Boosting Transferability of Targeted Adversarial Examples via Hierarchical Generative Networks

Transfer-based adversarial attacks can effectively evaluate model robustness in the black-box setting. Though several methods have demonstrated impressive transferability of untargeted adversarial examples, targeted adversarial transferability is still challenging. The existing methods either have low targeted transferability or sacrifice computational efficiency. In this paper, we develop a simple yet practical framework to efficiently craft targeted transfer-based adversarial examples. Specifically, we propose a conditional generative attacking model, which can generate the adversarial examples targeted at different classes by simply altering the class embedding and share a single backbone. Extensive experiments demonstrate that our method improves the success rates of targeted black-box attacks by a significant margin over the existing methods -- it reaches an average success rate of 29.6\% against six diverse models based only on one substitute white-box model in the standard testing of NeurIPS 2017 competition, which outperforms the state-of-the-art gradient-based attack methods (with an average success rate of $<$2\%) by a large margin. Moreover, the proposed method is also more efficient beyond an order of magnitude than gradient-based methods

Crystal Structure Manipulation of the Exchange Bias in an Antiferromagnetic Film

Exchange bias is one of the most extensively studied phenomena in magnetism, since it exerts a unidirectional anisotropy to a ferromagnet (FM) when coupled to an antiferromagnet (AFM) and the control of the exchange bias is therefore very important for technological applications, such as magnetic random access memory and giant magnetoresistance sensors. In this letter, we report the crystal structure manipulation of the exchange bias in epitaxial hcp Cr2O3 films. By epitaxially growing twined (10-10) oriented Cr2O3 thin films, of which the c axis and spins of the Cr atoms lie in the film plane, we demonstrate that the exchange bias between Cr2O3 and an adjacent permalloy layer is tuned to in-plane from out-of-plane that has been observed in (0001) oriented Cr2O3 films. This is owing to the collinear exchange coupling between the spins of the Cr atoms and the adjacent FM layer. Such a highly anisotropic exchange bias phenomenon is not possible in polycrystalline films.Comment: To be published in Scientific Reports, 12 pages, 6 figure

Differentially Private Learning with Per-Sample Adaptive Clipping

Privacy in AI remains a topic that draws attention from researchers and the general public in recent years. As one way to implement privacy-preserving AI, differentially private learning is a framework that enables AI models to use differential privacy (DP). To achieve DP in the learning process, existing algorithms typically limit the magnitude of gradients with a constant clipping, which requires carefully tuned due to its significant impact on model performance. As a solution to this issue, latest works NSGD and Auto-S innovatively propose to use normalization instead of clipping to avoid hyperparameter tuning. However, normalization-based approaches like NSGD and Auto-S rely on a monotonic weight function, which imposes excessive weight on small gradient samples and introduces extra deviation to the update. In this paper, we propose a Differentially Private Per-Sample Adaptive Clipping (DP-PSAC) algorithm based on a non-monotonic adaptive weight function, which guarantees privacy without the typical hyperparameter tuning process of using a constant clipping while significantly reducing the deviation between the update and true batch-averaged gradient. We provide a rigorous theoretical convergence analysis and show that with convergence rate at the same order, the proposed algorithm achieves a lower non-vanishing bound, which is maintained over training iterations, compared with NSGD/Auto-S. In addition, through extensive experimental evaluation, we show that DP-PSAC outperforms or matches the state-of-the-art methods on multiple main-stream vision and language tasks.Comment: To appear in AAAI 2023, Revised acknowledgments and citation