Model Inversion Attack via Dynamic Memory Learning

Model Inversion (MI) attacks aim to recover the private training data from the target model, which has raised security concerns about the deployment of DNNs in practice. Recent advances in generative adversarial models have rendered them particularly effective in MI attacks, primarily due to their ability to generate high-fidelity and perceptually realistic images that closely resemble the target data. In this work, we propose a novel Dynamic Memory Model Inversion Attack (DMMIA) to leverage historically learned knowledge, which interacts with samples (during the training) to induce diverse generations. DMMIA constructs two types of prototypes to inject the information about historically learned knowledge: Intra-class Multicentric Representation (IMR) representing target-related concepts by multiple learnable prototypes, and Inter-class Discriminative Representation (IDR) characterizing the memorized samples as learned prototypes to capture more privacy-related information. As a result, our DMMIA has a more informative representation, which brings more diverse and discriminative generated results. Experiments on multiple benchmarks show that DMMIA performs better than state-of-the-art MI attack methods

Robust Automatic Speech Recognition via WavAugment Guided Phoneme Adversarial Training

Developing a practically-robust automatic speech recognition (ASR) is challenging since the model should not only maintain the original performance on clean samples, but also achieve consistent efficacy under small volume perturbations and large domain shifts. To address this problem, we propose a novel WavAugment Guided Phoneme Adversarial Training (wapat). wapat use adversarial examples in phoneme space as augmentation to make the model invariant to minor fluctuations in phoneme representation and preserve the performance on clean samples. In addition, wapat utilizes the phoneme representation of augmented samples to guide the generation of adversaries, which helps to find more stable and diverse gradient-directions, resulting in improved generalization. Extensive experiments demonstrate the effectiveness of wapat on End-to-end Speech Challenge Benchmark (ESB). Notably, SpeechLM-wapat outperforms the original model by 6.28% WER reduction on ESB, achieving the new state-of-the-art

TransAudio: Towards the Transferable Adversarial Audio Attack via Learning Contextualized Perturbations

In a transfer-based attack against Automatic Speech Recognition (ASR) systems, attacks are unable to access the architecture and parameters of the target model. Existing attack methods are mostly investigated in voice assistant scenarios with restricted voice commands, prohibiting their applicability to more general ASR related applications. To tackle this challenge, we propose a novel contextualized attack with deletion, insertion, and substitution adversarial behaviors, namely TransAudio, which achieves arbitrary word-level attacks based on the proposed two-stage framework. To strengthen the attack transferability, we further introduce an audio score-matching optimization strategy to regularize the training process, which mitigates adversarial example over-fitting to the surrogate model. Extensive experiments and analysis demonstrate the effectiveness of TransAudio against open-source ASR models and commercial APIs

Topological optimization of hybrid quantum key distribution networks

With the growing complexity of quantum key distribution (QKD) network structures, aforehand topology design is of great significance to support a large-number of nodes over a large-spatial area. However, the exclusivity of quantum channels, the limitation of key generation capabilities, the variety of QKD protocols and the necessity of untrusted-relay selection, make the optimal topology design a very complicated task. In this research, a hybrid QKD network is studied for the first time from the perspective of topology, by analyzing the topological differences of various QKD protocols. In addition, to make full use of hybrid networking, an analytical model for optimal topology calculation is proposed, to reach the goal of best secure communication service by optimizing the deployment of various QKD devices and the selection of untrusted-relays under a given cost limit. Plentiful simulation results show that hybrid networking and untrusted-relay selection can bring great performance advantages, and then the universality and effectiveness of the proposed analytical model are verified.Comment: 12 pages, 4 figure

Traditional Chinese Herb Combined with Surgery versus Surgery for Varicocele Infertility: A Systematic Review and Meta-Analysis

Objective. The objective of this study was to conduct a systematic review to assess the effectiveness and safety of traditional Chinese herb combined with surgery for male varicocele infertility compared to surgery. Methods. Randomized controlled trials (RCTs) data of traditional Chinese herbs combined with surgery for male varicocele fertility versus surgery were collected by searching the Cochrane Library, Embase, PubMed, and Chinese databases. The risk of bias was assessed using Cochrane Handbook. Study outcomes were presented as risk ratios (RRs) for dichotomous data. Results. Seventeen of 72 potentially relevant trials met the inclusion criteria. The methodological qualities of the RCTs were low. Compared with the surgery group, the traditional Chinese herb combined with surgery group had superiority in pregnancy rate at 3-month (RR=1.76, and P=0.008), 6-month (RR=1.58, and P=0.0005), and 2-year (RR=1.58, and P=0.0005) follow-ups. No RCT was found to describe the side effects. Conclusion. On considering the low methodological quality of RCTs, there was no enough evidence on traditional Chinese herb with surgery for male varicocele infertility, and more high-quality RCTs of large sample sizes are required

Enhance the Visual Representation via Discrete Adversarial Training

Adversarial Training (AT), which is commonly accepted as one of the most effective approaches defending against adversarial examples, can largely harm the standard performance, thus has limited usefulness on industrial-scale production and applications. Surprisingly, this phenomenon is totally opposite in Natural Language Processing (NLP) task, where AT can even benefit for generalization. We notice the merit of AT in NLP tasks could derive from the discrete and symbolic input space. For borrowing the advantage from NLP-style AT, we propose Discrete Adversarial Training (DAT). DAT leverages VQGAN to reform the image data to discrete text-like inputs, i.e. visual words. Then it minimizes the maximal risk on such discrete images with symbolic adversarial perturbations. We further give an explanation from the perspective of distribution to demonstrate the effectiveness of DAT. As a plug-and-play technique for enhancing the visual representation, DAT achieves significant improvement on multiple tasks including image classification, object detection and self-supervised learning. Especially, the model pre-trained with Masked Auto-Encoding (MAE) and fine-tuned by our DAT without extra data can get 31.40 mCE on ImageNet-C and 32.77% top-1 accuracy on Stylized-ImageNet, building the new state-of-the-art. The code will be available at https://github.com/alibaba/easyrobust.Comment: Accepted to NeurIPS 2022, https://github.com/alibaba/easyrobus

3,3′-[(tert-Butoxy­carbon­yl)aza­nedi­yl]dipropanoic acid

The title compound, C11H19NO6, is an important inter­mediate for the synthesis of cephalosporin derivatives. The N atom is in a planar configuration. In the crystal, mol­ecules are linked into zigzag layers parallel to (100) by O—H⋯O hydrogen bonds

Adjuvant TACE may not improve recurrence-free or overall survival in HCC patients with low risk of recurrence after hepatectomy

BackgroundTo identify whether adjuvant transarterial chemoembolization (TACE) can improve prognosis in HCC patients with a low risk of recurrence (tumor size ≤ 5 cm, single nodule, no satellites, and no microvascular or macrovascular invasions) after hepatectomy.MethodsThe data of 489 HCC patients with a low risk of recurrence after hepatectomy from Shanghai Cancer Center (SHCC) and Eastern Hepatobiliary Surgery Hospital (EHBH) were retrospectively reviewed. Recurrence-free survival (RFS) and overall survival (OS) were analyzed with Kaplan-Meier curves and Cox proportional hazards regression models. The effects of selection bias and confounding factors were balanced using propensity score matching (PSM).ResultsIn the SHCC cohort, 40 patients (19.9%, 40/201) received adjuvant TACE, and in the EHBH cohort, 113 patients (46.2%, 133/288) received adjuvant TACE. Compared to the patients without adjuvant TACE after hepatectomy, patients receiving adjuvant TACE had significantly shorter RFS (P=0.022; P=0.014) in both cohorts before PSM. However, no significant difference existed in OS (P=0.568; P=0.082). Multivariate analysis revealed that serum alkaline phosphatase and adjuvant TACE were independent prognostic factors for recurrence in both cohorts. Furthermore, significant differences existed in tumor size between the adjuvant TACE and non-adjuvant TACE groups in the SHCC cohort. There were differences in transfusion, Barcelona Clinic Liver Cancer stage and tumor-node-metastasis stage in the EHBH cohort. These factors were balanced by PSM. After PSM, patients with adjuvant TACE after hepatectomy still had significantly shorter RFS than those without (P=0.035; P=0.035) in both cohorts, but there was no difference in OS (P=0.638; P=0.159). Adjuvant TACE was the only independent prognostic factor for recurrence in multivariate analysis, with hazard ratios of 1.95 and 1.57.ConclusionsAdjuvant TACE may not improve long-term survival and might promote postoperative recurrence in HCC patients with a low risk of recurrence after hepatectomy