187 research outputs found
Neural Polarizer: A Lightweight and Effective Backdoor Defense via Purifying Poisoned Features
Recent studies have demonstrated the susceptibility of deep neural networks
to backdoor attacks. Given a backdoored model, its prediction of a poisoned
sample with trigger will be dominated by the trigger information, though
trigger information and benign information coexist. Inspired by the mechanism
of the optical polarizer that a polarizer could pass light waves with
particular polarizations while filtering light waves with other polarizations,
we propose a novel backdoor defense method by inserting a learnable neural
polarizer into the backdoored model as an intermediate layer, in order to
purify the poisoned sample via filtering trigger information while maintaining
benign information. The neural polarizer is instantiated as one lightweight
linear transformation layer, which is learned through solving a well designed
bi-level optimization problem, based on a limited clean dataset. Compared to
other fine-tuning-based defense methods which often adjust all parameters of
the backdoored model, the proposed method only needs to learn one additional
layer, such that it is more efficient and requires less clean data. Extensive
experiments demonstrate the effectiveness and efficiency of our method in
removing backdoors across various neural network architectures and datasets,
especially in the case of very limited clean data
Enhancing Fine-Tuning Based Backdoor Defense with Sharpness-Aware Minimization
Backdoor defense, which aims to detect or mitigate the effect of malicious
triggers introduced by attackers, is becoming increasingly critical for machine
learning security and integrity. Fine-tuning based on benign data is a natural
defense to erase the backdoor effect in a backdoored model. However, recent
studies show that, given limited benign data, vanilla fine-tuning has poor
defense performance. In this work, we provide a deep study of fine-tuning the
backdoored model from the neuron perspective and find that backdoorrelated
neurons fail to escape the local minimum in the fine-tuning process. Inspired
by observing that the backdoorrelated neurons often have larger norms, we
propose FTSAM, a novel backdoor defense paradigm that aims to shrink the norms
of backdoor-related neurons by incorporating sharpness-aware minimization with
fine-tuning. We demonstrate the effectiveness of our method on several
benchmark datasets and network architectures, where it achieves
state-of-the-art defense performance. Overall, our work provides a promising
avenue for improving the robustness of machine learning models against backdoor
attacks
Lookaround Optimizer: steps around, 1 step average
Weight Average (WA) is an active research topic due to its simplicity in
ensembling deep networks and the effectiveness in promoting generalization.
Existing weight average approaches, however, are often carried out along only
one training trajectory in a post-hoc manner (i.e., the weights are averaged
after the entire training process is finished), which significantly degrades
the diversity between networks and thus impairs the effectiveness in
ensembling. In this paper, inspired by weight average, we propose Lookaround, a
straightforward yet effective SGD-based optimizer leading to flatter minima
with better generalization. Specifically, Lookaround iterates two steps during
the whole training period: the around step and the average step. In each
iteration, 1) the around step starts from a common point and trains multiple
networks simultaneously, each on transformed data by a different data
augmentation, and 2) the average step averages these trained networks to get
the averaged network, which serves as the starting point for the next
iteration. The around step improves the functionality diversity while the
average step guarantees the weight locality of these networks during the whole
training, which is essential for WA to work. We theoretically explain the
superiority of Lookaround by convergence analysis, and make extensive
experiments to evaluate Lookaround on popular benchmarks including CIFAR and
ImageNet with both CNNs and ViTs, demonstrating clear superiority over
state-of-the-arts. Our code is available at
https://github.com/Ardcy/Lookaround.Comment: 18 pages, 9 figure
BadCLIP: Dual-Embedding Guided Backdoor Attack on Multimodal Contrastive Learning
Studying backdoor attacks is valuable for model copyright protection and
enhancing defenses. While existing backdoor attacks have successfully infected
multimodal contrastive learning models such as CLIP, they can be easily
countered by specialized backdoor defenses for MCL models. This paper reveals
the threats in this practical scenario that backdoor attacks can remain
effective even after defenses and introduces the \emph{\toolns} attack, which
is resistant to backdoor detection and model fine-tuning defenses. To achieve
this, we draw motivations from the perspective of the Bayesian rule and propose
a dual-embedding guided framework for backdoor attacks. Specifically, we ensure
that visual trigger patterns approximate the textual target semantics in the
embedding space, making it challenging to detect the subtle parameter
variations induced by backdoor learning on such natural trigger patterns.
Additionally, we optimize the visual trigger patterns to align the poisoned
samples with target vision features in order to hinder the backdoor unlearning
through clean fine-tuning. Extensive experiments demonstrate that our attack
significantly outperforms state-of-the-art baselines (+45.3% ASR) in the
presence of SoTA backdoor defenses, rendering these mitigation and detection
strategies virtually ineffective. Furthermore, our approach effectively attacks
some more rigorous scenarios like downstream tasks. We believe that this paper
raises awareness regarding the potential threats associated with the practical
application of multimodal contrastive learning and encourages the development
of more robust defense mechanisms.Comment: The paper lacks some work that needs to be cite
Rethinking Data Augmentation in Knowledge Distillation for Object Detection
Knowledge distillation (KD) has shown its effectiveness for object detection,
where it trains a compact object detector under the supervision of both AI
knowledge (teacher detector) and human knowledge (human expert). However,
existing studies treat the AI knowledge and human knowledge consistently and
adopt a uniform data augmentation strategy during learning, which would lead to
the biased learning of multi-scale objects and insufficient learning for the
teacher detector causing unsatisfactory distillation performance. To tackle
these problems, we propose the sample-specific data augmentation and
adversarial feature augmentation. Firstly, to mitigate the impact incurred by
multi-scale objects, we propose an adaptive data augmentation based on our
observations from the Fourier perspective. Secondly, we propose a feature
augmentation method based on adversarial examples for better mimicking AI
knowledge to make up for the insufficient information mining of the teacher
detector. Furthermore, our proposed method is unified and easily extended to
other KD methods. Extensive experiments demonstrate the effectiveness of our
framework and improve the performance of state-of-the-art methods in one-stage
and two-stage detectors, bringing at most 0.5 mAP gains.Comment: 8 pages, 5 figure
Contrastive Identity-Aware Learning for Multi-Agent Value Decomposition
Value Decomposition (VD) aims to deduce the contributions of agents for
decentralized policies in the presence of only global rewards, and has recently
emerged as a powerful credit assignment paradigm for tackling cooperative
Multi-Agent Reinforcement Learning (MARL) problems. One of the main challenges
in VD is to promote diverse behaviors among agents, while existing methods
directly encourage the diversity of learned agent networks with various
strategies. However, we argue that these dedicated designs for agent networks
are still limited by the indistinguishable VD network, leading to homogeneous
agent behaviors and thus downgrading the cooperation capability. In this paper,
we propose a novel Contrastive Identity-Aware learning (CIA) method, explicitly
boosting the credit-level distinguishability of the VD network to break the
bottleneck of multi-agent diversity. Specifically, our approach leverages
contrastive learning to maximize the mutual information between the temporal
credits and identity representations of different agents, encouraging the full
expressiveness of credit assignment and further the emergence of
individualities. The algorithm implementation of the proposed CIA module is
simple yet effective that can be readily incorporated into various VD
architectures. Experiments on the SMAC benchmarks and across different VD
backbones demonstrate that the proposed method yields results superior to the
state-of-the-art counterparts. Our code is available at
https://github.com/liushunyu/CIA
Impact of the National Reimbursement Drug List Negotiation Policy on Accessibility of Anticancer Drugs in China: An Interrupted Time Series Study
Objective: Since 2016, the Chinese government has been regularly implementing the National Reimbursement Drug List Negotiation (NRDLN) to improve the accessibility of drugs. In the second round of NRDLN in July 2017, 18 anticancer drugs were included. This study analyzed the impact of the NRDLN on the accessibility of these 18 anticancer drugs in China. Methods: National hospital procurement data were collected from 2015 to 2019. As measurements of drug accessibility, monthly average of drug availability or defined daily dose cost (DDDc) was calculated. Interrupted time series (ITS) analysis was employed to evaluate the impact of NRDLN on drug accessibility. Multilevel growth curve models were estimated for different drug categories, regions or levels of hospitals. Results: The overall availability of 18 anticancer drugs increased from about 10.5% in 2015 to slightly over 30% in 2019. The average DDDc dropped from 527.93 CNY in 2015 to 401.87 CNY in 2019, with a reduction of 23.88%. The implementation of NRDLN was associated with higher availability and lower costs for all 18 anticancer drugs. We found an increasing level in monthly drug availability (β2 = 2.1126), which ascended more sharply after the implementation of NRDLN (β3 = 0.3656). There was a decreasing level in DDDc before July 2017 (β2 = −108.7213), together with a significant decline in the slope associated with the implementation of NRDLN (β3 = −4.8332). Compared to Traditional Chinese Medicines, the availability of Western Medicines was higher and increased at a higher rate (β3 = 0.4165 vs. 0.1108). Drug availability experienced a larger instant and slope increase in western China compared to other regions, and in secondary hospitals than tertiary hospitals. Nevertheless, regional and hospital-level difference in the effect of NRDLN on DDDc were less evident. Conclusion: The implementation of NRDLN improves the availability and reduces the cost of some anticancer drugs in China. It contributes to promoting accessibility of anticancer drugs, as well as relieving regional or hospital-level disparities. However, there are still challenges to benefit more patients sufficiently and equally. It requires more policy efforts and collaborative policy combination
Acinetobacter baumannii: an evolving and cunning opponent
Acinetobacter baumannii is one of the most common multidrug-resistant pathogens causing nosocomial infections. The prevalence of multidrug-resistant A. baumannii infections is increasing because of several factors, including unregulated antibiotic use. A. baumannii drug resistance rate is high; in particular, its resistance rates for tigecycline and polymyxin—the drugs of last resort for extensively drug-resistant A. baumannii—has been increasing annually. Patients with a severe infection of extensively antibiotic-resistant A. baumannii demonstrate a high mortality rate along with a poor prognosis, which makes treating them challenging. Through carbapenem enzyme production and other relevant mechanisms, A. baumannii has rapidly acquired a strong resistance to carbapenem antibiotics—once considered a class of strong antibacterials for A. baumannii infection treatment. Therefore, understanding the resistance mechanism of A. baumannii is particularly crucial. This review summarizes mechanisms underlying common antimicrobial resistance in A. baumannii, particularly those underlying tigecycline and polymyxin resistance. This review will serve as a reference for reasonable antibiotic use at clinics, as well as new antibiotic development
«Conselho de amigo, aviso do céu»: contributos para a análise semântico-pragmática dos atos ilocutórios de conselho e de aviso em confronto com o de ameaça
Com base em exemplos de um corpus oral de Português Europeu, o presente texto discute a organização e funcionamento do ato ilocutório de conselho e de aviso, destacando as semelhanças e diferenças entre eles e os atos de discursos como ameaças e promessas, avisos hipotéticos e ameaças condicionais. Depois da análise das noções do “querer dizer NN” de Grice e de “uptake” de Austin, destacamos a importância da relação entre intenção e convenção na análise dos atos ilocutórios de Searle com o levantamento das regras que determinam os indicadores de força ilocutória. A interpretação dos valores ilocutórios na sequencialidade das intervenções destaca a relação entre práticas discursivas e figuração.info:eu-repo/semantics/publishedVersio
- …