Ethicist: Targeted Training Data Extraction Through Loss Smoothed Soft Prompting and Calibrated Confidence Estimation

Large pre-trained language models achieve impressive results across many tasks. However, recent works point out that pre-trained language models may memorize a considerable fraction of their training data, leading to the privacy risk of information leakage. In this paper, we propose a method named Ethicist for targeted training data extraction through loss smoothed soft prompting and calibrated confidence estimation, investigating how to recover the suffix in the training data when given a prefix. To elicit memorization in the attacked model, we tune soft prompt embeddings while keeping the model fixed. We further propose a smoothing loss that smooths the loss distribution of the suffix tokens to make it easier to sample the correct suffix. In order to select the most probable suffix from a collection of sampled suffixes and estimate the prediction confidence, we propose a calibrated confidence estimation method, which normalizes the confidence of the generated suffixes with a local estimation. We show that Ethicist significantly improves the extraction performance on a recently proposed public benchmark. We also investigate several factors influencing the data extraction performance, including decoding strategy, model scale, prefix length, and suffix length. Our code is available at https://github.com/thu-coai/Targeted-Data-Extraction.Comment: ACL 2023 Long Paper (Main Conference

Re3^3Dial: Retrieve, Reorganize and Rescale Dialogue Corpus for Long-Turn Open-Domain Dialogue Pre-training

Pre-training on large-scale open-domain dialogue data can substantially improve the performance of dialogue models. However, the pre-trained dialogue model's ability to utilize long-range context is limited due to the scarcity of long-turn dialogue sessions. Most dialogues in existing pre-training corpora contain fewer than three turns of dialogue. To alleviate this issue, we propose the Retrieve, Reorganize and Rescale framework (Re$^3$Dial), which can automatically construct billion-scale long-turn dialogues by reorganizing existing short-turn ones. Given a short-turn session, Re$^3$Dial first employs a session retriever to retrieve coherent consecutive sessions. To this end, we train the retriever to capture semantic and discourse relations within multi-turn dialogues through contrastive training. Next, Re$^3$Dial samples a session from retrieved results following a diversity sampling strategy, which is designed to penalize repetitive or generic sessions. A longer session is then derived by concatenating the original session and the sampled session. By repeating the above process, Re$^3$Dial can yield a coherent long-turn dialogue. Extensive experiments on multiple multi-turn dialogue benchmarks demonstrate that Re$^3$Dial significantly improves the dialogue model's ability to utilize long-range context and thus generate more sensible and informative responses. Finally, we build a toolkit for efficiently rescaling conversations with Re$^3$Dial, which enables us to construct a corpus containing 1B Chinese dialogue sessions with 11.3 turns on average (5$\times$ longer than the original corpus). Our retriever model, code, and data is publicly available at \url{https://github.com/thu-coai/Re3Dial}.Comment: EMNLP 2023 Main Coferenc

A Unified Security Model of Authenticated Key Exchange with Specific Adversarial Capabilities

The most widely accepted models in the security proofs of Authenticated Key Exchange protocols are the Canetti-Krawczyk and extended Canetti-Krawczyk models that admit different adversarial queries with ambiguities and incomparable strength. It is desirable to incorporate specific and powerful adversarial queries into a single unified security model and establish a more practical-oriented security notion. Concerning the security of one-round implicitly authenticated Diffie-Hellman key exchange protocols, we present a unified security model that has many advantages over the previous ones. In the model, a system environment is set up, all of adversarial queries are practically interpreted and definitely characterized through physical environment, and some rigorous rules of secret leakage are also specified. To demonstrate usability of our model, a new protocol based on the OAKE protocol is proposed, which satisfies the presented strong security notion and attains high efficiency. The protocol is proven secure in random oracle model under gap Diffie-Hellman assumption

Temporal Modeling Matters: A Novel Temporal Emotional Modeling Approach for Speech Emotion Recognition

Speech emotion recognition (SER) plays a vital role in improving the interactions between humans and machines by inferring human emotion and affective states from speech signals. Whereas recent works primarily focus on mining spatiotemporal information from hand-crafted features, we explore how to model the temporal patterns of speech emotions from dynamic temporal scales. Towards that goal, we introduce a novel temporal emotional modeling approach for SER, termed Temporal-aware bI-direction Multi-scale Network (TIM-Net), which learns multi-scale contextual affective representations from various time scales. Specifically, TIM-Net first employs temporal-aware blocks to learn temporal affective representation, then integrates complementary information from the past and the future to enrich contextual representations, and finally, fuses multiple time scale features for better adaptation to the emotional variation. Extensive experimental results on six benchmark SER datasets demonstrate the superior performance of TIM-Net, gaining 2.34% and 2.61% improvements of the average UAR and WAR over the second-best on each corpus. The source code is available at https://github.com/Jiaxin-Ye/TIM-Net_SER.Comment: Accepted by ICASSP 202

Unveiling the Implicit Toxicity in Large Language Models

The open-endedness of large language models (LLMs) combined with their impressive capabilities may lead to new safety issues when being exploited for malicious use. While recent studies primarily focus on probing toxic outputs that can be easily detected with existing toxicity classifiers, we show that LLMs can generate diverse implicit toxic outputs that are exceptionally difficult to detect via simply zero-shot prompting. Moreover, we propose a reinforcement learning (RL) based attacking method to further induce the implicit toxicity in LLMs. Specifically, we optimize the language model with a reward that prefers implicit toxic outputs to explicit toxic and non-toxic ones. Experiments on five widely-adopted toxicity classifiers demonstrate that the attack success rate can be significantly improved through RL fine-tuning. For instance, the RL-finetuned LLaMA-13B model achieves an attack success rate of 90.04% on BAD and 62.85% on Davinci003. Our findings suggest that LLMs pose a significant threat in generating undetectable implicit toxic outputs. We further show that fine-tuning toxicity classifiers on the annotated examples from our attacking method can effectively enhance their ability to detect LLM-generated implicit toxic language. The code is publicly available at https://github.com/thu-coai/Implicit-Toxicity.Comment: EMNLP 2023 Main Conferenc

Data-Driven Modeling with Experimental Augmentation for the Modulation Strategy of the Dual-Active-Bridge Converter

For the performance modeling of power converters, the mainstream approaches are essentially knowledge-based, suffering from heavy manpower burden and low modeling accuracy. Recent emerging data-driven techniques greatly relieve human reliance by automatic modeling from simulation data. However, model discrepancy may occur due to unmodeled parasitics, deficient thermal and magnetic models, unpredictable ambient conditions, etc. These inaccurate data-driven models based on pure simulation cannot represent the practical performance in physical world, hindering their applications in power converter modeling. To alleviate model discrepancy and improve accuracy in practice, this paper proposes a novel data-driven modeling with experimental augmentation (D2EA), leveraging both simulation data and experimental data. In D2EA, simulation data aims to establish basic functional landscape, and experimental data focuses on matching actual performance in real world. The D2EA approach is instantiated for the efficiency optimization of a hybrid modulation for neutral-point-clamped dual-active-bridge (NPC-DAB) converter. The proposed D2EA approach realizes 99.92% efficiency modeling accuracy, and its feasibility is comprehensively validated in 2-kW hardware experiments, where the peak efficiency of 98.45% is attained. Overall, D2EA is data-light and can achieve highly accurate and highly practical data-driven models in one shot, and it is scalable to other applications, effortlessly.Comment: 11 page

Chiral Recognition of Hydantoin Derivatives Enabled by Tetraaza Macrocyclic Chiral Solvating Agents using \u3csup\u3e1\u3c/sup\u3eH NMR Spectroscopy

Enantiomers of a series of hydantoin derivatives were prepared from d- and l-amino acids with p-tolyl isocyanate and 3,5-bis(trifluoromethyl)phenyl isocyanate as guests for chiral recognition by 1H NMR spectroscopy. Meanwhile, several tetraaza macrocyclic compounds were synthesized as chiral solvating agents from d-phenylalanine and (1S,2S)-(+)-1,2-diaminocyclohexane. An uncommon enantiomeric discrimination has been successfully established for hydantoin derivatives, representatives of five-membered N,N-heterocycles, in the presence of tetraaza macrocyclic chiral solvating agents (TAMCSAs) 1a-1c by means of 1H NMR spectroscopy. Several unprecedented nonequivalent chemical shifts (up to 1.309 ppm) were observed in the split 1H NMR spectra. To evaluate practical applications in the determination of enantiomeric excess (ee), the ee values of samples with different optical purities (up to 95% ee) were accurately calculated by the integration of relevant proton peaks. To better understand the chiral discriminating behavior, Job plots of (±)-G1 with TAMCSA 1a were investigated. Furthermore, in order to further explore any underlying intermolecular hydrogen bonding interactions, theoretical calculations of the enantiomers of (S)-G1 and (R)-G1 with TAMCSA 1a were performed by means of the hybrid density functional theory (B3LYP/6-31G*) of the Gaussian 16 program

Analysis of factors affecting the effectiveness of oil spill clean-up: A bayesian entwork approach

Ship-related marine oil spills pose a significant threat to the environment, and while it may not be possible to prevent such incidents entirely, effective clean-up efforts can minimize their impact on the environment. The success of these clean-up efforts is influenced by various factors, including accident-related factors such as the type of accident, location, and environmental weather conditions, as well as emergency response-related factors such as available resources and response actions. To improve targeted and effective responses to oil spills resulting from ship accidents and enhance oil spill emergency response methods, it is essential to understand the factors that affect their effectiveness. In this study, a data-driven Bayesian network (TAN) analysis approach was used with data from the U.S. Coast Guard (USCG) to identify the key accident-related factors that impact oil spill clean-up performance. The analysis found that the amount of discharge, severity, and the location of the accident are the most critical factors affecting the clean-up ratio. These findings are significant for emergency management and planning oil spill clean-up efforts.Postprint (published version