This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
class:gradsec2026 [2026/06/02 08:42] hanwoo [C2. Model Poisoning & Backdoor Attacks] |
class:gradsec2026 [2026/06/15 11:25] (current) hanwoo [Agenda] |
||
|---|---|---|---|
| Line 56: | Line 56: | ||
| | 5/27 | Jo | | | | | | 5/27 | Jo | | | | | ||
| | ::: | Han | [[https://arxiv.org/pdf/2307.02483.pdf|Jailbroken-How Does LLM Safety Training Fail]] | {{ :class:jailbroken-how_does_llm_safety_training_fail.pdf |발표자료}} | | | | ::: | Han | [[https://arxiv.org/pdf/2307.02483.pdf|Jailbroken-How Does LLM Safety Training Fail]] | {{ :class:jailbroken-how_does_llm_safety_training_fail.pdf |발표자료}} | | | ||
| - | | 6/5 | Kwak | | | | | + | | 6/5 | Kwak | [[https://arxiv.org/pdf/2010.08138.pdf|Input-Aware Dynamic Backdoor Attack ]] | {{ :class:input-aware_dynamic_backdoor_attack.pdf |}} | | |
| | 6/10 | No Class | | | | | | 6/10 | No Class | | | | | ||
| ====== Class Information ====== | ====== Class Information ====== | ||
| Line 152: | Line 152: | ||
| * Keywords: Survey paper, backdoor attacks, defense mechanisms, trigger patterns, neural network security | * Keywords: Survey paper, backdoor attacks, defense mechanisms, trigger patterns, neural network security | ||
| * URL: https://arxiv.org/pdf/2007.08745.pdf | * URL: https://arxiv.org/pdf/2007.08745.pdf | ||
| - | - <fc red>(Han)</fc>**Rethinking the Backdoor Attacks' Triggers: A Frequency Perspective** | + | - **Rethinking the Backdoor Attacks' Triggers: A Frequency Perspective** |
| * Yi Zeng et al., ICCV 2021 | Pages: 10 | Difficulty: 3/5 | * Yi Zeng et al., ICCV 2021 | Pages: 10 | Difficulty: 3/5 | ||
| * Abstract: Analyzes backdoor triggers from a frequency perspective and discovers that existing triggers predominantly contain high-frequency components. Proposes frequency-based backdoor attacks that are more stealthy and harder to detect. Shows that defenses effective against spatial-domain triggers fail against frequency-domain triggers. | * Abstract: Analyzes backdoor triggers from a frequency perspective and discovers that existing triggers predominantly contain high-frequency components. Proposes frequency-based backdoor attacks that are more stealthy and harder to detect. Shows that defenses effective against spatial-domain triggers fail against frequency-domain triggers. | ||
| * Keywords: Backdoor attacks, frequency analysis, Fourier transform, trigger design, stealth attacks | * Keywords: Backdoor attacks, frequency analysis, Fourier transform, trigger design, stealth attacks | ||
| * URL: https://arxiv.org/pdf/2104.03413.pdf | * URL: https://arxiv.org/pdf/2104.03413.pdf | ||
| - | - **Backdoor Attacks Against Deep Learning Systems in the Physical World** | + | - <fc red>(Han)</fc> **Backdoor Attacks Against Deep Learning Systems in the Physical World** |
| * Emily Wenger et al., CVPR 2021 | Pages: 10 | Difficulty: 3/5 | * Emily Wenger et al., CVPR 2021 | Pages: 10 | Difficulty: 3/5 | ||
| * Abstract: Extends backdoor attacks to the physical world using robust physical triggers that work across different viewing conditions. Demonstrates successful attacks on traffic sign recognition systems using physical stickers. Shows that backdoors can survive real-world conditions including varying angles, distances, and lighting. | * Abstract: Extends backdoor attacks to the physical world using robust physical triggers that work across different viewing conditions. Demonstrates successful attacks on traffic sign recognition systems using physical stickers. Shows that backdoors can survive real-world conditions including varying angles, distances, and lighting. | ||
| Line 213: | Line 213: | ||
| ==== C4. LLM Security & Jailbreaking ==== | ==== C4. LLM Security & Jailbreaking ==== | ||
| - | - **Jailbroken: How Does LLM Safety Training Fail?** | + | - <fc red>(Han)</fc> **Jailbroken: How Does LLM Safety Training Fail?** |
| * Alexander Wei et al., NeurIPS 2023 | Pages: 34 | Difficulty: 3/5 | * Alexander Wei et al., NeurIPS 2023 | Pages: 34 | Difficulty: 3/5 | ||
| * Abstract: Analyzes why safety training in LLMs can be circumvented through jailbreaking. Identifies two fundamental failure modes: competing objectives during training and mismatched generalization between safety and capabilities. Provides theoretical framework for understanding jailbreak vulnerabilities and suggests that current alignment approaches have inherent limitations. | * Abstract: Analyzes why safety training in LLMs can be circumvented through jailbreaking. Identifies two fundamental failure modes: competing objectives during training and mismatched generalization between safety and capabilities. Provides theoretical framework for understanding jailbreak vulnerabilities and suggests that current alignment approaches have inherent limitations. | ||