Model Stealing Attack against Multi-Exit Networks

Compared to traditional neural networks with a single exit, a multi-exit network has multiple exits that allow for early output from intermediate layers of the model, thus bringing significant improvement in computational efficiency while maintaining similar recognition accuracy. When attempting to steal such valuable models using traditional model stealing attacks, we found that conventional methods can only steal the model's classification function while failing to capture its output strategy. This results in a significant decrease in computational efficiency for the stolen substitute model, thereby losing the advantages of multi-exit networks.In this paper, we propose the first model stealing attack to extract both the model function and output strategy. We employ bayesian changepoint detection to analyze the target model's output strategy and use performance loss and strategy loss to guide the training of the substitute model. Furthermore, we designed a novel output strategy search algorithm that can find the optimal output strategy to maximize the consistency between the victim model and the substitute model's outputs. Through experiments on multiple mainstream multi-exit networks and benchmark datasets, we thoroughly demonstrates the effectiveness of our method

Local Integral Estimates for Quasilinear Equations with Measure Data

Local integral estimates as well as local nonexistence results for a class of quasilinear equations -Δpu=σP(u)+ω for p>1 and Hessian equations Fk-u=σP(u)+ω were established, where σ is a nonnegative locally integrable function or, more generally, a locally finite measure, ω is a positive Radon measure, and P(u)~exp⁡αuβ with α>0 and β≥1 or P(u)=up-1

SSL-WM: A Black-Box Watermarking Approach for Encoders Pre-trained by Self-supervised Learning

Recent years have witnessed significant success in Self-Supervised Learning (SSL), which facilitates various downstream tasks. However, attackers may steal such SSL models and commercialize them for profit, making it crucial to protect their Intellectual Property (IP). Most existing IP protection solutions are designed for supervised learning models and cannot be used directly since they require that the models' downstream tasks and target labels be known and available during watermark embedding, which is not always possible in the domain of SSL. To address such a problem especially when downstream tasks are diverse and unknown during watermark embedding, we propose a novel black-box watermarking solution, named SSL-WM, for protecting the ownership of SSL models. SSL-WM maps watermarked inputs by the watermarked encoders into an invariant representation space, which causes any downstream classifiers to produce expected behavior, thus allowing the detection of embedded watermarks. We evaluate SSL-WM on numerous tasks, such as Computer Vision (CV) and Natural Language Processing (NLP), using different SSL models, including contrastive-based and generative-based. Experimental results demonstrate that SSL-WM can effectively verify the ownership of stolen SSL models in various downstream tasks. Furthermore, SSL-WM is robust against model fine-tuning and pruning attacks. Lastly, SSL-WM can also evade detection from evaluated watermark detection approaches, demonstrating its promising application in protecting the IP of SSL models

Distributed workload and response time management for web applications

Abstract-Managing workload for large scale web applications is a fundamental task for satisfactory quality of service, low management and operation cost. In this paper, we present SCOPS, a system of distributed workload management to achieve service differentiation and overload protection in such large scale deployment. Our system splits the workload management logic into distributed components on each back-end server and frontend proxy. The control solution is designed to protect the backend server from overloading and to achieve both efficient usage of system resource and service differentiation by employing a unique optimization target. The control components are automatically organized based on the flow of workloads, such that management overhead is minimized. SCOPS is extremely flexible because it requires no source code changes to host OS, application servers, or web applications. Additionally, the distributed design makes it scalable and robust for cloud scale server deployment. Experiments with our implementation confirm SCOPS's performance with dynamic heavy workload, incurring neglectable runtime overhead. More importantly, SCOPS also ensures fault-tolerance and fast convergence to system failures

A Nationwide Study of Maternal Exposure To Ambient Ozone and Term Birth Weight In the United States

Background: Maternal exposure to ozone (O3) may cause systemic inflammation and oxidative stress and contribute to fetal growth restriction. We sought to estimate the association between maternal exposure to O3 and term birth weight and term small for gestational age (SGA) in the United States (US). Methods: We conducted a nationwide study including 2,179,040 live term singleton births that occurred across 453 populous counties in the contiguous US in 2002. Daily county-level concentrations of O3 data were estimated using a Bayesian fusion model. We used linear regression to estimate the association between O3 exposure and term birth weight and logistic regression to estimate the association between O3 exposure and term SGA during each trimester of the pregnancy and the entire pregnancy after adjusting for maternal characteristics, infant sex, season of conception, ambient temperature, county poverty rate, and census region. We additionally used distributed lag models to identify the critical exposure windows by estimating the monthly and weekly associations. Results: A 10 parts per billion (ppb) increase in O3 over the entire pregnancy was associated with a lower term birth weight (-7.6 g; 95 % CI: −8.8 g, −6.4 g) and increased risk of SGA (odds ratio = 1.030; 95 % CI: 1.020, 1.040). The identified critical exposure windows were the 13th- 25th and 32nd −37th gestational weeks for term birth weight and 13th- 25th for term SGA. We found the association was more pronounced among mothers who were non-Hispanic Black, unmarried, or had lower education level. Conclusions: Among US singleton term births, maternal exposure to O3 was associated with lower rates of fetal growth, and the 13th- 25th gestational weeks were the identified critical exposure windows