87 research outputs found
Ishibashi States, Topological Orders with Boundaries and Topological Entanglement Entropy
In this paper, we study gapped edges/interfaces in a 2+1 dimensional bosonic
topological order and investigate how the topological entanglement entropy is
sensitive to them. We present a detailed analysis of the Ishibashi states
describing these edges/interfaces making use of the physics of anyon
condensation in the context of Abelian Chern-Simons theory, which is then
generalized to more non-Abelian theories whose edge RCFTs are known. Then we
apply these results to computing the entanglement entropy of different
topological orders. We consider cases where the system resides on a cylinder
with gapped boundaries and that the entanglement cut is parallel to the
boundary. We also consider cases where the entanglement cut coincides with the
interface on a cylinder. In either cases, we find that the topological
entanglement entropy is determined by the anyon condensation pattern that
characterizes the interface/boundary. We note that conditions are imposed on
some non-universal parameters in the edge theory to ensure existence of the
conformal interface, analogous to requiring rational ratios of radii of compact
bosons.Comment: 38 pages, 5 figure; Added referenc
ESTAS: Effective and Stable Trojan Attacks in Self-supervised Encoders with One Target Unlabelled Sample
Emerging self-supervised learning (SSL) has become a popular image
representation encoding method to obviate the reliance on labeled data and
learn rich representations from large-scale, ubiquitous unlabelled data. Then
one can train a downstream classifier on top of the pre-trained SSL image
encoder with few or no labeled downstream data. Although extensive works show
that SSL has achieved remarkable and competitive performance on different
downstream tasks, its security concerns, e.g, Trojan attacks in SSL encoders,
are still not well-studied. In this work, we present a novel Trojan Attack
method, denoted by ESTAS, that can enable an effective and stable attack in SSL
encoders with only one target unlabeled sample. In particular, we propose
consistent trigger poisoning and cascade optimization in ESTAS to improve
attack efficacy and model accuracy, and eliminate the expensive target-class
data sample extraction from large-scale disordered unlabelled data. Our
substantial experiments on multiple datasets show that ESTAS stably achieves >
99% attacks success rate (ASR) with one target-class sample. Compared to prior
works, ESTAS attains > 30% ASR increase and > 8.3% accuracy improvement on
average.Comment: 10 pages, 7 figures, 6 table
LayoutDiffusion: Improving Graphic Layout Generation by Discrete Diffusion Probabilistic Models
Creating graphic layouts is a fundamental step in graphic designs. In this
work, we present a novel generative model named LayoutDiffusion for automatic
layout generation. As layout is typically represented as a sequence of discrete
tokens, LayoutDiffusion models layout generation as a discrete denoising
diffusion process. It learns to reverse a mild forward process, in which
layouts become increasingly chaotic with the growth of forward steps and
layouts in the neighboring steps do not differ too much. Designing such a mild
forward process is however very challenging as layout has both categorical
attributes and ordinal attributes. To tackle the challenge, we summarize three
critical factors for achieving a mild forward process for the layout, i.e.,
legality, coordinate proximity and type disruption. Based on the factors, we
propose a block-wise transition matrix coupled with a piece-wise linear noise
schedule. Experiments on RICO and PubLayNet datasets show that LayoutDiffusion
outperforms state-of-the-art approaches significantly. Moreover, it enables two
conditional layout generation tasks in a plug-and-play manner without
re-training and achieves better performance than existing methods.Comment: Accepted by ICCV2023, project page: https://layoutdiffusion.github.i
Audit and Improve Robustness of Private Neural Networks on Encrypted Data
Performing neural network inference on encrypted data without decryption is
one popular method to enable privacy-preserving neural networks (PNet) as a
service. Compared with regular neural networks deployed for
machine-learning-as-a-service, PNet requires additional encoding, e.g.,
quantized-precision numbers, and polynomial activation. Encrypted input also
introduces novel challenges such as adversarial robustness and security. To the
best of our knowledge, we are the first to study questions including (i)
Whether PNet is more robust against adversarial inputs than regular neural
networks? (ii) How to design a robust PNet given the encrypted input without
decryption? We propose PNet-Attack to generate black-box adversarial examples
that can successfully attack PNet in both target and untarget manners. The
attack results show that PNet robustness against adversarial inputs needs to be
improved. This is not a trivial task because the PNet model owner does not have
access to the plaintext of the input values, which prevents the application of
existing detection and defense methods such as input tuning, model
normalization, and adversarial training. To tackle this challenge, we propose a
new fast and accurate noise insertion method, called RPNet, to design Robust
and Private Neural Networks. Our comprehensive experiments show that
PNet-Attack reduces at least queries than prior works. We
theoretically analyze our RPNet methods and demonstrate that RPNet can decrease
attack success rate.Comment: 10 pages, 10 figure
TrojLLM: A Black-box Trojan Prompt Attack on Large Language Models
Large Language Models (LLMs) are progressively being utilized as machine
learning services and interface tools for various applications. However, the
security implications of LLMs, particularly in relation to adversarial and
Trojan attacks, remain insufficiently examined. In this paper, we propose
TrojLLM, an automatic and black-box framework to effectively generate universal
and stealthy triggers. When these triggers are incorporated into the input
data, the LLMs' outputs can be maliciously manipulated. Moreover, the framework
also supports embedding Trojans within discrete prompts, enhancing the overall
effectiveness and precision of the triggers' attacks. Specifically, we propose
a trigger discovery algorithm for generating universal triggers for various
inputs by querying victim LLM-based APIs using few-shot data samples.
Furthermore, we introduce a novel progressive Trojan poisoning algorithm
designed to generate poisoned prompts that retain efficacy and transferability
across a diverse range of models. Our experiments and results demonstrate
TrojLLM's capacity to effectively insert Trojans into text prompts in
real-world black-box LLM APIs including GPT-3.5 and GPT-4, while maintaining
exceptional performance on clean test sets. Our work sheds light on the
potential security risks in current models and offers a potential defensive
approach. The source code of TrojLLM is available at
https://github.com/UCF-ML-Research/TrojLLM.Comment: Accepted by NeurIPS'2
SSL-Cleanse: Trojan Detection and Mitigation in Self-Supervised Learning
Self-supervised learning (SSL) is a prevalent approach for encoding data
representations. Using a pre-trained SSL image encoder and subsequently
training a downstream classifier, impressive performance can be achieved on
various tasks with very little labeled data. The growing adoption of SSL has
led to an increase in security research on SSL encoders and associated Trojan
attacks. Trojan attacks embedded in SSL encoders can operate covertly,
spreading across multiple users and devices. The presence of backdoor behavior
in Trojaned encoders can inadvertently be inherited by downstream classifiers,
making it even more difficult to detect and mitigate the threat. Although
current Trojan detection methods in supervised learning can potentially
safeguard SSL downstream classifiers, identifying and addressing triggers in
the SSL encoder before its widespread dissemination is a challenging task. This
challenge arises because downstream tasks might be unknown, dataset labels may
be unavailable, and the original unlbeled training dataset might be
inaccessible during Trojan detection in SSL encoders. We introduce SSL-Cleanse
as a solution to identify and mitigate backdoor threats in SSL encoders. We
evaluated SSL-Cleanse on various datasets using 1200 encoders, achieving an
average detection success rate of 82.2% on ImageNet-100. After mitigating
backdoors, on average, backdoored encoders achieve 0.3% attack success rate
without great accuracy loss, proving the effectiveness of SSL-Cleanse.Comment: 9 pages, 6 figures, 4 table
- …