publications | Anshuman Suri

2026

Exploiting Leaderboards for Large-Scale Distribution of Malicious Models

Anshuman Suri^*, Harsh Chaudhari^*, Yuefeng Peng^*, Ali Naseh^*, and 2 more authors

In IEEE Symposium on Security and Privacy (S&P), 2026

@inproceedings{suri2026exploiting,
  title = {Exploiting Leaderboards for Large-Scale Distribution of Malicious Models},
  author = {Suri, Anshuman and Chaudhari, Harsh and Peng, Yuefeng and Naseh, Ali and Oprea, Alina and Houmansadr, Amir},
  booktitle = {IEEE Symposium on Security and Privacy (S&P)},
  year = {2026}
}

SAGA: A Security Architecture for Governing AI Agentic Systems

Georgios Syros, Anshuman Suri, Jacob Ginesin, Cristina Nita-Rotaru, and 1 more author

In Network and Distributed System Security (NDSS) Symposium, 2026

Bib PDF Code

@inproceedings{syros2026saga,
  title = {SAGA: A Security Architecture for Governing AI Agentic Systems},
  author = {Syros, Georgios and Suri, Anshuman and Ginesin, Jacob and Nita-Rotaru, Cristina and Oprea, Alina},
  booktitle = {Network and Distributed System Security (NDSS) Symposium},
  year = {2026}
}

2025

Text-to-Image Models Leave Identifiable Signatures: Implications for Leaderboard Security

Ali Naseh, Anshuman Suri, Yuefeng Peng, Harsh Chaudhari, and 2 more authors

In Lock-LLM Workshop, NeurIPS, 2025

Bib PDF

@inproceedings{naseh2025texttoimage,
  title = {Text-to-Image Models Leave Identifiable Signatures: Implications for Leaderboard Security},
  author = {Naseh, Ali and Suri, Anshuman and Peng, Yuefeng and Chaudhari, Harsh and Oprea, Alina and Houmansadr, Amir},
  booktitle = {Lock-LLM Workshop, NeurIPS},
  year = {2025}
}

LLM Jailbreak Oracle

Shuyi Lin, Anshuman Suri, Alina Oprea, and Cheng Tan

arXiv preprint arXiv:2506.17299, 2025

Bib PDF

@article{lin2025llmjailbreak,
  title = {LLM Jailbreak Oracle},
  author = {Lin, Shuyi and Suri, Anshuman and Oprea, Alina and Tan, Cheng},
  journal = {arXiv preprint arXiv:2506.17299},
  year = {2025}
}

Reassessing EMNLP 2024’s Best Paper: Does Divergence-Based Calibration for MIAs Hold Up?

Pratyush Maini, and Anshuman Suri

In The Fourth Blogpost Track at ICLR, 2025

Bib Website

@inproceedings{maini2025reassessing,
  title = {Reassessing {EMNLP} 2024{\textquoteright}s Best Paper: Does Divergence-Based Calibration for {MIA}s Hold Up?},
  author = {Maini, Pratyush and Suri, Anshuman},
  booktitle = {The Fourth Blogpost Track at ICLR},
  year = {2025},
  url = {https://openreview.net/forum?id=tP99uEvutL},
}

DROP: Poison Dilution via Knowledge Distillation for Federated Learning

Georgios Syros^*, Anshuman Suri^*, Farinaz Koushanfar, Cristina Nita-Rotaru, and 1 more author

arXiv preprint arXiv:2502.07011, 2025

Bib PDF Code

@article{syros2025drop,
  title = {DROP: Poison Dilution via Knowledge Distillation for Federated Learning},
  author = {Syros, Georgios and Suri, Anshuman and Koushanfar, Farinaz and Nita-Rotaru, Cristina and Oprea, Alina},
  journal = {arXiv preprint arXiv:2502.07011},
  year = {2025}
}

Riddle Me This! Stealthy Membership Inference for Retrieval-Augmented Generation

Ali Naseh^*, Yuefeng Peng^*, Anshuman Suri^*, Harsh Chaudhari, and 2 more authors

In ACM SIGSAC Conference on Computer and Communications Security (CCS), 2025

Bib PDF Code

@inproceedings{naseh2025riddle,
  title = {Riddle Me This! Stealthy Membership Inference for Retrieval-Augmented Generation},
  author = {Naseh, Ali and Peng, Yuefeng and Suri, Anshuman and Chaudhari, Harsh and Oprea, Alina and Houmansadr, Amir},
  booktitle = {ACM SIGSAC Conference on Computer and Communications Security (CCS)},
  year = {2025},
}

2024

Phantom: General Backdoor Attacks on Retrieval Augmented Language Generation

Harsh Chaudhari, Giorgio Severi, John Abascal, Anshuman Suri, and 5 more authors

arXiv preprint arXiv:2405.20485, 2024

Bib PDF

@article{chaudhari2024phantom,
  title = {Phantom: General Backdoor Attacks on Retrieval Augmented Language Generation},
  author = {Chaudhari, Harsh and Severi, Giorgio and Abascal, John and Suri, Anshuman and Jagielski, Matthew and Choquette-Choo, Christopher A and Nasr, Milad and Nita-Rotaru, Cristina and Oprea, Alina},
  journal = {arXiv preprint arXiv:2405.20485},
  year = {2024}
}

Do Parameters Reveal More than Loss for Membership Inference?

Anshuman Suri, Xiao Zhang, and David Evans

Transactions on Machine Learning Research (TMLR), 2024

Bib PDF Code

@article{suri2024do,
  title = {Do Parameters Reveal More than Loss for Membership Inference?},
  author = {Suri, Anshuman and Zhang, Xiao and Evans, David},
  journal = {Transactions on Machine Learning Research (TMLR)},
  year = {2024},
  url = {https://arxiv.org/abs/2406.11544},
}

Do Membership Inference Attacks Work on Large Language Models?

Michael Duan^*, Anshuman Suri^*, Niloofar Mireshghallah, Sewon Min, and 6 more authors

In Conference on Language Modeling (COLM), 2024

Bib PDF Code Website

@inproceedings{duan2024membership,
  title = {Do Membership Inference Attacks Work on Large Language Models?},
  author = {Duan, Michael and Suri, Anshuman and Mireshghallah, Niloofar and Min, Sewon and Shi, Weijia and Zettlemoyer, Luke and Tsvetkov, Yulia and Choi, Yejin and Evans, David and Hajishirzi, Hannaneh},
  year = {2024},
  booktitle = {Conference on Language Modeling (COLM)},
}

SoK: Pitfalls in Evaluating Black-Box Attacks

Fnu Suya^*, Anshuman Suri^*, Tingwei Zhang, Jingtao Hong, and 2 more authors

In IEEE Conference on Secure and Trustworthy Machine Learning (SaTML), 2024

Bib PDF Video Code

@inproceedings{suya2024sok,
  title = {SoK: Pitfalls in Evaluating Black-Box Attacks},
  author = {Suya, Fnu and Suri, Anshuman and Zhang, Tingwei and Hong, Jingtao and Tian, Yuan and Evans, David},
  booktitle = {IEEE Conference on Secure and Trustworthy Machine Learning (SaTML)},
  year = {2024},
}

2023

SoK: Memorization in General-Purpose Large Language Models

Valentin Hartmann, Anshuman Suri, Vincent Bindschaedler, David Evans, and 2 more authors

arXiv:2310.18362, 2023

Bib PDF

@article{hartmann2023sok,
  title = {SoK: Memorization in General-Purpose Large Language Models},
  author = {Hartmann, Valentin and Suri, Anshuman and Bindschaedler, Vincent and Evans, David and Tople, Shruti and West, Robert},
  year = {2023},
  journal = {arXiv:2310.18362},
}

Manipulating Transfer Learning for Property Inference

Yulong Tian, Fnu Suya, Anshuman Suri, Fengyuan Xu, and 1 more author

In IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), 2023

Bib PDF Video Code

@inproceedings{tian2023manipulating,
  title = {Manipulating Transfer Learning for Property Inference},
  author = {Tian, Yulong and Suya, Fnu and Suri, Anshuman and Xu, Fengyuan and Evans, David},
  booktitle = {IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR)},
  year = {2023},
}

SoK: Let The Privacy Games Begin! A Unified Treatment of Data Inference Privacy in Machine Learning

Ahmed Salem, Giovanni Cherubin, David Evans, Boris Köpf, and 4 more authors

IEEE Symposium on Security and Privacy (S&P), 2023

Bib PDF Video

@article{salem2022sok,
  title = {{SoK}: Let The Privacy Games Begin! A Unified Treatment of Data Inference Privacy in Machine Learning},
  author = {Salem, Ahmed and Cherubin, Giovanni and Evans, David and Köpf, Boris and Paverd, Andrew and Suri, Anshuman and Tople, Shruti and Zanella-Béguelin, Santiago},
  journal = {IEEE Symposium on Security and Privacy (S&P)},
  year = {2023},
}

Dissecting Distribution Inference

Anshuman Suri, Yifu Lu, Yanjin Chen, and David Evans

In IEEE Conference on Secure and Trustworthy Machine Learning (SaTML), 2023

Bib PDF Video Code

@inproceedings{suri2023dissecting,
  title = {Dissecting Distribution Inference},
  author = {Suri, Anshuman and Lu, Yifu and Chen, Yanjin and Evans, David},
  booktitle = {IEEE Conference on Secure and Trustworthy Machine Learning (SaTML)},
  year = {2023},
}

2022

Formalizing and Estimating Distribution Inference Risks

Anshuman Suri, and David Evans

Proceedings on Privacy Enhancing Technologies, 2022

Bib PDF Video Code

@article{suri2022formalizing,
  title = {Formalizing and Estimating Distribution Inference Risks},
  author = {Suri, Anshuman and Evans, David},
  journal = {Proceedings on Privacy Enhancing Technologies},
  year = {2022},
}

Subject Membership Inference Attacks in Federated Learning

Anshuman Suri, Pallika Kanani, Virendra J. Marathe, and Daniel W. Peterson

arXiv preprint arXiv:2206.03317, 2022

Bib PDF

@article{suri2022subject,
  title = {Subject Membership Inference Attacks in Federated Learning},
  author = {Suri, Anshuman and Kanani, Pallika and Marathe, Virendra J. and Peterson, Daniel W.},
  journal = {arXiv preprint arXiv:2206.03317},
  year = {2022},
}

2020

Model-Targeted Poisoning Attacks with Provable Convergence

Fnu Suya, Saeed Mahloujifar, Anshuman Suri, David Evans, and 1 more author

In International Conference on Machine Learning, 2020

Bib PDF Code

@inproceedings{suya2020model,
  title = {Model-Targeted Poisoning Attacks with Provable Convergence},
  author = {Suya, Fnu and Mahloujifar, Saeed and Suri, Anshuman and Evans, David and Tian, Yuan},
  booktitle = {International Conference on Machine Learning},
  year = {2020},
}

QnAMaker: Data to Bot in 2 Minutes

Parag Agrawal, Tulasi Menon, Aya Kam, Michel Naim, and 7 more authors

In Companion Proceedings of the Web Conference, 2020

Bib PDF

@inproceedings{agrawal2020qnamaker,
  title = {{QnAMaker}: Data to Bot in 2 Minutes},
  author = {Agrawal, Parag and Menon, Tulasi and Kam, Aya and Naim, Michel and Chouragade, Chaikesh and Singh, Gurvinder and Kulkarni, Rohan and Suri, Anshuman and Katakam, Sahithi and Pratik, Vineet and others},
  booktitle = {Companion Proceedings of the Web Conference},
  pages = {131--134},
  year = {2020},
}

One Neuron to Fool Them All

Anshuman Suri, and David Evans

arXiv preprint arXiv:2003.09372, 2020

Bib PDF Code

A2-LINK: Recognizing Disguised Faces via Active Learning and Adversarial Noise based Inter-Domain Knowledge

Anshuman Suri, Mayank Vatsa, and Richa Singh

IEEE Transactions on Biometrics, Behavior, and Identity Science, 2020

Bib PDF Code

@article{9104705,
  author = {Suri, Anshuman and Vatsa, Mayank and Singh, Richa},
  journal = {IEEE Transactions on Biometrics, Behavior, and Identity Science},
  title = {A2-{LINK}: Recognizing Disguised Faces via Active Learning and Adversarial Noise based Inter-Domain Knowledge},
  year = {2020},
}

2019

Hardening Deep Neural Networks via Adversarial Model Cascades

Deepak Vijaykeerthy^*, Anshuman Suri^*, Sameep Mehta, and Ponnurangam Kumaraguru

In International Joint Conference on Neural Networks (IJCNN), 2019

Bib PDF Code

@inproceedings{vijaykeerthy2019hardening,
  title = {Hardening Deep Neural Networks via Adversarial Model Cascades},
  author = {Vijaykeerthy, Deepak and Suri, Anshuman and Mehta, Sameep and Kumaraguru, Ponnurangam},
  booktitle = {International Joint Conference on Neural Networks (IJCNN)},
  year = {2019},
  organization = {IEEE},
}

Microsoft Icecaps: An Open-Source Toolkit for Conversation Modeling

Vighnesh Leonardo Shiv, Chris Quirk, Anshuman Suri, Xiang Gao, and 7 more authors

In Proceedings of the 57th Annual Meeting of the Association for Computational Linguistics: System Demonstrations, 2019

Bib PDF Code

@inproceedings{shiv2019microsoft,
  title = {Microsoft Icecaps: An Open-Source Toolkit for Conversation Modeling},
  author = {Shiv, Vighnesh Leonardo and Quirk, Chris and Suri, Anshuman and Gao, Xiang and Shahid, Khuram and Govindarajan, Nithya and Zhang, Yizhe and Gao, Jianfeng and Galley, Michel and Brockett, Chris and others},
  booktitle = {Proceedings of the 57th Annual Meeting of the Association for Computational Linguistics: System Demonstrations},
  pages = {123--128},
  year = {2019},
}

A-LINK: Recognizing Disguised Faces via Active Learning based Inter-Domain Knowledge

Anshuman Suri, Mayank Vatsa, and Richa Singh

In IEEE International Conference on Biometrics Theory, Applications and Systems (BTAS), 2019

Bib PDF Code

@inproceedings{suri2019link,
  title = {A-{LINK}: Recognizing Disguised Faces via Active Learning based Inter-Domain Knowledge},
  author = {Suri, Anshuman and Vatsa, Mayank and Singh, Richa},
  booktitle = {IEEE International Conference on Biometrics Theory, Applications and Systems (BTAS)},
  pages = {1--8},
  year = {2019},
  organization = {IEEE},
}

NELEC at SemEval-2019 Task 3: Think Twice Before Going Deep

Parag Agrawal, and Anshuman Suri

In Proceedings of the 13th International Workshop on Semantic Evaluation, 2019

Bib PDF

@inproceedings{agrawal2019nelec,
  title = {{NELEC} at SemEval-2019 {T}ask 3: Think Twice Before Going Deep},
  author = {Agrawal, Parag and Suri, Anshuman},
  booktitle = {Proceedings of the 13th International Workshop on Semantic Evaluation},
  pages = {266--271},
  year = {2019},
}

2018

A Trustworthy, Responsible and Interpretable System to Handle Chit-Chat in Conversational Bots

Parag Agrawal, Anshuman Suri, and Tulasi Menon

In The Second AAAI Workshop on Reasoning and Learning for Human-Machine Dialogues, 2018

Bib PDF

@inproceedings{agrawal2018a,
  author = {Agrawal, Parag and Suri, Anshuman and Menon, Tulasi},
  title = {A Trustworthy, Responsible and Interpretable System to Handle Chit-Chat in Conversational Bots},
  booktitle = {The Second AAAI Workshop on Reasoning and Learning for Human-Machine Dialogues},
  year = {2018},
}

2017

Towards Understanding Crisis Events On Online Social Networks Through Pictures

Prateek Dewan, Anshuman Suri, Varun Bharadhwaj, Aditi Mithal, and 1 more author

In Proceedings of the 2017 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining 2017, 2017

Bib PDF Code Website

@inproceedings{dewan2017towards,
  title = {Towards Understanding Crisis Events On Online Social Networks Through Pictures},
  author = {Dewan, Prateek and Suri, Anshuman and Bharadhwaj, Varun and Mithal, Aditi and Kumaraguru, Ponnurangam},
  booktitle = {Proceedings of the 2017 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining 2017},
  year = {2017},
}