Florian Tramèr

research

∙ 06/05/2023

Evading Black-box Classifiers Without Breaking Eggs

Decision-based evasion attacks repeatedly query a black-box classifier t...

0 Edoardo Debenedetti, et al. ∙

research

∙ 02/27/2023

Randomness in ML Defenses Helps Persistent Attackers and Hinders Evaluators

It is becoming increasingly imperative to design robust ML defenses. How...

0 Keane Lucas, et al. ∙

research

∙ 02/20/2023

Poisoning Web-Scale Training Datasets is Practical

Deep learning models are often trained on distributed, webscale datasets...

0 Nicholas Carlini, et al. ∙

research

∙ 02/15/2023

Tight Auditing of Differentially Private Machine Learning

Auditing mechanisms for differential privacy use probabilistic means to ...

0 Milad Nasr, et al. ∙

research

∙ 01/30/2023

Extracting Training Data from Diffusion Models

Image diffusion models such as DALL-E 2, Imagen, and Stable Diffusion ha...

0 Nicholas Carlini, et al. ∙

research

∙ 12/13/2022

Considerations for Differentially Private Learning with Large-Scale Public Pretraining

The performance of differentially private machine learning can be booste...

0 Florian Tramèr, et al. ∙

research

∙ 10/31/2022

Preventing Verbatim Memorization in Language Models Gives a False Sense of Privacy

Studying data memorization in neural language models helps us understand...

0 Daphne Ippolito, et al. ∙

research

∙ 10/03/2022

Red-Teaming the Stable Diffusion Safety Filter

Stable Diffusion is a recent open-source image generation model comparab...

0 Javier Rando, et al. ∙

research

∙ 08/25/2022

SNAP: Efficient Extraction of Private Properties with Poisoning

Property inference attacks allow an adversary to extract global properti...

0 Harsh Chaudhari, et al. ∙

research

∙ 06/28/2022

Increasing Confidence in Adversarial Robustness Evaluations

Hundreds of defenses have been proposed to make deep neural networks rob...

0 Roland S. Zimmermann, et al. ∙

research

∙ 06/21/2022

The Privacy Onion Effect: Memorization is Relative

Machine learning models trained on private datasets have been shown to l...

0 Nicholas Carlini, et al. ∙

research

∙ 03/31/2022

Truth Serum: Poisoning Machine Learning Models to Reveal Their Secrets

We introduce a new class of attacks on machine learning models. We show ...

12 Florian Tramèr, et al. ∙

research

∙ 02/15/2022

Quantifying Memorization Across Neural Language Models

Large language models (LMs) have been shown to memorize parts of their t...

1 Nicholas Carlini, et al. ∙

research

∙ 02/11/2022

What Does it Mean for a Language Model to Preserve Privacy?

Natural language reflects our private lives and identities, making its p...

7 Hannah Brown, et al. ∙

research

∙ 12/24/2021

Counterfactual Memorization in Neural Language Models

Modern neural language models widely used in tasks across NLP risk memor...

25 Chiyuan Zhang, et al. ∙

research

∙ 10/12/2021

Large Language Models Can Be Strong Differentially Private Learners

Differentially Private (DP) learning has seen limited success for buildi...

0 Xuechen Li, et al. ∙

research

∙ 08/16/2021

NeuraCrypt is not private

NeuraCrypt (Yara et al. arXiv 2021) is an algorithm that converts a sens...

0 Nicholas Carlini, et al. ∙

research

∙ 07/24/2021

Detecting Adversarial Examples Is (Nearly) As Hard As Classifying Them

Making classifiers robust to adversarial examples is hard. Thus, many de...

0 Florian Tramèr, et al. ∙

research

∙ 06/28/2021

Data Poisoning Won't Save You From Facial Recognition

Data poisoning has been proposed as a compelling defense against facial ...

0 Evani Radiya-Dixit, et al. ∙

research

∙ 06/07/2021

Antipodes of Label Differential Privacy: PATE and ALIBI

We consider the privacy-preserving machine learning (ML) setting where t...

0 Mani Malek, et al. ∙

research

∙ 12/14/2020

Extracting Training Data from Large Language Models

It has become common to publish large (billion parameter) language model...

0 Nicholas Carlini, et al. ∙

research

∙ 11/23/2020

Differentially Private Learning Needs Better Features (or Much More Data)

We demonstrate that differentially private machine learning has not yet ...

0 Florian Tramèr, et al. ∙

research

∙ 07/28/2020

Label-Only Membership Inference Attacks

Membership inference attacks are one of the simplest forms of privacy le...

8 Christopher A. Choquette-Choo, et al. ∙

research

∙ 02/19/2020

On Adaptive Attacks to Adversarial Example Defenses

Adaptive attacks have (rightfully) become the de facto standard for eval...

9 Florian Tramèr, et al. ∙

research

∙ 02/11/2020

Fundamental Tradeoffs between Invariance and Sensitivity to Adversarial Perturbations

Adversarial examples are malicious inputs crafted to induce misclassific...

0 Florian Tramèr, et al. ∙

research

∙ 12/10/2019

Advances and Open Problems in Federated Learning

Federated learning (FL) is a machine learning setting where many clients...

33 Peter Kairouz, et al. ∙

research

∙ 12/04/2019

SquirRL: Automating Attack Discovery on Blockchain Incentive Mechanisms with Deep Reinforcement Learning

Incentive mechanisms are central to the functionality of permissionless ...

0 Charlie Hou, et al. ∙

research

∙ 04/30/2019

Adversarial Training and Robustness for Multiple Perturbations

Defenses against adversarial examples, such as adversarial training, are...

0 Florian Tramèr, et al. ∙

research

∙ 03/25/2019

Exploiting Excessive Invariance caused by Norm-Bounded Adversarial Robustness

Adversarial examples are malicious inputs crafted to cause a model to mi...

6 Jörn-Henrik Jacobsen, et al. ∙

research

∙ 12/02/2018

SentiNet: Detecting Physical Attacks Against Deep Learning Systems

SentiNet is a novel detection framework for physical attacks on neural n...

0 Edward Chou, et al. ∙

research

∙ 11/08/2018

Ad-versarial: Defeating Perceptual Ad-Blocking

Perceptual ad-blocking is a novel approach that uses visual cues to dete...

12 Florian Tramèr, et al. ∙

research

∙ 07/20/2018

Physical Adversarial Examples for Object Detectors

Deep neural networks (DNNs) are vulnerable to adversarial examples-malic...

2 Kevin Eykholt, et al. ∙

research

∙ 06/08/2018

Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware

As Machine Learning (ML) gets applied to security-critical or sensitive ...

0 Florian Tramèr, et al. ∙

research

∙ 12/21/2017

Note on Attacking Object Detectors with Adversarial Stickers

Deep learning has proven to be a powerful tool for computer vision and h...

0 Kevin Eykholt, et al. ∙

research

∙ 05/19/2017

Ensemble Adversarial Training: Attacks and Defenses

Machine learning models are vulnerable to adversarial examples, inputs m...

0 Florian Tramèr, et al. ∙

research

∙ 04/11/2017

The Space of Transferable Adversarial Examples

Adversarial examples are maliciously perturbed inputs designed to mislea...

0 Florian Tramèr, et al. ∙

research

∙ 09/09/2016

Stealing Machine Learning Models via Prediction APIs

Machine learning (ML) models may be deemed confidential due to their sen...

0 Florian Tramèr, et al. ∙

Florian Tramèr

Featured Co-authors