29 research outputs found
Neural Polarizer: A Lightweight and Effective Backdoor Defense via Purifying Poisoned Features
Recent studies have demonstrated the susceptibility of deep neural networks
to backdoor attacks. Given a backdoored model, its prediction of a poisoned
sample with trigger will be dominated by the trigger information, though
trigger information and benign information coexist. Inspired by the mechanism
of the optical polarizer that a polarizer could pass light waves with
particular polarizations while filtering light waves with other polarizations,
we propose a novel backdoor defense method by inserting a learnable neural
polarizer into the backdoored model as an intermediate layer, in order to
purify the poisoned sample via filtering trigger information while maintaining
benign information. The neural polarizer is instantiated as one lightweight
linear transformation layer, which is learned through solving a well designed
bi-level optimization problem, based on a limited clean dataset. Compared to
other fine-tuning-based defense methods which often adjust all parameters of
the backdoored model, the proposed method only needs to learn one additional
layer, such that it is more efficient and requires less clean data. Extensive
experiments demonstrate the effectiveness and efficiency of our method in
removing backdoors across various neural network architectures and datasets,
especially in the case of very limited clean data
Shared Adversarial Unlearning: Backdoor Mitigation by Unlearning Shared Adversarial Examples
Backdoor attacks are serious security threats to machine learning models
where an adversary can inject poisoned samples into the training set, causing a
backdoored model which predicts poisoned samples with particular triggers to
particular target classes, while behaving normally on benign samples. In this
paper, we explore the task of purifying a backdoored model using a small clean
dataset. By establishing the connection between backdoor risk and adversarial
risk, we derive a novel upper bound for backdoor risk, which mainly captures
the risk on the shared adversarial examples (SAEs) between the backdoored model
and the purified model. This upper bound further suggests a novel bi-level
optimization problem for mitigating backdoor using adversarial training
techniques. To solve it, we propose Shared Adversarial Unlearning (SAU).
Specifically, SAU first generates SAEs, and then, unlearns the generated SAEs
such that they are either correctly classified by the purified model and/or
differently classified by the two models, such that the backdoor effect in the
backdoored model will be mitigated in the purified model. Experiments on
various benchmark datasets and network architectures show that our proposed
method achieves state-of-the-art performance for backdoor defense
VDC: Versatile Data Cleanser for Detecting Dirty Samples via Visual-Linguistic Inconsistency
The role of data in building AI systems has recently been emphasized by the
emerging concept of data-centric AI. Unfortunately, in the real-world, datasets
may contain dirty samples, such as poisoned samples from backdoor attack, noisy
labels in crowdsourcing, and even hybrids of them. The presence of such dirty
samples makes the DNNs vunerable and unreliable.Hence, it is critical to detect
dirty samples to improve the quality and realiability of dataset. Existing
detectors only focus on detecting poisoned samples or noisy labels, that are
often prone to weak generalization when dealing with dirty samples from other
domains.In this paper, we find a commonality of various dirty samples is
visual-linguistic inconsistency between images and associated labels. To
capture the semantic inconsistency between modalities, we propose versatile
data cleanser (VDC) leveraging the surpassing capabilities of multimodal large
language models (MLLM) in cross-modal alignment and reasoning.It consists of
three consecutive modules: the visual question generation module to generate
insightful questions about the image; the visual question answering module to
acquire the semantics of the visual content by answering the questions with
MLLM; followed by the visual answer evaluation module to evaluate the
inconsistency.Extensive experiments demonstrate its superior performance and
generalization to various categories and types of dirty samples.Comment: 22 pages,5 figures,17 table
Boosting Backdoor Attack with A Learnable Poisoning Sample Selection Strategy
Data-poisoning based backdoor attacks aim to insert backdoor into models by
manipulating training datasets without controlling the training process of the
target model. Existing attack methods mainly focus on designing triggers or
fusion strategies between triggers and benign samples. However, they often
randomly select samples to be poisoned, disregarding the varying importance of
each poisoning sample in terms of backdoor injection. A recent selection
strategy filters a fixed-size poisoning sample pool by recording forgetting
events, but it fails to consider the remaining samples outside the pool from a
global perspective. Moreover, computing forgetting events requires significant
additional computing resources. Therefore, how to efficiently and effectively
select poisoning samples from the entire dataset is an urgent problem in
backdoor attacks.To address it, firstly, we introduce a poisoning mask into the
regular backdoor training loss. We suppose that a backdoored model training
with hard poisoning samples has a more backdoor effect on easy ones, which can
be implemented by hindering the normal training process (\ie, maximizing loss
\wrt mask). To further integrate it with normal training process, we then
propose a learnable poisoning sample selection strategy to learn the mask
together with the model parameters through a min-max optimization.Specifically,
the outer loop aims to achieve the backdoor attack goal by minimizing the loss
based on the selected samples, while the inner loop selects hard poisoning
samples that impede this goal by maximizing the loss. After several rounds of
adversarial training, we finally select effective poisoning samples with high
contribution. Extensive experiments on benchmark datasets demonstrate the
effectiveness and efficiency of our approach in boosting backdoor attack
performance
Enhancing Fine-Tuning Based Backdoor Defense with Sharpness-Aware Minimization
Backdoor defense, which aims to detect or mitigate the effect of malicious
triggers introduced by attackers, is becoming increasingly critical for machine
learning security and integrity. Fine-tuning based on benign data is a natural
defense to erase the backdoor effect in a backdoored model. However, recent
studies show that, given limited benign data, vanilla fine-tuning has poor
defense performance. In this work, we provide a deep study of fine-tuning the
backdoored model from the neuron perspective and find that backdoorrelated
neurons fail to escape the local minimum in the fine-tuning process. Inspired
by observing that the backdoorrelated neurons often have larger norms, we
propose FTSAM, a novel backdoor defense paradigm that aims to shrink the norms
of backdoor-related neurons by incorporating sharpness-aware minimization with
fine-tuning. We demonstrate the effectiveness of our method on several
benchmark datasets and network architectures, where it achieves
state-of-the-art defense performance. Overall, our work provides a promising
avenue for improving the robustness of machine learning models against backdoor
attacks
Tremella fuciformis polysaccharide reduces obesity in high-fat diet-fed mice by modulation of gut microbiota
Obesity is a metabolic disease associated with gut microbiota and low-grade chronic inflammation. Tremella fuciformis is a medicinal and edible fungus; polysaccharide (TP) is the main active component, which has a variety of biological activities, such as hypoglycemic and hypolipidemic. However, the anti-obesity effects and potential mechanisms of TP have never been reported. This study was conducted to elucidate the inhibitory effect of TP on high-fat diet (HFD)-induced obesity in mice. Mice were split into five groups: normal chow diet (NCD) group, NCD_TP_H group, HFD group, HFD_TP_L group and HFD_TP_H group. Our study showed that TP inhibited high-fat diet-induced weight gain and fat accumulation in mice and reduced blood glucose, hyperlipidemia and inflammation. TP also improved gut microbiota disorders by reducing the Firmicutes/Bacteroidetes ratio and modulating the relative abundance of specific gut microbiota. We also found that the anti-obesity and gut microbiota-modulating effects of TP could be transferred to HFD-fed mice via faecal microbiota transplantation (FMT), confirming that the gut microbiota was one of the targets of TP for obesity inhibition. Further studies showed that TP increased the production of short-chain fatty acids and the secretion of intestinal hormones. Our studies showed that TP inhibited obesity by modulating inflammation and the microbe-gut-brain axis, providing a rationale for developing TP to treat obesity and its complications
Effect of HPGR comminution scheme on particle properties and heap leaching of gold
© 2020, © 2020 Canadian Institute of Mining, Metallurgy and Petroleum. The effect of high-pressure grinding roll (HPGR) comminution on the physical properties of ore particles and heap leaching of gold was investigated compared with that of conventional jaw crusher comminution. The comminuted products were evaluated in terms of particle size distribution, internal crack density, and saturated water content. Compared to conventional jaw crushers, the HPGR produced finer particles with more internal cracks. Moreover, the HPGR particles contained a higher water content in the ore heap. Under optimum conditions, the HPGR comminution scheme was found to significantly enhance the leach recovery of gold, in addition to reducing cyanide consumption. However, the fine particles generated during mini-column leaching, reduced the permeation velocity drastically for HPGR products
Transcriptome analysis and SSR/SNP markers information of the blunt snout bream (Megalobrama amblycephala).
BACKGROUND: Blunt snout bream (Megalobrama amblycephala) is an herbivorous freshwater fish species native to China and has been recognized as a main aquaculture species in the Chinese freshwater polyculture system with high economic value. Right now, only limited EST resources were available for M. amblycephala. Recent advances in large-scale RNA sequencing provide a fast, cost-effective, and reliable approach to generate large expression datasets for functional genomic analysis, which is especially suitable for non-model species with un-sequenced genomes. METHODOLOGY AND PRINCIPAL FINDINGS: Using 454 pyrosequencing, a total of 1,409,706 high quality reads (total length 577 Mbp) were generated from the normalized cDNA of pooled M. amblycephala individuals. These sequences were assembled into 26,802 contigs and 73,675 singletons. After BLAST searches against the NCBI non-redundant (NR) and UniProt databases with an arbitrary expectation value of E(-10), over 40,000 unigenes were functionally annotated and classified using the FunCat functional annotation scheme. A comparative genomics approach revealed a substantial proportion of genes expressed in M. amblycephala tanscriptome to be shared across the genomes of zebrafish, medaka, tetraodon, fugu, stickleback, human, mouse, and chicken, and identified a substantial number of potentially novel M. amblycephala genes. A total number of 4,952 SSRs were found and 116 polymorphic loci have been characterized. A significant number of SNPs (25,697) and indels (23,287) were identified based on specific filter criteria in the M. amblycephala. CONCLUSIONS: This study is the first comprehensive transcriptome analysis for a fish species belonging to the genus Megalobrama. These large EST resources are expected to be valuable for the development of molecular markers, construction of gene-based linkage map, and large-scale expression analysis of M. amblycephala, as well as comparative genome analysis for the genus Megalobrama fish species. The identified SSR and SNP markers will greatly benefit its breeding program and whole genome association studies