My group is working on Trustworthy Information Processing with a focus on the intersection of AI & Machine Learning with Security & Privacy.

Recent projects and initiatives related to trustworthy AI/ML, health, privacy:

• Coordinator and PI: European Lighthouse on Secure and Safe AI (ELSA)
• Leading Scientist: Helmholtz Medical Security, Privacy, and AI Research Center (HMSP)
• Coordinator and PI: PriSyn: Representative, synthetic health data with strong privacy guarantees
• Coordinator and PI: ImageTox: Automated image-based detection of early toxicity events in zebrafish larvae
• Coordinator and PI: Trustworthy Federated Data Analytics Project (TFDA)
• Coordinator and PI: Protecting Genetic Data with Synthetic Cohorts from Deep Generative Models (PRO-GENE-GEN)
• PI: Integrated Early Warning System for Local Recognition, Prevention, and Control for Epidemic Outbreaks (LOKI)
• Partner-PI: The German Human Genome-Phenome Archive (GHGA)
• Member of working group in “Forum Gesundheit” of BMBF: “AG Nutzbarmachung digitaler Daten für KI-Entwicklungen in der Gesundheitsforschung”

Recent work on DeepFake/misinformation detection, attribution, and responsible disclosure:

• ArXiv’23: More than you’ve asked for: A Comprehensive Analysis of Novel Prompt Injection Threats to Application-Integrated Large Language Models
• Usenix’23: UnGANable: Defending Against GAN-based Face Manipulation
• Usenix’23: Fact-Saboteurs: A Taxonomy of Evidence Manipulation Attacks against Fact-Verification Systems
• CVPR’22: Open-Domain, Content-based, Multi-modal Fact-checking of Out-of-Context Images via Online Resources
• ICLR’22: Responsible Disclosure of Generative Models Using Scalable Fingerprinting
• ICCV’21: Artificial Fingerprinting for Generative Models: Rooting Deepfake Attribution in Training Data
• S&P’21: Adversarial Watermarking Transformer: Towards Tracing Text Provenance with Data Hiding
• IJCAI’21: Beyond the Spectrum: Detecting Deepfakes via Re-Synthesis
• CVPR’21: Hijack-GAN: Unintended-Use of Pretrained, Black-Box GANs
• ICCV’19: Attributing Fake Images to GANs: Learning and Analyzing GAN Fingerprints

Recent publications:

• Usenix’23: Fact-Saboteurs: A Taxonomy of Evidence Manipulation Attacks against Fact-Verification Systems
• Usenix’23: UnGANable: Defending Against GAN-based Face Manipulation

• NeurIPS’22: Private Set Generation with Discriminative Information
• ICML’22: ProgFed: Effective, Communication, and Computation Efficient Federated Learning by Progressive Training
• CVPR’22: Open-Domain, Content-based, Multi-modal Fact-checking of Out-of-Context Images via Online Resources
• CVPR’22: B-cos Networks: Alignment is All We Need for Interpretability
• CHIL’22: Practical Challenges in Differentially-Private Federated Survival Analysis of Medical Data
• ICLR’22: Responsible Disclosure of Generative Models Using Scalable Fingerprinting
• ICLR’22: RelaxLoss: Defending Membership Inference Attacks without Losing Utility
• Usenix’22: ML-Doctor: Holistic Risk Assessment of Inference Attacks Against Machine Learning Models
• PETS’22: Understanding Utility and Privacy of Demographic Data in Education Technology by Causal Analysis and Adversarial-Censoring

Most recent work on ArXiv:

• More than you’ve asked for: A Comprehensive Analysis of Novel Prompt Injection Threats to Application-Integrated Large Language Models
• Data Forensics in Diffusion Models: A Systematic Analysis of Membership Privacy
• Systematically Finding Security Vulnerabilities in Black-Box Code Generation Models
• Fed-GLOSS-DP: Federated, Global Learning using Synthetic Sets with Record Level Differential Privacy
• Holistically Explainable Vision Transformers
• SimSCOOD: Systematic Analysis of Out-of-Distribution Behavior of Source Code Models
• Availability Attacks Against Neural Network Certifiers Based on Backdoors

News, talks, events:

• Talk at Deutscher EDV Gerichtstag
• Talk at AI, Neuroscience and Hardware: From Neural to Artificial Systems and Back Again
• Scientific Advisory Board: Bosch AIShield
• Steering Board: Helmholtz.AI
• Recent program committees: ICML’21, NeurIPS’21, S&P’22, EuroS&P’22, CVPR’22 (AC); CCS’22
• Runner-up Inria/CNIL Privacy Protection Prize 2020
  S&P’20 paper: “Automatically Detecting Bystanders in Photos to Reduce Privacy Risks”
• Co-Organizers of ICLR’21 Workshop on “Synthetic Data Generation – Quality, Privacy, Bias”
• Co-Organizers of CVPR’21 Workshop on “QuoVadis: Interdisciplinary, Socio-Technical Workshop on the Future of Computer Vision and Pattern Recognition (QuoVadis-CVPR)”
• Co-Organizers of CVPR’21 Workshop on “Causality in Vision”
• Founding member of Saarbrücken Artificial Intelligence & Machine Learning (SAM) unit of the European Laboratory of Learning and Intelligent Systems (ELLIS)
• Lecturer at Digital CISPA Summer School 2020
• Co-Organizer of Third International Workshop on The Bright and Dark Sides of Computer Vision: Challenges and Opportunities for Privacy and Security (CV-COPS) at ECCV 2020
• Co-Organizer: 4. ACM Symposium on Computer Science in Cars: Future Challenges in Artificial Intelligence & Security for Autonomous Vehicles CSCS’20
• Keynote at Workshop Machine Learning for Cybersecurity, ECMLPKDD’19
• Talk at Cyber Defense Campus (CYD) Conference on Artificial Intelligence in Defence and Security
• Co-Organizer of Second International Workshop on The Bright and Dark Sides of Computer Vision: Challenges and Opportunities for Privacy and Security (CV-COPS) at CVPR 2019
• Co-Organizer: 3. ACM Symposium on Computer Science in Cars: Future Challenges in Artificial Intelligence & Security for Autonomous Vehicles CSCS’19
• Leading scientist at new Helmholtz Medical Security and Privacy Research Center
• Member of ACM Technical Policy Committee Europe
• Mateusz Malinowski received the DAGM MVTec dissertation award as well as the Dr.-Eduard-Martin award for his PhD
• Associate Editor for IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI)

2011 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022

All years 202320222021202020192018201720162015201420132012201120102009200820072006200520042002 All types Journal ArticlesIncollectionsInproceedingsMasters ThesesMiscellaneousPhD ThesesProceedingsTechnical ReportsWorkshops All authors Pieter AbbeelSahar AbdelnabiPaarijaat AdityaVedika AgarwalZeynep AkataTim AlthoffOliver AmftMax AugustinSeyed Majid AzimiSeyedmajid AzimiMichael BackesJonathan T. BarronHector BaseviTobias BaumgartnerMatthias BeckerRodrigo BenensonBobby BhattacharjeeApratim BhattacharyyaUlf BlankeJeannette BohgMoritz BöhleDominik BritzAndreas BullingBarbara CaputoBryan CatanzaroDingfan ChenWei-Chen ChiuSreyasi Nag ChowdhuryDavid CrandallEmiliano De CristofaroTrevor DarrellLarry S. DaviLarry DavisLarry S. DavisPeter DruschelAysegul DundarSandra EbertEklundh, Jan-OlofMichael EngstlerPedro FelzenszwalbSanja FidlerMario FritzMario FritzFabio GalassoEfstratios GavvesStamatios GeorgoulisChristopher GeyerRoss GirshickDaniel GoehringLuc Van GoolOliver GrauKathrin GrosseChunhui GuHossein HajipourMichael HanselmannLucjan HanzlikRakibul HasanHayman, EricXinlei HeYang HeLisa Anne HendricksMathias HumbertTam HuynhAllie JanochAllison JanochYangqing JiaGregory S. JohnsonApu KapadiaSergey KarayevQiuhong KeRaouf KerkoucheMargret KeuperAnna KhorevaKatharina KrombholzGeert-Jan KruijffBrian KulisIna KurthMarta KwiatkowskaLaura Leal-TaixeBastian LeibeAles LeonardisEvgeny LevinkovKe LiWenbin LiZheng LiGuilin LiuYugeng LiuJonathan LongTobias LorenzMax LoschLiqian MaShweta MahajanJitendra MalikMateusz MalinowskiMaxim MaximovDaniel McculleyStephen MillerAshkan MokarianMoritz Bohle, Mario Fritz, Bernt SchieleFrank MücklichFrank MuecklichSabine MüllerChuong NguyenMarie OestreichSeong Joon OhTribhuvanesh OrekondyGerard Pons-MollShadi RahimianDaniel Olmeda ReinoKonstantinos RematasTobias RitschelMarcus RohrbachStefan RothKate SaenkoAhmed SalemHosnieh SattarJonas ScheerBernt SchieleSchieleBernt SchielePaul SchnitzspanIngo ScholzDominique SchroederJoachim L. SchultzeEdgar SeemannJulia SeiterRijurekha SenAbhishek SharmaSaurabh SharmaIaroslav ShcherbatyiRakshith ShettyAlex ShyrMark SimkinVladislav SkripniukHyun Oh SongCristian-Alexandru StaicuSebastian StichChristoph-Nikolas StraehleYusuke SuganoQianru SunAndrew TaoAyush TewariChristian TheobaltEdgar TretschkGerhard TroesterTinne TuytelaarsMisha WagnerHui-Po WangPing Chuan WangRui WenTongtong WuWeipeng XuYangqing YiaNing YuMaximilian ZenkXucong ZhangYang ZhangZhikun ZhangPeng ZhouStefan ZicklerMatthias Zobel All users Mario Fritz

Show all

2022

Inproceedings

Yugeng Liu; Rui Wen; Xinlei He; Ahmed Salem; Zhikun Zhang; Michael Backes; Emiliano De Cristofaro; Mario Fritz; Yang Zhang

ML-Doctor: Holistic Risk Assessment of Inference Attacks Against Machine Learning Models Inproceedings

In: USENIX Security Symposium (USENIX Security), 2022.

Links | BibTeX | Tags: 2022

@inproceedings{usenix22liu,

title = {ML-Doctor: Holistic Risk Assessment of Inference Attacks Against Machine Learning Models},

author = {Yugeng Liu and Rui Wen and Xinlei He and Ahmed Salem and Zhikun Zhang and Michael Backes and Emiliano De Cristofaro and Mario Fritz and Yang Zhang},

url = {https://arxiv.org/abs/2102.02551

https://arxiv.org/pdf/2102.02551.pdf},

year  = {2022},

date = {2022-08-22},

urldate = {2022-08-22},

booktitle = {USENIX Security Symposium (USENIX Security)},

keywords = {2022},

pubstate = {published},

tppubtype = {inproceedings}

}

Close

• https://arxiv.org/abs/2102.02551
• https://arxiv.org/pdf/2102.02551.pdf

Close