English
Related papers

Related papers: How Robust are Randomized Smoothing based Defenses…

200 papers

Machine Learning (ML) algorithms are vulnerable to poisoning attacks, where a fraction of the training data is manipulated to deliberately degrade the algorithms' performance. Optimal attacks can be formulated as bilevel optimization…

Machine Learning · Computer Science 2023-06-27 Javier Carnerero-Cano , Luis Muñoz-González , Phillippa Spencer , Emil C. Lupu

Machine learning is becoming ubiquitous. From finance to medicine, machine learning models are boosting decision-making processes and even outperforming humans in some tasks. This huge progress in terms of prediction quality does not…

Machine Learning · Computer Science 2025-04-11 Marco Anisetti , Claudio A. Ardagna , Alessandro Balestrucci , Nicola Bena , Ernesto Damiani , Chan Yeob Yeun

Randomized smoothing is the current state-of-the-art method for producing provably robust classifiers. While randomized smoothing typically yields robust $\ell_2$-ball certificates, recent research has generalized provable robustness to…

Machine Learning · Computer Science 2023-09-26 Samuel Pfrommer , Brendon G. Anderson , Somayeh Sojoudi

Machine learning models have been widely adopted in several fields. However, most recent studies have shown several vulnerabilities from attacks with a potential to jeopardize the integrity of the model, presenting a new window of research…

Cryptography and Security · Computer Science 2022-02-23 Miguel A. Ramirez , Song-Kyoo Kim , Hussam Al Hamadi , Ernesto Damiani , Young-Ji Byon , Tae-Yeon Kim , Chung-Suk Cho , Chan Yeob Yeun

Machine learning models trained on data from the outside world can be corrupted by data poisoning attacks that inject malicious points into the models' training sets. A common defense against these attacks is data sanitization: first filter…

Machine Learning · Statistics 2021-12-06 Pang Wei Koh , Jacob Steinhardt , Percy Liang

The recent success of machine learning (ML) has been fueled by the increasing availability of computing power and large amounts of data in many different applications. However, the trustworthiness of the resulting models can be compromised…

Cryptography and Security · Computer Science 2024-03-11 Antonio Emanuele Cinà , Kathrin Grosse , Ambra Demontis , Battista Biggio , Fabio Roli , Marcello Pelillo

Machine learning based data-driven technologies have shown impressive performances in a variety of application domains. Most enterprises use data from multiple sources to provide quality applications. The reliability of the external data…

Machine Learning · Computer Science 2021-06-01 Rosni K Vasu , Sanjay Seetharaman , Shubham Malaviya , Manish Shukla , Sachin Lodha

Instance-targeted data poisoning attacks, where an adversary corrupts a training set to induce errors on specific test points, have raised significant concerns. Balcan et al (2022) proposed an approach to addressing this challenge by…

Machine Learning · Computer Science 2025-05-09 Avrim Blum , Donya Saless

Machine Learning (ML) algorithms are vulnerable to poisoning attacks, where a fraction of the training data is manipulated to deliberately degrade the algorithms' performance. Optimal poisoning attacks, which can be formulated as bilevel…

Machine Learning · Computer Science 2020-06-23 Javier Carnerero-Cano , Luis Muñoz-González , Phillippa Spencer , Emil C. Lupu

Randomized smoothing is a recent and celebrated solution to certify the robustness of any classifier. While it indeed provides a theoretical robustness against adversarial attacks, the dimensionality of current classifiers necessarily…

Cryptography and Security · Computer Science 2022-05-02 Thibault Maho , Teddy Furon , Erwan Le Merrer

Recently, few certified defense methods have been developed to provably guarantee the robustness of a text classifier to adversarial synonym substitutions. However, all existing certified defense methods assume that the defenders are…

Computation and Language · Computer Science 2021-07-27 Jiehang Zeng , Xiaoqing Zheng , Jianhan Xu , Linyang Li , Liping Yuan , Xuanjing Huang

Poisoning attacks on machine learning systems compromise the model performance by deliberately injecting malicious samples in the training dataset to influence the training process. Prior works focus on either availability attacks (i.e.,…

Machine Learning · Computer Science 2021-10-13 Bingyin Zhao , Yingjie Lao

The widespread deployment of pre-trained language models (PLMs) has exposed them to textual backdoor attacks, particularly those planted during the pre-training stage. These attacks pose significant risks to high-reliability applications,…

Machine Learning · Computer Science 2025-02-12 Bowei He , Lihao Yin , Hui-Ling Zhen , Jianping Zhang , Lanqing Hong , Mingxuan Yuan , Chen Ma

The existence of adversarial data examples has drawn significant attention in the deep-learning community; such data are seemingly minimally perturbed relative to the original data, but lead to very different outputs from a deep-learning…

Machine Learning · Computer Science 2019-11-12 Bai Li , Changyou Chen , Wenlin Wang , Lawrence Carin

Randomized smoothing is a technique for providing provable robustness guarantees against adversarial attacks while making minimal assumptions about a classifier. This method relies on taking a majority vote of any base classifier over…

Machine Learning · Computer Science 2023-05-09 Ambar Pal , Jeremias Sulam

Randomness supports many critical functions in the field of machine learning (ML) including optimisation, data selection, privacy, and security. ML systems outsource the task of generating or harvesting randomness to the compiler, the cloud…

Machine Learning · Computer Science 2024-02-13 Pranav Dahiya , Ilia Shumailov , Ross Anderson

Making learners robust to adversarial perturbation at test time (i.e., evasion attacks) or training time (i.e., poisoning attacks) has emerged as a challenging task. It is known that for some natural settings, sublinear perturbations in the…

Machine Learning · Computer Science 2018-11-07 Saeed Mahloujifar , Mohammad Mahmoody

Patch adversarial attacks on images, in which the attacker can distort pixels within a region of bounded size, are an important threat model since they provide a quantitative model for physical adversarial attacks. In this paper, we…

Machine Learning · Computer Science 2021-01-11 Alexander Levine , Soheil Feizi

In a \emph{data poisoning attack}, an attacker modifies, deletes, and/or inserts some training examples to corrupt the learnt machine learning model. \emph{Bootstrap Aggregating (bagging)} is a well-known ensemble learning method, which…

Cryptography and Security · Computer Science 2020-12-11 Jinyuan Jia , Xiaoyu Cao , Neil Zhenqiang Gong

With the increase in machine learning (ML) applications in different domains, incentives for deceiving these models have reached more than ever. As data is the core backbone of ML algorithms, attackers shifted their interest toward…

Cryptography and Security · Computer Science 2023-01-04 Kshitiz Aryal , Maanak Gupta , Mahmoud Abdelsalam