Research Blog Site by Krishna

Research Papers

 
  • Nov 11, 2024

Research Papers I’ve Read :wave:

Here are some insightful papers that I have read:

  1. HopSkipJumpAttack: A Query-Efficient Decision-Based Attack
    • Authors: WJianbo Chen, Michael I. Jordan, Martin J. Wainwright
    • Overview: The goal of a decision-based adversarial attack on a trained model is to generate adversarial examples based solely on observing output labels returned by the targeted model. We develop HopSkipJumpAttack, a family of algorithms based on a novel estimate of the gradient direction using binary information at the decision boundary. The proposed family includes both untargeted and targeted attacks optimized for ℓ2 and ℓ∞ similarity metrics respectively. Theoretical analysis is provided for the proposed algorithms and the gradient direction estimate. Experiments show HopSkipJumpAttack requires significantly fewer model queries than Boundary Attack. It also achieves competitive performance in attacking several widely-used defense mechanisms
  2. Understanding the Decision Boundary of Deep Neural Networks: An Empirical Study
    • Authors: David Evans, Michael J. P. O’Neill
    • Overview: Despite achieving remarkable performance on many image classification tasks, state-of-the-art machine learning (ML) classifiers remain vulnerable to small input perturbations. Especially, the existence of adversarial examples raises concerns about the deployment of ML models in safety- and security-critical environments, like autonomous driving and disease detection. Over the last few years, numerous defense methods have been published with the goal of improving adversarial as well as corruption robustness. However, the proposed measures succeeded only to a very limited extent. This limited progress is partly due to the lack of understanding of the decision boundary and decision regions of deep neural networks. Therefore, we study the minimum distance of data points to the decision boundary and how this margin evolves over the training of a deep neural network. By conducting experiments on MNIST, FASHION-MNIST, and CIFAR-10, we observe that the decision boundary moves closer to natural images over training. This phenomenon even remains intact in the late epochs of training, where the classifier already obtains low training and test error rates. On the other hand, adversarial training appears to have the potential to prevent this undesired convergence of the decision boundary.
  3. Generating Realistic Tabular Data with Large Language Models
    • Authors: Dang Nguyen, Sunil Gupta, Kien Do, Thin Nguyen, Svetha Venkatesh
    • Overview: While most generative models show achievements in image data generation, few are developed for tabular data generation. Recently, due to success of large language models (LLM) in diverse tasks, they have also been used for tabular data generation. However, these methods do not capture the correct correlation between the features and the target variable, hindering their applications in downstream predictive tasks. To address this problem, we propose a LLM-based method with three important improvements to correctly capture the ground-truth feature-class correlation in the real data. First, we propose a novel permutation strategy for the input data in the fine-tuning phase. Second, we propose a feature-conditional sampling approach to generate synthetic samples. Finally, we generate the labels by constructing prompts based on the generated samples to query our fine-tuned LLM. Our extensive experiments show that our method significantly outperforms 10 SOTA baselines on 20 datasets in downstream tasks. It also produces highly realistic synthetic samples in terms of quality and diversity. More importantly, classifiers trained with our synthetic data can even compete with classifiers trained with the original data on half of the benchmark datasets, which is a significant achievement in tabular data generation.
  4. Towards Adaptive Attacks on Constrained Tabular Machine Learning
    • Authors: Thibault Simonetto, Salah GHAMIZI, Maxime Cordy
    • Overview: State-of-the-art deep learning models for tabular data have recently achieved acceptable performance to be deployed in industrial settings. Contrary to computer vision, there is to date no efficient constrained whitebox attack to evaluate the adversarial robustness of deep tabular models due to intrinsic properties of tabular data such as categorical features, immutability, and feature relationship constraints. To fill this gap, we propose CAPGD, the first efficient evasion attack for constrained tabular deep learning models. CAPGD is an iterative parameter-free attack to generate adversarial examples under constraints. We evaluate CAPGD across four critical use cases: credit scoring, phishing, botnet attacks, and ICU survival prediction. Our empirical study covers 5 modern tabular deep learning architectures and demonstrates the effectiveness of our attack which improves over the most effective constrained attack by 81% points.
  5. Constrained Adaptive Attack: Effective Adversarial Attack Against Deep Neural Networks for Tabular Data
    • Authors: Thibault Simonetto, Salah Ghamizi, Maxime Cordy
    • Overview: Presents an effective method for conducting adversarial attacks on deep neural networks that process tabular data, focusing on constraints to enhance attack efficacy.
  6. Adversarial Machine Learning at Scale
    • Authors: Alexey Kurakin, Ian Goodfellow, Samy Bengio
    • Overview: Adversarial examples are malicious inputs designed to fool machine learning models. They often transfer from one model to another, allowing attackers to mount black box attacks without knowledge of the target model’s parameters. Adversarial training is the process of explicitly training a model on adversarial examples, in order to make it more robust to attack or to reduce its test error on clean inputs. So far, adversarial training has primarily been applied to small problems. In this research, we apply adversarial training to ImageNet. Our contributions include: (1) recommendations for how to succesfully scale adversarial training to large models and datasets, (2) the observation that adversarial training confers robustness to single-step attack methods, (3) the finding that multi-step attack methods are somewhat less transferable than single-step attack methods, so single-step attacks are the best for mounting black-box attacks, and (4) resolution of a “label leaking” effect that causes adversarially trained models to perform better on adversarial examples than on clean examples, because the adversarial example construction process uses the true label and the model can learn to exploit regularities in the construction process.
  7. A comprehensive survey of robust deep learning in computer vision
    • Authors: Jia Liu, Yaochu Jin
    • Overview: Deep learning has presented remarkable progress in various tasks. Despite the excellent performance, deep learning models remain not robust, especially to well-designed adversarial examples, limiting deep learning models employed in security-critical applications. Therefore, how to improve the robustness of deep learning has attracted increasing attention from researchers. This paper investigates the progress on the threat of deep learning and the techniques that can enhance the model robustness in computer vision. Unlike previous relevant survey papers summarizing adversarial attacks and defense technologies, this paper also provides an overview of the general robustness of deep learning. Besides, this survey elaborates on the current robustness evaluation approaches, which require further exploration. This paper also reviews the recent literature on making deep learning models resistant to adversarial examples from an architectural perspective, which was rarely mentioned in previous surveys. Finally, interesting directions for future research are listed based on the reviewed literature. This survey is hoped to serve as the basis for future research in this topical field.
  8. Explainable AI: Interpreting, Explaining and Visualizing Deep Learning
    • Authors: Wojciech Samek, Grégoire Montavon, Andrea Vedaldi, Lars Kai Hansen, Klaus-Robert Müller
    • Overview: Discusses various methods for making deep learning models more interpretable and explainable, enhancing trust and transparency in AI systems.
  9. Federated Learning: Challenges, Methods, and Future Directions
    • Authors: Tian Li; Anit Kumar Sahu; Ameet Talwalkar; Virginia Smith
    • Overview: Federated learning involves training statistical models over remote devices or siloed data centers, such as mobile phones or hospitals, while keeping data localized. Training in heterogeneous and potentially massive networks introduces novel challenges that require a fundamental departure from standard approaches for large-scale machine learning, distributed optimization, and privacy-preserving data analysis. In this article, we discuss the unique characteristics and challenges of federated learning, provide a broad overview of current approaches, and outline several directions of future work that are relevant to a wide range of research communities.
  10. Privacy-Preserving Machine Learning: Threats and Solutions
    • Authors: Mohammad Al-Rubaie, J. Morris Chang
    • Overview: For privacy concerns to be addressed adequately in today’s machine learning systems, the knowledge gap between the machine learning and privacy communities must be bridged. This article aims to provide an introduction to the int
  11. Language Models are Realistic Tabular Data Generators
    • Authors: Vadim Borisov, Kathrin Seßler, Tobias Leemann, Martin Pawelczyk, Gjergji Kasneci
    • Overview: Tabular data is among the oldest and most ubiquitous forms of data. However, the generation of synthetic samples with the original data’s characteristics remains a significant challenge for tabular data. While many generative models from the computer vision domain, such as variational autoencoders or generative adversarial networks, have been adapted for tabular data generation, less research has been directed towards recent transformer-based large language models (LLMs), which are also generative in nature. To this end, we propose GReaT (Generation of Realistic Tabular data), which exploits an auto-regressive generative LLM to sample synthetic and yet highly realistic tabular data. Furthermore, GReaT can model tabular data distributions by conditioning on any subset of features; the remaining features are sampled without additional overhead. We demonstrate the effectiveness of the proposed approach in a series of experiments that quantify the validity and quality of the produced data samples from multiple angles. We find that GReaT maintains state-of-the-art performance across numerous real-world and synthetic data sets with heterogeneous feature types coming in various sizes.
Search