Theme
|
Title |
Authors
|
Year |
1. Model evasion
|
Adversarial Examples Are Not Bugs, They Are Features
|
Ilyas et al.
|
2019 |
|
TextBugger: Generating Adversarial Text Against Real-world Applications
|
Li et al.
|
2018 |
|
Certified Defenses Against Adversarial Examples |
Raghunathan et al.
|
2018 |
|
Ensemble Adversarial Training: Attacks and Defenses
|
Tramèr et al.
|
2020 |
2. Model poisoning |
Poisoning Attacks against Support Vector Machines |
Biggio et al. |
2012 |
|
Poison Frogs! Targeted Clean-Label Poisoning Attacks on Neural Networks
|
Shafahi et al.
|
2018 |
|
Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks
|
Wang et al.
|
2019 |
|
Certified Defenses for Data Poisoning Attacks
|
Steinhardt et al.
|
2017
|
4. Model stealing
|
Exploring Connections Between Active Learning and Model Extraction
|
Chandrasekaran et al.
|
2018 |
|
Model Extraction Attacks Against Recurrent Neural Networks
|
Takemura et al.
|
2020 |
|
Prediction Poisoning Utility-Constrained Defenses Against Model Stealing Attacks |
Orekondy et al.
|
2020 |
|
Extraction of Complex DNN Models: Real Threat or Boogeyman? |
Atli et al.
|
2020 |
5. Protecting intellectual property of models
|
REFIT: a Unified Watermark Removal Framework for Deep Learning Systems with Limited Data
|
Chen et al.
|
2020 |
|
Neural Network Laundering: Removing Black-Box Backdoor Watermarks from Deep Neural Networks
|
Aiken et al.
|
2020 |
|
Deep Neural Network Fingerprinting by Conferrable Adversarial Examples
|
Lukas et al.
|
2019 |
|
Rethinking deep neural network ownership verification: Embedding passports to defeat ambiguity attacks
|
Fan et al.
|
2019 |
6. Data leakage
|
Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures
|
Fredrikson et al.
|
2015 |
|
Extracting Training Data from Large Language Models
|
Cralini et al.
|
2020 |
|
Privacy Risk in Machine Learning: Analyzing the Connection to Overfitting
|
Yeom et al.
|
2018 |
7. Training data privacy |
Dataset Inference: Ownership Resolution in Machine Learning
|
Maini et al.
|
2021
|
|
Towards Probabilistic Verification of Machine Unlearning
|
Sommer et al.
|
2020 |
8. Privacy-preserving training |
Tempered Sigmoid Activations for Deep Learning with Differential Privacy
|
Papernot et al.
|
2020 |
|
Certified Robustness to Adversarial Examples with Differential Privacy
|
Lecuyer et al.
|
2018 |
|
Privacy Risks of Securing Machine Learning Models Against Adversarial Examples
|
Song et al.
|
2019 |
9. Fairness & bias in ML prediction
|
POTS: Protective Optimisation Technologies
|
Kulynich et al.
|
2018
|
|
Delayed Impact of Fair Machine Learning
|
Liu et al.
|
2018
|
|
Equality of Opportunity in Supervised Learning
|
Hardt et al.
|
2016
|
|
The Frontiers of Fairness in Machine Learning
|
Chouldechova and Rott
|
2018 |
|
Algorithmic Transparency via Quantitative Input Influence: Theory and Experiments with Learning Systems
|
Datta et al.
|
2016
|