1 code implementation • ICML 2020 • Pratyush Maini, Eric Wong, Zico Kolter
Owing to the susceptibility of deep learning systems to adversarial attacks, there has been a great deal of work in developing (both empirically and certifiably) robust classifiers.
no code implementations • 23 Apr 2024 • Avi Schwarzschild, Zhili Feng, Pratyush Maini, Zachary C. Lipton, J. Zico Kolter
We outline the limitations of existing notions of memorization and show how the ACR overcomes these challenges by (i) offering an adversarial view to measuring memorization, especially for monitoring unlearning and compliance; and (ii) allowing for the flexibility to measure memorization for arbitrary strings at a reasonably low compute.
2 code implementations • 10 Apr 2024 • Sachin Goyal, Pratyush Maini, Zachary C. Lipton, aditi raghunathan, J. Zico Kolter
Vision-language models (VLMs) are trained for thousands of GPU hours on carefully curated web datasets.
no code implementations • 29 Jan 2024 • Pratyush Maini, Skyler Seto, He Bai, David Grangier, Yizhe Zhang, Navdeep Jaitly
Large language models are trained on massive scrapes of the web, which are often unstructured, noisy, and poorly phrased.
no code implementations • 11 Jan 2024 • Pratyush Maini, Zhili Feng, Avi Schwarzschild, Zachary C. Lipton, J. Zico Kolter
Large language models trained on massive corpora of data from the web can memorize and reproduce sensitive or private data raising both legal and ethical concerns.
1 code implementation • 18 Jul 2023 • Pratyush Maini, Michael C. Mozer, Hanie Sedghi, Zachary C. Lipton, J. Zico Kolter, Chiyuan Zhang
Recent efforts at explaining the interplay of memorization and generalization in deep overparametrized networks have posited that neural networks $\textit{memorize}$ "hard" examples in the final few layers of the model.
1 code implementation • 6 Jul 2023 • Pratyush Maini, Sachin Goyal, Zachary C. Lipton, J. Zico Kolter, aditi raghunathan
However, naively removing all such data could also be wasteful, as it throws away images that contain visual features (in addition to overlapping text).
1 code implementation • 13 Mar 2023 • Mrigank Raman, Pratyush Maini, J. Zico Kolter, Zachary C. Lipton, Danish Pruthi
Across 5 NLP datasets, 4 adversarial attacks, and 3 different models, MVP improves performance against adversarial substitutions by an average of 8% over standard methods and even outperforms adversarial training-based state-of-art defenses by 3. 5%.
1 code implementation • 26 Oct 2022 • Pratyush Maini, Saurabh Garg, Zachary C. Lipton, J. Zico Kolter
Popular metrics derived from these dynamics include (i) the epoch at which examples are first correctly classified; (ii) the number of times their predictions flip during training; and (iii) whether their prediction flips if they are held out.
1 code implementation • ICLR 2021 • Pratyush Maini, Mohammad Yaghini, Nicolas Papernot
We thus introduce $dataset$ $inference$, the process of identifying whether a suspected model copy has private knowledge from the original model's dataset, as a defense against model stealing.
no code implementations • 1 Jan 2021 • Pratyush Maini, Xinyun Chen, Bo Li, Dawn Song
In addition, we demonstrate the realization of this trade-off in deep networks by adding random noise to the model input at test time, enabling enhanced robustness against strong adaptive attacks.
2 code implementations • CVPR 2021 • Jean-Baptiste Truong, Pratyush Maini, Robert J. Walls, Nicolas Papernot
Current model extraction attacks assume that the adversary has access to a surrogate dataset with characteristics similar to the proprietary data used to train the victim model.
1 code implementation • Findings of the Association for Computational Linguistics 2020 • Pratyush Maini, Keshav Kolluru, Danish Pruthi, Mausam
We find that pooling-based architectures substantially differ from their non-pooling equivalents in their learning ability and positional biases--which elucidate their performance benefits.
1 code implementation • 9 Sep 2019 • Pratyush Maini, Eric Wong, J. Zico Kolter
Owing to the susceptibility of deep learning systems to adversarial attacks, there has been a great deal of work in developing (both empirically and certifiably) robust classifiers.