Publications
2025
- A False Sense of Safety: Unsafe Information Leakage in Safe AI Responses
David Glukhov, Ziwen Han, Ilia Shumailov, Vardan Papyan, Nicolas Papernot
In Proceedings of the 13th International Conference on Learning Representations@inproceedings{david2025aconference, author = {Glukhov, David and Han, Ziwen and Shumailov, Ilia and Papyan, Vardan and Papernot, Nicolas}, booktitle = {Proceedings of the 13th International Conference on Learning Representations}, title = {A False Sense of Safety: Unsafe Information Leakage in Safe AI Responses}, year = {2025} } - Architectural Neural Backdoors from First Principles
Harry Langford, Ilia Shumailov, Yiren Zhao, Robert Mullins, Nicolas Papernot
In Proceedings of the 46th IEEE Symposium on Security and Privacy, San Francisco, CA@inproceedings{harry2025architecturalconference, author = {Langford, Harry and Shumailov, Ilia and Zhao, Yiren and Mullins, Robert and Papernot, Nicolas}, booktitle = {Proceedings of the 46th IEEE Symposium on Security and Privacy, San Francisco, CA}, title = {Architectural Neural Backdoors from First Principles}, year = {2025} } - Backdoor Detection through Duplicated Execution of Outsourced Training
Hengrui Jia, Sierra Wyllie, Akram Bin Sediq, Ahmed A. Ibrahim, Nicolas Papernot
In Proceedings of the 3rd IEEE Conference on Secure and Trustworthy Machine Learning@inproceedings{hengrui2025backdoorconference, author = {Jia, Hengrui and Wyllie, Sierra and Sediq, Akram Bin and Ibrahim, Ahmed A. and Papernot, Nicolas}, booktitle = {Proceedings of the 3rd IEEE Conference on Secure and Trustworthy Machine Learning}, title = {Backdoor Detection through Duplicated Execution of Outsourced Training}, year = {2025} } - Societal Alignment Frameworks Can Improve LLM Alignment
Karolina Stańczak, Nicholas Meade, Mehar Bhatia, Hattie Zhou, Konstantin Böttinger, Jeremy Barnes, Jason Stanley, Jessica Montgomery, Richard Zemel, Nicolas Papernot, Nicolas Chapados, Denis Therien, Timothy P. Lillicrap, Ana Marasović, Sylvie Delacroix, Gillian K. Hadfield, Siva Reddy
@article{karolina2025societalworkshop, author = {Stańczak, Karolina and Meade, Nicholas and Bhatia, Mehar and Zhou, Hattie and Böttinger, Konstantin and Barnes, Jeremy and Stanley, Jason and Montgomery, Jessica and Zemel, Richard and Papernot, Nicolas and Chapados, Nicolas and Therien, Denis and Lillicrap, Timothy P. and Marasović, Ana and Delacroix, Sylvie and Hadfield, Gillian K. and Reddy, Siva}, title = {Societal Alignment Frameworks Can Improve LLM Alignment}, year = {2025} } - Selective Classification Via Neural Network Training Dynamics
Stephan Rabanser, Anvith Thudi, Kimia Hamidieh, Adam Dziedzic, Israfil Bahceci, Akram Bin Sediq, Hamza Sokun, Nicolas Papernot
@article{stephan2025selectivejournal, author = {Rabanser, Stephan and Thudi, Anvith and Hamidieh, Kimia and Dziedzic, Adam and Bahceci, Israfil and Sediq, Akram Bin and Sokun, Hamza and Papernot, Nicolas}, title = {Selective Classification Via Neural Network Training Dynamics}, year = {2025} } - Verifiable and Provably Secure Machine Unlearning
Thorsten Eisenhofer, Doreen Riepel, Varun Chandrasekaran, Esha Ghosh, Olga Ohrimenko, Nicolas Papernot
In Proceedings of the 3rd IEEE Conference on Secure and Trustworthy Machine Learning@inproceedings{thorsten2025verifiableconference, author = {Eisenhofer, Thorsten and Riepel, Doreen and Chandrasekaran, Varun and Ghosh, Esha and Ohrimenko, Olga and Papernot, Nicolas}, booktitle = {Proceedings of the 3rd IEEE Conference on Secure and Trustworthy Machine Learning}, title = {Verifiable and Provably Secure Machine Unlearning}, year = {2025} } - Tighter Privacy Auditing for the Hidden State Model via Gradient-Crafting Adversaries
Tudor Ioan Cebere, Aurélien Bellet, Nicolas Papernot
In Proceedings of the 13th International Conference on Learning Representations@inproceedings{tudor2025tighterconference, author = {Cebere, Tudor Ioan and Bellet, Aurélien and Papernot, Nicolas}, booktitle = {Proceedings of the 13th International Conference on Learning Representations}, title = {Tighter Privacy Auditing for the Hidden State Model via Gradient-Crafting Adversaries}, year = {2025} }
Paper2024
- Confidential-DPproof: Confidential Proof of Differentially Private Training
Ali Shahin Shamsabadi, Gefei Tan, Tudor Ioan Cebere, Aurélien Bellet, Hamed Haddadi, Nicolas Papernot, Xiao Wang, Adrian Weller
In Proceedings of the 12th International Conference on Learning Representations@inproceedings{ali2024confidentialdpproofspotlight, author = {Shamsabadi, Ali Shahin and Tan, Gefei and Cebere, Tudor Ioan and Bellet, Aurélien and Haddadi, Hamed and Papernot, Nicolas and Wang, Xiao and Weller, Adrian}, booktitle = {Proceedings of the 12th International Conference on Learning Representations}, title = {Confidential-DPproof: Confidential Proof of Differentially Private Training}, year = {2024} } - Preempt: Sanitizing Sensitive Prompts for LLMs
Amrita Roy Chowdhury, David Glukhov, Divyam Anshumaan, Prasad Chalasani, Nicolas Papernot, Somesh Jha
@article{amrita2024preemptworkshop, author = {Chowdhury, Amrita Roy and Glukhov, David and Anshumaan, Divyam and Chalasani, Prasad and Papernot, Nicolas and Jha, Somesh}, title = {Preempt: Sanitizing Sensitive Prompts for LLMs}, year = {2024} } - Unlearnable Algorithms for In-context Learning
Andrei Ioan Muresanu, Anvith Thudi, Michael R. Zhang, Nicolas Papernot
@article{andrei2024unlearnablepreprint, author = {Muresanu, Andrei Ioan and Thudi, Anvith and Zhang, Michael R. and Papernot, Nicolas}, title = {Unlearnable Algorithms for In-context Learning}, year = {2024} } - From Differential Privacy to Bounds on Membership Inference: Less can be More
Anvith Thudi, Ilia Shumailov, Franziska Boenisch, Nicolas Papernot
@article{anvith2024fromjournal, author = {Thudi, Anvith and Shumailov, Ilia and Boenisch, Franziska and Papernot, Nicolas}, title = {From Differential Privacy to Bounds on Membership Inference: Less can be More}, year = {2024} } - Gradients Look Alike: Sensitivity is Often Overestimated in DP-SGD
Anvith Thudi, Hengrui Jia, Casey Meehan, Ilia Shumailov, Nicolas Papernot
In Proceedings of the 33rd USENIX Security Symposium@inproceedings{anvith2024gradientsconference, author = {Thudi, Anvith and Jia, Hengrui and Meehan, Casey and Shumailov, Ilia and Papernot, Nicolas}, booktitle = {Proceedings of the 33rd USENIX Security Symposium}, title = {Gradients Look Alike: Sensitivity is Often Overestimated in DP-SGD}, year = {2024} } - Beyond Labeling Oracles: What does it mean to steal ML models?
Avital Shafran, Ilia Shumailov, Murat A. Erdogdu, Nicolas Papernot
@article{avital2024beyondjournal, author = {Shafran, Avital and Shumailov, Ilia and Erdogdu, Murat A. and Papernot, Nicolas}, title = {Beyond Labeling Oracles: What does it mean to steal ML models?}, year = {2024} } - Decentralised, Collaborative, and Privacy-preserving Machine Learning for Multi-Hospital Data
Congyu Fang, Adam Dziedzic, Lin Zhang, Laura Oliva, Amol Verma, Fahad Razak, Nicolas Papernot, Bo Wang
@article{congyu2024decentralisedjournal, author = {Fang, Congyu and Dziedzic, Adam and Zhang, Lin and Oliva, Laura and Verma, Amol and Razak, Fahad and Papernot, Nicolas and Wang, Bo}, title = {Decentralised, Collaborative, and Privacy-preserving Machine Learning for Multi-Hospital Data}, year = {2024} } - Finding Private Bugs: Debugging Implementations of Differentially Private Stochastic Gradient Descent
Congyu Fang, Hengrui Jia, Ali Shahin Shamsabadi, Nicolas Papernot
@article{congyu2024findingpreprint, author = {Fang, Congyu and Jia, Hengrui and Shamsabadi, Ali Shahin and Papernot, Nicolas}, title = {Finding Private Bugs: Debugging Implementations of Differentially Private Stochastic Gradient Descent}, year = {2024} } - Privacy-Preserving Federated Learning for Coverage Prediction
Congyu Fang, Akram Bin Sediq, Hamza Sokun, Israfil Bahceci, Ahmed Mohamed Ali Ibrahim, Nicolas Papernot
In Proceedings of the 2024 IEEE International Symposium on Personal, Indoor and Mobile Radio Communications@inproceedings{congyu2024privacypreservingconference, author = {Fang, Congyu and Sediq, Akram Bin and Sokun, Hamza and Bahceci, Israfil and Ibrahim, Ahmed Mohamed Ali and Papernot, Nicolas}, booktitle = {Proceedings of the 2024 IEEE International Symposium on Personal, Indoor and Mobile Radio Communications}, title = {Privacy-Preserving Federated Learning for Coverage Prediction}, year = {2024} } - Position Paper: Rethinking LLM Censorship as a Security Problem
David Glukhov, Ilia Shumailov, Yarin Gal, Nicolas Papernot, Vardan Papyan
In Proceedings of the 41st International Conference on Machine Learning, Vienna, Austria@inproceedings{david2024positionconference, author = {Glukhov, David and Shumailov, Ilia and Gal, Yarin and Papernot, Nicolas and Papyan, Vardan}, booktitle = {Proceedings of the 41st International Conference on Machine Learning, Vienna, Austria}, title = {Position Paper: Rethinking LLM Censorship as a Security Problem}, year = {2024} } - AI models collapse when trained on recursively generated data
Ilia Shumailov, Zakhar Shumaylov, Yiren Zhao, Yarin Gal, Nicolas Papernot, Ross Anderson
@article{ilia2024aijournal, author = {Shumailov, Ilia and Shumaylov, Zakhar and Zhao, Yiren and Gal, Yarin and Papernot, Nicolas and Anderson, Ross}, title = {AI models collapse when trained on recursively generated data}, year = {2024} } - Augment then Smooth: Reconciling Differential Privacy with Certified Robustness
Jiapeng Wu, Atiyeh Ashari Ghomi, David Glukhov, Jesse C. Cresswell, Franziska Boenisch, Nicolas Papernot
@article{jiapeng2024augmentjournal, author = {Wu, Jiapeng and Ghomi, Atiyeh Ashari and Glukhov, David and Cresswell, Jesse C. and Boenisch, Franziska and Papernot, Nicolas}, title = {Augment then Smooth: Reconciling Differential Privacy with Certified Robustness}, year = {2024} } - Temporal-Difference Learning Using Distributed Error Signals
Jonas Guan, Shon Eduard Verch, Claas A Voelcker, Ethan C Jackson, Nicolas Papernot, William A Cunningham
In Proceedings of the 38th Conference on Neural Information Processing Systems@inproceedings{jonas2024temporaldifferenceconference, author = {Guan, Jonas and Verch, Shon Eduard and Voelcker, Claas A and Jackson, Ethan C and Papernot, Nicolas and Cunningham, William A}, booktitle = {Proceedings of the 38th Conference on Neural Information Processing Systems}, title = {Temporal-Difference Learning Using Distributed Error Signals}, year = {2024} } - Exploring Strategies for Guiding Symbolic Analysis with Machine Learning Prediction
Mingyue Yang, David Lie, Nicolas Papernot
In 31st IEEE International Conference on Software Analysis, Evolution and Reengineering@inproceedings{mingyue2024exploringconference, author = {Yang, Mingyue and Lie, David and Papernot, Nicolas}, booktitle = {31st IEEE International Conference on Software Analysis, Evolution and Reengineering}, title = {Exploring Strategies for Guiding Symbolic Analysis with Machine Learning Prediction}, year = {2024} } - Differential Privacy in Artificial Intelligence: From Theory to Practice
Nicolas Papernot
@inbook{nicolas2024privatebookchapter, author = {Papernot, Nicolas}, chapter = {Private Deep Learning}, title = {Differential Privacy in Artificial Intelligence: From Theory to Practice}, year = {2024} } - LLM Dataset Inference: Detect Datasets, not Strings
Pratyush Maini, Hengrui Jia, Nicolas Papernot, Adam Dziedzic
In Proceedings of the 38th Conference on Neural Information Processing Systems@inproceedings{pratyush2024llmconference, author = {Maini, Pratyush and Jia, Hengrui and Papernot, Nicolas and Dziedzic, Adam}, booktitle = {Proceedings of the 38th Conference on Neural Information Processing Systems}, title = {LLM Dataset Inference: Detect Datasets, not Strings}, year = {2024} } - LLM Dataset Inference: Detect Datasets, not Strings
Pratyush Maini, Hengrui Jia, Nicolas Papernot, Adam Dziedzic
@article{pratyush2024llmworkshop, author = {Maini, Pratyush and Jia, Hengrui and Papernot, Nicolas and Dziedzic, Adam}, title = {LLM Dataset Inference: Detect Datasets, not Strings}, year = {2024} } - Beyond Laplace and Gaussian: Exploring the Generalized Gaussian Mechanism for Private Machine Learning
Roy Rinberg, Ilia Shumailov, Rachel Cummings, Nicolas Papernot
@article{roy2024beyondpreprint, author = {Rinberg, Roy and Shumailov, Ilia and Cummings, Rachel and Papernot, Nicolas}, title = {Beyond Laplace and Gaussian: Exploring the Generalized Gaussian Mechanism for Private Machine Learning}, year = {2024} } - Fairness Feedback Loops: Training on Synthetic Data Amplifies Bias
Sierra Calanda Wyllie, Ilia Shumailov, Nicolas Papernot
In Proceedings of the 2024 ACM Conference on Fairness, Accountability, and Transparency@inproceedings{sierra2024fairnessconference, author = {Wyllie, Sierra Calanda and Shumailov, Ilia and Papernot, Nicolas}, booktitle = {Proceedings of the 2024 ACM Conference on Fairness, Accountability, and Transparency}, title = {Fairness Feedback Loops: Training on Synthetic Data Amplifies Bias}, year = {2024} } - What Does It Take to Build a Performant Selective Classifier?
Stephan Rabanser, Andy Wei Liu, Nicolas Papernot
@article{stephan2024whatpreprint, author = {Rabanser, Stephan and Liu, Andy Wei and Papernot, Nicolas}, title = {What Does It Take to Build a Performant Selective Classifier?}, year = {2024} } - The Fundamental Limits of Least-Privilege Learning
Theresa Stadler, Bogdan Kulynych, Michael Gastpar, Nicolas Papernot, Carmela Troncoso
In Proceedings of the 41st International Conference on Machine Learning, Vienna, Austria@inproceedings{theresa2024theconference, author = {Stadler, Theresa and Kulynych, Bogdan and Gastpar, Michael and Papernot, Nicolas and Troncoso, Carmela}, booktitle = {Proceedings of the 41st International Conference on Machine Learning, Vienna, Austria}, title = {The Fundamental Limits of Least-Privilege Learning}, year = {2024} } - Differential Privacy in Artificial Intelligence: From Theory to Practice
Vinith M. Suriyakumar, Nicolas Papernot, Anna Goldenberg, Marzyeh Ghassemi
@inbook{vinith2024differentialbookchapter, author = {Suriyakumar, Vinith M. and Papernot, Nicolas and Goldenberg, Anna and Ghassemi, Marzyeh}, chapter = {Differential Privacy and Medical Data Analysis}, title = {Differential Privacy in Artificial Intelligence: From Theory to Practice}, year = {2024} } - Memorization in Self-Supervised Learning Improves Downstream Generalization
Wenhao Wang, Muhammad Ahmad Kaleem, Adam Dziedzic, Michael Backes, Nicolas Papernot, Franziska Boenisch
In Proceedings of the 12th International Conference on Learning Representations@inproceedings{wenhao2024memorizationconference, author = {Wang, Wenhao and Kaleem, Muhammad Ahmad and Dziedzic, Adam and Backes, Michael and Papernot, Nicolas and Boenisch, Franziska}, booktitle = {Proceedings of the 12th International Conference on Learning Representations}, title = {Memorization in Self-Supervised Learning Improves Downstream Generalization}, year = {2024} }
2023
- Private Multi-Winner Voting for Machine Learning
Adam Dziedzic, Christopher A. Choquette-Choo, Natalie Dullerud, Vinith Menon Suriyakumar, Ali Shahin Shamsabadi, Muhammad Ahmad Kaleem, Somesh Jha, Nicolas Papernot, Xiao Wang
In Proceedings on Privacy Enhancing Technologies, Lausanne, Switzerland@inproceedings{adam2023privateconference, author = {Dziedzic, Adam and Choquette-Choo, Christopher A. and Dullerud, Natalie and Suriyakumar, Vinith Menon and Shamsabadi, Ali Shahin and Kaleem, Muhammad Ahmad and Jha, Somesh and Papernot, Nicolas and Wang, Xiao}, booktitle = {Proceedings on Privacy Enhancing Technologies, Lausanne, Switzerland}, title = {Private Multi-Winner Voting for Machine Learning}, year = {2023} } - Sentence Embedding Encoders are Easy to Steal but Hard to Defend
Adam Dziedzic, Franziska Boenisch, Haonan Duan, Mingjian Jiang, Nicolas Papernot
@article{adam2023sentenceworkshop, author = {Dziedzic, Adam and Boenisch, Franziska and Duan, Haonan and Jiang, Mingjian and Papernot, Nicolas}, title = {Sentence Embedding Encoders are Easy to Steal but Hard to Defend}, year = {2023} } - Confidential-PROFITT: Confidential PROof of FaIr Training of Trees
Ali Shahin Shamsabadi, Sierra Calanda Wyllie, Nicholas Franzese, Natalie Dullerud, Sébastien Gambs, Nicolas Papernot, Xiao Wang, Adrian Weller
In Proceedings of the 11th International Conference on Learning Representations@inproceedings{ali2023confidentialprofittoral, author = {Shamsabadi, Ali Shahin and Wyllie, Sierra Calanda and Franzese, Nicholas and Dullerud, Natalie and Gambs, Sébastien and Papernot, Nicolas and Wang, Xiao and Weller, Adrian}, booktitle = {Proceedings of the 11th International Conference on Learning Representations}, title = {Confidential-PROFITT: Confidential PROof of FaIr Training of Trees}, year = {2023} } - Differentially Private Speaker Anonymization
Ali Shahin Shamsabadi, Brij Mohan Lal Srivastava, Aurelien Bellet, Nathalie Vauquier, Emmanuel Vincent, Mohamed Maouche, Marc Tommasi, Nicolas Papernot
In Proceedings on Privacy Enhancing Technologies, Lausanne, Switzerland@inproceedings{ali2023differentiallyconference, author = {Shamsabadi, Ali Shahin and Srivastava, Brij Mohan Lal and Bellet, Aurelien and Vauquier, Nathalie and Vincent, Emmanuel and Maouche, Mohamed and Tommasi, Marc and Papernot, Nicolas}, booktitle = {Proceedings on Privacy Enhancing Technologies, Lausanne, Switzerland}, title = {Differentially Private Speaker Anonymization}, year = {2023} } - Losing Less: A Loss for Differentially Private Deep Learning
Ali Shahin Shamsabadi, Nicolas Papernot
In Proceedings on Privacy Enhancing Technologies, Lausanne, Switzerland@inproceedings{ali2023losingconference, author = {Shamsabadi, Ali Shahin and Papernot, Nicolas}, booktitle = {Proceedings on Privacy Enhancing Technologies, Lausanne, Switzerland}, title = {Losing Less: A Loss for Differentially Private Deep Learning}, year = {2023} } - Proof-of-Learning is Currently More Broken Than You Think
Congyu Fang, Hengrui Jia, Anvith Thudi, Mohammad Yaghini, Christopher A. Choquette-Choo, Natalie Dullerud, Varun Chandrasekaran, Nicolas Papernot
In Proceedings of the 8th IEEE European Symposium on Security and Privacy, Delft, Netherlands@inproceedings{congyu2023proofoflearningconference, author = {Fang, Congyu and Jia, Hengrui and Thudi, Anvith and Yaghini, Mohammad and Choquette-Choo, Christopher A. and Dullerud, Natalie and Chandrasekaran, Varun and Papernot, Nicolas}, booktitle = {Proceedings of the 8th IEEE European Symposium on Security and Privacy, Delft, Netherlands}, title = {Proof-of-Learning is Currently More Broken Than You Think}, year = {2023} } - The Adversarial Implications of Variable-Time Inference
Dudi Biton, Aditi Misra, Efrat Levy, Jaidip Kotak, Ron Bitton, Roei Schuster, Nicolas Papernot, Yuval Elovici, Ben Nassi
@article{dudi2023theworkshop, author = {Biton, Dudi and Misra, Aditi and Levy, Efrat and Kotak, Jaidip and Bitton, Ron and Schuster, Roei and Papernot, Nicolas and Elovici, Yuval and Nassi, Ben}, title = {The Adversarial Implications of Variable-Time Inference}, year = {2023} } - Have it your way: Individualized Privacy Assignment for DP-SGD
Franziska Boenisch, Christopher Mühl, Adam Dziedzic, Roy Rinberg, Nicolas Papernot
In Proceedings of the 37th Conference on Neural Information Processing Systems@inproceedings{franziska2023haveconference, author = {Boenisch, Franziska and Mühl, Christopher and Dziedzic, Adam and Rinberg, Roy and Papernot, Nicolas}, booktitle = {Proceedings of the 37th Conference on Neural Information Processing Systems}, title = {Have it your way: Individualized Privacy Assignment for DP-SGD}, year = {2023} } - Reconstructing Individual Data Points in Federated Learning Hardened with Differential Privacy and Secure Aggregation
Franziska Boenisch, Adam Dziedzic, Roei Schuster, Ali Shahin Shamsabadi, Ilia Shumailov, Nicolas Papernot
In Proceedings of the 8th IEEE European Symposium on Security and Privacy, Delft, Netherlands@inproceedings{franziska2023reconstructingconference, author = {Boenisch, Franziska and Dziedzic, Adam and Schuster, Roei and Shamsabadi, Ali Shahin and Shumailov, Ilia and Papernot, Nicolas}, booktitle = {Proceedings of the 8th IEEE European Symposium on Security and Privacy, Delft, Netherlands}, title = {Reconstructing Individual Data Points in Federated Learning Hardened with Differential Privacy and Secure Aggregation}, year = {2023} } - When the Curious Abandon Honesty: Federated Learning Is Not Private
Franziska Boenisch, Adam Dziedzic, Roei Schuster, Ali Shahin Shamsabadi, Ilia Shumailov, Nicolas Papernot
In Proceedings of the 8th IEEE European Symposium on Security and Privacy, Delft, Netherlands@inproceedings{franziska2023whenconference, author = {Boenisch, Franziska and Dziedzic, Adam and Schuster, Roei and Shamsabadi, Ali Shahin and Shumailov, Ilia and Papernot, Nicolas}, booktitle = {Proceedings of the 8th IEEE European Symposium on Security and Privacy, Delft, Netherlands}, title = {When the Curious Abandon Honesty: Federated Learning Is Not Private}, year = {2023} } - Flocks of Stochastic Parrots: Differentially Private Prompt Learning for Large Language Models
Haonan Duan, Adam Dziedzic, Nicolas Papernot, Franziska Boenisch
In Proceedings of the 37th Conference on Neural Information Processing Systems@inproceedings{haonan2023flocksconference, author = {Duan, Haonan and Dziedzic, Adam and Papernot, Nicolas and Boenisch, Franziska}, booktitle = {Proceedings of the 37th Conference on Neural Information Processing Systems}, title = {Flocks of Stochastic Parrots: Differentially Private Prompt Learning for Large Language Models}, year = {2023} } - On the Privacy Risk of In-context Learning
Haonan Duan, Adam Dziedzic, Mohammad Yaghini, Nicolas Papernot, Franziska Boenisch
@article{haonan2023onworkshop, author = {Duan, Haonan and Dziedzic, Adam and Yaghini, Mohammad and Papernot, Nicolas and Boenisch, Franziska}, title = {On the Privacy Risk of In-context Learning}, year = {2023} } - Transforming Genomic Interpretability: A DNABERT Case Study
Micaela Consens, Alan Moses, Bo Wang, Nicolas Papernot
@article{micaela2023transformingworkshop, author = {Consens, Micaela and Moses, Alan and Wang, Bo and Papernot, Nicolas}, title = {Transforming Genomic Interpretability: A DNABERT Case Study}, year = {2023} } - Architectural Backdoors in Neural Networks
Mikel Bober-Irizar, Ilia Shumailov, Yiren Zhao, Robert Mullins, Nicolas Papernot
In Proceedings of the 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition, Vancouver, Canada@inproceedings{mikel2023architecturalconference, author = {Bober-Irizar, Mikel and Shumailov, Ilia and Zhao, Yiren and Mullins, Robert and Papernot, Nicolas}, booktitle = {Proceedings of the 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition, Vancouver, Canada}, title = {Architectural Backdoors in Neural Networks}, year = {2023} } - Learning with Impartiality to Walk on the Pareto Frontier of Fairness, Privacy, and Utility
Mohammad Yaghini, Patty Liu, Franziska Boenisch, Nicolas Papernot
@article{mohammad2023learningworkshop, author = {Yaghini, Mohammad and Liu, Patty and Boenisch, Franziska and Papernot, Nicolas}, title = {Learning with Impartiality to Walk on the Pareto Frontier of Fairness, Privacy, and Utility}, year = {2023} } - Regulation Games for Trustworthy Machine Learning
Mohammad Yaghini, Patty Liu, Franziska Boenisch, Nicolas Papernot
@article{mohammad2023regulationworkshop, author = {Yaghini, Mohammad and Liu, Patty and Boenisch, Franziska and Papernot, Nicolas}, title = {Regulation Games for Trustworthy Machine Learning}, year = {2023} } - When Vision Fails: Text Attacks Against ViT and OCR
Nicholas Boucher, Jenny Blessing, Ilia Shumailov, Ross Anderson, Nicolas Papernot
@article{nicholas2023whenpreprint, author = {Boucher, Nicholas and Blessing, Jenny and Shumailov, Ilia and Anderson, Ross and Papernot, Nicolas}, title = {When Vision Fails: Text Attacks Against ViT and OCR}, year = {2023} } - Robust and Actively Secure Serverless Collaborative Learning
Olive Franzese, Adam Dziedzic, Christopher A. Choquette-Choo, Mark R. Thomas, Muhammad Ahmad Kaleem, Stephan Rabanser, Congyu Fang, Somesh Jha, Nicolas Papernot, Xiao Wang
In Proceedings of the 37th Conference on Neural Information Processing Systems@inproceedings{olive2023robustconference, author = {Franzese, Olive and Dziedzic, Adam and Choquette-Choo, Christopher A. and Thomas, Mark R. and Kaleem, Muhammad Ahmad and Rabanser, Stephan and Fang, Congyu and Jha, Somesh and Papernot, Nicolas and Wang, Xiao}, booktitle = {Proceedings of the 37th Conference on Neural Information Processing Systems}, title = {Robust and Actively Secure Serverless Collaborative Learning}, year = {2023} } - Why is it Gaussian? Exploring the Generalized Gaussian Mechanism for Private Machine Learning
Roy Rinberg, Ilia Shumailov, Rachel Cummings, Nicolas Papernot
@article{roy2023whyworkshop, author = {Rinberg, Roy and Shumailov, Ilia and Cummings, Rachel and Papernot, Nicolas}, title = {Why is it Gaussian? Exploring the Generalized Gaussian Mechanism for Private Machine Learning}, year = {2023} } - Tubes Among Us: Analog Attack on Automatic Speaker Identification
Shimaa Ahmed, Yash Wani, Ali Shahin Shamsabadi, Mohammad Yaghini, Ilia Shumailov, Nicolas Papernot, Kassem Fawaz
In Proceedings of the 32nd USENIX Security Symposium@inproceedings{shimaa2023tubesconference, author = {Ahmed, Shimaa and Wani, Yash and Shamsabadi, Ali Shahin and Yaghini, Mohammad and Shumailov, Ilia and Papernot, Nicolas and Fawaz, Kassem}, booktitle = {Proceedings of the 32nd USENIX Security Symposium}, title = {Tubes Among Us: Analog Attack on Automatic Speaker Identification}, year = {2023} } - Training Private Models That Know What They Don’t Know
Stephan Rabanser, Anvith Thudi, Abhradeep Thakurta, Krishnamurthy Dvijotham, Nicolas Papernot
In Proceedings of the 37th Conference on Neural Information Processing Systems@inproceedings{stephan2023trainingconference, author = {Rabanser, Stephan and Thudi, Anvith and Thakurta, Abhradeep and Dvijotham, Krishnamurthy and Papernot, Nicolas}, booktitle = {Proceedings of the 37th Conference on Neural Information Processing Systems}, title = {Training Private Models That Know What They Don’t Know}, year = {2023} }
2022
- Dataset Inference for Self-Supervised Models
Adam Dziedzic, Haonan Duan, Muhammad Ahmad Kaleem, Nikita Dhawan, Jonas Guan, Yannis Cattan, Franziska Boenisch, Nicolas Papernot
In Proceedings of the 36th Conference on Neural Information Processing Systems@inproceedings{adam2022datasetconference, author = {Dziedzic, Adam and Duan, Haonan and Kaleem, Muhammad Ahmad and Dhawan, Nikita and Guan, Jonas and Cattan, Yannis and Boenisch, Franziska and Papernot, Nicolas}, booktitle = {Proceedings of the 36th Conference on Neural Information Processing Systems}, title = {Dataset Inference for Self-Supervised Models}, year = {2022} } - Increasing the Cost of Model Extraction with Calibrated Proof of Work
Adam Dziedzic, Muhammad Ahmad Kaleem, Yu Shen Lu, Nicolas Papernot
In Proceedings of the 10th International Conference on Learning Representations@inproceedings{adam2022increasingspotlight, author = {Dziedzic, Adam and Kaleem, Muhammad Ahmad and Lu, Yu Shen and Papernot, Nicolas}, booktitle = {Proceedings of the 10th International Conference on Learning Representations}, title = {Increasing the Cost of Model Extraction with Calibrated Proof of Work}, year = {2022} } - On the Difficulty of Defending Self-Supervised Learning against Model Extraction
Adam Dziedzic, Nikita Dhawan, Muhammad Ahmad Kaleem, Jonas Guan, Nicolas Papernot
In Proceedings of the 39th International Conference on Machine Learning@inproceedings{adam2022onconference, author = {Dziedzic, Adam and Dhawan, Nikita and Kaleem, Muhammad Ahmad and Guan, Jonas and Papernot, Nicolas}, booktitle = {Proceedings of the 39th International Conference on Machine Learning}, title = {On the Difficulty of Defending Self-Supervised Learning against Model Extraction}, year = {2022} } - p-DkNN: Out-of-Distribution Detection through Statistical Testing of Deep Representation
Adam Dziedzic, Stephan Rabanser, Mohammad Yaghini, Armin Ale, Murat A Erdogdu, Nicolas Papernot
@article{adam2022pdknnreport, author = {Dziedzic, Adam and Rabanser, Stephan and Yaghini, Mohammad and Ale, Armin and Erdogdu, Murat A and Papernot, Nicolas}, title = {p-DkNN: Out-of-Distribution Detection through Statistical Testing of Deep Representation}, year = {2022} } - Washing The Unwashable: On The (Im)possibility of Fairwashing Detection
Ali Shahin Shamsabadi, Mohammad Yaghini, Natalie Dullerud, Sierra Wyllie, Ulrich Aïvodji, Aisha Alaagib Alryeh Mkean, Sébastien Gambs, Nicolas Papernot
In Proceedings of the 36th Conference on Neural Information Processing Systems@inproceedings{ali2022washingconference, author = {Shamsabadi, Ali Shahin and Yaghini, Mohammad and Dullerud, Natalie and Wyllie, Sierra and Aïvodji, Ulrich and Mkean, Aisha Alaagib Alryeh and Gambs, Sébastien and Papernot, Nicolas}, booktitle = {Proceedings of the 36th Conference on Neural Information Processing Systems}, title = {Washing The Unwashable: On The (Im)possibility of Fairwashing Detection}, year = {2022} } - On the Necessity of Auditable Algorithmic Definitions for Machine Unlearning
Anvith Thudi, Hengrui Jia, Ilia Shumailov, Nicolas Papernot
In Proceedings of the 31st USENIX Security Symposium@inproceedings{anvith2022onconference, author = {Thudi, Anvith and Jia, Hengrui and Shumailov, Ilia and Papernot, Nicolas}, booktitle = {Proceedings of the 31st USENIX Security Symposium}, title = {On the Necessity of Auditable Algorithmic Definitions for Machine Unlearning}, year = {2022} } - Unrolling SGD: Understanding Factors Influencing Machine Unlearning
Anvith Thudi, Gabriel Deza, Varun Chandrasekaran, Nicolas Papernot
In Proceedings of the 7th IEEE European Symposium on Security and Privacy, Genoa, Italy@inproceedings{anvith2022unrollingconference, author = {Thudi, Anvith and Deza, Gabriel and Chandrasekaran, Varun and Papernot, Nicolas}, booktitle = {Proceedings of the 7th IEEE European Symposium on Security and Privacy, Genoa, Italy}, title = {Unrolling SGD: Understanding Factors Influencing Machine Unlearning}, year = {2022} } - A Zest of LIME: Towards Architecture-Independent Model Distances
Hengrui Jia, Hongyu Chen, Jonas Guan, Ali Shahin Shamsabadi, Nicolas Papernot
In Proceedings of the 10th International Conference on Learning Representations@inproceedings{hengrui2022aconference, author = {Jia, Hengrui and Chen, Hongyu and Guan, Jonas and Shamsabadi, Ali Shahin and Papernot, Nicolas}, booktitle = {Proceedings of the 10th International Conference on Learning Representations}, title = {A Zest of LIME: Towards Architecture-Independent Model Distances}, year = {2022} } - In Differential Privacy, There is Truth: on Vote-Histogram Leakage in Ensemble Private Learning
Jiaqi Wang, Roei Schuster, Ilia Shumailov, David Lie, Nicolas Papernot
In Proceedings of the 36th Conference on Neural Information Processing Systems@inproceedings{jiaqi2022inconference, author = {Wang, Jiaqi and Schuster, Roei and Shumailov, Ilia and Lie, David and Papernot, Nicolas}, booktitle = {Proceedings of the 36th Conference on Neural Information Processing Systems}, title = {In Differential Privacy, There is Truth: on Vote-Histogram Leakage in Ensemble Private Learning}, year = {2022} } - Is Fairness Only Metric Deep? Evaluating and Addressing Subgroup Gaps in Deep Metric Learning
Natalie Dullerud, Karsten Roth, Kimia Hamidieh, Nicolas Papernot, Marzyeh Ghassemi
In Proceedings of the 10th International Conference on Learning Representations@inproceedings{natalie2022isconference, author = {Dullerud, Natalie and Roth, Karsten and Hamidieh, Kimia and Papernot, Nicolas and Ghassemi, Marzyeh}, booktitle = {Proceedings of the 10th International Conference on Learning Representations}, title = {Is Fairness Only Metric Deep? Evaluating and Addressing Subgroup Gaps in Deep Metric Learning}, year = {2022} } - Bad Character Injection: Imperceptible Attacks on NLP Models
Nicholas Boucher, Ilia Shumailov, Ross Anderson, Nicolas Papernot
In Proceedings of the 43rd IEEE Symposium on Security and Privacy, San Francisco, CA@inproceedings{nicholas2022badconference, author = {Boucher, Nicholas and Shumailov, Ilia and Anderson, Ross and Papernot, Nicolas}, booktitle = {Proceedings of the 43rd IEEE Symposium on Security and Privacy, San Francisco, CA}, title = {Bad Character Injection: Imperceptible Attacks on NLP Models}, year = {2022} } - Learned Systems Security
Roei Schuster, Nicolas Papernot, Paul Grubbs, Jin Peng Zhou
@article{roei2022learnedreport, author = {Schuster, Roei and Papernot, Nicolas and Grubbs, Paul and Zhou, Jin Peng}, title = {Learned Systems Security}, year = {2022} } - Adversarial Examples for Network Intrusion Detection Systems
Ryan Sheatsley, Nicolas Papernot, Michael J. Weisman, Gunjan Verma, Patrick McDaniel
@article{ryan2022adversarialjournal, author = {Sheatsley, Ryan and Papernot, Nicolas and Weisman, Michael J. and Verma, Gunjan and McDaniel, Patrick}, title = {Adversarial Examples for Network Intrusion Detection Systems}, year = {2022} } - Towards More Robust Keyword Spotting for Voice Assistants
Shimaa Ahmed, Ilia Shumailov, Nicolas Papernot, Kassem Fawaz
In Proceedings of the 31st USENIX Security Symposium@inproceedings{shimaa2022towardsconference, author = {Ahmed, Shimaa and Shumailov, Ilia and Papernot, Nicolas and Fawaz, Kassem}, booktitle = {Proceedings of the 31st USENIX Security Symposium}, title = {Towards More Robust Keyword Spotting for Voice Assistants}, year = {2022} } - Intrinsic Anomaly Detection for Multi-Variate Time Series
Stephan Rabanser, Tim Januschowski, Kashif Rasul, Oliver Borchert, Richard Kurle, Jan Gasthaus, Michael Bohlke-Schneider, Nicolas Papernot, Valentin Flunkert
@article{stephan2022intrinsicreport, author = {Rabanser, Stephan and Januschowski, Tim and Rasul, Kashif and Borchert, Oliver and Kurle, Richard and Gasthaus, Jan and Bohlke-Schneider, Michael and Papernot, Nicolas and Flunkert, Valentin}, title = {Intrinsic Anomaly Detection for Multi-Variate Time Series}, year = {2022} } - Generative Extraction of Audio Classifiers for Speaker Identification
Tejumade Afonja, Lucas Bourtoule, Varun Chandrasekaran, Sageev Oore, Nicolas Papernot
@article{tejumade2022generativereport, author = {Afonja, Tejumade and Bourtoule, Lucas and Chandrasekaran, Varun and Oore, Sageev and Papernot, Nicolas}, title = {Generative Extraction of Audio Classifiers for Speaker Identification}, year = {2022} } - On the Limitations of Stochastic Pre-processing Defenses
Yue Gao, Ilia Shumailov, Kassem Fawaz, Nicolas Papernot
In Proceedings of the 36th Conference on Neural Information Processing Systems@inproceedings{yue2022onconference, author = {Gao, Yue and Shumailov, Ilia and Fawaz, Kassem and Papernot, Nicolas}, booktitle = {Proceedings of the 36th Conference on Neural Information Processing Systems}, title = {On the Limitations of Stochastic Pre-processing Defenses}, year = {2022} }
2021
- On the Exploitability of Audio Machine Learning Pipelines to Surreptitious Adversarial Examples
Adelin Travers, Lorna Licollari, Guanghan Wang, Varun Chandrasekaran, Adam Dziedzic, David Lie, Nicolas Papernot
@article{adelin2021onreport, author = {Travers, Adelin and Licollari, Lorna and Wang, Guanghan and Chandrasekaran, Varun and Dziedzic, Adam and Lie, David and Papernot, Nicolas}, title = {On the Exploitability of Audio Machine Learning Pipelines to Surreptitious Adversarial Examples}, year = {2021} } - CaPC Learning: Confidential and Private Collaborative Learning
Christopher A. Choquette-Choo, Natalie Dullerud, Adam Dziedzic, Yunxiang Zhang, Somesh Jha, Nicolas Papernot, Xiao Wang
In Proceedings of the 9th International Conference on Learning Representations@inproceedings{christopher2021capcconference, author = {Choquette-Choo, Christopher A. and Dullerud, Natalie and Dziedzic, Adam and Zhang, Yunxiang and Jha, Somesh and Papernot, Nicolas and Wang, Xiao}, booktitle = {Proceedings of the 9th International Conference on Learning Representations}, title = {CaPC Learning: Confidential and Private Collaborative Learning}, year = {2021} } - Label-Only Membership Inference Attacks
Christopher A. Choquette-Choo, Florian Tramer, Nicholas Carlini, Nicolas Papernot
In Proceedings of the 38th International Conference on Machine Learning@inproceedings{christopher2021labelonlyconference, author = {Choquette-Choo, Christopher A. and Tramer, Florian and Carlini, Nicholas and Papernot, Nicolas}, booktitle = {Proceedings of the 38th International Conference on Machine Learning}, title = {Label-Only Membership Inference Attacks}, year = {2021} } - Markpainting: Adversarial Machine Learning meets Inpainting
David Khachaturov, Ilia Shumailov, Yiren Zhao, Nicolas Papernot, Ross Anderson
In Proceedings of the 38th International Conference on Machine Learning@inproceedings{david2021markpaintingconference, author = {Khachaturov, David and Shumailov, Ilia and Zhao, Yiren and Papernot, Nicolas and Anderson, Ross}, booktitle = {Proceedings of the 38th International Conference on Machine Learning}, title = {Markpainting: Adversarial Machine Learning meets Inpainting}, year = {2021} } - Interpretability in Safety-Critical Financial Trading Systems
Gabriel Deza, Adelin Travers, Colin Rowat, Nicolas Papernot
@article{gabriel2021interpretabilityreport, author = {Deza, Gabriel and Travers, Adelin and Rowat, Colin and Papernot, Nicolas}, title = {Interpretability in Safety-Critical Financial Trading Systems}, year = {2021} } - SoK: The Faults in our ASRs: An Overview of Attacks against Automatic Speech Recognition and Speaker Identification Systems
Hadi Abdullah, Kevin Warren, Vincent Bindschaedler, Nicolas Papernot, Patrick Traynor
In Proceedings of the 42nd IEEE Symposium on Security and Privacy, San Francisco, CA@inproceedings{hadi2021sokconference, author = {Abdullah, Hadi and Warren, Kevin and Bindschaedler, Vincent and Papernot, Nicolas and Traynor, Patrick}, booktitle = {Proceedings of the 42nd IEEE Symposium on Security and Privacy, San Francisco, CA}, title = {SoK: The Faults in our ASRs: An Overview of Attacks against Automatic Speech Recognition and Speaker Identification Systems}, year = {2021} } - Entangled Watermarks as a Defense against Model Extraction
Hengrui Jia, Christopher A. Choquette-Choo, Varun Chandrasekaran, Nicolas Papernot
In Proceedings of the 30th USENIX Security Symposium@inproceedings{hengrui2021entangledconference, author = {Jia, Hengrui and Choquette-Choo, Christopher A. and Chandrasekaran, Varun and Papernot, Nicolas}, booktitle = {Proceedings of the 30th USENIX Security Symposium}, title = {Entangled Watermarks as a Defense against Model Extraction}, year = {2021} } - Proof-of-Learning: Definitions and Practice
Hengrui Jia, Mohammad Yaghini, Christopher A. Choquette-Choo, Natalie Dullerud, Anvith Thudi, Varun Chandrasekaran, Nicolas Papernot
In Proceedings of the 42nd IEEE Symposium on Security and Privacy, San Francisco, CA@inproceedings{hengrui2021proofoflearningconference, author = {Jia, Hengrui and Yaghini, Mohammad and Choquette-Choo, Christopher A. and Dullerud, Natalie and Thudi, Anvith and Chandrasekaran, Varun and Papernot, Nicolas}, booktitle = {Proceedings of the 42nd IEEE Symposium on Security and Privacy, San Francisco, CA}, title = {Proof-of-Learning: Definitions and Practice}, year = {2021} } - Manipulating SGD with Data Ordering Attacks
Ilia Shumailov, Zakhar Shumaylov, Dmitry Kazhdan, Yiren Zhao, Nicolas Papernot, Murat A. Erdogdu, Ross Anderson
In Proceedings of the 35th Conference on Neural Information Processing Systems@inproceedings{ilia2021manipulatingconference, author = {Shumailov, Ilia and Shumaylov, Zakhar and Kazhdan, Dmitry and Zhao, Yiren and Papernot, Nicolas and Erdogdu, Murat A. and Anderson, Ross}, booktitle = {Proceedings of the 35th Conference on Neural Information Processing Systems}, title = {Manipulating SGD with Data Ordering Attacks}, year = {2021} } - Sponge Examples: Energy-Latency Attacks on Neural Networks
Ilia Shumailov, Yiren Zhao, Daniel Bates, Nicolas Papernot, Robert Mullins, Ross Anderson
In Proceedings of the 6th IEEE European Symposium on Security and Privacy, Vienna, Austria@inproceedings{ilia2021spongeconference, author = {Shumailov, Ilia and Zhao, Yiren and Bates, Daniel and Papernot, Nicolas and Mullins, Robert and Anderson, Ross}, booktitle = {Proceedings of the 6th IEEE European Symposium on Security and Privacy, Vienna, Austria}, title = {Sponge Examples: Energy-Latency Attacks on Neural Networks}, year = {2021} } - Data-Free Model Extraction
Jean-Baptiste Truong, Pratyush Maini, Robert Walls, Nicolas Papernot
In Proceedings of the 2021 IEEE/CVF Conference on Computer Vision and Pattern Recognition, Nashville, TN@inproceedings{jeanbaptiste2021datafreeconference, author = {Truong, Jean-Baptiste and Maini, Pratyush and Walls, Robert and Papernot, Nicolas}, booktitle = {Proceedings of the 2021 IEEE/CVF Conference on Computer Vision and Pattern Recognition, Nashville, TN}, title = {Data-Free Model Extraction}, year = {2021} } - Machine Unlearning
Lucas Bourtoule, Varun Chandrasekaran, Christopher A. Choquette-Choo, Hengrui Jia, Adelin Travers, Baiwu Zhang, David Lie, Nicolas Papernot
In Proceedings of the 42nd IEEE Symposium on Security and Privacy, San Francisco, CA@inproceedings{lucas2021machineconference, author = {Bourtoule, Lucas and Chandrasekaran, Varun and Choquette-Choo, Christopher A. and Jia, Hengrui and Travers, Adelin and Zhang, Baiwu and Lie, David and Papernot, Nicolas}, booktitle = {Proceedings of the 42nd IEEE Symposium on Security and Privacy, San Francisco, CA}, title = {Machine Unlearning}, year = {2021} } - Accelerating Symbolic Analysis for Android Apps
Mingyue Yang, David Lie, Nicolas Papernot
@article{mingyue2021acceleratingworkshop, author = {Yang, Mingyue and Lie, David and Papernot, Nicolas}, title = {Accelerating Symbolic Analysis for Android Apps}, year = {2021} } - Encyclopedia of Cryptography, Security and Privacy
Nicolas Papernot
@inbook{nicolas2021adversarialbookchapter, author = {Papernot, Nicolas}, chapter = {Adversarial Machine Learning}, title = {Encyclopedia of Cryptography, Security and Privacy}, year = {2021} } - Dataset Inference: Ownership Resolution in Machine Learning
Pratyush Maini, Mohammad Yaghini, Nicolas Papernot
In Proceedings of the 9th International Conference on Learning Representations@inproceedings{pratyush2021datasetspotlight, author = {Maini, Pratyush and Yaghini, Mohammad and Papernot, Nicolas}, booktitle = {Proceedings of the 9th International Conference on Learning Representations}, title = {Dataset Inference: Ownership Resolution in Machine Learning}, year = {2021} } - SoK: Machine Learning Governance
Varun Chandrasekaran, Hengrui Jia, Anvith Thudi, Adelin Travers, Mohammad Yaghini, Nicolas Papernot
@article{varun2021sokpreprint, author = {Chandrasekaran, Varun and Jia, Hengrui and Thudi, Anvith and Travers, Adelin and Yaghini, Mohammad and Papernot, Nicolas}, title = {SoK: Machine Learning Governance}, year = {2021} } - Chasing Your Long Tails: Differentially Private Prediction in Health Care Settings
Vinith Suriyakumar, Nicolas Papernot, Anna Goldenberg, Marzyeh Ghassemi
In Proceedings of the 2021 ACM Conference on Fairness, Accountability, and Transparency@inproceedings{vinith2021chasingconference, author = {Suriyakumar, Vinith and Papernot, Nicolas and Goldenberg, Anna and Ghassemi, Marzyeh}, booktitle = {Proceedings of the 2021 ACM Conference on Fairness, Accountability, and Transparency}, title = {Chasing Your Long Tails: Differentially Private Prediction in Health Care Settings}, year = {2021} }
2020
- Neighbors From Hell: Voltage Attacks Against Deep Learning Accelerators on Multi-Tenant FPGAs
Andrew Boutros, Mathew Hall, Nicolas Papernot, Vaughn Betz
In Proceedings of the 2020 International Conference on Field-Programmable Technology@inproceedings{andrew2020neighborsconference, author = {Boutros, Andrew and Hall, Mathew and Papernot, Nicolas and Betz, Vaughn}, booktitle = {Proceedings of the 2020 International Conference on Field-Programmable Technology}, title = {Neighbors From Hell: Voltage Attacks Against Deep Learning Accelerators on Multi-Tenant FPGAs}, year = {2020} } - On Attribution of Deepfakes
Baiwu Zhang, Jin Zhou, Ilia Shumailov, Nicolas Papernot
@article{baiwu2020onreport, author = {Zhang, Baiwu and Zhou, Jin and Shumailov, Ilia and Papernot, Nicolas}, title = {On Attribution of Deepfakes}, year = {2020} } - On the Robustness of Cooperative Multi-Agent Reinforcement Learning
Jieyu Lin, Kristina Dzeparoska, Sai Qian Zhang, Alberto Leon-Garcia, Nicolas Papernot
@article{jieyu2020onworkshop, author = {Lin, Jieyu and Dzeparoska, Kristina and Zhang, Sai Qian and Leon-Garcia, Alberto and Papernot, Nicolas}, title = {On the Robustness of Cooperative Multi-Agent Reinforcement Learning}, year = {2020} } - Dataset Inference: Ownership Resolution in Machine Learning
Pratyush Maini, Mohammad Yaghini, Nicolas Papernot
@article{pratyush2020datasetworkshop, author = {Maini, Pratyush and Yaghini, Mohammad and Papernot, Nicolas}, title = {Dataset Inference: Ownership Resolution in Machine Learning}, year = {2020} } - On the Effectiveness of Mitigating Data Poisoning Attacks with Gradient Shaping
Sanghyun Hong, Varun Chandrasekaran, Yigitcan Kaya, Tudor Dumitras, Nicolas Papernot
@article{sanghyun2020onreport, author = {Hong, Sanghyun and Chandrasekaran, Varun and Kaya, Yigitcan and Dumitras, Tudor and Papernot, Nicolas}, title = {On the Effectiveness of Mitigating Data Poisoning Attacks with Gradient Shaping}, year = {2020} } - The Pitfalls of Differentially Private Prediction in Healthcare
Vinith Suriyakumar, Nicolas Papernot, Anna Goldenberg, Marzyeh Ghassemi
@article{vinith2020theworkshop, author = {Suriyakumar, Vinith and Papernot, Nicolas and Goldenberg, Anna and Ghassemi, Marzyeh}, title = {The Pitfalls of Differentially Private Prediction in Healthcare}, year = {2020} }
2019
- How Relevant Is the Turing Test in the Age of Sophisbots?
Dan Boneh, Andrew J. Grotto, Patrick McDaniel, Nicolas Papernot
In IEEE Security and Privacy Magazine@inproceedings{dan2019howinvited, author = {Boneh, Dan and Grotto, Andrew J. and McDaniel, Patrick and Papernot, Nicolas}, booktitle = {IEEE Security and Privacy Magazine}, title = {How Relevant Is the Turing Test in the Age of Sophisbots?}, year = {2019} } - Rearchitecting Classification Frameworks For Increased Robustness
Varun Chandrasekaran, Brian Tang, Nicolas Papernot, Kassem Fawaz, Somesh Jha, Xi Wu
@article{varun2019rearchitectingreport, author = {Chandrasekaran, Varun and Tang, Brian and Papernot, Nicolas and Fawaz, Kassem and Jha, Somesh and Wu, Xi}, title = {Rearchitecting Classification Frameworks For Increased Robustness}, year = {2019} }