research
∙
09/11/2023
Privacy Side Channels in Machine Learning Systems
Most current approaches for protecting privacy in machine learning (ML) ...
share
research
∙
07/27/2023
Backdoor Attacks for In-Context Learning with Language Models
Because state-of-the-art language models are expensive to train, most pr...
research
∙
06/26/2023
Are aligned neural networks adversarially aligned?
Large language models are now tuned to align with the goals of their cre...
research
∙
06/16/2023
Evaluating Superhuman Models with Consistency Checks
If machine learning models were to achieve superhuman abilities at vario...
research
∙
06/05/2023
Evading Black-box Classifiers Without Breaking Eggs
Decision-based evasion attacks repeatedly query a black-box classifier t...
research
∙
02/27/2023
Randomness in ML Defenses Helps Persistent Attackers and Hinders Evaluators
It is becoming increasingly imperative to design robust ML defenses. How...
research
∙
02/20/2023
Poisoning Web-Scale Training Datasets is Practical
Deep learning models are often trained on distributed, webscale datasets...
research
∙
02/15/2023
Tight Auditing of Differentially Private Machine Learning
Auditing mechanisms for differential privacy use probabilistic means to ...
research
∙
01/30/2023
Extracting Training Data from Diffusion Models
Image diffusion models such as DALL-E 2, Imagen, and Stable Diffusion ha...
research
∙
12/13/2022
Considerations for Differentially Private Learning with Large-Scale Public Pretraining
The performance of differentially private machine learning can be booste...
research
∙
10/31/2022
Preventing Verbatim Memorization in Language Models Gives a False Sense of Privacy
Studying data memorization in neural language models helps us understand...
research
∙
10/03/2022
Red-Teaming the Stable Diffusion Safety Filter
Stable Diffusion is a recent open-source image generation model comparab...
research
∙
08/25/2022
SNAP: Efficient Extraction of Private Properties with Poisoning
Property inference attacks allow an adversary to extract global properti...
research
∙
06/28/2022
Increasing Confidence in Adversarial Robustness Evaluations
Hundreds of defenses have been proposed to make deep neural networks rob...
research
∙
06/21/2022
The Privacy Onion Effect: Memorization is Relative
Machine learning models trained on private datasets have been shown to l...
research
∙
03/31/2022
Truth Serum: Poisoning Machine Learning Models to Reveal Their Secrets
We introduce a new class of attacks on machine learning models. We show ...
research
∙
02/15/2022
Quantifying Memorization Across Neural Language Models
Large language models (LMs) have been shown to memorize parts of their t...
research
∙
02/11/2022
What Does it Mean for a Language Model to Preserve Privacy?
Natural language reflects our private lives and identities, making its p...
research
∙
12/24/2021
Counterfactual Memorization in Neural Language Models
Modern neural language models widely used in tasks across NLP risk memor...
research
∙
10/12/2021
Large Language Models Can Be Strong Differentially Private Learners
Differentially Private (DP) learning has seen limited success for buildi...
research
∙
08/16/2021
NeuraCrypt is not private
NeuraCrypt (Yara et al. arXiv 2021) is an algorithm that converts a sens...
research
∙
07/24/2021
Detecting Adversarial Examples Is (Nearly) As Hard As Classifying Them
Making classifiers robust to adversarial examples is hard. Thus, many de...
research
∙
06/28/2021
Data Poisoning Won't Save You From Facial Recognition
Data poisoning has been proposed as a compelling defense against facial ...
research
∙
06/07/2021
Antipodes of Label Differential Privacy: PATE and ALIBI
We consider the privacy-preserving machine learning (ML) setting where t...
research
∙
12/14/2020
Extracting Training Data from Large Language Models
It has become common to publish large (billion parameter) language model...
research
∙
11/23/2020
Differentially Private Learning Needs Better Features (or Much More Data)
We demonstrate that differentially private machine learning has not yet ...
research
∙
07/28/2020
Label-Only Membership Inference Attacks
Membership inference attacks are one of the simplest forms of privacy le...
research
∙
02/19/2020
On Adaptive Attacks to Adversarial Example Defenses
Adaptive attacks have (rightfully) become the de facto standard for eval...
research
∙
02/11/2020
Fundamental Tradeoffs between Invariance and Sensitivity to Adversarial Perturbations
Adversarial examples are malicious inputs crafted to induce misclassific...
research
∙
12/10/2019
Advances and Open Problems in Federated Learning
Federated learning (FL) is a machine learning setting where many clients...
research
∙
12/04/2019
SquirRL: Automating Attack Discovery on Blockchain Incentive Mechanisms with Deep Reinforcement Learning
Incentive mechanisms are central to the functionality of permissionless ...
research
∙
04/30/2019
Adversarial Training and Robustness for Multiple Perturbations
Defenses against adversarial examples, such as adversarial training, are...
research
∙
03/25/2019
Exploiting Excessive Invariance caused by Norm-Bounded Adversarial Robustness
Adversarial examples are malicious inputs crafted to cause a model to mi...
research
∙
12/02/2018
SentiNet: Detecting Physical Attacks Against Deep Learning Systems
SentiNet is a novel detection framework for physical attacks on neural n...
research
∙
11/08/2018
Ad-versarial: Defeating Perceptual Ad-Blocking
Perceptual ad-blocking is a novel approach that uses visual cues to dete...
research
∙
07/20/2018
Physical Adversarial Examples for Object Detectors
Deep neural networks (DNNs) are vulnerable to adversarial examples-malic...
research
∙
06/08/2018
Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware
As Machine Learning (ML) gets applied to security-critical or sensitive ...
research
∙
12/21/2017
Note on Attacking Object Detectors with Adversarial Stickers
Deep learning has proven to be a powerful tool for computer vision and h...
research
∙
05/19/2017
Ensemble Adversarial Training: Attacks and Defenses
Machine learning models are vulnerable to adversarial examples, inputs m...
research
∙
04/11/2017
The Space of Transferable Adversarial Examples
Adversarial examples are maliciously perturbed inputs designed to mislea...
research
∙
09/09/2016