Neural Polarizer: A Lightweight and Effective Backdoor Defense via Purifying Poisoned Features

Recent studies have demonstrated the susceptibility of deep neural networks to backdoor attacks. Given a backdoored model, its prediction of a poisoned sample with trigger will be dominated by the trigger information, though trigger information and benign information coexist. Inspired by the mechanism of the optical polarizer that a polarizer could pass light waves with particular polarizations while filtering light waves with other polarizations, we propose a novel backdoor defense method by inserting a learnable neural polarizer into the backdoored model as an intermediate layer, in order to purify the poisoned sample via filtering trigger information while maintaining benign information. The neural polarizer is instantiated as one lightweight linear transformation layer, which is learned through solving a well designed bi-level optimization problem, based on a limited clean dataset. Compared to other fine-tuning-based defense methods which often adjust all parameters of the backdoored model, the proposed method only needs to learn one additional layer, such that it is more efficient and requires less clean data. Extensive experiments demonstrate the effectiveness and efficiency of our method in removing backdoors across various neural network architectures and datasets, especially in the case of very limited clean data

Enhancing Fine-Tuning Based Backdoor Defense with Sharpness-Aware Minimization

Backdoor defense, which aims to detect or mitigate the effect of malicious triggers introduced by attackers, is becoming increasingly critical for machine learning security and integrity. Fine-tuning based on benign data is a natural defense to erase the backdoor effect in a backdoored model. However, recent studies show that, given limited benign data, vanilla fine-tuning has poor defense performance. In this work, we provide a deep study of fine-tuning the backdoored model from the neuron perspective and find that backdoorrelated neurons fail to escape the local minimum in the fine-tuning process. Inspired by observing that the backdoorrelated neurons often have larger norms, we propose FTSAM, a novel backdoor defense paradigm that aims to shrink the norms of backdoor-related neurons by incorporating sharpness-aware minimization with fine-tuning. We demonstrate the effectiveness of our method on several benchmark datasets and network architectures, where it achieves state-of-the-art defense performance. Overall, our work provides a promising avenue for improving the robustness of machine learning models against backdoor attacks

Lookaround Optimizer: kk steps around, 1 step average

Weight Average (WA) is an active research topic due to its simplicity in ensembling deep networks and the effectiveness in promoting generalization. Existing weight average approaches, however, are often carried out along only one training trajectory in a post-hoc manner (i.e., the weights are averaged after the entire training process is finished), which significantly degrades the diversity between networks and thus impairs the effectiveness in ensembling. In this paper, inspired by weight average, we propose Lookaround, a straightforward yet effective SGD-based optimizer leading to flatter minima with better generalization. Specifically, Lookaround iterates two steps during the whole training period: the around step and the average step. In each iteration, 1) the around step starts from a common point and trains multiple networks simultaneously, each on transformed data by a different data augmentation, and 2) the average step averages these trained networks to get the averaged network, which serves as the starting point for the next iteration. The around step improves the functionality diversity while the average step guarantees the weight locality of these networks during the whole training, which is essential for WA to work. We theoretically explain the superiority of Lookaround by convergence analysis, and make extensive experiments to evaluate Lookaround on popular benchmarks including CIFAR and ImageNet with both CNNs and ViTs, demonstrating clear superiority over state-of-the-arts. Our code is available at https://github.com/Ardcy/Lookaround.Comment: 18 pages, 9 figure

Rethinking Data Augmentation in Knowledge Distillation for Object Detection

Knowledge distillation (KD) has shown its effectiveness for object detection, where it trains a compact object detector under the supervision of both AI knowledge (teacher detector) and human knowledge (human expert). However, existing studies treat the AI knowledge and human knowledge consistently and adopt a uniform data augmentation strategy during learning, which would lead to the biased learning of multi-scale objects and insufficient learning for the teacher detector causing unsatisfactory distillation performance. To tackle these problems, we propose the sample-specific data augmentation and adversarial feature augmentation. Firstly, to mitigate the impact incurred by multi-scale objects, we propose an adaptive data augmentation based on our observations from the Fourier perspective. Secondly, we propose a feature augmentation method based on adversarial examples for better mimicking AI knowledge to make up for the insufficient information mining of the teacher detector. Furthermore, our proposed method is unified and easily extended to other KD methods. Extensive experiments demonstrate the effectiveness of our framework and improve the performance of state-of-the-art methods in one-stage and two-stage detectors, bringing at most 0.5 mAP gains.Comment: 8 pages, 5 figure

Contrastive Identity-Aware Learning for Multi-Agent Value Decomposition

Value Decomposition (VD) aims to deduce the contributions of agents for decentralized policies in the presence of only global rewards, and has recently emerged as a powerful credit assignment paradigm for tackling cooperative Multi-Agent Reinforcement Learning (MARL) problems. One of the main challenges in VD is to promote diverse behaviors among agents, while existing methods directly encourage the diversity of learned agent networks with various strategies. However, we argue that these dedicated designs for agent networks are still limited by the indistinguishable VD network, leading to homogeneous agent behaviors and thus downgrading the cooperation capability. In this paper, we propose a novel Contrastive Identity-Aware learning (CIA) method, explicitly boosting the credit-level distinguishability of the VD network to break the bottleneck of multi-agent diversity. Specifically, our approach leverages contrastive learning to maximize the mutual information between the temporal credits and identity representations of different agents, encouraging the full expressiveness of credit assignment and further the emergence of individualities. The algorithm implementation of the proposed CIA module is simple yet effective that can be readily incorporated into various VD architectures. Experiments on the SMAC benchmarks and across different VD backbones demonstrate that the proposed method yields results superior to the state-of-the-art counterparts. Our code is available at https://github.com/liushunyu/CIA

Impact of the National Reimbursement Drug List Negotiation Policy on Accessibility of Anticancer Drugs in China: An Interrupted Time Series Study

Objective: Since 2016, the Chinese government has been regularly implementing the National Reimbursement Drug List Negotiation (NRDLN) to improve the accessibility of drugs. In the second round of NRDLN in July 2017, 18 anticancer drugs were included. This study analyzed the impact of the NRDLN on the accessibility of these 18 anticancer drugs in China. Methods: National hospital procurement data were collected from 2015 to 2019. As measurements of drug accessibility, monthly average of drug availability or defined daily dose cost (DDDc) was calculated. Interrupted time series (ITS) analysis was employed to evaluate the impact of NRDLN on drug accessibility. Multilevel growth curve models were estimated for different drug categories, regions or levels of hospitals. Results: The overall availability of 18 anticancer drugs increased from about 10.5% in 2015 to slightly over 30% in 2019. The average DDDc dropped from 527.93 CNY in 2015 to 401.87 CNY in 2019, with a reduction of 23.88%. The implementation of NRDLN was associated with higher availability and lower costs for all 18 anticancer drugs. We found an increasing level in monthly drug availability (β2 = 2.1126), which ascended more sharply after the implementation of NRDLN (β3 = 0.3656). There was a decreasing level in DDDc before July 2017 (β2 = −108.7213), together with a significant decline in the slope associated with the implementation of NRDLN (β3 = −4.8332). Compared to Traditional Chinese Medicines, the availability of Western Medicines was higher and increased at a higher rate (β3 = 0.4165 vs. 0.1108). Drug availability experienced a larger instant and slope increase in western China compared to other regions, and in secondary hospitals than tertiary hospitals. Nevertheless, regional and hospital-level difference in the effect of NRDLN on DDDc were less evident. Conclusion: The implementation of NRDLN improves the availability and reduces the cost of some anticancer drugs in China. It contributes to promoting accessibility of anticancer drugs, as well as relieving regional or hospital-level disparities. However, there are still challenges to benefit more patients sufficiently and equally. It requires more policy efforts and collaborative policy combination

Acinetobacter baumannii: an evolving and cunning opponent

Acinetobacter baumannii is one of the most common multidrug-resistant pathogens causing nosocomial infections. The prevalence of multidrug-resistant A. baumannii infections is increasing because of several factors, including unregulated antibiotic use. A. baumannii drug resistance rate is high; in particular, its resistance rates for tigecycline and polymyxin—the drugs of last resort for extensively drug-resistant A. baumannii—has been increasing annually. Patients with a severe infection of extensively antibiotic-resistant A. baumannii demonstrate a high mortality rate along with a poor prognosis, which makes treating them challenging. Through carbapenem enzyme production and other relevant mechanisms, A. baumannii has rapidly acquired a strong resistance to carbapenem antibiotics—once considered a class of strong antibacterials for A. baumannii infection treatment. Therefore, understanding the resistance mechanism of A. baumannii is particularly crucial. This review summarizes mechanisms underlying common antimicrobial resistance in A. baumannii, particularly those underlying tigecycline and polymyxin resistance. This review will serve as a reference for reasonable antibiotic use at clinics, as well as new antibiotic development

«Conselho de amigo, aviso do céu»: contributos para a análise semântico-pragmática dos atos ilocutórios de conselho e de aviso em confronto com o de ameaça

Com base em exemplos de um corpus oral de Português Europeu, o presente texto discute a organização e funcionamento do ato ilocutório de conselho e de aviso, destacando as semelhanças e diferenças entre eles e os atos de discursos como ameaças e promessas, avisos hipotéticos e ameaças condicionais. Depois da análise das noções do “querer dizer NN” de Grice e de “uptake” de Austin, destacamos a importância da relação entre intenção e convenção na análise dos atos ilocutórios de Searle com o levantamento das regras que determinam os indicadores de força ilocutória. A interpretação dos valores ilocutórios na sequencialidade das intervenções destaca a relação entre práticas discursivas e figuração.info:eu-repo/semantics/publishedVersio

Gate-tunable negative differential conductance in hybrid semiconductor-superconductor devices

Negative differential conductance (NDC) manifests as a significant characteristic of various underlying physics and transport processes in hybrid superconducting devices. In this work, we report the observation of gate-tunable NDC outside the superconducting energy gap on two types of hybrid semiconductor-superconductor devices, i.e., normal metal-superconducting nanowire-normal metal and normal metal-superconducting nanowire-superconductor devices. Specifically, we study the dependence of the NDCs on back-gate voltage and magnetic field. When the back-gate voltage decreases, these NDCs weaken and evolve into positive differential conductance dips; and meanwhile they move away from the superconducting gap towards high bias voltage, and disappear eventually. In addition, with the increase of magnetic field, the NDCs/dips follow the evolution of the superconducting gap, and disappear when the gap closes. We interpret these observations and reach a good agreement by combining the Blonder-Tinkham-Klapwijk (BTK) model and the critical supercurrent effect in the nanowire, which we call the BTK-supercurrent model. Our results provide an in-depth understanding of the tunneling transport in hybrid semiconductor-superconductor devices.Comment: 15+6 pages, 4+6 figure