检索结果-内蒙古大学图书馆

arXiv 2024年

作者： Zhang, Kaike Cao, Qi Wu, Yunfan Sun, Fei Shen, Huawei Cheng, Xueqi CAS Key Laboratory of AI Safety Institute of Computing Technology Chinese Academy of Sciences University of Chinese Academy of Sciences Beijing China CAS Key Laboratory of AI Safety Institute of Computing Technology Chinese Academy of Sciences Beijing China

Recommender systems play a pivotal role in mitigating information overload in various fields. Nonetheless, the inherent openness of these systems introduces vulnerabilities, allowing attackers to insert fake users into the system’s training data to skew the exposure of certain items, known as poisoning attacks. Adversarial training has emerged as a notable defense mechanism against such poisoning attacks within recommender systems. Existing adversarial training methods apply perturbations of the same magnitude across all users to enhance system robustness against attacks. Yet, in reality, we find that attacks often affect only a subset of users who are vulnerable. These perturbations of indiscriminate magnitude make it difficult to balance effective protection for vulnerable users without degrading recommendation quality for those who are not affected. To address this issue, our research delves into understanding user vulnerability. Considering that poisoning attacks pollute the training data, we note that the higher degree to which a recommender system fits users’ training data correlates with an increased likelihood of users incorporating attack information, indicating their vulnerability. Leveraging these insights, we introduce the Vulnerability-aware Adversarial Training (VAT), designed to defend against poisoning attacks in recommender systems. VAT employs a novel vulnerability-aware function to estimate users’ vulnerability based on the degree to which the system fits them. Guided by this estimation, VAT applies perturbations of adaptive magnitude to each user, not only reducing the success ratio of attacks but also preserving, and potentially enhancing, the quality of recommendations. Comprehensive experiments confirm VAT’s Copyright © 2024, The Authors. All rights reserved.

关键词： Adversarial machine learning

来源：评论

学校读者我要写书评

暂无评论

LoRec: Large Language Model for Robust Sequential Recommendation against Poisoning Attacks

arXiv

引用

arXiv 2024年

Sequential recommender systems stand out for their ability to capture users’ dynamic interests and the patterns of item transitions. However, the inherent openness of sequential recommender systems renders them vulnerable to poisoning attacks, where fraudsters are injected into the training data to manipulate learned patterns. Traditional defense methods predominantly depend on predefined assumptions or rules extracted from specific known attacks, limiting their generalizability to unknown attacks. To solve the above problems, considering the rich open-world knowledge encapsulated in Large Language Models (LLMs), we attempt to introduce LLMs into defense methods to broaden the knowledge beyond limited known attacks. We propose LoRec, an innovative framework that employs LLM-Enhanced Calibration to strengthen the robustness of sequential Recommender systems against poisoning attacks. LoRec integrates an LLM-enhanced CalibraTor (LCT) that refines the training process of sequential recommender systems with knowledge derived from LLMs, applying a user-wise reweighting to diminish the impact of attacks. Incorporating LLMs’ open-world knowledge, the LCT effectively converts the limited, specific priors or rules into a more general pattern of fraudsters, offering improved defenses against poisons. Our comprehensive experiments validate that LoRec, as a general framework, significantly strengthens the robustness of sequential recommender systems. Copyright © 2024, The Authors. All rights reserved.

关键词： Calibration

来源：评论

学校读者我要写书评

暂无评论

SecMdp: Towards Privacy-Preserving Multimodal Deep Learning in End-Edge-Cloud 40

SecMdp: Towards Privacy-Preserving Multimodal Deep Learning ...

引用

40th IEEE International Conference on Data Engineering, ICDE 2024

作者： Bai, Zhao Wang, Mingyue Guo, Fangda Guo, Yu Cai, Chengjun Bie, Rongfang Jia, Xiaohua Beijing Normal University China Harbin Institute of Technology China Institute of Computing Technology CAS Key Laboratory of AI Safety & Security Chinese Academy of Sciences China City University of Hong Kong Dongguan Research Institute Hong Kong City University of Hong Kong Hong Kong

ISBN: (纸本)9798350317152

Multimodal deep learning technologies have advanced significantly, which brings extensive applications in diverse fields. The substantial computational demands of training and prediction in multimodal deep learning have made the End-Edge-Cloud (EEC) framework popular. It is essential to protect multimodal data and model privacy in such a framework. However, traditional cryptographic methods, though secure for data and models at edge nodes, cause efficiency limitations. In this paper, we propose SecMdp, an SGX-assisted secure computational framework for multimodal data in the EEC architecture. Edge nodes are equipped with the trusted execution environment (e.g., Intel SGX) to run multimodal algorithms. Additionally, to address the side-channel attacks of SGX, we present an enhanced PathORAM algorithm, MM-PathORAM, for the multimodal training and prediction processes, which are tailored for multimodal deep learning scenarios. It accelerates multimodal data access while protecting data privacy and model security. Experimental evaluation supports the effectiveness of our design in preserving edge computing efficiency. It demonstrates negligible impact on the speed of multimodal data loading, the configuration of model parameters during training, or the accuracy of predictions. © 2024 IEEE.

关键词： Cloud computing architecture

来源：评论

学校读者我要写书评

暂无评论

Generative Ghost: Investigating Ranking Bias Hidden in ai-Generated Videos

arXiv

引用

arXiv 2025年

作者： Gao, Haowen Pang, Liang Xu, Shicheng Qu, Leigang Chua, Tat-Seng Shen, Huawei Cheng, Xueqi CAS Key Laboratory of AI Safety Institute of Computing Technology Chinese Academy of Sciences China Sea-NExT Joint Lab National University of Singapore Singapore CAS Key Laboratory of AI Security Institute of Computing Technology Chinese Academy of Sciences China

With the rapid development of ai-generated content (aiGC), the creation of high-quality ai-generated videos has become faster and easier, resulting in the Internet being flooded with all kinds of video content. However, the impact of these videos on the content ecosystem remains largely unexplored. Video information retrieval remains a fundamental approach for accessing video content. Building on the observation that retrieval models often favor ai-generated content in ad-hoc and image retrieval tasks, we investigate whether similar biases emerge in the context of challenging video retrieval, where temporal and visual factors may further influence model behavior. To explore this, we first construct a comprehensive benchmark dataset containing both real and ai-generated videos, along with a set of fair and rigorous metrics to assess bias. This benchmark consists of 13,000 videos generated by two state-of-the-art open-source video generation models. We meticulously design a suite of rigorous metrics to accurately measure this preference, accounting for potential biases arising from the limited frame rate and suboptimal quality of aiGC videos. We then applied three off-the-shelf video retrieval models to perform retrieval tasks on this hybrid dataset. Our findings reveal a clear preference for ai-generated videos in retrieval. Further investigation shows that incorporating ai-generated videos into the training set of retrieval models exacerbates this bias. Unlike the preference observed in image modalities, we find that video retrieval bias arises from both unseen visual and temporal information, making the root causes of video bias a complex interplay of these two factors. To mitigate this bias, we fine-tune the retrieval models using a contrastive learning approach. The results of this study highlight the potential implications of ai-generated videos on retrieval systems and offer valuable insights for future research in this area. Our dataset and code are publicly a

关键词： Video analysis

来源：评论

学校读者我要写书评

暂无评论

Graph Domain Adaptation: Challenges, Progress and Prospects

arXiv

引用

arXiv 2024年

作者： Shi, Boshen Wang, Yongqing Guo, Fangda Xu, Bingbing Shen, Huawei Cheng, Xueqi CAS Key Laboratory of AI Safety&Security Institute of Computing Technology CAS China University of Chinese Academy of Sciences China

As graph representation learning often suffers from label scarcity problems in real-world applications, researchers have proposed graph domain adaptation (GDA) as an effective knowledge-transfer paradigm across graphs. In particular, to enhance model performance on target graphs with specific tasks, GDA introduces a bunch of task-related graphs as source graphs and adapts the knowledge learnt from source graphs to the target graphs. Since GDA combines the advantages of graph representation learning and domain adaptation, it has become a promising direction of transfer learning on graphs and has attracted an increasing amount of research interest in recent years. In this paper, we comprehensively overview the studies of GDA and present a detailed survey of recent advances. Specifically, we outline the research status and challenges, propose a taxonomy, introduce the details of representative works, and discuss the prospects. To the best of our knowledge, this paper is the first survey for graph domain adaptation. A detailed paper list is available at https://***/Skyorca/Awesome-Graph-Domain-Adaptation-Papers. Copyright © 2024, The Authors. All rights reserved.

关键词： Graphic methods

来源：评论

学校读者我要写书评

暂无评论

When to Trust LLMs: Aligning Confidence with Response Quality

arXiv

引用

arXiv 2024年

作者： Tao, Shuchang Yao, Liuyi Ding, Hanxing Xie, Yuexiang Cao, Qi Sun, Fei Gao, Jinyang Shen, Huawei Ding, Bolin Alibaba Group China CAS Key Laboratory of AI Safety Institute of Computing Technology Chinese Academy of Sciences China

Despite the success of large language models (LLMs) in natural language generation, much evidence shows that LLMs may produce incorrect or nonsensical text. This limitation highlights the importance of discerning when to trust LLMs, especially in safety-critical domains. Existing methods often express reliability by confidence level, however, their effectiveness is limited by the lack of objective guidance. To address this, we propose CONfidence-Quality-ORDer-preserving alignment approach (CONQORD), which leverages reinforcement learning guided by a tailored dual-component reward function. This function integrates quality reward and order-preserving alignment reward functions. Specifically, the order-preserving reward incentivizes the model to verbalize greater confidence for responses of higher quality to align the order of confidence and quality. Experiments demonstrate that CONQORD significantly improves the alignment performance between confidence and response accuracy, without causing over-cautious. Furthermore, the aligned confidence provided by CONQORD informs when to trust LLMs, and acts as a determinant for initiating the retrieval process of external knowledge. Aligning confidence with response quality ensures more transparent and reliable responses, providing better trustworthiness. 1 Copyright © 2024, The Authors. All rights reserved.

关键词： Reinforcement learning

来源：评论

学校读者我要写书评

暂无评论

The Mirage of Model Editing: Revisiting Evaluation in the Wild

arXiv

引用

arXiv 2025年

作者： Yang, Wanli Sun, Fei Tan, Jiajun Ma, Xinyu Cao, Qi Yin, Dawei Shen, Huawei Cheng, Xueqi CAS Key Laboratory of AI Safety Institute of Computing Technology CAS China University of Chinese Academy of Sciences China Baidu Inc. China

Despite near-perfect results in artificial evaluations, the effectiveness of model editing in real-world applications remains unexplored. To bridge this gap, we propose to study model editing in question answering (QA) by establishing a rigorous evaluation practice to assess the effectiveness of editing methods in correcting LLMs’ errors. It consists of QAEdit, a new benchmark derived from popular QA datasets, and a standardized evaluation framework. Our single editing experiments indicate that current editing methods perform substantially worse than previously reported (38.5% vs. ∼96%). Through module analysis and controlled experiments, we demonstrate that this performance decline stems from issues in evaluation practices of prior editing research. One key issue is the inappropriate use of teacher forcing in testing prevents error propagation by feeding ground truth tokens (inaccessible in real-world scenarios) as input. Furthermore, we simulate real-world deployment by sequential editing, revealing that current approaches fail drastically with only 1000 edits. Our analysis provides a fundamental reexamination of both the real-world applicability of existing model editing methods and their evaluation practices, and establishes a rigorous evaluation framework with key insights to advance reliable and practical model editing research. Copyright © 2025, The Authors. All rights reserved.

关键词：

来源：评论

学校读者我要写书评

暂无评论

Unsupervised Information Refinement Training of Large Language Models for Retrieval-Augmented Generation

arXiv

引用

arXiv 2024年

作者： Xu, Shicheng Pang, Liang Yu, Mo Meng, Fandong Shen, Huawei Cheng, Xueqi Zhou, Jie CAS Key Laboratory of AI Safety Institute of Computing Technology CAS China University of Chinese Academy of Sciences China Pattern Recognition Center WeChat AI China

Retrieval-augmented generation (RAG) enhances large language models (LLMs) by incorporating additional information from retrieval. However, studies have shown that LLMs still face challenges in effectively using the retrieved information, even ignoring it or being misled by it. The key reason is that the training of LLMs does not clearly make LLMs learn how to utilize input retrieved texts with varied quality. In this paper, we propose a novel perspective that considers the role of LLMs in RAG as "Information Refiner", which means that regardless of correctness, completeness, or usefulness of retrieved texts, LLMs can consistently integrate knowledge within the retrieved texts and model parameters to generate the texts that are more concise, accurate, and complete than the retrieved texts. To this end, we propose an information refinement training method named INFO-RAG that optimizes LLMs for RAG in an unsupervised manner. INFO-RAG is low-cost and general across various tasks. Extensive experiments on zero-shot prediction of 11 datasets in diverse tasks including Question Answering, Slot-Filling, Language Modeling, Dialogue, and Code Generation show that INFO-RAG improves the performance of LLaMA2 by an average of 9.39% relative points. INFO-RAG also shows advantages in in-context learning and robustness of RAG. Copyright © 2024, The Authors. All rights reserved.

关键词： Modeling languages

来源：评论

学校读者我要写书评

暂无评论

CLIPURE: PURIFICATION IN LATENT SPACE VIA CLIP FOR ADVERSARIALLY ROBUST ZERO-SHOT CLASSIFICATION

arXiv

引用

arXiv 2025年

作者： Zhang, Mingkun Bi, Keping Chen, Wei Guo, Jiafeng Cheng, Xueqi State Key Lab of AI Safety CAS Key Lab of AI Safety Institute of Computing Technology Chinese Academy of Sciences Beijing China CAS Key Laboratory of Network Data Science and Technology Institute of Computing Technology Chinese Academy of Sciences Beijing China University of Chinese Academy of Sciences Beijing China

In this paper, we aim to build an adversarially robust zero-shot image classifier. We ground our work on CLIP, a vision-language pre-trained encoder model that can perform zero-shot classification by matching an image with text prompts "a photo of a .". Purification is the path we choose since it does not require adversarial training on specific attack types and thus can cope with any foreseen attacks. We then formulate purification risk as the KL divergence between the joint distributions of the purification process of denoising the adversarial samples and the attack process of adding perturbations to benign samples, through bidirectional Stochastic Differential Equations (SDEs). The final derived results inspire us to explore purification in the multi-modal latent space of CLIP. We propose two variants for our CLIPure approach: CLIPure-Diff which models the likelihood of images’ latent vectors with the DiffusionPrior module in DaLLE-2 (modeling the generation process of CLIP’s latent vectors), and CLIPure-Cos which models the likelihood with the cosine similarity between the embeddings of an image and "a photo of a.". As far as we know, CLIPure is the first purification method in multi-modal latent space and CLIPure-Cos is the first purification method that is not based on generative models, which substantially improves defense efficiency. We conducted extensive experiments on CIFAR-10, ImageNet, and 13 datasets that previous CLIP-based defense methods used for evaluating zero-shot classification robustness. Results show that CLIPure boosts the SOTA robustness by a large margin, e.g., from 71.7% to 91.1% on CIFAR10, from 59.6% to 72.6% on ImageNet, and 108% relative improvements of average robustness on the 13 datasets over previous SOTA. The code is available at https://***/TMLResearchGroup-cas/CLIPure. Copyright © 2025, The Authors. All rights reserved.

关键词： Stochastic systems

来源：评论

学校读者我要写书评

暂无评论

Label Noise Correction for Federated Learning: A Secure, Efficient and Reliable Realization 40

Label Noise Correction for Federated Learning: A Secure, Eff...

引用

40th IEEE International Conference on Data Engineering, ICDE 2024

作者： Wang, Haodi Jiang, Tangyu Guo, Yu Guo, Fangda Bie, Rongfang Jia, Xiaohua School of Artificial Intelligence Beijing Normal University Beijing China Institute of Computing Technology Chinese Academy of Sciences CAS Key Laboratory of AI Safety & Security Beijing China City University of Hong Kong Department of Computer Science Hong Kong Hong Kong

ISBN: (纸本)9798350317152

Federated learning has emerged as a promising paradigm for large-scale collaborative training tasks, harnessing diverse local datasets from different clients to jointly train global models. In real-world implementations, client data could have label noise, causing the quality of the global model to be influenced. Existing label-correction solutions assume all the clients are discreet and fail to consider detecting the malicious clients, thus are not practical or privacy-preserving. In this paper, we present zkCor, an efficient and reliable label noise correction scheme with zero-knowledge confidentiality. Our method is designed upon FedCorr [1], but with more relaxed security assumptions. zkCor is established from the ingenious synergy of the label noise correction protocol and the zero-knowledge proof (ZKP), requiring each client to provide a computation integrity proof to the aggregator in each iteration. Thus, clients are forced to jointly guarantee label-correction reliability. We further devise a batch ZKP that is efficient and more suitable for federated learning settings. We rigorously illustrate the building blocks of zkCor and complete the prototype implementation. The extensive experiments demonstrate that zkCor can gain at least 2 to 30 times better performance than the baseline approach on verification workloads with nearly no extra proof time cost from clients. © 2024 IEEE.

关键词： Iterative methods

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：