Theoretically Principled Trade-off for Stateful Defenses against Query-Based Black-Box Attacks

no code implementations • 30 Jul 2023 • Ashish Hooda, Neal Mangaokar, Ryan Feng, Kassem Fawaz, Somesh Jha, Atul Prakash

This work aims to address this gap by offering a theoretical characterization of the trade-off between detection and false positive rates for stateful defenses.

Stateful Defenses for Machine Learning Models Are Not Yet Secure Against Black-box Attacks

1 code implementation • 11 Mar 2023 • Ryan Feng, Ashish Hooda, Neal Mangaokar, Kassem Fawaz, Somesh Jha, Atul Prakash

Such stateful defenses aim to defend against black-box attacks by tracking the query history and detecting and rejecting queries that are "similar" and thus preventing black-box attacks from finding useful gradients and making progress towards finding adversarial attacks within a reasonable query budget.

Constraining the Attack Space of Machine Learning Models with Distribution Clamping Preprocessing

no code implementations • 18 May 2022 • Ryan Feng, Somesh Jha, Atul Prakash

Preprocessing and outlier detection techniques have both been applied to neural networks to increase robustness with varying degrees of success.

BIG-bench Machine Learning object-detection +2

Concept-based Explanations for Out-Of-Distribution Detectors

1 code implementation • 4 Mar 2022 • Jihye Choi, Jayaram Raghuram, Ryan Feng, Jiefeng Chen, Somesh Jha, Atul Prakash

Based on these metrics, we propose an unsupervised framework for learning a set of concepts that satisfy the desired properties of high detection completeness and concept separability, and demonstrate its effectiveness in providing concept-based explanations for diverse off-the-shelf OOD detectors.

Out of Distribution (OOD) Detection

D4: Detection of Adversarial Diffusion Deepfakes Using Disjoint Ensembles

no code implementations • 11 Feb 2022 • Ashish Hooda, Neal Mangaokar, Ryan Feng, Kassem Fawaz, Somesh Jha, Atul Prakash

D4 uses an ensemble of models over disjoint subsets of the frequency spectrum to significantly improve adversarial robustness.

Adversarial Robustness DeepFake Detection +1

Using Anomaly Feature Vectors for Detecting, Classifying and Warning of Outlier Adversarial Examples

no code implementations • ICML Workshop AML 2021 • Nelson Manohar-Alers, Ryan Feng, Sahib Singh, Jiguo Song, Atul Prakash

We present DeClaW, a system for detecting, classifying, and warning of adversarial inputs presented to a classification neural network.

Adversarial Attack Detection

Smart Black Box 2.0: Efficient High-bandwidth Driving Data Collection based on Video Anomalies

no code implementations • 3 Jan 2021 • Ryan Feng, Yu Yao, Ella Atkins

An updated SBB pipeline is proposed for the real-time capture of driving video data.

Action Detection Anomaly Detection +2

Content-Adaptive Pixel Discretization to Improve Model Robustness

no code implementations • 3 Dec 2020 • Ryan Feng, Wu-chi Feng, Atul Prakash

We first formally prove that adaptive codebooks can provide stronger robustness guarantees than fixed codebooks as a preprocessing defense on some datasets.

GRAPHITE: Generating Automatic Physical Examples for Machine-Learning Attacks on Computer Vision Systems

1 code implementation • 17 Feb 2020 • Ryan Feng, Neal Mangaokar, Jiefeng Chen, Earlence Fernandes, Somesh Jha, Atul Prakash

We address three key requirements for practical attacks for the real-world: 1) automatically constraining the size and shape of the attack so it can be applied with stickers, 2) transform-robustness, i. e., robustness of a attack to environmental physical variations such as viewpoint and lighting changes, and 3) supporting attacks in not only white-box, but also black-box hard-label scenarios, so that the adversary can attack proprietary models.

BIG-bench Machine Learning General Classification +1