Search Results for author:
Found 54 papers, 29 papers with code
RigorLLM: Resilient Guardrails for Large Language Models against Undesired Content
The innovative use of constrained optimization and a fusion-based guardrail approach represents a significant step forward in developing more secure and reliable LLMs, setting a new standard for content moderation frameworks in the face of evolving digital threats.
Benchmarking Zero-Shot Robustness of Multimodal Foundation Models: A Pilot Study
We show that CLIP leads to a significant robustness drop compared to supervised ImageNet models on our benchmark, especially under synthetic distribution shift and adversarial attacks.
A Safe Harbor for AI Evaluation and Red Teaming
Independent evaluation and red teaming are critical for identifying the risks posed by generative AI systems.
The Mirrored Influence Hypothesis: Efficient Data Influence Estimation by Harnessing Forward Passes
Inspired by this, we introduce a new method for estimating the influence of training data, which requires calculating gradients for specific test samples, paired with a forward pass for each training point.
Efficient Data Shapley for Weighted Nearest Neighbor Algorithms
This work aims to address an open problem in data valuation literature concerning the efficient computation of Data Shapley for weighted $K$ nearest neighbor algorithm (WKNN-Shapley).
How Johnny Can Persuade LLMs to Jailbreak Them: Rethinking Persuasion to Challenge AI Safety by Humanizing LLMs
This paper introduces a new perspective to jailbreak LLMs as human-like communicators, to explore this overlooked intersection between everyday language interaction and AI safety.
Data Acquisition: A New Frontier in Data-centric AI
As Machine Learning (ML) systems continue to grow, the demand for relevant and comprehensive datasets becomes imperative.
Learning to Rank for Active Learning via Multi-Task Bilevel Optimization
To address these limitations, we propose a novel approach for active learning, which aims to select batches of unlabeled instances through a learned surrogate model for data acquisition.
Fine-tuning Aligned Language Models Compromises Safety, Even When Users Do Not Intend To!
Optimizing large language models (LLMs) for downstream use cases often involves the customization of pre-trained LLMs through further fine-tuning.
Practical Membership Inference Attacks Against Large-Scale Multi-Modal Models: A Pilot Study
Furthermore, our enhanced attacks outperform the baseline across multiple models and datasets, with the weakly supervised attack demonstrating an average-case performance improvement of $17\%$ and being at least $7$X more effective at low false-positive rates.
Threshold KNN-Shapley: A Linear-Time and Privacy-Friendly Approach to Data Valuation
Data valuation aims to quantify the usefulness of individual data sources in training machine learning (ML) models, and is a critical aspect of data-centric ML research.
Algorithm of Thoughts: Enhancing Exploration of Ideas in Large Language Models
Current literature, aiming to surpass the "Chain-of-Thought" approach, often resorts to an external modus operandi involving halting, modifying, and then resuming the generation process to boost Large Language Models' (LLMs) reasoning capacities.
2D-Shapley: A Framework for Fragmented Data Valuation
Data valuation -- quantifying the contribution of individual data sources to certain predictive behaviors of a model -- is of great importance to enhancing the transparency of machine learning and designing incentive systems for data sharing.
Revisiting Data-Free Knowledge Distillation with Poisoned Teachers
Data-free knowledge distillation (KD) helps transfer knowledge from a pre-trained model (known as the teacher model) to a smaller model (known as the student model) without access to the original training data used for training the teacher model.
Backdoor Defense for Data-Free Distillation with Poisoned Teachers
Data-free Knowledge Distillation
LAVA: Data Valuation without Pre-Specified Learning Algorithms
(1) We develop a proxy for the validation performance associated with a training set based on a non-conventional class-wise Wasserstein distance between training and validation sets.
A Randomized Approach for Tight Privacy Accounting
In this paper, we propose a new differential privacy paradigm called estimate-verify-release (EVR), which addresses the challenges of providing a strict upper bound for privacy parameter in DP compositions by converting an estimate of privacy parameter into a formal guarantee.
A Note on "Efficient Task-Specific Data Valuation for Nearest Neighbor Algorithms"
In this note, we revisit the work of Jia et al. (2019) and propose a more natural and interpretable utility function that better reflects the performance of KNN models.
ASSET: Robust Backdoor Data Detection Across a Multiplicity of Deep Learning Paradigms
However, we lack a thorough understanding of the applicability of existing detection methods across a variety of learning settings.
A Note on "Towards Efficient Data Valuation Based on the Shapley Value''
Our analysis and insights contribute to a better understanding of the challenges in developing efficient SV estimation algorithms for data valuation.
On Solution Functions of Optimization: Universal Approximation and Covering Number Bounds
We study the expressibility and learnability of convex optimization solution functions and their multi-layer architectural extension.
Variance reduced Shapley value estimation for trustworthy data valuation
Data valuation, especially quantifying data value in algorithmic prediction and decision-making, is a fundamental problem in data trading scenarios.
How to Sift Out a Clean Data Subset in the Presence of Data Poisoning?
Most poisoning defenses presume access to a set of clean data (or base set).
Renyi Differential Privacy of Propose-Test-Release and Applications to Private and Robust Machine Learning
As an application of our analysis, we show that PTR and our theoretical results can be used to design differentially private variants for byzantine robust training algorithms that use robust statistics for gradients aggregation.
Turning a Curse into a Blessing: Enabling In-Distribution-Data-Free Backdoor Removal via Stabilized Model Inversion
Our work is the first to provide a thorough understanding of leveraging model inversion for effective backdoor removal by addressing key questions about reconstructed samples' properties, perceptual similarity, and the potential presence of backdoor triggers.
Data Banzhaf: A Robust Data Valuation Framework for Machine Learning
To address this challenge, we introduce the concept of safety margin, which measures the robustness of a data value notion.
Just Fine-tune Twice: Selective Differential Privacy for Large Language Models
Utilizing the fact that sensitive information in language data tends to be sparse, Shi et al. (2021) formalized a DP notion extension called Selective Differential Privacy (SDP) to protect only the sensitive tokens defined by a policy function.
Narcissus: A Practical Clean-Label Backdoor Attack with Limited Information
With poisoning equal to or less than 0. 5% of the target-class data and 0. 05% of the training set, we can train a model to classify test examples from arbitrary classes into the target class when the examples are patched with a backdoor trigger.
Ranked #1 on
Clean-label Backdoor Attack (0.05%)
on Tiny ImageNet
Label-Only Model Inversion Attacks via Boundary Repulsion
In this paper, we introduce an algorithm, Boundary-Repelling Model Inversion (BREP-MI), to invert private training data using only the target model's predicted labels.
ModelPred: A Framework for Predicting Trained Model from Training Data
In this work, we propose ModelPred, a framework that helps to understand the impact of changes in training data on a trained model.
Adversarial Unlearning of Backdoors via Implicit Hypergradient
Particularly, its performance is more robust to the variation on triggers, attack settings, poison ratio, and clean data size.
Towards General Robustness to Bad Training Data
In this paper, we focus on the problem of identifying bad training data when the underlying cause is unknown in advance.
Selective Differential Privacy for Language Modeling
Given that the private information in natural language is sparse (for example, the bulk of an email might not carry personally identifiable information), we propose a new privacy notion, selective differential privacy, to provide rigorous privacy guarantees on the sensitive portion of the data to improve model utility.
Zero-Round Active Learning
Our algorithm does not rely on any feedback from annotators in the target domain and hence, can be used to perform zero-round active learning or warm-start existing multi-round active learning strategies.
Improving Cooperative Game Theory-based Data Valuation via Data Utility Learning
The Shapley value (SV) and Least core (LC) are classic methods in cooperative game theory for cost/profit sharing problems.
A Unified Framework for Task-Driven Data Quality Management
High-quality data is critical to train performant Machine Learning (ML) models, highlighting the importance of Data Quality Management (DQM).
One-Round Active Learning
In this work, we initiate the study of one-round active learning, which aims to select a subset of unlabeled data points that achieve the highest model performance after being labeled with only the information from initially labeled data points.
Rethinking the Backdoor Attacks' Triggers: A Frequency Perspective
Acknowledging previous attacks' weaknesses, we propose a practical way to create smooth backdoor triggers without high-frequency artifacts and study their detectability.
DPlis: Boosting Utility of Differentially Private Deep Learning via Randomized Smoothing
Deep learning techniques have achieved remarkable performance in wide-ranging tasks.
D2p-fed:Differentially Private Federated Learning with Efficient Communication
We provide complete analysis of the privacy guarantee, communication cost and convergence rate of D2p-fed.
Knowledge-Enriched Distributional Model Inversion Attacks
We present a novel inversion-specific GAN that can better distill knowledge useful for performing attacks on private models from public data.
InfoBERT: Improving Robustness of Language Models from An Information Theoretic Perspective
Large-scale language models such as BERT have achieved state-of-the-art performance across a wide range of NLP tasks.
Ranked #3 on
Natural Language Inference
on ANLI test
(using extra training data)
A Principled Approach to Data Valuation for Federated Learning
The federated SV preserves the desirable properties of the canonical SV while it can be calculated without incurring extra communication cost and is also able to capture the effect of participation order on data value.
Improving Robustness to Model Inversion Attacks via Mutual Information Regularization
This paper studies defense mechanisms against model inversion (MI) attacks -- a type of privacy attacks aimed at inferring information about the training data distribution given the access to a target machine learning model.
D2P-Fed: Differentially Private Federated Learning With Efficient Communication
In this paper, we propose the discrete Gaussian based differentially private federated learning (D2P-Fed), a unified scheme to achieve both differential privacy (DP) and communication efficiency in federated learning (FL).
The Secret Revealer: Generative Model-Inversion Attacks Against Deep Neural Networks
This paper studies model-inversion attacks, in which the access to a model is abused to infer information about the training data.
REFIT: A Unified Watermark Removal Framework For Deep Learning Systems With Limited Data
The experimental results demonstrate that our fine-tuning based watermark removal attacks could pose real threats to the copyright of pre-trained models, and thus highlight the importance of further investigating the watermarking problem and proposing more robust watermark embedding schemes against the attacks.
Scalability vs. Utility: Do We Have to Sacrifice One for the Other in Data Importance Quantification?
Quantifying the importance of each training point to a learning task is a fundamental problem in machine learning and the estimated importance scores have been leveraged to guide a range of data workflows such as data summarization and domain adaption.
Robust Anomaly Detection and Backdoor Attack Detection Via Differential Privacy
In this paper, we demonstrate that applying differential privacy can improve the utility of outlier detection and novelty detection, with an extension to detect poisoning samples in backdoor attacks.
An Empirical and Comparative Analysis of Data Valuation with Scalable Algorithms
Existing approximation algorithms, although achieving great improvement over the exact algorithm, relies on retraining models for multiple times, thus remaining limited when applied to larger-scale learning tasks and real-world datasets.
Efficient Task-Specific Data Valuation for Nearest Neighbor Algorithms
The most surprising result is that for unweighted $K$NN classifiers and regressors, the Shapley value of all $N$ data points can be computed, exactly, in $O(N\log N)$ time -- an exponential improvement on computational complexity!
Towards Efficient Data Valuation Based on the Shapley Value
In this paper, we study the problem of data valuation by utilizing the Shapley value, a popular notion of value which originated in cooperative game theory.
One Bit Matters: Understanding Adversarial Examples as the Abuse of Redundancy
Despite the great success achieved in machine learning (ML), adversarial examples have caused concerns with regards to its trustworthiness: A small perturbation of an input results in an arbitrary failure of an otherwise seemingly well-trained ML model.
The Helmholtz Method: Using Perceptual Compression to Reduce Machine Learning Complexity
This paper proposes a fundamental answer to a frequently asked question in multimedia computing and machine learning: Do artifacts from perceptual compression contribute to error in the machine learning process and if so, how much?
Environmental Sensing by Wearable Device for Indoor Activity and Location Estimation
We present results from a set of experiments in this pilot study to investigate the causal influence of user activity on various environmental parameters monitored by occupant carried multi-purpose sensors.
