Saeed Mahloujifar

I am a research scientist at FAIR Labs (Meta). I am interested in security and privacy of machine learning and their interplay with foundations of cryptography.

Previously I was postdoctoral researcher at Princeton University working with Prateek Mittal. I received my Ph.D. from the department of Computer Science at University of Virginia in the summer of 2020. My Ph.D. advisor was Mohammad Mahmoody. Prior to UVa I got my B.Sc. degree from the department of Computer Engineering at Sharif University of Technology in the summer of 2015. I spent the summers of 2019 and 2020 working as a research intern at Microsoft Research, Redmond.


Publications


* indicates equal contribution. [αβ] indicates alphabetical order.

Conference Publications

  • Experimenting with Zero-Knowledge Proofs of Training
           [αβ] Sanjam Garg, Aarushi Goel, Somesh Jha, Saeed Mahloujifar, Mohammad Mahmoody, Guru-Vamsi Policharla, Mingyuan Wang
            CCS, 2023
  • Bounding Training Data Reconstruction in DP-SGD
           Jamie Hayes*, Saeed Mahloujifar&, Borja Balle
            NeurIPS, 2023.
  • A Randomized Approach for Tight Privacy Accounting
           Jiachen T. Wang, Saeed Mahloujifar, Tong Wu, Ruxie Jia, Prateek Mittall
            NeurIPS, 2023.
  • Towards A Proactive ML Approach for Detecting Backdoor Poison Samples
           Xiangyu Qi, Tinghao Xie, Jiachen T. Wang, Tong Wu, Saeed Mahloujifar, Prateek Mittal
            USENIX Security, 2023.
  • MultiRobustBench: Benchmarking Robustness Against Multiple Attacks
           Sihui Dai, Saeed Mahloujifar, Chong Xiang, Vikash Sehwag, Pin-Yu Chen, Prateek Mittal
           ICML, 2023
  • Uncovering Adversarial Risks of Test-Time Adaptation
            Tong Wu, Feiran Jia, Xiangyu Qi, Jiachen T. Wang, Vikash Sehwag, Saeed Mahloujifar, Prateek Mittal
            ICML, 2023
  • Effectively Using Public Data in Privacy-Preserving Machine Learning
            Milad Nasr, Saeed Mahloujifar, Xinyu Tang, Prateek Mittal, Amir Houmansadr
            ICML, 2023
  • ObjectSeeker: Certifiably Robust Object Detection against Patch Hiding Attacks via Patch-agnostic Masking
           Chong Xiang, Alexander Valtchanov, Saeed Mahloujifar, Prateek Mittal
            IEEE S&P, 2023
  • Revisiting the Assumption of Latent Separability for Backdoor Defense
            Xiangyu Qi, Tinghao Xie, Yiming Li, Saeed Mahloujifar, and Prateek Mittal.
            ICLR 2023
  • Rényi Differential Privacy of Propose-Test-Release and Applications to Private and Robust Machine Learning
           Jiachen T. Wang, Saeed Mahloujifar, Shouda Wang, Ruoxi Jia, Prateek Mittal
            Conference on Neural Information Processing Systems (NeurIPS), 2022.
  • Formulating Robustness Against Unforeseen Attacks
           Sihui Dai, Saeed Mahloujifar, Prateek Mittal
            Conference on Neural Information Processing Systems (NeurIPS), 2022.
  • Overparametarized (Robust) Models from Computational Constraints
           [αβ]Sanjam Garg, Somesh Jha, Saeed Mahloujifar, Mohammad Mahmoody, Mingyuan Wang
            Conference on Neural Information Processing Systems (NeurIPS), 2022.
  • Machine Learning with Differentially Private Labels: Mechanisms and Frameworks
           Xinyu Tang, Milad Nasr, Saeed Mahloujifar, Virat Shejwalkar, Liwei Song, Amir Houmansadr, and Prateek Mittal
            Privacy Enhancing Technologies Symposium (PETS) 2022
  • Property Inference from Poisoning
           Saeed Mahloujifar, Esha Ghosh, Melissa Chase.
            IEEE Symposium on Security and Privacy (S&P) 2022
  • PatchCleanser: Certifiably Robust Defense against Adversarial Patches for Any Image Classifier
           Chong Xiang, Saeed Mahloujifar, Prateek Mittal.
            USENIX Security Symposium 2022
  • Mitigating Membership Inference Attacks by Self-Distillation Through a Novel Ensemble Architecture
           Xinyu Tang, Saeed Mahloujifar, Liwei Song, Virat Shejwalkar, Milad Nasr, Amir Houmansadr, Prateek Mittal.
           USENIX Security Symposium 2022
  • SparseFed: Mitigating Model Poisoning Attacks in Federated Learning with Sparsification
            Ashwinee Panda, Saeed Mahloujifar, Arjun N. Bhagoji, Supriyo Chakraborty, Prateek Mittal.
           International Conference on Artificial Intelligence and Statistics (AISTATS) 2022
  • Improving Adversarial Robustness Using Proxy Distributions.
            Vikash Sehwag, Saeed Mahloujifar, Tinashe Handina, Sihui Dai, Chong Xiang, Mung Chiang, Prateek Mittal.
           International Conference on Learning Representations (ICLR) 2022
  • Polynomial-time targeted attacks on coin tossing for any number of corruptions
            [αβ] Omid Etesami, Ji Gao, Saeed Mahloujifar, and Mohammad Mahmoody.
           Theory of Cryptography Conference (TCC) 2021
  • A Separation result between data-oblivious and data-aware poisoning attacks
            [αβ] Samuel Deng, Sanjam Garg, Somesh Jha, Saeed Mahloujifar, Mohammad Mahmoody, and Abhradeep Thakurta.
            Conference on Neural Information Processing Systems (NeurIPS), 2021.
            A preliminary version presented at the Uncertainty & Robustness in Deep Learning workshop at ICML 2020.
  • Model-targeted Poisoning Attacks with Provable Convergence
            Fnu Suya, Saeed Mahloujifar, Anshuman Suri, David Evans, and Yuan Tian.
            International Conference on Machine Learning (ICML) 2021.
  • Is Private Learning Possible with Instance Encoding?
            [αβ] Nicholas Carlini, Samuel Deng, Sanjam Garg, Somesh Jha, Saeed Mahloujifar, Mohammad Mahmoody, Shuang Song, Abhradeep Thakurta, and Florian Tramér .
            IEEE Symposium on Security and Privacy (S&P) 2021.
            Also presented at the Privacy Preserving Machine Learning workshop at NeurIPS 2020.
  • Lower Bounds for Adversarially Robust PAC Learning under Evasion and Hybrid Attacks.
            Dimitrios Diochnos*, Saeed Mahloujifar*, and Mohammad Mahmoody.
            International Conference on Machine Learning and Applications (ICMLA) 2020.
  • Adversarially Robust Learning Could Leverage Computational Hardness
            [αβ] Somesh Jha, Sanjam Garg, Saeed Mahloujifar, and Mohammad Mahmoody.
            Algorithmic Learning Theory (ALT), 2020.
  • Computational Concentration of Measure: Optimal Bounds, Reductions, and More.
            [αβ] Omid Etesami, Saeed Mahloujifar, and Mohammad Mahmoody.
            ACM-SIAM Symposium on Discrete Algorithms (SODA), 2020.
  • Emprically Measuring Concentration: Fundamental Limits on Intrinsic Robustness
            Saeed Mahloujifar*, Xiao Zhang*, Mohammad Mahmoody, and David Evans.
            Conference on Neural Information Processing Systems (NeurIPS), 2019 (spotlight).
  • Universal Multi-party Poisoning Attacks
            [αβ] Saeed Mahloujifar, Mohammad Mahmoody, and Ameer Mohammed.
            International Conference on Machine Learning (ICML) 2019.
  • Can Adversarially Robust Learning Leverage Computational Hardness?
            [αβ] Saeed Mahloujifar and Mohammad Mahmoody.
            Algorithmic Learning Theory (ALT), 2019.
  • The Curse of Concentration in Robust Learning: Evasion and Poisoning Attacks from Concentration of Measure
            Saeed Mahloujifar, Dimitrios I. Diochnos, and Mohammad Mahmoody.
            AAAI Conference on Artificial Intelligence, 2019.
  • Adversarial Risk and Robustness: General Definitions and Implications for the Uniform Distribution
            Dimitrios I. Diochnos*, Saeed Mahloujifar*, and Mohammad Mahmoody.
            Conference on Neural Information Processing Systems (NeurIPS), 2018.
  • Learning under p-Tampering Attacks
            Saeed Mahloujifar, Dimitrios I. Diochnos, and Mohammad Mahmoody.
            Algorithmic Learning Theory (ALT), 2018.
            Selected to be presented at ISAIM, 2018.
  • Blockwise p-Tampering Attacks on Cryptographic Primitives, Extractors, and Learners
            [αβ] Saeed Mahloujifar and Mohammad Mahmoody.
            Theory of Cryptography Conference (TCC) 2017.
  • Near Linear-Time Community Detection in Networks with Hardly Detectable Community Structure
            Aria Rezaei, Saeed Mahloujifar, and Mahdieh Soleymani.
            Advances in Social Networks Analysis and Mining (ASONAM) 2015.
  • Journal Publications

  • Learning Under p-Tampering Poisoning Attacks
            Saeed Mahloujifar, Dimitrios Diochnos, and Mohammad Mahmoody.
            Annals of Mathematics and Artificial Intelligence, Vol. 88, pp. 759--792, 2020.

  • Contact


    Mailing Address:

    Saeed Mahlouji Far
    Department of Electrical and Computer Engineering
    Princeton University
    Princeton, NJ, 08544

    Email: