Search Results for author:
Found 31 papers, 17 papers with code
SoK: Unintended Interactions among Machine Learning Defenses and Risks
We survey existing literature on unintended interactions, accommodating them within our framework.
Attesting Distributional Properties of Training Data for Machine Learning
The success of machine learning (ML) has been accompanied by increased concerns about its trustworthiness.
FLARE: Fingerprinting Deep Reinforcement Learning Agents using Universal Adversarial Masks
We first show that it is possible to find non-transferable, universal adversarial masks, i. e., perturbations, to generate adversarial examples that can successfully transfer from a victim policy to its modified versions but not to independently trained policies.
GrOVe: Ownership Verification of Graph Neural Networks using Embeddings
In non-graph settings, fingerprinting models, or the data used to build them, have shown to be a promising approach toward ownership verification.
False Claims against Model Ownership Resolution
Our core idea is that a malicious accuser can deviate (without detection) from the specified MOR process by finding (transferable) adversarial examples that successfully serve as evidence against independent suspect models.
On the Robustness of Dataset Inference
However, in a subspace of the same setting, we prove that DI suffers from high false positives (FPs) -- it can incorrectly identify an independent model trained with non-overlapping data from the same distribution as stolen.
Conflicting Interactions Among Protection Mechanisms for Machine Learning Models
We then focus on systematically analyzing pairwise interactions between protection mechanisms for one concern, model and data ownership verification, with two other classes of ML protection mechanisms: differentially private training, and robustness against model evasion.
On the Effectiveness of Dataset Watermarking in Adversarial Settings
We show that radioactive data can effectively survive model extraction attacks, which raises the possibility that it can be used for ML model ownership verification robust against model extraction.
Do Transformers know symbolic rules, and would we know if they did?
To facilitate this, we experiment on four sequence modelling tasks on the T5 Transformer in two experiment settings: zero-shot generalization, and generalization across class-specific vocabularies flipped between the training and test set.
SHAPr: An Efficient and Versatile Membership Privacy Risk Metric for Machine Learning
Using ten benchmark datasets, we show that SHAPr is indeed effective in estimating susceptibility of training data records to MIAs.
Real-time Adversarial Perturbations against Deep Reinforcement Learning Policies: Attacks and Defenses
Via an extensive evaluation using three Atari 2600 games, we show that our attacks are effective, as they fully degrade the performance of three different DRL agents (up to 100%, even when the $l_\infty$ bound on the perturbation is as small as 0. 01).
Good Artists Copy, Great Artists Steal: Model Extraction Attacks Against Image Translation Models
We present a framework for conducting such attacks, and show that an adversary can successfully extract functional surrogate models by querying $F_V$ using data from the same domain as the training data for $F_V$.
A little goes a long way: Improving toxic language classification despite data scarcity
Detection of some types of toxic language is hampered by extreme scarcity of labeled training data.
WAFFLE: Watermarking in Federated Learning
In this paper, we present WAFFLE, the first approach to watermark DNN models trained using federated learning.
Extraction of Complex DNN Models: Real Threat or Boogeyman?
However, model extraction attacks can steal the functionality of ML models using the information leaked to clients through the results returned via the API.
Making targeted black-box evasion attacks effective and efficient
We investigate how an adversary can optimally use its query budget for targeted evasion attacks against deep neural networks in a black-box setting.
DAWN: Dynamic Adversarial Watermarking of Neural Networks
Existing watermarking schemes are ineffective against IP theft via model extraction since it is the adversary who trains the surrogate model.
Effective writing style imitation via combinatorial paraphrasing
Finally, we highlight a critical problem that afflicts all current style transfer techniques: the adversary can use the same technique for thwarting style transfer via adversarial training.
PACStack: an Authenticated Call Stack
Software shadow stacks incur high overheads or trade off security for efficiency.
Cryptography and Security
Text Analysis in Adversarial Settings: Does Deception Leave a Stylistic Trace?
Textual deception constitutes a major problem for online security.
S-FaaS: Trustworthy and Accountable Function-as-a-Service using Intel SGX
A core contribution of S-FaaS is our set of resource measurement mechanisms that securely measure compute time inside an enclave, and actual memory allocations.
Cryptography and Security
All You Need is "Love": Evading Hate-speech Detection
With the spread of social networks and their unfortunate use for hate speech, automatic detection of the latter has become a pressing problem.
Stay On-Topic: Generating Context-specific Fake Restaurant Reviews
Automatically generated fake restaurant reviews are a threat to online review systems.
PRADA: Protecting against DNN Model Stealing Attacks
Access to the model can be restricted to be only via well-defined prediction APIs.
Cryptography and Security
Keys in the Clouds: Auditable Multi-device Access to Cryptographic Credentials
Personal cryptographic keys are the foundation of many secure services, but storing these keys securely is a challenge, especially if they are used from multiple devices.
Cryptography and Security
DIoT: A Self-learning System for Detecting Compromised IoT Devices
Consequently, DIoT can cope with the emergence of new device types as well as new attacks.
Cryptography and Security
Towards Linux Kernel Memory Safety
The security of billions of devices worldwide depends on the security and robustness of the mainline Linux kernel.
Cryptography and Security Operating Systems
IoT Sentinel: Automated Device-Type Identification for Security Enforcement in IoT
In this paper, we present IOT SENTINEL, a system capable of automatically identifying the types of devices being connected to an IoT network and enabling enforcement of rules for constraining the communications of vulnerable devices so as to minimize damage resulting from their compromise.
Cryptography and Security
C-FLAT: Control-FLow ATtestation for Embedded Systems Software
Remote attestation is a crucial security service particularly relevant to increasingly popular IoT (and other embedded) devices.
Cryptography and Security
Sensor-based Proximity Detection in the Face of Active Adversaries
Contextual proximity detection (or, co-presence detection) is a promising approach to defend against relay attacks in many mobile authentication systems.
Cryptography and Security
Practical Attacks Against Privacy and Availability in 4G/LTE Mobile Communication Systems
We carefully analyzed LTE access network protocol specifications and uncovered several vulnerabilities.
Cryptography and Security
