Search Results for author:
Found 22 papers, 10 papers with code
JailbreakBench: An Open Robustness Benchmark for Jailbreaking Large Language Models
To address these challenges, we introduce JailbreakBench, an open-sourced benchmark with the following components: (1) an evolving repository of state-of-the-art adversarial prompts, which we refer to as jailbreak artifacts; (2) a jailbreaking dataset comprising 100 behaviors -- both original and sourced from prior work -- which align with OpenAI's usage policies; (3) a standardized evaluation framework that includes a clearly defined threat model, system prompts, chat templates, and scoring functions; and (4) a leaderboard that tracks the performance of attacks and defenses for various LLMs.
Finding needles in a haystack: A Black-Box Approach to Invisible Watermark Detection
In this paper, we propose WaterMark Detection (WMD), the first invisible watermark detection method under a black-box and annotation-free setting.
Scaling Compute Is Not All You Need for Adversarial Robustness
Finally, we make our benchmarking framework (built on top of \texttt{timm}~\citep{rw2019timm}) publicly available to facilitate future analysis in efficient robust deep learning.
MultiRobustBench: Benchmarking Robustness Against Multiple Attacks
Using our framework, we present the first leaderboard, MultiRobustBench, for benchmarking multiattack evaluation which captures performance across attack types and attack strengths.
Extracting Training Data from Diffusion Models
Image diffusion models such as DALL-E 2, Imagen, and Stable Diffusion have attracted significant attention due to their ability to generate high-quality synthetic images.
Uncovering Adversarial Risks of Test-Time Adaptation
Recently, test-time adaptation (TTA) has been proposed as a promising solution for addressing distribution shifts.
DP-RAFT: A Differentially Private Recipe for Accelerated Fine-Tuning
A major direction in differentially private machine learning is differentially private fine-tuning: pretraining a model on a source of "public data" and transferring the extracted features to downstream tasks.
A Light Recipe to Train Robust Vision Transformers
Additionally, investigating the reasons for the robustness of our models, we show that it is easier to generate strong attacks during training when using our recipe and that this leads to better robustness at test time.
Just Rotate it: Deploying Backdoor Attacks via Rotation Transformation
Our attack can be easily deployed in the real world since it only requires rotating the object, as we show in both image classification and object detection applications.
Understanding Robust Learning through the Lens of Representation Similarities
Representation learning, i. e. the generation of representations useful for downstream applications, is a task of fundamental importance that underlies much of the success of deep neural networks (DNNs).
Generating High Fidelity Data from Low-density Regions using Diffusion Models
We observe that uniform sampling from diffusion models predominantly samples from high-density regions of the data manifold.
Robust Learning Meets Generative Models: Can Proxy Distributions Improve Adversarial Robustness?
We circumvent this challenge by using additional data from proxy distributions learned by advanced generative models.
Lower Bounds on Cross-Entropy Loss in the Presence of Test-time Adversaries
In particular, it is critical to determine classifier-agnostic bounds on the training loss to establish when learning is possible.
SSD: A Unified Framework for Self-Supervised Outlier Detection
We demonstrate that SSD outperforms most existing detectors based on unlabeled data by a large margin.
RobustBench: a standardized adversarial robustness benchmark
As a research community, we are still lacking a systematic understanding of the progress on adversarial robustness which often makes it hard to identify the most promising ideas in training robust models.
Fast-Convergent Federated Learning
In this paper, we propose a fast-convergent federated learning algorithm, called FOLB, which performs intelligent sampling of devices in each round of model training to optimize the expected convergence speed.
A Critical Evaluation of Open-World Machine Learning
With our evaluation across 6 OOD detectors, we find that the choice of in-distribution data, model architecture and OOD data have a strong impact on OOD detection performance, inducing false positive rates in excess of $70\%$.
BIG-bench Machine Learning
Out of Distribution (OOD) Detection
Time for a Background Check! Uncovering the impact of Background Features on Deep Neural Networks
With increasing expressive power, deep neural networks have significantly improved the state-of-the-art on image classification datasets, such as ImageNet.
PatchGuard: A Provably Robust Defense against Adversarial Patches via Small Receptive Fields and Masking
In this paper, we propose a general defense framework called PatchGuard that can achieve high provable robustness while maintaining high clean accuracy against localized adversarial patches.
HYDRA: Pruning Adversarially Robust Neural Networks
We demonstrate that our approach, titled HYDRA, achieves compressed networks with state-of-the-art benign and robust accuracy, simultaneously.
Towards Compact and Robust Deep Neural Networks
In this work, we rigorously study the extension of network pruning strategies to preserve both benign accuracy and robustness of a network.
Better the Devil you Know: An Analysis of Evasion Attacks using Out-of-Distribution Adversarial Examples
A large body of recent work has investigated the phenomenon of evasion attacks using adversarial examples for deep learning systems, where the addition of norm-bounded perturbations to the test inputs leads to incorrect output classification.
