DeceptPrompt: Exploiting LLM-driven Code Generation via Adversarial Natural Language Instructions

With the advancement of Large Language Models (LLMs), significant progress has been made in code generation, enabling LLMs to transform natural language into programming code. These Code LLMs have been widely accepted by massive users and organizations. However, a dangerous nature is hidden in the code, which is the existence of fatal vulnerabilities. While some LLM providers have attempted to address these issues by aligning with human guidance, these efforts fall short of making Code LLMs practical and robust. Without a deep understanding of the performance of the LLMs under the practical worst cases, it would be concerning to apply them to various real-world applications. In this paper, we answer the critical issue: Are existing Code LLMs immune to generating vulnerable code? If not, what is the possible maximum severity of this issue in practical deployment scenarios? In this paper, we introduce DeceptPrompt, a novel algorithm that can generate adversarial natural language instructions that drive the Code LLMs to generate functionality correct code with vulnerabilities. DeceptPrompt is achieved through a systematic evolution-based algorithm with a fine grain loss design. The unique advantage of DeceptPrompt enables us to find natural prefix/suffix with totally benign and non-directional semantic meaning, meanwhile, having great power in inducing the Code LLMs to generate vulnerable code. This feature can enable us to conduct the almost-worstcase red-teaming on these LLMs in a real scenario, where users are using natural language. Our extensive experiments and analyses on DeceptPrompt not only validate the effectiveness of our approach but also shed light on the huge weakness of LLMs in the code generation task. When applying the optimized prefix/suffix, the attack success rate (ASR) will improve by average 50% compared with no prefix/suffix applying

AdaShield: Safeguarding Multimodal Large Language Models from Structure-based Attack via Adaptive Shield Prompting

With the advent and widespread deployment of Multimodal Large Language Models (MLLMs), the imperative to ensure their safety has become increasingly pronounced. However, with the integration of additional modalities, MLLMs are exposed to new vulnerabilities, rendering them prone to structured-based jailbreak attacks, where semantic content (e.g., "harmful text") has been injected into the images to mislead MLLMs. In this work, we aim to defend against such threats. Specifically, we propose \textbf{Ada}ptive \textbf{Shield} Prompting (\textbf{AdaShield}), which prepends inputs with defense prompts to defend MLLMs against structure-based jailbreak attacks without fine-tuning MLLMs or training additional modules (e.g., post-stage content detector). Initially, we present a manually designed static defense prompt, which thoroughly examines the image and instruction content step by step and specifies response methods to malicious queries. Furthermore, we introduce an adaptive auto-refinement framework, consisting of a target MLLM and a LLM-based defense prompt generator (Defender). These components collaboratively and iteratively communicate to generate a defense prompt. Extensive experiments on the popular structure-based jailbreak attacks and benign datasets show that our methods can consistently improve MLLMs' robustness against structure-based jailbreak attacks without compromising the model's general capabilities evaluated on standard benign tasks. Our code is available at https://github.com/rain305f/AdaShield.Comment: Multimodal Large Language Models Defense, 25 Page

Detecting Backdoors During the Inference Stage Based on Corruption Robustness Consistency

Deep neural networks are proven to be vulnerable to backdoor attacks. Detecting the trigger samples during the inference stage, i.e., the test-time trigger sample detection, can prevent the backdoor from being triggered. However, existing detection methods often require the defenders to have high accessibility to victim models, extra clean data, or knowledge about the appearance of backdoor triggers, limiting their practicality. In this paper, we propose the test-time corruption robustness consistency evaluation (TeCo), a novel test-time trigger sample detection method that only needs the hard-label outputs of the victim models without any extra information. Our journey begins with the intriguing observation that the backdoor-infected models have similar performance across different image corruptions for the clean images, but perform discrepantly for the trigger samples. Based on this phenomenon, we design TeCo to evaluate test-time robustness consistency by calculating the deviation of severity that leads to predictions' transition across different corruptions. Extensive experiments demonstrate that compared with state-of-the-art defenses, which even require either certain information about the trigger types or accessibility of clean data, TeCo outperforms them on different backdoor attacks, datasets, and model architectures, enjoying a higher AUROC by 10% and 5 times of stability.Comment: Accepted by CVPR2023. Code is available at https://github.com/CGCL-codes/TeC

Why Does Little Robustness Help? Understanding Adversarial Transferability From Surrogate Training

Adversarial examples (AEs) for DNNs have been shown to be transferable: AEs that successfully fool white-box surrogate models can also deceive other black-box models with different architectures. Although a bunch of empirical studies have provided guidance on generating highly transferable AEs, many of these findings lack explanations and even lead to inconsistent advice. In this paper, we take a further step towards understanding adversarial transferability, with a particular focus on surrogate aspects. Starting from the intriguing little robustness phenomenon, where models adversarially trained with mildly perturbed adversarial samples can serve as better surrogates, we attribute it to a trade-off between two predominant factors: model smoothness and gradient similarity. Our investigations focus on their joint effects, rather than their separate correlations with transferability. Through a series of theoretical and empirical analyses, we conjecture that the data distribution shift in adversarial training explains the degradation of gradient similarity. Building on these insights, we explore the impacts of data augmentation and gradient regularization on transferability and identify that the trade-off generally exists in the various training mechanisms, thus building a comprehensive blueprint for the regulation mechanism behind transferability. Finally, we provide a general route for constructing better surrogates to boost transferability which optimizes both model smoothness and gradient similarity simultaneously, e.g., the combination of input gradient regularization and sharpness-aware minimization (SAM), validated by extensive experiments. In summary, we call for attention to the united impacts of these two factors for launching effective transfer attacks, rather than optimizing one while ignoring the other, and emphasize the crucial role of manipulating surrogate models.Comment: Accepted by IEEE Symposium on Security and Privacy (Oakland) 2024; 21 pages, 11 figures, 13 table

Research on Integrated Guidance and Control of Distributed Cooperation of Multi-Interceptor with State Coupling

With the aim of achieving cooperative target interception by using multi-interceptor, a distributed cooperative control algorithm of the multi-interceptor with state coupling is proposed based on the IGC (integrated guidance and control) method. Considering the coupling relationship between the pitch and ya w channels, a state coupling “leader” IGC model is established, an FTDO (finite-time disturbance observer) is designed for estimating the unknown interference of the model, and the “leader” controller is designed according to the adaptive dynamic surface sliding-mode control law. Secondly, the cooperative control strategy of the multi-interceptor is designed with the “leader-follower” distributed network mode to obtain the speed in the three directions of the interceptor in air and transform them to the general flight speed, trajectory inclination angle, and trajectory deflection instruction by using the transformational relation of kinematics. Finally, the “follower” controller is designed with the FTDO and dynamic surface sliding-mode control. The designed multi-interceptor distributed cooperative IGC algorithm with state coupling has good stability according to the simulation results of two different communication topologies

Integrated Guidance and Control of Interceptor Missile Based on Asymmetric Barrier Lyapunov Function

In this study, a novel integrated guidance and control (IGC) algorithm based on an IGC method and the asymmetric barrier Lyapunov function is designed; this algorithm is designed for the interceptor missile which uses a direct-force/aerodynamic-force control scheme. First, by considering the coupling between the pitch and the yaw channels of the interceptor missile, an IGC model of these channels is established, and a time-varying gain extended state observer (TVGESO) is designed to estimate unknown interferences in the model. Second, by considering the system output constraint problem, an asymmetric barrier Lyapunov function and a dynamic surface sliding-mode control method are employed to design the control law of the pitch and yaw channels to obtain the desired control moments. Finally, in light of redundancy in such actuators as aerodynamic rudders and jet devices, a dynamic control allocation algorithm is designed to assign the desired control moments to the actuators. Moreover, the results of simulations show that the IGC algorithm based on the asymmetric barrier Lyapunov function for the interceptor missile allows the outputs to meet the constraints and improves the stability of the control system of the interceptor missile

Les "rebelles" de Hong Kong

Xiaogeng Liu, Bonnin Michel, Wen Wei Po. Les "rebelles" de Hong Kong. In: Perspectives chinoises, n°10, 1992. pp. 31-32

Research on the Impact of Agricultural Financial Support on Agricultural Carbon Compensation Rate

Based on the consideration of the dual attributes of agricultural carbon emission and carbon sink, this study measures the agricultural carbon compensation rate (ACCR) of 31 provinces in China from 2006 to 2019, the impact of agricultural financial support on ACCR and its transmission mechanism are empirically analyzed using a spatial econometric model and intermediary effect model. The results show that: (1) a significant spatial correlation between agricultural financial support and ACCR; (2) increased agricultural financial support is conducive to the improvement of ACCR; (3) agricultural financial support has the most significant effect on the ACCR in the eastern region; (4) the effect of agricultural financial support on ACCR has a spatial spillover effect but is not significant; (5) agricultural technological progress is the intermediary variable that agricultural financial support affecting ACCR. Therefore, it is suggested to promote agricultural emission reduction through collaboration, innovative financial support mechanisms, implementation of differentiated financial support strategies, exerting the radiation effect of financial support to agriculture, and pushing up the level of agricultural mechanization

Construction of green infrastructure in coal-resource based city: a case study in Xuzhou urban area

Abstract As an important coal-resource based city in eastern China, coal mining activities have greatly promoted economic development to Xuzhou while resulted in kinds of blocks for sustainable development. Subsidence areas caused by coal mining activities and rapid urbanization process led to the losing of ecological function and decreasing of landscape connectivity in the city. As the important life-support system, urban green infrastructure (GI as short) has great significance in improving human well-beings. Taking Xuzhou urban area as the study object, this paper proposed a green infrastructure construction method based on the principle of ecological priority. Firstly, key ecological patches were identified by GIS and RS methods. Secondly, we established corridors by minimum cost path model. Then, we built GI network and evaluated the ecological importance of different patches. Finally, by comparing the status of patches and coal mining subsidence areas, we proposed a framework for constructing GI network in Xuzhou urban area