Defense against Adversarial Attacks Using High-Level Representation Guided Denoiser

Neural networks are vulnerable to adversarial examples, which poses a threat to their application in security sensitive systems. We propose high-level representation guided denoiser (HGD) as a defense for image classification. Standard denoiser suffers from the error amplification effect, in which small residual adversarial noise is progressively amplified and leads to wrong classifications. HGD overcomes this problem by using a loss function defined as the difference between the target model's outputs activated by the clean image and denoised image. Compared with ensemble adversarial training which is the state-of-the-art defending method on large images, HGD has three advantages. First, with HGD as a defense, the target model is more robust to either white-box or black-box adversarial attacks. Second, HGD can be trained on a small subset of the images and generalizes well to other images and unseen classes. Third, HGD can be transferred to defend models other than the one guiding it. In NIPS competition on defense against adversarial attacks, our HGD solution won the first place and outperformed other models by a large margin

Exploring Transferability of Multimodal Adversarial Samples for Vision-Language Pre-training Models with Contrastive Learning

Vision-language pre-training models (VLP) are vulnerable, especially to multimodal adversarial samples, which can be crafted by adding imperceptible perturbations on both original images and texts. However, under the black-box setting, there have been no works to explore the transferability of multimodal adversarial attacks against the VLP models. In this work, we take CLIP as the surrogate model and propose a gradient-based multimodal attack method to generate transferable adversarial samples against the VLP models. By applying the gradient to optimize the adversarial images and adversarial texts simultaneously, our method can better search for and attack the vulnerable images and text information pairs. To improve the transferability of the attack, we utilize contrastive learning including image-text contrastive learning and intra-modal contrastive learning to have a more generalized understanding of the underlying data distribution and mitigate the overfitting of the surrogate model so that the generated multimodal adversarial samples have a higher transferability for VLP models. Extensive experiments validate the effectiveness of the proposed method

Silicon photonic MEMS switches based on split waveguide crossings

The continuous push for high-performance photonic switches is one of the most crucial premises for the sustainable scaling of programmable and reconfigurable photonic circuits for a wide spectrum of applications. Large-scale photonic switches constructed with a large number of 2$\times$2 elementary switches impose stringent requirements on the elementary switches. In contrast to conventional elementary switches based on mode interference or mode coupling, here we propose and realize a brand-new silicon MEMS 2$\times$2 elementary switch based on a split waveguide crossing (SWX) consisting of two halves. With this structure, the propagation direction of the incident light can be manipulated to implement the OFF and ON states by splitting or combining the two halves of the SWX, respectively. More specifically, we introduce refractive-index engineering by incorporating subwavelength-tooth (SWT) structures on both reflecting facets to further reduce the excess loss in the ON state. Such a unique switching mechanism features a compact footprint on a standard SOI wafer and enables excellent photonic performance with low excess loss of 0.1-0.52/0.1-0.47dB and low crosstalk of $\lt$-37/-22.5dB over an ultrawide bandwidth of 1400-1700nm for the OFF/ON states in simulation, while in experiment, excess loss of 0.15-0.52/0.42-0.66dB and crosstalk of $\lt$-45.5/-25dB over the bandwidth of 1525-1605 nm for the OFF/ON states have been measured.Furthermore, excellent MEMS characteristics such as near-zero steady-state power consumption, low switching energy of sub-pJ, switching speed of {\mu}s-scale, durability beyond 10^9 switching cycles, and overall device robustness have been achieved. Finally, a 16$\times$16 switch using Benes topology has also been fabricated and characterized as a proof of concept, further validating the suitability of the SWX switches for large-scale integration