Enhancing Robust Representation in Adversarial Training: Alignment and Exclusion Criteria

Deep neural networks are vulnerable to adversarial noise. Adversarial Training (AT) has been demonstrated to be the most effective defense strategy to protect neural networks from being fooled. However, we find AT omits to learning robust features, resulting in poor performance of adversarial robustness. To address this issue, we highlight two criteria of robust representation: (1) Exclusion: \emph{the feature of examples keeps away from that of other classes}; (2) Alignment: \emph{the feature of natural and corresponding adversarial examples is close to each other}. These motivate us to propose a generic framework of AT to gain robust representation, by the asymmetric negative contrast and reverse attention. Specifically, we design an asymmetric negative contrast based on predicted probabilities, to push away examples of different classes in the feature space. Moreover, we propose to weight feature by parameters of the linear classifier as the reverse attention, to obtain class-aware feature and pull close the feature of the same class. Empirical evaluations on three benchmark datasets show our methods greatly advance the robustness of AT and achieve state-of-the-art performance.Comment: 10 pages, 9 figures, Submitted to TIF

Methyl­naltrexone bromide methanol monosolvate

In the title compound [systematic name: (4R,4aS,7aR,12bS)-3-cyclo­propyl­meth­yl-4a,9-hy­droxy-7-oxo-2,3,4,4a,5,6,7,7a-octa­hydro-1H-4,12-methano­benzofuro[3,2-e]isoquinolin-3-ium bromide methanol monosolvate], C21H26NO4 +·Br−·CH3OH, two of the three six-membered rings adopt chair conformations while the third, which contains a C=C double bond, adopts an approximate half-boat conformation. The 2,3-dihydro­furan ring adopts an envelope conformation. In the crystal, the components are linked by O—H⋯O and O—H⋯Br hydrogen bonds. The absolute stereochemistry was inferred from one of the starting materials

(3S,4R,4aS,7aR,12bS)-3-Cyclo­propyl­meth­yl-4a,9-dihy­droxy-3-methyl-7-oxo-2,3,4,4a,5,6,7,7a-octa­hydro-1H-4,12-methano-1-benzofuro[3,2-e]isoquinolin-3-ium 2,2,2-trifluoro­acetate methanol solvate

In the title compound, C21H26F3NO6 +·CF3COO−·CH3OH or S-MNTX·CF3COO−·CH3OH (MNTX = methyl­naltrexone), the conformation of the polycyclic backbone of the noroxy­morphone skeleton can be simplified in terms of the angles between the least-squares planes of these rings. The dihedral angle between the cyclohexene and piperidine rings is 84.5 (6)°, while the dihedral angles between the planes of cyclohexane ring and the benzene, cyclohexene and piperidine rings, respectively, are 85.8 (6),80.0  (7) and 10.3 (7)°. In the crystal, mol­ecules are linked by O—H⋯O hydrogen bonds. The trifluoro­acetate F atoms are disordered in a 0.710 (14):0.710 (14) ratio. The absolute stereochemistry was inferred from the use of (4R,4aS,7aR,12bS)-3-(cyclo­propyl­meth­yl)-4a,9-dihy­droxy-2,3,4,4a,5,6-hexa­hydro-1H-4,12-meth­ano­benzofuro[3,2-e]isoquinolin-7(7aH)-one as one of the starting materials

A Small Ku-Band Polarization Tracking Active Phased Array for Mobile Satellite Communications

A compact polarization tracking active phased array for Ku-band mobile satellite signal reception is presented. In contrast with conventional mechanically tracking antennas, the approach presented here meets the requirements of beam tracking and polarization tracking simultaneously without any servo components. The two-layer stacked square patch fed by two probes is used as antenna element. The impedance bandwidth of 16% for the element covers the operating frequency range from 12.25 GHz to 12.75 GHz. In the presence of mutual coupling, the dimensional parameters for each element of the small 7 × 7 array are optimized during beam scanning and polarization tracking. The compact polarization tracking modules based on the low-temperature cofired ceramic (LTCC) system-in-package (SiP) technology are proposed. A small active phased array prototype with the size of 120 mm (length) × 120 mm (width) × 55 mm (height) is developed. The measured polarization tracking patterns of the prototype are given. The polarization tracking beam can be steered in the elevation up to 50°. The gain of no less than 16.0 dBi and the aperture efficiency of more than 50% are obtained. The measured and simulated polarization tracking patterns agreed well

Visual Privacy Protection Based on Type-I Adversarial Attack

With the development of online artificial intelligence systems, many deep neural networks (DNNs) have been deployed in cloud environments. In practical applications, developers or users need to provide their private data to DNNs, such as faces. However, data transmitted and stored in the cloud is insecure and at risk of privacy leakage. In this work, inspired by Type-I adversarial attack, we propose an adversarial attack-based method to protect visual privacy of data. Specifically, the method encrypts the visual information of private data while maintaining them correctly predicted by DNNs, without modifying the model parameters. The empirical results on face recognition tasks show that the proposed method can deeply hide the visual information in face images and hardly affect the accuracy of the recognition models. In addition, we further extend the method to classification tasks and also achieve state-of-the-art performance

Gradient constrained sharpness-aware prompt learning for vision-language models

This paper targets a novel trade-off problem in generalizable prompt learning for vision-language models (VLM), i.e., improving the performance on unseen classes while maintaining the performance on seen classes. Comparing with existing generalizable methods that neglect the seen classes degradation, the setting of this problem is more strict and fits more closely with practical applications. To solve this problem, we start from the optimization perspective, and leverage the relationship between loss landscape geometry and model generalization ability. By analyzing the loss landscapes of the state-of-the-art method and vanilla Sharpness-aware Minimization (SAM) based method, we conclude that the trade-off performance correlates to both loss value and loss sharpness, while each of them is indispensable. However, we find the optimizing gradient of existing methods cannot maintain high relevance to both loss value and loss sharpness during optimization, which severely affects their trade-off performance. To this end, we propose a novel SAM-based method for prompt learning, denoted as Gradient Constrained Sharpness-aware Context Optimization (GCSCoOp), to dynamically constrain the optimizing gradient, thus achieving above two-fold optimization objective simultaneously. Extensive experiments verify the effectiveness of GCSCoOp in the trade-off problem.Comment: 19 pages 11 figure

LOREN: Logic-Regularized Reasoning for Interpretable Fact Verification

Given a natural language statement, how to verify its veracity against a large-scale textual knowledge source like Wikipedia? Most existing neural models make predictions without giving clues about which part of a false claim goes wrong. In this paper, we propose LOREN, an approach for interpretable fact verification. We decompose the verification of the whole claim at phrase-level, where the veracity of the phrases serves as explanations and can be aggregated into the final verdict according to logical rules. The key insight of LOREN is to represent claim phrase veracity as three-valued latent variables, which are regularized by aggregation logical rules. The final claim verification is based on all latent variables. Thus, LOREN enjoys the additional benefit of interpretability -- it is easy to explain how it reaches certain results with claim phrase veracity. Experiments on a public fact verification benchmark show that LOREN is competitive against previous approaches while enjoying the merit of faithful and accurate interpretability. The resources of LOREN are available at: https://github.com/jiangjiechen/LOREN.Comment: Accepted to AAAI 202