16,643 results on '"Sun, Jun"'
Search Results
2. Are Existing Road Design Guidelines Suitable for Autonomous Vehicles?
- Author
-
Sun, Yang, Poskitt, Christopher M., and Sun, Jun
- Subjects
Computer Science - Computer Vision and Pattern Recognition ,Computer Science - Software Engineering - Abstract
The emergence of Autonomous Vehicles (AVs) has spurred research into testing the resilience of their perception systems, i.e. to ensure they are not susceptible to making critical misjudgements. It is important that they are tested not only with respect to other vehicles on the road, but also those objects placed on the roadside. Trash bins, billboards, and greenery are all examples of such objects, typically placed according to guidelines that were developed for the human visual system, and which may not align perfectly with the needs of AVs. Existing tests, however, usually focus on adversarial objects with conspicuous shapes/patches, that are ultimately unrealistic given their unnatural appearances and the need for white box knowledge. In this work, we introduce a black box attack on the perception systems of AVs, in which the objective is to create realistic adversarial scenarios (i.e. satisfying road design guidelines) by manipulating the positions of common roadside objects, and without resorting to `unnatural' adversarial patches. In particular, we propose TrashFuzz , a fuzzing algorithm to find scenarios in which the placement of these objects leads to substantial misperceptions by the AV -- such as mistaking a traffic light's colour -- with overall the goal of causing it to violate traffic laws. To ensure the realism of these scenarios, they must satisfy several rules encoding regulatory guidelines about the placement of objects on public streets. We implemented and evaluated these attacks for the Apollo, finding that TrashFuzz induced it into violating 15 out of 24 different traffic laws., Comment: Currently under review by IEEE Transactions on Software Engineering (TSE)
- Published
- 2024
3. An interpretable formula for lattice thermal conductivity of crystals
- Author
-
Wang, Xiaoying, Shu, Guoyu, Zhu, Guimei, Wang, Jiansheng, Sun, Jun, Ding, Xiangdong, Li, Baowen, and Gao, Zhibin
- Subjects
Condensed Matter - Materials Science ,Condensed Matter - Mesoscale and Nanoscale Physics ,Physics - Computational Physics - Abstract
Lattice thermal conductivity (kL) is a crucial physical property of crystals with applications in thermal management, such as heat dissipation, insulation, and thermoelectric energy conversion. However, accurately and rapidly determining kL poses a considerable challenge. In this study, we introduce an formula that achieves high precision (mean relative error=8.97%) and provides fast predictions, taking less than one minute, for kL across a wide range of inorganic binary and ternary materials. Our interpretable, dimensionally aligned and physical grounded formula forecasts kL values for 4,601 binary and 6,995 ternary materials in the Materials Project database. Notably, we predict undiscovered high kL values for AlBN2 (kL=101 W/ m/ K) and the undetectedlow kL Cs2Se (kL=0.98 W/ m/ K) at room temperature. This method for determining kL streamlines the traditionally time-consuming process associated with complex phonon physics. It provides insights into microscopic heat transport and facilitates the design and screening of materials with targeted and extreme kL values through the application of phonon engineering. Our findings offer opportunities for controlling and optimizing macroscopic transport properties of materials by engineering their bulk modulus, shear modulus, and Gruneisen parameter.
- Published
- 2024
4. BackdoorLLM: A Comprehensive Benchmark for Backdoor Attacks on Large Language Models
- Author
-
Li, Yige, Huang, Hanxun, Zhao, Yunhan, Ma, Xingjun, and Sun, Jun
- Subjects
Computer Science - Artificial Intelligence - Abstract
Generative Large Language Models (LLMs) have made significant strides across various tasks, but they remain vulnerable to backdoor attacks, where specific triggers in the prompt cause the LLM to generate adversary-desired responses. While most backdoor research has focused on vision or text classification tasks, backdoor attacks in text generation have been largely overlooked. In this work, we introduce \textit{BackdoorLLM}, the first comprehensive benchmark for studying backdoor attacks on LLMs. \textit{BackdoorLLM} features: 1) a repository of backdoor benchmarks with a standardized training pipeline, 2) diverse attack strategies, including data poisoning, weight poisoning, hidden state attacks, and chain-of-thought attacks, 3) extensive evaluations with over 200 experiments on 8 attacks across 7 scenarios and 6 model architectures, and 4) key insights into the effectiveness and limitations of backdoors in LLMs. We hope \textit{BackdoorLLM} will raise awareness of backdoor threats and contribute to advancing AI safety. The code is available at \url{https://github.com/bboylyg/BackdoorLLM}.
- Published
- 2024
5. On-the-fly Synthesis for LTL over Finite Traces: An Efficient Approach that Counts
- Author
-
Xiao, Shengping, Li, Yongkang, Zhu, Shufang, Sun, Jun, Li, Jianwen, Pu, Geguang, and Vardi, Moshe Y.
- Subjects
Computer Science - Artificial Intelligence ,Computer Science - Logic in Computer Science - Abstract
We present an on-the-fly synthesis framework for Linear Temporal Logic over finite traces (LTLf) based on top-down deterministic automata construction. Existing approaches rely on constructing a complete Deterministic Finite Automaton (DFA) corresponding to the LTLf specification, a process with doubly exponential complexity relative to the formula size in the worst case. In this case, the synthesis procedure cannot be conducted until the entire DFA is constructed. This inefficiency is the main bottleneck of existing approaches. To address this challenge, we first present a method for converting LTLf into Transition-based DFA (TDFA) by directly leveraging LTLf semantics, incorporating intermediate results as direct components of the final automaton to enable parallelized synthesis and automata construction. We then explore the relationship between LTLf synthesis and TDFA games and subsequently develop an algorithm for performing LTLf synthesis using on-the-fly TDFA game solving. This algorithm traverses the state space in a global forward manner combined with a local backward method, along with the detection of strongly connected components. Moreover, we introduce two optimization techniques -- model-guided synthesis and state entailment -- to enhance the practical efficiency of our approach. Experimental results demonstrate that our on-the-fly approach achieves the best performance on the tested benchmarks and effectively complements existing tools and approaches., Comment: 32 pages, 3 figures, 3 tables
- Published
- 2024
6. Formalizing UML State Machines for Automated Verification -- A Survey
- Author
-
André, Étienne, Liu, Shuang, Liu, Yang, Choppy, Christine, Sun, Jun, and Dong, Jin Song
- Subjects
Computer Science - Software Engineering ,Computer Science - Logic in Computer Science - Abstract
The Unified Modeling Language (UML) is a standard for modeling dynamic systems. UML behavioral state machines are used for modeling the dynamic behavior of object-oriented designs. The UML specification, maintained by the Object Management Group (OMG), is documented in natural language (in contrast to formal language). The inherent ambiguity of natural languages may introduce inconsistencies in the resulting state machine model. Formalizing UML state machine specification aims at solving the ambiguity problem and at providing a uniform view to software designers and developers. Such a formalization also aims at providing a foundation for automatic verification of UML state machine models, which can help to find software design vulnerabilities at an early stage and reduce the development cost. We provide here a comprehensive survey of existing work from 1997 to 2021 related to formalizing UML state machine semantics for the purpose of conducting model checking at the design stage., Comment: This is the author version of the manuscript of the same name published in ACM Computing Surveys
- Published
- 2024
- Full Text
- View/download PDF
7. $\mu$Drive: User-Controlled Autonomous Driving
- Author
-
Wang, Kun, Poskitt, Christopher M., Sun, Yang, Sun, Jun, Wang, Jingyi, Cheng, Peng, and Chen, Jiming
- Subjects
Computer Science - Software Engineering - Abstract
Autonomous Vehicles (AVs) rely on sophisticated Autonomous Driving Systems (ADSs) to provide passengers a satisfying and safe journey. The individual preferences of riders plays a crucial role in shaping the perception of safety and comfort while they are in the car. Existing ADSs, however, lack mechanisms to systematically capture and integrate rider preferences into their planning modules. To bridge this gap, we propose $\mu$Drive, an event-based Domain-Specific Language (DSL) designed for specifying autonomous vehicle behaviour. $\mu$Drive enables users to express their preferences through rules triggered by contextual events, such as encountering obstacles or navigating complex traffic situations. These rules dynamically adjust the parameter settings of the ADS planning module, facilitating seamless integration of rider preferences into the driving plan. In our evaluation, we demonstrate the feasibility and efficacy of $\mu$Drive by integrating it with the Apollo ADS framework. Our findings show that users can effectively influence Apollo's planning through $\mu$Drive, assisting ADS in achieving improved compliance with traffic regulations. The response time for $\mu$Drive commands remains consistently at the second or millisecond level. This suggests that $\mu$Drive may help pave the way to more personalizsed and user-centric AV experiences.
- Published
- 2024
8. Certified Continual Learning for Neural Network Regression
- Author
-
Pham, Long H. and Sun, Jun
- Subjects
Computer Science - Machine Learning - Abstract
On the one hand, there has been considerable progress on neural network verification in recent years, which makes certifying neural networks a possibility. On the other hand, neural networks in practice are often re-trained over time to cope with new data distribution or for solving different tasks (a.k.a. continual learning). Once re-trained, the verified correctness of the neural network is likely broken, particularly in the presence of the phenomenon known as catastrophic forgetting. In this work, we propose an approach called certified continual learning which improves existing continual learning methods by preserving, as long as possible, the established correctness properties of a verified network. Our approach is evaluated with multiple neural networks and on two different continual learning methods. The results show that our approach is efficient and the trained models preserve their certified correctness and often maintain high utility.
- Published
- 2024
9. Towards Large Language Model Aided Program Refinement
- Author
-
Cai, Yufan, Hou, Zhe, Luan, Xiaokun, Baena, David Miguel Sanan, Lin, Yun, Sun, Jun, and Dong, Jin Song
- Subjects
Computer Science - Software Engineering ,Computer Science - Artificial Intelligence ,Computer Science - Computation and Language ,K.6.3 - Abstract
Program refinement involves correctness-preserving transformations from formal high-level specification statements into executable programs. Traditional verification tool support for program refinement is highly interactive and lacks automation. On the other hand, the emergence of large language models (LLMs) enables automatic code generations from informal natural language specifications. However, code generated by LLMs is often unreliable. Moreover, the opaque procedure from specification to code provided by LLM is an uncontrolled black box. We propose LLM4PR, a tool that combines formal program refinement techniques with informal LLM-based methods to (1) transform the specification to preconditions and postconditions, (2) automatically build prompts based on refinement calculus, (3) interact with LLM to generate code, and finally, (4) verify that the generated code satisfies the conditions of refinement calculus, thus guaranteeing the correctness of the code. We have implemented our tool using GPT4, Coq, and Coqhammer, and evaluated it on the HumanEval and EvalPlus datasets.
- Published
- 2024
10. Conformance Testing of Relational DBMS Against SQL Specifications
- Author
-
Liu, Shuang, Tian, Chenglin, Sun, Jun, Wang, Ruifeng, Lu, Wei, Zhao, Yongxin, Xue, Yinxing, Wang, Junjie, and Du, Xiaoyong
- Subjects
Computer Science - Databases - Abstract
A Relational Database Management System (RDBMS) is one of the fundamental software that supports a wide range of applications, making it critical to identify bugs within these systems. There has been active research on testing RDBMS, most of which employ crash or use metamorphic relations as the oracle. Although existing approaches can detect bugs in RDBMS, they are far from comprehensively evaluating the RDBMS's correctness (i.e., with respect to the semantics of SQL). In this work, we propose a method to test the semantic conformance of RDBMS i.e., whether its behavior respects the intended semantics of SQL. Specifically, we have formally defined the semantics of SQL and implemented them in Prolog. Then, the Prolog implementation serves as the reference RDBMS, enabling differential testing on existing RDBMS. We applied our approach to four widely-used and thoroughly tested RDBMSs, i.e., MySQL, TiDB, SQLite, and DuckDB. In total, our approach uncovered 19 bugs and 11 inconsistencies, which are all related to violating the SQL specification or missing/unclear specification, thereby demonstrating the effectiveness and applicability of our approach.
- Published
- 2024
11. CodeR: Issue Resolving with Multi-Agent and Task Graphs
- Author
-
Chen, Dong, Lin, Shaoxin, Zeng, Muhan, Zan, Daoguang, Wang, Jian-Gang, Cheshkov, Anton, Sun, Jun, Yu, Hao, Dong, Guoliang, Aliev, Artem, Wang, Jie, Cheng, Xiao, Liang, Guangtai, Ma, Yuchi, Bian, Pan, Xie, Tao, and Wang, Qianxiang
- Subjects
Computer Science - Computation and Language ,Computer Science - Artificial Intelligence ,Computer Science - Software Engineering - Abstract
GitHub issue resolving recently has attracted significant attention from academia and industry. SWE-bench is proposed to measure the performance in resolving issues. In this paper, we propose CodeR, which adopts a multi-agent framework and pre-defined task graphs to Repair & Resolve reported bugs and add new features within code Repository. On SWE-bench lite, CodeR is able to solve 28.33% of issues, when submitting only once for each issue. We examine the performance impact of each design of CodeR and offer insights to advance this research direction., Comment: https://github.com/NL2Code/CodeR
- Published
- 2024
12. Defending Large Language Models Against Jailbreak Attacks via Layer-specific Editing
- Author
-
Zhao, Wei, Li, Zhe, Li, Yige, Zhang, Ye, and Sun, Jun
- Subjects
Computer Science - Artificial Intelligence - Abstract
Large language models (LLMs) are increasingly being adopted in a wide range of real-world applications. Despite their impressive performance, recent studies have shown that LLMs are vulnerable to deliberately crafted adversarial prompts even when aligned via Reinforcement Learning from Human Feedback or supervised fine-tuning. While existing defense methods focus on either detecting harmful prompts or reducing the likelihood of harmful responses through various means, defending LLMs against jailbreak attacks based on the inner mechanisms of LLMs remains largely unexplored. In this work, we investigate how LLMs response to harmful prompts and propose a novel defense method termed \textbf{L}ayer-specific \textbf{Ed}iting (LED) to enhance the resilience of LLMs against jailbreak attacks. Through LED, we reveal that several critical \textit{safety layers} exist among the early layers of LLMs. We then show that realigning these safety layers (and some selected additional layers) with the decoded safe response from selected target layers can significantly improve the alignment of LLMs against jailbreak attacks. Extensive experiments across various LLMs (e.g., Llama2, Mistral) show the effectiveness of LED, which effectively defends against jailbreak attacks while maintaining performance on benign prompts. Our code is available at \url{https://github.com/ledllm/ledllm}.
- Published
- 2024
13. How Does Bayes Error Limit Probabilistic Robust Accuracy
- Author
-
Zhang, Ruihan and Sun, Jun
- Subjects
Computer Science - Machine Learning - Abstract
Adversarial examples pose a security threat to many critical systems built on neural networks. Given that deterministic robustness often comes with significantly reduced accuracy, probabilistic robustness (i.e., the probability of having the same label with a vicinity is $\ge 1-\kappa$) has been proposed as a promising way of achieving robustness whilst maintaining accuracy. However, existing training methods for probabilistic robustness still experience non-trivial accuracy loss. It is unclear whether there is an upper bound on the accuracy when optimising towards probabilistic robustness, and whether there is a certain relationship between $\kappa$ and this bound. This work studies these problems from a Bayes error perspective. We find that while Bayes uncertainty does affect probabilistic robustness, its impact is smaller than that on deterministic robustness. This reduced Bayes uncertainty allows a higher upper bound on probabilistic robust accuracy than that on deterministic robust accuracy. Further, we prove that with optimal probabilistic robustness, each probabilistically robust input is also deterministically robust in a smaller vicinity. We also show that voting within the vicinity always improves probabilistic robust accuracy and the upper bound of probabilistic robust accuracy monotonically increases as $\kappa$ grows. Our empirical findings also align with our results.
- Published
- 2024
14. Unified Neural Backdoor Removal with Only Few Clean Samples through Unlearning and Relearning
- Author
-
Min, Nay Myat, Pham, Long H., and Sun, Jun
- Subjects
Computer Science - Cryptography and Security ,Computer Science - Artificial Intelligence - Abstract
The application of deep neural network models in various security-critical applications has raised significant security concerns, particularly the risk of backdoor attacks. Neural backdoors pose a serious security threat as they allow attackers to maliciously alter model behavior. While many defenses have been explored, existing approaches are often bounded by model-specific constraints, or necessitate complex alterations to the training process, or fall short against diverse backdoor attacks. In this work, we introduce a novel method for comprehensive and effective elimination of backdoors, called ULRL (short for UnLearn and ReLearn for backdoor removal). ULRL requires only a small set of clean samples and works effectively against all kinds of backdoors. It first applies unlearning for identifying suspicious neurons and then targeted neural weight tuning for backdoor mitigation (i.e., by promoting significant weight deviation on the suspicious neurons). Evaluated against 12 different types of backdoors, ULRL is shown to significantly outperform state-of-the-art methods in eliminating backdoors whilst preserving the model utility.
- Published
- 2024
15. ALI-Agent: Assessing LLMs' Alignment with Human Values via Agent-based Evaluation
- Author
-
Zheng, Jingnan, Wang, Han, Zhang, An, Nguyen, Tai D., Sun, Jun, and Chua, Tat-Seng
- Subjects
Computer Science - Artificial Intelligence ,Computer Science - Computation and Language - Abstract
Large Language Models (LLMs) can elicit unintended and even harmful content when misaligned with human values, posing severe risks to users and society. To mitigate these risks, current evaluation benchmarks predominantly employ expert-designed contextual scenarios to assess how well LLMs align with human values. However, the labor-intensive nature of these benchmarks limits their test scope, hindering their ability to generalize to the extensive variety of open-world use cases and identify rare but crucial long-tail risks. Additionally, these static tests fail to adapt to the rapid evolution of LLMs, making it hard to evaluate timely alignment issues. To address these challenges, we propose ALI-Agent, an evaluation framework that leverages the autonomous abilities of LLM-powered agents to conduct in-depth and adaptive alignment assessments. ALI-Agent operates through two principal stages: Emulation and Refinement. During the Emulation stage, ALI-Agent automates the generation of realistic test scenarios. In the Refinement stage, it iteratively refines the scenarios to probe long-tail risks. Specifically, ALI-Agent incorporates a memory module to guide test scenario generation, a tool-using module to reduce human labor in tasks such as evaluating feedback from target LLMs, and an action module to refine tests. Extensive experiments across three aspects of human values--stereotypes, morality, and legality--demonstrate that ALI-Agent, as a general evaluation framework, effectively identifies model misalignment. Systematic analysis also validates that the generated test scenarios represent meaningful use cases, as well as integrate enhanced measures to probe long-tail risks. Our code is available at https://github.com/SophieZheng998/ALI-Agent.git
- Published
- 2024
16. Machine learning for predicting ultralow thermal conductivity and high ZT in complex thermoelectric materials
- Author
-
Hao, Yuzhou, Zuo, Yuting, Zheng, Jiongzhi, Hou, Wenjie, Gu, Hong, Wang, Xiaoying, Li, Xuejie, Sun, Jun, Ding, Xiangdong, and Gao, Zhibin
- Subjects
Condensed Matter - Materials Science - Abstract
Efficient and precise calculations of thermal transport properties and figure of merit, alongside a deep comprehension of thermal transport mechanisms, are essential for the practical utilization of advanced thermoelectric materials. In this study, we explore the microscopic processes governing thermal transport in the distinguished crystalline material Tl$_9$SbTe$_6$ by integrating a unified thermal transport theory with machine learning-assisted self-consistent phonon calculations. Leveraging machine learning potentials, we expedite the analysis of phonon energy shifts, higher-order scattering mechanisms, and thermal conductivity arising from various contributing factors like population and coherence channels. Our finding unveils an exceptionally low thermal conductivity of 0.31 W m$^{-1}$ K$^{-1}$ at room temperature, a result that closely correlates with experimental observations. Notably, we observe that the off-diagonal terms of heat flux operators play a significant role in shaping the overall lattice thermal conductivity of Tl$_9$SbTe$_6$, where the ultralow thermal conductivity resembles that of glass due to limited group velocities. Furthermore, we achieve a maximum $ZT$ value of 3.17 in the $c$-axis orientation for \textit{p}-type Tl$_9$SbTe$_6$ at 600 K, and an optimal $ZT$ value of 2.26 in the $a$-axis and $b$-axis direction for \textit{n}-type Tl$_9$SbTe$_6$ at 500 K. The crystalline Tl$_9$SbTe$_6$ not only showcases remarkable thermal insulation but also demonstrates impressive electrical properties owing to the dual-degeneracy phenomenon within its valence band. These results not only elucidate the underlying reasons for the exceptional thermoelectric performance of Tl$_9$SbTe$_6$ but also suggest potential avenues for further experimental exploration.
- Published
- 2024
- Full Text
- View/download PDF
17. Certified Robust Accuracy of Neural Networks Are Bounded due to Bayes Errors
- Author
-
Zhang, Ruihan and Sun, Jun
- Subjects
Statistics - Machine Learning ,Computer Science - Cryptography and Security ,Computer Science - Machine Learning - Abstract
Adversarial examples pose a security threat to many critical systems built on neural networks. While certified training improves robustness, it also decreases accuracy noticeably. Despite various proposals for addressing this issue, the significant accuracy drop remains. More importantly, it is not clear whether there is a certain fundamental limit on achieving robustness whilst maintaining accuracy. In this work, we offer a novel perspective based on Bayes errors. By adopting Bayes error to robustness analysis, we investigate the limit of certified robust accuracy, taking into account data distribution uncertainties. We first show that the accuracy inevitably decreases in the pursuit of robustness due to changed Bayes error in the altered data distribution. Subsequently, we establish an upper bound for certified robust accuracy, considering the distribution of individual classes and their boundaries. Our theoretical results are empirically evaluated on real-world datasets and are shown to be consistent with the limited success of existing certified training results, e.g., for CIFAR10, our analysis results in an upper bound (of certified robust accuracy) of 67.49\%, meanwhile existing approaches are only able to increase it from 53.89\% in 2017 to 62.84\% in 2023., Comment: accepted by CAV 2024
- Published
- 2024
18. Evaluating and Mitigating Linguistic Discrimination in Large Language Models
- Author
-
Dong, Guoliang, Wang, Haoyu, Sun, Jun, and Wang, Xinyu
- Subjects
Computer Science - Computation and Language ,Computer Science - Artificial Intelligence ,Computer Science - Cryptography and Security ,Computer Science - Software Engineering - Abstract
By training on text in various languages, large language models (LLMs) typically possess multilingual support and demonstrate remarkable capabilities in solving tasks described in different languages. However, LLMs can exhibit linguistic discrimination due to the uneven distribution of training data across languages. That is, LLMs are hard to keep the consistency of responses when faced with the same task but depicted in different languages. In this study, we first explore the consistency in the LLMs' outputs responding to queries in various languages from two aspects: safety and quality. We conduct this analysis with two datasets (AdvBench and NQ) based on four LLMs (Llama2-13b, Gemma-7b, GPT-3.5-turbo and Gemini-pro). The results show that LLMs exhibit stronger human alignment capabilities with queries in English, French, Russian, and Spanish (only 1.04\% of harmful queries successfully jailbreak on average) compared to queries in Bengali, Georgian, Nepali and Maithili (27.7\% of harmful queries jailbreak successfully on average). Moreover, for queries in English, Danish, Czech and Slovenian, LLMs tend to produce responses with a higher quality (with 0.1494 $F_1$ score on average) compared to the other languages. Upon these findings, we propose LDFighter, a similarity-based voting, to mitigate the linguistic discrimination in LLMs. LDFighter ensures consistent service for different language speakers. We evaluate LDFighter with both benign queries and harmful queries. The results show that LDFighter not only significantly reduces the jailbreak success rate but also improve the response quality on average, demonstrating its effectiveness.
- Published
- 2024
19. Towards General Conceptual Model Editing via Adversarial Representation Engineering
- Author
-
Zhang, Yihao, Wei, Zeming, Sun, Jun, and Sun, Meng
- Subjects
Computer Science - Machine Learning ,Computer Science - Artificial Intelligence ,Computer Science - Computation and Language ,Computer Science - Cryptography and Security ,Mathematics - Optimization and Control - Abstract
Since the development of Large Language Models (LLMs) has achieved remarkable success, understanding and controlling their internal complex mechanisms has become an urgent problem. Recent research has attempted to interpret their behaviors through the lens of inner representation. However, developing practical and efficient methods for applying these representations for general and flexible model editing remains challenging. In this work, we explore how to use representation engineering methods to guide the editing of LLMs by deploying a representation sensor as an oracle. We first identify the importance of a robust and reliable sensor during editing, then propose an Adversarial Representation Engineering (ARE) framework to provide a unified and interpretable approach for conceptual model editing without compromising baseline performance. Experiments on multiple model editing paradigms demonstrate the effectiveness of ARE in various settings. Code and data are available at https://github.com/Zhang-Yihao/Adversarial-Representation-Engineering.
- Published
- 2024
20. Reweight-annealing method for calculating the value of partition function via quantum Monte Carlo
- Author
-
Ding, Yi-Ming, Sun, Jun-Song, Ma, Nvsen, Pan, Gaopei, Cheng, Chen, and Yan, Zheng
- Subjects
Condensed Matter - Statistical Mechanics ,Condensed Matter - Strongly Correlated Electrons ,Quantum Physics - Abstract
Efficient and accurate algorithm for partition function, free energy and thermal entropy calculations is of great significance in statistical physics and quantum many-body physics. Here we present an unbiased but low-technical-barrier algorithm within the quantum Monte Carlo framework, which has exceptionally high accuracy and no systemic error. Compared with the conventional specific heat integral method and Wang-Landau sampling algorithm, our method can obtain a much more accurate result of the sub-leading coefficient of the entropy. This method can be widely used in both classical and quantum Monte Carlo simulations and is easy to be parallelized on computer., Comment: 10 pages, 7 figures
- Published
- 2024
21. ACW: Enhancing Traceability of AI-Generated Codes Based on Watermarking
- Author
-
Li, Boquan, Zhang, Mengdi, Zhang, Peixin, Sun, Jun, Wang, Xingmei, and Fu, Zirui
- Subjects
Computer Science - Cryptography and Security - Abstract
With the development of large language models, multiple AIs have become available for code generation (such as ChatGPT and StarCoder) and are adopted widely. It is often desirable to know whether a piece of code is generated by AI, and furthermore, which AI is the author. For instance, if a certain version of AI is known to generate vulnerable codes, it is particularly important to know the creator. Watermarking is broadly considered a promising solution and is successfully applied for identifying AI-generated text. However, existing efforts on watermarking AI-generated codes are far from ideal, and pose more challenges than watermarking general text due to limited flexibility and encoding space. In this work, we propose ACW (AI Code Watermarking), a novel method for watermarking AI-generated codes. The key idea of ACW is to selectively apply a set of carefully-designed semantic-preserving, idempotent code transformations, whose presence (or absence) allows us to determine the existence of watermarks. It is efficient as it requires no training or fine-tuning and works in a black-box manner. Our experimental results show that ACW is effective (i.e., achieving high accuracy on detecting AI-generated codes and extracting watermarks) as well as resilient, significantly outperforming existing approaches., Comment: This work has been submitted to a conference or journal for possible publication. Copyright may be transferred without notice, after which this version may no longer be accessible
- Published
- 2024
22. Fire safety prediction for polypropylene composites in flammable environments
- Author
-
Dong, Xinxin, Zhang, Daniel Xiaotian, Liu, Jian, Dong, Fanfei, Sun, Jun, Gu, Xiaoyu, and Zhang, Sheng
- Published
- 2024
- Full Text
- View/download PDF
23. GABP-based multiparameter identification for permanent magnet synchronous linear motors
- Author
-
Cao, Meihe, Nie, Ziling, Song, Lin, and Sun, Jun
- Published
- 2024
- Full Text
- View/download PDF
24. Short-term usage of proton pump inhibitors during admission was associated with increased risk of rehospitalization in critically ill patients with myocardial infarction: a cohort study
- Author
-
Zhu, Jia-De, Yang, Li-Juan, Zhao, Jian-Nan, Wang, Ping, Li, Yi-Hua, Zhang, Xue-Sha, Pan, Jian-Mei, Jiang, Meng-Han, Yang, Hai-Ying, Yin, Sun-Jun, and He, Gong-Hao
- Published
- 2024
- Full Text
- View/download PDF
25. Mapping macrostructural and microstructural brain alterations in patients with neuronal intranuclear inclusion disease
- Author
-
Lv, Shan, Tai, Hongfei, Sun, Jun, Zhuo, Zhizheng, Duan, Yunyun, Liu, Shaocheng, Wang, An, Zhang, Zaiqiang, and Liu, Yaou
- Published
- 2024
- Full Text
- View/download PDF
26. Gas film/regenerative composite cooling characteristics of the liquid oxygen/liquid methane (LOX/LCH4) rocket engine
- Author
-
Liu, Xinlin, Sun, Jun, Jiang, Zhuohang, Li, Qinglian, Cheng, Peng, and Song, Jie
- Published
- 2024
- Full Text
- View/download PDF
27. A Fluorine-Functionalized 3D Covalent Organic Framework with Entangled 2D Layers
- Author
-
Xiao, Li-Bang, Wu, Zi-Han, Xin, Jun-Jie, Cheng, Yuan-Peng, Gui, Bo, Sun, Jun-Liang, and Wang, Cheng
- Published
- 2024
- Full Text
- View/download PDF
28. Boosting the adsorption capacity of activated carbon prepared from Amygdalus communis shells using physicochemical co-activation method
- Author
-
Wu, Huanhuan, Dong, Zijun, Sun, Jun, and Ding, Kuan
- Published
- 2024
- Full Text
- View/download PDF
29. Shortcuts Everywhere and Nowhere: Exploring Multi-Trigger Backdoor Attacks
- Author
-
Li, Yige, He, Jiabo, Huang, Hanxun, Sun, Jun, and Ma, Xingjun
- Subjects
Computer Science - Machine Learning ,Computer Science - Cryptography and Security - Abstract
Backdoor attacks have become a significant threat to the pre-training and deployment of deep neural networks (DNNs). Although numerous methods for detecting and mitigating backdoor attacks have been proposed, most rely on identifying and eliminating the ``shortcut" created by the backdoor, which links a specific source class to a target class. However, these approaches can be easily circumvented by designing multiple backdoor triggers that create shortcuts everywhere and therefore nowhere specific. In this study, we explore the concept of Multi-Trigger Backdoor Attacks (MTBAs), where multiple adversaries leverage different types of triggers to poison the same dataset. By proposing and investigating three types of multi-trigger attacks including \textit{parallel}, \textit{sequential}, and \textit{hybrid} attacks, we demonstrate that 1) multiple triggers can coexist, overwrite, or cross-activate one another, and 2) MTBAs easily break the prevalent shortcut assumption underlying most existing backdoor detection/removal methods, rendering them ineffective. Given the security risk posed by MTBAs, we have created a multi-trigger backdoor poisoning dataset to facilitate future research on detecting and mitigating these attacks, and we also discuss potential defense strategies against MTBAs.
- Published
- 2024
30. ACAV: A Framework for Automatic Causality Analysis in Autonomous Vehicle Accident Recordings
- Author
-
Sun, Huijia, Poskitt, Christopher M., Sun, Yang, Sun, Jun, and Chen, Yuqi
- Subjects
Computer Science - Software Engineering - Abstract
The rapid progress of autonomous vehicles~(AVs) has brought the prospect of a driverless future closer than ever. Recent fatalities, however, have emphasized the importance of safety validation through large-scale testing. Multiple approaches achieve this fully automatically using high-fidelity simulators, i.e., by generating diverse driving scenarios and evaluating autonomous driving systems~(ADSs) against different test oracles. While effective at finding violations, these approaches do not identify the decisions and actions that \emph{caused} them -- information that is critical for improving the safety of ADSs. To address this challenge, we propose ACAV, an automated framework designed to conduct causality analysis for AV accident recordings in two stages. First, we apply feature extraction schemas based on the messages exchanged between ADS modules, and use a weighted voting method to discard frames of the recording unrelated to the accident. Second, we use safety specifications to identify safety-critical frames and deduce causal events by applying CAT -- our causal analysis tool -- to a station-time graph. We evaluate ACAV on the Apollo ADS, finding that it can identify five distinct types of causal events in 93.64% of 110 accident recordings generated by an AV testing engine. We further evaluated ACAV on 1206 accident recordings collected from versions of Apollo injected with specific faults, finding that it can correctly identify causal events in 96.44% of the accidents triggered by prediction errors, and 85.73% of the accidents triggered by planning errors., Comment: Accepted by the IEEE/ACM 46th International Conference on Software Engineering (ICSE 2024)
- Published
- 2024
- Full Text
- View/download PDF
31. REDriver: Runtime Enforcement for Autonomous Vehicles
- Author
-
Sun, Yang, Poskitt, Christopher M., Zhang, Xiaodong, and Sun, Jun
- Subjects
Computer Science - Software Engineering - Abstract
Autonomous driving systems (ADSs) integrate sensing, perception, drive control, and several other critical tasks in autonomous vehicles, motivating research into techniques for assessing their safety. While there are several approaches for testing and analysing them in high-fidelity simulators, ADSs may still encounter additional critical scenarios beyond those covered once they are deployed on real roads. An additional level of confidence can be established by monitoring and enforcing critical properties when the ADS is running. Existing work, however, is only able to monitor simple safety properties (e.g., avoidance of collisions) and is limited to blunt enforcement mechanisms such as hitting the emergency brakes. In this work, we propose REDriver, a general and modular approach to runtime enforcement, in which users can specify a broad range of properties (e.g., national traffic laws) in a specification language based on signal temporal logic (STL). REDriver monitors the planned trajectory of the ADS based on a quantitative semantics of STL, and uses a gradient-driven algorithm to repair the trajectory when a violation of the specification is likely. We implemented REDriver for two versions of Apollo (i.e., a popular ADS), and subjected it to a benchmark of violations of Chinese traffic laws. The results show that REDriver significantly improves Apollo's conformance to the specification with minimal overhead., Comment: Accepted by the IEEE/ACM 46th International Conference on Software Engineering (ICSE 2024)
- Published
- 2024
- Full Text
- View/download PDF
32. Experimenting a New Programming Practice with LLMs
- Author
-
Zhang, Simiao, Wang, Jiaping, Dong, Guoliang, Sun, Jun, Zhang, Yueling, and Pu, Geguang
- Subjects
Computer Science - Software Engineering - Abstract
The recent development on large language models makes automatically constructing small programs possible. It thus has the potential to free software engineers from low-level coding and allow us to focus on the perhaps more interesting parts of software development, such as requirement engineering and system testing. In this project, we develop a prototype named AISD (AI-aided Software Development), which is capable of taking high-level (potentially vague) user requirements as inputs, generates detailed use cases, prototype system designs, and subsequently system implementation. Different from existing attempts, AISD is designed to keep the user in the loop, i.e., by repeatedly taking user feedback on use cases, high-level system designs, and prototype implementations through system testing. AISD has been evaluated with a novel benchmark of non-trivial software projects. The experimental results suggest that it might be possible to imagine a future where software engineering is reduced to requirement engineering and system testing only.
- Published
- 2024
33. PTE: Axiomatic Semantics based Compiler Testing
- Author
-
Dong, Guoliang, Sun, Jun, Schumi, Richard, Wang, Bo, and Wang, Xinyu
- Subjects
Computer Science - Software Engineering - Abstract
The correctness of a compiler affects the correctness of every program written in the language, and thus must be thoroughly evaluated. Existing automatic compiler testing methods however either rely on weak oracles (e.g., a program behaves the same if only dead code is modified), or require substantial initial effort (e.g., having a complete operational language semantics). While the former prevents a comprehensive correctness evaluation, the latter makes those methods irrelevant in practice. In this work, we propose an axiomatic semantics based approach for testing compilers, called PTE. The idea is to incrementally develop a set of ``axioms'' capturing anecdotes of the language semantics in the form of \emph{(\textbf{p}recondition, \textbf{t}ransformation, \textbf{e}xpectation) triples, which allows us to test the compiler automatically.} Such axioms are written in the same language whose compiler is under test, and can be developed either based on the language specification, or by generalizing the bug reports. PTE has been applied to a newly developed compiler (i.e., Cangjie) and a mature compiler (i.e., Java), and successfully identified 42 implementation bugs and 9 potential language design issues.
- Published
- 2024
34. RedCore: Relative Advantage Aware Cross-modal Representation Learning for Missing Modalities with Imbalanced Missing Rates
- Author
-
Sun, Jun, Zhang, Xinxin, Han, Shoukang, Ruan, Yu-ping, and Li, Taihao
- Subjects
Computer Science - Machine Learning - Abstract
Multimodal learning is susceptible to modality missing, which poses a major obstacle for its practical applications and, thus, invigorates increasing research interest. In this paper, we investigate two challenging problems: 1) when modality missing exists in the training data, how to exploit the incomplete samples while guaranteeing that they are properly supervised? 2) when the missing rates of different modalities vary, causing or exacerbating the imbalance among modalities, how to address the imbalance and ensure all modalities are well-trained? To tackle these two challenges, we first introduce the variational information bottleneck (VIB) method for the cross-modal representation learning of missing modalities, which capitalizes on the available modalities and the labels as supervision. Then, accounting for the imbalanced missing rates, we define relative advantage to quantify the advantage of each modality over others. Accordingly, a bi-level optimization problem is formulated to adaptively regulate the supervision of all modalities during training. As a whole, the proposed approach features \textbf{Re}lative a\textbf{d}vantage aware \textbf{C}ross-m\textbf{o}dal \textbf{r}epresentation l\textbf{e}arning (abbreviated as \textbf{RedCore}) for missing modalities with imbalanced missing rates. Extensive empirical results demonstrate that RedCore outperforms competing models in that it exhibits superior robustness against either large or imbalanced missing rates.
- Published
- 2023
35. Causality Analysis for Evaluating the Security of Large Language Models
- Author
-
Zhao, Wei, Li, Zhe, and Sun, Jun
- Subjects
Computer Science - Artificial Intelligence - Abstract
Large Language Models (LLMs) such as GPT and Llama2 are increasingly adopted in many safety-critical applications. Their security is thus essential. Even with considerable efforts spent on reinforcement learning from human feedback (RLHF), recent studies have shown that LLMs are still subject to attacks such as adversarial perturbation and Trojan attacks. Further research is thus needed to evaluate their security and/or understand the lack of it. In this work, we propose a framework for conducting light-weight causality-analysis of LLMs at the token, layer, and neuron level. We applied our framework to open-source LLMs such as Llama2 and Vicuna and had multiple interesting discoveries. Based on a layer-level causality analysis, we show that RLHF has the effect of overfitting a model to harmful prompts. It implies that such security can be easily overcome by `unusual' harmful prompts. As evidence, we propose an adversarial perturbation method that achieves 100\% attack success rate on the red-teaming tasks of the Trojan Detection Competition 2023. Furthermore, we show the existence of one mysterious neuron in both Llama2 and Vicuna that has an unreasonably high causal effect on the output. While we are uncertain on why such a neuron exists, we show that it is possible to conduct a ``Trojan'' attack targeting that particular neuron to completely cripple the LLM, i.e., we can generate transferable suffixes to prompts that frequently make the LLM produce meaningless responses.
- Published
- 2023
36. Prompting Frameworks for Large Language Models: A Survey
- Author
-
Liu, Xiaoxia, Wang, Jingyi, Sun, Jun, Yuan, Xiaohan, Dong, Guoliang, Di, Peng, Wang, Wenhai, and Wang, Dongxia
- Subjects
Computer Science - Software Engineering - Abstract
Since the launch of ChatGPT, a powerful AI Chatbot developed by OpenAI, large language models (LLMs) have made significant advancements in both academia and industry, bringing about a fundamental engineering paradigm shift in many areas. While LLMs are powerful, it is also crucial to best use their power where "prompt'' plays a core role. However, the booming LLMs themselves, including excellent APIs like ChatGPT, have several inherent limitations: 1) temporal lag of training data, and 2) the lack of physical capabilities to perform external actions. Recently, we have observed the trend of utilizing prompt-based tools to better utilize the power of LLMs for downstream tasks, but a lack of systematic literature and standardized terminology, partly due to the rapid evolution of this field. Therefore, in this work, we survey related prompting tools and promote the concept of the "Prompting Framework" (PF), i.e. the framework for managing, simplifying, and facilitating interaction with large language models. We define the lifecycle of the PF as a hierarchical structure, from bottom to top, namely: Data Level, Base Level, Execute Level, and Service Level. We also systematically depict the overall landscape of the emerging PF field and discuss potential future research and challenges. To continuously track the developments in this area, we maintain a repository at https://github.com/lxx0628/Prompting-Framework-Survey, which can be a useful resource sharing platform for both academic and industry in this field.
- Published
- 2023
37. Feature Space Renormalization for Semi-supervised Learning
- Author
-
Sun, Jun, Mao, Zhongjie, Li, Chao, Zhou, Chao, and Wu, Xiao-Jun
- Subjects
Computer Science - Machine Learning - Abstract
Semi-supervised learning (SSL) has been proven to be a powerful method for leveraging unlabelled data to alleviate models' dependence on large labelled datasets. The common framework among recent approaches is to train the model on a large amount of unlabelled data with consistency regularization to constrain the model predictions to be invariant to input perturbation. However, the existing SSL frameworks still have room for improvement in the consistency regularization method. Instead of regularizing category predictions in the label space as in existing frameworks, this paper proposes a feature space renormalization (FSR) mechanism for SSL. First, we propose a feature space renormalization mechanism to substitute for the commonly used consistency regularization mechanism to learn better discriminative features. To apply this mechanism, we start by building a basic model and an empirical model and then introduce our mechanism to renormalize the feature learning of the basic model with the guidance of the empirical model. Second, we combine the proposed mechanism with pseudo-labelling to obtain a novel effective SSL model named FreMatch. The experimental results show that our method can achieve better performance on a variety of standard SSL benchmark datasets, and the proposed feature space renormalization mechanism can also enhance the performance of other SSL approaches., Comment: Version 1
- Published
- 2023
38. Certified Quantization Strategy Synthesis for Neural Networks
- Author
-
Zhang, Yedi, Chen, Guangke, Song, Fu, Sun, Jun, Dong, Jin Song, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Platzer, André, editor, Rozier, Kristin Yvonne, editor, Pradella, Matteo, editor, and Rossi, Matteo, editor
- Published
- 2025
- Full Text
- View/download PDF
39. Effect of Cu content on martensitic transformation and shape memory behavior in Ti31.5Hf15Zr5Ni48.5−xCux alloys
- Author
-
Pang, Jianbo, Dang, Pengfei, Tian, Jin, Zhang, Lei, Zhou, Yumei, Ding, Xiangdong, Sun, Jun, and Xue, Dezhen
- Published
- 2024
- Full Text
- View/download PDF
40. Crop Yield Prediction Based on Bacterial Biomarkers and Machine Learning
- Author
-
Ma, Li, Niu, Wenquan, Li, Guochun, Du, Yadan, Sun, Jun, and Siddique, Kadambot H. M.
- Published
- 2024
- Full Text
- View/download PDF
41. Grape leaf moisture prediction from UAVs using multimodal data fusion and machine learning
- Author
-
Peng, Xuelian, Ma, Yuxin, Sun, Jun, Chen, Dianyu, Zhen, Jingbo, Zhang, Zhitao, Hu, Xiaotao, and Wang, Yakun
- Published
- 2024
- Full Text
- View/download PDF
42. Cognitive Behavioral Therapy in China: Practices and Exploration
- Author
-
Man, Jiao, Yan, Ru, Yang, Kaidi, Ouyang, Yuting, Shu, Chenye, Sun, Jun, Wang, Jianping, and Dobson, Keith S.
- Published
- 2024
- Full Text
- View/download PDF
43. SARS-CoV-2 nucleocapsid protein, rather than spike protein, triggers a cytokine storm originating from lung epithelial cells in patients with COVID-19
- Author
-
Wang, Ying‑Chuan, Tsai, Chih-Hsuan, Wang, Yung-Chih, Yen, Li-Chen, Chang, Yao-Wen, Sun, Jun-Ren, Lin, Te-Yu, Chiu, Chun-Hsiang, Chao, Yu-Chan, and Chang, Feng-Yee
- Published
- 2024
- Full Text
- View/download PDF
44. Rank estimation for the function-on-scalar model
- Author
-
Sun, Jun, Zhao, Mingtao, Li, Ning, and Yang, Jing
- Published
- 2024
- Full Text
- View/download PDF
45. Design of Type III Fuzzy Controller for Buck/Boost Converter
- Author
-
Sun, Jun and Xiang, Hongbin
- Published
- 2024
- Full Text
- View/download PDF
46. Review of Sc microalloying effects in Al–Cu alloys
- Author
-
Wu, Shenghua, Yang, Chong, Zhang, Peng, Xue, Hang, Gao, Yihan, Wang, Yuqing, Wang, Ruihong, Zhang, Jinyu, Liu, Gang, and Sun, Jun
- Published
- 2024
- Full Text
- View/download PDF
47. Amide proton transfer-weighted imaging and derived radiomics in the classification of adult-type diffuse gliomas
- Author
-
Wu, Minghao, Jiang, Tongling, Guo, Min, Duan, Yunyun, Zhuo, Zhizheng, Weng, Jinyuan, Xie, Cong, Sun, Jun, Li, Junjie, Cheng, Dan, Liu, Xing, Du, Jiang, Zhang, Xianchang, Zhang, Yi, and Liu, Yaou
- Published
- 2024
- Full Text
- View/download PDF
48. Configuring Timing Parameters to Ensure Execution-Time Opacity in Timed Automata
- Author
-
André, Étienne, Lefaucheux, Engel, Lime, Didier, Marinho, Dylan, and Sun, Jun
- Subjects
Computer Science - Logic in Computer Science ,Computer Science - Cryptography and Security ,Computer Science - Software Engineering ,F.1.1 ,F.4.1 ,D.4.6 - Abstract
Timing information leakage occurs whenever an attacker successfully deduces confidential internal information by observing some timed information such as events with timestamps. Timed automata are an extension of finite-state automata with a set of clocks evolving linearly and that can be tested or reset, making this formalism able to reason on systems involving concurrency and timing constraints. In this paper, we summarize a recent line of works using timed automata as the input formalism, in which we assume that the attacker has access (only) to the system execution time. First, we address the following execution-time opacity problem: given a timed system modeled by a timed automaton, given a secret location and a final location, synthesize the execution times from the initial location to the final location for which one cannot deduce whether the secret location was visited. This means that for any such execution time, the system is opaque: either the final location is not reachable, or it is reachable with that execution time for both a run visiting and a run not visiting the secret location. We also address the full execution-time opacity problem, asking whether the system is opaque for all execution times; we also study a weak counterpart. Second, we add timing parameters, which are a way to configure a system: we identify a subclass of parametric timed automata with some decidability results. In addition, we devise a semi-algorithm for synthesizing timing parameter valuations guaranteeing that the resulting system is opaque. Third, we report on problems when the secret has itself an expiration date, thus defining expiring execution-time opacity problems. We finally show that our method can also apply to program analysis with configurable internal timings., Comment: In Proceedings TiCSA 2023, arXiv:2310.18720. This invited paper mainly summarizes results on opacity from two recent works published in ToSEM (2022) and at ICECCS 2023, providing unified notations and concept names for the sake of consistency. In addition, we prove a few original results absent from these works
- Published
- 2023
- Full Text
- View/download PDF
49. Unexpected Reversed Piezoelectric Response in Elemental Sb and Bi Monolayers
- Author
-
Hong, Yunfei, Deng, Junkai, Kong, Qi, Ding, Xiangdong, Sun, Jun, and Liu, Jefferson Zhe
- Subjects
Condensed Matter - Materials Science ,Physics - Atomic Physics - Abstract
Sb and Bi monolayers, as single-elemental ferroelectric materials with similar atomic structure, hold intrinsic piezoelectricity theoretically, which makes them highly promising for applications in functional nano-devices such as sensors and actuators. Here, using first-principles calculations, we systematically explore the piezoelectric response of Sb and Bi monolayers. Our findings reveal that Sb exhibits a negative piezoelectric response, whereas Bi displays a positive one. This discrepancy is attributed to the dominant role of different atomic internal distortions (internal-strain terms) in response to applied strain. Further electron-density distribution analysis reveals that the atomic bonding in Sb tends to be covalent, while the atomic bonding in Bi leans more towards ionic. Compared to the Sb monolayer, the Bi monolayer is distinguished by its more pronounced lone-pair orbitals electrons and associated larger Born effective charges. The Coulomb repulsions between lone-pair orbitals electrons and the chemical bonds lead to the Bi monolayer possessing more prominent atomic folds and, consequently, more significant atomic distortion in the z-direction under strain. These differences result in a considerable difference in internal-strain terms, ultimately leading to the reversed piezoelectric response between Sb and Bi monolayers. The present work provides valuable insights into the piezoelectric mechanism of 2D ferroelectric materials and their potential applications in nano-electronic devices.
- Published
- 2023
50. Exploiting Machine Unlearning for Backdoor Attacks in Deep Learning System
- Author
-
Zhang, Peixin, Sun, Jun, Tan, Mingtian, and Wang, Xinyu
- Subjects
Computer Science - Cryptography and Security ,Computer Science - Machine Learning - Abstract
In recent years, the security issues of artificial intelligence have become increasingly prominent due to the rapid development of deep learning research and applications. Backdoor attack is an attack targeting the vulnerability of deep learning models, where hidden backdoors are activated by triggers embedded by the attacker, thereby outputting malicious predictions that may not align with the intended output for a given input. In this work, we propose a novel black-box backdoor attack based on machine unlearning. The attacker first augments the training set with carefully designed samples, including poison and mitigation data, to train a `benign' model. Then, the attacker posts unlearning requests for the mitigation samples to remove the impact of relevant data on the model, gradually activating the hidden backdoor. Since backdoors are implanted during the iterative unlearning process, it significantly increases the computational overhead of existing defense methods for backdoor detection or mitigation. To address this new security threat, we proposes two methods for detecting or mitigating such malicious unlearning requests. We conduct the experiment in both exact unlearning and approximate unlearning (i.e., SISA) settings. Experimental results indicate that: 1) our attack approach can successfully implant backdoor into the model, and sharding increases the difficult of attack; 2) our detection algorithms are effective in identifying the mitigation samples, while sharding reduces the effectiveness of our detection algorithms.
- Published
- 2023
Catalog
Discovery Service for Jio Institute Digital Library
For full access to our library's resources, please sign in.