Competitive Advantage Attacks to Decentralized Federated Learning

Decentralized federated learning (DFL) enables clients (e.g., hospitals and banks) to jointly train machine learning models without a central orchestration server. In each global training round, each client trains a local model on its own training data and then they exchange local models for aggregation. In this work, we propose SelfishAttack, a new family of attacks to DFL. In SelfishAttack, a set of selfish clients aim to achieve competitive advantages over the remaining non-selfish ones, i.e., the final learnt local models of the selfish clients are more accurate than those of the non-selfish ones. Towards this goal, the selfish clients send carefully crafted local models to each remaining non-selfish one in each global training round. We formulate finding such local models as an optimization problem and propose methods to solve it when DFL uses different aggregation rules. Theoretically, we show that our methods find the optimal solutions to the optimization problem. Empirically, we show that SelfishAttack successfully increases the accuracy gap (i.e., competitive advantage) between the final learnt local models of selfish clients and those of non-selfish ones. Moreover, SelfishAttack achieves larger accuracy gaps than poisoning attacks when extended to increase competitive advantages

Prompt Injection Attacks and Defenses in LLM-Integrated Applications

Large Language Models (LLMs) are increasingly deployed as the backend for a variety of real-world applications called LLM-Integrated Applications. Multiple recent works showed that LLM-Integrated Applications are vulnerable to prompt injection attacks, in which an attacker injects malicious instruction/data into the input of those applications such that they produce results as the attacker desires. However, existing works are limited to case studies. As a result, the literature lacks a systematic understanding of prompt injection attacks and their defenses. We aim to bridge the gap in this work. In particular, we propose a general framework to formalize prompt injection attacks. Existing attacks, which are discussed in research papers and blog posts, are special cases in our framework. Our framework enables us to design a new attack by combining existing attacks. Moreover, we also propose a framework to systematize defenses against prompt injection attacks. Using our frameworks, we conduct a systematic evaluation on prompt injection attacks and their defenses with 10 LLMs and 7 tasks. We hope our frameworks can inspire future research in this field. Our code is available at https://github.com/liu00222/Open-Prompt-Injection

Research Summary on Water Pollution in China Port Area for Green Port Construction

Water transport has become one of the most important transport modes in many countries in the world due to its large carrying capacity, low transport cost and low energy consumption. As a hub for land-water transfer, due to frequent trade between ships and land, a large number of domestic sewage and oily sewage are discharged, as well as suspended pollutants generated during construction, etc., as a result, the problem of water pollution in port area becomes more and more serious. In order to carry out the strategy of sustainable development and the concept of green port development, it is imperative to carry out the research and prevention of water pollution in port area. Firstly, the sources and harms of the main water pollutants during the construction and operation of the port are summarized, then the spatial and temporal distribution characteristics of these water pollutants are expounded, finally, the water pollution in the port area is summarized on the basis of the literature analysis, in this paper, the author suggests to introduce ecological engineering to treat the sewage in port area, compares the gap between domestic and foreign ports in drawing up water pollution prevention plan, and points out the defects and deficiencies of the existing water pollution research and prevention in port area

Improving Code Generation by Dynamic Temperature Sampling

Recently, Large Language Models (LLMs) have shown impressive results in code generation. However, existing decoding strategies are designed for Natural Language (NL) generation, overlooking the differences between NL and programming languages (PL). Due to this oversight, a better decoding strategy for code generation remains an open question. In this paper, we conduct the first systematic study to explore a decoding strategy specialized in code generation. With an analysis of loss distributions of code tokens, we find that code tokens can be divided into two categories: challenging tokens that are difficult to predict and confident tokens that can be easily inferred. Among them, the challenging tokens mainly appear at the beginning of a code block. Inspired by the above findings, we propose a simple yet effective method: Adaptive Temperature (AdapT) sampling, which dynamically adjusts the temperature coefficient when decoding different tokens. We apply a larger temperature when sampling for challenging tokens, allowing LLMs to explore diverse choices. We employ a smaller temperature for confident tokens avoiding the influence of tail randomness noises. We apply AdapT sampling to LLMs with different sizes and conduct evaluations on two popular datasets. Results show that AdapT sampling significantly outperforms state-of-the-art decoding strategy

Catch Me If You Can: A New Low-Rate DDoS Attack Strategy Disguised by Feint

While collaborative systems provide convenience to our lives, they also face many security threats. One of them is the Low-rate Distributed Denial-of-Service (LDDoS) attack, which is a worthy concern. Unlike volumetric DDoS attacks that continuously send large volumes of traffic, LDDoS attacks are more stealthy and difficult to be detected owing to their low-volume feature. Due to its stealthiness and harmfulness, LDDoS has become one of the most destructive attacks in cloud computing. Although a few LDDoS attack detection and defense methods have been proposed, we observe that sophisticated LDDoS attacks (being more stealthy) can bypass some of the existing LDDoS defense methods. To verify our security observation, we proposed a new Feint-based LDDoS (F-LDDoS) attack strategy. In this strategy, we divide a Pulse Interval into a Feinting Interval and an Attack Interval. Unlike the previous LDDoS attacks, the bots also send traffic randomly in the Feinting Interval, thus disguise themselves as benign users during the F-LDDoS attack. In this way, although the victim detects that it is under an LDDoS attack, it is difficult to locate the attack sources and apply mitigation solutions. Experimental results show that F-LDDoS attack can degrade TCP bandwidth 6.7%-14% more than the baseline LDDoS attack. Besides, F-LDDoS also reduces the similarities between bot traffic and aggregated attack traffic, and increases the uncertainty of packet arrival. These results mean that the proposed F-LDDoS is more effective and more stealthy than normal LDDoS attacks. Finally, we discuss the countermeasures of F-LDDoS to draw the attention of defenders and improve the defense methods

Fine-Tuning Pre-Trained Language Models Effectively by Optimizing Subnetworks Adaptively

Large-scale pre-trained language models have achieved impressive results on a wide range of downstream tasks recently. However, fine-tuning an extremely large-scale pre-trained language model on limited target datasets is often plagued by overfitting and representation degradation. In this paper, we propose a Dynamic Parameter Selection (DPS) algorithm for the large-scale pre-trained models during fine-tuning, which adaptively selects a more promising subnetwork to perform staging updates based on gradients of back-propagation. Experiments on the GLUE benchmark show that DPS outperforms previous fine-tuning methods in terms of overall performance and stability, and consistently achieves better results with variable pre-trained language models. In addition, DPS brings a large magnitude of improvement in out-of-domain transferring experiments and low-resource scenarios, which shows that it can maintain stable general contextual features and reduce the representation collapse. We release our code at https://github.com/ZhangHaojie077/DPSComment: NeurIPS 202

Low-Quality Training Data Only? A Robust Framework for Detecting Encrypted Malicious Network Traffic

Machine learning (ML) is promising in accurately detecting malicious flows in encrypted network traffic; however, it is challenging to collect a training dataset that contains a sufficient amount of encrypted malicious data with correct labels. When ML models are trained with low-quality training data, they suffer degraded performance. In this paper, we aim at addressing a real-world low-quality training dataset problem, namely, detecting encrypted malicious traffic generated by continuously evolving malware. We develop RAPIER that fully utilizes different distributions of normal and malicious traffic data in the feature space, where normal data is tightly distributed in a certain area and the malicious data is scattered over the entire feature space to augment training data for model training. RAPIER includes two pre-processing modules to convert traffic into feature vectors and correct label noises. We evaluate our system on two public datasets and one combined dataset. With 1000 samples and 45% noises from each dataset, our system achieves the F1 scores of 0.770, 0.776, and 0.855, respectively, achieving average improvements of 352.6%, 284.3%, and 214.9% over the existing methods, respectively. Furthermore, We evaluate RAPIER with a real-world dataset obtained from a security enterprise. RAPIER effectively achieves encrypted malicious traffic detection with the best F1 score of 0.773 and improves the F1 score of existing methods by an average of 272.5%

FCOS-LSC: A novel model for green fruit detection in a complex orchard environment

To better address the difficulties in designing green fruit recognition techniques in machine vision systems, we propose an optimized FCOS (full convolutional one-stage object detection) algorithm based on LSC attention blocks (FCOS-LSC) that are performed on level scales, spaces and channels of feature map. The method achieves efficient recognition and localization of green fruit images affected by overlapping occlusions, lighting conditions and capture angles. Specifically, the improved feature extraction network ResNet50 with added deformable convolution is used to fully extract green fruit feature information. The feature pyramid network (FPN) is employed to fully fuse low-level detail information and high-level semantic information in a cross-connected and top-down connected way. Next, the attention mechanisms are added to each of the three dimensions of scale, space (including the height and width of the feature map) and channel of the generated multi-scale feature map to improve the feature perception capability of the network. Finally, the classification and regression sub-networks of the model are applied to predict the fruit category and bounding box. In the classification branch, a new positive and negative sample selection strategy is applied to better distinguish supervised signals by designing weights in the loss function to achieve more accurate fruit detection. The proposed FCOS-LSC model has 38.65M parameters (Params), 38.72G floating point operations (FLOPs), and mean average precision (mAP) of 63.0% and 75.2% for detecting green apples and green persimmons, respectively. In summary, FCOS-LSC outperforms the state-of-the-art models in terms of precision and complexity to meet the accurate and efficient requirements of green fruit recognition by intelligent agricultural equipment. Correspondingly, FCOS-LSC can be used to improve the robustness and generalization of the green fruit detection models

Population pharmacokinetics of nalbuphine in patients undergoing general anesthesia surgery

Purpose: The aim of this study was to build a population pharmacokinetics (PopPK) model of nalbuphine and to estimate the suitability of bodyweight or fixed dosage regimen.Method: Adult patients who were undergoing general anesthetic surgery using nalbuphine for induction of anesthesia were included. Plasma concentrations and covariates information were analyzed by non-linear mixed-effects modeling approach. Goodness-of-fit (GOF), non-parametric bootstrap, visual predictive check (VPC) and external evaluation were applied for the final PopPK model evaluation. Monte Carlo simulation was conducted to assess impact of covariates and dosage regimens on the plasma concentration to nalbuphine.Results: 47 patients aged 21–78 years with a body weight of 48–86 kg were included in the study. Among them, liver resection accounted for 14.8%, cholecystectomy for 12.8%, pancreatic resection for 36.2% and other surgeries for 36.2%. 353 samples from 27 patients were enrolled in model building group; 100 samples from 20 patients were enrolled in external validation group. The results of model evaluation showed that the pharmacokinetics of nalbuphine was adequately described by a two-compartment model. The hourly net fluid volume infused (HNF) was identified as a significant covariate about the intercompartmental clearance (Q) of nalbuphine with objective function value (OFV) decreasing by 9.643 (p < 0.005, df = 1). Simulation results demonstrated no need to adjust dosage based on HNF, and the biases of two dosage methods were less than 6%. The fixed dosage regimen had lower PK variability than the bodyweight regimen.Conclusion: A two-compartment PopPK model adequately described the concentration profile of nalbuphine intravenous injection for anesthesia induction. While HNF can affect the Q of nalbuphine, the magnitude of the effect was limited. Dosage adjustment based on HNF was not recommended. Furthermore, fixed dosage regimen might be better than body weight dosage regimen

Novel ceRNA network construction associated with programmed cell death in acute rejection of heart allograft in mice

BackgroundT cell-mediated acute rejection(AR) after heart transplantation(HT) ultimately results in graft failure and is a common indication for secondary transplantation. It’s a serious threat to heart transplant recipients. This study aimed to explore the novel lncRNA-miRNA-mRNA networks that contributed to AR in a mouse heart transplantation model.MethodsThe donor heart from Babl/C mice was transplanted to C57BL/6 mice with heterotopic implantation to the abdominal cavity. The control group was syngeneic heart transplantation with the same kind of mice donor. The whole-transcriptome sequencing was performed to obtain differentially expressed mRNAs (DEmRNAs), miRNAs (DEmiRNAs) and lncRNAs (DElncRNAs) in mouse heart allograft. The biological functions of ceRNA networks was analyzed by GO and KEGG enrichment. Differentially expressed ceRNA involved in programmed cell death were further verified with qRT-PCR testing.ResultsLots of DEmRNAs, DEmiRNAs and DElncRNAs were identified in acute rejection and control after heart transplantation, including up-regulated 4754 DEmRNAs, 1634 DElncRNAs, 182 DEmiRNAs, and down-regulated 4365 DEmRNAs, 1761 DElncRNAs, 132 DEmiRNAs. Based on the ceRNA theory, lncRNA-miRNA-mRNA regulatory networks were constructed in allograft acute rejection response. The functional enrichment analysis indicate that the down-regulated mRNAs are mainly involved in cardiac muscle cell contraction, potassium channel activity, etc. and the up-regulated mRNAs are mainly involved in T cell differentiation and mononuclear cell migration, etc. The KEGG pathway enrichment analysis showed that the down-regulated DEmRNAs were mainly enriched in adrenergic signaling, axon guidance, calcium signaling pathway, etc. The up-regulated DEmRNAs were enriched in the adhesion function, chemokine signaling pathway, apoptosis, etc. Four lncRNA-mediated ceRNA regulatory pathways, Pvt1/miR-30c-5p/Pdgfc, 1700071M16Rik/miR-145a-3p/Pdgfc, 1700071M16Rik/miR-145a-3p/Tox, 1700071M16Rik/miR-145a-3p/Themis2, were finally validated. In addition, increased expression of PVT1, 1700071M16Rik, Tox and Themis2 may be considered as potential diagnostic gene biomarkers in AR.ConclusionWe speculated that Pvt1/miR-30c-5p/Pdgfc, 1700071M16Rik/miR-145a-3p/Pdgfc, 1700071M16Rik/miR-145a-3p/Tox and 1700071M16Rik/miR-145a-3p/Themis2 interaction pairs may serve as potential biomarkers in AR after HT