Launching a Robust Backdoor Attack under Capability Constrained Scenarios

As deep neural networks continue to be used in critical domains, concerns over their security have emerged. Deep learning models are vulnerable to backdoor attacks due to the lack of transparency. A poisoned backdoor model may perform normally in routine environments, but exhibit malicious behavior when the input contains a trigger. Current research on backdoor attacks focuses on improving the stealthiness of triggers, and most approaches require strong attacker capabilities, such as knowledge of the model structure or control over the training process. These attacks are impractical since in most cases the attacker's capabilities are limited. Additionally, the issue of model robustness has not received adequate attention. For instance, model distillation is commonly used to streamline model size as the number of parameters grows exponentially, and most of previous backdoor attacks failed after model distillation; the image augmentation operations can destroy the trigger and thus disable the backdoor. This study explores the implementation of black-box backdoor attacks within capability constraints. An attacker can carry out such attacks by acting as either an image annotator or an image provider, without involvement in the training process or knowledge of the target model's structure. Through the design of a backdoor trigger, our attack remains effective after model distillation and image augmentation, making it more threatening and practical. Our experimental results demonstrate that our method achieves a high attack success rate in black-box scenarios and evades state-of-the-art backdoor defenses.Comment: 9 pages, 6 figure

A Novel Steganography Method for Character-Level Text Image Based on Adversarial Attacks

The Internet has become the main channel of information communication, which contains a large amount of secret information. Although network communication provides a convenient channel for human communication, there is also a risk of information leakage. Traditional image steganography algorithms use manually crafted steganographic algorithms or custom models for steganography, while our approach uses ordinary OCR models for information embedding and extraction. Even if our OCR models for steganography are intercepted, it is difficult to find their relevance to steganography. We propose a novel steganography method for character-level text images based on adversarial attacks. We exploit the complexity and uniqueness of neural network boundaries and use neural networks as a tool for information embedding and extraction. We use an adversarial attack to embed the steganographic information into the character region of the image. To avoid detection by other OCR models, we optimize the generation of the adversarial samples and use a verification model to filter the generated steganographic images, which, in turn, ensures that the embedded information can only be recognized by our local model. The decoupling experiments show that the strategies we adopt to weaken the transferability can reduce the possibility of other OCR models recognizing the embedded information while ensuring the success rate of information embedding. Meanwhile, the perturbations we add to embed the information are acceptable. Finally, we explored the impact of different parameters on the algorithm with the potential of our steganography algorithm through parameter selection experiments. We also verify the effectiveness of our validation model to select the best steganographic images. The experiments show that our algorithm can achieve a 100% information embedding rate and more than 95% steganography success rate under the set condition of 3 samples per group. In addition, our embedded information can be hardly detected by other OCR models

N-Heterocyclic Carbene/Magnesium Co-catalyzed Radical Relay Assembly of Aliphatic Keto-nitriles

An N-heterocyclic carbene and magnesium co-catalyzed three-component alkylacylation of alkenes with cycloketone oxime esters and aldehydes was presented. This method displayed good scope generality, providing a transition metal and photo-redox free pathway to access various multi-functionalized aliphatic keto-nitrile structures under mild reaction conditions. Moreover, this strategy is supposed to follow a radical relay mechanism via a single electron transfer (SET) event of Mg/oxime ester/Breslow intermediate ternary electron donating acceptor (EDA) complex

Mechanism-Independent Optimization of Combinatorial Nanodiamond and Unmodified Drug Delivery Using a Phenotypically Driven Platform Technology

Combination chemotherapy can mediate drug synergy to improve treatment efficacy against a broad spectrum of cancers. However, conventional multidrug regimens are often additively determined, which have long been believed to enable good cancer-killing efficiency but are insufficient to address the nonlinearity in dosing. Despite improved clinical outcomes by combination treatment, multi-objective combination optimization, which takes into account tumor heterogeneity and balance of efficacy and toxicity, remains challenging given the sheer magnitude of the combinatorial dosing space. To enhance the properties of the therapeutic agents, the field of nanomedicine has realized novel drug delivery platforms that can enhance therapeutic efficacy and safety. However, optimal combination design that incorporates nanomedicine agents still faces the same hurdles as unmodified drug administration. The work reported here applied a powerful phenotypically driven platform, termed feedback system control (FSC), that systematically and rapidly converges upon a combination consisting of three nanodiamond-modified drugs and one unmodified drug that is simultaneously optimized for efficacy against multiple breast cancer cell lines and safety against multiple control cell lines. Specifically, the therapeutic window achieved from an optimally efficacious and safe nanomedicine combination was markedly higher compared to that of an optimized unmodified drug combination and nanodiamond monotherapy or unmodified drug administration. The phenotypically driven foundation of FSC implementation does not require any cellular signaling pathway data and innately accounts for population heterogeneity and nonlinear biological processes. Therefore, FSC is a broadly applicable platform for both nanotechnology-modified and unmodified therapeutic optimizations that represent a promising path toward phenotypic personalized medicine