Search

Your search keyword '"A, Carlini"' showing total 15,028 results
Start Over Author "A, Carlini"
15,028 results on '"A, Carlini"'

1. Adversarial ML Problems Are Getting Harder to Solve and to Evaluate

Author

Rando, Javier, Zhang, Jie, Carlini, Nicholas, and Tramèr, Florian

Subjects
Computer Science - Machine Learning, Computer Science - Cryptography and Security
Abstract

In the past decade, considerable research effort has been devoted to securing machine learning (ML) models that operate in adversarial settings. Yet, progress has been slow even for simple "toy" problems (e.g., robustness to small adversarial perturbations) and is often hindered by non-rigorous evaluations. Today, adversarial ML research has shifted towards studying larger, general-purpose language models. In this position paper, we argue that the situation is now even worse: in the era of LLMs, the field of adversarial ML studies problems that are (1) less clearly defined, (2) harder to solve, and (3) even more challenging to evaluate. As a result, we caution that yet another decade of work on adversarial ML may fail to produce meaningful progress.

Published
2025

2. Exploring and Mitigating Adversarial Manipulation of Voting-Based Leaderboards

Author

Huang, Yangsibo, Nasr, Milad, Angelopoulos, Anastasios, Carlini, Nicholas, Chiang, Wei-Lin, Choquette-Choo, Christopher A., Ippolito, Daphne, Jagielski, Matthew, Lee, Katherine, Liu, Ken Ziyu, Stoica, Ion, Tramer, Florian, and Zhang, Chiyuan

Subjects
Computer Science - Machine Learning, Computer Science - Cryptography and Security
Abstract

It is now common to evaluate Large Language Models (LLMs) by having humans manually vote to evaluate model outputs, in contrast to typical benchmarks that evaluate knowledge or skill at some particular task. Chatbot Arena, the most popular benchmark of this type, ranks models by asking users to select the better response between two randomly selected models (without revealing which model was responsible for the generations). These platforms are widely trusted as a fair and accurate measure of LLM capabilities. In this paper, we show that if bot protection and other defenses are not implemented, these voting-based benchmarks are potentially vulnerable to adversarial manipulation. Specifically, we show that an attacker can alter the leaderboard (to promote their favorite model or demote competitors) at the cost of roughly a thousand votes (verified in a simulated, offline version of Chatbot Arena). Our attack consists of two steps: first, we show how an attacker can determine which model was used to generate a given reply with more than $95\%$ accuracy; and then, the attacker can use this information to consistently vote for (or against) a target model. Working with the Chatbot Arena developers, we identify, propose, and implement mitigations to improve the robustness of Chatbot Arena against adversarial manipulation, which, based on our analysis, substantially increases the cost of such attacks. Some of these defenses were present before our collaboration, such as bot protection with Cloudflare, malicious user detection, and rate limiting. Others, including reCAPTCHA and login are being integrated to strengthen the security in Chatbot Arena.

Published
2025

3. Quality Assurance and Quality Control of the $26~\text{m}^2$ SiPM production for the DarkSide-20k dark matter experiment

Author

Acerbi, F., Adhikari, P., Agnes, P., Ahmad, I., Albergo, S., Albuquerque, I. F., Alexander, T., Alton, A. K., Amaudruz, P., Aprile, M. Angiolilli. E., Corona, M. Atzori, Auty, D. J., Ave, M., Avetisov, I. C., Azzolini, O., Back, H. O., Balmforth, Z., Olmedo, A. Barrado, Barrillon, P., Batignani, G., Bhowmick, P., Bloem, M., Blua, S., Bocci, V., Bonivento, W., Bottino, B., Boulay, M. G., Buchowicz, A., Bussino, S., Busto, J., Cadeddu, M., Cadoni, M., Calabrese, R., Camillo, V., Caminata, A., Canci, N., Capra, A., Caravati, M., Cardenas-Montes, M., Cargioli, N., Carlini, M., Castello, P., Cavalcante, P., Cebrian, S., Ruiz, J. Cela, Chashin, S., Chepurnov, A., Cifarelli, L., Cintas, D., Cleveland, B., Coadou, Y., Cocco, V., Colaiuda, D., Vilda, E. Conde, Consiglio, L., Costa, B. S., Czubak, M., D'Auria, S., Rolo, M. D. Da Rocha, Darbo, G., Davini, S., de Asmundis, R., De Cecco, S., Dellacasa, G., Derbin, A. V., Di Capua, F., Di Noto, L., Di Stefano, P., Dias, L. K., Dionisi, C., Dolganov, G., Dordei, F., Dronik, V., Elersich, A., Ellingwood, E., Erjavec, T., Fearon, N., Diaz, M. Fernandez, Ficorella, A., Fiorillo, G., Franchini, P., Franco, D., Gatti, H. Frandini, Frolov, E., Gabriele, F., Gahan, D., Galbiati, C., Galiski, G., Gallina, G., Gallus, G., Garbini, M., Abia, P. Garcia, Gawdzik, A., Gendotti, A., Giovanetti, G. K., Casanueva, V. Goicoechea, Gola, A., Grandi, L., Grauso, G., di Cortona, G. Grilli, Grobov, A., Gromov, M., Gulino, M., Guo, C., Hackett, B. R., Hallin, A., Hamer, A., Haranczyk, M., Hessel, T., Horikawa, S., Hu, J., Hubaut, F., Hucker, J., Hugues, T., Hungerford, E. V., Ianni, A., Ippoliti, G., Ippolito, V., Jamil, A., Jillings, C., Keloth, R., Kemmerich, N., Kemp, A., Kester, Carlos E., Kimura, M., Kondo, K., Korga, G., Kotsiopoulou, L., Koulosousas, S., Kubankin, A., Kunze, P., Kuss, M., Kuźniak, M., Kuzwa, M., La Commara, M., Lai, M., LeGuirriec, E., Leason, E., Leoni, A., Lidey, L., Lissia, M., Luzzi, L., Lychagina, O., Macfadyen, O., Machulin, I. N., Manecki, S., Manthos, I., Marasciulli, A., Margutti, G., Mari, S. M., Mariani, C., Maricic, J., Martinez, M., Martoff, C. J., Matteucci, G., Mavrokoridis, K., Mazza, E., McDonald, A. B., Merzi, S., Messina, A., Milincic, R., Minutoli, S., Mitra, A., Monroe, J., Moretti, E., Morrocchi, M., Mroz, T., Muratova, V. N., Murphy, M., Murra, M., Muscas, C., Musico, P., Nania, R., Nessi, M., Nieradka, G., Nikolopoulos, K., Nikoloudaki, E., Nowak, J., Olchanski, K., Oleinik, A., Oleynikov, V., Organtini, P., de Solrzano, A. Ortiz, Pallavicini, M., Pandola, L., Pantic, E., Paoloni, E., Papi, D., Pastuszak, G., Paternoster, G., Pegoraro, P. A., Pelczar, K., Perez, R., Pesudo, V., Piacentini, S., Pino, N., Plante, G., Pocar, A., Poehlmann, M., Pordes, S., Pralavorio, P., Preosti, E., Price, D., Puglia, S., Bazetto, M. Queiroga, Ragusa, F., Ramachers, Y., Ramirez, A., Ravinthiran, S., Razeti, M., Renshaw, A. L., Rescigno, M., Resconi, S., Retiere, F., Rignanese, L. P., Rivetti, A., Roberts, A., Roberts, C., Rogers, G., Romero, L., Rossi, M., Rubbia, A., Rudik, D., Sabia, M., Salomone, P., Samoylov, O., Sanfilippo, S., Santone, D., Santorelli, R., Santos, E. Moura, Savarese, C., Scapparone, E., Schuckman II, F. G., Scioli, G., Semenov, D. A., Sheshukov, A., Simeone, M., Skensved, P., Skorokhvatov, M. D., Smirnov, O., Smirnova, T., Smith, B., Sotnikov, A., Spadoni, F., Spangenberg, M., Stefanizzi, R., Steri, A., Stornelli, V., Stracka, S., Sulis, S., Sung, A., Sunny, C., Suvorov, Y., Szelc, A. M., Taborda, O., Tartaglia, R., Taylor, A., Taylor, J., Testera, G., Thieme, K., Thompson, A., Torres-Lara, S., Tricomi, A., Unzhakov, E. V., Van Uffelen, M., Viant, T., Viel, S., Vishneva, A., Vogelaar, R. B., Vossebeld, J., Vyas, B., Wada, M., Walczak, M., Wang, Y., Wang, H., Westerdale, S., Williams, L., Wojaczyski, R., Wojcik, M. M., Wojcik, M., Wright, T., Xie, Y., Yang, C., Yin, J., Zabihi, A., Zakhary, P., Zani, A., Zhang, Y., Zhu, T., Zichichi, A., Zuzel, G., and Zykova, M. P.

Subjects
Physics - Instrumentation and Detectors
Abstract

DarkSide-20k is a novel liquid argon dark matter detector currently under construction at the Laboratori Nazionali del Gran Sasso (LNGS) of the Istituto Nazionale di Fisica Nucleare (INFN) that will push the sensitivity for Weakly Interacting Massive Particle (WIMP) detection into the neutrino fog. The core of the apparatus is a dual-phase Time Projection Chamber (TPC), filled with \SI{50} {tonnes} of low radioactivity underground argon (UAr) acting as the WIMP target. NUV-HD-Cryo Silicon Photomultipliers (SiPM)s designed by Fondazione Bruno Kessler (FBK) (Povo, Trento, Italy) were selected as the photon sensors covering two $10.5~\text{m}^2$ Optical Planes, one at each end of the TPC, and a total of $5~\text{m}^2$ photosensitive surface for the liquid argon veto detectors. This paper describes the Quality Assurance and Quality Control (QA/QC) plan and procedures accompanying the production of FBK~NUV-HD-Cryo SiPM wafers manufactured by LFoundry s.r.l. (Avezzano, AQ, Italy). SiPM characteristics are measured at 77~K at the wafer level with a custom-designed probe station. As of May~2024, 603 of the 1400 production wafers (43\% of the total) for DarkSide-20k were tested, including wafers from all 57 production Lots. The wafer yield is $93.6\pm2.5$\%, which exceeds the 80\% specification defined in the original DarkSide-20k production plan.

Published
2024

4. Power- and Fragmentation-aware Online Scheduling for GPU Datacenters

Author

Lettich, Francesco, Carlini, Emanuele, Nardini, Franco Maria, Perego, Raffaele, and Trani, Salvatore

Subjects
Computer Science - Distributed, Parallel, and Cluster Computing, Computer Science - Artificial Intelligence
Abstract

The rise of Artificial Intelligence and Large Language Models is driving increased GPU usage in data centers for complex training and inference tasks, impacting operational costs, energy demands, and the environmental footprint of large-scale computing infrastructures. This work addresses the online scheduling problem in GPU datacenters, which involves scheduling tasks without knowledge of their future arrivals. We focus on two objectives: minimizing GPU fragmentation and reducing power consumption. GPU fragmentation occurs when partial GPU allocations hinder the efficient use of remaining resources, especially as the datacenter nears full capacity. A recent scheduling policy, Fragmentation Gradient Descent (FGD), leverages a fragmentation metric to address this issue. Reducing power consumption is also crucial due to the significant power demands of GPUs. To this end, we propose PWR, a novel scheduling policy to minimize power usage by selecting power-efficient GPU and CPU combinations. This involves a simplified model for measuring power consumption integrated into a Kubernetes score plugin. Through an extensive experimental evaluation in a simulated cluster, we show how PWR, when combined with FGD, achieves a balanced trade-off between reducing power consumption and minimizing GPU fragmentation., Comment: This work has been submitted to the IEEE for possible publication

Published
2024

5. On Evaluating the Durability of Safeguards for Open-Weight LLMs

Author

Qi, Xiangyu, Wei, Boyi, Carlini, Nicholas, Huang, Yangsibo, Xie, Tinghao, He, Luxi, Jagielski, Matthew, Nasr, Milad, Mittal, Prateek, and Henderson, Peter

Subjects
Computer Science - Cryptography and Security, Computer Science - Artificial Intelligence
Abstract

Stakeholders -- from model developers to policymakers -- seek to minimize the dual-use risks of large language models (LLMs). An open challenge to this goal is whether technical safeguards can impede the misuse of LLMs, even when models are customizable via fine-tuning or when model weights are fully open. In response, several recent studies have proposed methods to produce durable LLM safeguards for open-weight LLMs that can withstand adversarial modifications of the model's weights via fine-tuning. This holds the promise of raising adversaries' costs even under strong threat models where adversaries can directly fine-tune model weights. However, in this paper, we urge for more careful characterization of the limits of these approaches. Through several case studies, we demonstrate that even evaluating these defenses is exceedingly difficult and can easily mislead audiences into thinking that safeguards are more durable than they really are. We draw lessons from the evaluation pitfalls that we identify and suggest future research carefully cabin claims to more constrained, well-defined, and rigorously examined threat models, which can provide more useful and candid assessments to stakeholders.

Published
2024

6. A soft thermal sensor for the continuous assessment of flow in vascular access.

Author

Deng, Yujun, Arafa, Hany, Yang, Tianyu, Albadawi, Hassan, Fowl, Richard, Zhang, Zefu, Kandula, Viswajit, Ramesh, Ashvita, Correia, Chase, Huang, Yonggang, Oklu, Rahmi, Rogers, John, and Carlini, Andrea

Subjects
Humans, Swine, Animals, Renal Dialysis, Vascular Access Devices, Wearable Electronic Devices, Renal Insufficiency, Chronic, Finite Element Analysis, Monitoring, Physiologic, Arteriovenous Shunt, Surgical
Abstract

Hemodialysis for chronic kidney disease (CKD) relies on vascular access (VA) devices, such as arteriovenous fistulas (AVF), grafts (AVG), or catheters, to maintain blood flow. Nonetheless, unpredictable progressive vascular stenosis due to neointimal formation or complete occlusion from acute thrombosis remains the primary cause of mature VA failure. Despite emergent surgical intervention efforts, the lack of a reliable early detection tool significantly reduces patient outcomes and survival rates. This study introduces a soft, wearable device that continuously monitors blood flow for early detection of VA failure. Using thermal anemometry, integrated sensors noninvasively measure flow changes in large vessels. Bench testing with AVF and AVG models shows agreement with finite element analysis (FEA) simulations, while human and preclinical swine trials demonstrate the devices sensitivity. Wireless adaptation could enable at-home monitoring, improving detection of VA-related complications and survival in CKD patients.

Published
2025

7. SoK: Watermarking for AI-Generated Content

Author

Zhao, Xuandong, Gunn, Sam, Christ, Miranda, Fairoze, Jaiden, Fabrega, Andres, Carlini, Nicholas, Garg, Sanjam, Hong, Sanghyun, Nasr, Milad, Tramer, Florian, Jha, Somesh, Li, Lei, Wang, Yu-Xiang, and Song, Dawn

Subjects
Computer Science - Cryptography and Security, Computer Science - Artificial Intelligence, Computer Science - Machine Learning
Abstract

As the outputs of generative AI (GenAI) techniques improve in quality, it becomes increasingly challenging to distinguish them from human-created content. Watermarking schemes are a promising approach to address the problem of distinguishing between AI and human-generated content. These schemes embed hidden signals within AI-generated content to enable reliable detection. While watermarking is not a silver bullet for addressing all risks associated with GenAI, it can play a crucial role in enhancing AI safety and trustworthiness by combating misinformation and deception. This paper presents a comprehensive overview of watermarking techniques for GenAI, beginning with the need for watermarking from historical and regulatory perspectives. We formalize the definitions and desired properties of watermarking schemes and examine the key objectives and threat models for existing approaches. Practical evaluation strategies are also explored, providing insights into the development of robust watermarking techniques capable of resisting various attacks. Additionally, we review recent representative works, highlight open challenges, and discuss potential directions for this emerging field. By offering a thorough understanding of watermarking in GenAI, this work aims to guide researchers in advancing watermarking methods and applications, and support policymakers in addressing the broader implications of GenAI.

Published
2024

8. Evaluating the Robustness of the 'Ensemble Everything Everywhere' Defense

Author

Zhang, Jie, Schlarmann, Christian, Nikolić, Kristina, Carlini, Nicholas, Croce, Francesco, Hein, Matthias, and Tramèr, Florian

Subjects
Computer Science - Machine Learning, Computer Science - Cryptography and Security
Abstract

Ensemble everything everywhere is a defense to adversarial examples that was recently proposed to make image classifiers robust. This defense works by ensembling a model's intermediate representations at multiple noisy image resolutions, producing a single robust classification. This defense was shown to be effective against multiple state-of-the-art attacks. Perhaps even more convincingly, it was shown that the model's gradients are perceptually aligned: attacks against the model produce noise that perceptually resembles the targeted class. In this short note, we show that this defense is not robust to adversarial attack. We first show that the defense's randomness and ensembling method cause severe gradient masking. We then use standard adaptive attack techniques to reduce the defense's robust accuracy from 48% to 14% on CIFAR-100 and from 62% to 11% on CIFAR-10, under the $\ell_\infty$-norm threat model with $\varepsilon=8/255$.

Published
2024

9. Measuring Non-Adversarial Reproduction of Training Data in Large Language Models

Author

Aerni, Michael, Rando, Javier, Debenedetti, Edoardo, Carlini, Nicholas, Ippolito, Daphne, and Tramèr, Florian

Subjects
Computer Science - Computation and Language, Computer Science - Machine Learning
Abstract

Large language models memorize parts of their training data. Memorizing short snippets and facts is required to answer questions about the world and to be fluent in any language. But models have also been shown to reproduce long verbatim sequences of memorized text when prompted by a motivated adversary. In this work, we investigate an intermediate regime of memorization that we call non-adversarial reproduction, where we quantify the overlap between model responses and pretraining data when responding to natural and benign prompts. For a variety of innocuous prompt categories (e.g., writing a letter or a tutorial), we show that up to 15% of the text output by popular conversational language models overlaps with snippets from the Internet. In worst cases, we find generations where 100% of the content can be found exactly online. For the same tasks, we find that human-written text has far less overlap with Internet data. We further study whether prompting strategies can close this reproduction gap between models and humans. While appropriate prompting can reduce non-adversarial reproduction on average, we find that mitigating worst-case reproduction of training data requires stronger defenses -- even for benign interactions.

Published
2024

10. Error Estimate for a Semi-Lagrangian Scheme for Hamilton-Jacobi Equations on Networks

Author

Carlini, Elisabetta, Coscetti, Valentina, and Pozza, Marco

Subjects
Mathematics - Numerical Analysis, Mathematics - Analysis of PDEs, 65M15, 49L25, 65M12, 35R02
Abstract

We examine the numerical approximation of time-dependent Hamilton-Jacobi equations on networks, providing a convergence error estimate for the semi-Lagrangian scheme introduced in (Carlini and Siconolfi, 2023), where convergence was proven without an error estimate. We derive a convergence error estimate of order one-half. This is achieved showing the equivalence between two definitions of solutions to this problem proposed in (Imbert and Monneau, 2017) and (Siconolfi, 2022), a result of independent interest, and applying a general convergence result from (Carlini, Festa and Forcadel, 2020).

Published
2024

11. Stealing User Prompts from Mixture of Experts

Author

Yona, Itay, Shumailov, Ilia, Hayes, Jamie, and Carlini, Nicholas

Subjects
Computer Science - Cryptography and Security, Computer Science - Artificial Intelligence, Computer Science - Computation and Language, Computer Science - Machine Learning
Abstract

Mixture-of-Experts (MoE) models improve the efficiency and scalability of dense language models by routing each token to a small number of experts in each layer. In this paper, we show how an adversary that can arrange for their queries to appear in the same batch of examples as a victim's queries can exploit Expert-Choice-Routing to fully disclose a victim's prompt. We successfully demonstrate the effectiveness of this attack on a two-layer Mixtral model, exploiting the tie-handling behavior of the torch.topk CUDA implementation. Our results show that we can extract the entire prompt using $O({VM}^2)$ queries (with vocabulary size $V$ and prompt length $M$) or 100 queries on average per token in the setting we consider. This is the first attack to exploit architectural flaws for the purpose of extracting user prompts, introducing a new class of LLM vulnerabilities.

Published
2024

12. Remote Timing Attacks on Efficient Language Model Inference

Author

Carlini, Nicholas and Nasr, Milad

Subjects
Computer Science - Cryptography and Security, Computer Science - Machine Learning
Abstract

Scaling up language models has significantly increased their capabilities. But larger models are slower models, and so there is now an extensive body of work (e.g., speculative sampling or parallel decoding) that improves the (average case) efficiency of language model generation. But these techniques introduce data-dependent timing characteristics. We show it is possible to exploit these timing differences to mount a timing attack. By monitoring the (encrypted) network traffic between a victim user and a remote language model, we can learn information about the content of messages by noting when responses are faster or slower. With complete black-box access, on open source systems we show how it is possible to learn the topic of a user's conversation (e.g., medical advice vs. coding assistance) with 90%+ precision, and on production systems like OpenAI's ChatGPT and Anthropic's Claude we can distinguish between specific messages or infer the user's language. We further show that an active adversary can leverage a boosting attack to recover PII placed in messages (e.g., phone numbers or credit card numbers) for open source systems. We conclude with potential defenses and directions for future work.

Published
2024

13. Persistent Pre-Training Poisoning of LLMs

Author

Zhang, Yiming, Rando, Javier, Evtimov, Ivan, Chi, Jianfeng, Smith, Eric Michael, Carlini, Nicholas, Tramèr, Florian, and Ippolito, Daphne

Subjects
Computer Science - Cryptography and Security, Computer Science - Artificial Intelligence
Abstract

Large language models are pre-trained on uncurated text datasets consisting of trillions of tokens scraped from the Web. Prior work has shown that: (1) web-scraped pre-training datasets can be practically poisoned by malicious actors; and (2) adversaries can compromise language models after poisoning fine-tuning datasets. Our work evaluates for the first time whether language models can also be compromised during pre-training, with a focus on the persistence of pre-training attacks after models are fine-tuned as helpful and harmless chatbots (i.e., after SFT and DPO). We pre-train a series of LLMs from scratch to measure the impact of a potential poisoning adversary under four different attack objectives (denial-of-service, belief manipulation, jailbreaking, and prompt stealing), and across a wide range of model sizes (from 600M to 7B). Our main result is that poisoning only 0.1% of a model's pre-training dataset is sufficient for three out of four attacks to measurably persist through post-training. Moreover, simple attacks like denial-of-service persist through post-training with a poisoning rate of only 0.001%.

Published
2024

14. Polynomial Time Cryptanalytic Extraction of Deep Neural Networks in the Hard-Label Setting

Author

Carlini, Nicholas, Chávez-Saab, Jorge, Hambitzer, Anna, Rodríguez-Henríquez, Francisco, and Shamir, Adi

Subjects
Computer Science - Cryptography and Security, Computer Science - Artificial Intelligence
Abstract

Deep neural networks (DNNs) are valuable assets, yet their public accessibility raises security concerns about parameter extraction by malicious actors. Recent work by Carlini et al. (crypto'20) and Canales-Mart\'inez et al. (eurocrypt'24) has drawn parallels between this issue and block cipher key extraction via chosen plaintext attacks. Leveraging differential cryptanalysis, they demonstrated that all the weights and biases of black-box ReLU-based DNNs could be inferred using a polynomial number of queries and computational time. However, their attacks relied on the availability of the exact numeric value of output logits, which allowed the calculation of their derivatives. To overcome this limitation, Chen et al. (asiacrypt'24) tackled the more realistic hard-label scenario, where only the final classification label (e.g., "dog" or "car") is accessible to the attacker. They proposed an extraction method requiring a polynomial number of queries but an exponential execution time. In addition, their approach was applicable only to a restricted set of architectures, could deal only with binary classifiers, and was demonstrated only on tiny neural networks with up to four neurons split among up to two hidden layers. This paper introduces new techniques that, for the first time, achieve cryptanalytic extraction of DNN parameters in the most challenging hard-label setting, using both a polynomial number of queries and polynomial time. We validate our approach by extracting nearly one million parameters from a DNN trained on the CIFAR-10 dataset, comprising 832 neurons in four hidden layers. Our results reveal the surprising fact that all the weights of a ReLU-based DNN can be efficiently determined by analyzing only the geometric shape of its decision boundaries.

Published
2024

15. DARES: Depth Anything in Robotic Endoscopic Surgery with Self-supervised Vector-LoRA of the Foundation Model

Author

Zeinoddin, Mona Sheikh, Lena, Chiara, Qu, Jiongqi, Carlini, Luca, Magro, Mattia, Kim, Seunghoi, De Momi, Elena, Bano, Sophia, Grech-Sollars, Matthew, Mazomenos, Evangelos, Alexander, Daniel C., Stoyanov, Danail, Clarkson, Matthew J., and Islam, Mobarakol

Subjects
Computer Science - Computer Vision and Pattern Recognition
Abstract

Robotic-assisted surgery (RAS) relies on accurate depth estimation for 3D reconstruction and visualization. While foundation models like Depth Anything Models (DAM) show promise, directly applying them to surgery often yields suboptimal results. Fully fine-tuning on limited surgical data can cause overfitting and catastrophic forgetting, compromising model robustness and generalization. Although Low-Rank Adaptation (LoRA) addresses some adaptation issues, its uniform parameter distribution neglects the inherent feature hierarchy, where earlier layers, learning more general features, require more parameters than later ones. To tackle this issue, we introduce Depth Anything in Robotic Endoscopic Surgery (DARES), a novel approach that employs a new adaptation technique, Vector Low-Rank Adaptation (Vector-LoRA) on the DAM V2 to perform self-supervised monocular depth estimation in RAS scenes. To enhance learning efficiency, we introduce Vector-LoRA by integrating more parameters in earlier layers and gradually decreasing parameters in later layers. We also design a reprojection loss based on the multi-scale SSIM error to enhance depth perception by better tailoring the foundation model to the specific requirements of the surgical environment. The proposed method is validated on the SCARED dataset and demonstrates superior performance over recent state-of-the-art self-supervised monocular depth estimation techniques, achieving an improvement of 13.3% in the absolute relative error metric. The code and pre-trained weights are available at https://github.com/mobarakol/DARES., Comment: 11 pages

Published
2024

16. Benchmarking the design of the cryogenics system for the underground argon in DarkSide-20k

Author

Collaboration, DarkSide-20k, Acerbi, F., Adhikari, P., Agnes, P., Ahmad, I., Albergo, S., Albuquerque, I. F. M., Alexander, T., Alton, A. K., Amaudruz, P., Angiolilli, M., Aprile, E., Ardito, R., Corona, M. Atzori, Auty, D. J., Ave, M., Avetisov, I. C., Azzolini, O., Back, H. O., Balmforth, Z., Olmedo, A. Barrado, Barrillon, P., Batignani, G., Bhowmick, P., Blua, S., Bocci, V., Bonivento, W., Bottino, B., Boulay, M. G., Buchowicz, A., Bussino, S., Busto, J., Cadeddu, M., Cadoni, M., Calabrese, R., Camillo, V., Caminata, A., Canci, N., Capra, A., Caravati, M., Cárdenas-Montes, M., Cargioli, N., Carlini, M., Castellani, A., Castello, P., Cavalcante, P., Cebrian, S., Ruiz, J. Cela, Chashin, S., Chepurnov, A., Cifarelli, L., Cintas, D., Citterio, M., Cleveland, B., Coadou, Y., Cocco, V., Colaiuda, D., Vilda, E. Conde, Consiglio, L., Costa, B. S., Czubak, M., D'Aniello, M., D'Auria, S., Rolo, M. D. Da Rocha, Darbo, G., Davini, S., De Cecco, S., De Guido, G., Dellacasa, G., Derbin, A. V., Devoto, A., Di Capua, F., Di Ludovico, A., Di Noto, L., Di Stefano, P., Dias, L. K., Mairena, D. Díaz, Ding, X., Dionisi, C., Dolganov, G., Dordei, F., Dronik, V., Elersich, A., Ellingwood, E., Erjavec, T., Diaz, M. Fernandez, Ficorella, A., Fiorillo, G., Franchini, P., Franco, D., Gatti, H. Frandini, Frolov, E., Gabriele, F., Gahan, D., Galbiati, C., Galiński, G., Gallina, G., Gallus, G., Garbini, M., Abia, P. Garcia, Gawdzik, A., Gendotti, A., Ghisi, A., Giovanetti, G. K., Casanueva, V. Goicoechea, Gola, A., Grandi, L., Grauso, G., di Cortona, G. Grilli, Grobov, A., Gromov, M., Guerzoni, M., Gulino, M., Guo, C., Hackett, B. R., Hallin, A., Hamer, A., Haranczyk, M., Harrop, B., Hessel, T., Hill, S., Horikawa, S., Hu, J., Hubaut, F., Hucker, J., Hugues, T., Hungerford, E. V., Ianni, A., Ippolito, V., Jamil, A., Jillings, C., Jois, S., Kachru, P., Keloth, R., Kemmerich, N., Kemp, A., Kendziora, C. L., Kimura, M., Kish, A., Kondo, K., Korga, G., Kotsiopoulou, L., Koulosousas, S., Kubankin, A., Kunzé, P., Kuss, M., Kuźniak, M., Kuzwa, M., La Commara, M., Lai, M., Guirriec, E. Le, Leason, E., Leoni, A., Lidey, L., Lissia, M., Luzzi, L., Lychagina, O., Macfadyen, O., Machulin, I. N., Manecki, S., Manthos, I., Mapelli, L., Marasciulli, A., Mari, S. M., Mariani, C., Maricic, J., Martinez, M., Martoff, C. J., Matteucci, G., Mavrokoridis, K., McDonald, A. B., Mclaughlin, J., Merzi, S., Messina, A., Milincic, R., Minutoli, S., Mitra, A., Moharana, A., Moioli, S., Monroe, J., Moretti, E., Morrocchi, M., Mroz, T., Muratova, V. N., Murphy, M., Murra, M., Muscas, C., Musico, P., Nania, R., Nessi, M., Nieradka, G., Nikolopoulos, K., Nikoloudaki, E., Nowak, J., Olchanski, K., Oleinik, A., Oleynikov, V., Organtini, P., de Solórzano, A. Ortiz, Pallavicini, M., Pandola, L., Pantic, E., Paoloni, E., Papi, D., Pastuszak, G., Paternoster, G., Peck, A., Pegoraro, P. A., Pelczar, K., Pellegrini, L. A., Perez, R., Perotti, F., Pesudo, V., Piacentini, S. I., Pino, N., Plante, G., Pocar, A., Poehlmann, M., Pordes, S., Pralavorio, P., Price, D., Puglia, S., Bazetto, M. Queiroga, Ragusa, F., Ramachers, Y., Ramirez, A., Ravinthiran, S., Razeti, M., Renshaw, A. L., Rescigno, M., Retiere, F., Rignanese, L. P., Rivetti, A., Roberts, A., Roberts, C., Rogers, G., Romero, L., Rossi, M., Rubbia, A., Rudik, D., Sabia, M., Salomone, P., Samoylov, O., Sandford, E., Sanfilippo, S., Santone, D., Santorelli, R., Santos, E. M., Savarese, C., Scapparone, E., Schillaci, G., Schuckman II, F. G., Scioli, G., Semenov, D. A., Shalamova, V., Sheshukov, A., Simeone, M., Skensved, P., Skorokhvatov, M. D., Smirnov, O., Smirnova, T., Smith, B., Sotnikov, A., Spadoni, F., Spangenberg, M., Stefanizzi, R., Steri, A., Stornelli, V., Stracka, S., Sulis, S., Sung, A., Sunny, C., Suvorov, Y., Szelc, A. M., Taborda, O., Tartaglia, R., Taylor, A., Taylor, J., Tedesco, S., Testera, G., Thieme, K., Thompson, A., Thorpe, T. N., Tonazzo, A., Torres-Lara, S., Tricomi, A., Unzhakov, E. V., Vallivilayil, T. J., Van Uffelen, M., Velazquez-Fernandez, L., Viant, T., Viel, S., Vishneva, A., Vogelaar, R. B., Vossebeld, J., Vyas, B., Wada, M., Walczak, M. B., Wang, H., Wang, Y., Westerdale, S., Williams, L., Wojaczyński, R., Wojcik, M., Wojcik, M. M., Wright, T., Xiao, X., Xie, Y., Yang, C., Yin, J., Zabihi, A., Zakhary, P., Zani, A., Zhang, Y., Zhu, T., Zichichi, A., Zuzel, G., and Zykova, M. P.

Subjects
Physics - Instrumentation and Detectors, High Energy Physics - Experiment
Abstract

DarkSide-20k (DS-20k) is a dark matter detection experiment under construction at the Laboratori Nazionali del Gran Sasso (LNGS) in Italy. It utilises ~100 t of low radioactivity argon from an underground source (UAr) in its inner detector, with half serving as target in a dual-phase time projection chamber (TPC). The UAr cryogenics system must maintain stable thermodynamic conditions throughout the experiment's lifetime of >10 years. Continuous removal of impurities and radon from the UAr is essential for maximising signal yield and mitigating background. We are developing an efficient and powerful cryogenics system with a gas purification loop with a target circulation rate of 1000 slpm. Central to its design is a condenser operated with liquid nitrogen which is paired with a gas heat exchanger cascade, delivering a combined cooling power of >8 kW. Here we present the design choices in view of the DS-20k requirements, in particular the condenser's working principle and the cooling control, and we show test results obtained with a dedicated benchmarking platform at CERN and LNGS. We find that the thermal efficiency of the recirculation loop, defined in terms of nitrogen consumption per argon flow rate, is 95 % and the pressure in the test cryostat can be maintained within $\pm$(0.1-0.2) mbar. We further detail a 5-day cool-down procedure of the test cryostat, maintaining a cooling rate typically within -2 K/h, as required for the DS-20k inner detector. Additionally, we assess the circuit's flow resistance, and the heat transfer capabilities of two heat exchanger geometries for argon phase change, used to provide gas for recirculation. We conclude by discussing how our findings influence the finalisation of the system design, including necessary modifications to meet requirements and ongoing testing activities., Comment: 45 pages, 24 figures

Published
2024

17. ImPORTance -- Machine Learning-Driven Analysis of Global Port Significance and Network Dynamics for Improved Operational Efficiency

Author

Carlini, Emanuele, Di Gangi, Domenico, de Lira, Vinicius Monteiro, Kavalionak, Hanna, Spadon, Gabriel, and Soares, Amilcar

Subjects
Computer Science - Machine Learning
Abstract

Seaports play a crucial role in the global economy, and researchers have sought to understand their significance through various studies. In this paper, we aim to explore the common characteristics shared by important ports by analyzing the network of connections formed by vessel movement among them. To accomplish this task, we adopt a bottom-up network construction approach that combines three years' worth of AIS (Automatic Identification System) data from around the world, constructing a Ports Network that represents the connections between different ports. Through such representation, we use machine learning to measure the relative significance of different port features. Our model examined such features and revealed that geographical characteristics and the depth of the port are indicators of a port's significance to the Ports Network. Accordingly, this study employs a data-driven approach and utilizes machine learning to provide a comprehensive understanding of the factors contributing to ports' importance. The outcomes of our work are aimed to inform decision-making processes related to port development, resource allocation, and infrastructure planning in the industry.

Published
2024

18. DarkSide-20k sensitivity to light dark matter particles

Author

Collaboration, DarkSide-20k, Acerbi, F., Adhikari, P., Agnes, P., Ahmad, I., Albergo, S., Albuquerque, I. F. M., Alexander, T., Alton, A. K., Amaudruz, P., Angiolilli, M., Aprile, E., Ardito, R., Corona, M. Atzori, Auty, D. J., Ave, M., Avetisov, I. C., Azzolini, O., Back, H. O., Balmforth, Z., Olmedo, A. Barrado, Barrillon, P., Batignani, G., Bhowmick, P., Blua, S., Bocci, V., Bonivento, W., Bottino, B., Boulay, M. G., Buchowicz, A., Bussino, S., Busto, J., Cadeddu, M., Cadoni, M., Calabrese, R., Camillo, V., Caminata, A., Canci, N., Capra, A., Caravati, M., Cárdenas-Montes, M., Cargioli, N., Carlini, M., Castellani, A., Castello, P., Cavalcante, P., Cebrian, S., Ruiz, J. M. Cela, Chashin, S., Chepurnov, A., Cifarelli, L., Cintas, D., Citterio, M., Cleveland, B., Coadou, Y., Cocco, V., Colaiuda, D., Vilda, E. Conde, Consiglio, L., Costa, B. S., Czubak, M., D'Aniello, M., D'Auria, S., Rolo, M. D. Da Rocha, Darbo, G., Davini, S., De Cecco, S., De Guido, G., Dellacasa, G., Derbin, A. V., Devoto, A., Di Capua, F., Di Ludovico, A., Di Noto, L., Di Stefano, P., Dias, L. K., Mairena, D. Díaz, Ding, X., Dionisi, C., Dolganov, G., Dordei, F., Dronik, V., Elersich, A., Ellingwood, E., Erjavec, T., Diaz, M. Fernandez, Ficorella, A., Fiorillo, G., Franchini, P., Franco, D., Gatti, H. Frandini, Frolov, E., Gabriele, F., Gahan, D., Galbiati, C., Galiński, G., Gallina, G., Gallus, G., Garbini, M., Abia, P. Garcia, Gawdzik, A., Gendotti, A., Ghisi, A., Giovanetti, G. K., Casanueva, V. Goicoechea, Gola, A., Grandi, L., Grauso, G., di Cortona, G. Grilli, Grobov, A., Gromov, M., Guerzoni, M., Gulino, M., Guo, C., Hackett, B. R., Hallin, A., Hamer, A., Haranczyk, M., Harrop, B., Hessel, T., Hill, S., Horikawa, S., Hu, J., Hubaut, F., Hucker, J., Hugues, T., Hungerford, E. V., Ianni, A., Ippolito, V., Jamil, A., Jillings, C., Jois, S., Kachru, P., Keloth, R., Kemmerich, N., Kemp, A., Kendziora, C. L., Kimura, M., Kondo, K., Korga, G., Kotsiopoulou, L., Koulosousas, S., Kubankin, A., Kunzé, P., Kuss, M., Kuźniak, M., Kuzwa, M., La Commara, M., Lai, M., Guirriec, E. Le, Leason, E., Leoni, A., Lidey, L., Lissia, M., Luzzi, L., Lychagina, O., Macfadyen, O., Machulin, I. N., Manecki, S., Manthos, I., Mapelli, L., Marasciulli, A., Mari, S. M., Mariani, C., Maricic, J., Martinez, M., Martoff, C. J., Matteucci, G., Mavrokoridis, K., McDonald, A. B., Mclaughlin, J., Merzi, S., Messina, A., Milincic, R., Minutoli, S., Mitra, A., Moioli, S., Monroe, J., Moretti, E., Morrocchi, M., Mroz, T., Muratova, V. N., Murphy, M., Murra, M., Muscas, C., Musico, P., Nania, R., Nessi, M., Nieradka, G., Nikolopoulos, K., Nikoloudaki, E., Nowak, J., Olchanski, K., Oleinik, A., Oleynikov, V., Organtini, P., de Solórzano, A. Ortiz, Pallavicini, M., Pandola, L., Pantic, E., Paoloni, E., Papi, D., Pastuszak, G., Paternoster, G., Peck, A., Pegoraro, P. A., Pelczar, K., Pellegrini, L. A., Perez, R., Perotti, F., Pesudo, V., Piacentini, S., Pino, N., Plante, G., Pocar, A., Poehlmann, M., Pordes, S., Pralavorio, P., Price, D., Puglia, S., Bazetto, M. Queiroga, Ragusa, F., Ramachers, Y., Ramirez, A., Ravinthiran, S., Razeti, M., Renshaw, A. L., Rescigno, M., Retiere, F., Rignanese, L. P., Rivetti, A., Roberts, A., Roberts, C., Rogers, G., Romero, L., Rossi, M., Rubbia, A., Rudik, D., Sabia, M., Salomone, P., Samoylov, O., Sandford, E., Sanfilippo, S., Santone, D., Santorelli, R., Santos, E. M., Savarese, C., Scapparone, E., Schillaci, G., Schuckman II, F. G., Scioli, G., Semenov, D. A., Shalamova, V., Sheshukov, A., Simeone, M., Skensved, P., Skorokhvatov, M. D., Smirnov, O., Smirnova, T., Smith, B., Sotnikov, A., Spadoni, F., Spangenberg, M., Stefanizzi, R., Steri, A., Stornelli, V., Stracka, S., Sulis, S., Sung, A., Sunny, C., Suvorov, Y., Szelc, A. M., Taborda, O., Tartaglia, R., Taylor, A., Taylor, J., Tedesco, S., Testera, G., Thieme, K., Thompson, A., Tonazzo, A., Torres-Lara, S., Tricomi, A., Unzhakov, E. V., Vallivilayil, T. J., Van Uffelen, M., Velazquez-Fernandez, L., Viant, T., Viel, S., Vishneva, A., Vogelaar, R. B., Vossebeld, J., Vyas, B., Walczak, M. B., Wang, Y., Wang, H., Westerdale, S., Williams, L., Wojaczyński, R., Wojcik, M., Wojcik, M. M., Wright, T., Xie, Y., Yang, C., Yin, J., Zabihi, A., Zakhary, P., Zani, A., Zhang, Y., Zhu, T., Zichichi, A., Zuzel, G., and Zykova, M. P.

Subjects
High Energy Physics - Experiment, Astrophysics - Cosmology and Nongalactic Astrophysics
Abstract

The dual-phase liquid argon time projection chamber is presently one of the leading technologies to search for dark matter particles with masses below 10 GeV/c$^2$. This was demonstrated by the DarkSide-50 experiment with approximately 50 kg of low-radioactivity liquid argon as target material. The next generation experiment DarkSide-20k, currently under construction, will use 1,000 times more argon and is expected to start operation in 2027. Based on the DarkSide-50 experience, here we assess the DarkSide-20k sensitivity to models predicting light dark matter particles, including Weakly Interacting Massive Particles (WIMPs) and sub-GeV/c$^2$ particles interacting with electrons in argon atoms. With one year of data, a sensitivity improvement to dark matter interaction cross-sections by at least one order of magnitude with respect to DarkSide-50 is expected for all these models. A sensitivity to WIMP--nucleon interaction cross-sections below $1\times10^{-42}$ cm$^2$ is achievable for WIMP masses above 800 MeV/c$^2$. With 10 years exposure, the neutrino fog can be reached for WIMP masses around 5 GeV/c$^2$., Comment: 13 pages, 4 figures, supplementary material (4 figures)

Published
2024
Full Text
View/download PDF

19. Adversarial Perturbations Cannot Reliably Protect Artists From Generative AI

Author

Hönig, Robert, Rando, Javier, Carlini, Nicholas, and Tramèr, Florian

Subjects
Computer Science - Cryptography and Security
Abstract

Artists are increasingly concerned about advancements in image generation models that can closely replicate their unique artistic styles. In response, several protection tools against style mimicry have been developed that incorporate small adversarial perturbations into artworks published online. In this work, we evaluate the effectiveness of popular protections -- with millions of downloads -- and show they only provide a false sense of security. We find that low-effort and "off-the-shelf" techniques, such as image upscaling, are sufficient to create robust mimicry methods that significantly degrade existing protections. Through a user study, we demonstrate that all existing protections can be easily bypassed, leaving artists vulnerable to style mimicry. We caution that tools based on adversarial perturbations cannot reliably protect artists from the misuse of generative AI, and urge the development of alternative non-technological solutions.

Published
2024

21. Few-femtosecond electron transfer dynamics in photoionized donor–π–acceptor molecules

Author

Vismarra, Federico, Fernández-Villoria, Francisco, Mocci, Daniele, González-Vázquez, Jesús, Wu, Yingxuan, Colaizzi, Lorenzo, Holzmeier, Fabian, Delgado, Jorge, Santos, José, Bañares, Luis, Carlini, Laura, Castrovilli, Mattea Carmen, Bolognesi, Paola, Richter, Robert, Avaldi, Lorenzo, Palacios, Alicia, Lucchini, Matteo, Reduzzi, Maurizio, Borrego-Varillas, Rocío, Martín, Nazario, Martín, Fernando, and Nisoli, Mauro

Published
2024
Full Text
View/download PDF

22. Marginal Cost of Computation as a Collaborative Strategy for Resource Management at the Edge

Author

Carlini, Emanuele, Dazzi, Patrizio, Ferrucci, Luca, Massa, Jacopo, Mordacchini, Matteo, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Naldi, Maurizio, editor, Djemame, Karim, editor, Altmann, Jörn, editor, and Bañares, José Ángel, editor

Published
2025
Full Text
View/download PDF

23. Information Dissimilarity Measures in Decentralized Knowledge Distillation: A Comparative Analysis

Author

Molo, Mbasa Joaquim, Vadicamo, Lucia, Carlini, Emanuele, Gennaro, Claudio, Connor, Richard, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Chávez, Edgar, editor, Kimia, Benjamin, editor, Lokoč, Jakub, editor, Patella, Marco, editor, and Sedmidubsky, Jan, editor

Published
2025
Full Text
View/download PDF

24. Compactifications of Type II Supergravities in Superspace

Author

Chandia, Osvaldo and Vallilo, Brenno Carlini

Subjects
High Energy Physics - Theory
Abstract

We propose a way to describe compactifications of Type II supergravities with fluxes directly from superspace. The superspace used is the one that arises naturally from the pure spinor superstring. We show how previous results of flux compactifications can be obtained from our method., Comment: 25 pages

Published
2024

25. Cutting through buggy adversarial example defenses: fixing 1 line of code breaks Sabre

Author

Carlini, Nicholas

Subjects
Computer Science - Cryptography and Security, Computer Science - Machine Learning
Abstract

Sabre is a defense to adversarial examples that was accepted at IEEE S&P 2024. We first reveal significant flaws in the evaluation that point to clear signs of gradient masking. We then show the cause of this gradient masking: a bug in the original evaluation code. By fixing a single line of code in the original repository, we reduce Sabre's robust accuracy to 0%. In response to this, the authors modify the defense and introduce a new defense component not described in the original paper. But this fix contains a second bug; modifying one more line of code reduces robust accuracy to below baseline levels. After we released the first version of our paper online, the authors introduced another change to the defense; by commenting out one line of code during attack we reduce the robust accuracy to 0% again.

Published
2024

26. A new hybrid gadolinium nanoparticles-loaded polymeric material for neutron detection in rare event searches

Author

Collaboration, DarkSide-20k, Acerbi, F., Adhikari, P., Agnes, P., Ahmad, I., Albergo, S., Albuquerque, I. F., Alexander, T., Alton, A. K., Amaudruz, P., Angiolilli, M., Aprile, E., Ardito, R., Corona, M. Atzori, Auty, D. J., Ave, M., Avetisov, I. C., Azzolini, O., Back, H. O., Balmforth, Z., Olmedo, A. Barrado, Barrillon, P., Batignani, G., Bhowmick, P., Bocci, V., Bonivento, W., Bottino, B., Boulay, M. G., Buchowicz, A., Bussino, S., Busto, J., Cadeddu, M., Cadoni, M., Calabrese, R., Camillo, V., Caminata, A., Canci, N., Capra, A., Caravati, M., Cárdenas-Montes, M., Cargioli, N., Carlini, M., Castellani, A., Castello, P., Cavalcante, P., Cavallo, D., Cebrian, S., Ruiz, J. Cela, Chashin, S., Chepurnov, A., Cifarelli, L., Cintas, D., Citterio, M., Cleveland, B., Coadou, Y., Cocco, V., Colaiuda, D., Vilda, E. Conde, Consiglio, L., Costa, B. S., Czubak, M., D'Auria, S., Rolo, M. D. Da Rocha, Darbo, G., Davini, S., De Cecco, S., De Guido, G., Dellacasa, G., Derbin, A. V., Devoto, A., Di Capua, F., Di Ludovico, A., Di Noto, L., Di Stefano, P., Dias, L. K., Mairena, D. Díaz, Ding, X., Dionisi, C., Dolganov, G., Dordei, F., Dronik, V., Elersich, A., Ellingwood, E., Erjavec, T., Diaz, M. Fernandez, Ficorella, A., Fiorillo, G., Franchini, P., Franco, D., Gatti, H. Frandini, Frolov, E., Gabriele, F., Gahan, D., Galbiati, C., Galinski, G., Gallina, G., Garbini, M., Abia, P. Garcia, Gawdzik, A., Gendotti, A., Ghisi, A., Giovanetti, G. K., Casanueva, V. Goicoechea, Gola, A., Grandi, L., Grauso, G., di Cortona, G. Grilli, Grobov, A., Gromov, M., Guerzoni, M., Gulino, M., Guo, C., Hackett, B. R., Hallin, A., Hamer, A., Haranczyk, M., Harrop, B., Hessel, T., Hill, S., Horikawa, S., Hu, J., Hubaut, F., Hucker, J., Hugues, T., Hungerford, E. V., Ianni, A., Ippolito, V., Jamil, A., Jillings, C., Keloth, R., Kemmerich, N., Kemp, A., Kendziora, C. L., Kimura, M., Kondo, K., Korga, G., Kotsiopoulou, L., Koulosousas, S., Kubankin, A., Kuss, M., Kuzniak, M., Kuzwa, M., La Commara, M., Lai, M., Guirriec, E. Le, Leason, E., Leoni, A., Lidey, L., Lissia, M., Luzzi, L., Lychagina, O., Macfadyen, O., Machulin, I. N., Manecki, S., Manthos, I., Mapelli, L., Marasciulli, A., Mari, S. M., Mariani, C., Maricic, J., Marini, A., Martinez, M., Martoff, C. J., Matteucci, G., Mavrokoridis, K., McDonald, A. B., Mclaughlin, J., Merzi, S., Messina, A., Milincic, R., Minutoli, S., Mitra, A., Moharana, A., Moioli, S., Monroe, J., Moretti, E., Morrocchi, M., Mroz, T., Muratova, V. N., Murphy, M., Murra, M., Muscas, C., Musico, P., Nania, R., Nessi, M., Nieradka, G., Nikolopoulos, K., Nikoloudaki, E., Nowak, J., Olchanski, K., Oleinik, A., Oleynikov, V., Organtini, P., de Solórzano, A. Ortiz, Pallavicini, M., Pandola, L., Pantic, E., Paoloni, E., Papi, D., Pastuszak, G., Paternoster, G., Peddis, D., Pegoraro, P. A., Pelczar, K., Pellegrini, L. A., Perez, R., Perotti, F., Pesudo, V., Piacentini, S. I., Pino, N., Plante, G., Pocar, A., Poehlmann, M., Pordes, S., Pralavorio, P., Price, D., Puglia, S., Bazetto, M. Queiroga, Ragusa, F., Ramachers, Y., Ramirez, A., Ravinthiran, S., Razeti, M., Renshaw, A. L., Rescigno, M., Retiere, F., Rignanese, L. P., Rivetti, A., Roberts, A., Roberts, C., Rogers, G., Romero, L., Rossi, M., Rubbia, A., Rudik, D., Sabia, M., Sadashivajois, S., Salomone, P., Samoylov, O., Sandford, E., Sanfilippo, S., Santone, D., Santorelli, R., Santos, E. M., Savarese, C., Scapparone, E., Schillaci, G., Schuckman II, F. G., Scioli, G., Semenov, D. A., Sheshukov, A., Simeone, M., Skensved, P., Skorokhvatov, M. D., Slimani, S., Smirnov, O., Smirnova, T., Smith, B., Sotnikov, A., Spadoni, F., Spangenberg, M., Stefanizzi, R., Steri, A., Stornelli, V., Stracka, S., Sulis, S., Sung, A., Sunny, C., Suvorov, Y., Szelc, A. M., Taborda, O., Tartaglia, R., Taylor, A., Taylor, J., Tedesco, S., Testera, G., Thieme, K., Thompson, A., Tonazzo, A., Torres-Lara, S., Tosi, S., Tricomi, A., Unzhakov, E. V., Vallivilayil, T. J., Van Uffelen, M., Velazquez-Fernandez, L., Viant, T., Vicini, S., Viel, S., Vishneva, A., Vogelaar, R. B., Vossebeld, J., Vyas, B., Wada, M., Walczak, M. B., Wang, H., Wang, Y., Westerdale, S., Williams, L., Wojaczynski, R., Wojcik, M. M., Wojcik, M., Wright, T., Xie, Y., Yang, C., Yin, J., Zabihi, A., Zakhary, P., Zani, A., Zhang, Y., Zhu, T., Zichichi, A., Zuzel, G., and Zykova, M. P.

Subjects
Physics - Instrumentation and Detectors, High Energy Physics - Experiment
Abstract

Experiments aimed at direct searches for WIMP dark matter require highly effective reduction of backgrounds and control of any residual radioactive contamination. In particular, neutrons interacting with atomic nuclei represent an important class of backgrounds due to the expected similarity of a WIMP-nucleon interaction, so that such experiments often feature a dedicated neutron detector surrounding the active target volume. In the context of the development of DarkSide-20k detector at INFN Gran Sasso National Laboratory (LNGS), several R&D projects were conceived and developed for the creation of a new hybrid material rich in both hydrogen and gadolinium nuclei to be employed as an essential element of the neutron detector. Thanks to its very high cross-section for neutron capture, gadolinium is one of the most widely used elements in neutron detectors, while the hydrogen-rich material is instrumental in efficiently moderating the neutrons. In this paper results from one of the R&Ds are presented. In this effort the new hybrid material was obtained as a poly(methyl methacrylate) (PMMA) matrix, loaded with gadolinium oxide in the form of nanoparticles. We describe its realization, including all phases of design, purification, construction, characterization, and determination of mechanical properties of the new material.

Published
2024
Full Text
View/download PDF

27. Graph Neural Networks and Reinforcement Learning for Proactive Application Image Placement

Author

Makris, Antonios, Theodoropoulos, Theodoros, Psomakelis, Evangelos, Carlini, Emanuele, Mordacchini, Matteo, Dazzi, Patrizio, and Tserpes, Konstantinos

Subjects
Computer Science - Distributed, Parallel, and Cluster Computing, Computer Science - Machine Learning
Abstract

The shift from Cloud Computing to a Cloud-Edge continuum presents new opportunities and challenges for data-intensive and interactive applications. Edge computing has garnered a lot of attention from both industry and academia in recent years, emerging as a key enabler for meeting the increasingly strict demands of Next Generation applications. In Edge computing the computations are placed closer to the end-users, to facilitate low-latency and high-bandwidth applications and services. However, the distributed, dynamic, and heterogeneous nature of Edge computing, presents a significant challenge for service placement. A critical aspect of Edge computing involves managing the placement of applications within the network system to minimize each application's runtime, considering the resources available on system devices and the capabilities of the system's network. The placement of application images must be proactively planned to minimize image tranfer time, and meet the strict demands of the applications. In this regard, this paper proposes an approach for proactive image placement that combines Graph Neural Networks and actor-critic Reinforcement Learning, which is evaluated empirically and compared against various solutions. The findings indicate that although the proposed approach may result in longer execution times in certain scenarios, it consistently achieves superior outcomes in terms of application placement.

Published
2024

28. Urgent Edge Computing

Author

Dazzi, Patrizio, Ferrucci, Luca, Danelutto, Marco, Tserpes, Konstantinos, Makris, Antonis, Theodoropoulos, Theodoros, Massa, Jacopo, Carlini, Emanuele, and Mordacchini, Matteo

Subjects
Computer Science - Networking and Internet Architecture, Computer Science - Distributed, Parallel, and Cluster Computing
Abstract

This position paper introduces Urgent Edge Computing (UEC) as a paradigm shift addressing the evolving demands of time-sensitive applications in distributed edge environments, in time-critical scenarios. With a focus on ultra-low latency, availability, resource management, decentralization, self-organization, and robust security, UEC aims to facilitate operations in critical scenarios such as disaster response, environmental monitoring, and smart city management. This paper outlines and discusses the key requirements, challenges, and enablers along with a conceptual architecture. The paper also outlines the potential applications of Urgent Edge Computing

Published
2024
Full Text
View/download PDF

29. Forcing Diffuse Distributions out of Language Models

Author

Zhang, Yiming, Schwarzschild, Avi, Carlini, Nicholas, Kolter, Zico, and Ippolito, Daphne

Subjects
Computer Science - Computation and Language, Computer Science - Machine Learning
Abstract

Despite being trained specifically to follow user instructions, today's instructiontuned language models perform poorly when instructed to produce random outputs. For example, when prompted to pick a number uniformly between one and ten Llama-2-13B-chat disproportionately favors the number five, and when tasked with picking a first name at random, Mistral-7B-Instruct chooses Avery 40 times more often than we would expect based on the U.S. population. When these language models are used for real-world tasks where diversity of outputs is crucial, such as language model assisted dataset construction, their inability to produce diffuse distributions over valid choices is a major hurdle. In this work, we propose a fine-tuning method that encourages language models to output distributions that are diffuse over valid outcomes. The methods we introduce generalize across a variety of tasks and distributions and make large language models practical for synthetic dataset generation with little human intervention.

Published
2024

30. Simplices osculating rational normal curves

Author

Caminata, Alessio, Carlini, Enrico, and Schaffler, Luca

Subjects
Mathematics - Algebraic Geometry, 14A25, 14H50, 51N35
Abstract

A classical result of von Staudt states that if eight planes osculate a twisted cubic curve and we divide them into two groups of four, then the eight vertices of the corresponding tetrahedra lie on a twisted cubic curve. In the current paper, we give an alternative proof of this result using modern tools, and at the same time we prove the analogous result for rational normal curves in any projective space. This higher dimensional generalization was claimed without proof in a paper of H.S. White in 1921., Comment: 15 pages, 1 figure. Final version. To appear in Vietnam Journal of Mathematics

Published
2024

31. Privacy Backdoors: Enhancing Membership Inference through Poisoning Pre-trained Models

Author

Wen, Yuxin, Marchyok, Leo, Hong, Sanghyun, Geiping, Jonas, Goldstein, Tom, and Carlini, Nicholas

Subjects
Computer Science - Cryptography and Security, Computer Science - Machine Learning
Abstract

It is commonplace to produce application-specific models by fine-tuning large pre-trained models using a small bespoke dataset. The widespread availability of foundation model checkpoints on the web poses considerable risks, including the vulnerability to backdoor attacks. In this paper, we unveil a new vulnerability: the privacy backdoor attack. This black-box privacy attack aims to amplify the privacy leakage that arises when fine-tuning a model: when a victim fine-tunes a backdoored model, their training data will be leaked at a significantly higher rate than if they had fine-tuned a typical model. We conduct extensive experiments on various datasets and models, including both vision-language models (CLIP) and large language models, demonstrating the broad applicability and effectiveness of such an attack. Additionally, we carry out multiple ablation studies with different fine-tuning methods and inference strategies to thoroughly analyze this new threat. Our findings highlight a critical privacy concern within the machine learning community and call for a reevaluation of safety protocols in the use of open-source pre-trained models.

Published
2024

32. Diffusion Denoising as a Certified Defense against Clean-label Poisoning

Author

Hong, Sanghyun, Carlini, Nicholas, and Kurakin, Alexey

Subjects
Computer Science - Cryptography and Security, Computer Science - Computer Vision and Pattern Recognition, Computer Science - Machine Learning
Abstract

We present a certified defense to clean-label poisoning attacks. These attacks work by injecting a small number of poisoning samples (e.g., 1%) that contain $p$-norm bounded adversarial perturbations into the training data to induce a targeted misclassification of a test-time input. Inspired by the adversarial robustness achieved by $denoised$ $smoothing$, we show how an off-the-shelf diffusion model can sanitize the tampered training data. We extensively test our defense against seven clean-label poisoning attacks and reduce their attack success to 0-16% with only a negligible drop in the test time accuracy. We compare our defense with existing countermeasures against clean-label poisoning, showing that the defense reduces the attack success the most and offers the best model utility. Our results highlight the need for future work on developing stronger clean-label attacks and using our certified yet practical defense as a strong baseline to evaluate these attacks.

Published
2024

33. Stealing Part of a Production Language Model

Author

Carlini, Nicholas, Paleka, Daniel, Dvijotham, Krishnamurthy Dj, Steinke, Thomas, Hayase, Jonathan, Cooper, A. Feder, Lee, Katherine, Jagielski, Matthew, Nasr, Milad, Conmy, Arthur, Yona, Itay, Wallace, Eric, Rolnick, David, and Tramèr, Florian

Subjects
Computer Science - Cryptography and Security
Abstract

We introduce the first model-stealing attack that extracts precise, nontrivial information from black-box production language models like OpenAI's ChatGPT or Google's PaLM-2. Specifically, our attack recovers the embedding projection layer (up to symmetries) of a transformer model, given typical API access. For under \$20 USD, our attack extracts the entire projection matrix of OpenAI's Ada and Babbage language models. We thereby confirm, for the first time, that these black-box models have a hidden dimension of 1024 and 2048, respectively. We also recover the exact hidden dimension size of the gpt-3.5-turbo model, and estimate it would cost under $2,000 in queries to recover the entire projection matrix. We conclude with potential defenses and mitigations, and discuss the implications of possible future work that could extend our attack.

Published
2024

36. On the codimension of permanental varieties

Author

Boralevi, Ada, Carlini, Enrico, Michałek, Mateusz, and Ventura, Emanuele

Subjects
Mathematics - Algebraic Geometry, Mathematics - Combinatorics, 05E14, 05E40
Abstract

In this article, we study permanental varieties, i.e. varieties defined by the vanishing of permanents of fixed size of a generic matrix. Permanents and their varieties play an important, and sometimes poorly understood, role in combinatorics. However, there are essentially no geometric results about them in the literature, in very sharp contrast to the well-behaved and ubiquitous case of determinants and minors. Motivated by the study of the singular locus of the permanental hypersurface, we focus on the codimension of these varieties. We introduce a $\mathbb C^{*}$-action on matrices and prove a number of results. In particular, we improve a lower bound on the codimension of the aforementioned singular locus established by von zur Gathen in 1987., Comment: Improved ancillary code, added references

Published
2024

37. A CWENO large time-step scheme for Hamilton--Jacobi equations

Author

Carlini, E., Ferretti, R., Preda, S., and Semplice, M.

Subjects
Mathematics - Numerical Analysis, Mathematics - Optimization and Control, 65N12, 65M10, 49L25
Abstract

We propose a high order numerical scheme for time-dependent first order Hamilton--Jacobi--Bellman equations. In particular we propose to combine a semi-Lagrangian scheme with a Central Weighted Non-Oscillatory reconstruction. We prove a convergence result in the case of state- and time-independent Hamiltonians. Numerical simulations are presented in space dimensions one and two, also for more general state- and time-dependent Hamiltonians, demonstrating superior performance in terms of CPU time gain compared with a semi-Lagrangian scheme coupled with Weighted Non-Oscillatory reconstructions.

Published
2024

38. Query-Based Adversarial Prompt Generation

Author

Hayase, Jonathan, Borevkovic, Ema, Carlini, Nicholas, Tramèr, Florian, and Nasr, Milad

Subjects
Computer Science - Computation and Language, Computer Science - Artificial Intelligence, Computer Science - Cryptography and Security, Computer Science - Machine Learning
Abstract

Recent work has shown it is possible to construct adversarial examples that cause an aligned language model to emit harmful strings or perform harmful behavior. Existing attacks work either in the white-box setting (with full access to the model weights), or through transferability: the phenomenon that adversarial examples crafted on one model often remain effective on other models. We improve on prior work with a query-based attack that leverages API access to a remote language model to construct adversarial examples that cause the model to emit harmful strings with (much) higher probability than with transfer-only attacks. We validate our attack on GPT-3.5 and OpenAI's safety classifier; we can cause GPT-3.5 to emit harmful strings that current transfer attacks fail at, and we can evade the safety classifier with nearly 100% probability.

Published
2024

39. Hunting imaging biomarkers in pulmonary fibrosis: Benchmarks of the AIIB23 challenge

Author

Nan, Yang, Xing, Xiaodan, Wang, Shiyi, Tang, Zeyu, Felder, Federico N, Zhang, Sheng, Ledda, Roberta Eufrasia, Ding, Xiaoliu, Yu, Ruiqi, Liu, Weiping, Shi, Feng, Sun, Tianyang, Cao, Zehong, Zhang, Minghui, Gu, Yun, Zhang, Hanxiao, Gao, Jian, Wang, Pingyu, Tang, Wen, Yu, Pengxin, Kang, Han, Chen, Junqiang, Lu, Xing, Zhang, Boyu, Mamalakis, Michail, Prinzi, Francesco, Carlini, Gianluca, Cuneo, Lisa, Banerjee, Abhirup, Xing, Zhaohu, Zhu, Lei, Mesbah, Zacharia, Jain, Dhruv, Mayet, Tsiry, Yuan, Hongyu, Lyu, Qing, Qayyum, Abdul, Mazher, Moona, Wells, Athol, Walsh, Simon LF, and Yang, Guang

Subjects
Electrical Engineering and Systems Science - Image and Video Processing, Computer Science - Artificial Intelligence, Computer Science - Computer Vision and Pattern Recognition
Abstract

Airway-related quantitative imaging biomarkers are crucial for examination, diagnosis, and prognosis in pulmonary diseases. However, the manual delineation of airway trees remains prohibitively time-consuming. While significant efforts have been made towards enhancing airway modelling, current public-available datasets concentrate on lung diseases with moderate morphological variations. The intricate honeycombing patterns present in the lung tissues of fibrotic lung disease patients exacerbate the challenges, often leading to various prediction errors. To address this issue, the 'Airway-Informed Quantitative CT Imaging Biomarker for Fibrotic Lung Disease 2023' (AIIB23) competition was organized in conjunction with the official 2023 International Conference on Medical Image Computing and Computer Assisted Intervention (MICCAI). The airway structures were meticulously annotated by three experienced radiologists. Competitors were encouraged to develop automatic airway segmentation models with high robustness and generalization abilities, followed by exploring the most correlated QIB of mortality prediction. A training set of 120 high-resolution computerised tomography (HRCT) scans were publicly released with expert annotations and mortality status. The online validation set incorporated 52 HRCT scans from patients with fibrotic lung disease and the offline test set included 140 cases from fibrosis and COVID-19 patients. The results have shown that the capacity of extracting airway trees from patients with fibrotic lung disease could be enhanced by introducing voxel-wise weighted general union loss and continuity loss. In addition to the competitive image biomarkers for prognosis, a strong airway-derived biomarker (Hazard ratio>1.5, p<0.0001) was revealed for survival prognostication compared with existing clinical measurements, clinician assessment and AI-based biomarkers., Comment: 19 pages

Published
2023
Full Text
View/download PDF

40. Initialization Matters for Adversarial Transfer Learning

Author

Hua, Andong, Gu, Jindong, Xue, Zhiyu, Carlini, Nicholas, Wong, Eric, and Qin, Yao

Subjects
Computer Science - Computer Vision and Pattern Recognition
Abstract

With the prevalence of the Pretraining-Finetuning paradigm in transfer learning, the robustness of downstream tasks has become a critical concern. In this work, we delve into adversarial robustness in transfer learning and reveal the critical role of initialization, including both the pretrained model and the linear head. First, we discover the necessity of an adversarially robust pretrained model. Specifically, we reveal that with a standard pretrained model, Parameter-Efficient Finetuning (PEFT) methods either fail to be adversarially robust or continue to exhibit significantly degraded adversarial robustness on downstream tasks, even with adversarial training during finetuning. Leveraging a robust pretrained model, surprisingly, we observe that a simple linear probing can outperform full finetuning and other PEFT methods with random initialization on certain datasets. We further identify that linear probing excels in preserving robustness from the robust pretraining. Based on this, we propose Robust Linear Initialization (RoLI) for adversarial finetuning, which initializes the linear head with the weights obtained by adversarial linear probing to maximally inherit the robustness from pretraining. Across five different image classification datasets, we demonstrate the effectiveness of RoLI and achieve new state-of-the-art results. Our code is available at \url{https://github.com/DongXzz/RoLI}., Comment: CVPR 2024

Published
2023

45. Management of intra-abdominal infections: recommendations by the Italian council for the optimization of antimicrobial use

Author

Sartelli, Massimo, Tascini, Carlo, Coccolini, Federico, Dellai, Fabiana, Ansaloni, Luca, Antonelli, Massimo, Bartoletti, Michele, Bassetti, Matteo, Boncagni, Federico, Carlini, Massimo, Cattelan, Anna Maria, Cavaliere, Arturo, Ceresoli, Marco, Cipriano, Alessandro, Cortegiani, Andrea, Cortese, Francesco, Cristini, Francesco, Cucinotta, Eugenio, Dalfino, Lidia, De Pascale, Gennaro, De Rosa, Francesco Giuseppe, Falcone, Marco, Forfori, Francesco, Fugazzola, Paola, Gatti, Milo, Gentile, Ivan, Ghiadoni, Lorenzo, Giannella, Maddalena, Giarratano, Antonino, Giordano, Alessio, Girardis, Massimo, Mastroianni, Claudio, Monti, Gianpaola, Montori, Giulia, Palmieri, Miriam, Pani, Marcello, Paolillo, Ciro, Parini, Dario, Parruti, Giustino, Pasero, Daniela, Pea, Federico, Peghin, Maddalena, Petrosillo, Nicola, Podda, Mauro, Rizzo, Caterina, Rossolini, Gian Maria, Russo, Alessandro, Scoccia, Loredana, Sganga, Gabriele, Signorini, Liana, Stefani, Stefania, Tumbarello, Mario, Tumietto, Fabio, Valentino, Massimo, Venditti, Mario, Viaggi, Bruno, Vivaldi, Francesca, Zaghi, Claudia, Labricciosa, Francesco M., Abu-Zidan, Fikri, Catena, Fausto, and Viale, Pierluigi

Published
2024
Full Text
View/download PDF

50. Frequency of remission achievement in the pre-treat-to-target decade in juvenile idiopathic arthritis

Author

Ana Isabel Rebollo-Giménez, Angela Pistorio, Silvia Maria Orsi, Francesca Ridella, Elena Aldera, Luca Carlini, Valentina Natoli, Marco Burrone, Silvia Rosina, Roberta Naddei, Alessandro Consolaro, Esperanza Naredo, and Angelo Ravelli

Subjects
Juvenile idiopathic arthritis, Treat-to-target, Clinical remission, Inactive disease, Disease outcome, Pediatrics, RJ1-570, Diseases of the musculoskeletal system, RC925-935
Abstract

Abstract Background Over the past two decades there has been a remarkable advance in the management of juvenile idiopathic arthritis (JIA), which has led to considerable improvement in prognosis. In 2018, the introduction of the treat-to-target (T2T) strategy in JIA has been advocated to further ameliorate disease outcome. To provide a benchmark for comparing future outcomes in the “T2T era”, this study investigates the percentage of JIA patients who achieved clinical inactive disease (CID) in the decade that preceded the publication of the T2T recommendations in JIA. Methods The clinical charts of all JIA patients followed at the study center between 2007 and 2017 who were first seen within 6 months after disease onset and had a minimum of 6-month follow-up information available were reviewed retrospectively. The attainment of CID, defined by 2004 Wallace criteria, was assessed cross-sectionally at 6, 12, 24, and 60 months after first observation. Results A total of 394 patients were included. Patients were classified into four “functional phenotypes”: systemic arthritis (7.1%), oligoarthritis (48.2%), polyarthritis (40.4%), and other arthritis (4.3%). The overall frequency of CID was 25.1% at 6 months, 34.5% at 12 months, 44.6% at 24 months, and 49.1% at 60 months. The systemic and oligoarticular subgroups had the highest rates of CID at 6 months (32.1% and 29.5%, respectively) and at 12 months (40% and 41.1%, respectively). At the 60-month evaluation, which was available for 226 out of 394 patients (57.4%), the frequency of CID among patients still followed at study center was 42.9%, 51.7%, 46.7%, and 45.5% for the systemic, oligoarticular, polyarticular, and other arthritis phenotypes, respectively. Conclusion A sizeable proportion of patients treated in the decade preceding the beginning of the “T2T era” and on continued follow-up did not achieve or maintain the state of CID over the long term. Future studies will determine whether the application of the T2T strategy increases the ability to achieve sustained disease quiescence in patients who respond suboptimally to the conventional therapeutic regimens.

Published
2025
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results