Search Results for author:
Found 17 papers, 10 papers with code
Jatmo: Prompt Injection Defense by Task-Specific Finetuning
Jatmo only needs a task prompt and a dataset of inputs for the task: it uses the teacher model to generate outputs.
Can LLMs Follow Simple Rules?
As Large Language Models (LLMs) are deployed with increasing real-world responsibilities, it is important to be able to specify and constrain the behavior of these systems in a reliable manner.
Investigating Catastrophic Overfitting in Fast Adversarial Training: A Self-fitting Perspective
Based on self-fitting, we provide new insights into the existing methods to mitigate CO and extend CO to multi-step adversarial training.
Self-Ensemble Protection: Training Checkpoints Are Good Data Protectors
In this paper, we uncover them by model checkpoints' gradients, forming the proposed self-ensemble protection (SEP), which is very effective because (1) learning on examples ignored during normal training tends to yield DNNs ignoring normal examples; (2) checkpoints' cross-model gradients are close to orthogonal, meaning that they are as diverse as DNNs with different architectures.
Unifying Gradients to Improve Real-world Robustness for Deep Networks
The wide application of deep neural networks (DNNs) demands an increasing amount of attention to their real-world robustness, i. e., whether a DNN resists black-box adversarial attacks, among which score-based query attacks (SQAs) are most threatening since they can effectively hurt a victim network with the only access to model outputs.
One-Pixel Shortcut: on the Learning Preference of Deep Neural Networks
Based on OPS, we introduce an unlearnable dataset called CIFAR-10-S, which is indistinguishable from CIFAR-10 by humans but induces the trained model to extremely low accuracy.
Adversarial Attack on Attackers: Post-Process to Mitigate Black-Box Score-Based Query Attacks
The score-based query attacks (SQAs) pose practical threats to deep neural networks by crafting adversarial perturbations within dozens of queries, only using the model's output scores.
Subspace Adversarial Training
Single-step adversarial training (AT) has received wide attention as it proved to be both efficient and robust.
Dominant Patterns: Critical Features Hidden in Deep Neural Networks
As the name suggests, for a natural image, if we add the dominant pattern of a DNN to it, the output of this DNN is determined by the dominant pattern instead of the original image, i. e., DNN's prediction is the same with the dominant pattern's.
Query Attack by Multi-Identity Surrogates
Deep Neural Networks (DNNs) are acknowledged as vulnerable to adversarial attacks, while the existing black-box attacks require extensive queries on the victim DNN to achieve high success rates.
Measuring the Transferability of $\ell_\infty$ Attacks by the $\ell_2$ Norm
Deep neural networks could be fooled by adversarial examples with trivial differences to original samples.
Relevance Attack on Detectors
This paper focuses on high-transferable adversarial attacks on detectors, which are hard to attack in a black-box manner, because of their multiple-output characteristics and the diversity across architectures.
Double Backpropagation for Training Autoencoders against Adversarial Attack
We restrict the gradient from the reconstruction image to the original one so that the autoencoder is not sensitive to trivial perturbation produced by the adversarial attack.
Type I Attack for Generative Models
To implement the Type I attack, we destroy the original one by increasing the distance in input space while keeping the output similar because different inputs may correspond to similar features for the property of deep neural network.
HRFA: High-Resolution Feature-based Attack
Adversarial attacks have long been developed for revealing the vulnerability of Deep Neural Networks (DNNs) by adding imperceptible perturbations to the input.
Universal Adversarial Attack on Attention and the Resulting Dataset DAmageNet
AoA enjoys a significant increase in transferability when the traditional cross entropy loss is replaced with the attention loss.
DAmageNet: A Universal Adversarial Dataset
Adversarial samples are similar to the clean ones, but are able to cheat the attacked DNN to produce incorrect predictions in high confidence.
