119 research outputs found
Neural Architectural Backdoors
This paper asks the intriguing question: is it possible to exploit neural
architecture search (NAS) as a new attack vector to launch previously
improbable attacks? Specifically, we present EVAS, a new attack that leverages
NAS to find neural architectures with inherent backdoors and exploits such
vulnerability using input-aware triggers. Compared with existing attacks, EVAS
demonstrates many interesting properties: (i) it does not require polluting
training data or perturbing model parameters; (ii) it is agnostic to downstream
fine-tuning or even re-training from scratch; (iii) it naturally evades
defenses that rely on inspecting model parameters or training data. With
extensive evaluation on benchmark datasets, we show that EVAS features high
evasiveness, transferability, and robustness, thereby expanding the adversary's
design spectrum. We further characterize the mechanisms underlying EVAS, which
are possibly explainable by architecture-level ``shortcuts'' that recognize
trigger patterns. This work raises concerns about the current practice of NAS
and points to potential directions to develop effective countermeasures
Audio is all in one: speech-driven gesture synthetics using WavLM pre-trained model
The generation of co-speech gestures for digital humans is an emerging area
in the field of virtual human creation. Prior research has made progress by
using acoustic and semantic information as input and adopting classify method
to identify the person's ID and emotion for driving co-speech gesture
generation. However, this endeavour still faces significant challenges. These
challenges go beyond the intricate interplay between co-speech gestures, speech
acoustic, and semantics; they also encompass the complexities associated with
personality, emotion, and other obscure but important factors. This paper
introduces "diffmotion-v2," a speech-conditional diffusion-based and
non-autoregressive transformer-based generative model with WavLM pre-trained
model. It can produce individual and stylized full-body co-speech gestures only
using raw speech audio, eliminating the need for complex multimodal processing
and manually annotated. Firstly, considering that speech audio not only
contains acoustic and semantic features but also conveys personality traits,
emotions, and more subtle information related to accompanying gestures, we
pioneer the adaptation of WavLM, a large-scale pre-trained model, to extract
low-level and high-level audio information. Secondly, we introduce an adaptive
layer norm architecture in the transformer-based layer to learn the
relationship between speech information and accompanying gestures. Extensive
subjective evaluation experiments are conducted on the Trinity, ZEGGS, and BEAT
datasets to confirm the WavLM and the model's ability to synthesize natural
co-speech gestures with various styles.Comment: 10 pages, 5 figures, 1 tabl
Defending Pre-trained Language Models as Few-shot Learners against Backdoor Attacks
Pre-trained language models (PLMs) have demonstrated remarkable performance
as few-shot learners. However, their security risks under such settings are
largely unexplored. In this work, we conduct a pilot study showing that PLMs as
few-shot learners are highly vulnerable to backdoor attacks while existing
defenses are inadequate due to the unique challenges of few-shot scenarios. To
address such challenges, we advocate MDP, a novel lightweight, pluggable, and
effective defense for PLMs as few-shot learners. Specifically, MDP leverages
the gap between the masking-sensitivity of poisoned and clean samples: with
reference to the limited few-shot data as distributional anchors, it compares
the representations of given samples under varying masking and identifies
poisoned samples as ones with significant variations. We show analytically that
MDP creates an interesting dilemma for the attacker to choose between attack
effectiveness and detection evasiveness. The empirical evaluation using
benchmark datasets and representative attacks validates the efficacy of MDP.Comment: Accepted by NeurIPS'2
An Embarrassingly Simple Backdoor Attack on Self-supervised Learning
As a new paradigm in machine learning, self-supervised learning (SSL) is
capable of learning high-quality representations of complex data without
relying on labels. In addition to eliminating the need for labeled data,
research has found that SSL improves the adversarial robustness over supervised
learning since lacking labels makes it more challenging for adversaries to
manipulate model predictions. However, the extent to which this robustness
superiority generalizes to other types of attacks remains an open question.
We explore this question in the context of backdoor attacks. Specifically, we
design and evaluate CTRL, an embarrassingly simple yet highly effective
self-supervised backdoor attack. By only polluting a tiny fraction of training
data (<= 1%) with indistinguishable poisoning samples, CTRL causes any
trigger-embedded input to be misclassified to the adversary's designated class
with a high probability (>= 99%) at inference time. Our findings suggest that
SSL and supervised learning are comparably vulnerable to backdoor attacks. More
importantly, through the lens of CTRL, we study the inherent vulnerability of
SSL to backdoor attacks. With both empirical and analytical evidence, we reveal
that the representation invariance property of SSL, which benefits adversarial
robustness, may also be the very reason making \ssl highly susceptible to
backdoor attacks. Our findings also imply that the existing defenses against
supervised backdoor attacks are not easily retrofitted to the unique
vulnerability of SSL.Comment: The 2023 International Conference on Computer Vision (ICCV '23
Computational Experiment Study on Selection Mechanism of Project Delivery Method Based on Complex Factors
Project delivery planning is a key stage used by the project owner (or project investor) for organizing design, construction, and other operations in a construction project. The main task in this stage is to select an appropriate project delivery method. In order to analyze different factors affecting the PDM selection, this paper establishes a multiagent model mainly to show how project complexity, governance strength, and market environment affect the project owner’s decision on PDM. Experiment results show that project owner usually choose Design-Build method when the project is very complex within a certain range. Besides, this paper points out that Design-Build method will be the prior choice when the potential contractors develop quickly. This paper provides the owners with methods and suggestions in terms of showing how the factors affect PDM selection, and it may improve the project performance
On the Security Risks of Knowledge Graph Reasoning
Knowledge graph reasoning (KGR) -- answering complex logical queries over
large knowledge graphs -- represents an important artificial intelligence task,
entailing a range of applications (e.g., cyber threat hunting). However,
despite its surging popularity, the potential security risks of KGR are largely
unexplored, which is concerning, given the increasing use of such capability in
security-critical domains.
This work represents a solid initial step towards bridging the striking gap.
We systematize the security threats to KGR according to the adversary's
objectives, knowledge, and attack vectors. Further, we present ROAR, a new
class of attacks that instantiate a variety of such threats. Through empirical
evaluation in representative use cases (e.g., medical decision support, cyber
threat hunting, and commonsense reasoning), we demonstrate that ROAR is highly
effective to mislead KGR to suggest pre-defined answers for target queries, yet
with negligible impact on non-target ones. Finally, we explore potential
countermeasures against ROAR, including filtering of potentially poisoning
knowledge and training with adversarially augmented queries, which leads to
several promising research directions.Comment: In proceedings of USENIX Security'23. Codes:
https://github.com/HarrialX/security-risk-KG-reasonin
Aluminum Oxide Nanoparticle Films Deposited from a Nonthermal Plasma: Synthesis, Characterization, and Crystallization
Aluminum oxide, both in amorphous and crystalline forms, is a widely used inorganic ceramic material because of its chemical and structural properties. In this work, we synthesized amorphous aluminum oxide nanoparticles using a capacitively coupled nonthermal plasma utilizing trimethylaluminum and oxygen as precursors and studied their crystallization and phase transformation behavior through postsynthetic annealing. The use of two reactor geometries resulted in amorphous aluminum oxide nanoparticles with similar compositions but different sizes. Size tuning of these nanoparticles was achieved by varying the reactor pressure to produce amorphous aluminum oxide nanoparticles ranging from 6 to 22 nm. During postsynthetic annealing, powder samples of amorphous nanoparticles began to crystallize at 800 °C, forming crystalline θ and γ phase alumina. Their phase transformation behavior was found to be size-dependent in that powders of small 6 nm amorphous particles transformed to form phase-pure α-Al₂O₃ at 1100 °C, while powders of large 11 nm particles remained in the θ and γ phases. This phenomenon is attributed to the fast rate of densification and neck formation in small amorphous aluminum oxide particles
Aluminum Oxide Nanoparticle Films Deposited from a Nonthermal Plasma: Synthesis, Characterization, and Crystallization
Aluminum oxide, both in amorphous and crystalline forms, is a widely used inorganic ceramic material because of its chemical and structural properties. In this work, we synthesized amorphous aluminum oxide nanoparticles using a capacitively coupled nonthermal plasma utilizing trimethylaluminum and oxygen as precursors and studied their crystallization and phase transformation behavior through postsynthetic annealing. The use of two reactor geometries resulted in amorphous aluminum oxide nanoparticles with similar compositions but different sizes. Size tuning of these nanoparticles was achieved by varying the reactor pressure to produce amorphous aluminum oxide nanoparticles ranging from 6 to 22 nm. During postsynthetic annealing, powder samples of amorphous nanoparticles began to crystallize at 800 °C, forming crystalline θ and γ phase alumina. Their phase transformation behavior was found to be size-dependent in that powders of small 6 nm amorphous particles transformed to form phase-pure α-Al₂O₃ at 1100 °C, while powders of large 11 nm particles remained in the θ and γ phases. This phenomenon is attributed to the fast rate of densification and neck formation in small amorphous aluminum oxide particles
- …