Robust Backdoor Detection for Deep Learning via Topological Evolution Dynamics

A backdoor attack in deep learning inserts a hidden backdoor in the model to trigger malicious behavior upon specific input patterns. Existing detection approaches assume a metric space (for either the original inputs or their latent representations) in which normal samples and malicious samples are separable. We show that this assumption has a severe limitation by introducing a novel SSDT (Source-Specific and Dynamic-Triggers) backdoor, which obscures the difference between normal samples and malicious samples. To overcome this limitation, we move beyond looking for a perfect metric space that would work for different deep-learning models, and instead resort to more robust topological constructs. We propose TED (Topological Evolution Dynamics) as a model-agnostic basis for robust backdoor detection. The main idea of TED is to view a deep-learning model as a dynamical system that evolves inputs to outputs. In such a dynamical system, a benign input follows a natural evolution trajectory similar to other benign inputs. In contrast, a malicious sample displays a distinct trajectory, since it starts close to benign samples but eventually shifts towards the neighborhood of attacker-specified target samples to activate the backdoor. Extensive evaluations are conducted on vision and natural language datasets across different network architectures. The results demonstrate that TED not only achieves a high detection rate, but also significantly outperforms existing state-of-the-art detection approaches, particularly in addressing the sophisticated SSDT attack. The code to reproduce the results is made public on GitHub.Comment: 18 pages. To appear in IEEE Symposium on Security and Privacy 202

Visual Servo Control of the Macro/Micro Manipulator with Base Vibration Suppression and Backlash Compensation

This study investigates the visual servo control of the space station macro/micro manipulator system. The proposed approach is based on the position-based eye-in-hand visual servo (PBVS) and takes advantage of the hardware sensors to overcome the macro manipulator’s base flexibility and joint backlash. First, a vibration suppression approach based on the reaction force feedback control is proposed, the deflection forces are measured by the six-axis force/torque sensor at the base of the micro-manipulator, and damping is injected into the flexible base in the closed-loop control to suppress the base vibration. Second, the small changes of joint backlash are compensated based on the macro manipulator joint angles sensor and converted to the desired motion of the payloads. Finally, PBVS with the lag correction is proposed, which is adequate for the precise positioning of large payloads with significant low-frequency oscillations. Ground micro-gravity experiment implementation is discussed, simulations and experiments are carried out based on the equivalent 3-DOF flexible base manipulator system and the macro/micro manipulator ground facilities, and results demonstrate the effectiveness of the proposed control algorithm

Persisting RB-tree into NVM in a consistency perspective

Byte-addressable non-volatile memory (NVM) is going to reshape conventional computer systems. With advantages of low latency, byte-addressability, and non-volatility, NVM can be directly put on the memory bus to replace DRAM. As a result, both system and application softwares have to be adjusted to perceive the fact that the persistent layer moves up to the memory. However, most of the current in-memory data structures will be problematic with consistency issues if not well tuned with NVM. This article places emphasis on an important in-memory structure that is widely used in computer systems, i.e., the Red/Black-tree (RB-tree). Since it has a long and complicated update process, the RB-tree is prone to inconsistency problems with NVM. This article presents an NVM-compatible consistent RB-tree with a new technique named cascade-versioning. The proposed RB-tree (i) is all-time consistent and scalable and (ii) needs no recovery procedure after system crashes. Experiment results show that the RB-tree for NVM not only achieves the aim of consistency with insignificant spatial overhead but also yields comparable performance to an ordinary volatile RB-tree

A coupling approach to demand prediction and repositioning in SAV systems

Reinforcement Learning (RL) is currently one of the most commonly used techniques for traffic signal control (TSC), which can adaptively adjust traffic signal phase and duration according to real-time traffic data. However, a fully centralized RL approach is beset with difficulties in a multi-network scenario because of exponential growth in state-action space with increasing intersections. Multi-agent reinforcement learning (MARL) can overcome the high-dimension problem by employing global control of each local RL agent, but it also brings new challenges, such as failures of convergence caused by the non-stationary Markov Decision Process (MDP). In this paper, we introduce an off-policy nash deep Q-Network (OPNDQN) algorithm, which mitigates the weakness of both fully centralized and MARL approaches. The OPNDQN algorithm solves the problem that traditional algorithms cannot be used in large state-action space traffic models by utilizing a fictitious game approach at each iteration to find the nash equilibrium among neighboring intersections, by which no intersection has incentive to unilaterally deviate. One of the main advantages of the OPNDQN is that it can mitigate the non-stationarity of multi agent Markov process because it considers the mutual influence among neighboring intersections by sharing their actions. On the other hand, for training a large traffic network, the convergence rate of the OPNDQN is higher than that of existing MARL approaches because it does not incorporate all state information of each agent. We conduct extensive experiments by using Simulation of Urban MObility simulator (SUMO), and show the dominant superiority of the OPNDQN over several existing MARL approaches in terms of average queue length, episode training reward and average waiting time.</p

Interpreting Chemisorption Strength with AutoML-based Feature Deletion Experiments

The chemisorption energy of reactants on a catalyst surface, E_ads, is among the most informative characters of understanding and pinpointing the optimal cat alyst. The intrinsic complexity of catalyst surfaces and chemisorption reactions presents significant difficulties in identifying the pivotal physical quantities deter mining Eads. In response to this, the study proposes a novel methodology, the feature deletion experiment, based on Automatic Machine Learning (AutoML) for knowledge extraction from a high-throughput density functional theory (DFT) database. The study reveals that, for binary alloy surfaces, the local adsorp tion site geometric information is the primary physical quantity determining E_ads, compared to the electronic and physiochemical properties of the catalyst alloys. By integrating the feature deletion experiment with instance-wise variable selection (INVASE), a neural network-based explainable AI (XAI) tool, we estab lished the best-performing feature set containing 21 intrinsic, non-DFT computed properties, achieving an MAE of 0.23 eV across a periodic table-wide chemical space involving more than 1,600 types of alloys surfaces and 8,400 chemisorp tion reactions. This study demonstrates the stability, consistency, and potential of AutoML-based feature deletion experiment in developing concise, predictive, and theoretically meaningful models for complex chemical problems with minimal human intervention

A prefrontal-thalamic circuit encodes social information for social recognition

Abstract Social recognition encompasses encoding social information and distinguishing unfamiliar from familiar individuals to form social relationships. Although the medial prefrontal cortex (mPFC) is known to play a role in social behavior, how identity information is processed and by which route it is communicated in the brain remains unclear. Here we report that a ventral midline thalamic area, nucleus reuniens (Re) that has reciprocal connections with the mPFC, is critical for social recognition in male mice. In vivo single-unit recordings and decoding analysis reveal that neural populations in both mPFC and Re represent different social stimuli, however, mPFC coding capacity is stronger. We demonstrate that chemogenetic inhibitions of Re impair the mPFC-Re neural synchronization and the mPFC social coding. Projection pathway-specific inhibitions by optogenetics reveal that the reciprocal connectivity between the mPFC and the Re is necessary for social recognition. These results reveal an mPFC-thalamic circuit for social information processing

Group sparsity residual constraint for image denoising with external nonlocal self-similarity prior

Abstract Nonlocal image representation has been successfully used in many image-related inverse problems including denoising, deblurring and deblocking. However, most existing methods only consider the nonlocal self-similarity (NSS) prior of degraded observation image, and few methods use the NSS prior from natural images. In this paper we propose a novel method for image denoising via group sparsity residual constraint with external NSS prior (GSRC-ENSS). Different from the previous NSS prior-based denoising methods, two kinds of NSS prior (e.g., NSS priors of noisy image and natural images) are used for image denoising. In particular, to enhance the performance of image denoising, the group sparsity residual is proposed, and thus the problem of image denoising is translated into reducing the group sparsity residual. Because the groups contain a large amount of NSS information of natural images, to reduce the group sparsity residual, we obtain a good estimation of the group sparse coefficients of the original image by the external NSS prior based on Gaussian Mixture Model (GMM) learning, and the group sparse coefficients of noisy image are used to approximate the estimation. To combine these two NSS priors better, an effective iterative shrinkage algorithm is developed to solve the proposed GSRC-ENSS model. Experimental results demonstrate that the proposed GSRC-ENSS not only outperforms several state-of-the-art methods, but also delivers the best qualitative denoising results with finer details and less ringing artifacts