Saeed Mahloujifar

TL;DR: In this article, the authors investigate the adversarial risk and robustness of classifiers and draw a connection to the well-known phenomenon of "concentration of measure" in metric measure spaces.

TL;DR: In this paper, the authors investigated the adversarial risk and robustness of classifiers and drew a connection to the well-known phenomenon of concentration of measure in metric measure spaces, and showed that if the metric probability space of the test instance is concentrated, any classifier with some initial constant error is inherently vulnerable to adversarial perturbations.

TL;DR: In this paper, it was shown that for any learning algorithm with sample complexity $m$ and any efficiently computable "predicate" defining some "bad" property $B$ for the produced hypothesis (e.g., failing on a particular test) that happens with an initial constant probability, there exist polynomial-time online poisoning attacks that tamper with $O (sqrt m)$ many examples, replace them with other correctly labeled examples, and increase the probability of the bad event$B$ to approximately 1$.

TL;DR: A reconstruction attack on InstaHide is presented that is able to use the encoded images to recover visually recognizable versions of the original images and proves barriers against achieving privacy through any learning protocol that uses instance encoding.

TL;DR: The work of Austrin et al. showed how to break certain ‘privacy primitives’ (e.g., encryption, commitments, etc.) through bitwise p-tampering through giving a bitwisep-tammy biasing attack for increasing the average of any efficient function by \(\varOmega (p \cdot {\text {Var}}[f(U_n)])