One-Class Graph Embedding Classification for Detecting Backdoor Attacks in Deep Neural Networks
A novel one-class graph embedding classification (OCGEC) framework that leverages graph neural networks to effectively detect backdoor attacks in deep neural network models without requiring any knowledge of the attack strategy or poisoned training data.
Robust Detection of Out-of-Distribution and Adversarial Inputs for Deep Neural Networks
Robust methods to accurately identify both out-of-distribution and adversarially perturbed inputs, even when they are designed to evade the out-of-distribution detector.
ADVREPAIR: A Novel Approach for Provable Repair of Adversarial Attacks in Deep Neural Networks
ADVREPAIR is a novel approach that leverages formal verification to construct patch modules that can be seamlessly integrated into the original neural network, delivering provable and specialized repairs within the robustness neighborhood. Additionally, ADVREPAIR incorporates a heuristic mechanism for assigning patch modules, allowing this defense against adversarial attacks to generalize to other inputs, significantly improving the overall robustness of the network.
RSBA: Robust Statistical Backdoor Attack under Privilege-Constrained Scenarios
RSBA introduces a new attack paradigm by utilizing statistical features for backdoor attacks, demonstrating robustness against defenses like image augmentation and model distillation.
Impart: An Imperceptible and Effective Label-Specific Backdoor Attack Framework
提案された新しいバックドア攻撃フレームワーク「Impart」は、被害者モデルへのアクセスがない状況で効果的なバックドア例を生成し、高い攻撃成功率を達成します。
RSBA: Robust Statistical Backdoor Attack under Privilege-Constrained Scenarios
RSBA introduces a new attack paradigm utilizing statistical features for robust backdoor attacks in privilege-constrained scenarios.
Adversarial Sparse Teacher: Defense Against Distillation-Based Model Stealing Attacks Using Adversarial Examples
Adversarial Sparse Teacher (AST) introduces a novel defensive method to protect teacher models from distillation-based model stealing attacks using adversarial examples.
Precise Extraction of Deep Learning Models via Side-Channel Attacks on Edge/Endpoint Devices
The author argues that precise extraction of deep learning models can be achieved through side-channel attacks, emphasizing the importance of model information like ID and MA for successful attacks.
Investigating White-Box Attacks for On-Device Models: Reverse Engineering Framework Revealed
The author argues that existing on-device attacking approaches underestimate the harm of attacks due to non-debuggable models, proposing a Reverse Engineering framework to enable white-box attacks effectively.