We investigate the internal mechanisms of backdoored NLP models, identifying a distinct attention focus drifting phenomenon, where trigger tokens hijack attention regardless of the input context. Through comprehensive qualitative and quantitative analysis, we provide insights into the underlying mechanisms that enable backdoor attacks. Building on these insights, we propose detection methods to differentiate backdoored models from clean ones, through inspecting both the attention distribution and the model predictions. To better understand the vulnerability, we develop advanced backdoor attack strategies targeting language models in classification tasks. For BERT variants, we introduce Trojan Attention Loss (TAL), a novel method that directly manipulates attention patterns to enhance backdoor effectiveness, ensuring stealth and robustness. Vision-Language Models have demonstrated strong performance in recent years. Yet their vulnerability is largely underexplored. We investigate advanced backdoor attack strategies on Vision-Language Models, focusing on image-to-text generation tasks. We demonstrate how backdoors can be embedded in complex multimodal tasks while maintaining semantic integrity under poisoned inputs. Additionally, we propose innovative techniques for injecting backdoors without requiring access to the original training data, expanding the feasibility of real-world attacks.
This proposal provides novel insights into the internal mechanisms of backdoored models, propose effective detection strategies, and develop advanced attack techniques that expose critical vulnerabilities. These findings underscore the urgent need for robust security measures to defend against emerging backdoor threats in deep learning models. The results have been published in top venues including ICLR, ECCV, NAACL, EMNLP, etc.
Speaker: Weimin Lyu
Zoom link: https://stonybrook.zoom.us/j/
Meeting ID: 998 8060 5139
Passcode: 843302
IACS Seminar Speaker: Dapeng Feng, Stanford Univeristy
Location: IACS Seminar Room
Notebook LM allows you to interact with multiple sources of information. You can chat or ask follow up questions. Learn how you can gain more insights through these interactions.
Register here.
Abstract: Trustworthy AI deployment in high-stakes domains requires systems that are fair, private, robust, and controllable as they scale. Yet these demands are often pursued through ad-hoc approaches, lacking a systematic understanding of the inherent trade-offs between competing objectives. We add fairness regularizers and hope bias decreases. We train on massive datasets and hope the model learns the underlying logic of how concepts combine, rather than memorizing statistical shortcuts. We encrypt data and hope the resulting computational overhead remains manageable. But hope isnot a science.
In this talk, I argue that what trustworthy AI lacks is not better heuristics but a deeper science of what these properties fundamentally cost and what is achievable. Before we can fix a system, we must map the terrain: what trade-offs are unavoidable, what regions of performance areunreachable, and how far current methods fall from what is actually achievable. My research builds this map across fairness, privacy, robustness, and controllability, following a common methodology: diagnose where models fail, characterize the fundamental limits any method must obey, and design systems that approach those limits. I will present this framework, its extension to scientific applications where we replace statistical constraints with physical laws to ensure AI systems remain grounded in reality, and a vision for scaling these principles to the rapidly expanding ecosystem of composed and interacting AI systems.
Bio: Dr. Vishnu Boddeti is an Associate Professor in the Department of Computer Science and Engineering at Michigan State University, where he leads the Human Analysis Lab (HAL). His research develops mathematical frameworks for trustworthy AI, spanning fairness, privacy, robustness, and physics-informed learning, with an emphasis on characterizing fundamental limits and building systems that achieve them. His work has been supported by NSF, NIST, DARPA, ONR, Ford, and others, and recognized with a Meta Research Award (2021). His research has been featured on the cover of Nature, recognized as an Editor's Highlight in Nature Communications, and received multiple best paper awards, including the 2024 IEEE-CCF Cloud Computing Best Paper Award and the TMLR Outstanding Certification Finalist (2023). He serves as Senior Area Editor for IEEE Transactions on Information Forensics and Security and completed his PhD in ECE from Carnegie Mellon University in 2012.
Location: NCS 120
Register here.
The International Conference on Machine Learning (ICML) is the premier gathering of professionals dedicated to the advancement of the branch of artificial intelligence known as machine learning.
ICML is globally renowned for presenting and publishing cutting-edge research on all aspects of machine learning used in closely related areas like artificial intelligence, statistics and data science, as well as important application areas such as machine vision, computational biology, speech recognition, and robotics.
ICML is one of the fastest growing artificial intelligence conferences in the world. Participants at ICML span a wide range of backgrounds, from academic and industrial researchers, to entrepreneurs and engineers, to graduate students and postdocs.
For more information and registration, visit the official website.
Zoom Link: https://stonybrook.
Meeting ID: 985 3302 9054
Passcode: 436997
Abstract:
Semantic segmentation, the task of assigning a semantic label to each pixel in an image, is a fundamental problem in the field of Computer Vision. with crucial applications in domains like autonomous driving, drone imagery and medical image analysis. Despite advancements in deep learning architectures, state-of-the-art models still heavily depend on large-scale pixel-level annotations, which are costly and time-consuming to acquire. To address this issue, Semi-Supervised Segmentation (SSS) has emerged as a promising solution, leveraging a small set of labeled images alongside a larger corpus of unlabeled data to reduce the annotation burden. In this proposal, I aim to investigate the challenges of SSS and propose approaches to address them. Existing SSS methods rely on a teacher-student framework to generate pseudo-labels for unlabeled images, which are then used for model training. However, this approach presents two major challenges. Pixel-level consistency fails to effectively capture contextual information, and pseudo-labels are noisy, especially in the early stages of training. To address the challenge of noisy pseudo-labels, existing methods rely on confidence-based thresholding to identify reliable pseudo-labels. However, during early training phases, when the model is poorly calibrated, this approach can select high-confidence but noisy pseudo-labels. To address this, we propose a novel approach that reduces reliance on model confidence to select reliable pseudo-labels. Our method employs an ensemble of a segmentation model and an object detection model to select more reliable pseudo-labels, which are then used to weight pseudo-labels using rank statistics, reducing the influence of noisy labels in training. Next, to address both the challenge of capturing contextual information and noisy pseudo-labels I introduce a novel Multi-scale Patch-based Multi-label Classifier (MPMC), which incorporates patch-level contextual information and reduces the impact of noisy pixel pseudo-labels by using the predictions of the patch-level Multi-label classifier to detect noisy labels, enhancing overall segmentation performance. While my work so far has focused on effectively utilizing unlabeled data to improve segmentation performance, as part of our future work, I will explore the use of textual information, such as category descriptions, for segmentation tasks. In limited labeled data scenarios it is more challenging to align visual features with textual features from large language models (LLMs).
This workshop focuses on how to use AI Deep Research for investigating a topic. Go from a basic search to utilize Gemini and Perplexity to find information. We will show you our steps to evaluate and gain deeper insights from the results.
Register here for the online session.