Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
class:gradsec2026 [2026/05/05 15:09] hanwoo [Agenda] |
class:gradsec2026 [2026/05/15 10:38] (current) hanwoo [C3. Privacy Attacks on Machine Learning] |
||
|---|---|---|---|
| Line 27: | Line 27: | ||
| TBD | TBD | ||
| | | ||
| - | * order: Cho --> Han --> Kwak | + | * order: Jo --> Han --> Kwak |
| * # of presentations per week: 2, 2, 2, ... | * # of presentations per week: 2, 2, 2, ... | ||
| * # of presentations per person: | * # of presentations per person: | ||
| Line 35: | Line 35: | ||
| | 3/4 | Minho | AI-Introduction | {{ :class:ai-intro.pdf |AI-Intro}} | | | | 3/4 | Minho | AI-Introduction | {{ :class:ai-intro.pdf |AI-Intro}} | | | ||
| | 3/11 | Minho | | | | | | 3/11 | Minho | | | | | ||
| - | | ::: | Cho | [[https://www.usenix.org/system/files/sec21-schuster.pdf|You autocomplete me: Poisoning vulnerabilities in neural code completion]] | {{ :class:인공지능보안_03_11_조현준.pptx |}} | | | + | | ::: | Jo | [[https://www.usenix.org/system/files/sec21-schuster.pdf|You autocomplete me: Poisoning vulnerabilities in neural code completion]] | {{ :class:인공지능보안_03_11_조현준.pptx |}} | | |
| | 3/18 | Minho | | | | | | 3/18 | Minho | | | | | ||
| | ::: | Han | [[https://arxiv.org/pdf/2102.07995.pdf|D2a: A dataset built for ai-based vulnerability detection methods using differential analysis]] | {{ :class:d2a.pptx |}} | | | | | ::: | Han | [[https://arxiv.org/pdf/2102.07995.pdf|D2a: A dataset built for ai-based vulnerability detection methods using differential analysis]] | {{ :class:d2a.pptx |}} | | | | ||
| Line 41: | Line 41: | ||
| | ::: | Kwak| [[https://www.mdpi.com/1424-8220/23/9/4403/pdf|A Deep Learning-Based Innovative Technique for Phishing Detection with URLs]] | {{ :class:현대_보안에서_url을_이용한_피싱_탐지를_위한_딥러닝_기반_혁신_기법.pdf |}} | | | | ::: | Kwak| [[https://www.mdpi.com/1424-8220/23/9/4403/pdf|A Deep Learning-Based Innovative Technique for Phishing Detection with URLs]] | {{ :class:현대_보안에서_url을_이용한_피싱_탐지를_위한_딥러닝_기반_혁신_기법.pdf |}} | | | ||
| | 4/1 | No Class | | | | | | 4/1 | No Class | | | | | ||
| - | | 4/10 | Cho | [[https://arxiv.org/pdf/1803.04173|Adversarial Malware Binaries: Evading Deep | + | | 4/10 | Jo | [[https://arxiv.org/pdf/1803.04173|Adversarial Malware Binaries: Evading Deep |
| Learning for Malware Detection in Executables]] |{{ :class:dl_for_malware_detection_in_ex_인공지능보안_조현준.pptx |}} | | | Learning for Malware Detection in Executables]] |{{ :class:dl_for_malware_detection_in_ex_인공지능보안_조현준.pptx |}} | | | ||
| | 4/15 | Han | [[https://arxiv.org/pdf/1904.12843|Adversarial Training for Free!]] |{{ :class:adversarial_training_for_free_.pdf |}} | | | | 4/15 | Han | [[https://arxiv.org/pdf/1904.12843|Adversarial Training for Free!]] |{{ :class:adversarial_training_for_free_.pdf |}} | | | ||
| Line 48: | Line 48: | ||
| | 4/29 | Kwak | Deep reinforcement learning for time series:playing idealized trading games |{{ :class:시계열_데이터를_이용한_강화학습_기반_이상화된_트레이딩_.pdf |}} | | | | 4/29 | Kwak | Deep reinforcement learning for time series:playing idealized trading games |{{ :class:시계열_데이터를_이용한_강화학습_기반_이상화된_트레이딩_.pdf |}} | | | ||
| | ::: | Minho | AI Security | {{ :class:ai_security_introduction.pptx |}} | | | | ::: | Minho | AI Security | {{ :class:ai_security_introduction.pptx |}} | | | ||
| - | | 5/6 | Cho | | | | | + | | 5/6 | Jo | [[https://arxiv.org/pdf/2310.12815 | Formalizing and Benchmarking Prompt Injection Attacks and Defenses]]| {{ :class:formalizing_and_benchmarking_prompt_injection_attacks_and_defenses_-_복사본.pptx |발표본}} | | |
| - | | ::: | Han | [[https://arxiv.org/pdf/2305.00944]] | | | | + | | ::: | Han | [[https://arxiv.org/pdf/2305.00944|Poisoning Language Models During Instruction Tuning]] | {{ :class:poisoning_language_models_during_instruction_tuning.pdf|poisoning_language_models_during_instruction_tuning}} | | |
| - | | 5/13 | Kwak | | | | | + | | 5/13 | Han | [[https://arxiv.org/pdf/2004.04692 |RETHINKING THE TRIGGER OF BACKDOOR ATTACK]] | {{ :class:rethinking_the_trigger_of_backdoor_attack.pdf |rethinking_the_trigger_of_backdoor_attack}} | | |
| - | | 5/20 | Cho | | | | | + | | ::: | Kwak | [[https://arxiv.org/pdf/1910.00033 |Hidden Trigger Backdoor Attacks]] | {{ :class:hidden_trigger_backdoor_attacks.pdf |}} | | |
| - | | 5/27 | Han | | | | | + | | 5/20 | Kwak | | | | |
| - | | 6/3 | Kwak | | | | | + | | ::: | Jo | | | | |
| - | | 6/10 | Cho | | | | | + | | 5/27 | Jo | | | | |
| - | | 6/17 | Han | | | | | + | | ::: | Han | | | | |
| - | | 6/24 | Kwak | | | | | + | | 6/5 | Kwak | | | | |
| + | | 6/10 | No Class | | | | | ||
| ====== Class Information ====== | ====== Class Information ====== | ||
| Line 156: | Line 157: | ||
| * Keywords: Backdoor attacks, frequency analysis, Fourier transform, trigger design, stealth attacks | * Keywords: Backdoor attacks, frequency analysis, Fourier transform, trigger design, stealth attacks | ||
| * URL: https://arxiv.org/pdf/2104.03413.pdf | * URL: https://arxiv.org/pdf/2104.03413.pdf | ||
| - | - **Backdoor Attacks Against Deep Learning Systems in the Physical World** | + | - <fc red>(Han)</fc> **Backdoor Attacks Against Deep Learning Systems in the Physical World** |
| * Emily Wenger et al., CVPR 2021 | Pages: 10 | Difficulty: 3/5 | * Emily Wenger et al., CVPR 2021 | Pages: 10 | Difficulty: 3/5 | ||
| * Abstract: Extends backdoor attacks to the physical world using robust physical triggers that work across different viewing conditions. Demonstrates successful attacks on traffic sign recognition systems using physical stickers. Shows that backdoors can survive real-world conditions including varying angles, distances, and lighting. | * Abstract: Extends backdoor attacks to the physical world using robust physical triggers that work across different viewing conditions. Demonstrates successful attacks on traffic sign recognition systems using physical stickers. Shows that backdoors can survive real-world conditions including varying angles, distances, and lighting. | ||
| * Keywords: Physical adversarial examples, backdoor attacks, computer vision, robust perturbations, physical-world attacks | * Keywords: Physical adversarial examples, backdoor attacks, computer vision, robust perturbations, physical-world attacks | ||
| * URL: https://arxiv.org/pdf/2004.04692.pdf | * URL: https://arxiv.org/pdf/2004.04692.pdf | ||
| - | - **Hidden Trigger Backdoor Attacks** | + | - <fc red>(kawk)</fc> **Hidden Trigger Backdoor Attacks** |
| * Aniruddha Saha et al., AAAI 2020 | Pages: 8 | Difficulty: 3/5 | * Aniruddha Saha et al., AAAI 2020 | Pages: 8 | Difficulty: 3/5 | ||
| * Abstract: Proposes backdoor attacks where triggers are hidden in the neural network's feature space rather than being visible patterns in the input. These attacks are harder to detect because there's no visible trigger pattern that can be identified through input inspection or trigger inversion techniques. | * Abstract: Proposes backdoor attacks where triggers are hidden in the neural network's feature space rather than being visible patterns in the input. These attacks are harder to detect because there's no visible trigger pattern that can be identified through input inspection or trigger inversion techniques. | ||
| Line 178: | Line 179: | ||
| ==== C3. Privacy Attacks on Machine Learning ==== | ==== C3. Privacy Attacks on Machine Learning ==== | ||
| - | - **Extracting Training Data from Large Language Models** | + | -<fc red>(kawk)</fc> **Extracting Training Data from Large Language Models** |
| * Nicholas Carlini et al., USENIX Security 2021 | Pages: 17 | Difficulty: 3/5 | * Nicholas Carlini et al., USENIX Security 2021 | Pages: 17 | Difficulty: 3/5 | ||
| * Abstract: Demonstrates that large language models like GPT-2 memorize and can be made to emit verbatim training data including personal information, phone numbers, and copyrighted content. The paper raises serious privacy concerns for LLMs trained on web data and shows that model size correlates with memorization capability. | * Abstract: Demonstrates that large language models like GPT-2 memorize and can be made to emit verbatim training data including personal information, phone numbers, and copyrighted content. The paper raises serious privacy concerns for LLMs trained on web data and shows that model size correlates with memorization capability. | ||
| Line 227: | Line 228: | ||
| * Keywords: Prompt injection, LLMs, indirect attacks, application security, web security, LLM agents | * Keywords: Prompt injection, LLMs, indirect attacks, application security, web security, LLM agents | ||
| * URL: https://arxiv.org/pdf/2302.12173.pdf | * URL: https://arxiv.org/pdf/2302.12173.pdf | ||
| - | - **Poisoning Language Models During Instruction Tuning** | + | - <fc red>(Han)</fc> **Poisoning Language Models During Instruction Tuning** |
| * Alexander Wan et al., ICML 2023 | Pages: 12 | Difficulty: 3/5 | * Alexander Wan et al., ICML 2023 | Pages: 12 | Difficulty: 3/5 | ||
| * Abstract: Demonstrates backdoor attacks during the instruction tuning phase of LLMs. Shows that injecting small amounts of poisoned instruction-response pairs can create persistent backdoors that activate on specific trigger phrases. Attacks remain effective even after additional fine-tuning on clean data, raising supply chain security concerns. | * Abstract: Demonstrates backdoor attacks during the instruction tuning phase of LLMs. Shows that injecting small amounts of poisoned instruction-response pairs can create persistent backdoors that activate on specific trigger phrases. Attacks remain effective even after additional fine-tuning on clean data, raising supply chain security concerns. | ||
class/gradsec2026.1777968568.txt.gz · Last modified: 2026/05/05 15:09 by hanwoo · [Old revisions]
