Skip to yearly menu bar Skip to main content

Workshop

Security and Safety in Machine Learning Systems

Xinyun Chen ⋅ Cihang Xie ⋅ Ali Shafahi ⋅ Bo Li ⋅ Ding Zhao ⋅ Tom Goldstein ⋅ Dawn Song

Project Page

Abstract

While machine learning (ML) models have achieved great success in many applications, concerns have been raised about their potential vulnerabilities and risks when applied to safety-critical applications. On the one hand, from the security perspective, studies have been conducted to explore worst-case attacks against ML models and therefore inspire both empirical and certifiable defense approaches. On the other hand, from the safety perspective, researchers have looked into safe constraints, which should be satisfied by safe AI systems (e.g. autonomous driving vehicles should not hit pedestrians). This workshop makes the first attempts towards bridging the gap of these two communities and aims to discuss principles of developing secure and safe ML systems. The workshop also focuses on how future practitioners should prepare themselves for reducing the risks of unintended behaviors of sophisticated ML models.

The workshop will bring together experts from machine learning, computer security, and AI safety communities. We attempt to highlight recent related work from different communities, clarify the foundations of secure and safe ML, and chart out important directions for future work and cross-community collaborations.

Video

Chat is not available.

Schedule

Timezone: America/Los_Angeles

8:45 AM

Opening Remarks

Xinyun Chen

9:00 AM

Speaker Introduction: Alina Oprea

9:01 AM

Invited Talk #1: Alina Oprea

Alina Oprea

Video

9:30 AM

Live QA: Alina Oprea

9:35 AM

Contributed Talk #1 Introduction

9:36 AM

Contributed Talk #1: Ditto: Fair and Robust Federated Learning Through Personalization

Tian Li ⋅ Ahmad Beirami ⋅ Virginia Smith

Video

9:45 AM

Invited Talk #2: David Wagner

David Wagner

10:20 AM

Invited Talk #3: Zico Kolter

Zico Kolter

10:55 AM

Speaker Introduction: Alan Yuille

10:56 AM

Invited Talk #4: Alan Yuille

Alan Yuille

Video

11:30 AM

Panel Discussion #1

Alina Oprea ⋅ David Wagner ⋅ Adam Kortylewski ⋅ Christopher Re ⋅ Tom Goldstein

12:00 PM

Poster Session #1

1:00 PM

Lunch Break

1:20 PM

Speaker Introduction: Raquel Urtasun

1:21 PM

Invited Talk #5: Raquel Urtasun

Raquel Urtasun

2:00 PM

Invited Talk #6: Ben Zhao

Ben Zhao

2:35 PM

Speaker Introduction: Aleksander Madry

2:36 PM

Invited Talk #7: Aleksander Madry

Aleksander Madry

Video

3:10 PM

Contributed Talk #2 Introduction

3:11 PM

Contributed Talk #2: RobustBench: a standardized adversarial robustness benchmark

francesco croce ⋅ Vikash Sehwag ⋅ Prateek Mittal ⋅ Matthias Hein

Video

3:20 PM

Speaker Introduction: Christopher Re

3:21 PM

Invited Talk #8: Christopher Re

Christopher Re

Video

3:55 PM

Speaker Introduction: Aditi Raghunathan

3:56 PM

Invited Talk #9: Aditi Raghunathan

Aditi Raghunathan

Video

4:25 PM

Live QA: Aditi Raghunathan

4:30 PM

Panel Discussion #2

Ben Zhao ⋅ Aleksander Madry ⋅ Aditi Raghunathan ⋅ Catherine Olsson

5:00 PM

Poster Session #2

Hidden Backdoor Attack against Semantic Segmentation Models

Yiming Li

Video

PatchGuard++: Efficient Provable Attack Detection against Adversarial Patches

Chong Xiang

Video

FIRM: Detecting Adversarial Audios by Recursive Filters with Randomization

Guanhong Tao

Video

Simple Transparent Adversarial Examples

Jaydeep Borkar

Video

Reliably fast adversarial training via latent adversarial perturbation

Sang Wan Lee

Video

Safe Exploration Method for Reinforcement Learning under Existence of Disturbance

Yoshihiro Okawa

Video

Accelerated Policy Evaluation with Adaptive Importance Sampling

Mengdi Xu

Video

Mind the box: $l_1$-APGD for sparse adversarial attacks on image classifiers

francesco croce

Video

RobustBench: a standardized adversarial robustness benchmark

francesco croce

Video

Ditto: Fair and Robust Federated Learning Through Personalization

Tian Li

Video

Measuring Adversarial Robustness using a Voronoi-Epsilon Adversary

Hyeongji Kim

Video

Low Curvature Activations Reduce Overfitting in Adversarial Training

Vasu Singla

Video

Extracting Hyperparameter Constraints From Code

Ingkarat Rak-amnouykit

Video

Sparse Coding Frontend for Robust Neural Networks

Can Bakiskan

Video

What is Wrong with One-Class Anomaly Detection?

JuneKyu Park

Video

Subnet Replacement: Deployment-stage backdoor attack against deep neural networks in gray-box setting

Xiangyu QI

Video

Incorporating Label Uncertainty in Intrinsic Robustness Measures

Xiao Zhang

Video

Bridging the Gap Between Adversarial Robustness and Optimization Bias

Fartash Faghri

Video

High-Robustness, Low-Transferability Fingerprinting of Neural Networks

Siyue Wang

Video

Covariate Shift Adaptation for Adversarially Robust Classifier

Sudipan Saha

Video

Coordinated Attacks Against Federated Learning: A Multi-Agent Reinforcement Learning Approach

Wen Shen

Video

DEEP GRADIENT ATTACK WITH STRONG DP-SGD LOWER BOUND FOR LABEL PRIVACY

Sen Yuan

Video

Byzantine-Robust and Privacy-Preserving Framework for FedML

Seyedeh Hanieh Hashemi

Video

SHIFT INVARIANCE CAN REDUCE ADVERSARIAL ROBUSTNESS

Songwei Ge

Video

Doing More with Less: Improving Robustness using Generated Data

Sven Gowal

Video

Data Augmentation Can Improve Robustness

Sylvestre-Alvise Rebuffi

Video

Speeding Up Neural Network Verification via Automated Algorithm Configuration

Matthias König

Video

Poisoning Deep Reinforcement Learning Agents with In-Distribution Triggers

Clayton C Ashcraft

Video

Mitigating Adversarial Training Instability with Batch Normalization

Arvind Sridhar

DP-InstaHide: Provably Defusing Poisoning and Backdoor Attacks with Differentially Private Data Augmentations

Eitan Borgnia

Video

Provable defense by denoised smoothing with learned score function

Kyungmin Lee

Video

Detecting Adversarial Attacks through Neural Activations

Graham Annett

Video

Efficient Disruptions of Black-box Image Translation Deepfake Generation Systems

Nataniel Ruiz ⋅ Sarah A Bargal ⋅ Stanley Sclaroff

Video

Poisoned classifiers are not only backdoored, they are fundamentally broken

Mingjie Sun ⋅ Mingjie Sun ⋅ Siddhant Agarwal ⋅ Zico Kolter

Imbalanced Gradients: A New Cause of Overestimated Adversarial Robustness

Linxi Jiang ⋅ James Bailey

Video

Safe Model-based Reinforcement Learning with Robust Cross-Entropy Method

Zuxin Liu

Video

GateNet: Bridging the gap between Binarized Neural Network and FHE evaluation

Cheng Fu

Non-Singular Adversarial Robustness of Neural Networks

Chia-Yi Hsu ⋅ Pin-Yu Chen

Video

Adversarial Examples Make Stronger Poisons

Liam H Fowl ⋅ Micah Goldblum ⋅ Ping-yeh Chiang ⋅ Jonas Geiping ⋅ Tom Goldstein

Video

What Doesn't Kill You Makes You Robust(er): Adversarial Training against Poisons and Backdoors

Jonas Geiping ⋅ Liam H Fowl ⋅ Micah Goldblum ⋅ Michael Moeller ⋅ Tom Goldstein

Video

Baseline Pruning-Based Approach to Trojan Detection in Neural Networks

Peter Bajcsy

Video

Regularization Can Help Mitigate Poisoning Attacks... with the Right Hyperparameters

Javier Carnerero-Cano

Video

Examining Trends in Out-of-Domain Confidence

Richard Liaw

$\delta$-CLUE: Diverse Sets of Explanations for Uncertainty Estimates

Dan Ley ⋅ Umang Bhatt ⋅ Adrian Weller

Video

Boosting black-box adversarial attack via exploiting loss smoothness

Hoang Tran

Video

On Improving Adversarial Robustness Using Proxy Distributions

Vikash Sehwag ⋅ Chong Xiang ⋅ Mung Chiang ⋅ Prateek Mittal

Video

Preventing Unauthorized Use of Proprietary Data: Poisoning for Secure Dataset Release

Liam H Fowl ⋅ Ping-yeh Chiang ⋅ Micah Goldblum ⋅ Jonas Geiping ⋅ Tom Goldstein

Video

Robustness from Perception

Saeed Mahloujifar ⋅ Chong Xiang ⋅ Vikash Sehwag ⋅ Prateek Mittal

Video

Fighting Gradients with Gradients: Dynamic Defenses against Adversarial Attacks

Dequan Wang ⋅ David Wagner ⋅ Trevor Darrell

Video

Moral Scenarios for Reinforcement Learning Agents

Dan Hendrycks ⋅ Mantas Mazeika ⋅ Andy Zou ⋅ Bo Li ⋅ Dawn Song

Video