Generative Watermarking Against Unauthorized Subject-Driven Image Synthesis

Large text-to-image models have shown remarkable performance in synthesizing high-quality images. In particular, the subject-driven model makes it possible to personalize the image synthesis for a specific subject, e.g., a human face or an artistic style, by fine-tuning the generic text-to-image model with a few images from that subject. Nevertheless, misuse of subject-driven image synthesis may violate the authority of subject owners. For example, malicious users may use subject-driven synthesis to mimic specific artistic styles or to create fake facial images without authorization. To protect subject owners against such misuse, recent attempts have commonly relied on adversarial examples to indiscriminately disrupt subject-driven image synthesis. However, this essentially prevents any benign use of subject-driven synthesis based on protected images. In this paper, we take a different angle and aim at protection without sacrificing the utility of protected images for general synthesis purposes. Specifically, we propose GenWatermark, a novel watermark system based on jointly learning a watermark generator and a detector. In particular, to help the watermark survive the subject-driven synthesis, we incorporate the synthesis process in learning GenWatermark by fine-tuning the detector with synthesized images for a specific subject. This operation is shown to largely improve the watermark detection accuracy and also ensure the uniqueness of the watermark for each individual subject. Extensive experiments validate the effectiveness of GenWatermark, especially in practical scenarios with unknown models and text prompts (74% Acc.), as well as partial data watermarking (80% Acc. for 1/4 watermarking). We also demonstrate the robustness of GenWatermark to two potential countermeasures that substantially degrade the synthesis quality

Backdoor Attacks in the Supply Chain of Masked Image Modeling

Masked image modeling (MIM) revolutionizes self-supervised learning (SSL) for image pre-training. In contrast to previous dominating self-supervised methods, i.e., contrastive learning, MIM attains state-of-the-art performance by masking and reconstructing random patches of the input image. However, the associated security and privacy risks of this novel generative method are unexplored. In this paper, we perform the first security risk quantification of MIM through the lens of backdoor attacks. Different from previous work, we are the first to systematically threat modeling on SSL in every phase of the model supply chain, i.e., pre-training, release, and downstream phases. Our evaluation shows that models built with MIM are vulnerable to existing backdoor attacks in release and downstream phases and are compromised by our proposed method in pre-training phase. For instance, on CIFAR10, the attack success rate can reach 99.62%, 96.48%, and 98.89% in the downstream phase, release phase, and pre-training phase, respectively. We also take the first step to investigate the success factors of backdoor attacks in the pre-training phase and find the trigger number and trigger pattern play key roles in the success of backdoor attacks while trigger location has only tiny effects. In the end, our empirical study of the defense mechanisms across three detection-level on model supply chain phases indicates that different defenses are suitable for backdoor attacks in different phases. However, backdoor attacks in the release phase cannot be detected by all three detection-level methods, calling for more effective defenses in future research

Data Poisoning Attacks Against Multimodal Encoders

Traditional machine learning (ML) models usually rely on large-scale labeled datasets to achieve strong performance. However, such labeled datasets are often challenging and expensive to obtain. Also, the predefined categories limit the model's ability to generalize to other visual concepts as additional labeled data is required. On the contrary, the newly emerged multimodal model, which contains both visual and linguistic modalities, learns the concept of images from the raw text. It is a promising way to solve the above problems as it can use easy-to-collect image-text pairs to construct the training dataset and the raw texts contain almost unlimited categories according to their semantics. However, learning from a large-scale unlabeled dataset also exposes the model to the risk of potential poisoning attacks, whereby the adversary aims to perturb the model's training dataset to trigger malicious behaviors in it. Previous work mainly focuses on the visual modality. In this paper, we instead focus on answering two questions: (1) Is the linguistic modality also vulnerable to poisoning attacks? and (2) Which modality is most vulnerable? To answer the two questions, we conduct three types of poisoning attacks against CLIP, the most representative multimodal contrastive learning framework. Extensive evaluations on different datasets and model architectures show that all three attacks can perform well on the linguistic modality with only a relatively low poisoning rate and limited epochs. Also, we observe that the poisoning effect differs between different modalities, i.e., with lower MinRank in the visual modality and with higher Hit@K when K is small in the linguistic modality. To mitigate the attacks, we propose both pre-training and post-training defenses. We empirically show that both defenses can significantly reduce the attack performance while preserving the model's utility

Study on the support performance of anti-impacting and energy-absorbing concrete-filled steel tube arches in roadways

In response to the problem of lack of shrinkable pressure-allowing performance of steel pipe concrete arch in the current roadway support, an anti-impacting and energy-absorbing steel pipe concrete arch structure is designed from the perspective of energy-absorbing pressure-allowing. The combination model of the new steel pipe concrete arch and the surrounding rock was established by Abaqus, and the support effect and impact resistance of the new arch on the roadway were compared and analyzed under both static and dynamic loading conditions. The conclusions are as follows: ① Designing the wall thickness and size of the energy-absorbing member according to the reasonable yielding resistance characteristics. Energy-absorbing components are installed at the connection between the upper arch and the middle of the bottom arc to prevent excessive bending from causing instability. The sleeve shape is designed as a pleated shape based on the U-shaped steel arch clamp structure, which achieves compression yield through friction with the arch; ② Under the vertical and lateral impact, the displacement of the optimized arch support tunnel at each point is reduced, which reduces the sinking of the top arc section of the arch and the up-arch of the bottom arc section, and the support effect is stronger; ③ Under static loads, after the arch contacts the energy-absorbing component, the plastic strain at each point of the arch no longer increases, and the energy-absorbing component replaces the arch to deform. After being subjected to dynamic loads, the energy-absorbing component can respond quickly, while the corners of the arch bend and deform, and the remaining parts have not undergone significant deformation. After the energy-absorbing component is crushed, the overall plastic strain of the arch starts to increase, and finally the equivalent plastic strain at each point of the arch is reduced by 10%−50% and 13%−78% under vertical and lateral impacts, respectively, after optimization

Tree plantations displacing native forests: The nature and drivers of apparent forest recovery on former croplands in Southwestern China from 2000 to 2015

China is credited with undertaking some of the world's most ambitious policies to protect and restore forests, which could serve as a role model for other countries. However, the actual environmental consequences of these policies are poorly known. Here, we combine remote-sensing analysis with household interviews to assess the nature and drivers of land-cover change in southwestern China between 2000–2015, after China's major forest protection and reforestation policies came into effect. We found that while the region's gross tree cover grew by 32%, this increase was entirely due to the conversion of croplands to tree plantations, particularly monocultures. Native forests, in turn, suffered a net loss of 6.6%. Thus, instead of truly recovering forested landscapes and generating concomitant environmental benefits, the region's apparent forest recovery has effectively displaced native forests, including those that could have naturally regenerated on land freed up from agriculture. The pursuit of profit from agricultural or forestry production along with governmental encouragement and mobilization for certain land uses – including tree planting – were the dominant drivers of the observed land-cover change. An additional driver was the desire of many households to conform with the land-use decisions of their neighbors. We also found that households' lack of labor or financial resources, rather than any policy safeguards, was the primary constraint on further conversion of native forests. We conclude that to achieve genuine forest recovery along with the resulting environmental benefits, China's policies must more strongly protect existing native forests and facilitate native forest restoration. Natural regeneration, which thus far has been grossly neglected in China's forest policies, should be recognized as a legitimate means of forest restoration. In addition, social factors operating at the household level, notably the pursuit of profit and conformation to social norms, should be harnessed to promote better land-cover, biodiversity, and environmental outcomes. More generally, for China and other countries to succeed in recovering forests, policies must clearly distinguish between native forests and tree plantations

Network-based Management on Repairing Tool Kits of Civil Aviation Engineering Maintenance

Based on features of high speed of network transmission and easy operations, this thesis covers two aspects to realize network-based management on repairing tool kits of civil aviation engineering maintenance. Firstly, develop a network inquiry system, which can help employees and administrators inquire tool borrowing information. Secondly, a module is designed that has functions to transmit text messages to tool kits borrowers prompting them to return tools at times when the returning date approaches