Publications


2021

  1. On the Exploitability of Audio Machine Learning Pipelines to Surreptitious Adversarial Examples
    Adelin Travers, Lorna Licollari, Guanghan Wang, Varun Chandrasekaran, Adam Dziedzic, David Lie, Nicolas Papernot

    Paper

    @article{adelin2021on,
      author = {Travers, Adelin and Licollari, Lorna and Wang, Guanghan and Chandrasekaran, Varun and Dziedzic, Adam and Lie, David and Papernot, Nicolas},
      title = {On the Exploitability of Audio Machine Learning Pipelines to Surreptitious Adversarial Examples},
      year = {2021}
    }
    
  2. On the Necessity of Auditable Algorithmic Definitions for Machine Unlearning
    Anvith Thudi, Hengrui Jia, Ilia Shumailov, Nicolas Papernot

    Paper

    @article{anvith2021on,
      author = {Thudi, Anvith and Jia, Hengrui and Shumailov, Ilia and Papernot, Nicolas},
      title = {On the Necessity of Auditable Algorithmic Definitions for Machine Unlearning},
      year = {2021}
    }
    
  3. Unrolling SGD: Understanding Factors Influencing Machine Unlearning
    Anvith Thudi, Gabriel Deza, Varun Chandrasekaran, Nicolas Papernot

    Paper

    @article{anvith2021unrolling,
      author = {Thudi, Anvith and Deza, Gabriel and Chandrasekaran, Varun and Papernot, Nicolas},
      title = {Unrolling SGD: Understanding Factors Influencing Machine Unlearning},
      year = {2021}
    }
    
  4. CaPC Learning: Confidential and Private Collaborative Learning
    Christopher A. Choquette-Choo, Natalie Dullerud, Adam Dziedzic, Yunxiang Zhang, Somesh Jha, Nicolas Papernot, Xiao Wang
    In Proceedings of the 9th International Conference on Learning Representations

    Paper

    @inproceedings{christopher2021capc,
      author = {Choquette-Choo, Christopher A. and Dullerud, Natalie and Dziedzic, Adam and Zhang, Yunxiang and Jha, Somesh and Papernot, Nicolas and Wang, Xiao},
      booktitle = {Proceedings of the 9th International Conference on Learning Representations},
      title = {CaPC Learning: Confidential and Private Collaborative Learning},
      year = {2021}
    }
    
  5. Markpainting: Adversarial Machine Learning meets Inpainting
    David Khachaturov, Ilia Shumailov, Yiren Zhao, Nicolas Papernot, Ross Anderson
    In Proceedings of the 38th International Conference on Machine Learning

    Paper

    @inproceedings{david2021markpainting,
      author = {Khachaturov, David and Shumailov, Ilia and Zhao, Yiren and Papernot, Nicolas and Anderson, Ross},
      booktitle = {Proceedings of the 38th International Conference on Machine Learning},
      title = {Markpainting: Adversarial Machine Learning meets Inpainting},
      year = {2021}
    }
    
  6. When the Curious Abandon Honesty: Federated Learning Is Not Private
    Franziska Boenisch, Adam Dziedzic, Roei Schuster, Ali Shahin Shamsabadi, Ilia Shumailov, Nicolas Papernot

    Paper

    @article{franziska2021when,
      author = {Boenisch, Franziska and Dziedzic, Adam and Schuster, Roei and Shamsabadi, Ali Shahin and Shumailov, Ilia and Papernot, Nicolas},
      title = {When the Curious Abandon Honesty: Federated Learning Is Not Private},
      year = {2021}
    }
    
  7. Interpretability in Safety-Critical Financial Trading Systems
    Gabriel Deza, Adelin Travers, Colin Rowat, Nicolas Papernot

    Paper

    @article{gabriel2021interpretability,
      author = {Deza, Gabriel and Travers, Adelin and Rowat, Colin and Papernot, Nicolas},
      title = {Interpretability in Safety-Critical Financial Trading Systems},
      year = {2021}
    }
    
  8. SoK: The Faults in our ASRs: An Overview of Attacks against Automatic Speech Recognition and Speaker Identification Systems
    Hadi Abdullah, Kevin Warren, Vincent Bindschaedler, Nicolas Papernot, Patrick Traynor
    In Proceedings of the 42nd IEEE Symposium on Security and Privacy, San Francisco, CA

    Paper

    @inproceedings{hadi2021sok,
      author = {Abdullah, Hadi and Warren, Kevin and Bindschaedler, Vincent and Papernot, Nicolas and Traynor, Patrick},
      booktitle = {Proceedings of the 42nd IEEE Symposium on Security and Privacy, San Francisco, CA},
      title = {SoK: The Faults in our ASRs: An Overview of Attacks against Automatic Speech Recognition and Speaker Identification Systems},
      year = {2021}
    }
    
  9. Entangled Watermarks as a Defense against Model Extraction
    Hengrui Jia, Christopher A. Choquette-Choo, Varun Chandrasekaran, Nicolas Papernot
    In Proceedings of the 30th USENIX Security Symposium

    Paper

    @inproceedings{hengrui2021entangled,
      author = {Jia, Hengrui and Choquette-Choo, Christopher A. and Chandrasekaran, Varun and Papernot, Nicolas},
      booktitle = {Proceedings of the 30th USENIX Security Symposium},
      title = {Entangled Watermarks as a Defense against Model Extraction},
      year = {2021}
    }
    
  10. Proof-of-Learning: Definitions and Practice
    Hengrui Jia, Mohammad Yaghini, Christopher A. Choquette-Choo, Natalie Dullerud, Anvith Thudi, Varun Chandrasekaran, Nicolas Papernot
    In Proceedings of the 42nd IEEE Symposium on Security and Privacy, San Francisco, CA

    Paper

    @inproceedings{hengrui2021proofoflearning,
      author = {Jia, Hengrui and Yaghini, Mohammad and Choquette-Choo, Christopher A. and Dullerud, Natalie and Thudi, Anvith and Chandrasekaran, Varun and Papernot, Nicolas},
      booktitle = {Proceedings of the 42nd IEEE Symposium on Security and Privacy, San Francisco, CA},
      title = {Proof-of-Learning: Definitions and Practice},
      year = {2021}
    }
    
  11. Manipulating SGD with Data Ordering Attacks
    Ilia Shumailov, Zakhar Shumaylov, Dmitry Kazhdan, Yiren Zhao, Nicolas Papernot, Murat A. Erdogdu, Ross Anderson
    In Proceedings of the 35th Conference on Neural Information Processing Systems

    Paper

    @inproceedings{ilia2021manipulating,
      author = {Shumailov, Ilia and Shumaylov, Zakhar and Kazhdan, Dmitry and Zhao, Yiren and Papernot, Nicolas and Erdogdu, Murat A. and Anderson, Ross},
      booktitle = {Proceedings of the 35th Conference on Neural Information Processing Systems},
      title = {Manipulating SGD with Data Ordering Attacks},
      year = {2021}
    }
    
  12. Sponge Examples: Energy-Latency Attacks on Neural Networks
    Ilia Shumailov, Yiren Zhao, Daniel Bates, Nicolas Papernot, Robert Mullins, Ross Anderson
    In Proceedings of the 6th IEEE European Symposium on Security and Privacy, Vienna, Austria

    Paper

    @inproceedings{ilia2021sponge,
      author = {Shumailov, Ilia and Zhao, Yiren and Bates, Daniel and Papernot, Nicolas and Mullins, Robert and Anderson, Ross},
      booktitle = {Proceedings of the 6th IEEE European Symposium on Security and Privacy, Vienna, Austria},
      title = {Sponge Examples: Energy-Latency Attacks on Neural Networks},
      year = {2021}
    }
    
  13. Data-Free Model Extraction
    Jean-Baptiste Truong, Pratyush Maini, Robert Walls, Nicolas Papernot
    In Proceedings of the 2021 IEEE/CVF Conference on Computer Vision and Pattern Recognition, Nashville, TN

    Paper

    @inproceedings{jeanbaptiste2021datafree,
      author = {Truong, Jean-Baptiste and Maini, Pratyush and Walls, Robert and Papernot, Nicolas},
      booktitle = {Proceedings of the 2021 IEEE/CVF Conference on Computer Vision and Pattern Recognition, Nashville, TN},
      title = {Data-Free Model Extraction},
      year = {2021}
    }
    
  14. Machine Unlearning
    Lucas Bourtoule, Varun Chandrasekaran, Christopher Choquette-Choo, Hengrui Jia, Adelin Travers, Baiwu Zhang, David Lie, Nicolas Papernot
    In Proceedings of the 42nd IEEE Symposium on Security and Privacy, San Francisco, CA

    Paper

    @inproceedings{lucas2021machine,
      author = {Bourtoule, Lucas and Chandrasekaran, Varun and Choquette-Choo, Christopher and Jia, Hengrui and Travers, Adelin and Zhang, Baiwu and Lie, David and Papernot, Nicolas},
      booktitle = {Proceedings of the 42nd IEEE Symposium on Security and Privacy, San Francisco, CA},
      title = {Machine Unlearning},
      year = {2021}
    }
    
  15. Adversary Instantiation: Lower bounds for differentially private machine learning
    Milad Nasr, Shuang Song, Abhradeep Guha Thakurta, Nicolas Papernot, Nicholas Carlini
    In Proceedings of the 42nd IEEE Symposium on Security and Privacy, San Francisco, CA

    Paper

    @inproceedings{milad2021adversary,
      author = {Nasr, Milad and Song, Shuang and Thakurta, Abhradeep Guha and Papernot, Nicolas and Carlini, Nicholas},
      booktitle = {Proceedings of the 42nd IEEE Symposium on Security and Privacy, San Francisco, CA},
      title = {Adversary Instantiation: Lower bounds for differentially private machine learning},
      year = {2021}
    }
    
  16. Accelerating Symbolic Analysis for Android Apps
    Mingyue Yang, David Lie, Nicolas Papernot

    Paper

    @article{mingyue2021accelerating,
      author = {Yang, Mingyue and Lie, David and Papernot, Nicolas},
      title = {Accelerating Symbolic Analysis for Android Apps},
      year = {2021}
    }
    
  17. Encyclopedia of Cryptography, Security and Privacy
    Nicolas Papernot

    Paper

    @inbook{nicolas2021adversarial,
      author = {Papernot, Nicolas},
      chapter = {Adversarial Machine Learning},
      title = {Encyclopedia of Cryptography, Security and Privacy},
      year = {2021}
    }
    
  18. Hyperparameter Tuning with Renyi Differential Privacy
    Nicolas Papernot, Thomas Steinke

    Paper

    @article{nicolas2021hyperparameter,
      author = {Papernot, Nicolas and Steinke, Thomas},
      title = {Hyperparameter Tuning with Renyi Differential Privacy},
      year = {2021}
    }
    
  19. Tempered Sigmoids for Deep Learning with Differential Privacy
    Nicolas Papernot, Abhradeep Thakurta, Shuang Song, Steve Chien, Ulfar Erlingsson
    In Proceedings of the 35th AAAI Conference on Artificial Intelligence

    Paper

    @inproceedings{nicolas2021tempered,
      author = {Papernot, Nicolas and Thakurta, Abhradeep and Song, Shuang and Chien, Steve and Erlingsson, Ulfar},
      booktitle = {Proceedings of the 35th AAAI Conference on Artificial Intelligence},
      title = {Tempered Sigmoids for Deep Learning with Differential Privacy},
      year = {2021}
    }
    
  20. Dataset Inference: Ownership Resolution in Machine Learning
    Pratyush Maini, Mohammad Yaghini, Nicolas Papernot
    In Proceedings of the 9th International Conference on Learning Representations

    Paper

    @inproceedings{pratyush2021dataset,
      author = {Maini, Pratyush and Yaghini, Mohammad and Papernot, Nicolas},
      booktitle = {Proceedings of the 9th International Conference on Learning Representations},
      title = {Dataset Inference: Ownership Resolution in Machine Learning},
      year = {2021}
    }
    
  21. SoK: Machine Learning Governance
    Varun Chandrasekaran, Hengrui Jia, Anvith Thudi, Adelin Travers, Mohammad Yaghini, Nicolas Papernot

    Paper

    @article{varun2021sok,
      author = {Chandrasekaran, Varun and Jia, Hengrui and Thudi, Anvith and Travers, Adelin and Yaghini, Mohammad and Papernot, Nicolas},
      title = {SoK: Machine Learning Governance},
      year = {2021}
    }
    
  22. Chasing Your Long Tails: Differentially Private Prediction in Health Care Settings
    Vinith Suriyakumar, Nicolas Papernot, Anna Goldenberg, Marzyeh Ghassemi
    In Proceedings of the 2021 ACM Conference on Fairness, Accountability, and Transparency

    Paper

    @inproceedings{vinith2021chasing,
      author = {Suriyakumar, Vinith and Papernot, Nicolas and Goldenberg, Anna and Ghassemi, Marzyeh},
      booktitle = {Proceedings of the 2021 ACM Conference on Fairness, Accountability, and Transparency},
      title = {Chasing Your Long Tails: Differentially Private Prediction in Health Care Settings},
      year = {2021}
    }
    

2020

  1. Neighbors From Hell: Voltage Attacks Against Deep Learning Accelerators on Multi-Tenant FPGAs
    Andrew Boutros, Mathew Hall, Nicolas Papernot, Vaughn Betz
    In Proceedings of the 2020 International Conference on Field-Programmable Technology

    Paper

    @inproceedings{andrew2020neighbors,
      author = {Boutros, Andrew and Hall, Mathew and Papernot, Nicolas and Betz, Vaughn},
      booktitle = {Proceedings of the 2020 International Conference on Field-Programmable Technology},
      title = {Neighbors From Hell: Voltage Attacks Against Deep Learning Accelerators on Multi-Tenant FPGAs},
      year = {2020}
    }
    
  2. Not my deepfake: towards plausible deniability for machine-generated media
    Baiwu Zhang, Jin Zhou, Ilia Shumailov, Nicolas Papernot

    @article{baiwu2020not,
      author = {Zhang, Baiwu and Zhou, Jin and Shumailov, Ilia and Papernot, Nicolas},
      title = {Not my deepfake: towards plausible deniability for machine-generated media},
      year = {2020}
    }
    
  3. Label-Only Membership Inference Attacks
    Christopher A. Choquette Choo, Florian Tramer, Nicholas Carlini, Nicolas Papernot
    In Proceedings of the 38th International Conference on Machine Learning

    Paper

    @inproceedings{christopher2020labelonly,
      author = {Choo, Christopher A. Choquette and Tramer, Florian and Carlini, Nicholas and Papernot, Nicolas},
      booktitle = {Proceedings of the 38th International Conference on Machine Learning},
      title = {Label-Only Membership Inference Attacks},
      year = {2020}
    }
    
  4. On the Robustness of Cooperative Multi-Agent Reinforcement Learning
    Jieyu Lin, Kristina Dzeparoska, Sai Qian Zhang, Alberto Leon-Garcia, Nicolas Papernot

    Paper

    @article{jieyu2020on,
      author = {Lin, Jieyu and Dzeparoska, Kristina and Zhang, Sai Qian and Leon-Garcia, Alberto and Papernot, Nicolas},
      title = {On the Robustness of Cooperative Multi-Agent Reinforcement Learning},
      year = {2020}
    }
    
  5. Dataset Inference: Ownership Resolution in Machine Learning
    Pratyush Maini, Mohammad Yaghini, Nicolas Papernot

    Paper

    @article{pratyush2020dataset,
      author = {Maini, Pratyush and Yaghini, Mohammad and Papernot, Nicolas},
      title = {Dataset Inference: Ownership Resolution in Machine Learning},
      year = {2020}
    }
    
  6. On the Effectiveness of Mitigating Data Poisoning Attacks with Gradient Shaping
    Sanghyun Hong, Varun Chandrasekaran, Yigitcan Kaya, Tudor Dumitras, Nicolas Papernot

    Paper

    @article{sanghyun2020on,
      author = {Hong, Sanghyun and Chandrasekaran, Varun and Kaya, Yigitcan and Dumitras, Tudor and Papernot, Nicolas},
      title = {On the Effectiveness of Mitigating Data Poisoning Attacks with Gradient Shaping},
      year = {2020}
    }
    
  7. The Pitfalls of Differentially Private Prediction in Healthcare
    Vinith Suriyakumar, Nicolas Papernot, Anna Goldenberg, Marzyeh Ghassemi

    Paper

    @article{vinith2020the,
      author = {Suriyakumar, Vinith and Papernot, Nicolas and Goldenberg, Anna and Ghassemi, Marzyeh},
      title = {The Pitfalls of Differentially Private Prediction in Healthcare},
      year = {2020}
    }
    

2019

  1. How Relevant Is the Turing Test in the Age of Sophisbots?
    Dan Boneh, Andrew J. Grotto, Patrick McDaniel, Nicolas Papernot
    In IEEE Security and Privacy Magazine

    Paper

    @inproceedings{dan2019how,
      author = {Boneh, Dan and Grotto, Andrew J. and McDaniel, Patrick and Papernot, Nicolas},
      booktitle = {IEEE Security and Privacy Magazine},
      title = {How Relevant Is the Turing Test in the  Age of Sophisbots?},
      year = {2019}
    }
    
  2. Rearchitecting Classification Frameworks For Increased Robustness
    Varun Chandrasekaran, Brian Tang, Nicolas Papernot, Kassem Fawaz, Somesh Jha, Xi Wu

    Paper

    @article{varun2019rearchitecting,
      author = {Chandrasekaran, Varun and Tang, Brian and Papernot, Nicolas and Fawaz, Kassem and Jha, Somesh and Wu, Xi},
      title = {Rearchitecting Classification Frameworks For Increased Robustness},
      year = {2019}
    }