检索结果-内蒙古大学图书馆

A Four-Pronged Defense Against Byzantine Attacks in Federated Learning

学校读者我要写书评

暂无评论

arXiv 2023年

作者： Wan, Wei Hu, Shengshan Li, Minghui Lu, Jianrong Zhang, Longling Zhang, Leo Yu Jin, Hai School of Cyber Science and Engineering Huazhong University of Science and Technology China School of Software Engineering Huazhong University of Science and Technology China School of Information and Communication Technology Griffith University Australia School of Computer Science and Technology Huazhong University of Science and Technology China National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Hubei Key Laboratory of Distributed System Security China Hubei Engineering Research Center on Big Data Security China Cluster and Grid Computing Lab

Federated learning (FL) is a nascent distributed learning paradigm to train a shared global model without violating users' privacy. FL has been shown to be vulnerable to various Byzantine attacks, where malicious participants could independently or collusively upload well-crafted updates to deteriorate the performance of the global model. However, existing defenses could only mitigate part of Byzantine attacks, without providing an all-sided shield for FL. It is difficult to simply combine them as they rely on totally contradictory assumptions. In this paper, we propose FPD, a four-pronged defense against both non-colluding and colluding Byzantine attacks. Our main idea is to utilize absolute similarity to filter updates rather than relative similarity used in existingI works. To this end, we first propose a reliable client selection strategy to prevent the majority of threats in the bud. Then we design a simple but effective score-based detection method to mitigate colluding attacks. Third, we construct an enhanced spectral-based outlier detector to accurately discard abnormal updates when the training data is not independent and identically distributed (non-IID). Finally, we design update denoising to rectify the direction of the slightly noisy but harmful updates. The four sequentially combined modules can effectively reconcile the contradiction in addressing non-colluding and colluding Byzantine attacks. Extensive experiments over three benchmark image classification datasets against four state-of-the-art Byzantine attacks demonstrate that FPD drastically outperforms existing defenses in IID and non-IID scenarios (with 30% improvement on model accuracy). © 2023, CC BY.

关键词： Classification (of information)

Why Does Little Robustness Help? A Further Step Towards Understanding Adversarial Transferability

学校读者我要写书评

暂无评论

arXiv 2023年

作者： Zhang, Yechao Hu, Shengshan Zhang, Leo Yu Shi, Junyu Li, Minghui Liu, Xiaogeng Wan, Wei Jin, Hai School of Cyber Science and Engineering Huazhong University of Science and Technology China School of Software Engineering Huazhong University of Science and Technology China School of Information and Communication Technology Griffith University Australia School of Computer Science and Technology Huazhong University of Science and Technology China National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Hubei Key Laboratory of Distributed System Security China Hubei Engineering Research Center on Big Data Security China Cluster and Grid Computing Lab

Adversarial examples for deep neural networks (DNNs) have been shown to be transferable: examples that successfully fool one white-box surrogate model can also deceive other black-box models with different architectures. Although a bunch of empirical studies have provided guidance on generating highly transferable adversarial examples, many of these findings fail to be well explained and even lead to confusing or inconsistent advice for practical use. In this paper, we take a further step towards understanding adversarial transferability, with a particular focus on surrogate aspects. Starting from the intriguing "little robustness" phenomenon, where models adversarially trained with mildly perturbed adversarial samples can serve as better surrogates for transfer attacks, we attribute it to a trade-off between two dominant factors: model smoothness and gradient similarity. Our research focuses on their joint effects on transferability, rather than demonstrating the separate relationships alone. Through a combination of theoretical and empirical analyses, we hypothesize that the data distribution shift induced by off-manifold samples in adversarial training is the reason that impairs gradient similarity. Building on these insights, we further explore the impacts of prevalent data augmentation and gradient regularization on transferability and analyze how the trade-off manifest in various training methods, thus building a comprehensive blueprint for the regulation mechanisms behind transferability. Finally, we provide a general route for constructing superior surrogates to boost transferability, which optimizes both model smoothness and gradient similarity simultaneously, e.g., the combination of input gradient regularization and sharpness-aware minimization (SAM), validated by extensive experiments. In summary, we call for attention to the united impacts of these two factors for launching effective transfer attacks, rather than optimizing one while ignoring the other,

关键词： Deep neural networks

The optimal displacement of immiscible two-phase fluids in a pore doublet

学校读者我要写书评

暂无评论

arXiv 2022年

作者： Shan, Fang Chai, Zhenhua Shi, Baochang Zhao, Meng School of Mathematics and Statistics Huazhong University of Science and Technology Wuhan430074 China Institute of Interdisciplinary Research for Mathematics and Applied Science Huazhong University of Science and Technology Wuhan430074 China Hubei Key Laboratory of Engineering Modeling and Scientific Computing Huazhong University of Science and Technology Wuhan430074 China

The displacement of multiphase fluid flow in a pore doublet is a fundamental problem, and is also of importance in understanding of the transport mechanisms of multiphase flows in the porous media. During the displacement of immiscible two-phase fluids in the pore doublet, the transport process is not only influenced by the capillary and viscous forces, but also affected by the channel geometry. In this paper, we first present a mathematical model to describe the two-phase fluid displacement in the pore doublet where the effects of capillary force, viscous force and the geometric structure are included. Then we derive an analytical solution of the model for the first time, and find that the displacement process is dominated by the capillary number, the viscosity ratio and the radius ratio. Furthermore, we define the optimal displacement that the wetting fluids in two daughter channels break through the branches simultaneously (both of them have the same breakthrough time), and also obtain the critical capillary number corresponding to the optimal displacement, which is related to the radius ratio of two daughter channels and viscosity ratio of two immiscible fluids. Finally, it is worthy noting that the present analytical results on the displacement in the pore doublet can be used to explain and understand the phenomenon of preferential imbibition or preferential flow in porous media. © 2022, CC BY.

关键词： Porous materials

Predicting Tertiary Lymphoid Structures in Head and Neck Contrast-Enhanced CT Images using a 3D CNN

学校读者我要写书评

暂无评论

Predicting Tertiary Lymphoid Structures in Head and Neck Con...

IEEE International Conference on Bioinformatics and Biomedicine (BIBM)

作者： Ting Long Tingguan Sun Juan Liu Hua Chen Zhijun Sun Key Laboratory of Aerospace Information Security and Trusted Computing Ministry of Education & School of Cyber Science and Engineering Wuhan University Wuhan China State Key Laboratory of Oral & Maxillofacial Reconstruction and Regeneration & Key Laboratory of Oral Biomedicine Ministry of Education Hubei Key Laboratory of Stomatology & School & Hospital of Stomatology Wuhan University & Frontier Science Center for Immunology and Metabolism Wuhan University Wuhan China Institute of Artificial Intelligence School of Computer Science Wuhan University Wuhan China

Squamous cell carcinoma of the head and neck is currently the eighth most common cancer worldwide. In recent years, medical researchers have proposed a promising immune checkpoint blockade treatment to treat the disease, however, only a small number of patients with advanced head and neck squamous cell carcinoma (about 13%) can benefit from immune checkpoint blockade therapy. Therefore, assessing the patient’s response to immune checkpoint blockade before treatment can help develop a treatment strategy. Tertiary lymphoid structures (TLSs) are complex structures that often appear around tumors, and their presence suggests strong immunoactivity and sensitivity to immunotherapy. Therefore, the presence or absence of TLSs is a valid indicator of the patient’s response to immune checkpoint blockade before surgery. At present, the detection methods for TLSs are all postoperative pathological examinations, but their speed is slow and aggressive. However, few studies have employed non-invasive methods to detect and assess the TLS status of cancer before surgery. In this paper, we propose a 3D convolutional neural network UDNet based on the original U-Net and Dense-Net, which can determine the presence of TLSs by using the patient’s contrast-enhanced CT image. At last, we verify the ability of the model to predict TLSs by comparing the predicting results of the model and the predicting results of three experienced clinicians. The results show that the accuracy of UDNet (72.7%) is much higher than the average accuracy (42.4%) predicted by the three experienced clinicians.

关键词：

Linearly Implicit and High-Order Energy-Preserving Schemes for Highly Oscillatory Hamiltonian Systems

学校读者我要写书评

暂无评论

SSRN

SSRN 2022年

作者： Li, Dongfang Li, Xiaoxi Zhang, Zhimin School of Mathematics and Statistics Huazhong University of Science and Technology Wuhan430074 China Hubei Key Laboratory of Engineering Modeling and Scientific Computing Huazhong University of Science and Technology Wuhan430074 China Department of Mathematics Wayne State University DetroitMI48202 United States

In this paper, a family of novel energy-preserving schemes are presented for numerically solving highly oscillatory Hamiltonian systems. These schemes are constructed by using the relaxation idea in the extrapolated Runge–Kutta (ERK) methods. After obtaining the relaxation parameter, it is shown that the methods can be arbitrarily high order accurate, linearly implicit and keep the original discrete energy conserved, while the previous energy-preserving schemes for highly oscillatory Hamiltonian systems are usually fully implicit. Numerical comparisons with various typical energy-preserving schemes are presented. The numerical results show that the proposed schemes are highly competitive and effective. © 2022, The Authors. All rights reserved.

关键词： Runge Kutta methods

Detecting Backdoors During the Inference Stage Based on Corruption Robustness Consistency

学校读者我要写书评

暂无评论

arXiv 2023年

作者： Liu, Xiaogeng Li, Minghui Wang, Haoyu Hu, Shengshan Ye, Dengpan Jin, Hai Wu, Libing Xiao, Chaowei School of Cyber Science and Engineering Huazhong University of Science and Technology China School of Computer Science and Technology Huazhong University of Science and Technology China School of Software Engineering Huazhong University of Science and Technology China National Engineering Research Center for Big Data Technology and System China Services Computing Technology and System Lab China Hubei Key Laboratory of Distributed System Security China Hubei Engineering Research Center on Big Data Security China Cluster and Grid Computing Lab China School of Cyber Science and Engineering Wuhan University China Arizona State University United States

Deep neural networks are proven to be vulnerable to backdoor attacks. Detecting the trigger samples during the inference stage, i.e., the test-time trigger sample detection, can prevent the backdoor from being triggered. However, existing detection methods often require the defenders to have high accessibility to victim models, extra clean data, or knowledge about the appearance of backdoor triggers, limiting their practicality. In this paper, we propose the test-time corruption robustness consistency evaluation (TeCo)1, a novel test-time trigger sample detection method that only needs the hard-label outputs of the victim models without any extra information. Our journey begins with the intriguing observation that the backdoor-infected models have similar performance across different image corruptions for the clean images, but perform discrepantly for the trigger samples. Based on this phenomenon, we design TeCo to evaluate test-time robustness consistency by calculating the deviation of severity that leads to predictions' transition across different corruptions. Extensive experiments demonstrate that compared with state-of-the-art defenses, which even require either certain information about the trigger types or accessibility of clean data, TeCo outperforms them on different backdoor attacks, datasets, and model architectures, enjoying a higher AUROC by 10% and 5 times of stability. Copyright © 2023, The Authors. All rights reserved.

关键词： Crime

Robin: A Novel Method to Produce Robust Interpreters for Deep Learning-Based Code Classifiers

学校读者我要写书评

暂无评论

Robin: A Novel Method to Produce Robust Interpreters for Dee...

IEEE International Conference on Automated Software engineering (ASE)

作者： Zhen Li Ruqian Zhang Deqing Zou Ning Wang Yating Li Shouhuai Xu Chen Chen Hai Jin School of Cyber Science and Engineering Huazhong University of Science and Technology Wuhan China Services Computing Technology and System Lab Hubei Key Laboratory of Distributed System Security Cluster and Grid Computing Lab National Engineering Research Center for Big Data Technology and System Hubei Engineering Research Center on Big Data Security Department of Computer Science University of Colorado Colorado Springs USA Center for Research in Computer Vision University of Central Florida USA School of Computer Science and Technology Huazhong University of Science and Technology Wuhan China

Deep learning has been widely used in source code classification tasks, such as code classification according to their functionalities, code authorship attribution, and vulnerability detection. Unfortunately, the black-box nature of deep learning makes it hard to interpret and understand why a classifier (i.e., classification model) makes a particular prediction on a given example. This lack of interpretability (or explainability) might have hindered their adoption by practitioners because it is not clear when they should or should not trust a classifier's prediction. The lack of interpretability has motivated a number of studies in recent years. However, existing methods are neither robust nor able to cope with out-of-distribution examples. In this paper, we propose a novel method to produce Robust interpreters for a given deep learning-based code classifier; the method is dubbed Robin. The key idea behind Robin is a novel hybrid structure combining an interpreter and two approximators, while leveraging the ideas of adversarial training and data augmentation. Experimental results show that on average the interpreter produced by Robin achieves a 6.11% higher fidelity (evaluated on the classifier), 67.22% higher fidelity (evaluated on the approximator), and 15.87x higher robustness than that of the three existing interpreters we evaluated. Moreover, the interpreter is 47.31% less affected by out-of-distribution examples than that of LEMNA.

关键词：

DeepSolo++: Let Transformer Decoder with Explicit Points Solo for Multilingual Text Spotting

学校读者我要写书评

暂无评论

arXiv 2023年

作者： Ye, Maoyuan Zhang, Jing Zhao, Shanshan Liu, Juhua Liu, Tongliang Du, Bo Tao, Dacheng School of Computer Science National Engineering Research Center for Multimedia Software Institute of Artificial Intelligence Hubei Key Laboratory of Multimedia and Network Communication Engineering Wuhan University Wuhan China School of Computer Science Faculty of Engineering The University of Sydney Australia JD Explore Academy *** China College of Computing & Data Science Nanyang Technological University Singapore

End-to-end text spotting aims to integrate scene text detection and recognition into a unified framework. Dealing with the relationship between the two sub-tasks plays a pivotal role in designing effective spotters. Although Transformer-based methods eliminate the heuristic post-processing, they still suffer from the synergy issue between the sub-tasks and low training efficiency. Besides, they overlook the exploring on multilingual text spotting which requires an extra script identification task. In this paper, we present DeepSolo++, a simple DETR-like baseline that lets a single Decoder with Explicit Points Solo for text detection, recognition, and script identification simultaneously. Technically, for each text instance, we represent the character sequence as ordered points and model them with learnable explicit point queries. After passing a single decoder, the point queries have encoded requisite text semantics and locations, thus can be further decoded to the center line, boundary, script, and confidence of text via very simple prediction heads in parallel. Furthermore, we show the surprisingly good extensibility of our method, in terms of character class, language type, and task. On the one hand, our method not only performs well in English scenes but also masters the transcription with complex font structure and a thousand-level character classes, such as Chinese. On the other hand, our DeepSolo++ achieves better performance on the additionally introduced script identification task with a simpler training pipeline compared with previous methods. Extensive experiments on public benchmarks demonstrate that our simple approach achieves better training efficiency compared with Transformer-based models and outperforms the previous state-of-the-art. For example, on ICDAR 2019 ReCTS for Chinese text, our method boosts the 1-NED metric to a new record of 78.3%. On ICDAR 2019 MLT, DeepSolo++ achieves absolute 5.5% H-mean and 8.0% AP improvements on joint detection an

关键词： Semantics

Hierarchical Reverse Games for the Resource Ecosystem in Cloud-Edge computing

学校读者我要写书评

暂无评论

IEEE Transactions on Consumer Electronics 2024年

作者： Pei, Manlin Wang, Chenyu Wang, Xia Zheng, Zhigao Huang, Jianhui Wang, Shengling Guo, Yufei School of Computer and Information Technology Beijing Jiaotong University Beijing China Department of Computer Science Georgia State University United States Beijing University of Technology School of Statistics and Data Science Faculty of Science Beijing China Institute of Artificial Intelligence School of Computer Science National Engineering Research Center for Multimedia Software Hubei Key Laboratory of Multimedia and Network Communication Engineering Hubei Luojia Laboratory Wuhan University Wuhan China Chinese Academy of Sciences Institute of Computing Technology Beijing China Beijing Normal University School of Artificial Intelligence Beijing China George Washington University Department of Statistics United States

Edge computing has emerged as a killer technology for a hyper-connected world due to its distributed architecture and customer-proximity property. Combined edge nodes with the cloud data center, a cloud-edge computing paradigm is formed, whose resource ecosystem calls for competitive pricing and optimal resource allocation. However, it is not feasible to realize global information-based optimization since some information is kept private to their owners. To solve this challenge, this paper develops the user-independent hierarchical reverse game and the user-assisted hierarchical reverse game to depict the relationship among the resource provider, the resource tenant, and the resource user. The aim is to seek the optimal strategies for players without revealing any private information. The common trait of both games is to force the players to report the optimal strategies based on their actual private information. This salient trait can produce privacy-preservation optimization since there is no requirement for the players to release their individual information directly, and the optimal strategies of other players can be deduced naturally. The difference between the user-independent hierarchical reverse game and the user-assisted one is that the game rules are stipulated entirely by the provider and the tenants (edge nodes) in the former, while some game rules can be customized according to the advice of users in the latter. This leads the user-independent hierarchical reverse game is more concise and easy to guarantee the incentive compatibility constraint, while the user-assisted hierarchical reverse game can attract more users since the game rules can adapt to their economic status, requirements, and preferences. © 1975-2011 IEEE.

关键词： Cloud platforms