Publications
2021
- On the Exploitability of Audio Machine Learning Pipelines to Surreptitious Adversarial Examples
Adelin Travers, Lorna Licollari, Guanghan Wang, Varun Chandrasekaran, Adam Dziedzic, David Lie, Nicolas Papernot
@article{adelin2021on, author = {Travers, Adelin and Licollari, Lorna and Wang, Guanghan and Chandrasekaran, Varun and Dziedzic, Adam and Lie, David and Papernot, Nicolas}, title = {On the Exploitability of Audio Machine Learning Pipelines to Surreptitious Adversarial Examples}, year = {2021} } - On the Necessity of Auditable Algorithmic Definitions for Machine Unlearning
Anvith Thudi, Hengrui Jia, Ilia Shumailov, Nicolas Papernot
@article{anvith2021on, author = {Thudi, Anvith and Jia, Hengrui and Shumailov, Ilia and Papernot, Nicolas}, title = {On the Necessity of Auditable Algorithmic Definitions for Machine Unlearning}, year = {2021} } - Unrolling SGD: Understanding Factors Influencing Machine Unlearning
Anvith Thudi, Gabriel Deza, Varun Chandrasekaran, Nicolas Papernot
@article{anvith2021unrolling, author = {Thudi, Anvith and Deza, Gabriel and Chandrasekaran, Varun and Papernot, Nicolas}, title = {Unrolling SGD: Understanding Factors Influencing Machine Unlearning}, year = {2021} } - CaPC Learning: Confidential and Private Collaborative Learning
Christopher A. Choquette-Choo, Natalie Dullerud, Adam Dziedzic, Yunxiang Zhang, Somesh Jha, Nicolas Papernot, Xiao Wang
In Proceedings of the 9th International Conference on Learning Representations@inproceedings{christopher2021capc, author = {Choquette-Choo, Christopher A. and Dullerud, Natalie and Dziedzic, Adam and Zhang, Yunxiang and Jha, Somesh and Papernot, Nicolas and Wang, Xiao}, booktitle = {Proceedings of the 9th International Conference on Learning Representations}, title = {CaPC Learning: Confidential and Private Collaborative Learning}, year = {2021} } - Markpainting: Adversarial Machine Learning meets Inpainting
David Khachaturov, Ilia Shumailov, Yiren Zhao, Nicolas Papernot, Ross Anderson
In Proceedings of the 38th International Conference on Machine Learning@inproceedings{david2021markpainting, author = {Khachaturov, David and Shumailov, Ilia and Zhao, Yiren and Papernot, Nicolas and Anderson, Ross}, booktitle = {Proceedings of the 38th International Conference on Machine Learning}, title = {Markpainting: Adversarial Machine Learning meets Inpainting}, year = {2021} } - When the Curious Abandon Honesty: Federated Learning Is Not Private
Franziska Boenisch, Adam Dziedzic, Roei Schuster, Ali Shahin Shamsabadi, Ilia Shumailov, Nicolas Papernot
@article{franziska2021when, author = {Boenisch, Franziska and Dziedzic, Adam and Schuster, Roei and Shamsabadi, Ali Shahin and Shumailov, Ilia and Papernot, Nicolas}, title = {When the Curious Abandon Honesty: Federated Learning Is Not Private}, year = {2021} } - Interpretability in Safety-Critical Financial Trading Systems
Gabriel Deza, Adelin Travers, Colin Rowat, Nicolas Papernot
@article{gabriel2021interpretability, author = {Deza, Gabriel and Travers, Adelin and Rowat, Colin and Papernot, Nicolas}, title = {Interpretability in Safety-Critical Financial Trading Systems}, year = {2021} } - SoK: The Faults in our ASRs: An Overview of Attacks against Automatic Speech Recognition and Speaker Identification Systems
Hadi Abdullah, Kevin Warren, Vincent Bindschaedler, Nicolas Papernot, Patrick Traynor
In Proceedings of the 42nd IEEE Symposium on Security and Privacy, San Francisco, CA@inproceedings{hadi2021sok, author = {Abdullah, Hadi and Warren, Kevin and Bindschaedler, Vincent and Papernot, Nicolas and Traynor, Patrick}, booktitle = {Proceedings of the 42nd IEEE Symposium on Security and Privacy, San Francisco, CA}, title = {SoK: The Faults in our ASRs: An Overview of Attacks against Automatic Speech Recognition and Speaker Identification Systems}, year = {2021} } - Entangled Watermarks as a Defense against Model Extraction
Hengrui Jia, Christopher A. Choquette-Choo, Varun Chandrasekaran, Nicolas Papernot
In Proceedings of the 30th USENIX Security Symposium@inproceedings{hengrui2021entangled, author = {Jia, Hengrui and Choquette-Choo, Christopher A. and Chandrasekaran, Varun and Papernot, Nicolas}, booktitle = {Proceedings of the 30th USENIX Security Symposium}, title = {Entangled Watermarks as a Defense against Model Extraction}, year = {2021} } - Proof-of-Learning: Definitions and Practice
Hengrui Jia, Mohammad Yaghini, Christopher A. Choquette-Choo, Natalie Dullerud, Anvith Thudi, Varun Chandrasekaran, Nicolas Papernot
In Proceedings of the 42nd IEEE Symposium on Security and Privacy, San Francisco, CA@inproceedings{hengrui2021proofoflearning, author = {Jia, Hengrui and Yaghini, Mohammad and Choquette-Choo, Christopher A. and Dullerud, Natalie and Thudi, Anvith and Chandrasekaran, Varun and Papernot, Nicolas}, booktitle = {Proceedings of the 42nd IEEE Symposium on Security and Privacy, San Francisco, CA}, title = {Proof-of-Learning: Definitions and Practice}, year = {2021} } - Manipulating SGD with Data Ordering Attacks
Ilia Shumailov, Zakhar Shumaylov, Dmitry Kazhdan, Yiren Zhao, Nicolas Papernot, Murat A. Erdogdu, Ross Anderson
In Proceedings of the 35th Conference on Neural Information Processing Systems@inproceedings{ilia2021manipulating, author = {Shumailov, Ilia and Shumaylov, Zakhar and Kazhdan, Dmitry and Zhao, Yiren and Papernot, Nicolas and Erdogdu, Murat A. and Anderson, Ross}, booktitle = {Proceedings of the 35th Conference on Neural Information Processing Systems}, title = {Manipulating SGD with Data Ordering Attacks}, year = {2021} } - Sponge Examples: Energy-Latency Attacks on Neural Networks
Ilia Shumailov, Yiren Zhao, Daniel Bates, Nicolas Papernot, Robert Mullins, Ross Anderson
In Proceedings of the 6th IEEE European Symposium on Security and Privacy, Vienna, Austria@inproceedings{ilia2021sponge, author = {Shumailov, Ilia and Zhao, Yiren and Bates, Daniel and Papernot, Nicolas and Mullins, Robert and Anderson, Ross}, booktitle = {Proceedings of the 6th IEEE European Symposium on Security and Privacy, Vienna, Austria}, title = {Sponge Examples: Energy-Latency Attacks on Neural Networks}, year = {2021} } - Data-Free Model Extraction
Jean-Baptiste Truong, Pratyush Maini, Robert Walls, Nicolas Papernot
In Proceedings of the 2021 IEEE/CVF Conference on Computer Vision and Pattern Recognition, Nashville, TN@inproceedings{jeanbaptiste2021datafree, author = {Truong, Jean-Baptiste and Maini, Pratyush and Walls, Robert and Papernot, Nicolas}, booktitle = {Proceedings of the 2021 IEEE/CVF Conference on Computer Vision and Pattern Recognition, Nashville, TN}, title = {Data-Free Model Extraction}, year = {2021} } - Machine Unlearning
Lucas Bourtoule, Varun Chandrasekaran, Christopher Choquette-Choo, Hengrui Jia, Adelin Travers, Baiwu Zhang, David Lie, Nicolas Papernot
In Proceedings of the 42nd IEEE Symposium on Security and Privacy, San Francisco, CA@inproceedings{lucas2021machine, author = {Bourtoule, Lucas and Chandrasekaran, Varun and Choquette-Choo, Christopher and Jia, Hengrui and Travers, Adelin and Zhang, Baiwu and Lie, David and Papernot, Nicolas}, booktitle = {Proceedings of the 42nd IEEE Symposium on Security and Privacy, San Francisco, CA}, title = {Machine Unlearning}, year = {2021} } - Adversary Instantiation: Lower bounds for differentially private machine learning
Milad Nasr, Shuang Song, Abhradeep Guha Thakurta, Nicolas Papernot, Nicholas Carlini
In Proceedings of the 42nd IEEE Symposium on Security and Privacy, San Francisco, CA@inproceedings{milad2021adversary, author = {Nasr, Milad and Song, Shuang and Thakurta, Abhradeep Guha and Papernot, Nicolas and Carlini, Nicholas}, booktitle = {Proceedings of the 42nd IEEE Symposium on Security and Privacy, San Francisco, CA}, title = {Adversary Instantiation: Lower bounds for differentially private machine learning}, year = {2021} } - Accelerating Symbolic Analysis for Android Apps
Mingyue Yang, David Lie, Nicolas Papernot
@article{mingyue2021accelerating, author = {Yang, Mingyue and Lie, David and Papernot, Nicolas}, title = {Accelerating Symbolic Analysis for Android Apps}, year = {2021} } - Encyclopedia of Cryptography, Security and Privacy
Nicolas Papernot
@inbook{nicolas2021adversarial, author = {Papernot, Nicolas}, chapter = {Adversarial Machine Learning}, title = {Encyclopedia of Cryptography, Security and Privacy}, year = {2021} } - Hyperparameter Tuning with Renyi Differential Privacy
Nicolas Papernot, Thomas Steinke
@article{nicolas2021hyperparameter, author = {Papernot, Nicolas and Steinke, Thomas}, title = {Hyperparameter Tuning with Renyi Differential Privacy}, year = {2021} } - Tempered Sigmoids for Deep Learning with Differential Privacy
Nicolas Papernot, Abhradeep Thakurta, Shuang Song, Steve Chien, Ulfar Erlingsson
In Proceedings of the 35th AAAI Conference on Artificial Intelligence@inproceedings{nicolas2021tempered, author = {Papernot, Nicolas and Thakurta, Abhradeep and Song, Shuang and Chien, Steve and Erlingsson, Ulfar}, booktitle = {Proceedings of the 35th AAAI Conference on Artificial Intelligence}, title = {Tempered Sigmoids for Deep Learning with Differential Privacy}, year = {2021} } - Dataset Inference: Ownership Resolution in Machine Learning
Pratyush Maini, Mohammad Yaghini, Nicolas Papernot
In Proceedings of the 9th International Conference on Learning Representations@inproceedings{pratyush2021dataset, author = {Maini, Pratyush and Yaghini, Mohammad and Papernot, Nicolas}, booktitle = {Proceedings of the 9th International Conference on Learning Representations}, title = {Dataset Inference: Ownership Resolution in Machine Learning}, year = {2021} } - SoK: Machine Learning Governance
Varun Chandrasekaran, Hengrui Jia, Anvith Thudi, Adelin Travers, Mohammad Yaghini, Nicolas Papernot
@article{varun2021sok, author = {Chandrasekaran, Varun and Jia, Hengrui and Thudi, Anvith and Travers, Adelin and Yaghini, Mohammad and Papernot, Nicolas}, title = {SoK: Machine Learning Governance}, year = {2021} } - Chasing Your Long Tails: Differentially Private Prediction in Health Care Settings
Vinith Suriyakumar, Nicolas Papernot, Anna Goldenberg, Marzyeh Ghassemi
In Proceedings of the 2021 ACM Conference on Fairness, Accountability, and Transparency@inproceedings{vinith2021chasing, author = {Suriyakumar, Vinith and Papernot, Nicolas and Goldenberg, Anna and Ghassemi, Marzyeh}, booktitle = {Proceedings of the 2021 ACM Conference on Fairness, Accountability, and Transparency}, title = {Chasing Your Long Tails: Differentially Private Prediction in Health Care Settings}, year = {2021} }
Paper2020
- Neighbors From Hell: Voltage Attacks Against Deep Learning Accelerators on Multi-Tenant FPGAs
Andrew Boutros, Mathew Hall, Nicolas Papernot, Vaughn Betz
In Proceedings of the 2020 International Conference on Field-Programmable Technology@inproceedings{andrew2020neighbors, author = {Boutros, Andrew and Hall, Mathew and Papernot, Nicolas and Betz, Vaughn}, booktitle = {Proceedings of the 2020 International Conference on Field-Programmable Technology}, title = {Neighbors From Hell: Voltage Attacks Against Deep Learning Accelerators on Multi-Tenant FPGAs}, year = {2020} } - Not my deepfake: towards plausible deniability for machine-generated media
Baiwu Zhang, Jin Zhou, Ilia Shumailov, Nicolas Papernot
@article{baiwu2020not, author = {Zhang, Baiwu and Zhou, Jin and Shumailov, Ilia and Papernot, Nicolas}, title = {Not my deepfake: towards plausible deniability for machine-generated media}, year = {2020} } - Label-Only Membership Inference Attacks
Christopher A. Choquette Choo, Florian Tramer, Nicholas Carlini, Nicolas Papernot
In Proceedings of the 38th International Conference on Machine Learning@inproceedings{christopher2020labelonly, author = {Choo, Christopher A. Choquette and Tramer, Florian and Carlini, Nicholas and Papernot, Nicolas}, booktitle = {Proceedings of the 38th International Conference on Machine Learning}, title = {Label-Only Membership Inference Attacks}, year = {2020} } - On the Robustness of Cooperative Multi-Agent Reinforcement Learning
Jieyu Lin, Kristina Dzeparoska, Sai Qian Zhang, Alberto Leon-Garcia, Nicolas Papernot
@article{jieyu2020on, author = {Lin, Jieyu and Dzeparoska, Kristina and Zhang, Sai Qian and Leon-Garcia, Alberto and Papernot, Nicolas}, title = {On the Robustness of Cooperative Multi-Agent Reinforcement Learning}, year = {2020} } - Dataset Inference: Ownership Resolution in Machine Learning
Pratyush Maini, Mohammad Yaghini, Nicolas Papernot
@article{pratyush2020dataset, author = {Maini, Pratyush and Yaghini, Mohammad and Papernot, Nicolas}, title = {Dataset Inference: Ownership Resolution in Machine Learning}, year = {2020} } - On the Effectiveness of Mitigating Data Poisoning Attacks with Gradient Shaping
Sanghyun Hong, Varun Chandrasekaran, Yigitcan Kaya, Tudor Dumitras, Nicolas Papernot
@article{sanghyun2020on, author = {Hong, Sanghyun and Chandrasekaran, Varun and Kaya, Yigitcan and Dumitras, Tudor and Papernot, Nicolas}, title = {On the Effectiveness of Mitigating Data Poisoning Attacks with Gradient Shaping}, year = {2020} } - The Pitfalls of Differentially Private Prediction in Healthcare
Vinith Suriyakumar, Nicolas Papernot, Anna Goldenberg, Marzyeh Ghassemi
@article{vinith2020the, author = {Suriyakumar, Vinith and Papernot, Nicolas and Goldenberg, Anna and Ghassemi, Marzyeh}, title = {The Pitfalls of Differentially Private Prediction in Healthcare}, year = {2020} }
2019
- How Relevant Is the Turing Test in the Age of Sophisbots?
Dan Boneh, Andrew J. Grotto, Patrick McDaniel, Nicolas Papernot
In IEEE Security and Privacy Magazine@inproceedings{dan2019how, author = {Boneh, Dan and Grotto, Andrew J. and McDaniel, Patrick and Papernot, Nicolas}, booktitle = {IEEE Security and Privacy Magazine}, title = {How Relevant Is the Turing Test in the Age of Sophisbots?}, year = {2019} } - Rearchitecting Classification Frameworks For Increased Robustness
Varun Chandrasekaran, Brian Tang, Nicolas Papernot, Kassem Fawaz, Somesh Jha, Xi Wu
@article{varun2019rearchitecting, author = {Chandrasekaran, Varun and Tang, Brian and Papernot, Nicolas and Fawaz, Kassem and Jha, Somesh and Wu, Xi}, title = {Rearchitecting Classification Frameworks For Increased Robustness}, year = {2019} }