Chawin Sitawarin

The following bio is AI-generated by AlphaArXiv.

I'm a Research Scientist at UC Berkeley postdoc at Meta (Central Applied Science) focusing on machine learning security and robustness. My research interests span adversarial machine learning, prompt injection attacks, and automated security analysis of ML systems. I work closely with Professor David Wagner and collaborate with researchers from various institutions including Google Research.

My recent work has focused on developing novel attacks and defenses for large language models, particularly in the area of prompt injection attacks. I led the development of PAL, a proxy-guided black-box attack on LLMs, and StruQ, a defense against prompt injection using structured queries. I've also made contributions to improving adversarial robustness of computer vision models through techniques like part-based models and random transformation defenses.

Prior to Berkeley, I worked on problems in autonomous vehicle security at Princeton University, where I demonstrated vulnerabilities in traffic sign recognition systems. I received my B.S. in Electrical Engineering from Princeton University, where I also conducted research in nanophotonics and inverse design optimization. My work has been published at top security and machine learning venues including ICLR, ICML, CCS, and NeurIPS.

Publications

Vulnerability Detection with Code Language Models: How Far Are We?

Vulnerability Detection with Code Language Models: How Far Are We?

Yangruibo Ding, Yanjun Fu, Omniyyah Ibrahim, Chawin Sitawarin, Xinyun Chen, Basel Alomair, David Wagner, Baishakhi Ray, Yizheng Chen

arXiv.org 2024

PAL: Proxy-Guided Black-Box Attack on Large Language Models

PAL: Proxy-Guided Black-Box Attack on Large Language Models

Chawin Sitawarin, Norman Mu, David Wagner, Alexandre Araujo

arXiv.org 2024

StruQ: Defending Against Prompt Injection with Structured Queries

StruQ: Defending Against Prompt Injection with Structured Queries

Sizhe Chen, Julien Piet, Chawin Sitawarin, David Wagner

arXiv.org 2024

Jatmo: Prompt Injection Defense by Task-Specific Finetuning

Jatmo: Prompt Injection Defense by Task-Specific Finetuning

Julien Piet, Maha Alrashed, Chawin Sitawarin, Sizhe Chen, Zeming Wei, Elizabeth Sun, Basel Alomair, David Wagner

European Symposium on Research in Computer Security 2023

Mark My Words: Analyzing and Evaluating Language Model Watermarks

Mark My Words: Analyzing and Evaluating Language Model Watermarks

Julien Piet, Chawin Sitawarin, Vivian Fang, Norman Mu, David Wagner

arXiv.org 2023

Defending Against Transfer Attacks From Public Models

Defending Against Transfer Attacks From Public Models

Chawin Sitawarin, Jaewon Chang, David Huang, Wesson Altoyan, David Wagner

International Conference on Learning Representations 2023

OODRobustBench: a Benchmark and Large-Scale Analysis of Adversarial Robustness under Distribution Shift

Lin Li, Yifei Wang, Chawin Sitawarin, Michael W. Spratling

International Conference on Machine Learning 2023

SPDER: Semiperiodic Damping-Enabled Object Representation

Kathan Shah, Chawin Sitawarin

International Conference on Learning Representations 2023

REAP: A Large-Scale Realistic Adversarial Patch Benchmark

REAP: A Large-Scale Realistic Adversarial Patch Benchmark

Nabeel Hingun, Chawin Sitawarin, Jerry Li, David A. Wagner

IEEE International Conference on Computer Vision 2022

Preprocessors Matter! Realistic Decision-Based Attacks on Machine Learning Systems

Preprocessors Matter! Realistic Decision-Based Attacks on Machine Learning Systems

Chawin Sitawarin, Florian Tramèr, Nicholas Carlini

International Conference on Machine Learning 2022

Part-Based Models Improve Adversarial Robustness

Part-Based Models Improve Adversarial Robustness

Chawin Sitawarin, Kornrapat Pongmala, Yizheng Chen, Nicholas Carlini, David A. Wagner

International Conference on Learning Representations 2022

Demystifying the Adversarial Robustness of Random Transformation Defenses

Demystifying the Adversarial Robustness of Random Transformation Defenses

Chawin Sitawarin, Zachary Golan-Strieb, David A. Wagner

International Conference on Machine Learning 2022

Adversarial Examples for k-Nearest Neighbor Classifiers Based on Higher-Order Voronoi Diagrams

Adversarial Examples for k-Nearest Neighbor Classifiers Based on Higher-Order Voronoi Diagrams

Chawin Sitawarin, Evgenios M. Kornaropoulos, D. Song, David A. Wagner

Neural Information Processing Systems 2020

SAT: Improving Adversarial Training via Curriculum-Based Loss Smoothing

SAT: Improving Adversarial Training via Curriculum-Based Loss Smoothing

Chawin Sitawarin, S. Chakraborty, David A. Wagner

AISec@CCS 2020

Improving Adversarial Robustness Through Progressive Hardening

Improving Adversarial Robustness Through Progressive Hardening

Chawin Sitawarin, Supriyo Chakraborty, David A. Wagner

arXiv.org 2020

Minimum-Norm Adversarial Examples on KNN and KNN based Models

Minimum-Norm Adversarial Examples on KNN and KNN based Models

Chawin Sitawarin, David A. Wagner

2020 IEEE Security and Privacy Workshops (SPW) 2020

Analyzing the Robustness of Open-World Machine Learning

Analyzing the Robustness of Open-World Machine Learning

Vikash Sehwag, A. Bhagoji, Liwei Song, Chawin Sitawarin, Daniel Cullina, M. Chiang, Prateek Mittal

AISec@CCS 2019

Defending Against Adversarial Examples with K-Nearest Neighbor

Defending Against Adversarial Examples with K-Nearest Neighbor

Chawin Sitawarin, David A. Wagner

arXiv.org 2019

Better the Devil you Know: An Analysis of Evasion Attacks using Out-of-Distribution Adversarial Examples

Better the Devil you Know: An Analysis of Evasion Attacks using Out-of-Distribution Adversarial Examples

Vikash Sehwag, A. Bhagoji, Liwei Song, Chawin Sitawarin, Daniel Cullina, M. Chiang, Prateek Mittal

arXiv.org 2019

Inverse-designed photonic fibers and metasurfaces for nonlinear frequency conversion [Invited]: publisher’s note

Inverse-designed photonic fibers and metasurfaces for nonlinear frequency conversion [Invited]: publisher’s note

Chawin Sitawarin, Weiliang Jin, Zin Lin, Alejandro W. Rodriguez

Photonics Research 2019

On the Robustness of Deep K-Nearest Neighbors

On the Robustness of Deep K-Nearest Neighbors

Chawin Sitawarin, David A. Wagner

2019 IEEE Security and Privacy Workshops (SPW) 2019

Not All Pixels are Born Equal: An Analysis of Evasion Attacks under Locality Constraints

Not All Pixels are Born Equal: An Analysis of Evasion Attacks under Locality Constraints

Vikash Sehwag, Chawin Sitawarin, A. Bhagoji, Arsalan Mosenia, M. Chiang, Prateek Mittal

Conference on Computer and Communications Security 2018

DARTS: Deceiving Autonomous Cars with Toxic Signs

DARTS: Deceiving Autonomous Cars with Toxic Signs

Chawin Sitawarin, A. Bhagoji, Arsalan Mosenia, M. Chiang, Prateek Mittal

arXiv.org 2018

Rogue Signs: Deceiving Traffic Sign Recognition with Malicious Ads and Logos

Rogue Signs: Deceiving Traffic Sign Recognition with Malicious Ads and Logos

Chawin Sitawarin, A. Bhagoji, Arsalan Mosenia, Prateek Mittal, M. Chiang

arXiv.org 2018

Beyond Grand Theft Auto V for Training, Testing and Enhancing Deep Learning in Self Driving Cars

Beyond Grand Theft Auto V for Training, Testing and Enhancing Deep Learning in Self Driving Cars

Mark Martinez, Chawin Sitawarin, Kevin Finch, Lennart Meincke, Alex Yablonski, A. Kornhauser

arXiv.org 2017

Inverse designed photonic fibers and metasurfaces for nonlinear frequency conversion

Inverse designed photonic fibers and metasurfaces for nonlinear frequency conversion

Chawin Sitawarin, Weiliang Jin, Zin Lin, Alejandro W. Rodriguez

Enhancing robustness of machine learning systems via data transformations

Enhancing robustness of machine learning systems via data transformations

A. Bhagoji, Daniel Cullina, Chawin Sitawarin, Prateek Mittal

Annual Conference on Information Sciences and Systems 2017

Inverse-designed nonlinear nanophotonic structures: Enhanced frequency conversion at the nano scale

Inverse-designed nonlinear nanophotonic structures: Enhanced frequency conversion at the nano scale

Zin Lin, Chawin Sitawarin, M. Lončar, Alejandro W. Rodriguez

Conference on Lasers and Electro-Optics 2016

Short: Certifiably Robust Perception Against Adversarial Patch Attacks: A Survey

Short: Certifiably Robust Perception Against Adversarial Patch Attacks: A Survey

Chong Xiang, Chawin Sitawarin, Tong Wu, Prateek Mittal

Proceedings Inaugural International Symposium on Vehicle Security & Privacy 2023

OODRobustBench: benchmarking and analyzing adversarial robustness under distribution shift

OODRobustBench: benchmarking and analyzing adversarial robustness under distribution shift

Lin Li, Yifei Wang, Chawin Sitawarin, Michael W. Spratling

arXiv.org 2023

Improving the Accuracy-Robustness Trade-Off for Dual-Domain Adversarial Training

Improving the Accuracy-Robustness Trade-Off for Dual-Domain Adversarial Training

Chawin Sitawarin, A. Sridhar, David A. Wagner

M ITIGATING A DVERSARIAL T RAINING I NSTABILITY WITH B ATCH N ORMALIZATION

M ITIGATING A DVERSARIAL T RAINING I NSTABILITY WITH B ATCH N ORMALIZATION

A. Sridhar, Chawin Sitawarin, David A. Wagner

1 DARTS : Deceiving Autonomous Cars with Toxic Signs

1 DARTS : Deceiving Autonomous Cars with Toxic Signs

Chawin Sitawarin, A. Bhagoji, Arsalan Mosenia, M. Chiang, Prateek Mi

0 DARTS : Deceiving Autonomous Cars with Toxic Signs

0 DARTS : Deceiving Autonomous Cars with Toxic Signs

Chawin Sitawarin