Model Inversion Attack via Dynamic Memory Learning

Model Inversion (MI) attacks aim to recover the private training data from the target model, which has raised security concerns about the deployment of DNNs in practice. Recent advances in generative adversarial models have rendered them particularly effective in MI attacks, primarily due to their ability to generate high-fidelity and perceptually realistic images that closely resemble the target data. In this work, we propose a novel Dynamic Memory Model Inversion Attack (DMMIA) to leverage historically learned knowledge, which interacts with samples (during the training) to induce diverse generations. DMMIA constructs two types of prototypes to inject the information about historically learned knowledge: Intra-class Multicentric Representation (IMR) representing target-related concepts by multiple learnable prototypes, and Inter-class Discriminative Representation (IDR) characterizing the memorized samples as learned prototypes to capture more privacy-related information. As a result, our DMMIA has a more informative representation, which brings more diverse and discriminative generated results. Experiments on multiple benchmarks show that DMMIA performs better than state-of-the-art MI attack methods

Robust Automatic Speech Recognition via WavAugment Guided Phoneme Adversarial Training

Developing a practically-robust automatic speech recognition (ASR) is challenging since the model should not only maintain the original performance on clean samples, but also achieve consistent efficacy under small volume perturbations and large domain shifts. To address this problem, we propose a novel WavAugment Guided Phoneme Adversarial Training (wapat). wapat use adversarial examples in phoneme space as augmentation to make the model invariant to minor fluctuations in phoneme representation and preserve the performance on clean samples. In addition, wapat utilizes the phoneme representation of augmented samples to guide the generation of adversaries, which helps to find more stable and diverse gradient-directions, resulting in improved generalization. Extensive experiments demonstrate the effectiveness of wapat on End-to-end Speech Challenge Benchmark (ESB). Notably, SpeechLM-wapat outperforms the original model by 6.28% WER reduction on ESB, achieving the new state-of-the-art

TransAudio: Towards the Transferable Adversarial Audio Attack via Learning Contextualized Perturbations

In a transfer-based attack against Automatic Speech Recognition (ASR) systems, attacks are unable to access the architecture and parameters of the target model. Existing attack methods are mostly investigated in voice assistant scenarios with restricted voice commands, prohibiting their applicability to more general ASR related applications. To tackle this challenge, we propose a novel contextualized attack with deletion, insertion, and substitution adversarial behaviors, namely TransAudio, which achieves arbitrary word-level attacks based on the proposed two-stage framework. To strengthen the attack transferability, we further introduce an audio score-matching optimization strategy to regularize the training process, which mitigates adversarial example over-fitting to the surrogate model. Extensive experiments and analysis demonstrate the effectiveness of TransAudio against open-source ASR models and commercial APIs

Enhance the Visual Representation via Discrete Adversarial Training

Adversarial Training (AT), which is commonly accepted as one of the most effective approaches defending against adversarial examples, can largely harm the standard performance, thus has limited usefulness on industrial-scale production and applications. Surprisingly, this phenomenon is totally opposite in Natural Language Processing (NLP) task, where AT can even benefit for generalization. We notice the merit of AT in NLP tasks could derive from the discrete and symbolic input space. For borrowing the advantage from NLP-style AT, we propose Discrete Adversarial Training (DAT). DAT leverages VQGAN to reform the image data to discrete text-like inputs, i.e. visual words. Then it minimizes the maximal risk on such discrete images with symbolic adversarial perturbations. We further give an explanation from the perspective of distribution to demonstrate the effectiveness of DAT. As a plug-and-play technique for enhancing the visual representation, DAT achieves significant improvement on multiple tasks including image classification, object detection and self-supervised learning. Especially, the model pre-trained with Masked Auto-Encoding (MAE) and fine-tuned by our DAT without extra data can get 31.40 mCE on ImageNet-C and 32.77% top-1 accuracy on Stylized-ImageNet, building the new state-of-the-art. The code will be available at https://github.com/alibaba/easyrobust.Comment: Accepted to NeurIPS 2022, https://github.com/alibaba/easyrobus

Keratometric measurements and IOL calculations in pseudophakic post-DSAEK patients

Abstract Background To compare different K readings in pseudophakic patients post-Descemet’s stripping automated endothelial keratoplasty (DSAEK) and evaluate corresponding prediction errors in intraocular lens (IOL) power calculations. Methods Subjects that underwent cataract surgery and DSAEK surgery at least 3 and 6 months prior, respectively, and IOL implantation in the capsular bag were included in this study. Manifest refraction and IOL information were recorded. A Scheimpflug keratometer (Pentacam) was used for corneal measurements, including the mean anterior and posterior radii of curvature, simulated keratometer (SimK), true net power (TNP), and equivalent K reading (EKR) at the 4.0-mm zone. Conventional keratometry was acquired using the IOLMaster (KMaster). The four K measurements were evaluated for calculating the predicted refraction. Results The study included 20 eyes from 19 subjects. The ratio of the posterior to the anterior corneal radius was 74.1 ± 3.24%. Comparison of the four keratometric methods (KMaster, SimK, EKR, and TNP) revealed statistically significant differences among all the methods besides KMaster and SimK. Of the four IOL calculation methods(KMaster, SimK, EKR and TNP method),the arithmetic prediction error of the KMaster, SimK, and EKR methods featured nonsignificant differences from zero(p = 0.07, 0.19 and 0.84 respectively); the EKR method calculated the highest percentage of eyes with IOLs within the prediction error. Conclusions IOL calculations in post-DSAEK eyes using KMaster, SimK, and EKR can yield small refractive errors after surgery. The EKR (4.0-mm diameter) method was found to be the most accurate

Digital Evaluation of Aroma Intensity and Odor Characteristics of Tea with Different Types—Based on OAV-Splitting Method

Aroma is one of the most important quality indicators of tea. However, this evaluation method is a subjective one. In this study, the volatiles of tea with 5 types were determined by headspace solid-phase micro-extraction (HS-SPME) combined with gas chromatography mass spectrometry (GC-MS). The aroma intensity and odor characteristics of teas were comparatively analyzed based on the OAV-splitting method. The results showed that OAV were green tea (492.02), red tea (471.88), oolong tea (302.74), white tea (68.10), and dark tea (55.98). The odor index I(o) indicated that green tea was strong-flavor tea with highlight green accompanied by fruity, woody and fatty odors; oolong tea was strong-flavor tea with fruity and fatty accompanied by woody, floral and green odors; red tea was strong-flavor tea with highlight fruity accompanied by woody, green and floral odors; white tea was a light-flavor tea with floral, woody and green odors; and dark tea was light-flavor tea with woody and floral notes accompanied by fatty and green odors. These results fitted perfectly with the people’s consensus on these teas, and proved that the OAV-splitting method is feasible to evaluate the aroma intensity and odor characteristics of tea aroma. We suggest that the digital evaluation of tea aroma can facilitate people’s communication

Towards Robust Vision Transformer

Recent advances on Vision Transformer (ViT) and its improved variants have shown that self-attention-based networks surpass traditional Convolutional Neural Networks (CNNs) in most vision tasks. However, existing ViTs focus on the standard accuracy and computation cost, lacking the investigation of the intrinsic influence on model robustness and generalization. In this work, we conduct systematic evaluation on components of ViTs in terms of their impact on robustness to adversarial examples, common corruptions and distribution shifts. We find some components can be harmful to robustness. By using and combining robust components as building blocks of ViTs, we propose Robust Vision Transformer (RVT), which is a new vision transformer and has superior performance with strong robustness. We further propose two new plug-and-play techniques called position-aware attention scaling and patch-wise augmentation to augment our RVT, which we abbreviate as RVT*. The experimental results on ImageNet and six robustness benchmarks show the advanced robustness and generalization ability of RVT compared with previous ViTs and state-of-the-art CNNs. Furthermore, RVT-S* also achieves Top-1 rank on multiple robustness leaderboards including ImageNet-C and ImageNet-Sketch. The code will be available at \url{https://github.com/alibaba/easyrobust}.Comment: Accepted to CVPR 2022, https://github.com/alibaba/easyrobus

Astragalus Polysaccharide Attenuated Iron Overload-Induced Dysfunction of Mesenchymal Stem Cells via Suppressing Mitochondrial ROS

Background/Aims: Bone marrow-derived mesenchymal stem cells (BMSCs) have the ability to differentiate into multilineage cells such as osteoblasts, chondrocytes, and cardiomyocytes. Dysfunction of BMSCs in response to pathological stimuli participates in the development of diseases such as osteoporosis. Astragalus polysaccharide (APS) is a major active ingredient of Astragalus membranaceus, a commonly used anti-aging herb in traditional Chinese medicine. The aim of this study was to investigate whether APS protects against iron overload-induced dysfunction of BMSCs and its underlying mechanisms. Methods: BMSCs were exposed to ferric ammonium citrate (FAC) with or without different concentrations of APS. The viability and proliferation of BMSCs were assessed by CCK-8 assay and EdU staining. Cell apoptosis, senescence and pluripotency were examined utilizing TUNEL staining, β-galactosidase staining and qRT-PCR respectively. The reactive oxygen species (ROS) level was assessed in BMSCs with a DCFH-DA probe and MitoSOX Red staining. Results: Firstly, we found that iron overload induced by FAC markedly reduced the viability and proliferation of BMSCs, but treatment with APS at 10, 30 and 100 μg/mL was able to counter the reduction of cell proliferation. Furthermore, exposure to FAC led to apoptosis and senescence in BMSCs, which were partially attenuated by APS. The pluripotent genes Nanog, Sox2 and Oct4 were shown to be downregulated in BMSCs after FAC treatment, however APS inhibited the reduction of Nanog, Sox2 and Oct4 expression. Further study uncovered that APS treatment abrogated the increase of intracellular and mitochondrial ROS level in FAC-treated BMSCs. Conclusion: Treatment of BMSCs with APS to impede mitochondrial ROS accumulation can remarkably inhibit apoptosis, senescence, and the reduction of proliferation and pluripotency of BMSCs caused by FAC-induced iron overload

Iron Homeostasis Determines Fate of Human Pluripotent Stem Cells Via Glycerophospholipids-Epigenetic Circuit.

10.1002/stem.2967Stem Cells374489-50

The novel norcantharidin derivative DCZ5417 suppresses multiple myeloma progression by targeting the TRIP13–MAPK–YWHAE signaling pathway

Abstract Background Multiple myeloma (MM), an incurable disease owing to drug resistance, requires safe and effective therapies. Norcantharidin (NCTD), an active ingredient in traditional Chinese medicines, possesses activity against different cancers. However, its toxicity and narrow treatment window limit its clinical application. In this study, we synthesized a series of derivatives of NCTD to address this. Among these compounds, DCZ5417 demonstrated the greatest anti-MM effect and fewest side effects. Its anti-myeloma effects and  the mechanism were further tested. Methods Molecular docking, pull-down, surface plasmon resonance-binding, cellular thermal shift, and ATPase assays were used to study the targets of DCZ5417. Bioinformatic, genetic, and pharmacological approaches were used to elucidate the mechanisms associated with DCZ5417 activity. Results We confirmed a highly potent interaction between DCZ5417 and TRIP13. DCZ5417 inhibited the ATPase activity of TRIP13, and its anti-MM activity was found to depend on TRIP13. A mechanistic study verified that DCZ5417 suppressed cell proliferation by targeting TRIP13, disturbing the TRIP13/YWHAE complex and inhibiting the ERK/MAPK signaling axis. DCZ5417 also showed a combined lethal effect with traditional anti-MM drugs. Furthermore, the tumor growth-inhibitory effect of DCZ5417 was demonstrated using in vivo tumor xenograft models. Conclusions DCZ5417 suppresses MM progression in vitro, in vivo, and in primary cells from drug-resistant patients, affecting cell proliferation by targeting TRIP13, destroying the TRIP13/YWHAE complex, and inhibiting ERK/MAPK signaling. These results imply a new and effective therapeutic strategy for MM treatment