ESTAS: Effective and Stable Trojan Attacks in Self-supervised Encoders with One Target Unlabelled Sample

Emerging self-supervised learning (SSL) has become a popular image representation encoding method to obviate the reliance on labeled data and learn rich representations from large-scale, ubiquitous unlabelled data. Then one can train a downstream classifier on top of the pre-trained SSL image encoder with few or no labeled downstream data. Although extensive works show that SSL has achieved remarkable and competitive performance on different downstream tasks, its security concerns, e.g, Trojan attacks in SSL encoders, are still not well-studied. In this work, we present a novel Trojan Attack method, denoted by ESTAS, that can enable an effective and stable attack in SSL encoders with only one target unlabeled sample. In particular, we propose consistent trigger poisoning and cascade optimization in ESTAS to improve attack efficacy and model accuracy, and eliminate the expensive target-class data sample extraction from large-scale disordered unlabelled data. Our substantial experiments on multiple datasets show that ESTAS stably achieves > 99% attacks success rate (ASR) with one target-class sample. Compared to prior works, ESTAS attains > 30% ASR increase and > 8.3% accuracy improvement on average.Comment: 10 pages, 7 figures, 6 table

Fault diagnosis for PV arrays considering dust impact based on transformed graphical feature of characteristic curves and convolutional neural network with CBAM modules

Various faults can occur during the operation of PV arrays, and both the dust-affected operating conditions and various diode configurations make the faults more complicated. However, current methods for fault diagnosis based on I-V characteristic curves only utilize partial feature information and often rely on calibrating the field characteristic curves to standard test conditions (STC). It is difficult to apply it in practice and to accurately identify multiple complex faults with similarities in different blocking diodes configurations of PV arrays under the influence of dust. Therefore, a novel fault diagnosis method for PV arrays considering dust impact is proposed. In the preprocessing stage, the Isc-Voc normalized Gramian angular difference field (GADF) method is presented, which normalizes and transforms the resampled PV array characteristic curves from the field including I-V and P-V to obtain the transformed graphical feature matrices. Then, in the fault diagnosis stage, the model of convolutional neural network (CNN) with convolutional block attention modules (CBAM) is designed to extract fault differentiation information from the transformed graphical matrices containing full feature information and to classify faults. And different graphical feature transformation methods are compared through simulation cases, and different CNN-based classification methods are also analyzed. The results indicate that the developed method for PV arrays with different blocking diodes configurations under various operating conditions has high fault diagnosis accuracy and reliability

Identifying Crypto Addresses with Gambling Behaviors: A Graph Neural Network Approach

The development of blockchain technology has brought prosperity to the cryptocurrency market and has made the blockchain platform a hotbed of crimes. As one of the most rampant crimes, crypto gambling has more high risk of illegal activities due to the lack of regulation. As a result, identifying crypto addresses with gambling behaviors has emerged as a significant research topic. In this work, we propose a novel detection approach based on Graph Neural Networks named CGDetector, consisting of Graph Construction, Subgraph Extractor, Statistical Feature Extraction, and Gambling Address Classification. Extensive experiments of large-scale and heterogeneous Ethereum transaction data are implemented to demonstrate that our proposed approach outperforms state-of-the-art address classifiers of traditional machine learning methods. This work makes the first attempt to detect suspicious crypto gambling addresses via Graph Neural Networks by all EVM-compatible blockchain systems, providing new insights into the field of cryptocurrency crime detection and blockchain security regulation

PAGE: Equilibrate Personalization and Generalization in Federated Learning

Federated learning (FL) is becoming a major driving force behind machine learning as a service, where customers (clients) collaboratively benefit from shared local updates under the orchestration of the service provider (server). Representing clients' current demands and the server's future demand, local model personalization and global model generalization are separately investigated, as the ill-effects of data heterogeneity enforce the community to focus on one over the other. However, these two seemingly competing goals are of equal importance rather than black and white issues, and should be achieved simultaneously. In this paper, we propose the first algorithm to balance personalization and generalization on top of game theory, dubbed PAGE, which reshapes FL as a co-opetition game between clients and the server. To explore the equilibrium, PAGE further formulates the game as Markov decision processes, and leverages the reinforcement learning algorithm, which simplifies the solving complexity. Extensive experiments on four widespread datasets show that PAGE outperforms state-of-the-art FL baselines in terms of global and local prediction accuracy simultaneously, and the accuracy can be improved by up to 35.20% and 39.91%, respectively. In addition, biased variants of PAGE imply promising adaptiveness to demand shifts in practice

Elevated serum miR-133a predicts patients at risk of periprocedural myocardial injury after elective percutaneous coronary intervention

Background: Periprocedural myocardial injury (PMI) is a frequent complication of percutaneous coronary intervention (PCI) associated with poor prognosis. However, no effective method has been found to identify patients at risk of PMI before the procedure. MicroRNA-133a (miR-133a) has been reported as a novel biomarker in various cardiovascular diseases. Herein, it was sought to determine whether circulating miR-133a could predict PMI before the procedure. Methods: Eighty patients with negative preoperative values of cardiac troponin T (cTnT) receiving elective PCI for stable coronary artery disease (CAD) were recruited. Venous serum samples were collected on admission and within 16–24 hours post-PCI for miRNA measurements. PMI was defined as a cTnT value above the 99% upper reference limit (URL) after the procedure. The association between miR-133a and PMI was further assessed. Results: Periprocedural myocardial injury occurred in 48 patients. The circulating level of miR-133a was significantly higher in patients with PMI before and after the procedure (both p < 0.001). Receiver operating characteristic curve analysis of the preoperative miR-133a level revealed an area under the curve (AUC) of 0.891, with a sensitivity of 93.8% and a specificity of 71.9% to predict PMI. Additionally, a decrease was found in fibroblast growth factor receptor 1 (FGFR1) in parallel with an increase in miR-133a levels in patients with PMI. Conclusions: This study demonstrates for the first time that serum miR-133a can be used as a novel biomarker for early identification of stable CAD patients at risk of PMI undergoing elective PCI. The miR-133a-FGFR1 axis may be involved in the pathogenesis of PMI

Audit and Improve Robustness of Private Neural Networks on Encrypted Data

Performing neural network inference on encrypted data without decryption is one popular method to enable privacy-preserving neural networks (PNet) as a service. Compared with regular neural networks deployed for machine-learning-as-a-service, PNet requires additional encoding, e.g., quantized-precision numbers, and polynomial activation. Encrypted input also introduces novel challenges such as adversarial robustness and security. To the best of our knowledge, we are the first to study questions including (i) Whether PNet is more robust against adversarial inputs than regular neural networks? (ii) How to design a robust PNet given the encrypted input without decryption? We propose PNet-Attack to generate black-box adversarial examples that can successfully attack PNet in both target and untarget manners. The attack results show that PNet robustness against adversarial inputs needs to be improved. This is not a trivial task because the PNet model owner does not have access to the plaintext of the input values, which prevents the application of existing detection and defense methods such as input tuning, model normalization, and adversarial training. To tackle this challenge, we propose a new fast and accurate noise insertion method, called RPNet, to design Robust and Private Neural Networks. Our comprehensive experiments show that PNet-Attack reduces at least $2.5\times$ queries than prior works. We theoretically analyze our RPNet methods and demonstrate that RPNet can decrease $\sim 91.88\%$ attack success rate.Comment: 10 pages, 10 figure

ProRes: Exploring Degradation-aware Visual Prompt for Universal Image Restoration

Image restoration aims to reconstruct degraded images, e.g., denoising or deblurring. Existing works focus on designing task-specific methods and there are inadequate attempts at universal methods. However, simply unifying multiple tasks into one universal architecture suffers from uncontrollable and undesired predictions. To address those issues, we explore prompt learning in universal architectures for image restoration tasks. In this paper, we present Degradation-aware Visual Prompts, which encode various types of image degradation, e.g., noise and blur, into unified visual prompts. These degradation-aware prompts provide control over image processing and allow weighted combinations for customized image restoration. We then leverage degradation-aware visual prompts to establish a controllable and universal model for image restoration, called ProRes, which is applicable to an extensive range of image restoration tasks. ProRes leverages the vanilla Vision Transformer (ViT) without any task-specific designs. Furthermore, the pre-trained ProRes can easily adapt to new tasks through efficient prompt tuning with only a few images. Without bells and whistles, ProRes achieves competitive performance compared to task-specific methods and experiments can demonstrate its ability for controllable restoration and adaptation for new tasks. The code and models will be released in \url{https://github.com/leonmakise/ProRes}