FLOD: Oblivious Defender for Private Byzantine-Robust Federated Learning with Dishonest-Majority

\textit{Privacy} and \textit{Byzantine-robustness} are two major concerns of federated learning (FL), but mitigating both threats simultaneously is highly challenging: privacy-preserving strategies prohibit access to individual model updates to avoid leakage, while Byzantine-robust methods require access for comprehensive mathematical analysis. Besides, most Byzantine-robust methods only work in the \textit{honest-majority} setting. We present $\mathsf{FLOD}$, a novel oblivious defender for private Byzantine-robust FL in dishonest-majority setting. Basically, we propose a novel Hamming distance-based aggregation method to resist $>1/2$ Byzantine attacks using a small \textit{root-dataset} and \textit{server-model} for bootstrapping trust. Furthermore, we employ two non-colluding servers and use additive homomorphic encryption ($\mathsf{AHE}$) and secure two-party computation (2PC) primitives to construct efficient privacy-preserving building blocks for secure aggregation, in which we propose two novel in-depth variants of Beaver Multiplication triples (MT) to reduce the overhead of Bit to Arithmetic ($\mathsf{Bit2A}$) conversion and vector weighted sum aggregation ($\mathsf{VSWA}$) significantly. Experiments on real-world and synthetic datasets demonstrate our effectiveness and efficiency: (\romannumeral1) $\mathsf{FLOD}$ defeats known Byzantine attacks with a negligible effect on accuracy and convergence, (\romannumeral2) achieves a reduction of $\approx 2\times$ for offline (resp. online) overhead of $\mathsf{Bit2A}$ and $\mathsf{VSWA}$ compared to $\mathsf{ABY}$-$\mathsf{AHE}$ (resp. $\mathsf{ABY}$-$\mathsf{MT}$) based methods (NDSS\u2715), (\romannumeral3) and reduces total online communication and run-time by $167$-$1416\times$ and $3.1$-$7.4\times$ compared to $\mathsf{FLGUARD}$ (Crypto Eprint 2021/025)

CFD Research on the Hydrodynamic Performance of Submarine Sailing near the Free Surface with Long-Crested Waves

The simulations of submarine sailing near the free surface with long-crested waves have been conducted in this study using an in-house viscous URANS solver with an overset grid approach. First, the verification and validation procedures were performed to evaluate the reliability, with the results showing that the generation of irregular waves is adequately accurate and the results of total resistance are in good agreement with EFD. Next, three different submerged depths ranging from 1.1D to 3.3D were selected and the corresponding conditions of submarine sailing near calm water were simulated, the results of which were then compared with each other to investigate the influence of irregular waves and submerged depths. The simulations of the model near calm water at different submerged depths demonstrated that the free surface will cause increasing resistance, lift, and bow-up moments of the model, and this influence decreases dramatically with greater submerged depths. The results of the irregular wave simulations showed that irregular waves cause considerable fluctuations of hydrodynamic force and moments, and that this influence remains even at a deeper submerged depth, which can complicate the control strategies of the submarine. The response spectrum of hydrodynamic forces and moments showed slight amplitudes in the high-frequency region, and the model showed less sensitivity to high-frequency excitations

DEFEAT: Deep Hidden Feature Backdoor Attacks by Imperceptible Perturbation and Latent Representation Constraints

Backdoor attack is a type of serious security threat to deep learning models. An adversary can provide users with a model trained on poisoned data to manipulate prediction behavior in test stage using a backdoor. The backdoored models behave normally on clean images, yet can be activated and output incorrect prediction if the input is stamped with a specific trigger pattern. Most existing backdoor attacks focus on manually defining imperceptible triggers in input space without considering the abnormality of triggers' latent representations in the poisoned model. These attacks are susceptible to backdoor detection algorithms and even visual inspection. In this paper, We propose a novel and stealthy backdoor attack - DEFEAT. It poisons the clean data using adaptive imperceptible perturbation and restricts latent representation during training process to strengthen our attack's stealthiness and resistance to defense algorithms. We conduct extensive experiments on multiple image classifiers using real-world datasets to demonstrate that our attack can 1) hold against the state-of-the-art defenses, 2) deceive the victim model with high attack success without jeopardizing model utility, and 3) provide practical stealthiness on image data.Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.Cyber Securit

Production, Purification, and Antibiofilm Activity of a Novel Exopolysaccharide from <i>Arthrobacter</i> sp. B4

<div><p>A novel exopolysaccharide (EPS), namely, B4-EPS, is produced by <i>Arthrobacter</i> sp. B4. Response surface methodology (RSM) was employed to optimize the fermentation medium for increasing B4-EPS production. Based on Plackett–Burman design (PBD), glucose, yeast extract, and KH₂PO₄ were selected as significant variables, which were further optimized by a central composite design (CCD). According to response surface and canonical analysis, the optimal medium was composed of 16.94 g/L glucose, 2.33 g/L yeast extract, and 5.32 g/L KH₂PO₄. Under this condition, the maximum yield of B4-EPS reached about 8.54 g/L after 72 hr of batch fermentation, which was pretty close to the predicted value (8.52 g/L). Furthermore, B4-EPS was refined by column chromatography. The main homogeneous fraction (B4-EPS1) was collected and applied to assay of antibiofilm activity. B4-EPS1 exhibited a dose-dependent inhibitory effect on biofilm formation of <i>Pseudomonas aeruginosa</i> PAO1 without antibacterial activity. About 86.1% of biofilm formation of <i>P. aeruginosa</i> PAO1 was inhibited in the presence of 50 µg/mL B4-EPS1, which was more effective than the peer published data. Moreover, B4-EPS1 could prevent biofilm formation of other strains. These data suggest B4-EPS may represent a promising strategy to combat bacterial biofilms in the future.</p> </div