I'm interested in ownership, confidentiality and privacy in machine learning systems. I've been working on projects related to model extraction attacks and defenses, ownership verification, membership inference, differential privacy, federated learning, and model evasion. Check out my Google Scholar page for more info.

List of publications

Imperceptible Adversarial Examples in the Physical World
W. Xu, S. Szyller, C. Cornelius, L. Murillo Rojas, M. Arvinte, A. Velasquez, J. Martin and N. Himayat
Preprint
/ arXiv:2411.16622
SoK: Unintended Interactions Among Machine Learning Defenses and Risks
V. Duddu, S. Szyller and N. Asokan
IEEE S&P 2024 (Distinguished Paper Award)
/ arXiv:2312.04542
/ +code
LLM Self Defense: by Self Examination, LLMs Know They Are Being Tricked
M. Phute, A. Helbling, M. Hull, S. Peng, S. Szyller, C. Cornelius and D. Horng Chau
ICLR 2024, Tiny Papers
/ arXiv:2308.07308
False Claims Against Model Ownership Resolution
R. Zhang, J. Liu, S. Szyller, K. Ren and N. Asokan
USENIX 2024
/ arXiv:2304.06607
/ +code
On the Robustness of Dataset Inference
S. Szyller, R. Zhang, J. Liu and N. Asokan
TMLR 2023
/ arXiv:2210.13631
Conflicting Interactions Among Protection Mechanisms for Machine Learning Models
S. Szyller and N. Asokan
AAAI 2023 (Spotlight)
/ arXiv:2207.01991
/ +code
SHAPr: an Efficient and Versatile Membership Privacy Risk Metric for Machine Learning
V. Duddu, S. Szyller and N. Asokan
Technical Report
/ arXiv:2112.02230
Good Artists Copy, Great Artists Steal: Model Extraction Attacks Against Image Translation Models
S. Szyller, V. Duddu, T. Gröndahl and N. Asokan
Technical Report
/ arXiv:2104.12623
DAWN: Dynamic Adversarial Watermarking of Neural Networks
S. Szyller, B. Atli, S. Marchal and N. Asokan
ACM MM 2021
/ arXiv:1906.00830
/ +code
Extraction of Complex DNN Models: Real Threat or Boogeyman?
B. Atli, S. Szyller, M. Juuti, S. Marchal and N. Asokan
AAAI 2020, EDSMLS
/ arXiv:1910.05429
Detecting Organized eCommerce Fraud Using Scalable Categorical Clustering
S. Marchal and S. Szyller
ACSAC 2019
/ arXiv:1910.04514
/ +code
PRADA: Protecting Against DNN Model Stealing Attacks
M. Juuti, S. Szyller, S. Marchal and N. Asokan
IEEE EuroS&P 2019
/ arXiv:1805.02628v5
/ +code

Dissertations

Ownership and Confidentiality in Machine Learning
Doctor of Science (Finnish AI Society Best Dissertation Award & Aalto University Best Dissertation Award)
Aalto University, School of Science
Supervisor: N. Asokan
Adversary Detection in Online Machine Learning Systems
Master of Science
Aalto University, School of Science
Supervisor: N. Asokan
Decryption of Feistel Network Based Algorithms Using Machine Learning
Bachelor of Science, Eng.
Lodz University of Technology, International Faculty of Engineering
Supervisor: Laurent Babout