RADAR: Robust AI-Text Detection via Adversarial Learning

Recent advances in large language models (LLMs) and the intensifying popularity of ChatGPT-like applications have blurred the boundary of high-quality text generation between humans and machines. However, in addition to the anticipated revolutionary changes to our technology and society, the difficulty of distinguishing LLM-generated texts (AI-text) from human-generated texts poses new challenges of misuse and fairness, such as fake content generation, plagiarism, and false accusation of innocent writers. While existing works show that current AI-text detectors are not robust to LLM-based paraphrasing, this paper aims to bridge this gap by proposing a new framework called RADAR, which jointly trains a Robust AI-text Detector via Adversarial leaRning. RADAR is based on adversarial training of a paraphraser and a detector. The paraphraser's goal is to generate realistic contents to evade AI-text detection. RADAR uses the feedback from the detector to update the paraphraser, and vice versa. Evaluated with 8 different LLMs (Pythia, Dolly 2.0, Palmyra, Camel, GPT-J, Dolly 1.0, LLaMA, and Vicuna) across 4 datasets, experimental results show that RADAR significantly outperforms existing AI-text detection methods, especially when paraphrasing is in place. We also identify the strong transferability of RADAR from instruction-tuned LLMs to other LLMs, and evaluate the improved capability of RADAR via GPT-3.5.Comment: Preprint. Project page and demos: https://radar.vizhub.a

How to Backdoor Diffusion Models?

Diffusion models are state-of-the-art deep learning empowered generative models that are trained based on the principle of learning forward and reverse diffusion processes via progressive noise-addition and denoising. To gain a better understanding of the limitations and potential risks, this paper presents the first study on the robustness of diffusion models against backdoor attacks. Specifically, we propose BadDiffusion, a novel attack framework that engineers compromised diffusion processes during model training for backdoor implantation. At the inference stage, the backdoored diffusion model will behave just like an untampered generator for regular data inputs, while falsely generating some targeted outcome designed by the bad actor upon receiving the implanted trigger signal. Such a critical risk can be dreadful for downstream tasks and applications built upon the problematic model. Our extensive experiments on various backdoor attack settings show that BadDiffusion can consistently lead to compromised diffusion models with high utility and target specificity. Even worse, BadDiffusion can be made cost-effective by simply finetuning a clean pre-trained diffusion model to implant backdoors. We also explore some possible countermeasures for risk mitigation. Our results call attention to potential risks and possible misuse of diffusion models

CARBEN: Composite Adversarial Robustness Benchmark

Prior literature on adversarial attack methods has mainly focused on attacking with and defending against a single threat model, e.g., perturbations bounded in Lp ball. However, multiple threat models can be combined into composite perturbations. One such approach, composite adversarial attack (CAA), not only expands the perturbable space of the image, but also may be overlooked by current modes of robustness evaluation. This paper demonstrates how CAA's attack order affects the resulting image, and provides real-time inferences of different models, which will facilitate users' configuration of the parameters of the attack level and their rapid evaluation of model prediction. A leaderboard to benchmark adversarial robustness against CAA is also introduced.Comment: IJCAI 2022 Demo Track; The demonstration is at https://hsiung.cc/CARBEN

Towards Compositional Adversarial Robustness: Generalizing Adversarial Training to Composite Semantic Perturbations

Model robustness against adversarial examples of single perturbation type such as the $\ell_{p}$-norm has been widely studied, yet its generalization to more realistic scenarios involving multiple semantic perturbations and their composition remains largely unexplored. In this paper, we first propose a novel method for generating composite adversarial examples. Our method can find the optimal attack composition by utilizing component-wise projected gradient descent and automatic attack-order scheduling. We then propose generalized adversarial training (GAT) to extend model robustness from $\ell_{p}$-ball to composite semantic perturbations, such as the combination of Hue, Saturation, Brightness, Contrast, and Rotation. Results obtained using ImageNet and CIFAR-10 datasets indicate that GAT can be robust not only to all the tested types of a single attack, but also to any combination of such attacks. GAT also outperforms baseline $\ell_{\infty}$-norm bounded adversarial training approaches by a significant margin

Quality assessment on Polygoni Multiflori Caulis using HPLC/UV/MS combined with principle component analysis

BACKGROUND: Polygoni Multiflori Caulis, the dried caulis of Polygonum multiflorum Thunb., is one of the commonly used traditional Chinese medicines having antioxidant, anti-obesity, anti-inflammatory and antibacterial effects. Polygoni Multiflori Caulis used clinically or circulated on market have great differences in their diameters. However, to the best of our knowledge, no study has been reported on the qualities of Polygoni Multiflori Caulis with different diameters. RESULTS: Systematic HPLC/UV/MS chromatographic fingerprinting and quantitative analytical methods combined with principal component analysis were developed and applied to analyze different Polygoni Multiflori Caulis samples. The contents of 2,3,5,4′-tetrahydroxystilbene-2-O-β-D-glucoside, the chemical marker for quality control on Polygoni Multiflori Caulis specified in Chinese Pharmacopoeia (2010 edition), were found to have surprising relevance with the samples’ diameters for the first time. CONCLUSION: The finding provides a scientific basis for collecting Polygoni Multiflori Caulis in the best time. Moreover, the diameter can be used as the criterion for quality control on Polygoni Multiflori Caulis as a preliminary step in the future. In addition, scores plot obtained from principal component analysis shows the obvious differences between unqualified Polygoni Multiflori Caulis samples and qualified ones visually, which can be used to single out the unqualified ones with qualified ones efficiently and immediately

NeuralFuse: Learning to Improve the Accuracy of Access-Limited Neural Network Inference in Low-Voltage Regimes

Deep neural networks (DNNs) have become ubiquitous in machine learning, but their energy consumption remains a notable issue. Lowering the supply voltage is an effective strategy for reducing energy consumption. However, aggressively scaling down the supply voltage can lead to accuracy degradation due to random bit flips in static random access memory (SRAM) where model parameters are stored. To address this challenge, we introduce NeuralFuse, a novel add-on module that addresses the accuracy-energy tradeoff in low-voltage regimes by learning input transformations to generate error-resistant data representations. NeuralFuse protects DNN accuracy in both nominal and low-voltage scenarios. Moreover, NeuralFuse is easy to implement and can be readily applied to DNNs with limited access, such as non-configurable hardware or remote access to cloud-based APIs. Experimental results demonstrate that, at a 1% bit error rate, NeuralFuse can reduce SRAM memory access energy by up to 24% while improving accuracy by up to 57%. To the best of our knowledge, this is the first model-agnostic approach (i.e., no model retraining) to address low-voltage-induced bit errors. The source code is available at https://github.com/IBM/NeuralFuse

Temperature effects of Mach-Zehnder interferometer using a liquid crystal-filled fiber

We demonstrated a simple and cost-effective method to fabricate all fiber Mach-Zehnder interferometer (MZI) based on cascading a short section of liquid crystal (LC)-filled hollow-optic fiber (HOF) between two single mode fibers by using automatically splicing technique. The transmission spectra of the proposed MZI with different LC-infiltrated length were measured and the temperature-induced wavelength shifts of the interference fringes were recorded. Both blue shift and red shift were observed, depending the temperature range. Based on our experimental results, interference fringe was observed with a maximum interferometric contrast over 35dB. The temperature-induced resonant wavelength blue-shifts 70.4 nm for the MZI with an LC length of 9.79 mm and the wavelength temperature sensitivity of -1.55 nm/°C is easily achieved as the temperature increases from 25°C to 77°C

Analgesic and Anti-Inflammatory Activities of Methanol Extract of Ficus pumila L. in Mice

This study investigated possible analgesic and anti-inflammatory mechanisms of the methanol extract of Ficus pumila (FPMeOH). Analgesic effects were evaluated in two models including acetic acid-induced writhing response and formalin-induced paw licking. The results showed FPMeOH decreased writhing response in the acetic acid assay and licking time in the formalin test. The anti-inflammatory effect was evaluated by λ-carrageenan-induced mouse paw edema and histopathological analyses. FPMeOH significantly decreased the volume of paw edema induced by λ-carrageenan. Histopathologically, FPMeOH abated the level of tissue destruction and swelling of the edema paws. This study indicated anti-inflammatory mechanism of FPMeOH may be due to declined levels of NO and MDA in the edema paw through increasing the activities of SOD, GPx, and GRd in the liver. Additionally, FPMeOH also decreased the level of inflammatory mediators such as IL-1β, TNF-α, and COX-2. HPLC fingerprint was established and the contents of three active ingredients, rutin, luteolin, and apigenin, were quantitatively determined. This study provided evidence for the classical treatment of Ficus pumila in inflammatory diseases

False Data Injection Attack on Atmospheric Electric Field in Thunderstorm Warning

Thunderstorm warning plays an important role in lightning prevention and disaster mitigation. In practical applications, thunderstorm warning system is also vulnerable to attacks, such as False Data Injection Attack (FDIA). However, there is a lack of research on False Data Injection Attack for thunderstorm warning. Therefore, this paper put forwards a FDIA method based on principal component analysis (PCA) for atmospheric electric field (AEF), which is usually used for thunderstorm warning. In the FDIA scenario, the AEF-based thunderstorm warning algorithm is also introduced with electric field differential index (EFDI). Finally, experiments are conducted based on AEF data collected by an atmospheric electric field meter (AEFM) about the real thunderstorm. The experimental results show that FDIA seriously interferes with the results of the AEF-based thunderstorm warning