English
Related papers

Related papers: TrojanPuzzle: Covertly Poisoning Code-Suggestion M…

200 papers

AI-based code generators have become pivotal in assisting developers in writing software starting from natural language (NL). However, they are trained on large amounts of data, often collected from unsanitized online sources (e.g., GitHub,…

Cryptography and Security · Computer Science 2024-02-12 Domenico Cotroneo , Cristina Improta , Pietro Liguori , Roberto Natella

Data poisoning causes misclassification of test time target examples by injecting maliciously crafted samples in the training data. Existing defenses are often effective only against a specific type of targeted attack, significantly degrade…

Machine Learning · Computer Science 2022-10-19 Yu Yang , Tian Yu Liu , Baharan Mirzasoleiman

Instruction tuning is an effective technique to align large language models (LLMs) with human intents. In this work, we investigate how an adversary can exploit instruction tuning by injecting specific instruction-following examples into…

Cryptography and Security · Computer Science 2023-10-31 Manli Shu , Jiongxiao Wang , Chen Zhu , Jonas Geiping , Chaowei Xiao , Tom Goldstein

Data poisoning is a training-time attack that undermines the trustworthiness of learned models. In a targeted data poisoning attack, an adversary manipulates the training dataset to alter the classification of a targeted test point. Given…

Machine Learning · Computer Science 2025-11-18 Nakshatra Gupta , Sumanth Prabhu , Supratik Chakraborty , R Venkatesh

Deep learning (DL) models for natural language-to-code generation have become integral to modern software development pipelines. However, their heavy reliance on large amounts of data, often collected from unsanitized online sources,…

Cryptography and Security · Computer Science 2025-09-01 Cristina Improta

Model editing methods modify specific behaviors of Large Language Models by altering a small, targeted set of network weights and require very little data and compute. These methods can be used for malicious applications such as inserting…

Machine Learning · Computer Science 2025-09-08 Keltin Grimes , Marco Christiani , David Shriver , Marissa Connor

In this paper, we introduce the TrojAI software framework, an open source set of Python tools capable of generating triggered (poisoned) datasets and associated deep learning (DL) models with trojans at scale. We utilize the developed…

Machine Learning · Computer Science 2020-03-17 Kiran Karra , Chace Ashcraft , Neil Fendley

Poisoning attacks can compromise the safety of large language models (LLMs) by injecting malicious documents into their training data. Existing work has studied pretraining poisoning assuming adversaries control a percentage of the training…

Recommender systems play a central role in digital platforms by providing personalized content. They often use methods such as collaborative filtering and machine learning to accurately predict user preferences. Although these systems offer…

Cryptography and Security · Computer Science 2025-11-11 Zihao Wang , Tianhao Mao , XiaoFeng Wang , Di Tang , Xiaozhong Liu

Open-source Large Language Models (LLMs) have recently gained popularity because of their comparable performance to proprietary LLMs. To efficiently fulfill domain-specialized tasks, open-source LLMs can be refined, without expensive…

Cryptography and Security · Computer Science 2024-09-12 Tian Dong , Minhui Xue , Guoxing Chen , Rayne Holland , Yan Meng , Shaofeng Li , Zhen Liu , Haojin Zhu

AI-based code generators have gained a fundamental role in assisting developers in writing software starting from natural language (NL). However, since these large language models are trained on massive volumes of data collected from…

Cryptography and Security · Computer Science 2024-03-12 Cristina Improta

Backdoor attacks are a kind of emergent security threat in deep learning. After being injected with a backdoor, a deep neural model will behave normally on standard inputs but give adversary-specified predictions once the input contains…

Cryptography and Security · Computer Science 2022-10-20 Yangyi Chen , Fanchao Qi , Hongcheng Gao , Zhiyuan Liu , Maosong Sun

While poisoning attacks on machine learning models have been extensively studied, the mechanisms by which adversaries can distribute poisoned models at scale remain largely unexplored. In this paper, we shed light on how model leaderboards…

Machine Learning · Computer Science 2025-07-15 Anshuman Suri , Harsh Chaudhari , Yuefeng Peng , Ali Naseh , Amir Houmansadr , Alina Oprea

Model adaptation tackles the distribution shift problem with a pre-trained model instead of raw data, which has become a popular paradigm due to its great privacy protection. Existing methods always assume adapting to a clean target domain,…

Cryptography and Security · Computer Science 2025-02-18 Lijun Sheng , Jian Liang , Ran He , Zilei Wang , Tieniu Tan

The financial industry relies on deep learning models for making important decisions. This adoption brings new danger, as deep black-box models are known to be vulnerable to adversarial attacks. In computer vision, one can shape the output…

Machine Learning · Computer Science 2024-08-27 Alina Ermilova , Elizaveta Kovtun , Dmitry Berestnev , Alexey Zaytsev

A backdoor or Trojan attack is an important type of data poisoning attack against deep neural network (DNN) classifiers, wherein the training dataset is poisoned with a small number of samples that each possess the backdoor pattern (usually…

Machine Learning · Computer Science 2023-03-15 H. Wang , S. Karami , O. Dia , H. Ritter , E. Emamjomeh-Zadeh , J. Chen , Z. Xiang , D. J. Miller , G. Kesidis

Deep image classification models trained on vast amounts of web-scraped data are susceptible to data poisoning - a mechanism for backdooring models. A small number of poisoned samples seen during training can severely undermine a model's…

Cryptography and Security · Computer Science 2023-06-30 Nils Lukas , Florian Kerschbaum

Modern machine learning pipelines leverage large amounts of public data, making it infeasible to guarantee data quality and leaving models open to poisoning and backdoor attacks. Provably bounding model behavior under such attacks remains…

Machine Learning · Computer Science 2024-10-31 Philip Sosnin , Mark N. Müller , Maximilian Baader , Calvin Tsay , Matthew Wicker

Web-scraped datasets are vulnerable to data poisoning, which can be used for backdooring deep image classifiers during training. Since training on large datasets is expensive, a model is trained once and re-used many times. Unlike…

Machine Learning · Computer Science 2024-01-23 Benjamin Schneider , Nils Lukas , Florian Kerschbaum

Adversarial attacks alter NLP model predictions by perturbing test-time inputs. However, it is much less understood whether, and how, predictions can be manipulated with small, concealed changes to the training data. In this work, we…

Computation and Language · Computer Science 2021-04-13 Eric Wallace , Tony Z. Zhao , Shi Feng , Sameer Singh