2

We show how prior claims about black-box access sufficing for optimal membership inference do not hold for most useful settings such as SGD, and validate our findings with a new white-box inference attack.

Build upon the notion of adversarial certainty, we develop a general training method to generate adversarial examples with reduced certainty for improving robust generalization.

We present a novel method to craft targeted backdoor attacks against image caption models