ITE Building

Abstract:Ensuring machine learning robustness against adversarial attacks is critical for real-world applications. This dissertation presents novel frameworks for certified robustness and certifiable black-box attacks: UniCR, a universal certification framework for arbitrary classifiers and perturbations; UCAN, which extends randomized smoothing with anisotropic noise; and Certifiable Black-Box Attacks, which guarantee attack success probability prior to model queries. These methods are theoretically grounded and extensively validated, revealing fundamental weaknesses in current defenses. To address emerging risks in large language models (LLMs), I further systematize the field of LLM jailbreak attacks and defenses through a comprehensive taxonomy, formalized threat models, a large annotated dataset, and an open evaluation toolkit. This work unifies fragmented efforts, enables reproducible benchmarking, and provides actionable insights for robust, real-world LLM security.

Conferences & Speakers