We stand with Ukraine  

Nicholas Carlini

Affiliations:
  • Google, USA


According to our database1, Nicholas Carlini authored at least 109 papers between 2012 and 2024.

Collaborative distances:

Timeline

Legend:

Book 
In proceedings 
Article 
PhD thesis 
Dataset
Other 

Links

On csauthors.net:

Bibliography

2024
Polynomial Time Cryptanalytic Extraction of Deep Neural Networks in the Hard-Label Setting.
[BibTeX]
[DOI]
Nicholas Carlini
,
Jorge Chávez-Saab
,
Anna Hambitzer
,
Francisco Rodríguez-Henríquez
,
Adi Shamir
IACR Cryptol. ePrint Arch., 2024

Adversarial Perturbations Cannot Reliably Protect Artists From Generative AI.
[BibTeX]
[DOI]
Robert Hönig
,
Javier Rando
,
Nicholas Carlini
,
Florian Tramèr
CoRR, 2024

Cutting through buggy adversarial example defenses: fixing 1 line of code breaks Sabre.
[BibTeX]
[DOI]
Nicholas Carlini
CoRR, 2024

Forcing Diffuse Distributions out of Language Models.
[BibTeX]
[DOI]
Yiming Zhang
,
Avi Schwarzschild
,
Nicholas Carlini
,
Zico Kolter
,
Daphne Ippolito
CoRR, 2024

Privacy Backdoors: Enhancing Membership Inference through Poisoning Pre-trained Models.
[BibTeX]
[DOI]
Yuxin Wen
,
Leo Marchyok
,
Sanghyun Hong
,
Jonas Geiping
,
Tom Goldstein
,
Nicholas Carlini
CoRR, 2024

Diffusion Denoising as a Certified Defense against Clean-label Poisoning.
[BibTeX]
[DOI]
Sanghyun Hong
,
Nicholas Carlini
,
Alexey Kurakin
CoRR, 2024

Query-Based Adversarial Prompt Generation.
[BibTeX]
[DOI]
Jonathan Hayase
,
Ema Borevkovic
,
Nicholas Carlini
,
Florian Tramèr
,
Milad Nasr
CoRR, 2024

Privacy Side Channels in Machine Learning Systems.
[BibTeX]
[DOI]
Edoardo Debenedetti
,
Giorgio Severi
,
Milad Nasr
,
Christopher A. Choquette-Choo
,
Matthew Jagielski
,
Eric Wallace
,
Nicholas Carlini
,
Florian Tramèr
Proceedings of the 33rd USENIX Security Symposium, 2024

Poisoning Web-Scale Training Datasets is Practical.
[BibTeX]
[DOI]
Nicholas Carlini
,
Matthew Jagielski
,
Christopher A. Choquette-Choo
,
Daniel Paleka
,
Will Pearce
,
Hyrum S. Anderson
,
Andreas Terzis
,
Kurt Thomas
,
Florian Tramèr
Proceedings of the IEEE Symposium on Security and Privacy, 2024

Evading Black-box Classifiers Without Breaking Eggs.
[BibTeX]
[DOI]
Edoardo Debenedetti
,
Nicholas Carlini
,
Florian Tramèr
Proceedings of the IEEE Conference on Secure and Trustworthy Machine Learning, 2024

Position: Considerations for Differentially Private Learning with Large-Scale Public Pretraining.
[BibTeX]
[DOI]
Florian Tramèr
,
Gautam Kamath
,
Nicholas Carlini
Proceedings of the Forty-first International Conference on Machine Learning, 2024

Stealing part of a production language model.
[BibTeX]
[DOI]
Nicholas Carlini
,
Daniel Paleka
,
Krishnamurthy Dj Dvijotham
,
Thomas Steinke
,
Jonathan Hayase
,
A. Feder Cooper
,
Katherine Lee
,
Matthew Jagielski
,
Milad Nasr
,
Arthur Conmy
,
Eric Wallace
,
David Rolnick
,
Florian Tramèr
Proceedings of the Forty-first International Conference on Machine Learning, 2024

Initialization Matters for Adversarial Transfer Learning.
[BibTeX]
[DOI]
Andong Hua
,
Jindong Gu
,
Zhiyu Xue
,
Nicholas Carlini
,
Eric Wong
,
Yao Qin
Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, 2024

2023
Identifying and Mitigating the Security Risks of Generative AI.
[BibTeX]
[DOI]
Clark W. Barrett
,
Brad Boyd
,
Elie Bursztein
,
Nicholas Carlini
,
Brad Chen
,
Jihye Choi
,
Amrita Roy Chowdhury
,
Mihai Christodorescu
,
Anupam Datta
,
Soheil Feizi
,
Kathleen Fisher
,
Tatsunori Hashimoto
,
Dan Hendrycks
,
Somesh Jha
,
Daniel Kang
,
Florian Kerschbaum
,
Eric Mitchell
,
John C. Mitchell
,
Zulfikar Ramzan
,
Khawaja Shams
,
Dawn Song
,
Ankur Taly
,
Diyi Yang
Found. Trends Priv. Secur., 2023

Scalable Extraction of Training Data from (Production) Language Models.
[BibTeX]
[DOI]
Milad Nasr
,
Nicholas Carlini
,
Jonathan Hayase
,
Matthew Jagielski
,
A. Feder Cooper
,
Daphne Ippolito
,
Christopher A. Choquette-Choo
,
Eric Wallace
,
Florian Tramèr
,
Katherine Lee
CoRR, 2023

Report of the 1st Workshop on Generative AI and Law.
[BibTeX]
[DOI]
A. Feder Cooper
,
Katherine Lee
,
James Grimmelmann
,
Daphne Ippolito
,
Christopher Callison-Burch
,
Christopher A. Choquette-Choo
,
Niloofar Mireshghallah
,
Miles Brundage
,
David Mimno
,
Madiha Zahrah Choksi
,
Jack M. Balkin
,
Nicholas Carlini
,
Christopher De Sa
,
Jonathan Frankle
,
Deep Ganguli
,
Bryant Gipson
,
Andres Guadamuz
,
Swee Leng Harris
,
Abigail Z. Jacobs
,
Elizabeth Joh
,
Gautam Kamath
,
Mark Lemley
,
Cass Matthews
,
Christine McLeavey
,
Corynne McSherry
,
Milad Nasr
,
Paul Ohm
,
Adam Roberts
,
Tom Rubin
,
Pamela Samuelson
,
Ludwig Schubert
,
Kristen Vaccaro
,
Luis Villa
,
Felix Wu
,
Elana Zeide
CoRR, 2023

Identifying and Mitigating the Security Risks of Generative AI.
[BibTeX]
[DOI]
Clark W. Barrett
,
Brad Boyd
,
Ellie Burzstein
,
Nicholas Carlini
,
Brad Chen
,
Jihye Choi
,
Amrita Roy Chowdhury
,
Mihai Christodorescu
,
Anupam Datta
,
Soheil Feizi
,
Kathleen Fisher
,
Tatsunori Hashimoto
,
Dan Hendrycks
,
Somesh Jha
,
Daniel Kang
,
Florian Kerschbaum
,
Eric Mitchell
,
John C. Mitchell
,
Zulfikar Ramzan
,
Khawaja Shams
,
Dawn Song
,
Ankur Taly
,
Diyi Yang
CoRR, 2023

A LLM Assisted Exploitation of AI-Guardian.
[BibTeX]
[DOI]
Nicholas Carlini
CoRR, 2023

Backdoor Attacks for In-Context Learning with Language Models.
[BibTeX]
[DOI]
Nikhil Kandpal
,
Matthew Jagielski
,
Florian Tramèr
,
Nicholas Carlini
CoRR, 2023

Are aligned neural networks adversarially aligned?
[BibTeX]
[DOI]
Nicholas Carlini
,
Milad Nasr
,
Christopher A. Choquette-Choo
,
Matthew Jagielski
,
Irena Gao
,
Anas Awadalla
,
Pang Wei Koh
,
Daphne Ippolito
,
Katherine Lee
,
Florian Tramèr
,
Ludwig Schmidt
CoRR, 2023

Students Parrot Their Teachers: Membership Inference on Model Distillation.
[BibTeX]
[DOI]
Matthew Jagielski
,
Milad Nasr
,
Christopher A. Choquette-Choo
,
Katherine Lee
,
Nicholas Carlini
CoRR, 2023

Randomness in ML Defenses Helps Persistent Attackers and Hinders Evaluators.
[BibTeX]
[DOI]
Keane Lucas
,
Matthew Jagielski
,
Florian Tramèr
,
Lujo Bauer
,
Nicholas Carlini
CoRR, 2023

Tight Auditing of Differentially Private Machine Learning.
[BibTeX]
[DOI]
Milad Nasr
,
Jamie Hayes
,
Thomas Steinke
,
Borja Balle
,
Florian Tramèr
,
Matthew Jagielski
,
Nicholas Carlini
,
Andreas Terzis
Proceedings of the 32nd USENIX Security Symposium, 2023

Extracting Training Data from Diffusion Models.
[BibTeX]
[DOI]
Nicholas Carlini
,
Jamie Hayes
,
Milad Nasr
,
Matthew Jagielski
,
Vikash Sehwag
,
Florian Tramèr
,
Borja Balle
,
Daphne Ippolito
,
Eric Wallace
Proceedings of the 32nd USENIX Security Symposium, 2023

Publishing Efficient On-device Models Increases Adversarial Vulnerability.
[BibTeX]
[DOI]
Sanghyun Hong
,
Nicholas Carlini
,
Alexey Kurakin
Proceedings of the 2023 IEEE Conference on Secure and Trustworthy Machine Learning, 2023

Counterfactual Memorization in Neural Language Models.
[BibTeX]
[DOI]
Chiyuan Zhang
,
Daphne Ippolito
,
Katherine Lee
,
Matthew Jagielski
,
Florian Tramèr
,
Nicholas Carlini
Proceedings of the Advances in Neural Information Processing Systems 36: Annual Conference on Neural Information Processing Systems 2023, 2023

Effective Robustness against Natural Distribution Shifts for Models with Different Training Data.
[BibTeX]
[DOI]
Zhouxing Shi
,
Nicholas Carlini
,
Ananth Balashankar
,
Ludwig Schmidt
,
Cho-Jui Hsieh
,
Alex Beutel
,
Yao Qin
Proceedings of the Advances in Neural Information Processing Systems 36: Annual Conference on Neural Information Processing Systems 2023, 2023

Students Parrot Their Teachers: Membership Inference on Model Distillation.
[BibTeX]
[DOI]
Matthew Jagielski
,
Milad Nasr
,
Katherine Lee
,
Christopher A. Choquette-Choo
,
Nicholas Carlini
,
Florian Tramèr
Proceedings of the Advances in Neural Information Processing Systems 36: Annual Conference on Neural Information Processing Systems 2023, 2023

Are aligned neural networks adversarially aligned?
[BibTeX]
[DOI]
Nicholas Carlini
,
Milad Nasr
,
Christopher A. Choquette-Choo
,
Matthew Jagielski
,
Irena Gao
,
Pang Wei Koh
,
Daphne Ippolito
,
Florian Tramèr
,
Ludwig Schmidt
Proceedings of the Advances in Neural Information Processing Systems 36: Annual Conference on Neural Information Processing Systems 2023, 2023

Preventing Generation of Verbatim Memorization in Language Models Gives a False Sense of Privacy.
[BibTeX]
[DOI]
Daphne Ippolito
,
Florian Tramèr
,
Milad Nasr
,
Chiyuan Zhang
,
Matthew Jagielski
,
Katherine Lee
,
Christopher A. Choquette-Choo
,
Nicholas Carlini
Proceedings of the 16th International Natural Language Generation Conference, 2023

Reverse-Engineering Decoding Strategies Given Blackbox Access to a Language Generation System.
[BibTeX]
[DOI]
Daphne Ippolito
,
Nicholas Carlini
,
Katherine Lee
,
Milad Nasr
,
Yun William Yu
Proceedings of the 16th International Natural Language Generation Conference, 2023

Preprocessors Matter! Realistic Decision-Based Attacks on Machine Learning Systems.
[BibTeX]
[DOI]
Chawin Sitawarin
,
Florian Tramèr
,
Nicholas Carlini
Proceedings of the International Conference on Machine Learning, 2023

Part-Based Models Improve Adversarial Robustness.
[BibTeX]
[DOI]
Chawin Sitawarin
,
Kornrapat Pongmala
,
Yizheng Chen
,
Nicholas Carlini
,
David A. Wagner
Proceedings of the Eleventh International Conference on Learning Representations, 2023

Measuring Forgetting of Memorized Training Examples.
[BibTeX]
[DOI]
Matthew Jagielski
,
Om Thakkar
,
Florian Tramèr
,
Daphne Ippolito
,
Katherine Lee
,
Nicholas Carlini
,
Eric Wallace
,
Shuang Song
,
Abhradeep Guha Thakurta
,
Nicolas Papernot
,
Chiyuan Zhang
Proceedings of the Eleventh International Conference on Learning Representations, 2023

(Certified!!) Adversarial Robustness for Free!
[BibTeX]
[DOI]
Nicholas Carlini
,
Florian Tramèr
,
Krishnamurthy (Dj) Dvijotham
,
Leslie Rice
,
Mingjie Sun
,
J. Zico Kolter
Proceedings of the Eleventh International Conference on Learning Representations, 2023

Quantifying Memorization Across Neural Language Models.
[BibTeX]
[DOI]
Nicholas Carlini
,
Daphne Ippolito
,
Matthew Jagielski
,
Katherine Lee
,
Florian Tramèr
,
Chiyuan Zhang
Proceedings of the Eleventh International Conference on Learning Representations, 2023

2022
Security of Machine Learning (Dagstuhl Seminar 22281).
[BibTeX]
[DOI]
Battista Biggio
,
Nicholas Carlini
,
Pavel Laskov
,
Konrad Rieck
,
Antonio Emanuele Cinà
Dagstuhl Reports, July, 2022

Considerations for Differentially Private Learning with Large-Scale Public Pretraining.
[BibTeX]
[DOI]
Florian Tramèr
,
Gautam Kamath
,
Nicholas Carlini
CoRR, 2022

Preventing Verbatim Memorization in Language Models Gives a False Sense of Privacy.
[BibTeX]
[DOI]
Daphne Ippolito
,
Florian Tramèr
,
Milad Nasr
,
Chiyuan Zhang
,
Matthew Jagielski
,
Katherine Lee
,
Christopher A. Choquette-Choo
,
Nicholas Carlini
CoRR, 2022

No Free Lunch in "Privacy for Free: How does Dataset Condensation Help Privacy".
[BibTeX]
[DOI]
Nicholas Carlini
,
Vitaly Feldman
,
Milad Nasr
CoRR, 2022

(Certified!!) Adversarial Robustness for Free!
[BibTeX]
[DOI]
Nicholas Carlini
,
Florian Tramèr
,
Krishnamurthy Dvijotham
,
J. Zico Kolter
CoRR, 2022

Debugging Differential Privacy: A Case Study for Privacy Auditing.
[BibTeX]
[DOI]
Florian Tramèr
,
Andreas Terzis
,
Thomas Steinke
,
Shuang Song
,
Matthew Jagielski
,
Nicholas Carlini
CoRR, 2022

Membership Inference Attacks From First Principles.
[BibTeX]
[DOI]
Nicholas Carlini
,
Steve Chien
,
Milad Nasr
,
Shuang Song
,
Andreas Terzis
,
Florian Tramèr
Proceedings of the 43rd IEEE Symposium on Security and Privacy, 2022

Increasing Confidence in Adversarial Robustness Evaluations.
[BibTeX]
[DOI]
Roland S. Zimmermann
,
Wieland Brendel
,
Florian Tramèr
,
Nicholas Carlini
Proceedings of the Advances in Neural Information Processing Systems 35: Annual Conference on Neural Information Processing Systems 2022, 2022

Indicators of Attack Failure: Debugging and Improving Optimization of Adversarial Examples.
[BibTeX]
[DOI]
Maura Pintor
,
Luca Demetrio
,
Angelo Sotgiu
,
Ambra Demontis
,
Nicholas Carlini
,
Battista Biggio
,
Fabio Roli
Proceedings of the Advances in Neural Information Processing Systems 35: Annual Conference on Neural Information Processing Systems 2022, 2022

The Privacy Onion Effect: Memorization is Relative.
[BibTeX]
[DOI]
Nicholas Carlini
,
Matthew Jagielski
,
Chiyuan Zhang
,
Nicolas Papernot
,
Andreas Terzis
,
Florian Tramèr
Proceedings of the Advances in Neural Information Processing Systems 35: Annual Conference on Neural Information Processing Systems 2022, 2022

Handcrafted Backdoors in Deep Neural Networks.
[BibTeX]
[DOI]
Sanghyun Hong
,
Nicholas Carlini
,
Alexey Kurakin
Proceedings of the Advances in Neural Information Processing Systems 35: Annual Conference on Neural Information Processing Systems 2022, 2022

Data Poisoning Won't Save You From Facial Recognition.
[BibTeX]
[DOI]
Evani Radiya-Dixit
,
Sanghyun Hong
,
Nicholas Carlini
,
Florian Tramèr
Proceedings of the Tenth International Conference on Learning Representations, 2022

Poisoning and Backdooring Contrastive Learning.
[BibTeX]
[DOI]
Nicholas Carlini
,
Andreas Terzis
Proceedings of the Tenth International Conference on Learning Representations, 2022

Evading Adversarial Example Detection Defenses with Orthogonal Projected Gradient Descent.
[BibTeX]
[DOI]
Oliver Bryniarski
,
Nabeel Hingun
,
Pedro Pachuca
,
Vincent Wang
,
Nicholas Carlini
Proceedings of the Tenth International Conference on Learning Representations, 2022

AdaMatch: A Unified Approach to Semi-Supervised Learning and Domain Adaptation.
[BibTeX]
[DOI]
David Berthelot
,
Rebecca Roelofs
,
Kihyuk Sohn
,
Nicholas Carlini
,
Alexey Kurakin
Proceedings of the Tenth International Conference on Learning Representations, 2022

Truth Serum: Poisoning Machine Learning Models to Reveal Their Secrets.
[BibTeX]
[DOI]
Florian Tramèr
,
Reza Shokri
,
Ayrton San Joaquin
,
Hoang Le
,
Matthew Jagielski
,
Sanghyun Hong
,
Nicholas Carlini
Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, 2022

Deduplicating Training Data Makes Language Models Better.
[BibTeX]
[DOI]
Katherine Lee
,
Daphne Ippolito
,
Andrew Nystrom
,
Chiyuan Zhang
,
Douglas Eck
,
Chris Callison-Burch
,
Nicholas Carlini
Proceedings of the 60th Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers), 2022

2021
Unsolved Problems in ML Safety.
[BibTeX]
[DOI]
Dan Hendrycks
,
Nicholas Carlini
,
John Schulman
,
Jacob Steinhardt
CoRR, 2021

NeuraCrypt is not private.
[BibTeX]
[DOI]
Nicholas Carlini
,
Sanjam Garg
,
Somesh Jha
,
Saeed Mahloujifar
,
Mohammad Mahmoody
,
Florian Tramèr
CoRR, 2021

Indicators of Attack Failure: Debugging and Improving Optimization of Adversarial Examples.
[BibTeX]
[DOI]
Maura Pintor
,
Luca Demetrio
,
Angelo Sotgiu
,
Giovanni Manca
,
Ambra Demontis
,
Nicholas Carlini
,
Battista Biggio
,
Fabio Roli
CoRR, 2021

Extracting Training Data from Large Language Models.
[BibTeX]
[DOI]
Nicholas Carlini
,
Florian Tramèr
,
Eric Wallace
,
Matthew Jagielski
,
Ariel Herbert-Voss
,
Katherine Lee
,
Adam Roberts
,
Tom B. Brown
,
Dawn Song
,
Úlfar Erlingsson
,
Alina Oprea
,
Colin Raffel
Proceedings of the 30th USENIX Security Symposium, 2021

Poisoning the Unlabeled Dataset of Semi-Supervised Learning.
[BibTeX]
[DOI]
Nicholas Carlini
Proceedings of the 30th USENIX Security Symposium, 2021

Adversary Instantiation: Lower Bounds for Differentially Private Machine Learning.
[BibTeX]
[DOI]
Milad Nasr
,
Shuang Song
,
Abhradeep Thakurta
,
Nicolas Papernot
,
Nicholas Carlini
Proceedings of the 42nd IEEE Symposium on Security and Privacy, 2021

Is Private Learning Possible with Instance Encoding?
[BibTeX]
[DOI]
Nicholas Carlini
,
Samuel Deng
,
Sanjam Garg
,
Somesh Jha
,
Saeed Mahloujifar
,
Mohammad Mahmoody
,
Abhradeep Thakurta
,
Florian Tramèr
Proceedings of the 42nd IEEE Symposium on Security and Privacy, 2021

How Private is Machine Learning?
[BibTeX]
[DOI]
Nicholas Carlini
Proceedings of the IH&MMSec '21: ACM Workshop on Information Hiding and Multimedia Security, 2021

Label-Only Membership Inference Attacks.
[BibTeX]
[DOI]
Christopher A. Choquette-Choo
,
Florian Tramèr
,
Nicholas Carlini
,
Nicolas Papernot
Proceedings of the 38th International Conference on Machine Learning, 2021

Session details: Session 2A: Machine Learning for Cybersecurity.
[BibTeX]
[DOI]
Nicholas Carlini
Proceedings of the AISec@CCS 2021: Proceedings of the 14th ACM Workshop on Artificial Intelligence and Security, 2021

Session details: Session 1: Adversarial Machine Learning.
[BibTeX]
[DOI]
Nicholas Carlini
Proceedings of the AISec@CCS 2021: Proceedings of the 14th ACM Workshop on Artificial Intelligence and Security, 2021

2020
An Attack on InstaHide: Is Private Learning Possible with Instance Encoding?
[BibTeX]
[DOI]
Nicholas Carlini
,
Samuel Deng
,
Sanjam Garg
,
Somesh Jha
,
Saeed Mahloujifar
,
Mohammad Mahmoody
,
Shuang Song
,
Abhradeep Thakurta
,
Florian Tramèr
CoRR, 2020

Erratum Concerning the Obfuscated Gradients Attack on Stochastic Activation Pruning.
[BibTeX]
[DOI]
Guneet S. Dhillon
,
Nicholas Carlini
CoRR, 2020

A Partial Break of the Honeypots Defense to Catch Adversarial Attacks.
[BibTeX]
[DOI]
Nicholas Carlini
CoRR, 2020

High Accuracy and High Fidelity Extraction of Neural Networks.
[BibTeX]
[DOI]
Matthew Jagielski
,
Nicholas Carlini
,
David Berthelot
,
Alex Kurakin
,
Nicolas Papernot
Proceedings of the 29th USENIX Security Symposium, 2020

On Adaptive Attacks to Adversarial Example Defenses.
[BibTeX]
[DOI]
Florian Tramèr
,
Nicholas Carlini
,
Wieland Brendel
,
Aleksander Madry
Proceedings of the Advances in Neural Information Processing Systems 33: Annual Conference on Neural Information Processing Systems 2020, 2020

Measuring Robustness to Natural Distribution Shifts in Image Classification.
[BibTeX]
[DOI]
Rohan Taori
,
Achal Dave
,
Vaishaal Shankar
,
Nicholas Carlini
,
Benjamin Recht
,
Ludwig Schmidt
Proceedings of the Advances in Neural Information Processing Systems 33: Annual Conference on Neural Information Processing Systems 2020, 2020

FixMatch: Simplifying Semi-Supervised Learning with Consistency and Confidence.
[BibTeX]
[DOI]
Kihyuk Sohn
,
David Berthelot
,
Nicholas Carlini
,
Zizhao Zhang
,
Han Zhang
,
Colin Raffel
,
Ekin Dogus Cubuk
,
Alexey Kurakin
,
Chun-Liang Li
Proceedings of the Advances in Neural Information Processing Systems 33: Annual Conference on Neural Information Processing Systems 2020, 2020

Fundamental Tradeoffs between Invariance and Sensitivity to Adversarial Perturbations.
[BibTeX]
[DOI]
Florian Tramèr
,
Jens Behrmann
,
Nicholas Carlini
,
Nicolas Papernot
,
Jörn-Henrik Jacobsen
Proceedings of the 37th International Conference on Machine Learning, 2020

ReMixMatch: Semi-Supervised Learning with Distribution Matching and Augmentation Anchoring.
[BibTeX]
[DOI]
David Berthelot
,
Nicholas Carlini
,
Ekin D. Cubuk
,
Alex Kurakin
,
Kihyuk Sohn
,
Han Zhang
,
Colin Raffel
Proceedings of the 8th International Conference on Learning Representations, 2020

Evading Deepfake-Image Detectors with White- and Black-Box Attacks.
[BibTeX]
[DOI]
Nicholas Carlini
,
Hany Farid
Proceedings of the 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition, 2020

Cryptanalytic Extraction of Neural Network Models.
[BibTeX]
[DOI]
Nicholas Carlini
,
Matthew Jagielski
,
Ilya Mironov
Proceedings of the Advances in Cryptology - CRYPTO 2020, 2020

AISec'20: 13th Workshop on Artificial Intelligence and Security.
[BibTeX]
[DOI]
Sadia Afroz
,
Nicholas Carlini
,
Ambra Demontis
Proceedings of the CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security, 2020

2019
ReMixMatch: Semi-Supervised Learning with Distribution Alignment and Augmentation Anchoring.
[BibTeX]
[DOI]
David Berthelot
,
Nicholas Carlini
,
Ekin D. Cubuk
,
Alex Kurakin
,
Kihyuk Sohn
,
Han Zhang
,
Colin Raffel
CoRR, 2019

Distribution Density, Tails, and Outliers in Machine Learning: Metrics and Applications.
[BibTeX]
[DOI]
Nicholas Carlini
,
Úlfar Erlingsson
,
Nicolas Papernot
CoRR, 2019

High-Fidelity Extraction of Neural Network Models.
[BibTeX]
[DOI]
Matthew Jagielski
,
Nicholas Carlini
,
David Berthelot
,
Alex Kurakin
,
Nicolas Papernot
CoRR, 2019

Stateful Detection of Black-Box Adversarial Attacks.
[BibTeX]
[DOI]
Steven Chen
,
Nicholas Carlini
,
David A. Wagner
CoRR, 2019

A critique of the DeepSec Platform for Security Analysis of Deep Learning Models.
[BibTeX]
[DOI]
Nicholas Carlini
CoRR, 2019

SysML: The New Frontier of Machine Learning Systems.
[BibTeX]
[DOI]
Alexander Ratner
,
Dan Alistarh
,
Gustavo Alonso
,
David G. Andersen
,
Peter Bailis
,
Sarah Bird
,
Nicholas Carlini
,
Bryan Catanzaro
,
Eric S. Chung
,
Bill Dally
,
Jeff Dean
,
Inderjit S. Dhillon
,
Alexandros G. Dimakis
,
Pradeep Dubey
,
Charles Elkan
,
Grigori Fursin
,
Gregory R. Ganger
,
Lise Getoor
,
Phillip B. Gibbons
,
Garth A. Gibson
,
Joseph E. Gonzalez
,
Justin Gottschlich
,
Song Han
,
Kim M. Hazelwood
,
Furong Huang
,
Martin Jaggi
,
Kevin G. Jamieson
,
Michael I. Jordan
,
Gauri Joshi
,
Rania Khalaf
,
Jason Knight
,
Jakub Konecný
,
Tim Kraska
,
Arun Kumar
,
Anastasios Kyrillidis
,
Jing Li
,
Samuel Madden
,
H. Brendan McMahan
,
Erik Meijer
,
Ioannis Mitliagkas
,
Rajat Monga
,
Derek Gordon Murray
,
Dimitris S. Papailiopoulos
,
Gennady Pekhimenko
,
Theodoros Rekatsinas
,
Afshin Rostamizadeh
,
Christopher Ré
,
Christopher De Sa
,
Hanie Sedghi
,
Siddhartha Sen
,
Virginia Smith
,
Alex Smola
,
Dawn Song
,
Evan Randall Sparks
,
Ion Stoica
,
Vivienne Sze
,
Madeleine Udell
,
Joaquin Vanschoren
,
Shivaram Venkataraman
,
Rashmi Vinayak
,
Markus Weimer
,
Andrew Gordon Wilson
,
Eric P. Xing
,
Matei Zaharia
,
Ce Zhang
,
Ameet Talwalkar
CoRR, 2019

Exploiting Excessive Invariance caused by Norm-Bounded Adversarial Robustness.
[BibTeX]
[DOI]
Jörn-Henrik Jacobsen
,
Jens Behrmann
,
Nicholas Carlini
,
Florian Tramèr
,
Nicolas Papernot
CoRR, 2019

On Evaluating Adversarial Robustness.
[BibTeX]
[DOI]
Nicholas Carlini
,
Anish Athalye
,
Nicolas Papernot
,
Wieland Brendel
,
Jonas Rauber
,
Dimitris Tsipras
,
Ian J. Goodfellow
,
Aleksander Madry
,
Alexey Kurakin
CoRR, 2019

Is AmI (Attacks Meet Interpretability) Robust to Adversarial Examples?
[BibTeX]
[DOI]
Nicholas Carlini
CoRR, 2019

The Secret Sharer: Evaluating and Testing Unintended Memorization in Neural Networks.
[BibTeX]
[DOI]
Nicholas Carlini
,
Chang Liu
,
Úlfar Erlingsson
,
Jernej Kos
,
Dawn Song
Proceedings of the 28th USENIX Security Symposium, 2019

MixMatch: A Holistic Approach to Semi-Supervised Learning.
[BibTeX]
[DOI]
David Berthelot
,
Nicholas Carlini
,
Ian J. Goodfellow
,
Nicolas Papernot
,
Avital Oliver
,
Colin Raffel
Proceedings of the Advances in Neural Information Processing Systems 32: Annual Conference on Neural Information Processing Systems 2019, 2019

Imperceptible, Robust, and Targeted Adversarial Examples for Automatic Speech Recognition.
[BibTeX]
[DOI]
Yao Qin
,
Nicholas Carlini
,
Garrison W. Cottrell
,
Ian J. Goodfellow
,
Colin Raffel
Proceedings of the 36th International Conference on Machine Learning, 2019

Adversarial Examples Are a Natural Consequence of Test Error in Noise.
[BibTeX]
[DOI]
Justin Gilmer
,
Nicolas Ford
,
Nicholas Carlini
,
Ekin D. Cubuk
Proceedings of the 36th International Conference on Machine Learning, 2019

AISec'19: 12th ACM Workshop on Artificial Intelligence and Security.
[BibTeX]
[DOI]
Sadia Afroz
,
Battista Biggio
,
Nicholas Carlini
,
Yuval Elovici
,
Asaf Shabtai
Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, 2019

2018
Evaluation and Design of Robust Neural Network Defenses.
[BibTeX]
[DOI]
Nicholas Carlini
PhD thesis, 2018

Unrestricted Adversarial Examples.
[BibTeX]
[DOI]
Tom B. Brown
,
Nicholas Carlini
,
Chiyuan Zhang
,
Catherine Olsson
,
Paul F. Christiano
,
Ian J. Goodfellow
CoRR, 2018

On the Robustness of the CVPR 2018 White-Box Adversarial Example Defenses.
[BibTeX]
[DOI]
Anish Athalye
,
Nicholas Carlini
CoRR, 2018

The Secret Sharer: Measuring Unintended Neural Network Memorization & Extracting Secrets.
[BibTeX]
[DOI]
Nicholas Carlini
,
Chang Liu
,
Jernej Kos
,
Úlfar Erlingsson
,
Dawn Song
CoRR, 2018

Audio Adversarial Examples: Targeted Attacks on Speech-to-Text.
[BibTeX]
[DOI]
Nicholas Carlini
,
David A. Wagner
Proceedings of the 2018 IEEE Security and Privacy Workshops, 2018

Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples.
[BibTeX]
[DOI]
Anish Athalye
,
Nicholas Carlini
,
David A. Wagner
Proceedings of the 35th International Conference on Machine Learning, 2018

2017
MagNet and "Efficient Defenses Against Adversarial Attacks" are Not Robust to Adversarial Examples.
[BibTeX]
[DOI]
Nicholas Carlini
,
David A. Wagner
CoRR, 2017

Ground-Truth Adversarial Examples.
[BibTeX]
[DOI]
Nicholas Carlini
,
Guy Katz
,
Clark W. Barrett
,
David L. Dill
CoRR, 2017

Adversarial Example Defenses: Ensembles of Weak Defenses are not Strong.
[BibTeX]
[DOI]
Warren He
,
James Wei
,
Xinyun Chen
,
Nicholas Carlini
,
Dawn Song
CoRR, 2017

Adversarial Example Defense: Ensembles of Weak Defenses are not Strong.
[BibTeX]
[DOI]
Warren He
,
James Wei
,
Xinyun Chen
,
Nicholas Carlini
,
Dawn Song
Proceedings of the 11th USENIX Workshop on Offensive Technologies, 2017

Towards Evaluating the Robustness of Neural Networks.
[BibTeX]
[DOI]
Nicholas Carlini
,
David A. Wagner
Proceedings of the 2017 IEEE Symposium on Security and Privacy, 2017

Adversarial Examples Are Not Easily Detected: Bypassing Ten Detection Methods.
[BibTeX]
[DOI]
Nicholas Carlini
,
David A. Wagner
Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security, 2017

2016
Defensive Distillation is Not Robust to Adversarial Examples.
[BibTeX]
[DOI]
Nicholas Carlini
,
David A. Wagner
CoRR, 2016

Hidden Voice Commands.
[BibTeX]
[DOI]
Nicholas Carlini
,
Pratyush Mishra
,
Tavish Vaidya
,
Yuankai Zhang
,
Micah Sherr
,
Clay Shields
,
David A. Wagner
,
Wenchao Zhou
Proceedings of the 25th USENIX Security Symposium, 2016

2015
Control-Flow Bending: On the Effectiveness of Control-Flow Integrity.
[BibTeX]
[DOI]
Nicholas Carlini
,
Antonio Barresi
,
Mathias Payer
,
David A. Wagner
,
Thomas R. Gross
Proceedings of the 24th USENIX Security Symposium, 2015

2014
ROP is Still Dangerous: Breaking Modern Defenses.
[BibTeX]
[DOI]
Nicholas Carlini
,
David A. Wagner
Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014., 2014

2013
Improved Support for Machine-assisted Ballot-level Audits.
[BibTeX]
[DOI]
Eric Kim
,
Nicholas Carlini
,
Andrew Chang
,
George Yiu
,
Kai Wang
,
David A. Wagner
Proceedings of the 2013 Electronic Voting Technology Workshop / Workshop on Trustworthy Elections, 2013

2012
Operator-Assisted Tabulation of Optical Scan Ballots.
[BibTeX]
[DOI]
Kai Wang
,
Nicholas Carlini
,
Eric Kim
,
Ivan Motyashov
,
Daniel Nguyen
,
David A. Wagner
Proceedings of the 2012 Electronic Voting Technology Workshop / Workshop on Trustworthy Elections, 2012

An Evaluation of the Google Chrome Extension Security Architecture.
[BibTeX]
[DOI]
Nicholas Carlini
,
Adrienne Porter Felt
,
David A. Wagner
Proceedings of the 21th USENIX Security Symposium, Bellevue, WA, USA, August 8-10, 2012, 2012


  Loading...