118 research outputs found
Training with More Confidence: Mitigating Injected and Natural Backdoors During Training
The backdoor or Trojan attack is a severe threat to deep neural networks
(DNNs). Researchers find that DNNs trained on benign data and settings can also
learn backdoor behaviors, which is known as the natural backdoor. Existing
works on anti-backdoor learning are based on weak observations that the
backdoor and benign behaviors can differentiate during training. An adaptive
attack with slow poisoning can bypass such defenses. Moreover, these methods
cannot defend natural backdoors. We found the fundamental differences between
backdoor-related neurons and benign neurons: backdoor-related neurons form a
hyperplane as the classification surface across input domains of all affected
labels. By further analyzing the training process and model architectures, we
found that piece-wise linear functions cause this hyperplane surface. In this
paper, we design a novel training method that forces the training to avoid
generating such hyperplanes and thus remove the injected backdoors. Our
extensive experiments on five datasets against five state-of-the-art attacks
and also benign training show that our method can outperform existing
state-of-the-art defenses. On average, the ASR (attack success rate) of the
models trained with NONE is 54.83 times lower than undefended models under
standard poisoning backdoor attack and 1.75 times lower under the natural
backdoor attack. Our code is available at
https://github.com/RU-System-Software-and-Security/NONE
NOTABLE: Transferable Backdoor Attacks Against Prompt-based NLP Models
Prompt-based learning is vulnerable to backdoor attacks. Existing backdoor
attacks against prompt-based models consider injecting backdoors into the
entire embedding layers or word embedding vectors. Such attacks can be easily
affected by retraining on downstream tasks and with different prompting
strategies, limiting the transferability of backdoor attacks. In this work, we
propose transferable backdoor attacks against prompt-based models, called
NOTABLE, which is independent of downstream tasks and prompting strategies.
Specifically, NOTABLE injects backdoors into the encoders of PLMs by utilizing
an adaptive verbalizer to bind triggers to specific words (i.e., anchors). It
activates the backdoor by pasting input with triggers to reach
adversary-desired anchors, achieving independence from downstream tasks and
prompting strategies. We conduct experiments on six NLP tasks, three popular
models, and three prompting strategies. Empirical results show that NOTABLE
achieves superior attack performance (i.e., attack success rate over 90% on all
the datasets), and outperforms two state-of-the-art baselines. Evaluations on
three defenses show the robustness of NOTABLE. Our code can be found at
https://github.com/RU-System-Software-and-Security/Notable
Rethinking the Reverse-engineering of Trojan Triggers
Deep Neural Networks are vulnerable to Trojan (or backdoor) attacks.
Reverse-engineering methods can reconstruct the trigger and thus identify
affected models. Existing reverse-engineering methods only consider input space
constraints, e.g., trigger size in the input space. Expressly, they assume the
triggers are static patterns in the input space and fail to detect models with
feature space triggers such as image style transformations. We observe that
both input-space and feature-space Trojans are associated with feature space
hyperplanes. Based on this observation, we design a novel reverse-engineering
method that exploits the feature space constraint to reverse-engineer Trojan
triggers. Results on four datasets and seven different attacks demonstrate that
our solution effectively defends both input-space and feature-space Trojans. It
outperforms state-of-the-art reverse-engineering methods and other types of
defenses in both Trojaned model detection and mitigation tasks. On average, the
detection accuracy of our method is 93\%. For Trojan mitigation, our method can
reduce the ASR (attack success rate) to only 0.26\% with the BA (benign
accuracy) remaining nearly unchanged. Our code can be found at
https://github.com/RU-System-Software-and-Security/FeatureRE
Alteration-free and Model-agnostic Origin Attribution of Generated Images
Recently, there has been a growing attention in image generation models.
However, concerns have emerged regarding potential misuse and intellectual
property (IP) infringement associated with these models. Therefore, it is
necessary to analyze the origin of images by inferring if a specific image was
generated by a particular model, i.e., origin attribution. Existing methods are
limited in their applicability to specific types of generative models and
require additional steps during training or generation. This restricts their
use with pre-trained models that lack these specific operations and may
compromise the quality of image generation. To overcome this problem, we first
develop an alteration-free and model-agnostic origin attribution method via
input reverse-engineering on image generation models, i.e., inverting the input
of a particular model for a specific image. Given a particular model, we first
analyze the differences in the hardness of reverse-engineering tasks for the
generated images of the given model and other images. Based on our analysis, we
propose a method that utilizes the reconstruction loss of reverse-engineering
to infer the origin. Our proposed method effectively distinguishes between
generated images from a specific generative model and other images, including
those generated by different models and real images
How to Detect Unauthorized Data Usages in Text-to-image Diffusion Models
Recent text-to-image diffusion models have shown surprising performance in
generating high-quality images. However, concerns have arisen regarding the
unauthorized usage of data during the training process. One example is when a
model trainer collects a set of images created by a particular artist and
attempts to train a model capable of generating similar images without
obtaining permission from the artist. To address this issue, it becomes crucial
to detect unauthorized data usage. In this paper, we propose a method for
detecting such unauthorized data usage by planting injected memorization into
the text-to-image diffusion models trained on the protected dataset.
Specifically, we modify the protected image dataset by adding unique contents
on the images such as stealthy image wrapping functions that are imperceptible
to human vision but can be captured and memorized by diffusion models. By
analyzing whether the model has memorization for the injected content (i.e.,
whether the generated images are processed by the chosen post-processing
function), we can detect models that had illegally utilized the unauthorized
data. Our experiments conducted on Stable Diffusion and LoRA model demonstrate
the effectiveness of the proposed method in detecting unauthorized data usages
3,4-Bis[4-(4-methoxyphenoxy)phenyl]-1-methyl-1H-pyrrole-2,5-dione
The title compound, C31H25NO6, has a structure related to other 3,4-diaryl-substituted maleic anhydride derivatives which have been shown to be useful as photochromic materials. The dihedral angles between the maleimide ring system and the benzene rings bonded to it are 44.48 (3) and 17.89 (3)°, while the angles between each of the latter rings and the corresponding ether bridging connected methoxybenzene rings are 78.61 (8) and 72.67 (7)°. In the crystal, the molecules are linked by C—H⋯O interactions
Phenyl 3-methoxy-4-phenoxybenzoate
In the title molecule, C20H16O4, the two outermost phenyl rings form dihedral angles of 79.80 (7) and 69.35 (7)° with the central benzene ring. In the crystal structure, weak intermolecular C—H⋯O interactions link the molecules into ribbons propagating along [10]
Bridging the gap: optimized fabrication of robust titania nanostructures on complex implant geometries towards clinical translation
Electrochemically anodized titanium surfaces with titania nanostructures (TNS; nanopores, nanotubes, etc.) have been widely applied as therapeutic bone/dental implant modifications. Despite the numerous advancements in the field of electrochemical anodization (EA), in terms of translation into the current implant market, research gaps in this domain include the lack of fabrication optimization, performed on a substrate of conventional implant surface/geometry, and inadequate mechanical stability. In the current study, we investigate the role of substrate pre-treatment on achieving desired nanotopographies for the purpose of reproducing optimized nanostructures on the complex geometry of commercial implant surfaces, as well as in-depth mechanical stability testing of these nano-engineered coatings. The results confirmed that: (a) substrate polishing/smoothening may be insignificant with respect to fabrication of well-ordered and high quality TNS on micro-rough implants with preserved underlying micro roughness; (b) optimized outcomes can be successfully translated onto complex geometries characteristic of the current implant market, including dental implant abutments and screws (also applicable to a wider implant market including orthopaedics); (c) mechanical stability testing revealed improved modulus and hardness values as compared to conventional nanotubes/pores. We believe that such optimization advances the existing knowledge of titanium anodization and anodized implants towards integration into the current implant market and successful clinical translation. (C) 2018 Elsevier Inc. All rights reserved
Understanding and augmenting the stability of therapeutic nanotubes on anodized titanium implants
Titanium is an ideal material choice for orthopaedic and dental implants, and hence a significant amount of research has been focused towards augmenting the therapeutic efficacy of titanium surfaces. More recently the focus has shifted to nano-engineered implants fabricated via anodization to generate self-ordered nanotubular structures composed of titania (TiO2). These structures (titania nanotubes/TNTs) enable local drug delivery and tailorable cellular modulation towards achieving desirable effects like enhanced osseointegration and antibacterial action. However, the mechanical stability of such modifications is often ignored and remains under explored, and any delamination or breakage in the TNTs modification can initiate toxicity and lead to severe immuno-inflammatory reactions. This review details and critically evaluates the progress made in relation to this aspect of TNT based implants, with a focus on understanding the interface between TNTs and the implant surface, treatments aimed at augmenting mechanical stability and strategies for advanced mechanical testing within the bone micro-environment ex vivo and in vivo. This review article extends the existing knowledge in this domain of TNTs implant technology and will enable improved understanding of the underlying parameters that contribute towards mechanically robust nano-engineered implants that can withstand the forces associated with implant surgical placement and the load bearing experienced at the bone/implant interface
- …