	Ilia Shumailov Computer Laboratory University of Cambridge 15 JJ Thomson Avenue Cambridge CB3 0FD United Kingdom University phone number: (7)63616 CV: here Google Scholar: here Research Gate: here Twitter: here Useful links: here

My name is Ilia (Илья | Iлля) and I am a PhD candidate under the supervision of Prof Ross Anderson. My interests lie in fields of DSP, Security and ML.
I can be contacted at: Ilia.Shumailov [at] cl [dot] cam [dot] ac [dot] uk
Starting from October 2022 I will be joining Christ Church College in Oxford University as a Junior Research Fellow.
Starting from September 2021 I will be joining Vector Institute in Toronto under supervision of Nicolas Papernot and Kassem Fawaz.

Talks (all here):

04/2021, Availability attacks on machine learning, Google Brain slides
12/2020, Exploiting power hunger of machine learning, Fitz Talks 2020 slides
11/2020, Towards Certifiable Adversarial Sample Detection, CCS AISec 2020 slides
11/2020, Availability attacks on Machine Learning, Standoff 2020 slides
11/2020, Acoustics in Computer Security, Monash University slides
07/2020, Availability attacks on Machine Learning, Google Brain slides
06/2019, Towards hardware deployable adversarial sample detection, Deep Mind

Publications and work in progress:

Year 2023:

The Curse of Recursion: Training on Generated Data Makes Models Forget adversarial ml
by Ilia Shumailov, Zakhar Shumaylov, Yiren Zhao, Yarin Gal, Nicolas Papernot, Ross Anderson
Links: arxiv draft

Boosting Big Brother: Attacking Search Engines with Encodings adversarial ml
by Nicholas Boucher, Luca Pajola, Ilia Shumailov, Ross Anderson, Mauro Conti
Links: arxiv

Revisiting Automated Prompting: Are We Actually Doing Better? ML
by Yulin Zhou, Yiren Zhao, Ilia Shumailov, Robert Mullins, Yarin Gal
The 61st Annual Meeting of the Association for Computational Linguistics (ACL 2023) Links: arxiv

When the Curious Abandon Honesty: Federated Learning Is Not Private adversarial ml
by Franziska Boenisch, Adam Dziedzic, Roei Schuster, Ali Shahin Shamsabadi, Ilia Shumailov, Nicolas Papernot
8th IEEE European Symposium on Security and Privacy (EuroS&P) (Acceptance rate ~35%) Links: arxiv

Is Federated Learning a Practical PET Yet? adversarial ml
by Franziska Boenisch, Adam Dziedzic, Roei Schuster, Ali Shahin Shamsabadi, Ilia Shumailov, Nicolas Papernot
8th IEEE European Symposium on Security and Privacy (EuroS&P) (Acceptance rate ~35%) Links: arxiv

Architectural Backdoors in Neural Networks adversarial ml
by Mikel Bober-Irizar, Ilia Shumailov, Yiren Zhao, Robert Mullins, Nicolas Papernot
IEEE/CVF Conference on Computer Vision and Pattern Recognition 2023 (Acceptance rate ~25.78%). Links: arxiv draft

Year 2022:

Wide Attention Is The Way Forward For Transformers ML
by Jason Ross Brown, Yiren Zhao, Ilia Shumailov, Robert Mullins
All Things Attention Workshop, NeurIPS 2022
Links: arxiv

DARTFormer: Finding The Best Type Of Attention ML
by Jason Ross Brown, Yiren Zhao, Ilia Shumailov, Robert Mullins
I Can't Believe It's Not Better Workshop, NeurIPS 2022
Links: arxiv

ImpNet: Imperceptible and blackbox-undetectable backdoors in compiled neural networks adversarial ml
by Tim Clifford, Ilia Shumailov, Yiren Zhao, Ross Anderson, Robert Mullins
Links: arxiv
- > Schneier on Security

Augmentation Backdoors adversarial ml
by Joseph Rance, Yiren Zhao, Ilia Shumailov, Robert Mullins
Links: arxiv

Efficient Adversarial Training With Data Pruning adversarial ml
by Maximilian Kaufmann, Yiren Zhao, Ilia Shumailov, Robert Mullins, Nicolas Papernot
Links: arxiv

In Differential Privacy, There is Truth: on Vote-Histogram Leakage in Ensemble Private Learning privacy in ml
by Jiaqi Wang, Roei Schuster, Ilia Shumailov, David Lie, Nicolas Papernot
Proceedings of the 36th Conference on Neural Information Processing Systems (Acceptance rate ~25.6%). Links: arxiv

Rapid Model Architecture Adaption for Meta-Learning ML architecture
by Yiren Zhao, Xitong Gao, Ilia Shumailov, Nicolo Fusi, Robert Mullins
Proceedings of the 36th Conference on Neural Information Processing Systems (Acceptance rate ~25.6%). Links: arxiv

On the Limitations of Stochastic Pre-processing Defenses adversarial ml
by Yue Gao, Ilia Shumailov, Kassem Fawaz, Nicolas Papernot
Proceedings of the 36th Conference on Neural Information Processing Systems (Acceptance rate ~25.6%). Links: arxiv

Rethinking Image-Scaling Attacks: The Interplay Between Vulnerabilities in Machine Learning Systems adversarial ml
by Yue Gao, Ilia Shumailov, Kassem Fawaz
Proceedings of the 39th International Conference on Machine Learning (Acceptance rate ~20%, Long presentation top 2% of all papers). Links: arxiv pmlr

Model Architecture Adaption for Bayesian Neural Networks ML architecture
by Duo Wang, Yiren Zhao, Ilia Shumailov, Robert Mullins
Links: arxiv

Pipe Overflow: Smashing Voice Authentication for Fun and Profit adversarial ml
by Shimaa Ahmed, Yash Wani, Ali Shahin Shamsabadi, Mohammad Yaghini, Ilia Shumailov, Nicolas Papernot, Kassem Fawaz
Proceedings of the 32st USENIX Security Symposium (2023). Links: arxiv Links: draft arxiv

Bounding Membership Inference adversarial ml
by Anvith Thudi, Ilia Shumailov, Franziska Boenisch, Nicolas Papernot
Links: openreview arxiv

Year 2021:

ExtremeBB: Enabling Large-Scale Research into Extremism, the Manosphere and Their Correlation by Online Forum Data extremism
by Anh V. Vu, Lydia Wilson, Yi Ting Chua, Ilia Shumailov, Ross Anderson
Links: arxiv

On the Necessity of Auditable Algorithmic Definitions for Machine Unlearning adversarial ml
by Anvith Thudi, Hengrui Jia, Ilia Shumailov, Nicolas Papernot
Proceedings of the 31st USENIX Security Symposium (2022). Links: arxiv

Towards More Robust Keyword Spotting for Voice Assistants adversarial ml
by Shimaa Ahmed, Ilia Shumailov, Nicolas Papernot, Kassem Fawaz
Proceedings of the 31st USENIX Security Symposium (2022). Links: usenix

Bad Characters: Imperceptible NLP Attacks adversarial ml
by Nicholas Boucher, Ilia Shumailov, Nicolas Papernot, Ross Anderson
Proceedings of the 43nd IEEE Symposium on Security and Privacy (Acceptance rate ~15%) Links: draft arxiv website ieee gtranslate
- > The Register

Manipulating SGD with Data Ordering Attacks adversarial ml
by Ilia Shumailov, Zakhar Shumaylov, Dmitry Kazhdan, Yiren Zhao, Nicolas Papernot, Murat A. Erdogdu, Ross Anderson
Proceedings of the 35th Conference on Neural Information Processing Systems (Acceptance rate ~26%). Links: draft arxiv

Markpainting: Adversarial Machine Learning meets Inpainting adversarial ml
by David Khachaturov, Ilia Shumailov, Yiren Zhao, Nicolas Papernot, Ross Anderson
Proceedings of the 38th International Conference on Machine Learning (Acceptance rate ~21.5%). Links: draft arxiv pmlr
- > Schneier on Security
- > PetaPixel

Year 2020:

Hey Alexa what did I just type? Decoding smartphone sounds with a voice assistant acoustics
by Almos Zarandy, Ilia Shumailov, Ross Anderson
currently under review for a publication. Links: draft arxiv
- > NewScientist
- > Schneier on Security

Nudge Attacks on point-cloud DNNs adversarial ml
by Yiren Zhao, Ilia Shumailov, Robert Mullins, Ross Anderson
currently under review for a publication. Links: arxiv

Turning Up the Dial: the Evolution of a Cybercrime Market Through Set-up, Stable, and Covid-19 Eras cybercrime
by Anh Viet Vu, Jack Hughes, Ildiko Pete, Ben Collier, Yi Ting Chua, Ilia Shumailov, Alice Hutchings
ACM IMC 2020 (acceptance rate ~24%). Links: draft webpage

BatNet: Data transmission between smartphones over ultrasound acoustics
by Almos Zarandy, Ilia Shumailov, Ross Anderson
currently under review for a publication. Links: draft arxiv github

Sponge Examples: Energy-Latency Attacks on Neural Networks adversarial ml
by Ilia Shumailov, Yiren Zhao, Daniel Bates, Nicolas Papernot, Robert Mullins, Ross Anderson
6th IEEE European Symposium on Security and Privacy (EuroS&P) (Acceptance rate ~32%). Links: arxiv, draft, video
- > Schneier on Security
- > The Register

Towards Certifiable Adversarial Sample Detection adversarial ml
by Ilia Shumailov, Yiren Zhao, Robert Mullins, Ross Anderson
Artificial Intelligence and Security (AISec 2020) (Acceptance rate ~39%). Links: draft arxiv

Blackbox Attacks on Reinforcement Learning Agents Using Approximated Temporal Information adversarial ml
by Yiren Zhao, Ilia Shumailov, Han Cui, Xitong Gao, Robert Mullins, Ross Anderson
Dependable and Secure Machine Learning (DSML 2020). Links: draft arxiv

Year 2019

Audio CAPTCHA with a few cocktails: it’s so noisy I can't hear you usability
by Benjamin Maximilian Reinheimer, Fairooz Islam, Ilia Shumailov
SPW2019 Links: Springer draft

Towards Automatic Discovery of Cybercrime Supply Chains cybercrime
by Rasika Bhalerao, Maxwell Aliapoulios, Ilia Shumailov, Sadia Afroz, Damon McCoy
eCrime 2019 (Acceptance rate: ~44%). Links: arxiv

> Received Honorable Mention

Sitatapatra: Blocking the Transfer of Adversarial Samples adversarial ml
by Ilia Shumailov, Xitong Gao, Yiren Zhao, Robert Mullins, Ross Anderson, Cheng-Zhong Xu
Links: draft arxiv

The Taboo Trap: Behavioural Detection of Adversarial Samples adversarial ml
by Ilia Shumailov, Yiren Zhao, Robert Mullins, Ross Anderson
Links: draft arxiv

To compress or not to compress: Understanding the Interactions between Adversarial Attacks and Neural Network Compression adversarial ml
by Yiren Zhao, Ilia Shumailov, Robert Mullins, Ross Anderson
SysML 2019 (Acceptance rate: ~16%) Links: paper, poster, video

Year 2018

Tendrils of Crime: Visualizing the Diffusion of Stolen Bitcoins cybercrime
by Mansoor Ahmed, Ilia Shumailov, Ross Anderson
GraMSec 2018. Links: Springer, arxiv
- > MIT Technology review

Bitcoin Redux cybercrime
by Ross Anderson, Ilia Shumailov, Mansoor Ahmed, Alessandro Rietmann
WEIS 2018 (Acceptance rate: ~38%). Links: paper
- > TaintChain WIRED article

Making Bitcoin Legal cybercrime
by Ross Anderson, Ilia Shumailov, Mansoor Ahmed
SPW 2018. Links: paper

Year 2017

Hearing your touch: A new acoustic side channel on smartphones acoustics
by Ilia Shumailov, Laurent Simon, Jeff Yan, Ross Anderson
Links: arxiv, poster

> Wall Street Journal
> Schneier on Security

Computational Analysis of Valence and Arousal in Virtual Reality Gaming using Lower Arm Electromyograms
by Ilia Shumailov, Hatice Gunes
Seventh Affective Computing and Intelligent Interaction (ACII 2017). Links: IEEExplore, poster

Big Things I participate(d) in

CleverHans Lab @ Vector Institute, University of Toronto
TaintChain @ University of Cambridge
CADETS @ University of Cambridge
Digitising Scotland @ University of St Andrews
Investigating the Underground Economy @ ICSI, University of California Berkeley
Cambridge Cybercrime Centre @ University of Cambridge

Class Supervision

I am supervising for:

So far I have supervised ~70 students in ~120 hours.

Organisational things:

I am on the PC of AISec 2020, 2021
I review for a lot of confs including NeurIPS, ICML, CVPR, ICLR, Security and Privacy and Usenix Security.
I am in the PC of USENIX Security 2023
I am in the PC of IEEE Conference on Secure and Trustworthy Machine Learning (IEEE SatML) 2023
I am in the PC of CCS 2023
Co-organised AdvML / DSP session at WIFS 2019

Project Supervision

I have supervised Part II students in the past. I have a few Part II/Part III/MPhil thesis ideas in fields of signal processing for security purpose and adversarial machine learning. To discuss potential supervision drop by my office GE14 or send me an email. So far I had 3 Part II, 3 Part III and 1 MPhil students. Those projects are already available internaly in Cambridge and I am trying to make them also available globaly.