检索结果-内蒙古大学图书馆

ECLIPSE: Expunging Clean-label Indiscriminate Poisons via Sparse Diffusion Purification

学校读者我要写书评

暂无评论

arXiv 2024年

作者： Wang, Xianlong Hu, Shengshan Zhang, Yechao Zhou, Ziqi Zhang, Leo Yu Xu, Peng Wan, Wei Jin, Hai National Engineering Research Center for Big Data Technology and System China Services Computing Technology and System Lab China Cluster and Grid Computing Lab China Hubei Engineering Research Center on Big Data Security China Hubei Key Laboratory of Distributed System Security China School of Cyber Science and Engineering Huazhong University of Science and Technology Wuhan430074 China School of Computer Science and Technology Huazhong University of Science and Technology Wuhan430074 China School of Information and Communication Technology Griffith University SouthportQLD4215 Australia

Clean-label indiscriminate poisoning attacks add invisible perturbations to correctly labeled training images, thus dramatically reducing the generalization capability of the victim models. Recently, defense mechanisms such as adversarial training, image transformation techniques, and image purification have been proposed. However, these schemes are either susceptible to adaptive attacks, built on unrealistic assumptions, or only effective against specific poison types, limiting their universal applicability. In this research, we propose a more universally effective, practical, and robust defense scheme called ECLIPSE. We first investigate the impact of Gaussian noise on the poisons and theoretically prove that any kind of poison will be largely assimilated when imposing sufficient random noise. In light of this, we assume the victim has access to an extremely limited number of clean images (a more practical scene) and subsequently enlarge this sparse set for training a denoising probabilistic model (a universal denoising tool). We then introduce Gaussian noise to absorb the poisons and apply the model for denoising, resulting in a roughly purified dataset. Finally, to address the trade-off of the inconsistency in the assimilation sensitivity of different poisons by Gaussian noise, we propose a lightweight corruption compensation module to effectively eliminate residual poisons, providing a more universal defense approach. Extensive experiments demonstrate that our defense approach outperforms 10 state-of-the-art defenses. We also propose an adaptive attack against ECLIPSE and verify the robustness of our defense scheme. Our code is available at https://***/CGCL-codes/ECLIPSE. Copyright © 2024, The Authors. All rights reserved.

关键词： Deep neural networks

EDDNet: An Efficient and Accurate Defect Detection Network for the Industrial Edge Environment

学校读者我要写书评

暂无评论

EDDNet: An Efficient and Accurate Defect Detection Network f...

IEEE International Conference on Software Quality, Reliability and Security (QRS)

作者： Runbing Qin Ningjiang Chen Yihui Huang School of Computer and Electronic Information Guangxi University Nanning China Guangxi Intelligent Digital Services Research Center of Engineering Technology Nanning China Guangxi Colleges and Universities Key Laboratory of Parallel and Distributed Computing Nanning China

Defect detection aims to locate the accurate position of defects in images, which is of great significance to quality inspection in the industrial product manufacturing. Currently, many defect detection methods rely on deep neural networks to extract features. Although the accuracy of these methods is relatively high, it is computationally intensive, making the methods difficult to deploy in resource-limited edge devices. In order to solve these problems, a lightweight defect detection model for the industrial edge environment is proposed, termed the efficient defect detection network (EDDNet). EfficientNet-B0 is used as the feature extraction backbone, extracting feature maps from feature layers of different depths of the network and fusing multilevel features by multilevel feature fusion (MFF). To obtain more information, we redesign the attention mechanism in MBConv blocks, taking the encoding space (ES) attention mechanism as a new module, which solves the problem that the defective image spatial information is ignored. The experimental results on the NEU-DET and DAGM2007 datasets and PCB defect datasets demonstrate the effectiveness of the proposed EDDNet and its possibility for application in industrial edge device.

关键词： Image edge detection Computational modeling Neural networks Software quality Object detection Feature extraction Transformers

DarkFed: A Data-Free Backdoor Attack in Federated Learning

学校读者我要写书评

暂无评论

arXiv 2024年

作者： Li, Minghui Wan, Wei Ning, Yuxuan Hu, Shengshan Xue, Lulu Zhang, Leo Yu Wang, Yichen School of Software Engineering Huazhong University of Science and Technology China National Engineering Research Center for Big Data Technology and System China Services Computing Technology and System Lab China Hubei Engineering Research Center on Big Data Security China Hubei Key Laboratory of Distributed System Security China School of Cyber Science and Engineering Huazhong University of Science and Technology China School of Computer Science and Technology Huazhong University of Science and Technology China School of Information and Communication Technology Griffith University Australia

Federated learning (FL) has been demonstrated to be susceptible to backdoor attacks. However, existing academic studies on FL backdoor attacks rely on a high proportion of real clients with main task-related data, which is impractical. In the context of real-world industrial scenarios, even the simplest defense suffices to defend against the state-of-the-art attack, 3DFed. A practical FL backdoor attack remains in a nascent stage of development. To bridge this gap, we present DarkFed. Initially, we emulate a series of fake clients, thereby achieving the attacker proportion typical of academic research scenarios. Given that these emulated fake clients lack genuine training data, we further propose a data-free approach to backdoor FL. Specifically, we delve into the feasibility of injecting a backdoor using a shadow dataset. Our exploration reveals that impressive attack performance can be achieved, even when there is a substantial gap between the shadow dataset and the main task dataset. This holds true even when employing synthetic data devoid of any semantic information as the shadow dataset. Subsequently, we strategically construct a series of covert backdoor updates in an optimized manner, mimicking the properties of benign updates, to evade detection by defenses. A substantial body of empirical evidence validates the tangible effectiveness of DarkFed. Copyright © 2024, The Authors. All rights reserved.

关键词： Semantics

Detecting Backdoors During the Inference Stage Based on Corruption Robustness Consistency

学校读者我要写书评

暂无评论

Detecting Backdoors During the Inference Stage Based on Corr...

Conference on computer Vision and Pattern Recognition (CVPR)

作者： Xiaogeng Liu Minghui Li Haoyu Wang Shengshan Hu Dengpan Ye Hai Jin Libing Wu Chaowei Xiao School of Cyber Science and Engineering Huazhong University of Science and Technology National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Hubei Key Laboratory of Distributed System Security Hubei Engineering Research Center on Big Data Security School of Software Engineering Huazhong University of Science and Technology School of Cyber Science and Engineering Wuhan University School of Computer Science and Technology Huazhong University of Science and Technology Cluster and Grid Computing Lab Arizona State University

Deep neural networks are proven to be vulnerable to backdoor attacks. Detecting the trigger samples during the inference stage, i.e., the test-time trigger sample detection, can prevent the backdoor from being triggered. However, existing detection methods often require the defenders to have high accessibility to victim models, extra clean data, or knowledge about the appearance of backdoor triggers, limiting their practicality. In this paper, we propose the test-time corruption robustness consistency evaluation (TeCo) 1 1 https://***/CGCL-codes/TeCo, a novel test-time trigger sample detection method that only needs the hard-label outputs of the victim models without any extra information. Our journey begins with the intriguing observation that the backdoor-infected models have similar performance across different image corruptions for the clean images, but perform discrepantly for the trigger samples. Based on this phenomenon, we design TeCo to evaluate test-time robustness consistency by calculating the deviation of severity that leads to predictions' transition across different corruptions. Extensive experiments demonstrate that compared with state-of-the-art defenses, which even require either certain information about the trigger types or accessibility of clean data, TeCo outperforms them on different backdoor attacks, datasets, and model architectures, enjoying a higher AUROC by 10% and 5 times of stability.

关键词：

Detector Collapse: Physical-World Backdooring Object Detection to Catastrophic Overload or Blindness in Autonomous Driving

学校读者我要写书评

暂无评论

arXiv 2024年

作者： Zhang, Hangtao Hu, Shengshan Wang, Yichen Zhang, Leo Yu Zhou, Ziqi Wang, Xianlong Zhang, Yanjun Chen, Chao School of Cyber Science and Engineering Huazhong University of Science and Technology China School of Computer Science and Technology Huazhong University of Science and Technology China National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Hubei Engineering Research Center on Big Data Security China Hubei Key Laboratory of Distributed System Security China Cluster and Grid Computing Lab China School of Information and Communication Technology Griffith University Australia University of Technology Sydney Australia RMIT University Australia

Object detection tasks, crucial in safety-critical systems like autonomous driving, focus on pinpointing object locations. These detectors are known to be susceptible to backdoor attacks. However, existing backdoor techniques have primarily been adapted from classification tasks, overlooking deeper vulnerabilities specific to object detection. This paper is dedicated to bridging this gap by introducing Detector Collapse (DC), a brand-new backdoor attack paradigm tailored for object detection. DC is designed to instantly incapacitate detectors (i.e., severely impairing detector's performance and culminating in a denial-of-service). To this end, we develop two innovative attack schemes: SPONGE for triggering widespread misidentifications and BLINDING for rendering objects invisible. Remarkably, we introduce a novel poisoning strategy exploiting natural objects, enabling DC to act as a practical backdoor in real-world environments. Our experiments on different detectors across several benchmarks show a significant improvement (∼10%-60% absolute and ∼2-7× relative) in attack efficacy over state-of-the-art attacks. Copyright © 2024, The Authors. All rights reserved.

关键词： Denial-of-service attack

Detecting JVM JIT Compiler Bugs via Exploring Two-Dimensional Input Spaces

学校读者我要写书评

暂无评论

Detecting JVM JIT Compiler Bugs via Exploring Two-Dimensiona...

International Conference on Software Engineering (ICSE)

作者： Haoxiang Jia Ming Wen Zifan Xie Xiaochen Guo Rongxin Wu Maolin Sun Kang Chen Hai Jin School of Cyber Science and Engineering Huazhong University of Science and Technology China Hubei Key Laboratory of Distributed System Security Services Computing Technology and System Lab Cluster and Grid Computing Lab. Hubei Engineering Research Center on Big Data Security National Engineering Research Center for Big Data Technology and System School of Informatics Xiamen University China School of Computer Science and Technology Huazhong University of Science and Technology China

Java Virtual Machine (JVM) is the fundamental software system that supports the interpretation and execution of Java bytecode. To support the surging performance demands for the increasingly complex and large-scale Java programs, Just-In-Time (JIT) compiler was proposed to perform sophisticated runtime optimization. However, this inevitably induces various bugs, which are becoming more pervasive over the decades and can often cause significant consequences. To facilitate the design of effective and efficient testing techniques to detect JIT compiler bugs. This study first performs a preliminary study aiming to understand the characteristics of JIT compiler bugs and the corresponding triggering test cases. Inspired by the empirical findings, we propose JOpFuzzer, a new JVM testing approach with a specific focus on JIT compiler bugs. The main novelty of JOpFuzzer is embodied in three aspects. First, besides generating new seeds, JOpFuzzer also searches for diverse configurations along the new dimension of optimization options. Second, JOpFuzzer learns the correlations between various code features and different optimization options to guide the process of seed mutation and option exploration. Third, it leverages the profile data, which can reveal the program execution information, to guide the fuzzing process. Such nov-elties enable JOpFuzzer to effectively and efficiently explore the two-dimensional input spaces. Extensive evaluation shows that JOpFuzzer outperforms the state-of-the-art approaches in terms of the achieved code coverages. More importantly, it has detected 41 bugs in OpenJDK, and 25 of them have already been confirmed or fixed by the corresponding developers.

关键词：

AOCC-FL: Federated Learning with Aligned Overlapping via Calibrated Compensation

学校读者我要写书评

暂无评论

AOCC-FL: Federated Learning with Aligned Overlapping via Cal...

IEEE Annual Joint Conference: INFOCOM, IEEE computer and Communications Societies

作者： Haozhao Wang Wenchao Xu Yunfeng Fan Ruixuan Li Pan Zhou School of Computer Science and Technology Huazhong University of Science and Technology Wuhan China Department of Computing The Hong Kong Polytechnic University Hong Kong Hubei Key Laboratory of Distributed System Security Hubei Engineering Research Center on Big Data Security School of Cyber Science and Engineering Huazhong University of Science and Technology Wuhan China

Federated Learning enables collaboratively model training among a number of distributed devices with the coordination of a centralized server, where each device alternatively performs local gradient computation and communication to the server. FL suffers from significant performance degradation due to the excessive communication delay between the server and devices, especially when the network bandwidth of these devices is limited, which is common in edge environments. Existing methods overlap the gradient computation and communication to hide the communication latency to accelerate the FL training. However, the overlapping can also lead to an inevitable gap between the local model in each device and the global model in the server that seriously restricts the convergence rate of learning process. To address this problem, we propose a new overlapping method for FL, AOCC-FL, which aligns the local model with the global model via calibrated compensation such that the communication delay can be hidden without deteriorating the convergence performance. Theoretically, we prove that AOCC-FL admits the same convergence rate as the non-overlapping method. On both simulated and testbed experiments, we show that AOCC-FL achieves a comparable convergence rate relative to the non-overlapping method while outperforming the state-of-the-art overlapping methods.

关键词：

Robin: A Novel Method to Produce Robust Interpreters for Deep Learning-Based Code Classifiers

学校读者我要写书评

暂无评论

arXiv 2023年

作者： Li, Zhen Zhang, Ruqian Zou, Deqing Wang, Ning Li, Yating Xu, Shouhuai Chen, Chen Jin, Hai National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Hubei Key Laboratory of Distributed System Security Hubei Engineering Research Center on Big Data Security Cluster and Grid Computing Lab China School of Cyber Science and Engineering Huazhong University of Science and Technology Wuhan430074 China Department of Computer Science University of Colorado Colorado Springs United States Center for Research in Computer Vision University of Central Florida United States School of Computer Science and Technology Huazhong University of Science and Technology Wuhan430074 China

Deep learning has been widely used in source code classification tasks, such as code classification according to their functionalities, code authorship attribution, and vulnerability detection. Unfortunately, the black-box nature of deep learning makes it hard to interpret and understand why a classifier (i.e., classification model) makes a particular prediction on a given example. This lack of interpretability (or explainability) might have hindered their adoption by practitioners because it is not clear when they should or should not trust a classifier's prediction. The lack of interpretability has motivated a number of studies in recent years. However, existing methods are neither robust nor able to cope with out-of-distribution examples. In this paper, we propose a novel method to produce Robust interpreters for a given deep learning-based code classifier;the method is dubbed Robin. The key idea behind Robin is a novel hybrid structure combining an interpreter and two approximators, while leveraging the ideas of adversarial training and data augmentation. Experimental results show that on average the interpreter produced by Robin achieves a 6.11% higher fidelity (evaluated on the classifier), 67.22% higher fidelity (evaluated on the approximator), and 15.87x higher robustness than that of the three existing interpreters we evaluated. Moreover, the interpreter is 47.31% less affected by out-of-distribution examples than that of LEMNA. Copyright © 2023, The Authors. All rights reserved.

关键词： Deep learning

On the Effectiveness of Function-Level Vulnerability Detectors for Inter-Procedural Vulnerabilities

学校读者我要写书评

暂无评论

On the Effectiveness of Function-Level Vulnerability Detecto...

International Conference on Software Engineering (ICSE)

作者： Zhen Li Ning Wang Deqing Zou Yating Li Ruqian Zhang Shouhuai Xu Chao Zhang Hai Jin National Engineering Research Center for Big Data Technology and System Services Computing Technology and System Lab Hubei Key Laboratory of Distributed System Security Hubei Engineering Research Center on Big Data Security Cluster and Grid Computing Lab School of Cyber Science and Engineering Huazhong University of Science and Technology Wuhan China Jin YinHu Laboratory Wuhan China Department of Computer Science University of Colorado Colorado Springs Colorado Springs Colorado USA Institute for Network Sciences and Cyberspace Tsinghua University Beijing China School of Computer Science and Technology Huazhong University of Science and Technology Wuhan China

ISBN: (数字)9798400702174

ISBN: (纸本)9798350382143

Software vulnerabilities are a major cyber threat and it is important to detect them. One important approach to detecting vulnerabilities is to use deep learning while treating a program function as a whole, known as function-level vulnerability detectors. However, the limitation of this approach is not understood. In this paper, we investigate its limitation in detecting one class of vulnerabilities known as inter-procedural vulnerabilities, where the to-be-patched statements and the vulnerability-triggering statements belong to different functions. For this purpose, we create the first Inter -Procedural Vulnerability Dataset (InterPVD) based on C/C++ open-source software, and we propose a tool dubbed VulTrigger for identifying vulnerability-triggering statements across functions. Experimental results show that VulTrigger can effectively identify vulnerability-triggering statements and inter-procedural vulnerabilities. Our findings include: (i) inter-procedural vulnerabilities are prevalent with an average of 2.8 inter-procedural layers; and (ii) function-level vulner-ability detectors are much less effective in detecting to-be-patched functions of inter-procedural vulnerabilities than detecting their counterparts of intra-procedural vulnerabilities.

关键词： Deep learning Detectors Open source software Software engineering