Search Results for author:
Found 20 papers, 9 papers with code
LLM-Guided Multi-View Hypergraph Learning for Human-Centric Explainable Recommendation
As personalized recommendation systems become vital in the age of information overload, traditional methods relying solely on historical user interactions often fail to fully capture the multifaceted nature of human interests.
Certified Minimax Unlearning with Generalization Rates and Deletion Capacity
In addition, our rates of generalization and deletion capacity match the state-of-the-art rates derived previously for standard statistical learning models.
Towards Sample-specific Backdoor Attack with Clean Labels via Attribute Trigger
We argue that the intensity constraint of existing SSBAs is mostly because their trigger patterns are `content-irrelevant' and therefore act as `noises' for both humans and DNNs.
ERASER: Machine Unlearning in MLaaS via an Inference Serving-Aware Approach
However, despite their promising efficiency, almost all existing machine unlearning methods handle unlearning requests independently from inference requests, which unfortunately introduces a new security issue of inference service obsolescence and a privacy vulnerability of undesirable exposure for machine unlearning in MLaaS.
Pitfalls in Language Models for Code Intelligence: A Taxonomy and Survey
After carefully examining these studies, we designed a taxonomy of pitfalls in LM4Code research and conducted a systematic study to summarize the issues, implications, current solutions, and challenges of different pitfalls for LM4Code systems.
PoisonPrompt: Backdoor Attack on Prompt-based Large Language Models
Prompts have significantly improved the performance of pretrained Large Language Models (LLMs) on various downstream tasks recently, making them increasingly indispensable for a diverse range of LLM application scenarios.
SurrogatePrompt: Bypassing the Safety Filter of Text-To-Image Models via Substitution
Evaluation results disclose an 88% success rate in bypassing Midjourney's proprietary safety filter with our attack prompts, leading to the generation of counterfeit images depicting political figures in violent scenarios.
RemovalNet: DNN Fingerprint Removal Attacks
After our DNN fingerprint removal attack, the model distance between the target and surrogate models is x100 times higher than that of the baseline attacks, (2) the RemovalNet is efficient.
FINER: Enhancing State-of-the-art Classifiers with Feature Attribution to Facilitate Security Analysis
Although feature attribution (FA) methods can be used to explain deep learning, the underlying classifier is still blind to what behavior is suspicious, and the generated explanation cannot adapt to downstream tasks, incurring poor explanation fidelity and intelligibility.
Masked Diffusion Models Are Fast Distribution Learners
In the pre-training stage, we propose to mask a high proportion (e. g., up to 90\%) of input images to approximately represent the primer distribution and introduce a masked denoising score matching objective to train a model to denoise visible areas.
FDINet: Protecting against DNN Model Extraction via Feature Distortion Index
FDINET exhibits the capability to identify colluding adversaries with an accuracy exceeding 91%.
Quantifying and Defending against Privacy Threats on Federated Knowledge Graph Embedding
Knowledge Graph Embedding (KGE) is a fundamental technique that extracts expressive representation from knowledge graph (KG) to facilitate diverse downstream tasks.
MUter: Machine Unlearning on Adversarially Trained Models
However, existing methods focus exclusively on unlearning from standard training models and do not apply to adversarial training models (ATMs) despite their popularity as effective defenses against adversarial examples.
FedTracker: Furnishing Ownership Verification and Traceability for Federated Learning Model
To deter such misbehavior, it is essential to establish a mechanism for verifying the ownership of the model and as well tracing its origin to the leaker among the FL participants.
OpBoost: A Vertical Federated Tree Boosting Framework Based on Order-Preserving Desensitization
Although the solution based on Local Differential Privacy (LDP) addresses the above problems, it leads to the low accuracy of the trained model.
Vanilla Feature Distillation for Improving the Accuracy-Robustness Trade-Off in Adversarial Training
However, most existing works are still trapped in the dilemma between higher accuracy and stronger robustness since they tend to fit a model towards robust features (not easily tampered with by adversaries) while ignoring those non-robust but highly predictive features.
Backdoor Defense via Decoupling the Training Process
Recent studies have revealed that deep neural networks (DNNs) are vulnerable to backdoor attacks, where attackers embed hidden backdoors in the DNN model by poisoning a few training samples.
Feature Importance-aware Transferable Adversarial Attacks
More specifically, we obtain feature importance by introducing the aggregate gradient, which averages the gradients with respect to feature maps of the source model, computed on a batch of random transforms of the original clean image.
Learning-based Practical Smartphone Eavesdropping with Built-in Accelerometer
The second limitation comes from a common sense that these sensors can only pick up a narrow band (85-100Hz) of speech signals due to a sampling ceiling of 200Hz.
Towards Differentially Private Truth Discovery for Crowd Sensing Systems
To better utilize sensory data, the problem of truth discovery, whose goal is to estimate user quality and infer reliable aggregated results through quality-aware data aggregation, has emerged as a hot topic.
