检索结果-内蒙古大学图书馆

Fairness is essential for robustness:fair adversarial training by identifying and augmenting hard examples

Frontiers of Computer Science 2025年第3期19卷 1-13页

作者： Ningping MOU Xinli YUE Lingchen ZHAO Qian WANG Key Laboratory of Aerospace Information Security and Trusted Computing(Ministry of Education) School of Cyber Science and EngineeringWuhan UniversityWuhan 430072China

Adversarial training has been widely considered the most effective defense against adversarial ***,recent studies have demonstrated that a large discrepancy exists in the class-wise robustness of adversarial training,leading to two potential issues:firstly,the overall robustness of a model is compromised due to the weakest class;and secondly,ethical concerns arising from unequal protection and biases,where certain societal demographic groups receive less robustness in defense *** these issues,solutions to address the discrepancy remain largely *** this paper,we advance beyond existing methods that focus on class-level *** investigation reveals that hard examples,identified by higher cross-entropy values,can provide more fine-grained information about the ***,we find that enhancing the diversity of hard examples can effectively reduce the robustness gap between *** by these observations,we propose Fair Adversarial Training(FairAT)to mitigate the discrepancy of class-wise *** experiments on various benchmark datasets and adversarial attacks demonstrate that FairAT outperforms state-of-the-art methods in terms of both overall robustness and *** a WRN-28-10 model trained on CIFAR10,FairAT improves the average and worst-class robustness by 2.13%and 4.50%,respectively.

关键词： robust fairness adversarial training hard example data augmentation

来源：评论

学校读者我要写书评

暂无评论

Three-in-One: Robust Enhanced Universal Transferable Anti-Facial Retrieval in Online Social Networks

引用

IEEE Transactions on information Forensics and security 2025年 20卷 4408-4421页

作者： Lv, Yunna Tang, Long Ye, Dengpan Xie, Caiyun Deng, Jiacheng He, Yiheng Shen, Sipeng Wuhan University School of Cyber Science and Engineering Key Laboratory of Aerospace Information Security and Trusted Computing Ministry of Education Wuhan430072 China

Deep hash-based retrieval techniques are widely used in facial retrieval systems to improve the efficiency of facial matching. However, it also carries the danger of exposing private information. Deep hash models are easily influenced by adversarial examples, which can be leveraged to protect private images from malicious retrieval. The existing adversarial example methods against deep hash models focus on universality and transferability, lacking the research on its robustness in online social networks (OSNs), which leads to their failure in anti-retrieval after post-processing. Therefore, we provide the first in-depth discussion on robustness in universal transferable anti-facial retrieval and propose Three-in-One Adversarial Perturbation (TOAP). Specifically, we construct a local and global Compression Generator (CG) to simulate complex post-processing scenarios, which can be used to mitigate perturbation. Then, we propose robust optimization objectives based on the discovery of the variation patterns of model’s distribution after post-processing, and generate adversarial examples using these objectives and meta-learning. Finally, we iteratively optimize perturbation by alternately generating adversarial examples and fine-tuning the CG, balancing the performance of perturbation while enhancing CG’s ability to mitigate them. Numerous experiments demonstrate that, in addition to its advantages in universality and transferability, TOAP significantly outperforms current state-of-the-art methods in multiple robustness metrics. It further improves universality and transferability by 5% to 28%, and achieves up to about 33% significant improvement in several simulated post-processing scenarios as well as mainstream OSNs, demonstrating that TOAP can effectively protect private images from malicious retrieval in real-world scenarios. © 2005-2012 IEEE.

关键词： Social networking (online)

来源：评论

学校读者我要写书评

暂无评论

Generalize Audio Deepfake Algorithm Recognition via Attribution Enhancement

Generalize Audio Deepfake Algorithm Recognition via Attribut...

引用

2025 IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2025

作者： Wang, Zhigang Ye, Dengpan Li, Jingyang Deng, Jiacheng Key Laboratory of Aerospace Information Security and Trusted Computing Ministry of Education School of Cyber Science and Engineering Wuhan University China

ISBN: (纸本)9798350368741

The development of voice cloning techniques has made forgery audios indistinguishable, posing an urgency to trace their sources. Many existing works focus on improving identification accuracy for audio deepfake algorithm recognition. However, most methods ignore the impact of complex information in audio signals on attribution. In this paper, we propose an audio deepfake attribution enhancement (ADAE) strategy, which aims to magnify the fingerprints of generation styles by removing the speaker information. This is achieved through an information disentangle block with an extra speaker encoder. In addition, we propose the FakeSource dataset, a novel audio deepfake algorithm recognition dataset that contains 25 different voice cloning algorithms, to address the constraint of data scarcity. Experiments on the FakeSource dataset demonstrate that ADAE improves the performance of unseen algorithm detection. We also assess ADAE on a more challenging training-free task which shows competitive performance. © 2025 IEEE.

关键词： Audio deepfake algorithm recognition feature enhancement representation disentangle

来源：评论

学校读者我要写书评

暂无评论

Transferable and Robust Dynamic Adversarial Attack against Object Detection Models

引用

IEEE Internet of Things Journal 2025年第11期12卷 16171-16180页

作者： Wang, Xinxin Chen, Jing Zhang, Zijun He, Kun Wu, Zongru Du, Ruiying Li, Qiao Liu, Gongshen Wuhan University Key Laboratory of Aerospace Information Security and Trusted Computing Ministry of Education School of Cyber Science and Engineering Wuhan430072 China Shanghai Jiao Tong University Department of Electronic Information and Electrical Engineering Shanghai201100 China

Object detection models have been widely deployed in physical world applications, and they are vulnerable to adversarial attacks. However, most adversarial attacks are implemented in a white-box setting, and under ideal shooting conditions such as fixed distances and angles, and thus have limited attack success rate (ASR) in practice. In this paper, we present a transferable and robust dynamic adversarial attack where the adversarial patches can be printed on or attached to non-rigid objects such as clothes. We develop a cascade module with a momentum-based technique to optimize adversarial patches against various object detection models, achieving better transferability of the patches in a black-box setting. We also develop a strategy of distance-Adaptive patch generation and employ perspective transformation to enhance the robustness of patches. To evaluate the attack performance, we conduct extensive experiments on seven mainstream object detection models at different distances and angles. The results show that our method can achieve an average ASR of 69.85%, which is 3.27 times that of the baseline method at 3 meters. © 2014 IEEE.

关键词： Object detection Computational modeling Closed box Robustness Adaptation models trusted computing information security aerospace engineering Proposals Aerodynamics

来源：评论

学校读者我要写书评

暂无评论

Harnessing Dimensional Contrast and information Compensation for Sentence Embedding Enhancement

Harnessing Dimensional Contrast and Information Compensation...

引用

2025 IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2025

作者： He, Kang Ding, Yuzhe Li, Bobo Wang, Haining Li, Fei Teng, Chong Ji, Donghong Key Laboratory of Aerospace Information Security and Trusted Computing Ministry of Education School of Cyber Science and Engineering Wuhan University Wuhan China

ISBN: (纸本)9798350368741

Unsupervised sentence embedding learning excels through positive sample construction and instance-level contrastive learning (ICL). However, this approach can lead to over-compression and dimensional contamination from noisy data augmentation and unconstrained ICL processes. To mitigate these issues, we propose a novel enhancement method, MSSE, which incorporates an information Compensation Mechanism (ICM) and a Dimensional-Level Contrastive Learning Mechanism (DCM). ICM, inspired by the information bottleneck principle, prevents excessive compression in representation learning. DCM constrains ICL and minimizes information leakage across dimensions. Experimental results show that MSSE surpasses existing competitive baselines across seven STS tasks, including unsupervised and few-shot scenarios. The source code is available at https://***/Hekang001/MSSE. © 2025 IEEE.

关键词： contrastive learning natural language processing Sentence embedding unsupervised learning

来源：评论

学校读者我要写书评

暂无评论

NCRE: A Benchmark for Document-level Nominal Compound Relation Extraction 31

NCRE: A Benchmark for Document-level Nominal Compound Relati...

引用

31st International Conference on Computational Linguistics, COLING 2025

作者： Cao, Jincheng Li, Bobo Liu, Jiang Ji, Donghong Key Laboratory of Aerospace Information Security and Trusted Computing Ministry of Education School of Cyber Science and Engineering Wuhan University Wuhan China

ISBN: (纸本)9798891761964

Entity and relation extraction is a conventional task in the field of information extraction. Existing work primarily focuses on detecting specific relations between entities, often constrained to particular fields and lacking general applicability. In response, we propose a novel task: nominal compound relation extraction (NCRE), which concentrates on abstract and broadly applicable relation extraction between noun phrases. This task diverges significantly from traditional entity and relation extraction in two key respects. Firstly, our task involves general nominal compounds rather than named entities, which are longer and encompass a broader scope, presenting significant challenges for extraction. Secondly, relation extraction in NCRE demands an in-depth understanding of context to detect abstract relations. We manually annotate a high-quality Chinese dataset for the NCRE task and develop a model incorporating the rotary position-enhanced word pair (RoWP) detection schema. Experimental results demonstrate the efficiency of our RoWP model over previous baselines, while the suboptimal F1 scores indicate that NCRE remains a challenging task. Our code and data are available at https://***/yeecjc/NCRE. © 2025 Association for Computational Linguistics.

关键词： Computational linguistics

来源：评论

学校读者我要写书评

暂无评论

Network Intrusion Detection for Modern Smart Grids Based on Adaptive Online Incremental Learning

引用

IEEE Transactions on Smart Grid 2025年第3期16卷 2541-2553页

作者： Lu, Qiuyu An, Kexin Li, Jun'e Wang, Jin Wuhan University Key Laboratory of Aerospace Information Security and Trusted Computing Ministry of Education School of Cyber Science and Engineering Wuhan430072 China State Grid Hubei Electric Power Research Institute Energy Internet Research Center Wuhan430072 China

New and evolving cyber attacks against smart grids are emerging. This necessitates that the network intrusion detection systems (IDSs) have online learning ability. However, most existing methods struggle to handle new and evolving attacks while retaining old attack knowledge, and many of them employ deep models requiring long update periods. Therefore, we propose an IDS based on adaptive online incremental learning (AdaOIL-IDS). 1) A class-correlated broad learning system (CC-BLS) is proposed for intrusion detection. A weighted CC-factor derived from intra- and inter-class correlations is introduced in CC-BLS to improve classification accuracy. CC incremental learnings are designed to quickly add new inputs and additional nodes without retraining. The CC-factor for new inputs is adjusted based on correlations of new and old classes, which enables simultaneous adaptation to new attacks and new observations of old attacks while retaining more old knowledge. 2) An adaptive learning framework is proposed for online offline combined learning of models. Online learning and offline retraining are adaptive switched based on the real-time loss to achieve efficient lifelong learning. Experiment results show that CC-BLS has better performance than selected state-of-the-art incremental broad and deep models, and the proposed adaptive learning framework behaviors better effectiveness and efficiency than selected existing frameworks. © 2010-2012 IEEE.

关键词： Network intrusion

来源：评论

学校读者我要写书评

暂无评论

Adaptive Early Warning Method of Cascading Failures Caused by Coordinated Cyber-Attacks

引用

CSEE Journal of Power and Energy Systems 2025年第1期11卷 406-423页

作者： Yufei Wang June Li Jian Qiu Yangrong Chen Key Laboratory of Aerospace Information Security and Trusted Computing Ministry of EducationSchool of Cyber Science and EngineeringWuhan UniversityWuhan Hubei430072China China Electric Power Research Institute Beijing102209China Electric Power Planning&Engineering Institute Beijing 100120China

In order to accurately receive early warning of the cascading failures caused by coordinated cyber-attacks(CFCC)in grid cyber-physical systems(GCPS),an adaptive early warning method of CFCC is ***,the evolutionary mechanism of CFCC is analyzed from the attackers'view,the CFCC mathematical model is established,and the transition processes of GCPS running states under the influence of CFCC staged failures are ***,the mathematical model of the adaptive early warning method is ***,the mathematical model of the adaptive early warning method is mapped as an adaptive control process with tolerating staged failures damage,and the solving process is presented to infer the CFCC and its next evolution trend.A decision-making idea for the optimal active defense scheme is proposed considering the costs and gains of various defense ***,to verify the effectiveness of the adaptive early warning method,the warning and defense processes of a typical CFCC are simulated in a GCPS experimental system based on CEPRI-36 BUS.

关键词： Adaptive control theory cascading failures coordinated cyber-attacks early warning grid cyber-physical systems

来源：评论

学校读者我要写书评

暂无评论

A Very Compact and a Threshold Implementation of uBlock for Internet of Things

引用

Tsinghua Science and Technology 2025年第5期30卷 2270-2283页

作者： Botao Liu Ming Tang Key Laboratory of Aerospace Information Security and Trusted Computing of Ministry of Education School of Cyber Science and Engineering Wuhan University Wuhan China

The rapid proliferation of Internet of Things (IoT) devices necessitates lightweight cryptographic algorithms and their secure physical implementations. Masking, as a provably secure countermeasure against Side-Channel Attacks (SCA), has been extensively studied in the context of lightweight cryptography algorithms. Currently, some cryptographers have proposed a low-cost Threshold Implementation (TI) of the uBlock algorithm. However, their approach suffers from significant area overhead due to the inefficient serial and pipelined implementation of uBlock's Pshufb-Xor (PX) network structure. To address this issue, we develop a new serial and pipelined implementation method that optimizes the area of the uBlock algorithm. Based on this optimization, we implement a 2-share TI scheme for uBlock that requires minimal area resources and does not need fresh randomness. Compared to the state-of-the-art appoach, our method reduces slice area by 63.4% on Field Programmable Gate Arrays (FPGA) platform and Gate Equivalent (GE) area by 17.2% on Application-Specific Integrated Circuit (ASIC) platform for the unprotected implementation. For the protected implementation, our method reduces slice area by 41.5% and GE area by 14.0%. Finally, our protection scheme is validated using the automated tool PROLEAD and evaluated with Test Vector Leakage Assessment (TVLA), achieving first-order glitch-extended probing security.

关键词： Buildings Side-channel attacks Logic gates Germanium Vectors Hardware Internet of Things Protection Field programmable gate arrays Optimization

来源：评论

学校读者我要写书评

暂无评论

FreqSense: Universal and Low-Latency Adversarial Example Detection for Speaker Recognition with Interpretability in Frequency Domain

FreqSense: Universal and Low-Latency Adversarial Example Det...

引用

2025 IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2025

作者： Huang, Yihuan Li, Yuanzhe Ren, Yanzhen Tu, Weiping Yang, Yuhong Key Laboratory of Aerospace Information Security and Trusted Computing Ministry of Education China School of Cyber Science and Engineering Wuhan University China National Engineering Research Center for Multimedia Software School of Computer Science Wuhan University China

ISBN: (纸本)9798350368741

Speaker recognition (SR) systems are particularly vulnerable to adversarial example (AE) attacks. To mitigate these attacks, AE detection systems are typically integrated into SR systems. To overcome the limitations of low detection accuracy, poor generalization, and high latency in existing schemes, this paper proposes FreqSense, an AE detection scheme based on frequency distribution features. FreqSense detects a variety of unknown AE attacks with low latency, and provides interpretability in its detection process. The basic idea of FreqSense is that AE typically introduce carefully designed noise in specific frequency bands that are associated with highly distinctive speaker identities. Therefore, leveraging the distributional variations in these frequency bands can effectively distinguish between AE and benign audio. FreqSense models frequency distribution features by integrating time-frequency transformation technology with a self-attention mechanism and employs a neural network-based classifier to distinguish between AE and benign audio. Experimental results show that FreqSense achieves an overall detection accuracy of 99.2%, surpassing state-of-the-art (SOTA) schemes by 27.2%. When confronting unknown AE attacks, FreqSense achieves a detection accuracy of 98.3% with a latency of just 0.0014 seconds. © 2025 IEEE.

关键词： Adversarial Attack Adversarial Example Detection Speaker Recognition

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：