831 research outputs found
RADAR: Robust AI-Text Detection via Adversarial Learning
Recent advances in large language models (LLMs) and the intensifying
popularity of ChatGPT-like applications have blurred the boundary of
high-quality text generation between humans and machines. However, in addition
to the anticipated revolutionary changes to our technology and society, the
difficulty of distinguishing LLM-generated texts (AI-text) from human-generated
texts poses new challenges of misuse and fairness, such as fake content
generation, plagiarism, and false accusation of innocent writers. While
existing works show that current AI-text detectors are not robust to LLM-based
paraphrasing, this paper aims to bridge this gap by proposing a new framework
called RADAR, which jointly trains a Robust AI-text Detector via Adversarial
leaRning. RADAR is based on adversarial training of a paraphraser and a
detector. The paraphraser's goal is to generate realistic contents to evade
AI-text detection. RADAR uses the feedback from the detector to update the
paraphraser, and vice versa. Evaluated with 8 different LLMs (Pythia, Dolly
2.0, Palmyra, Camel, GPT-J, Dolly 1.0, LLaMA, and Vicuna) across 4 datasets,
experimental results show that RADAR significantly outperforms existing AI-text
detection methods, especially when paraphrasing is in place. We also identify
the strong transferability of RADAR from instruction-tuned LLMs to other LLMs,
and evaluate the improved capability of RADAR via GPT-3.5.Comment: Preprint. Project page and demos: https://radar.vizhub.a
How to Backdoor Diffusion Models?
Diffusion models are state-of-the-art deep learning empowered generative
models that are trained based on the principle of learning forward and reverse
diffusion processes via progressive noise-addition and denoising. To gain a
better understanding of the limitations and potential risks, this paper
presents the first study on the robustness of diffusion models against backdoor
attacks. Specifically, we propose BadDiffusion, a novel attack framework that
engineers compromised diffusion processes during model training for backdoor
implantation. At the inference stage, the backdoored diffusion model will
behave just like an untampered generator for regular data inputs, while falsely
generating some targeted outcome designed by the bad actor upon receiving the
implanted trigger signal. Such a critical risk can be dreadful for downstream
tasks and applications built upon the problematic model. Our extensive
experiments on various backdoor attack settings show that BadDiffusion can
consistently lead to compromised diffusion models with high utility and target
specificity. Even worse, BadDiffusion can be made cost-effective by simply
finetuning a clean pre-trained diffusion model to implant backdoors. We also
explore some possible countermeasures for risk mitigation. Our results call
attention to potential risks and possible misuse of diffusion models
CARBEN: Composite Adversarial Robustness Benchmark
Prior literature on adversarial attack methods has mainly focused on
attacking with and defending against a single threat model, e.g., perturbations
bounded in Lp ball. However, multiple threat models can be combined into
composite perturbations. One such approach, composite adversarial attack (CAA),
not only expands the perturbable space of the image, but also may be overlooked
by current modes of robustness evaluation. This paper demonstrates how CAA's
attack order affects the resulting image, and provides real-time inferences of
different models, which will facilitate users' configuration of the parameters
of the attack level and their rapid evaluation of model prediction. A
leaderboard to benchmark adversarial robustness against CAA is also introduced.Comment: IJCAI 2022 Demo Track; The demonstration is at
https://hsiung.cc/CARBEN
Towards Compositional Adversarial Robustness: Generalizing Adversarial Training to Composite Semantic Perturbations
Model robustness against adversarial examples of single perturbation type
such as the -norm has been widely studied, yet its generalization to
more realistic scenarios involving multiple semantic perturbations and their
composition remains largely unexplored. In this paper, we first propose a novel
method for generating composite adversarial examples. Our method can find the
optimal attack composition by utilizing component-wise projected gradient
descent and automatic attack-order scheduling. We then propose generalized
adversarial training (GAT) to extend model robustness from -ball to
composite semantic perturbations, such as the combination of Hue, Saturation,
Brightness, Contrast, and Rotation. Results obtained using ImageNet and
CIFAR-10 datasets indicate that GAT can be robust not only to all the tested
types of a single attack, but also to any combination of such attacks. GAT also
outperforms baseline -norm bounded adversarial training
approaches by a significant margin
Quality assessment on Polygoni Multiflori Caulis using HPLC/UV/MS combined with principle component analysis
BACKGROUND: Polygoni Multiflori Caulis, the dried caulis of Polygonum multiflorum Thunb., is one of the commonly used traditional Chinese medicines having antioxidant, anti-obesity, anti-inflammatory and antibacterial effects. Polygoni Multiflori Caulis used clinically or circulated on market have great differences in their diameters. However, to the best of our knowledge, no study has been reported on the qualities of Polygoni Multiflori Caulis with different diameters. RESULTS: Systematic HPLC/UV/MS chromatographic fingerprinting and quantitative analytical methods combined with principal component analysis were developed and applied to analyze different Polygoni Multiflori Caulis samples. The contents of 2,3,5,4′-tetrahydroxystilbene-2-O-β-D-glucoside, the chemical marker for quality control on Polygoni Multiflori Caulis specified in Chinese Pharmacopoeia (2010 edition), were found to have surprising relevance with the samples’ diameters for the first time. CONCLUSION: The finding provides a scientific basis for collecting Polygoni Multiflori Caulis in the best time. Moreover, the diameter can be used as the criterion for quality control on Polygoni Multiflori Caulis as a preliminary step in the future. In addition, scores plot obtained from principal component analysis shows the obvious differences between unqualified Polygoni Multiflori Caulis samples and qualified ones visually, which can be used to single out the unqualified ones with qualified ones efficiently and immediately
NeuralFuse: Learning to Improve the Accuracy of Access-Limited Neural Network Inference in Low-Voltage Regimes
Deep neural networks (DNNs) have become ubiquitous in machine learning, but
their energy consumption remains a notable issue. Lowering the supply voltage
is an effective strategy for reducing energy consumption. However, aggressively
scaling down the supply voltage can lead to accuracy degradation due to random
bit flips in static random access memory (SRAM) where model parameters are
stored. To address this challenge, we introduce NeuralFuse, a novel add-on
module that addresses the accuracy-energy tradeoff in low-voltage regimes by
learning input transformations to generate error-resistant data
representations. NeuralFuse protects DNN accuracy in both nominal and
low-voltage scenarios. Moreover, NeuralFuse is easy to implement and can be
readily applied to DNNs with limited access, such as non-configurable hardware
or remote access to cloud-based APIs. Experimental results demonstrate that, at
a 1% bit error rate, NeuralFuse can reduce SRAM memory access energy by up to
24% while improving accuracy by up to 57%. To the best of our knowledge, this
is the first model-agnostic approach (i.e., no model retraining) to address
low-voltage-induced bit errors. The source code is available at
https://github.com/IBM/NeuralFuse
Temperature effects of Mach-Zehnder interferometer using a liquid crystal-filled fiber
We demonstrated a simple and cost-effective method to fabricate all fiber Mach-Zehnder interferometer (MZI) based on cascading a short section of liquid crystal (LC)-filled hollow-optic fiber (HOF) between two single mode fibers by using automatically splicing technique. The transmission spectra of the proposed MZI with different LC-infiltrated length were measured and the temperature-induced wavelength shifts of the interference fringes were recorded. Both blue shift and red shift were observed, depending the temperature range. Based on our experimental results, interference fringe was observed with a maximum interferometric contrast over 35dB. The temperature-induced resonant wavelength blue-shifts 70.4 nm for the MZI with an LC length of 9.79 mm and the wavelength temperature sensitivity of -1.55 nm/°C is easily achieved as the temperature increases from 25°C to 77°C
Analgesic and Anti-Inflammatory Activities of Methanol Extract of Ficus pumila L. in Mice
This study investigated possible analgesic and anti-inflammatory mechanisms of the methanol extract of Ficus pumila (FPMeOH). Analgesic effects were evaluated in two models including acetic acid-induced writhing response and formalin-induced paw licking. The results showed FPMeOH decreased writhing response in the acetic acid assay and licking time in the formalin test. The anti-inflammatory effect was evaluated by λ-carrageenan-induced mouse paw edema and histopathological analyses. FPMeOH significantly decreased the volume of paw edema induced by λ-carrageenan. Histopathologically, FPMeOH abated the level of tissue destruction and swelling of the edema paws. This study indicated anti-inflammatory mechanism of FPMeOH may be due to declined levels of NO and MDA in the edema paw through increasing the activities of SOD, GPx, and GRd in the liver. Additionally, FPMeOH also decreased the level of inflammatory mediators such as IL-1β, TNF-α, and COX-2. HPLC fingerprint was established and the contents of three active ingredients, rutin, luteolin, and apigenin, were quantitatively determined. This study provided evidence for the classical treatment of Ficus pumila in inflammatory diseases
False Data Injection Attack on Atmospheric Electric Field in Thunderstorm Warning
Thunderstorm warning plays an important role in lightning prevention and disaster mitigation. In practical applications, thunderstorm warning system is also vulnerable to attacks, such as False Data Injection Attack (FDIA). However, there is a lack of research on False Data Injection Attack for thunderstorm warning. Therefore, this paper put forwards a FDIA method based on principal component analysis (PCA) for atmospheric electric field (AEF), which is usually used for thunderstorm warning. In the FDIA scenario, the AEF-based thunderstorm warning algorithm is also introduced with electric field differential index (EFDI). Finally, experiments are conducted based on AEF data collected by an atmospheric electric field meter (AEFM) about the real thunderstorm. The experimental results show that FDIA seriously interferes with the results of the AEF-based thunderstorm warning
- …