741 research outputs found
On Negative Correlation of Arboreal Gas on Some Graphs
Arboreal Gas is a type of (unrooted) random forest on a graph, where the
probability is determined by a parameter per edge. This model is
essentially equivalent to acyclic Bernoulli bond percolation with a parameter
. Additionally, Arboreal Gas can be considered as the limit
of the -states random cluster model with as . A natural
question arises regarding the existence and performance of the weak limit of
Arboreal Gas as the graph size goes to infinity. The answer to this question
relies on the negative correlation of Arboreal Gas, which is still an open
problem. This paper primarily focuses on the negative correlation of Arboreal
Gas and provides some results for specific graphs
TempLe: Learning Template of Transitions for Sample Efficient Multi-task RL
Transferring knowledge among various environments is important to efficiently
learn multiple tasks online. Most existing methods directly use the previously
learned models or previously learned optimal policies to learn new tasks.
However, these methods may be inefficient when the underlying models or optimal
policies are substantially different across tasks. In this paper, we propose
Template Learning (TempLe), the first PAC-MDP method for multi-task
reinforcement learning that could be applied to tasks with varying state/action
space. TempLe generates transition dynamics templates, abstractions of the
transition dynamics across tasks, to gain sample efficiency by extracting
similarities between tasks even when their underlying models or optimal
policies have limited commonalities. We present two algorithms for an "online"
and a "finite-model" setting respectively. We prove that our proposed TempLe
algorithms achieve much lower sample complexity than single-task learners or
state-of-the-art multi-task methods. We show via systematically designed
experiments that our TempLe method universally outperforms the state-of-the-art
multi-task methods (PAC-MDP or not) in various settings and regimes
Subsampling-Based Modified Bayesian Information Criterion for Large-Scale Stochastic Block Models
Identifying the number of communities is a fundamental problem in community
detection, which has received increasing attention recently. However, rapid
advances in technology have led to the emergence of large-scale networks in
various disciplines, thereby making existing methods computationally
infeasible. To address this challenge, we propose a novel subsampling-based
modified Bayesian information criterion (SM-BIC) for identifying the number of
communities in a network generated via the stochastic block model and
degree-corrected stochastic block model. We first propose a node-pair
subsampling method to extract an informative subnetwork from the entire
network, and then we derive a purely data-driven criterion to identify the
number of communities for the subnetwork. In this way, the SM-BIC can identify
the number of communities based on the subsampled network instead of the entire
dataset. This leads to important computational advantages over existing
methods. We theoretically investigate the computational complexity and
identification consistency of the SM-BIC. Furthermore, the advantages of the
SM-BIC are demonstrated by extensive numerical studies
Rethinking Adversarial Policies: A Generalized Attack Formulation and Provable Defense in Multi-Agent RL
Most existing works consider direct perturbations of victim's state/action or
the underlying transition dynamics to show vulnerability of reinforcement
learning agents under adversarial attacks. However, such direct manipulation
may not always be feasible in practice. In this paper, we consider another
common and realistic attack setup: in a multi-agent RL setting with
well-trained agents, during deployment time, the victim agent is
exploited by an attacker who controls another agent to act
adversarially against the victim using an \textit{adversarial policy}. Prior
attack models under such setup do not consider that the attacker can confront
resistance and thus can only take partial control of the agent , as
well as introducing perceivable ``abnormal'' behaviors that are easily
detectable. A provable defense against these adversarial policies is also
lacking. To resolve these issues, we introduce a more general attack
formulation that models to what extent the adversary is able to control the
agent to produce the adversarial policy. Based on such a generalized attack
framework, the attacker can also regulate the state distribution shift caused
by the attack through an attack budget, and thus produce stealthy adversarial
policies that can exploit the victim agent. Furthermore, we provide the first
provably robust defenses with convergence guarantee to the most robust victim
policy via adversarial training with timescale separation, in sharp contrast to
adversarial training in supervised learning which may only provide {\it
empirical} defenses
Visual Adversarial Examples Jailbreak Large Language Models
Recently, there has been a surge of interest in introducing vision into Large
Language Models (LLMs). The proliferation of large Visual Language Models
(VLMs), such as Flamingo, BLIP-2, and GPT-4, signifies an exciting convergence
of advancements in both visual and language foundation models. Yet, the risks
associated with this integrative approach are largely unexamined. In this
paper, we shed light on the security and safety implications of this trend.
First, we underscore that the continuous and high-dimensional nature of the
additional visual input space intrinsically makes it a fertile ground for
adversarial attacks. This unavoidably expands the attack surfaces of LLMs.
Second, we highlight that the broad functionality of LLMs also presents visual
attackers with a wider array of achievable adversarial objectives, extending
the implications of security failures beyond mere misclassification. To
elucidate these risks, we study adversarial examples in the visual input space
of a VLM. Specifically, against MiniGPT-4, which incorporates safety mechanisms
that can refuse harmful instructions, we present visual adversarial examples
that can circumvent the safety mechanisms and provoke harmful behaviors of the
model. Remarkably, we discover that adversarial examples, even if optimized on
a narrow, manually curated derogatory corpus against specific social groups,
can universally jailbreak the model's safety mechanisms. A single such
adversarial example can generally undermine MiniGPT-4's safety, enabling it to
heed a wide range of harmful instructions and produce harmful content far
beyond simply imitating the derogatory corpus used in optimization. Unveiling
these risks, we accentuate the urgent need for comprehensive risk assessments,
robust defense strategies, and the implementation of responsible practices for
the secure and safe utilization of VLMs
- …