Backdooring Neural Code Search

Reusing off-the-shelf code snippets from online repositories is a common practice, which significantly enhances the productivity of software developers. To find desired code snippets, developers resort to code search engines through natural language queries. Neural code search models are hence behind many such engines. These models are based on deep learning and gain substantial attention due to their impressive performance. However, the security aspect of these models is rarely studied. Particularly, an adversary can inject a backdoor in neural code search models, which return buggy or even vulnerable code with security/privacy issues. This may impact the downstream software (e.g., stock trading systems and autonomous driving) and cause financial loss and/or life-threatening incidents. In this paper, we demonstrate such attacks are feasible and can be quite stealthy. By simply modifying one variable/function name, the attacker can make buggy/vulnerable code rank in the top 11%. Our attack BADCODE features a special trigger generation and injection procedure, making the attack more effective and stealthy. The evaluation is conducted on two neural code search models and the results show our attack outperforms baselines by 60%. Our user study demonstrates that our attack is more stealthy than the baseline by two times based on the F1 score

Detecting Backdoors in Pre-trained Encoders

Self-supervised learning in computer vision trains on unlabeled data, such as images or (image, text) pairs, to obtain an image encoder that learns high-quality embeddings for input data. Emerging backdoor attacks towards encoders expose crucial vulnerabilities of self-supervised learning, since downstream classifiers (even further trained on clean data) may inherit backdoor behaviors from encoders. Existing backdoor detection methods mainly focus on supervised learning settings and cannot handle pre-trained encoders especially when input labels are not available. In this paper, we propose DECREE, the first backdoor detection approach for pre-trained encoders, requiring neither classifier headers nor input labels. We evaluate DECREE on over 400 encoders trojaned under 3 paradigms. We show the effectiveness of our method on image encoders pre-trained on ImageNet and OpenAI's CLIP 400 million image-text pairs. Our method consistently has a high detection accuracy even if we have only limited or no access to the pre-training dataset.Comment: Accepted at CVPR 2023. Code is available at https://github.com/GiantSeaweed/DECRE

The Efficacy and Safety of Shen Guo Lao Nian Granule for Common Cold of Qi-Deficiency Syndrome: Study Protocol for a Randomized, Double-Blind, Placebo-Controlled, Multicenter, Phase II Clinical Trial

Background. Common cold is one of the most frequently occurring illnesses in primary healthcare services and represents considerable disease burden. Common cold of Qi-deficiency syndrome (CCQDS) is an important but less addressed traditional Chinese medicine (TCM) pattern. We designed a protocol to explore the efficacy, safety, and optimal dose of Shen Guo Lao Nian Granule (SGLNG) for treating CCQDS. Methods/Design. This is a multicenter, randomized, double-blind, placebo-controlled, phase II clinical trial. A total of 240 eligible patients will be recruited from five centers. Patients are randomly assigned to high-dose group, middle-dose group, low-dose group, or control group in a 1 : 1 : 1 : 1 ratio. All drugs are required to be taken 3 times daily for 5 days with a 5-day follow-up period. Primary outcomes are duration of all symptoms, total score reduction on Jackson’s scale, and TCM symptoms scale. Secondary outcomes include every single TCM symptom duration and score reduction, TCM main symptoms disappearance rate, curative effects, and comparison between Jackson’s scale and TCM symptom scale. Ethics and Trial Registration. This study protocol was approved by the Ethics Committee of Clinical Trials and Biomedicine of West China Hospital of Sichuan University (number IRB-2014-12) and registered with the Chinese Clinical Trial Registry (ChiCTR-IPR-15006349)

Towards Feature Space Adversarial Attack by Style Perturbation

We propose a new adversarial attack to Deep Neural Networks for image classification. Different from most existing attacks that directly perturb input pixels, our attack focuses on perturbing abstract features, more specifically, features that denote styles, including interpretable styles such as vivid colors and sharp outlines, and uninterpretable ones. It induces model misclassification by injecting imperceptible style changes through an optimization procedure. We show that our attack can generate adversarial samples that are more natural-looking than the state-of-the-art unbounded attacks. The experiment also supports that existing pixel-space adversarial attack detection and defense techniques can hardly ensure robustness in the style-related feature space

Ethylene glycol production from glucose over W-Ru catalysts: Maximizing yield by kinetic modeling and simulation

The kinetics of glucose conversion to ethylene glycol (EG) in the presence of ammonium paratungstate and Ru/AC catalysts was studied to model and predict the reaction performance under a range of conditions. A mathematical model was established through the rational simplification of the reaction network on the basis of a continuous stirred-tank model. The kinetic data of six major reactions in the network were experimentally measured, and the analytical expressions of overall reaction kinetics were obtained by introducing the kinetic data to the model. Yields of EG, hexitols and gas were described as functions of the reaction temperature, the concentration of glucose in the feedstock and the feeding rate. The simulation results matched the experimental data of glucose conversion, demonstrating the validity of the model and method for studying the overall kinetics of glucose conversion to EG over W-Ru catalysts. (c) 2016 American Institute of Chemical Engineers AIChE J, 63: 2072-2080, 201

Retention and transport of PFOA and its fluorinated substitute, GenX, through water-saturated soil columns

Perfluoro-2-propoxypropanoic acid (GenX) has emerged as a substitute for perfluorooctanoic acid (PFOA) especially since PFOA was listed among the persistent organic pollutants (POPs) by the Stockholm Convention in 2019. However, limited knowledge exists regarding the behavior and mobility of GenX in natural soils hindering the prediction of its environmental fate. This study investigated the mobility and retention of GenX and PFOA in soils under batch and water-saturated flow-through conditions. Batch experiments revealed that GenX has a lower binding affinity to soil than longer-chained PFOA, potentially threatening groundwater resources. Unlike metal-oxides/minerals (ferrihydrite, gibbsite and manganese dioxide), biochar (BC) and activated carbon (AC) amendments significantly enhanced the sorption of both GenX and PFOA in soil. Sorption data on minerals and carbonaceous materials implied that for shorter-chained GenX, the predominant mode of sorption was through electrostatic (ionic) interactions, while for longer-chained PFOA, hydrophobic interactions became progressively more important with increasing chain length. The dynamic flow experiments demonstrated that these soil amendments enhanced the retention of both compounds, thereby decreasing their mobility. Simultaneous injection of both compounds into columns pre-loaded with either PFOA or GenX increased their retardation. GenX sorption was more affected by pre-sorbed PFOA compared to the minimal impact of pre-loaded GenX on PFOA sorption. A newly developed reactive transport model, which incorporates a two-site sorption model and accounts for kinetic-limited processes, accurately predicted the sorption and transport of both compounds in single and binary contamination systems. These findings have important implications for predicting and assessing the fate and mobility of per- and polyfluoroalkyl substances (PFAS) in soils and groundwaters