Search for: All records | NSF Public Access

Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).
What is a DOI Number?

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

Do Parameters Reveal More than Loss for Membership Inference?

Suri, Anshuman; Zhang, Xiao Zhang; Evans, David (December 2024, Transactions on machine learning research)

Free, publicly-accessible full text available December 27, 2025
Addressing Both Statistical and Causal Gender Fairness in NLP Models

Chen, Hannah; Ji, Yangfeng; Evans, David (June 2024, Findings of NAACL)

Full Text Available
Do Membership Inference Attacks Work on Large Language Models?

Duan, Michael; Suri, Anshuman; Mireshghallah, Niloofar; Min, Sewon; Shi, Weijia; Zettlemoyer, Luke; Tsvetkov, Yulia; Choi, Yejin; Evans, David; Hajishirzi, Hannaneh (October 2024, COLM)

Free, publicly-accessible full text available October 1, 2025
Combing for Credentials: Active Pattern Extraction from Smart Reply

https://doi.org/10.1109/SP54263.2024.00041

Jayaraman, Bargav; Ghosh, Esha; Chase, Melissa; Roy, Sambuddha; Dai, Wei; Evans, David (May 2024, IEEE)

Full Text Available
SoK: Pitfalls in Evaluating Black-Box Attacks

Suya, Fnu; Suri, Anshuman; Zhang, Tingwei; Hong, Jingtao; Tian, Yuan; Evans, David (April 2024, In 2nd IEEE Conference on Secure and Trustworthy Machine Learning (SaTML))

Full Text Available
SoK: Pitfalls in Evaluating Black-Box Attacks

https://doi.org/10.1109/SaTML59370.2024.00026

Suya, Fnu; Suri, Anshuman; Zhang, Tingwei; Hong, Jingtao; Tian, Yuan; Evans, David (April 2024, IEEE)

Full Text Available
Trojanpuzzle: Covertly poisoning code-suggestion models

Aghakhani, Hojjat; Dai, Wei; Manoel, Andre; Fernandes, Xavier; Kharkar, Anant; Kruegel, Christopher; Vigna, Giovanni; Evans, David; Zorn, Ben; Sim, Robert (May 2024, Proceedings of 2024 IEEE Security and Privacy Symposium (S&P 2024))

Full Text Available
Mid-Proterozoic geomagnetic field was more consistent with a dipole than a quadrupole: REPLY

https://doi.org/10.1130/G51903Y.1

Gong, Zheng; Evans, David AD; Zhang, Zhongtian; Yan, Chi (January 2024, Geology)

Full Text Available
What Distributions are Robust to Indiscriminate Poisoning Attacks for Linear Learners?

Suya, Fnu; Zhang, Xiao; Tian, Yuan; Evans, David (December 2023, Curran Associates, Inc.)

Full Text Available
What Distributions are Robust to Indiscriminate Poisoning Attacks for Linear Learners?

Suya, Fnu; Zhang, Xiao; Tian, Yuan; Evans, David (December 2023, Advances in neural information processing systems)

We study indiscriminate poisoning for linear learners where an adversary injects a few crafted examples into the training data with the goal of forcing the induced model to incur higher test error. Inspired by the observation that linear learners on some datasets are able to resist the best known attacks even without any defenses, we further investigate whether datasets can be inherently robust to indiscriminate poisoning attacks for linear learners. For theoretical Gaussian distributions, we rigorously characterize the behavior of an optimal poisoning attack, defined as the poisoning strategy that attains the maximum risk of the induced model at a given poisoning budget. Our results prove that linear learners can indeed be robust to indiscriminate poisoning if the class-wise data distributions are well-separated with low variance and the size of the constraint set containing all permissible poisoning points is also small. These findings largely explain the drastic variation in empirical attack performance of the state-of-the-art poisoning attacks on linear learners across benchmark datasets, making an important initial step towards understanding the underlying reasons some learning tasks are vulnerable to data poisoning attacks.
more » « less
Full Text Available

« Prev Next »