Paper-Conference

GASP: Efficient Black-Box Generation of Adversarial Suffixes for Jailbreaking LLMs
GASP: Efficient Black-Box Generation of Adversarial Suffixes for Jailbreaking LLMs
We introduce Generative Adversarial Suffix Prompter (GASP), a novel framework that combines human-readable prompt generation with Latent Bayesian Optimization (LBO) to improve adversarial suffix creation in a fully black-box setting.
PDF Cite Code ArXiv OpenReview
IAP: Invisible Adversarial Patch Attack through Perceptibility-Aware Localization and Perturbation Optimization
We develop a novel attack framework that generates highly invisible adversarial patches based on perceptibility-aware localization and perturbation schemes.
PDF Cite Code ArXiv
Provably Cost-Sensitive Adversarial Defense via Randomized Smoothing
We study how to certify and train for cost-sensitive robustness using randomized smoothing.
PDF Cite Code ArXiv OpenReview
DiffPAD: Denoising Diffusion-based Adversarial Patch Decontamination
We propose DiffPAD, a novel framework that harnesses the power of diffusion models for adversarial patch decontamination.
PDF Cite ArXiv
DivTrackee versus DynTracker: Promoting Diversity in Anti-Facial Recognition against Dynamic FR Strategy
DivTrackee versus DynTracker: Promoting Diversity in Anti-Facial Recognition against Dynamic FR Strategy
We highlight the importance of using dynamic FR strategies to evaluate AFR methods, and propose DivTrackee as a promising countermeasure.
PDF Cite Code ArXiv
What Distributions are Robust to Indiscriminate Poisoning Attacks for Linear Learners?
What Distributions are Robust to Indiscriminate Poisoning Attacks for Linear Learners?
Understand the inherent vulnerabilities to indiscriminate data poisoning attacks for linear learners by studying the optimal poisoning strategy from the perspective of data distribution.
PDF Cite ArXiv