Diverse Tasks
Efficient and automated design of optimizers plays a crucial role in full-stack AutoML systems.
FedDM: Iterative Distribution Matching for Communication-Efficient Federated Learning
Federated learning~(FL) has recently attracted increasing attention from academia and industry, with the ultimate goal of achieving collaborative training under privacy and communication constraints.
A Review of Adversarial Attack and Defense for Classification Methods
Despite the efficiency and scalability of machine learning systems, recent studies have demonstrated that many classification methods, especially deep neural networks (DNNs), are vulnerable to adversarial examples; i. e., examples that are carefully crafted to fool a well-trained classification model while being indistinguishable from natural data to human.
RANK-NOSH: Efficient Predictor-Based Architecture Search via Non-Uniform Successive Halving
Predictor-based algorithms have achieved remarkable performance in the Neural Architecture Search (NAS) tasks.
Rethinking Architecture Selection in Differentiable NAS
Differentiable Neural Architecture Search is one of the most popular Neural Architecture Search (NAS) methods for its search efficiency and simplicity, accomplished by jointly optimizing the model weight and architecture parameters in a weight-sharing supernet via gradient-based algorithms.
Concurrent Adversarial Learning for Large-Batch Training
Current methods usually use extensive data augmentation to increase the batch size, but we found the performance gain with data augmentation decreases as batch size increases, and data augmentation will become insufficient after certain point.
Adversarial Masking: Towards Understanding Robustness Trade-off for Generalization
By incorporating different feature maps after the masking, we can distill better features to help model generalization.
Self-Progressing Robust Training
Enhancing model robustness under new and even adversarial environments is a crucial milestone toward building trustworthy machine learning systems.
Voting based ensemble improves robustness of defensive models
Several previous attempts tackled this problem by ensembling the soft-label prediction and have been proved vulnerable based on the latest attack methods.
Evaluating and Enhancing the Robustness of Neural Network-based Dependency Parsing Models with Adversarial Examples
Despite achieving prominent performance on many important tasks, it has been reported that neural networks are vulnerable to adversarial examples.
DrNAS: Dirichlet Neural Architecture Search
This paper proposes a novel differentiable architecture search method by formulating it into a distribution learning problem.
CAT: Customized Adversarial Training for Improved Robustness
Adversarial training has become one of the most effective methods for improving robustness of neural networks.
Enhancing Certifiable Robustness via a Deep Model Ensemble
We propose an algorithm to enhance certified robustness of a deep model ensemble by optimally weighting each base model.
SPROUT: Self-Progressing Robust Training
Enhancing model robustness under new and even adversarial environments is a crucial milestone toward building trustworthy and reliable machine learning systems.
Sign-OPT: A Query-Efficient Hard-label Adversarial Attack
We study the most practical problem setup for evaluating adversarial robustness of a machine learning system with limited access: the hard-label black-box attack setting for generating adversarial examples, where limited model queries are allowed and only the decision is provided to a queried data input.
Natural Adversarial Sentence Generation with Gradient-based Perturbation
This work proposes a novel algorithm to generate natural language adversarial input for text classification models, in order to investigate the robustness of these models.
On the Robustness of Self-Attentive Models
This work examines the robustness of self-attentive neural networks against adversarial input perturbations.
Evaluating and Enhancing the Robustness of Dialogue Systems: A Case Study on a Negotiation Agent
Moreover, we show that with the adversarial training, we are able to improve the robustness of negotiation agents by 1. 5 points on average against all our attacks.
Query-Efficient Hard-label Black-box Attack: An Optimization-based Approach
We study the problem of attacking machine learning models in the hard-label black-box setting, where no model information is revealed except that the attacker can make queries to probe the corresponding hard-label decisions.
Learning from Group Comparisons: Exploiting Higher Order Interactions
We study the problem of learning from group comparisons, with applications in predicting outcomes of sports and online games.
Attack Graph Convolutional Networks by Adding Fake Nodes
In this paper, we propose a new type of "fake node attacks" to attack GCNs by adding malicious fake nodes.
Query-Efficient Hard-label Black-box Attack:An Optimization-based Approach
We study the problem of attacking a machine learning model in the hard-label black-box setting, where no model information is revealed except that the attacker can make queries to probe the corresponding hard-label decisions.
Extreme Learning to Rank via Low Rank Assumption
We consider the setting where we wish to perform ranking for hundreds of thousands of users which is common in recommender systems and web search ranking.
Stochastic Zeroth-order Optimization via Variance Reduction method
However, due to the variance in the search direction, the convergence rates and query complexities of existing methods suffer from a factor of $d$, where $d$ is the problem dimension.
Seq2Sick: Evaluating the Robustness of Sequence-to-Sequence Models with Adversarial Examples
In this paper, we study the much more challenging problem of crafting adversarial examples for sequence-to-sequence (seq2seq) models, whose inputs are discrete text strings and outputs have an almost infinite number of possibilities.
Towards Robust Neural Networks via Random Self-ensemble
In this paper, we propose a new defense algorithm called Random Self-Ensemble (RSE) by combining two important concepts: {\bf randomness} and {\bf ensemble}.
