Skip to content
/ AI-Security-Resources Public
forked from Zhou-Zi7/AI-Security-Resources

This Github repository summarizes a list of research papers on AI security from the four top academic conferences.

License

Apache-2.0 license
0 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Allen191819/AI-Security-Resources

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

37 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

AI-Security-Resources

This Github repository summarizes a list of research papers on AI security from the four top academic conferences, namely IEEE Symposium on Security and Privacy (S&P), Network and Distributed System Security Symposium (NDSS), USENIX Security Symposium, and ACM Conference on Computer and Communications Security (CCS).

This repository is supported by the Trustworthy Artificial Intelligence (T-AI) Lab at Huazhong University of Science and Technology (HUST).

We will try our best to continuously maintain this Github Repository in a weekly manner.

News

  • 2023/8/6: Shi Junyu adds CCS papers.
  • 2023/7/25: Zhang Hangtao adds NDSS & USENIX Security papers.
  • 2023/7/24: Zhou Ziqi adds S&P papers.
  • 2023/7/23: We create the AI-Security-Resources repository.

Table of Contents

Papers in S&P

S&P'2024

  • Why Does Little Robustness Help? A Further Step Towards Understanding Adversarial Transferability. [Topic: AEs] [Code][pdf]
    • Yechao Zhang, Shengshan Hu, Leo Yu Zhang, Junyu Shi, Xiaogeng Liu, Minghui Li, Wei Wan, Hai Jin. IEEE Symposium on Security and Privacy, 2024.

S&P'2023

S&P'2022

  • “Adversarial Examples” for Proof-of-Learning. [Topic: AEs] [pdf]

    • Rui Zhang, Jian Liu, Yuan Ding, Zhibo Wang, Qingbiao Wu, and Kui Ren. IEEE Symposium on Security and Privacy, 2022.

  • Transfer Attacks Revisited: A Large-Scale Empirical Study in Real Computer Vision Settings. [Topic:AEs] [pdf]

    • Yuhao Mao, Chong Fu, Saizhuo Wang, Shouling Ji, Xuhong Zhang, Zhenguang Liu, Jun Zhou, Alex X.Liu, Raheem Beyah, Ting Wang. IEEE Symposium on Security and Privacy, 2022.

  • Bad Characters: Imperceptible NLP Attacks. [Topic: AEs] [Code][pdf]

    • Nicholas Boucher, Ilia Shumailov, Ross Anderson, Nicolas Papernot. IEEE Symposium on Security and Privacy, 2022.

  • Universal 3-Dimensional Perturbations for Black-Box Attacks on Video Recognition Systems. [Topic: AEs] [pdf]

    • Shangyu Xie, Han Wang, Yu Kong, Yuan Hong. IEEE Symposium on Security and Privacy, 2022.

  • BadEncoder: Backdoor Attacks to Pre-trained Encoders in Self-Supervised Learning. [Topic: Backdoor] [Code][pdf]

    • Jinyuan Jia, Yupei Liu, Neil Zhenqiang Gong. IEEE Symposium on Security and Privacy, 2022.

  • PICCOLO: Exposing Complex Backdoors in NLP Transformer Models. [Topic: Backdoor] [pdf]

    • Yingqi Liu, Guangyu Shen, Guanhong Tao, Shengwei An, Shiqing Ma, Xiangyu Zhang. IEEE Symposium on Security and Privacy, 2022.

  • Membership Inference Attacks From First Principles. [Topic: MIA] [pdf]

    • Nicholas Carlini, Steve Chien, Milad Nasr, Shuang Song, Andreas Terzis, Florian Tramer. IEEE Symposium on Security and Privacy, 2022.

  • Back to the Drawing Board: A Critical Evaluation of Poisoning Attacks on Production Federated Learning. [Topic: PA & FL] [pdf]

    • Virat Shejwalkar, Amir Houmansadr, Peter Kairouz, Daniel Ramage. IEEE Symposium on Security and Privacy, 2022.

  • Model Stealing Attacks Against Inductive Graph Neural Networks. [Topic: MSA & GNN] [pdf]

    • Yun Shen, Xinlei He, Yufei Han, Yang Zhang. IEEE Symposium on Security and Privacy, 2022.

  • SoK: How Robust is Image Classification Deep Neural Network Watermarking? [Topic: Watermark] [pdf]

    • Nils Lukas, Edward Jiang, Xinda Li, Florian Kerschbaum. IEEE Symposium on Security and Privacy, 2022.

S&P'2021

  • Hear "No Evil", See "Kenansville": Efficient and Transferable Black-Box Attacks on Speech Recognition and Voice Identification Systems. [Topic: AEs] [pdf]

    • Hadi Abdullah, Muhammad Sajidur Rahman, Washington Garcia, Logan Blue, Kevin Warren, Anurag Swarnim Yadav, Tom Shrimpton, Patrick Traynor. IEEE Symposium on Security and Privacy, 2021.

  • SoK: The Faults in our ASRs: An Overview of Attacks against Automatic Speech Recognition and Speaker Identification Systems. [Topic: AEs] [pdf]

    • Hadi Abdullah, Kevin Warren, Vincent Bindschaedler, Nicolas Papernot, Patrick Traynor. IEEE Symposium on Security and Privacy, 2021.

  • Invisible for both Camera and LiDAR: Security of Multi-Sensor Fusion based Perception in Autonomous Driving Under Physical-World Attacks. [Topic: AEs] [pdf]

    • Yulong Cao, Ningfei Wang, Chaowei Xiao, Dawei Yang, Jin Fang, Ruigang Yang, Qi Alfred Chen, Mingyan Liu, Bo Li. IEEE Symposium on Security and Privacy, 2021.

  • Who is Real Bob? Adversarial Attacks on Speaker Recognition Systems. [Topic: AEs] [pdf]

    • Guangke Chen, Sen Chen, Lingling Fan, Xiaoning Du, Zhe Zhao, Fu Song, Yang Liu. IEEE Symposium on Security and Privacy, 2021.

  • Adversarial Watermarking Transformer: Towards Tracing Text Provenance with Data Hiding. [Topic: Watermark] [pdf]

    • Sahar Abdelnabi, Mario Fritz. IEEE Symposium on Security and Privacy, 2021.

Papers in NDSS

NDSS'2023

  • Fusion: Efficient and Secure Inference Resilient to Malicious Servers. [Topic: MLaaS] [pdf]

    • Caiqin Dong, Jian Weng, Jia-Nan Liu, Yue Zhang, Yao Tong, Anjia Yang, Yudan Cheng, Shun Hu. Network and Distributed System Security, 2023.

  • Machine Unlearning of Features and Labels. [Topic: Machine-Unlearning] [pdf]

    • Alexander Warnecke, Lukas Pirch, Christian Wressnegger, Konrad Rieck. Network and Distributed System Security, 2023.

  • PPA: Preference Profiling Attack Against Federated Learning. [Topic: FL] [pdf]

    • Chunyi Zhou, Yansong Gao, Anmin Fu, Kai Chen, Zhiyang Dai, Zhi Zhang, Minhui Xue, Yuqing Zhang. Network and Distributed System Security, 2023.

  • RoVISQ: Reduction of Video Service Quality via Adversarial Attacks on Deep Learning-based Video Compression. [Topic: AEs] [pdf]

    • Jung-Woo Chang, Mojan Javaheripi, Seira Hidano, Farinaz Koushanfar. Network and Distributed System Security, 2023.

  • Securing Federated Sensitive Topic Classification against Poisoning Attacks. [Topic: FL] [pdf]

    • Tianyue Chu, Alvaro Garcia-Recuero, Costas Iordanou, Georgios Smaragdakis, Nikolaos Laoutaris. Network and Distributed System Security, 2023.

  • The “Beatrix” Resurrections: Robust Backdoor Detection via Gram Matrices. [Topic: Backdoor] [pdf]

    • Wanlun Ma, Derui Wang, Ruoxi Sun, Minhui Xue, Sheng Wen, Yang Xiang. Network and Distributed System Security, 2023.

  • Adversarial Robustness for Tabular Data through Cost and Utility Awareness. [Topic: AEs] [pdf]

    • Klim Kireev, Bogdan Kulynych, Carmela Troncoso. Network and Distributed System Security, 2023.

  • Backdoor Attacks Against Dataset Distillation. [Topic: Backdoor] [pdf]

    • Yugeng Liu, Zheng Li, Michael Backes, Yun Shen, Yang Zhang. Network and Distributed System Security, 2023.

  • BEAGLE: Forensics of Deep Learning Backdoor Attack for Better Defense. [Topic: Backdoor] [pdf]

    • Siyuan Cheng, Guanhong Tao, Yingqi Liu, Shengwei An, Xiangzhe Xu, Shiwei Feng, Guangyu Shen, Kaiyuan Zhang, Qiuling Xu, Shiqing Ma, Xiangyu Zhang. Network and Distributed System Security, 2023.

  • Focusing on Pinocchio's Nose: A Gradients Scrutinizer to Thwart Split-Learning Hijacking Attacks Using Intrinsic Attributes. [Topic: SL] [pdf]

    • Jiayun Fu, Xiaojing Ma, Bin B. Zhu, Pingyi Hu, Ruixin Zhao, Yaru Jia, Peng Xu, Hai Jin, Dongmei Zhang. Network and Distributed System Security, 2023.

  • REaaS: Enabling Adversarially Robust Downstream Classifiers via Robust Encoder as a Service. [Topic: AEs] [pdf]

    • Wenjie Qu, Jinyuan Jia, Neil Zhenqiang Gong. Network and Distributed System Security, 2023.

NDSS'2022

  • DeepSight: Mitigating Backdoor Attacks in Federated Learning Through Deep Model Inspection. [Topic: Backdoor] [pdf]

    • Phillip Rieger, Thien Duc Nguyen, Markus Miettinen, Ahmad-Reza Sadeghi. Network and Distributed System Security, 2022.

  • FedCRI: Federated Mobile Cyber-Risk Intelligence. [Topic: FL] [pdf]

    • Hossein Fereidooni, Alexandra Dmitrienko, Phillip Rieger, Markus Miettinen, Ahmad-Reza Sadeghi, Felix Madlener. Network and Distributed System Security, 2022.

  • Get a Model! Model Hijacking Attack Against Machine Learning Models. [Topic: Model-Hijacking] [pdf]

    • Ahmed Salem, Michael Backes, Yang Zhang. Network and Distributed System Security, 2022.

  • Local and Central Differential Privacy for Robustness and Privacy in Federated Learning. [Topic: FL] [pdf]

    • Mohammad Naseri, Jamie Hayes, Emiliano De Cristofaro. Network and Distributed System Security, 2022.

  • Property Inference Attacks Against GANs. [Topic: IA & GAN] [pdf]

    • Junhao Zhou, Yufei Chen, Chao Shen, Yang Zhang. Network and Distributed System Security, 2022.

  • ATTEQ-NN: Attention-based QoE-aware Evasive Backdoor Attacks. [Topic: Backdoor] [pdf]

    • Xueluan Gong, Yanjiao Chen, Jianshuo Dong, Qian Wang. Network and Distributed System Security, 2022.

  • Fooling the Eyes of Autonomous Vehicles: Robust Physical Adversarial Examples Against Traffic Sign Recognition Systems. [Topic: AEs] [pdf]

    • Wei Jia, Zhaojun Lu, Haichun Zhang, Zhenglin Liu, Jie Wang, Gang Qu. Network and Distributed System Security, 2022.

  • MIRROR: Model Inversion for Deep Learning Network with High Fidelity. [Topic: MIA] [pdf]

    • Shengwei An, Guanhong Tao, Qiuling Xu, Yingqi Liu, Guangyu Shen, Yuan Yao, Jingwei Xu, Xiangyu Zhang. Network and Distributed System Security, 2022.

  • RamBoAttack: A Robust and Query Efficient Deep Neural Network Decision Exploit. [Topic: AEs] [pdf]

    • Viet Quoc Vo, Ehsan Abbasnejad, Damith C. Ranasinghe. Network and Distributed System Security, 2022.

NDSS'2021

  • Data Poisoning Attacks to Deep Learning Based Recommender Systems. [Topic: PAs] [pdf]

    • Hai Huang, Jiaming Mu, Neil Zhenqiang Gong, Qi Li, Bin Liu, Mingwei Xu. Network and Distributed System Security, 2021.

  • FLTrust: Byzantine-robust Federated Learning via Trust Bootstrapping. [Topic: PA & FL] [pdf]

    • Xiaoyu Cao, Minghong Fang, Jia Liu, Neil Zhenqiang Gong. Network and Distributed System Security, 2021.

  • Manipulating the Byzantine: Optimizing Model Poisoning Attacks and Defenses for Federated Learning. [Topic: PA & FL] [pdf]

    • Virat Shejwalkar, Amir Houmansadr. Network and Distributed System Security, 2021.

  • Practical Blind Membership Inference Attack via Differential Comparisons. [Topic: MIA] [pdf]

    • Bo Hui, Yuchen Yang, Haolin Yuan, Philippe Burlina, Neil Zhenqiang Gong, Yinzhi Cao. Network and Distributed System Security, 2021.

  • POSEIDON: Privacy-Preserving Federated Neural Network Learning. [Topic: FL] [pdf]

    • Sinem Sav, Apostolos Pyrgelis, Juan Ramón Troncoso-Pastoriza, David Froelicher, Jean-Philippe Bossuat, Joao Sa Sousa, Jean-Pierre Hubaux. Network and Distributed System Security, 2021.

Papers in USENIX Security

USENIX Security '2023

  • “Security is not my field, I’m a stats guy”: A Qualitative Root Cause Analysis of Barriers to Adversarial Machine Learning Defenses in Industry. [Topic: AEs] [pdf]

    • Jaron Mink, Harjot Kaur, Juliane Schmüser and Sascha Fahl, Yasemin Acar. USENIX Security, 2023.

  • A Data-free Backdoor Injection Approach in Neural Networks. [Topic: Backdoor] [pdf]

    • Peizhuo Lv, Chang Yue, Ruigang Liang, Yunfei Yang. USENIX Security, 2023.

  • A Plot is Worth a Thousand Words: Model Information Stealing Attacks via Scientific Plots. [Topic: MSA] [pdf]

    • Boyang Zhang, Xinlei He, Yun Shen, Tianhao Wang, Yang Zhang. USENIX Security, 2023.

  • Aegis: Mitigating Targeted Bit-flip Attacks against Deep Neural Networks. [Topic: BFA] [pdf]

    • Jialai Wang, Ziyuan Zhang, Meiqi Wang, Han Qiu, Tianwei Zhang, Qi Li, Zongpeng Li, Tao Wei, Chao Zhang. USENIX Security, 2023.

  • Black-box Adversarial Example Attack towards FCG Based Android Malware Detection under Incomplete Feature Information. [Topic: AEs] [pdf]

    • Heng Li, Zhang Cheng, Bang Wu, Liheng Yuan, Cuiying Gao, Wei Yuan, Xiapu Luo. USENIX Security, 2023.

  • CAPatch: Physical Adversarial Patch against Image Captioning Systems. [Topic: AEs] [pdf]

    • Shibo Zhang, Yushi Cheng, Wenjun Zhu, Xiaoyu Ji, Wenyuan Xu. USENIX Security, 2023.

  • DiffSmooth: Certifiably Robust Learning via Diffusion Models and Local Smoothing. [Topic: AEs] [pdf]

    • Jiawei Zhang, Zhongzhu Chen, Huan Zhang, Chaowei Xiao, Bo Li. USENIX Security, 2023.

  • Every Vote Counts: Ranking-Based Training of Federated Learning to Resist Poisoning Attacks. [Topic: PA & FL] [pdf]

    • Hamid Mozaffari, Virat Shejwalkar, Amir Houmansadr. USENIX Security, 2023.

  • Exorcising "Wraith": Protecting LiDAR-based Object Detector in Automated Driving System from Appearing Attacks. [Topic: Appearing-Attack] [pdf]

    • Qifan Xiao, Xudong Pan, Yifan Lu, Mi Zhang, Jiarun Dai, Min Yang. USENIX Security, 2023.

  • Fine-grained Poisoning Attack to Local Differential Privacy Protocols for Mean and Variance Estimation. [Topic: DP] [pdf]

    • Xiaoguang Li, Ninghui Li, Wenhai Sun, Neil Zhenqiang Gong, Hui Li. USENIX Security, 2023.

  • FreeEagle: Detecting Complex Neural Trojans in Data-Free Cases. [Topic: Backdoor] [pdf]

    • Chong Fu, Xuhong Zhang, Shouling Ji, Ting Wang, Peng Lin, Yanghe Feng, Jianwei Yin. USENIX Security, 2023.

  • GAP: Differentially Private Graph Neural Networks with Aggregation Perturbation. [Topic: DP & GNN] [pdf]

    • Sina Sajadmanesh, Ali Shahin Shamsabadi, Aurélien Bellet, Daniel Gatica-Perez. USENIX Security, 2023.

  • Lost at C: A User Study on the Security Implications of Large Language Model Code Assistants. [Topic: LLM] [pdf]

    • Gustavo Sandoval, Hammond Pearce, Teo Nys, Ramesh Karri, Siddharth Garg, Brendan Dolan-Gavitt. USENIX Security, 2023.

  • Meta-Sift: How to Sift Out a Clean Subset in the Presence of Data Poisoning?. [Topic: PA] [pdf]

    • Yi Zeng, Minzhou Pan, Himanshu Jahagirdar, Ming Jin, Lingjuan Lyu, Ruoxi Jia. USENIX Security, 2023.

  • No more Reviewer #2: Subverting Automatic Paper-Reviewer Assignment using Adversarial Learning. [Topic: AEs] [pdf]

    • Thorsten Eisenhofer, Erwin Quiring, Jonas Möller, Doreen Riepel, Thorsten Holz, Konrad Rieck. USENIX Security, 2023.

  • PELICAN: Exploiting Backdoors of Naturally Trained Deep Learning Models In Binary Code Analysis. [Topic: Backdoor] [pdf]

    • Zhuo Zhang, Guanhong Tao, Guangyu Shen, Shengwei An, Qiuling Xu, Yingqi Liu, Yapeng Ye, Yaoxuan Wu, Xiangyu Zhang. USENIX Security, 2023.

  • PrivateFL: Accurate, Differentially Private Federated Learning via Personalized Data Transformation. [Topic: DP & FL] [pdf]

    • Yuchen Yang, Bo Hui, Haolin Yuan, Neil Gong, Yinzhi Cao. USENIX Security, 2023.

  • Rethinking White-Box Watermarks on Deep Learning Models under Neural Structural Obfuscation. [Topic: Watermark] [pdf]

    • Yifan Yan, Xudong Pan, Mi Zhang, and Min Yang. USENIX Security, 2023.

  • X-Adv: Physical Adversarial Object Attacks against X-ray Prohibited Item Detection. [Topic: AEs] [pdf]

    • Aishan Liu, Jun Guo, Jiakai Wang, Siyuan Liang, Renshuai Tao, Wenbo Zhou, Cong Liu, Xianglong Liu. USENIX Security, 2023.

  • TPatch: A Triggered Physical Adversarial Patch. [Topic: AEs] [pdf]

    • Wenjun Zhu, Xiaoyu Ji, Yushi Cheng, Shibo Zhang, Wenyuan Xu. USENIX Security, 2023.

  • UnGANable: Defending Against GAN-based Face Manipulation. [Topic: Deepfake] [pdf]

    • WZheng Li, Ning Yu, Ahmed Salem, Michael Backes, Mario Fritz, Yang Zhang. USENIX Security, 2023.

  • Squint Hard Enough: Attacking Perceptual Hashing with Adversarial Machine Learning. [Topic: AEs] [pdf]

    • Jonathan Prokos, Neil Fendley, Matthew Green, Roei Schuster, Eran Tromer, Tushar Jois, Yinzhi Cao. USENIX Security, 2023.

  • The Space of Adversarial Strategies. [Topic: AEs] [pdf]

    • Ryan Sheatsley, Blaine Hoak, Eric Pauley, Patrick McDaniel. USENIX Security, 2023.

  • That Person Moves Like A Car: Misclassification Attack Detection for Autonomous Systems Using Spatiotemporal Consistency. [Topic: AEs] [pdf]

    • Yanmao Man, Raymond Muller, Ming Li, Z. Berkay Celik, Ryan Gerdes. USENIX Security, 2023.

  • NeuroPots: Realtime Proactive Defense against Bit-Flip Attacks in Neural Networks. [Topic: BFA] [pdf]

    • Qi Liu, Jieming Yin, Wujie Wen, Chengmo Yang, Shi Sha. USENIX Security, 2023.

  • URET: Universal Robustness Evaluation Toolkit (for Evasion). [Topic: AEs] [pdf]

    • Kevin Eykholt, Taesung Lee, Douglas Schales, Jiyong Jang, Ian Molloy, Masha Zorin. USENIX Security, 2023.

  • SMACK: Semantically Meaningful Adversarial Audio Attack. [Topic: AEs] [pdf]

    • Zhiyuan Yu, Yuanhaur Chang, Ning Zhang, Chaowei Xiao. USENIX Security, 2023.

  • Gradient Obfuscation Gives a False Sense of Security in Federated Learning. [Topic: FL] [pdf]

    • Kai Yue, Richeng Jin, Chau-Wai Wong, Dror Baron, Huaiyu Dai. USENIX Security, 2023.

  • Fairness Properties of Face Recognition and Obfuscation Systems. [Topic: AEs] [pdf]

    • Harrison Rosenberg, Brian Tang, Kassem Fawaz, Somesh Jha. USENIX Security, 2023.

  • PCAT: Functionality and Data Stealing from Split Learning by Pseudo-Client Attack. [Topic: SL] [pdf]

    • Xinben Gao, Lan Zhang. USENIX Security, 2023.

USENIX Security '2022

  • ML-Doctor: Holistic Risk Assessment of Inference Attacks Against Machine Learning Models. [Topic: MIA] [pdf]

    • Yugeng Liu, Rui Wen, Xinlei He, Ahmed Salem, Zhikun Zhang, Michael Backes, Emiliano De Cristofaro, Mario Fritz, Yang Zhang. USENIX Security, 2022.

  • Blacklight: Scalable Defense for Neural Networks against Query-Based Black-Box Attacks. [Topic: AEs] [pdf]

    • Huiying Li, Shawn Shan, Emily Wenger, Jiayun Zhang, Haitao Zheng, Ben Y. Zhao. USENIX Security, 2022.

  • AutoDA: Automated Decision-based Iterative Adversarial Attacks. [Topic: AEs] [pdf]

    • Qi-An Fu, Yinpeng Dong, Hang Su, Jun Zhu, Chao Zhang. USENIX Security, 2022.

  • Poison Forensics: Traceback of Data Poisoning Attacks in Neural Networks. [Topic: PA] [pdf]

    • Shawn Shan, Arjun Nitin Bhagoji, Haitao Zheng, Ben Y. Zhao. USENIX Security, 2022.

  • Teacher Model Fingerprinting Attacks Against Transfer Learning. [Topic: Fingerprinting] [pdf]

    • Yufei Chen, Chao Shen, Cong Wang, Yang Zhang. USENIX Security, 2022.

  • Hidden Trigger Backdoor Attack on NLP Models via Linguistic Style Manipulation. [Topic: Backdoor] [pdf]

    • Xudong Pan, Mi Zhang, Beina Sheng, Jiaming Zhu, Min Yang. USENIX Security, 2022.

  • PoisonedEncoder: Poisoning the Unlabeled Pre-training Data in Contrastive Learning. [Topic: PA] [pdf]

    • Hongbin Liu, Jinyuan Jia, Neil Zhenqiang Gong. USENIX Security, 2022.

  • Pool Inference Attacks on Local Differential Privacy: Quantifying the Privacy Guarantees of Apple's Count Mean Sketch in Practice. [Topic: IA & DP] [pdf]

    • Andrea Gadotti, Florimond Houssiau, Meenatchi Sundaram Muthu Selva Annamalai, Yves-Alexandre de Montjoye. USENIX Security, 2022.

  • PatchCleanser: Certifiably Robust Defense against Adversarial Patches for Any Image Classifier. [Topic: AEs] [pdf]

    • Chong Xiang, Saeed Mahloujifar, Prateek Mittal. USENIX Security, 2022.

  • Exploring the Security Boundary of Data Reconstruction via Neuron Exclusivity Analysis. [Topic: DRA] [pdf]

    • Xudong Pan, Mi Zhang, Yifan Yan, Jiaming Zhu, Min Yang. USENIX Security, 2022.

  • Poisoning Attacks to Local Differential Privacy Protocols for Key-Value Data. [Topic: PA & DP] [pdf]

    • Yongji Wu, Xiaoyu Cao, Jinyuan Jia, Neil Zhenqiang Gong. USENIX Security, 2022.

  • Communication-Efficient Triangle Counting under Local Differential Privacy. [Topic: DP] [pdf]

    • Jacob Imola, Takao Murakami, Kamalika Chaudhuri. USENIX Security, 2022.

  • Security Analysis of Camera-LiDAR Fusion Against Black-Box Attacks on Autonomous Vehicles. [Topic: AEs & AV] [pdf]

    • R. Spencer Hallyburton, Yupei Liu, Yulong Cao, Z. Morley Mao, Miroslav Pajic. USENIX Security, 2022.

  • Transferring Adversarial Robustness Through Robust Representation Matching. [Topic: AEs] [pdf]

    • Pratik Vaishnavi, Kevin Eykholt, Amir Rahmati. USENIX Security, 2022.

  • Seeing is Living? Rethinking the Security of Facial Liveness Verification in the Deepfake Era. [Topic: Deepfake] [pdf]

    • Changjiang Li, Li Wang, Shouling Ji, Xuhong Zhang, Zhaohan Xi, Shanqing Guo, Ting Wang. USENIX Security, 2022.

  • On the Necessity of Auditable Algorithmic Definitions for Machine Unlearning. [Topic: Machine-Unlearning] [pdf]

    • Anvith Thudi, Hengrui Jia, Ilia Shumailov, Nicolas Papernot. USENIX Security, 2022.

  • Mitigating Membership Inference Attacks by Self-Distillation Through a Novel Ensemble Architecture. [Topic: MIA] [pdf]

    • Xinyu Tang, Saeed Mahloujifar, Liwei Song, Virat Shejwalkar, Milad Nasr, Amir Houmansadr, Prateek Mittal. USENIX Security, 2022.

  • Membership Inference Attacks and Defenses in Neural Network Pruning. [Topic: MIA] [pdf]

    • Xiaoyong Yuan, Lan Zhang. USENIX Security, 2022.

  • Efficient Differentially Private Secure Aggregation for Federated Learning via Hardness of Learning with Errors. [Topic: DP & FL] [pdf]

    • Timothy Stevens, Christian Skalka, Christelle Vincent, John Ring, Samuel Clark, Joseph Near. USENIX Security, 2022.

  • Who Are You (I Really Wanna Know)? Detecting Audio DeepFakes Through Vocal Tract Reconstruction. [Topic: Deepfake] [pdf]

    • Logan Blue, Kevin Warren, Hadi Abdullah, Cassidy Gibson, Luis Vargas, Jessica O'Dell, Kevin Butler, Patrick Traynor. USENIX Security, 2022.

  • Are Your Sensitive Attributes Private? Novel Model Inversion Attribute Inference Attacks on Classification Models. [Topic: MIAI] [pdf]

    • Shagufta Mehnaz, Sayanton V. Dibbo, Ehsanul Kabir, Ninghui Li, Elisa Bertino. USENIX Security, 2022.

  • FLAME: Taming Backdoors in Federated Learning. [Topic: FL & Backdoor] [pdf]

    • Thien Duc Nguyen, Phillip Rieger, Huili Chen, Hossein Yalame, Helen Möllering, Hossein Fereidooni, Samuel Marchal, Markus Miettinen, Azalia Mirhoseini, Shaza Zeitouni, Farinaz Koushanfar, Ahmad-Reza Sadeghi, Thomas Schneider. USENIX Security, 2022.

  • Synthetic Data – Anonymisation Groundhog Day. [Topic: Synthetic-Data] [pdf]

    • Theresa Stadler, Bristena Oprisanu, Carmela Troncoso. USENIX Security, 2022.

  • On the Security Risks of AutoML. [Topic: NAS] [pdf]

    • Ren Pang, Zhaohan Xi, Shouling Ji, Xiapu Luo, Ting Wang. USENIX Security, 2022.

  • Inference Attacks Against Graph Neural Networks. [Topic: IA & GNN] [pdf]

    • Zhikun Zhang, Min Chen, Michael Backes, Yun Shen, Yang Zhang. USENIX Security, 2022.

  • Adversarial Detection Avoidance Attacks: Evaluating the robustness of perceptual hashing-based client-side scanning. [Topic: AEs] [pdf]

    • Shubham Jain, Ana-Maria Crețu, Yves-Alexandre de Montjoye. USENIX Security, 2022.

  • Label Inference Attacks Against Vertical Federated Learning. [Topic: IA & FL] [pdf]

    • Chong Fu, Xuhong Zhang, Shouling Ji, Jinyin Chen, Jingzheng Wu, Shanqing Guo, Jun Zhou, Alex X. Liu, Ting Wang. USENIX Security, 2022.

  • Rolling Colors: Adversarial Laser Exploits against Traffic Light Recognition. [Topic: AEs] [pdf]

    • Chen Yan, Zhijian Xu, Zhanyuan Yin, Xiaoyu Ji, Wenyuan Xu. USENIX Security, 2022.

USENIX Security '2021

  • PatchGuard: A Provably Robust Defense against Adversarial Patches via Small Receptive Fields and Masking. [Topic: AEs] [pdf]

    • Chong Xiang, Arjun Nitin Bhagoji, Vikash Sehwag, Prateek Mittal. USENIX Security, 2021.

  • PrivSyn: Differentially Private Data Synthesis. [Topic: DP] [pdf]

    • Zhikun Zhang, Tianhao Wang, Ninghui Li, Jean Honorio, Michael Backes, Shibo He, Jiming Chen, Yang Zhang. USENIX Security, 2021.

  • Muse: Secure Inference Resilient to Malicious Clients. [Topic: IA] [pdf]

    • Ryan Lehmkuhl, Pratyush Mishra, Akshayaram Srinivasan, Raluca Ada Popa. USENIX Security, 2021.

  • Systematic Evaluation of Privacy Risks of Machine Learning Models. [Topic: IA] [pdf]

    • Liwei Song, Prateek Mittal. USENIX Security, 2021.

  • Explanation-Guided Backdoor Poisoning Attacks Against Malware Classifiers. [Topic: Backdoor] [pdf]

    • Giorgio Severi, Jim Meyer, Scott Coull, Alina Oprea. USENIX Security, 2021.

  • Cerebro: A Platform for Multi-Party Cryptographic Collaborative Learning. [Topic: MPC] [pdf]

    • Wenting Zheng, Ryan Deng, Weikeng Chen, Raluca Ada Popa, Aurojit Panda, Ion Stoica. USENIX Security, 2021.

  • T-Miner: A Generative Approach to Defend Against Trojan Attacks on DNN-based Text Classification. [Topic: Backdoor] [pdf]

    • Ahmadreza Azizi, Ibrahim Asadullah Tahmid, Asim Waheed, Neal Mangaokar, Jiameng Pu, Mobin Javed, Chandan K. Reddy, Bimal Viswanath, Virginia Tech. USENIX Security, 2021.

  • Defeating DNN-Based Traffic Analysis Systems in Real-Time With Blind Adversarial Perturbations. [Topic: AEs] [pdf]

    • Milad Nasr, Alireza Bahramali, Amir Houmansadr. USENIX Security, 2021.

  • Data Poisoning Attacks to Local Differential Privacy Protocols. [Topic: PA & DP] [pdf]

    • Xiaoyu Cao, Jinyuan Jia, Neil Zhenqiang Gong. USENIX Security, 2021.

  • How to Make Private Distributed Cardinality Estimation Practical, and Get Differential Privacy for Free. [Topic: DP] [pdf]

    • Changhui Hu, Jin Li, Zheli Liu, Xiaojie Guo, Yu Wei, and Xuan Guang, Grigorios Loukides, Changyu Dong. USENIX Security, 2021.

  • SLAP: Improving Physical Adversarial Examples with Short-Lived Adversarial Perturbations. [Topic: AEs] [pdf]

    • Giulio Lovisotto, Henry Turner, Ivo Sluganovic, Martin Strohmeier, Ivan Martinovic. USENIX Security, 2021.

  • WaveGuard: Understanding and Mitigating Audio Adversarial Examples. [Topic: AEs] [pdf]

    • Shehzeen Hussain, Paarth Neekhara, Shlomo Dubnov, Julian McAuley, Farinaz Koushanfar. USENIX Security, 2021.

  • Graph Backdoor. [Topic: Backdoor] [pdf]

    • Zhaohan Xi, Ren Pang, Shouling Ji, Ting Wang. USENIX Security, 2021.

  • Entangled Watermarks as a Defense against Model Extraction. [Topic: Watermark] [pdf]

    • Hengrui Jia, Christopher A. Choquette-Choo, Varun Chandrasekaran, Nicolas Papernot. USENIX Security, 2021.

  • Too Good to Be Safe: Tricking Lane Detection in Autonomous Driving with Crafted Perturbations. [Topic: AEs] [pdf]

    • Pengfei Jing, Qiyi Tang, Yuefeng Du, Lei Xue, Xiapu Luo, Ting Wang, Sen Nie, Shi Wu. USENIX Security, 2021.

  • Fantastic Four: Honest-Majority Four-Party Secure Computation With Malicious Security. [Topic: MPC] [pdf]

    • Anders Dalskov, Daniel Escudero, Marcel Keller. USENIX Security, 2021.

  • Locally Differentially Private Analysis of Graph Statistics. [Topic: DP] [pdf]

    • Jacob Imola, Takao Murakami, Kamalika Chaudhuri. USENIX Security, 2021.

  • Demon in the Variant: Statistical Analysis of DNNs for Robust Backdoor Contamination Detection. [Topic: Backdoor] [pdf]

    • Di Tang, XiaoFeng Wang, Haixu Tang, Kehuan Zhang. USENIX Security, 2021.

  • Stealing Links from Graph Neural Networks. [Topic: GNN] [pdf]

    • Xinlei He, Jinyuan Jia, Michael Backes, Neil Zhenqiang Gong, Yang Zhang. USENIX Security, 2021.

  • Adversarial Policy Training against Deep Reinforcement Learning. [Topic: AEs & RL] [pdf]

    • Xian Wu, Wenbo Guo, Hua Wei, Xinyu Xing. USENIX Security, 2021.

Papers in CCS

CCS '2023

CCS '2022

  • Characterizing and Detecting Non-Consensual Photo Sharing on Social Networks. [Topic: Non-consensual Sharing] [pdf]

    • Tengfei Zheng, Tongqing Zhou, Qiang Liu, Kui Wu, Zhiping Cai. ACM CCS, 2022.

  • DPIS: An Enhanced Mechanism for Differentially Private SGD with Importance Sampling. [Topic: DP & DNN] [pdf]

    • Jianxin Wei, Ergute Bao, Xiaokui Xiao, Yin Yang. ACM CCS, 2022.

  • DriveFuzz: Discovering Autonomous Driving Bugs through Driving Quality-Guided Fuzzing. [Topic: AD] [pdf]

    • Seulbae Kim, Major Liu, Junghwan "John" Rhee, Yuseok Jeon, Yonghwi Kwon, Chung Hwan Kim. ACM CCS, 2022.

  • EIFFeL: Ensuring Integrity for Federated Learning. [Topic: FL] [pdf]

    • Amrita Roy Chowdhury, Chuan Guo, Somesh Jha, Laurens van der Maaten. ACM CCS, 2022.

  • Eluding Secure Aggregation in Federated Learning via Model Inconsistency. [Topic: FL] [pdf]

    • Dario Pasquini, Danilo Francati, Giuseppe Ateniese. ACM CCS, 2022.

  • Enhanced Membership Inference Attacks against Machine Learning Models. [Topic: MI] [pdf]

    • Jiayuan Ye, Aadyaa Maddi, Sasi Kumar Murakonda, Vincent Bindschaedler, Reza Shokri. ACM CCS, 2022.

  • Feature Inference Attack on Shapley Values. [Topic: MLaaS] [pdf]

    • Xinjian Luo, Yangfan Jiang, Xiaokui Xiao. ACM CCS, 2022.

  • Graph Unlearning. [Topic: Machine Unlearning] [pdf]

    • Min Chen, Zhikun Zhang, Tianhao Wang, Michael Backes, Mathias Humbert, Yang Zhang. ACM CCS, 2022.

  • Group Property Inference Attacks Against Graph Neural Networks. [Topic: GNNs] [pdf]

    • Xiuling Wang, Wendy Hui Wang. ACM CCS, 2022.

  • Harnessing Perceptual Adversarial Patches for Crowd Counting. [Topic: AEs] [pdf]

    • Shunchang Liu, Jiakai Wang, Aishan Liu, Yingwei Li, Yijie Gao, Xianglong Liu, Dacheng Tao. ACM CCS, 2022.

  • Training Set Debugging Using Trusted Items. [Topic: ML] [pdf]

    • Zayd Hammoudeh, Daniel Lowd. ACM CCS, 2022.

  • LPGNet: Link Private Graph Networks for Node Classification. [Topic: GCNs & DP] [pdf]

    • Aashish Kolluri, Teodora Baluta, Bryan Hooi, Prateek Saxena. ACM CCS, 2022.

  • LoneNeuron: a Highly-Effective Feature-Domain Neural Trojan Using Invisible and Polymorphic Watermarks. [Topic: DNNs & Watermark] [pdf]

    • Zeyan Liu, Fengjun Li, Zhu Li, Bo Luo. ACM CCS, 2022.

  • Membership Inference Attacks and Generalization: A Causal Perspective. [Topic: MI] [pdf]

    • Teodora Baluta, Shiqi Shen, S. Hitarth, Shruti Tople, Prateek Saxena. ACM CCS, 2022.

  • Membership Inference Attacks by Exploiting Loss Trajectory. [Topic: MI] [pdf]

    • Yiyong Liu, Zhengyu Zhao, Michael Backes, Yang Zhang. ACM CCS, 2022.

  • Order-Disorder: Imitation Adversarial Attacks for Black-box Neural Ranking Models. [Topic: IR] [pdf]

    • Jiawei Liu, Yangyang Kang, Di Tang, Kaisong Song, Changlong Sun, Xiaofeng Wang, Wei Lu, Xiaozhong Liu. ACM CCS, 2022.

  • Perception-Aware Attack: Creating Adversarial Music via Reverse-Engineering Human Perception. [Topic: AEs] [pdf]

    • Rui Duan, Zhe Qu, Shangqing Zhao, Leah Ding, Yao Liu, Zhuo Lu. ACM CCS, 2022.

  • Physical Hijacking Attacks against Object Trackers. [Topic: AV] [pdf]

    • Raymond Muller, Yanmao Man, Z. Berkay Celik, Ming Li, Ryan Gerdes. ACM CCS, 2022.

  • Post-breach Recovery: Protection against White-box Adversarial Examples for Leaked DNN Models. [Topic: DNN] [pdf]

    • Shawn Shan, Wenxin Ding, Emily Wenger, Haitao Zheng, Ben Y. Zhao. ACM CCS, 2022.

  • QuerySnout: Automating the Discovery of Attribute Inference Attacks against Query-Based Systems. [Topic: QBS] [pdf]

    • Ana-Maria Crețu, Florimond Houssiau, Antoine Cully, Yves-Alexandre de Montjoye. ACM CCS, 2022.

  • SSLGuard: A Watermarking Scheme for Self-supervised Learning Pre-trained Encoders. [Topic: Watermark] [pdf]

    • Tianshuo Cong, Xinlei He, Yang Zhang. ACM CCS, 2022.

  • SpecPatch: Human-In-The-Loop Adversarial Audio Spectrogram Patch Attack on Speech Recognition. [Topic: AEs] [pdf]

    • Hanqing Guo, Yuanda Wang, Nikolay Ivanov, Li Xiao, Qiben Yan. ACM CCS, 2022.

  • StolenEncoder: Stealing Pre-trained Encoders in Self-supervised Learning. [Topic: EaaS] [pdf]

    • Yupei Liu, Jinyuan Jia, Hongbin Liu, Neil Gong. ACM CCS, 2022.

  • Truth Serum: Poisoning Machine Learning Models to Reveal Their Secrets. [Topic: ML] [pdf]

    • Florian Tramer, Reza Shokri, Ayrton San Joaquin, Hoang Le, Matthew Jagielski, Sanghyun Hong, Nicholas Carlini. ACM CCS, 2022.

  • Understanding Real-world Threats to Deep Learning Models in Android Apps. [Topic: AEs] [pdf]

    • Zizhuang Deng, Kai Chen, Guozhu Meng, Xiaodong Zhang, Ke Xu, Yao Cheng. ACM CCS, 2022.

  • When Evil Calls: Targeted Adversarial Voice over IP Network. [Topic: AEs] [pdf]

    • Han Liu, Zhiyuan Yu, Mingming Zha, XiaoFeng Wang, William Yeoh, Yevgeniy Vorobeychik, Ning Zhang. ACM CCS, 2022.

  • Why So Toxic? Measuring and Triggering Toxic Behavior in Open-Domain Chatbots. [Topic: AEs] [pdf]

    • Wai Man Si, Michael Backes, Jeremy Blackburn, Emiliano De Cristofaro, Gianluca Stringhini, Savvas Zannettou, Yang Zhang. ACM CCS, 2022.

  • "Is your explanation stable?": A Robustness Evaluation Framework for Feature Attribution. [Topic: NNs] [pdf]

    • Yuyou Gan, Yuhao Mao, Xuhong Zhang, Shouling Ji, Yuwen Pu, Meng Han, Jianwei Yin, Ting Wang. ACM CCS, 2022.

CCS '2021

  • Cert-RNN: Towards Certifying the Robustness of Recurrent Neural Networks. [Topic: AEs] [pdf]

    • Tianyu Du, Shouling Ji, Lujia Shen, Yao Zhang, Jinfeng Li, Jie Shi, Chengfang Fang, Jianwei Yin, Raheem Beyah, Ting Wang. ACM CCS, 2021.

  • AHEAD: Adaptive Hierarchical Decomposition for Range Query under Local Differential Privacy. [Topic: LDP] [pdf]

    • Linkang Du, Zhikun Zhang, Shaojie Bai, Changchang Liu, Shouling Ji, Peng Cheng, Jiming Chen. ACM CCS, 2021.

  • Unleashing the Tiger: Inference Attacks on Split Learning. [Topic: SL] [pdf]

    • Dario Pasquini, Giuseppe Ateniese, Massimo Bernaschi. ACM CCS, 2021.

  • TableGAN-MCA: Evaluating Membership Collisions of GAN-Synthesized Tabular Data Releasing. [Topic: GAN] [pdf]

    • Aoting Hu, Renjie Xie, Zhigang Lu, Aiqun Hu, Minhui Xue. ACM CCS, 2021.

  • "I need a better description": An Investigation Into User Expectations For Differential Privacy. [Topic: DP] [pdf]

    • Rachel Cummings, Gabriel Kaptchuk, Elissa M. Redmiles. ACM CCS, 2021.

  • Locally Private Graph Neural Networks. [Topic: GNNs] [pdf]

    • Sina Sajadmanesh, Daniel Gatica-Perez. ACM CCS, 2021.

  • A One-Pass Distributed and Private Sketch for Kernel Sums with Applications to Machine Learning at Scale. [Topic: DP] [pdf]

    • Benjamin Coleman, Anshumali Shrivastava. ACM CCS, 2021.

  • On the Robustness of Domain Constraints. [Topic: AEs] [pdf]

    • Ryan Sheatsley, Blaine Hoak, Eric Pauley, Yohan Beugin, Michael J. Weisman, Patrick McDaniel. ACM CCS, 2021.

  • Membership Leakage in Label-Only Exposures. [Topic: MI] [pdf]

    • Zheng Li, Yang Zhang. ACM CCS, 2021.

  • Hidden Backdoors in Human-Centric Language Models. [Topic: Backdoor] [pdf]

    • Shaofeng Li, Hui Liu, Tian Dong, Benjamin Zi Hao Zhao, Minhui Xue, Haojin Zhu, Jialiang Lu. ACM CCS, 2021.

  • DataLens: Scalable Privacy Preserving Training via Gradient Compression and Aggregation. [Topic: DP] [pdf]

    • Boxin Wang, Fan Wu, Yunhui Long, Luka Rimanic, Ce Zhang, Bo Li. ACM CCS, 2021.

  • DeepAID: Interpreting and Improving Deep Learning-based Anomaly Detection in Security Applications. [Topic: DL] [pdf]

    • Dongqi Han, Zhiliang Wang, Wenqi Chen, Ying Zhong, Su Wang, Han Zhang, Jiahai Yang, Xingang Shi, Xia Yin. ACM CCS, 2021.

  • Honest-but-Curious Nets: Sensitive Attributes of Private Inputs Can Be Secretly Coded into the Classifiers' Outputs. [Topic: Classifer] [pdf]

    • Mohammad Malekzadeh, Anastasia Borovykh, Deniz Gunduz. ACM CCS, 2021.

  • Differential Privacy for Directional Data. [Topic: DP] [pdf]

    • Benjamin Weggenmann, Florian Kerschbaum. ACM CCS, 2021.

  • "Hello, It's Me": Deep Learning-based Speech Synthesis Attacks in the Real World. [Topic: Speech Synthesis Attack] [pdf]

    • Emily Wenge, Max Bronckers, Christian Cianfarani, Jenna Cryan, Angela Sha, Haitao Zheng, Ben Y. Zhao. ACM CCS, 2021.

  • EncoderMI: Membership Inference against Pre-trained Encoders in Contrastive Learning. [Topic: MI] [pdf]

    • Hongbin Liu, Jinyuan Jia, Wenjie Qu, Neil Gong. ACM CCS, 2021.

  • Subpopulation Data Poisoning Attacks. [Topic: Poisoning Attack] [pdf]

    • Matthew Jagielski, Giorgio Severi, Niklas Pousette Harger, Alina Oprea. ACM CCS, 2021.

  • Continuous Release of Data Streams under both Centralized and Local Differential Privacy. [Topic: DP] [pdf]

    • Tianhao Wang, Joann Qiongna Chen, Zhikun Zhang, Dong Su, Yueqiang Cheng, Zhou Li, Ninghui Li, Somesh Jha. ACM CCS, 2021.

  • When Machine Unlearning Jeopardizes Privacy. [Topic: MI] [pdf]

    • Min Chen, Zhikun Zhang, Tianhao Wang, Michael Backes, Mathias Humbert, Yang Zhang. ACM CCS, 2021.

  • DetectorGuard: Provably Securing Object Detectors against Localized Patch Hiding Attacks. [Topic: AEs] [pdf]

    • Chong Xiang, Prateek Mittal. ACM CCS, 2021.

  • I Can See the Light: Attacks on Autonomous Vehicles Using Invisible Lights. [Topic: AV] [pdf]

    • Wei Wang, Yao Yao, Xin Liu, Xiang Li, Pei Hao, Ting Zhu. ACM CCS, 2021.

  • Backdoor Pre-trained Models Can Transfer to All. [Topic: Backdoor] [pdf]

    • Lujia Shen, Shouling Ji, Xuhong Zhang, Jinfeng Li, Jing Chen, Jie Shi, Chengfang Fang, Jianwei Yin, Ting Wang. ACM CCS, 2021.

  • Quantifying and Mitigating Privacy Risks of Contrastive Learning. [Topic: CL] [pdf]

    • Xinlei He, Yang Zhang. ACM CCS, 2021.

  • Membership Inference Attacks Against Recommender Systems. [Topic: MI] [pdf]

    • Minxing Zhang, Zihan Wang, Yang Zhang, Zhaochun Ren, Pengjie Ren, Zhunmin Chen, Pengfei Hu. ACM CCS, 2021.

  • Learning Security Classifiers with Verified Global Robustness Properties. [Topic: Classifier] [pdf]

    • Yizheng Chen, Shiqi Wang, Yue Qin, Xiaojing Liao, Suman Jana, David Wagner. ACM CCS, 2021.

  • Robust Adversarial Attacks Against DNN-Based Wireless Communication Systems. [Topic: AEs] [pdf]

    • Alireza Bahramali, Milad Nasr, Amir Houmansadr, Dennis Goeckel, Don Towsley. ACM CCS, 2021.

  • Can We Use Arbitrary Objects to Attack LiDAR Perception in Autonomous Driving? [Topic: AEs] [pdf]

    • Yi Zhu, Chenglin Miao, Tianhang Zheng, Foad Hajiaghajani, Lu Su, Chunming Qiao. ACM CCS, 2021.

  • Feature Indistinguishable Attack to Circumvent Trapdoor-enabled Defense. [Topic: AEs] [Code][pdf]

    • Chaoxiang He, Bin (Benjamin) Zhu, Xiaojing Ma, Hai Jin, Shengshan Hu. ACM CCS, 2021.

  • A Hard Label Black-box Adversarial Attack Against Graph Neural Networks. [Topic: AEs & DNN] [pdf]

    • Jiaming Mu, Binghui Wang, Qi Li, Kun Sun, Mingwei Xu, Zhuotao Liu. ACM CCS, 2021.

  • Reverse Attack: Black-box Attacks on Collaborative Recommendation. [Topic: CF & Poisoning Attack] [pdf]

    • Yihe Zhang, Xu Yuan, Jin Li, Jiadong Lou, Li Chen, Nianfeng Tzeng. ACM CCS, 2021.

  • zkCNN: Zero Knowledge Proofs for Convolutional Neural Network Predictions and Accuracy. [Topic: CNN] [pdf]

    • Tianyi Liu, Xiang Xie, Yupeng Zhang. ACM CCS, 2021.

  • Black-box Adversarial Attacks on Commercial Speech Platforms with Minimal Information. [Topic: AEs] [pdf]

    • Baolin Zheng, Peipei Jiang, Qian Wang, Qi Li, Chao Shen, Cong Wang, Yunjie Ge, Qingyang Teng, Shenyi Zhang. ACM CCS, 2021.

  • AI-Lancet: Locating Error-inducing Neurons to Optimize Neural Networks. [Topic: DNN] [pdf]

    • Yue Zhao, Hong Zhu, Kai Chen, Shengzhi Zhang. ACM CCS, 2021.

About

This Github repository summarizes a list of research papers on AI security from the four top academic conferences.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published