A5049209023- Adversarial Robustness in Machine Learning
- Machine Learning and Data Classification
- Integrated Circuits and Semiconductor Failure Analysis
- Advanced Neural Network Applications
- Bacillus and Francisella bacterial research
- Advanced Malware Detection Techniques
- Network Security and Intrusion Detection
- Anomaly Detection Techniques and Applications
- Machine Learning and Algorithms
- Privacy-Preserving Technologies in Data
- Image Enhancement Techniques
- Risk and Safety Analysis
- Safety Systems Engineering in Autonomy
- Occupational Health and Safety Research
- Bayesian Methods and Mixture Models
- Fault Detection and Control Systems
- Gaussian Processes and Bayesian Inference
- Statistical Methods and Inference
- Cryptographic Implementations and Security
- Industrial Vision Systems and Defect Detection
- Digital Media Forensic Detection
- Neural Networks and Applications
- Domain Adaptation and Few-Shot Learning
- Machine Learning and ELM
- Topic Modeling
The University of Melbourne
2020-2024
Robust loss functions are essential for training accurate deep neural networks (DNNs) in the presence of noisy (incorrect) labels. It has been shown that commonly used Cross Entropy (CE) is not robust to Whilst new have designed, they only partially robust. In this paper, we theoretically show by applying a simple normalization that: any can be made However, practice, simply being sufficient function train DNNs. By investigating several functions, find suffer from problem underfitting. To...
Contrastive language-image pretraining (CLIP) has been found to be vulnerable poisoning backdoor attacks where the adversary can achieve an almost perfect attack success rate on CLIP models by only 0.01\% of training dataset. This raises security concerns current practice large-scale unscrutinized web data using CLIP. In this work, we analyze representations backdoor-poisoned samples learned and find that they exhibit unique characteristics in their local subspace, i.e., neighborhoods are...
The rapid advancement of large models, driven by their exceptional abilities in learning and generalization through large-scale pre-training, has reshaped the landscape Artificial Intelligence (AI). These models are now foundational to a wide range applications, including conversational AI, recommendation systems, autonomous driving, content generation, medical diagnostics, scientific discovery. However, widespread deployment also exposes them significant safety risks, raising concerns about...
Deep neural networks (DNNs) are known to be vulnerable adversarial attacks. A range of defense methods have been proposed train adversarially robust DNNs, among which training has demonstrated promising results. However, despite preliminary understandings developed for training, it is still not clear, from the architectural perspective, what configurations can lead more DNNs. In this paper, we address gap via a comprehensive investigation on impact network width and depth robustness trained...
This paper proposes a simple method to distill and detect backdoor patterns within an image: \emph{Cognitive Distillation} (CD). The idea is extract the "minimal essence" from input image responsible for model's prediction. CD optimizes mask small pattern that can lead same model output (i.e., logits or deep features). extracted help understand cognitive mechanism of on clean vs. images thus called Pattern} (CP). Using distilled CPs, we uncover interesting phenomenon attacks: despite various...
Backdoor attacks have emerged as a primary threat to (pre-)training and deployment of deep neural networks (DNNs). While backdoor been extensively studied in body works, most them were focused on single-trigger that poison dataset using single type trigger. Arguably, real-world can be much more complex, e.g., the existence multiple adversaries for same if it is high value. In this work, we investigate practical under setting \textbf{multi-trigger attacks} where leverage different types...
The volume of "free" data on the internet has been key to current success deep learning. However, it also raises privacy concerns about unauthorized exploitation personal for training commercial models. It is thus crucial develop methods prevent exploitation. This paper question: \emph{can be made unlearnable learning models?} We present a type \emph{error-minimizing} noise that can indeed make examples unlearnable. Error-minimizing intentionally generated reduce error one or more example(s)...
Neural Architecture Search (NAS) has gained significant popularity as an effective tool for designing high performance deep neural networks (DNNs). NAS can be performed via reinforcement learning, evolutionary algorithms, differentiable architecture search or tree-search methods. While progress been made both learning and search, methods have so far failed to achieve comparable accuracy efficiency. In this paper, we formulate a Combinatorial Multi-Armed Bandit (CMAB) problem (CMAB-NAS). This...
Representations learned via self-supervised learning (SSL) can be susceptible to dimensional collapse, where the representation subspace is of extremely low dimensionality and thus fails represent full data distribution modalities. Dimensional collapse also known as "underfilling" phenomenon one major causes degraded performance on downstream tasks. Previous work has investigated problem SSL at a global level. In this paper, we demonstrate that representations span over high space globally,...
Generative Large Language Models (LLMs) have made significant strides across various tasks, but they remain vulnerable to backdoor attacks, where specific triggers in the prompt cause LLM generate adversary-desired responses. While most research has focused on vision or text classification attacks generation been largely overlooked. In this work, we introduce \textit{BackdoorLLM}, first comprehensive benchmark for studying LLMs. \textit{BackdoorLLM} features: 1) a repository of benchmarks...
With the advancement of vision transformers (ViTs) and self-supervised learning (SSL) techniques, pre-trained large ViTs have become new foundation models for computer applications. However, studies shown that, like convolutional neural networks (CNNs), are also susceptible to adversarial attacks, where subtle perturbations in input can fool model into making false predictions. This paper transferability such an vulnerability from a ViT downstream tasks. We focus on \emph{sample-wise}...
Backdoor attacks covertly implant triggers into deep neural networks (DNNs) by poisoning a small portion of the training data with pre-designed backdoor triggers. This vulnerability is exacerbated in era large models, where extensive (pre-)training on web-crawled datasets susceptible to compromise. In this paper, we introduce novel two-step defense framework named Expose Before You Defend (EBYD). EBYD unifies existing methods comprehensive system enhanced performance. Specifically, first...
As deep learning models are increasingly deployed in safety-critical applications, evaluating their vulnerabilities to adversarial perturbations is essential for ensuring reliability and trustworthiness. Over the past decade, a large number of white-box robustness evaluation methods (i.e., attacks) have been proposed, ranging from single-step multi-step individual ensemble methods. Despite these advances, challenges remain conducting meaningful comprehensive evaluations, particularly when it...
Evaluating the robustness of a defense model is challenging task in adversarial research. Obfuscated gradients have previously been found to exist many methods and cause false signal robustness. In this paper, we identify more subtle situation called Imbalanced Gradients that can also overestimated The phenomenon imbalanced occurs when gradient one term margin loss dominates pushes attack towards suboptimal direction. To exploit gradients, formulate Margin Decomposition (MD) decomposes into...
Neural Architecture Search (NAS) has gained significant popularity as an effective tool for designing high performance deep neural networks (DNNs). NAS can be performed via policy gradient, evolutionary algorithms, differentiable architecture search or tree-search methods. While progress been made both gradient and search, methods have so far failed to achieve comparable accuracy efficiency. In this paper, we formulate a Combinatorial Multi-Armed Bandit (CMAB) problem (CMAB-NAS). This allows...