2025
Adversarial ML Problems Are Getting Harder to Solve and to Evaluate.
CoRR, February, 2025
Exploring and Mitigating Adversarial Manipulation of Voting-Based Leaderboards.
,
,
,
,
,
,
,
,
,
,
,
,
CoRR, January, 2025
2024
Polynomial Time Cryptanalytic Extraction of Deep Neural Networks in the Hard-Label Setting.
IACR Cryptol. ePrint Arch., 2024
On Evaluating the Durability of Safeguards for Open-Weight LLMs.
CoRR, 2024
SoK: Watermarking for AI-Generated Content.
,
,
,
,
,
,
,
,
,
,
,
,
,
CoRR, 2024
Gradient Masking All-at-Once: Ensemble Everything Everywhere Is Not Robust.
CoRR, 2024
Measuring Non-Adversarial Reproduction of Training Data in Large Language Models.
CoRR, 2024
Stealing User Prompts from Mixture of Experts.
CoRR, 2024
Remote Timing Attacks on Efficient Language Model Inference.
CoRR, 2024
Persistent Pre-Training Poisoning of LLMs.
CoRR, 2024
Adversarial Perturbations Cannot Reliably Protect Artists From Generative AI.
CoRR, 2024
Cutting through buggy adversarial example defenses: fixing 1 line of code breaks Sabre.
CoRR, 2024
Forcing Diffuse Distributions out of Language Models.
CoRR, 2024
Diffusion Denoising as a Certified Defense against Clean-label Poisoning.
CoRR, 2024
Privacy Side Channels in Machine Learning Systems.
Proceedings of the 33rd USENIX Security Symposium, 2024
Poisoning Web-Scale Training Datasets is Practical.
Proceedings of the IEEE Symposium on Security and Privacy, 2024
Evading Black-box Classifiers Without Breaking Eggs.
Proceedings of the IEEE Conference on Secure and Trustworthy Machine Learning, 2024
Privacy Backdoors: Enhancing Membership Inference through Poisoning Pre-trained Models.
Proceedings of the Advances in Neural Information Processing Systems 38: Annual Conference on Neural Information Processing Systems 2024, 2024
Query-Based Adversarial Prompt Generation.
Proceedings of the Advances in Neural Information Processing Systems 38: Annual Conference on Neural Information Processing Systems 2024, 2024
Position: Considerations for Differentially Private Learning with Large-Scale Public Pretraining.
Proceedings of the Forty-first International Conference on Machine Learning, 2024
Stealing part of a production language model.
,
,
,
,
,
,
,
,
,
,
,
,
Proceedings of the Forty-first International Conference on Machine Learning, 2024
Initialization Matters for Adversarial Transfer Learning.
Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, 2024
2023
Identifying and Mitigating the Security Risks of Generative AI.
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
Found. Trends Priv. Secur., 2023
Scalable Extraction of Training Data from (Production) Language Models.
CoRR, 2023
Report of the 1st Workshop on Generative AI and Law.
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
CoRR, 2023
Identifying and Mitigating the Security Risks of Generative AI.
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
CoRR, 2023
A LLM Assisted Exploitation of AI-Guardian.
CoRR, 2023
Backdoor Attacks for In-Context Learning with Language Models.
CoRR, 2023
Are aligned neural networks adversarially aligned?
,
,
,
,
,
,
,
,
,
,
CoRR, 2023
Students Parrot Their Teachers: Membership Inference on Model Distillation.
CoRR, 2023
Randomness in ML Defenses Helps Persistent Attackers and Hinders Evaluators.
CoRR, 2023
Tight Auditing of Differentially Private Machine Learning.
Proceedings of the 32nd USENIX Security Symposium, 2023
Extracting Training Data from Diffusion Models.
Proceedings of the 32nd USENIX Security Symposium, 2023
Publishing Efficient On-device Models Increases Adversarial Vulnerability.
Proceedings of the 2023 IEEE Conference on Secure and Trustworthy Machine Learning, 2023
Counterfactual Memorization in Neural Language Models.
Proceedings of the Advances in Neural Information Processing Systems 36: Annual Conference on Neural Information Processing Systems 2023, 2023
Effective Robustness against Natural Distribution Shifts for Models with Different Training Data.
Proceedings of the Advances in Neural Information Processing Systems 36: Annual Conference on Neural Information Processing Systems 2023, 2023
Students Parrot Their Teachers: Membership Inference on Model Distillation.
Proceedings of the Advances in Neural Information Processing Systems 36: Annual Conference on Neural Information Processing Systems 2023, 2023
Are aligned neural networks adversarially aligned?
Proceedings of the Advances in Neural Information Processing Systems 36: Annual Conference on Neural Information Processing Systems 2023, 2023
Preventing Generation of Verbatim Memorization in Language Models Gives a False Sense of Privacy.
Proceedings of the 16th International Natural Language Generation Conference, 2023
Reverse-Engineering Decoding Strategies Given Blackbox Access to a Language Generation System.
Proceedings of the 16th International Natural Language Generation Conference, 2023
Preprocessors Matter! Realistic Decision-Based Attacks on Machine Learning Systems.
Proceedings of the International Conference on Machine Learning, 2023
Part-Based Models Improve Adversarial Robustness.
Proceedings of the Eleventh International Conference on Learning Representations, 2023
Measuring Forgetting of Memorized Training Examples.
,
,
,
,
,
,
,
,
,
,
Proceedings of the Eleventh International Conference on Learning Representations, 2023
(Certified!!) Adversarial Robustness for Free!
Proceedings of the Eleventh International Conference on Learning Representations, 2023
Quantifying Memorization Across Neural Language Models.
Proceedings of the Eleventh International Conference on Learning Representations, 2023
2022
Security of Machine Learning (Dagstuhl Seminar 22281).
Dagstuhl Reports, July, 2022
Considerations for Differentially Private Learning with Large-Scale Public Pretraining.
CoRR, 2022
Preventing Verbatim Memorization in Language Models Gives a False Sense of Privacy.
CoRR, 2022
No Free Lunch in "Privacy for Free: How does Dataset Condensation Help Privacy".
CoRR, 2022
(Certified!!) Adversarial Robustness for Free!
CoRR, 2022
Debugging Differential Privacy: A Case Study for Privacy Auditing.
CoRR, 2022
Membership Inference Attacks From First Principles.
Proceedings of the 43rd IEEE Symposium on Security and Privacy, 2022
Increasing Confidence in Adversarial Robustness Evaluations.
Proceedings of the Advances in Neural Information Processing Systems 35: Annual Conference on Neural Information Processing Systems 2022, 2022
Indicators of Attack Failure: Debugging and Improving Optimization of Adversarial Examples.
Proceedings of the Advances in Neural Information Processing Systems 35: Annual Conference on Neural Information Processing Systems 2022, 2022
The Privacy Onion Effect: Memorization is Relative.
Proceedings of the Advances in Neural Information Processing Systems 35: Annual Conference on Neural Information Processing Systems 2022, 2022
Handcrafted Backdoors in Deep Neural Networks.
Proceedings of the Advances in Neural Information Processing Systems 35: Annual Conference on Neural Information Processing Systems 2022, 2022
Data Poisoning Won't Save You From Facial Recognition.
Proceedings of the Tenth International Conference on Learning Representations, 2022
Poisoning and Backdooring Contrastive Learning.
Proceedings of the Tenth International Conference on Learning Representations, 2022
Evading Adversarial Example Detection Defenses with Orthogonal Projected Gradient Descent.
Proceedings of the Tenth International Conference on Learning Representations, 2022
AdaMatch: A Unified Approach to Semi-Supervised Learning and Domain Adaptation.
Proceedings of the Tenth International Conference on Learning Representations, 2022
Truth Serum: Poisoning Machine Learning Models to Reveal Their Secrets.
Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, 2022
Deduplicating Training Data Makes Language Models Better.
Proceedings of the 60th Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers), 2022
2021
Unsolved Problems in ML Safety.
CoRR, 2021
NeuraCrypt is not private.
CoRR, 2021
Indicators of Attack Failure: Debugging and Improving Optimization of Adversarial Examples.
CoRR, 2021
Extracting Training Data from Large Language Models.
,
,
,
,
,
,
,
,
,
,
,
Proceedings of the 30th USENIX Security Symposium, 2021
Poisoning the Unlabeled Dataset of Semi-Supervised Learning.
Proceedings of the 30th USENIX Security Symposium, 2021
Adversary Instantiation: Lower Bounds for Differentially Private Machine Learning.
Proceedings of the 42nd IEEE Symposium on Security and Privacy, 2021
Is Private Learning Possible with Instance Encoding?
Proceedings of the 42nd IEEE Symposium on Security and Privacy, 2021
How Private is Machine Learning?
Proceedings of the IH&MMSec '21: ACM Workshop on Information Hiding and Multimedia Security, 2021
Label-Only Membership Inference Attacks.
Proceedings of the 38th International Conference on Machine Learning, 2021
Session details: Session 2A: Machine Learning for Cybersecurity.
Proceedings of the AISec@CCS 2021: Proceedings of the 14th ACM Workshop on Artificial Intelligence and Security, 2021
Session details: Session 1: Adversarial Machine Learning.
Proceedings of the AISec@CCS 2021: Proceedings of the 14th ACM Workshop on Artificial Intelligence and Security, 2021
2020
An Attack on InstaHide: Is Private Learning Possible with Instance Encoding?
CoRR, 2020
Erratum Concerning the Obfuscated Gradients Attack on Stochastic Activation Pruning.
CoRR, 2020
A Partial Break of the Honeypots Defense to Catch Adversarial Attacks.
CoRR, 2020
High Accuracy and High Fidelity Extraction of Neural Networks.
Proceedings of the 29th USENIX Security Symposium, 2020
On Adaptive Attacks to Adversarial Example Defenses.
Proceedings of the Advances in Neural Information Processing Systems 33: Annual Conference on Neural Information Processing Systems 2020, 2020
Measuring Robustness to Natural Distribution Shifts in Image Classification.
Proceedings of the Advances in Neural Information Processing Systems 33: Annual Conference on Neural Information Processing Systems 2020, 2020
FixMatch: Simplifying Semi-Supervised Learning with Consistency and Confidence.
Proceedings of the Advances in Neural Information Processing Systems 33: Annual Conference on Neural Information Processing Systems 2020, 2020
Fundamental Tradeoffs between Invariance and Sensitivity to Adversarial Perturbations.
Proceedings of the 37th International Conference on Machine Learning, 2020
ReMixMatch: Semi-Supervised Learning with Distribution Matching and Augmentation Anchoring.
Proceedings of the 8th International Conference on Learning Representations, 2020
Evading Deepfake-Image Detectors with White- and Black-Box Attacks.
Proceedings of the 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition, 2020
Cryptanalytic Extraction of Neural Network Models.
Proceedings of the Advances in Cryptology - CRYPTO 2020, 2020
AISec'20: 13th Workshop on Artificial Intelligence and Security.
Proceedings of the CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security, 2020
2019
ReMixMatch: Semi-Supervised Learning with Distribution Alignment and Augmentation Anchoring.
CoRR, 2019
Distribution Density, Tails, and Outliers in Machine Learning: Metrics and Applications.
CoRR, 2019
High-Fidelity Extraction of Neural Network Models.
CoRR, 2019
Stateful Detection of Black-Box Adversarial Attacks.
CoRR, 2019
A critique of the DeepSec Platform for Security Analysis of Deep Learning Models.
CoRR, 2019
SysML: The New Frontier of Machine Learning Systems.
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
,
CoRR, 2019
Exploiting Excessive Invariance caused by Norm-Bounded Adversarial Robustness.
CoRR, 2019
On Evaluating Adversarial Robustness.
CoRR, 2019
Is AmI (Attacks Meet Interpretability) Robust to Adversarial Examples?
CoRR, 2019
The Secret Sharer: Evaluating and Testing Unintended Memorization in Neural Networks.
Proceedings of the 28th USENIX Security Symposium, 2019
MixMatch: A Holistic Approach to Semi-Supervised Learning.
Proceedings of the Advances in Neural Information Processing Systems 32: Annual Conference on Neural Information Processing Systems 2019, 2019
Imperceptible, Robust, and Targeted Adversarial Examples for Automatic Speech Recognition.
Proceedings of the 36th International Conference on Machine Learning, 2019
Adversarial Examples Are a Natural Consequence of Test Error in Noise.
Proceedings of the 36th International Conference on Machine Learning, 2019
AISec'19: 12th ACM Workshop on Artificial Intelligence and Security.
Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, 2019
2018
Evaluation and Design of Robust Neural Network Defenses.
PhD thesis, 2018
Unrestricted Adversarial Examples.
CoRR, 2018
On the Robustness of the CVPR 2018 White-Box Adversarial Example Defenses.
CoRR, 2018
The Secret Sharer: Measuring Unintended Neural Network Memorization & Extracting Secrets.
CoRR, 2018
Audio Adversarial Examples: Targeted Attacks on Speech-to-Text.
Proceedings of the 2018 IEEE Security and Privacy Workshops, 2018
Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples.
Proceedings of the 35th International Conference on Machine Learning, 2018
2017
MagNet and "Efficient Defenses Against Adversarial Attacks" are Not Robust to Adversarial Examples.
CoRR, 2017
Ground-Truth Adversarial Examples.
CoRR, 2017
Adversarial Example Defenses: Ensembles of Weak Defenses are not Strong.
CoRR, 2017
Adversarial Example Defense: Ensembles of Weak Defenses are not Strong.
Proceedings of the 11th USENIX Workshop on Offensive Technologies, 2017
Towards Evaluating the Robustness of Neural Networks.
Proceedings of the 2017 IEEE Symposium on Security and Privacy, 2017
Adversarial Examples Are Not Easily Detected: Bypassing Ten Detection Methods.
Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security, 2017
2016
Defensive Distillation is Not Robust to Adversarial Examples.
CoRR, 2016
Proceedings of the 25th USENIX Security Symposium, 2016
2015
Control-Flow Bending: On the Effectiveness of Control-Flow Integrity.
Proceedings of the 24th USENIX Security Symposium, 2015
2014
ROP is Still Dangerous: Breaking Modern Defenses.
Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014., 2014
2013
Improved Support for Machine-assisted Ballot-level Audits.
Proceedings of the 2013 Electronic Voting Technology Workshop / Workshop on Trustworthy Elections, 2013
2012
Operator-Assisted Tabulation of Optical Scan Ballots.
Proceedings of the 2012 Electronic Voting Technology Workshop / Workshop on Trustworthy Elections, 2012
An Evaluation of the Google Chrome Extension Security Architecture.
Proceedings of the 21th USENIX Security Symposium, Bellevue, WA, USA, August 8-10, 2012, 2012