Search

Your search keyword '"Yang, Junfeng"' showing total 1,675 results
Start Over Author "Yang, Junfeng"
1,675 results on '"Yang, Junfeng"'

1. SmartInv: Multimodal Learning for Smart Contract Invariant Inference

Author

Wang, Sally Junsong, Pei, Kexin, and Yang, Junfeng

Subjects
Computer Science - Software Engineering, Computer Science - Cryptography and Security, Computer Science - Programming Languages
Abstract

Smart contracts are software programs that enable diverse business activities on the blockchain. Recent research has identified new classes of "machine un-auditable" bugs that arise from both transactional contexts and source code. Existing detection methods require human understanding of underlying transaction logic and manual reasoning across different sources of context (i.e. modalities), such as code, dynamic transaction executions, and natural language specifying the expected transaction behavior. To automate the detection of ``machine un-auditable'' bugs, we present SmartInv, an accurate and fast smart contract invariant inference framework. Our key insight is that the expected behavior of smart contracts, as specified by invariants, relies on understanding and reasoning across multimodal information, such as source code and natural language. We propose a new prompting strategy to foundation models, Tier of Thought (ToT), to reason across multiple modalities of smart contracts and ultimately to generate invariants. By checking the violation of these generated invariants, SmartInv can identify potential vulnerabilities. We evaluate SmartInv on real-world contracts and re-discover bugs that resulted in multi-million dollar losses over the past 2.5 years (from January 1, 2021 to May 31, 2023). Our extensive evaluation shows that SmartInv generates (3.5X) more bug-critical invariants and detects (4$\times$) more critical bugs compared to the state-of-the-art tools in significantly (150X) less time. \sys uncovers 119 zero-day vulnerabilities from the 89,621 real-world contracts. Among them, five are critical zero-day bugs confirmed by developers as ``high severity.''

Published
2024

2. Diversity Helps Jailbreak Large Language Models

Author

Zhao, Weiliang, Ben-Levi, Daniel, Yang, Junfeng, and Mao, Chengzhi

Subjects
Computer Science - Computation and Language
Abstract

We have uncovered a powerful jailbreak technique that leverages large language models' ability to diverge from prior context, enabling them to bypass safety constraints and generate harmful outputs. By simply instructing the LLM to deviate and obfuscate previous attacks, our method dramatically outperforms existing approaches, achieving up to a 62% higher success rate in compromising nine leading chatbots, including GPT-4, Gemini, and Llama, while using only 13% of the queries. This revelation exposes a critical flaw in current LLM safety training, suggesting that existing methods may merely mask vulnerabilities rather than eliminate them. Our findings sound an urgent alarm for the need to revolutionize testing methodologies to ensure robust and reliable LLM security., Comment: arXiv admin note: text overlap with arXiv:2312.02119

Published
2024

3. I Can Hear You: Selective Robust Training for Deepfake Audio Detection

Author

Zhang, Zirui, Hao, Wei, Sankoh, Aroon, Lin, William, Mendiola-Ortiz, Emanuel, Yang, Junfeng, and Mao, Chengzhi

Subjects
Computer Science - Sound, Computer Science - Artificial Intelligence, Electrical Engineering and Systems Science - Audio and Speech Processing
Abstract

Recent advances in AI-generated voices have intensified the challenge of detecting deepfake audio, posing risks for scams and the spread of disinformation. To tackle this issue, we establish the largest public voice dataset to date, named DeepFakeVox-HQ, comprising 1.3 million samples, including 270,000 high-quality deepfake samples from 14 diverse sources. Despite previously reported high accuracy, existing deepfake voice detectors struggle with our diversely collected dataset, and their detection success rates drop even further under realistic corruptions and adversarial attacks. We conduct a holistic investigation into factors that enhance model robustness and show that incorporating a diversified set of voice augmentations is beneficial. Moreover, we find that the best detection models often rely on high-frequency features, which are imperceptible to humans and can be easily manipulated by an attacker. To address this, we propose the F-SAT: Frequency-Selective Adversarial Training method focusing on high-frequency components. Empirical results demonstrate that using our training dataset boosts baseline model performance (without robust training) by 33%, and our robust training further improves accuracy by 7.7% on clean samples and by 29.3% on corrupted and attacked samples, over the state-of-the-art RawNet3 model.

Published
2024

4. SPIN: Self-Supervised Prompt INjection

Author

Zhou, Leon, Yang, Junfeng, and Mao, Chengzhi

Subjects
Computer Science - Computation and Language, Computer Science - Artificial Intelligence
Abstract

Large Language Models (LLMs) are increasingly used in a variety of important applications, yet their safety and reliability remain as major concerns. Various adversarial and jailbreak attacks have been proposed to bypass the safety alignment and cause the model to produce harmful responses. We introduce Self-supervised Prompt INjection (SPIN) which can detect and reverse these various attacks on LLMs. As our self-supervised prompt defense is done at inference-time, it is also compatible with existing alignment and adds an additional layer of safety for defense. Our benchmarks demonstrate that our system can reduce the attack success rate by up to 87.9%, while maintaining the performance on benign user requests. In addition, we discuss the situation of an adaptive attacker and show that our method is still resilient against attackers who are aware of our defense.

Published
2024

5. Relaxed Proximal Point Algorithm: Tight Complexity Bounds and Acceleration without Momentum

Author

Wang, Bofan, Ma, Shiqian, Yang, Junfeng, and Zhou, Danqing

Subjects
Mathematics - Optimization and Control
Abstract

In this paper, we focus on the relaxed proximal point algorithm (RPPA) for solving convex (possibly nonsmooth) optimization problems. We conduct a comprehensive study on three types of relaxation schedules: (i) constant schedule with relaxation parameter $\alpha_k\equiv \alpha \in (0, \sqrt{2}]$, (ii) the dynamic schedule put forward by Teboulle and Vaisbourd [TV23], and (iii) the silver stepsize schedule proposed by Altschuler and Parrilo [AP23b]. The latter two schedules were initially investigated for the gradient descent (GD) method and are extended to the RPPA in this paper. For type (i), we establish tight non-ergodic $O(1/N)$ convergence rate results measured by function value residual and subgradient norm, where $N$ denotes the iteration counter. For type (ii), we establish a convergence rate that is tight and approximately $\sqrt{2}$ times better than the constant schedule of type (i). For type (iii), aside from the original silver stepsize schedule put forward by Altschuler and Parrilo, we propose two new modified silver stepsize schedules, and for all the three silver stepsize schedules, $O(1/N^{1.2716})$ accelerated convergence rate results with respect to three different performance metrics are established. Furthermore, our research affirms the conjecture in [LG24][Conjecture 3.2] on GD method with the original silver stepsize schedule.

Published
2024

6. RAFT: Realistic Attacks to Fool Text Detectors

Author

Wang, James, Li, Ran, Yang, Junfeng, and Mao, Chengzhi

Subjects
Computer Science - Computation and Language, Computer Science - Machine Learning
Abstract

Large language models (LLMs) have exhibited remarkable fluency across various tasks. However, their unethical applications, such as disseminating disinformation, have become a growing concern. Although recent works have proposed a number of LLM detection methods, their robustness and reliability remain unclear. In this paper, we present RAFT: a grammar error-free black-box attack against existing LLM detectors. In contrast to previous attacks for language models, our method exploits the transferability of LLM embeddings at the word-level while preserving the original text quality. We leverage an auxiliary embedding to greedily select candidate words to perturb against the target detector. Experiments reveal that our attack effectively compromises all detectors in the study across various domains by up to 99%, and are transferable across source models. Manual human evaluation studies show our attacks are realistic and indistinguishable from original human-written text. We also show that examples generated by RAFT can be used to train adversarially robust detectors. Our work shows that current LLM detectors are not adversarially robust, underscoring the urgent need for more resilient detection mechanisms., Comment: Accepted by EMNLP 2024

Published
2024

7. Detecting Buggy Contracts via Smart Testing

Author

Wang, Sally Junsong, Yao, Jianan, Pei, Kexin, Takahashi, Hidedaki, and Yang, Junfeng

Subjects
Computer Science - Software Engineering, Computer Science - Machine Learning, Computer Science - Programming Languages
Abstract

Smart contracts are susceptible to critical vulnerabilities. Hybrid dynamic analyses, such as concolic execution assisted fuzzing and foundation model assisted fuzzing, have emerged as highly effective testing techniques for smart contract bug detection recently. This hybrid approach has shown initial promise in real-world benchmarks, but it still suffers from low scalability to find deep bugs buried in complex code patterns. We observe that performance bottlenecks of existing dynamic analyses and model hallucination are two main factors limiting the scalability of this hybrid approach in finding deep bugs. To overcome the challenges, we design an interactive, self-deciding foundation model based system, called SmartSys, to support hybrid smart contract dynamic analyses. The key idea is to teach foundation models about performance bottlenecks of different dynamic analysis techniques, making it possible to forecast the right technique and generates effective fuzz targets that can reach deep, hidden bugs. To prune hallucinated, incorrect fuzz targets, SmartSys feeds foundation models with feedback from dynamic analysis during compilation and at runtime. The interesting results of SmartSys include: i) discovering a smart contract protocol vulnerability that has escaped eleven tools and survived multiple audits for over a year; ii) improving coverage by up to 14.3\% on real-world benchmarks compared to the baselines.

Published
2024

8. Comment on Revisiting Neural Program Smoothing for Fuzzing

Author

She, Dongdong, Pei, Kexin, Yang, Junfeng, Ray, Baishakhi, and Jana, Suman

Subjects
Computer Science - Cryptography and Security
Abstract

MLFuzz, a work accepted at ACM FSE 2023, revisits the performance of a machine learning-based fuzzer, NEUZZ. We demonstrate that its main conclusion is entirely wrong due to several fatal bugs in the implementation and wrong evaluation setups, including an initialization bug in persistent mode, a program crash, an error in training dataset collection, and a mistake in fuzzing result collection. Additionally, MLFuzz uses noisy training datasets without sufficient data cleaning and preprocessing, which contributes to a drastic performance drop in NEUZZ. We address these issues and provide a corrected implementation and evaluation setup, showing that NEUZZ consistently performs well over AFL on the FuzzBench dataset. Finally, we reflect on the evaluation methods used in MLFuzz and offer practical advice on fair and scientific fuzzing evaluations., Comment: Comment on 10.1145/3611643.3616308

Published
2024

9. Hokoff: Real Game Dataset from Honor of Kings and its Offline Reinforcement Learning Benchmarks

Author

Qu, Yun, Wang, Boyuan, Shao, Jianzhun, Jiang, Yuhang, Chen, Chen, Ye, Zhenbin, Liu, Lin, Yang, Junfeng, Lai, Lin, Qin, Hongyang, Deng, Minwen, Zhuo, Juchao, Ye, Deheng, Fu, Qiang, Yang, Wei, Yang, Guang, Huang, Lanxiao, and Ji, Xiangyang

Subjects
Computer Science - Artificial Intelligence, Computer Science - Machine Learning
Abstract

The advancement of Offline Reinforcement Learning (RL) and Offline Multi-Agent Reinforcement Learning (MARL) critically depends on the availability of high-quality, pre-collected offline datasets that represent real-world complexities and practical applications. However, existing datasets often fall short in their simplicity and lack of realism. To address this gap, we propose Hokoff, a comprehensive set of pre-collected datasets that covers both offline RL and offline MARL, accompanied by a robust framework, to facilitate further research. This data is derived from Honor of Kings, a recognized Multiplayer Online Battle Arena (MOBA) game known for its intricate nature, closely resembling real-life situations. Utilizing this framework, we benchmark a variety of offline RL and offline MARL algorithms. We also introduce a novel baseline algorithm tailored for the inherent hierarchical action space of the game. We reveal the incompetency of current offline RL approaches in handling task complexity, generalization and multi-task learning.

Published
2024

10. Learning to Rewrite: Generalized LLM-Generated Text Detection

Author

Hao, Wei, Li, Ran, Zhao, Weiliang, Yang, Junfeng, and Mao, Chengzhi

Subjects
Computer Science - Computation and Language
Abstract

Large language models (LLMs) can be abused at scale to create non-factual content and spread disinformation. Detecting LLM-generated content is essential to mitigate these risks, but current classifiers often fail to generalize in open-world contexts. Prior work shows that LLMs tend to rewrite LLM-generated content less frequently, which can be used for detection and naturally generalizes to unforeseen data. However, we find that the rewriting edit distance between human and LLM content can be indistinguishable across domains, leading to detection failures. We propose training an LLM to rewrite input text, producing minimal edits for LLM-generated content and more edits for human-written text, deriving a distinguishable and generalizable edit distance difference across different domains. Experiments on text from 21 independent domains and three popular LLMs (e.g., GPT-4o, Gemini, and Llama-3) show that our classifier outperforms the state-of-the-art zero-shot classifier by up to 20.6% on AUROC score and the rewriting classifier by 9.2% on F1 score. Our work suggests that LLM can effectively detect machine-generated text if they are trained properly.

Published
2024

11. KGym: A Platform and Dataset to Benchmark Large Language Models on Linux Kernel Crash Resolution

Author

Mathai, Alex, Huang, Chenxi, Maniatis, Petros, Nogikh, Aleksandr, Ivancic, Franjo, Yang, Junfeng, and Ray, Baishakhi

Subjects
Computer Science - Software Engineering
Abstract

Large Language Models (LLMs) are consistently improving at increasingly realistic software engineering (SE) tasks. In real-world software stacks, significant SE effort is spent developing foundational system software like the Linux kernel. Unlike application-level software, a systems codebase like Linux is multilingual (low-level C/Assembly/Bash/Rust); gigantic (>20 million lines); critical (impacting billions of devices worldwide), and highly concurrent (involving complex multi-threading). To evaluate if ML models are useful while developing such large-scale systems-level software, we introduce kGym (a platform) and kBench (a dataset). The kGym platform provides a SE environment for large-scale experiments on the Linux kernel, including compiling and running kernels in parallel across several virtual machines, detecting operations and crashes, inspecting logs, and querying and patching the code base. We use kGym to facilitate evaluation on kBench, a crash resolution benchmark drawn from real-world Linux kernel bugs. An example bug in kBench contains crashing stack traces, a bug-reproducer file, a developer-written fix, and other associated data. To understand current performance, we conduct baseline experiments by prompting LLMs to resolve Linux kernel crashes. Our initial evaluations reveal that the best performing LLM achieves 0.72% and 5.38% in the unassisted and assisted (i.e., buggy files disclosed to the model) settings, respectively. These results highlight the need for further research to enhance model performance in SE tasks. Improving performance on kBench requires models to master new learning skills, including understanding the cause of crashes and repairing faults, writing memory-safe and hardware-aware code, and understanding concurrency. As a result, this work opens up multiple avenues of research at the intersection of machine learning and systems software.

Published
2024

12. Turns Out I'm Not Real: Towards Robust Detection of AI-Generated Videos

Author

Liu, Qingyuan, Shi, Pengyuan, Tsai, Yun-Yun, Mao, Chengzhi, and Yang, Junfeng

Subjects
Computer Science - Computer Vision and Pattern Recognition
Abstract

The impressive achievements of generative models in creating high-quality videos have raised concerns about digital integrity and privacy vulnerabilities. Recent works to combat Deepfakes videos have developed detectors that are highly accurate at identifying GAN-generated samples. However, the robustness of these detectors on diffusion-generated videos generated from video creation tools (e.g., SORA by OpenAI, Runway Gen-2, and Pika, etc.) is still unexplored. In this paper, we propose a novel framework for detecting videos synthesized from multiple state-of-the-art (SOTA) generative models, such as Stable Video Diffusion. We find that the SOTA methods for detecting diffusion-generated images lack robustness in identifying diffusion-generated videos. Our analysis reveals that the effectiveness of these detectors diminishes when applied to out-of-domain videos, primarily because they struggle to track the temporal features and dynamic variations between frames. To address the above-mentioned challenge, we collect a new benchmark video dataset for diffusion-generated videos using SOTA video creation tools. We extract representation within explicit knowledge from the diffusion model for video frames and train our detector with a CNN + LSTM architecture. The evaluation shows that our framework can well capture the temporal features between frames, achieves 93.7% detection accuracy for in-domain videos, and improves the accuracy of out-domain videos by up to 16 points.

Published
2024

13. SemCoder: Training Code Language Models with Comprehensive Semantics Reasoning

Author

Ding, Yangruibo, Peng, Jinjun, Min, Marcus J., Kaiser, Gail, Yang, Junfeng, and Ray, Baishakhi

Subjects
Computer Science - Computation and Language, Computer Science - Artificial Intelligence, Computer Science - Software Engineering
Abstract

Code Large Language Models (Code LLMs) have excelled at tasks like code completion but often miss deeper semantics such as execution effects and dynamic states. This paper aims to bridge the gap between Code LLMs' reliance on static text data and the need for semantic understanding for complex tasks like debugging and program repair. We introduce a novel strategy, monologue reasoning, to train Code LLMs to reason comprehensive semantics, encompassing high-level functional descriptions, local execution effects of individual statements, and overall input/output behavior, thereby linking static code text with dynamic execution states. We begin by collecting PyX, a clean Python corpus of fully executable code samples with functional descriptions and test cases. We propose training Code LLMs not only to write code but also to understand code semantics by reasoning about key properties, constraints, and execution behaviors using natural language, mimicking human verbal debugging, i.e., rubber-duck debugging. This approach led to the development of SemCoder, a Code LLM with only 6.7B parameters, which shows competitive performance with GPT-3.5-turbo on code generation and execution reasoning tasks. SemCoder achieves 79.3% on HumanEval (GPT-3.5-turbo: 76.8%), 63.6% on CRUXEval-I (GPT-3.5-turbo: 50.3%), and 63.9% on CRUXEval-O (GPT-3.5-turbo: 59.0%). We also study the effectiveness of SemCoder's monologue-style execution reasoning compared to concrete scratchpad reasoning, showing that our approach integrates semantics from multiple dimensions more smoothly. Finally, we demonstrate the potential of applying learned semantics to improve Code LLMs' debugging and self-refining capabilities. Our data, code, and models are available at: https://github.com/ARiSE-Lab/SemCoder., Comment: NeurIPS 2024 Camera-ready

Published
2024

14. NTIRE 2024 Quality Assessment of AI-Generated Content Challenge

Author

Liu, Xiaohong, Min, Xiongkuo, Zhai, Guangtao, Li, Chunyi, Kou, Tengchuan, Sun, Wei, Wu, Haoning, Gao, Yixuan, Cao, Yuqin, Zhang, Zicheng, Wu, Xiele, Timofte, Radu, Peng, Fei, Fu, Huiyuan, Ming, Anlong, Wang, Chuanming, Ma, Huadong, He, Shuai, Dou, Zifei, Chen, Shu, Zhang, Huacong, Xie, Haiyi, Wang, Chengwei, Chen, Baoying, Zeng, Jishen, Yang, Jianquan, Wang, Weigang, Fang, Xi, Lv, Xiaoxin, Yan, Jun, Zhi, Tianwu, Zhang, Yabin, Li, Yaohui, Li, Yang, Xu, Jingwen, Liu, Jianzhao, Liao, Yiting, Li, Junlin, Yu, Zihao, Lu, Yiting, Li, Xin, Motamednia, Hossein, Hosseini-Benvidi, S. Farhad, Guan, Fengbin, Mahmoudi-Aznaveh, Ahmad, Mansouri, Azadeh, Gankhuyag, Ganzorig, Yoon, Kihwan, Xu, Yifang, Fan, Haotian, Kong, Fangyuan, Zhao, Shiling, Dong, Weifeng, Yin, Haibing, Zhu, Li, Wang, Zhiling, Huang, Bingchen, Saha, Avinab, Mishra, Sandeep, Gupta, Shashank, Sureddi, Rajesh, Saha, Oindrila, Celona, Luigi, Bianco, Simone, Napoletano, Paolo, Schettini, Raimondo, Yang, Junfeng, Fu, Jing, Zhang, Wei, Cao, Wenzhi, Liu, Limei, Peng, Han, Yuan, Weijun, Li, Zhan, Cheng, Yihang, Deng, Yifan, Li, Haohui, Qu, Bowen, Li, Yao, Luo, Shuqing, Wang, Shunzhou, Gao, Wei, Lu, Zihao, Conde, Marcos V., Wang, Xinrui, Chen, Zhibo, Liao, Ruling, Ye, Yan, Wang, Qiulin, Li, Bing, Zhou, Zhaokun, Geng, Miao, Chen, Rui, Tao, Xin, Liang, Xiaoyu, Sun, Shangkun, Ma, Xingyuan, Li, Jiaze, Yang, Mengduo, Xu, Haoran, Zhou, Jie, Zhu, Shiding, Yu, Bohan, Chen, Pengfei, Xu, Xinrui, Shen, Jiabin, Duan, Zhichao, Asadi, Erfan, Liu, Jiahe, Yan, Qi, Qu, Youran, Zeng, Xiaohui, Wang, Lele, and Liao, Renjie

Subjects
Computer Science - Computer Vision and Pattern Recognition
Abstract

This paper reports on the NTIRE 2024 Quality Assessment of AI-Generated Content Challenge, which will be held in conjunction with the New Trends in Image Restoration and Enhancement Workshop (NTIRE) at CVPR 2024. This challenge is to address a major challenge in the field of image and video processing, namely, Image Quality Assessment (IQA) and Video Quality Assessment (VQA) for AI-Generated Content (AIGC). The challenge is divided into the image track and the video track. The image track uses the AIGIQA-20K, which contains 20,000 AI-Generated Images (AIGIs) generated by 15 popular generative models. The image track has a total of 318 registered participants. A total of 1,646 submissions are received in the development phase, and 221 submissions are received in the test phase. Finally, 16 participating teams submitted their models and fact sheets. The video track uses the T2VQA-DB, which contains 10,000 AI-Generated Videos (AIGVs) generated by 9 popular Text-to-Video (T2V) models. A total of 196 participants have registered in the video track. A total of 991 submissions are received in the development phase, and 185 submissions are received in the test phase. Finally, 12 participating teams submitted their models and fact sheets. Some methods have achieved better results than baseline methods, and the winning methods in both tracks have demonstrated superior prediction performance on AIGC.

Published
2024

15. GDA: Generalized Diffusion for Robust Test-time Adaptation

Author

Tsai, Yun-Yun, Chen, Fu-Chen, Chen, Albert Y. C., Yang, Junfeng, Su, Che-Chun, Sun, Min, and Kuo, Cheng-Hao

Subjects
Computer Science - Computer Vision and Pattern Recognition
Abstract

Machine learning models struggle with generalization when encountering out-of-distribution (OOD) samples with unexpected distribution shifts. For vision tasks, recent studies have shown that test-time adaptation employing diffusion models can achieve state-of-the-art accuracy improvements on OOD samples by generating new samples that align with the model's domain without the need to modify the model's weights. Unfortunately, those studies have primarily focused on pixel-level corruptions, thereby lacking the generalization to adapt to a broader range of OOD types. We introduce Generalized Diffusion Adaptation (GDA), a novel diffusion-based test-time adaptation method robust against diverse OOD types. Specifically, GDA iteratively guides the diffusion by applying a marginal entropy loss derived from the model, in conjunction with style and content preservation losses during the reverse sampling process. In other words, GDA considers the model's output behavior with the semantic information of the samples as a whole, which can reduce ambiguity in downstream tasks during the generation process. Evaluation across various popular model architectures and OOD benchmarks shows that GDA consistently outperforms prior work on diffusion-driven adaptation. Notably, it achieves the highest classification accuracy improvements, ranging from 4.4\% to 5.02\% on ImageNet-C and 2.5\% to 7.4\% on Rendition, Sketch, and Stylized benchmarks. This performance highlights GDA's generalization to a broader range of OOD benchmarks.

Published
2024

16. On the Effect of Image Resolution on Semantic Segmentation

Author

Singh, Ritambhara, Jain, Abhishek, Perona, Pietro, Agarwal, Shivani, and Yang, Junfeng

Subjects
Computer Science - Computer Vision and Pattern Recognition
Abstract

High-resolution semantic segmentation requires substantial computational resources. Traditional approaches in the field typically downscale the input images before processing and then upscale the low-resolution outputs back to their original dimensions. While this strategy effectively identifies broad regions, it often misses finer details. In this study, we demonstrate that a streamlined model capable of directly producing high-resolution segmentations can match the performance of more complex systems that generate lower-resolution results. By simplifying the network architecture, we enable the processing of images at their native resolution. Our approach leverages a bottom-up information propagation technique across various scales, which we have empirically shown to enhance segmentation accuracy. We have rigorously tested our method using leading-edge semantic segmentation datasets. Specifically, for the Cityscapes dataset, we further boost accuracy by applying the Noisy Student Training technique., Comment: arXiv admin note: text overlap with arXiv:2209.08667 by other authors

Published
2024

17. Raidar: geneRative AI Detection viA Rewriting

Author

Mao, Chengzhi, Vondrick, Carl, Wang, Hao, and Yang, Junfeng

Subjects
Computer Science - Computation and Language
Abstract

We find that large language models (LLMs) are more likely to modify human-written text than AI-generated text when tasked with rewriting. This tendency arises because LLMs often perceive AI-generated text as high-quality, leading to fewer modifications. We introduce a method to detect AI-generated content by prompting LLMs to rewrite text and calculating the editing distance of the output. We dubbed our geneRative AI Detection viA Rewriting method Raidar. Raidar significantly improves the F1 detection scores of existing AI content detection models -- both academic and commercial -- across various domains, including News, creative writing, student essays, code, Yelp reviews, and arXiv papers, with gains of up to 29 points. Operating solely on word symbols without high-dimensional features, our method is compatible with black box LLMs, and is inherently robust on new content. Our results illustrate the unique imprint of machine-generated text through the lens of the machines themselves., Comment: Accepted by ICLR 2024, Large Language Models, Detection

Published
2024

20. BPF-oF: Storage Function Pushdown Over the Network

Author

Zarkadas, Ioannis, Zussman, Tal, Carin, Jeremy, Jiang, Sheng, Zhong, Yuhong, Pfefferle, Jonas, Franke, Hubertus, Yang, Junfeng, Kaffes, Kostis, Stutsman, Ryan, and Cidon, Asaf

Subjects
Computer Science - Operating Systems
Abstract

Storage disaggregation, wherein storage is accessed over the network, is popular because it allows applications to independently scale storage capacity and bandwidth based on dynamic application demand. However, the added network processing introduced by disaggregation can consume significant CPU resources. In many storage systems, logical storage operations (e.g., lookups, aggregations) involve a series of simple but dependent I/O access patterns. Therefore, one way to reduce the network processing overhead is to execute dependent series of I/O accesses at the remote storage server, reducing the back-and-forth communication between the storage layer and the application. We refer to this approach as \emph{remote-storage pushdown}. We present BPF-oF, a new remote-storage pushdown protocol built on top of NVMe-oF, which enables applications to safely push custom eBPF storage functions to a remote storage server. The main challenge in integrating BPF-oF with storage systems is preserving the benefits of their client-based in-memory caches. We address this challenge by designing novel caching techniques for storage pushdown, including splitting queries into separate in-memory and remote-storage phases and periodically refreshing the client cache with sampled accesses from the remote storage device. We demonstrate the utility of BPF-oF by integrating it with three storage systems, including RocksDB, a popular persistent key-value store that has no existing storage pushdown capability. We show BPF-oF provides significant speedups in all three systems when accessed over the network, for example improving RocksDB's throughput by up to 2.8$\times$ and tail latency by up to 2.6$\times$.

Published
2023

21. A Single-Loop Algorithm for Decentralized Bilevel Optimization

Author

Dong, Youran, Ma, Shiqian, Yang, Junfeng, and Yin, Chao

Subjects
Mathematics - Optimization and Control, Computer Science - Distributed, Parallel, and Cluster Computing, Computer Science - Machine Learning
Abstract

Bilevel optimization has gained significant attention in recent years due to its broad applications in machine learning. This paper focuses on bilevel optimization in decentralized networks and proposes a novel single-loop algorithm for solving decentralized bilevel optimization with a strongly convex lower-level problem. Our approach is a fully single-loop method that approximates the hypergradient using only two matrix-vector multiplications per iteration. Importantly, our algorithm does not require any gradient heterogeneity assumption, distinguishing it from existing methods for decentralized bilevel optimization and federated bilevel optimization. Our analysis demonstrates that the proposed algorithm achieves the best-known convergence rate for bilevel optimization algorithms. We also present experimental results on hyperparameter optimization problems using both synthetic and MNIST datasets, which demonstrate the efficiency of our proposed algorithm.

Published
2023

22. Robustifying Language Models with Test-Time Adaptation

Author

McDermott, Noah Thomas, Yang, Junfeng, and Mao, Chengzhi

Subjects
Computer Science - Computation and Language, Computer Science - Machine Learning
Abstract

Large-scale language models achieved state-of-the-art performance over a number of language tasks. However, they fail on adversarial language examples, which are sentences optimized to fool the language models but with similar semantic meanings for humans. While prior work focuses on making the language model robust at training time, retraining for robustness is often unrealistic for large-scale foundation models. Instead, we propose to make the language models robust at test time. By dynamically adapting the input sentence with predictions from masked words, we show that we can reverse many language adversarial attacks. Since our approach does not require any training, it works for novel tasks at test time and can adapt to novel adversarial corruptions. Visualizations and empirical results on two popular sentence classification datasets demonstrate that our method can repair adversarial language attacks over 65% o, Comment: 8 Pages 2 Figures Submitted to ICLR Workshop

Published
2023

23. Interpreting and Controlling Vision Foundation Models via Text Explanations

Author

Chen, Haozhe, Yang, Junfeng, Vondrick, Carl, and Mao, Chengzhi

Subjects
Computer Science - Computer Vision and Pattern Recognition
Abstract

Large-scale pre-trained vision foundation models, such as CLIP, have become de facto backbones for various vision tasks. However, due to their black-box nature, understanding the underlying rules behind these models' predictions and controlling model behaviors have remained open challenges. We present a framework for interpreting vision transformer's latent tokens with natural language. Given a latent token, our framework retains its semantic information to the final layer using transformer's local operations and retrieves the closest text for explanation. Our approach enables understanding of model visual reasoning procedure without needing additional model training or data collection. Based on the obtained interpretations, our framework allows for model editing that controls model reasoning behaviors and improves model robustness against biases and spurious correlations.

Published
2023

26. Exploiting Code Symmetries for Learning Program Semantics

Author

Pei, Kexin, Li, Weichen, Jin, Qirui, Liu, Shuyang, Geng, Scott, Cavallaro, Lorenzo, Yang, Junfeng, and Jana, Suman

Subjects
Computer Science - Machine Learning, Computer Science - Cryptography and Security, Computer Science - Programming Languages
Abstract

This paper tackles the challenge of teaching code semantics to Large Language Models (LLMs) for program analysis by incorporating code symmetries into the model architecture. We introduce a group-theoretic framework that defines code symmetries as semantics-preserving transformations, where forming a code symmetry group enables precise and efficient reasoning of code semantics. Our solution, SymC, develops a novel variant of self-attention that is provably equivariant to code symmetries from the permutation group defined over the program dependence graph. SymC obtains superior performance on five program analysis tasks, outperforming state-of-the-art code models without any pre-training. Our results suggest that code LLMs that encode the code structural prior via the code symmetry group generalize better and faster.

Published
2023

28. Monitoring and Adapting ML Models on Mobile Devices

Author

Hao, Wei, Wang, Zixi, Hong, Lauren, Li, Lingxiao, Karayanni, Nader, Mao, Chengzhi, Yang, Junfeng, and Cidon, Asaf

Subjects
Computer Science - Machine Learning, Computer Science - Computer Vision and Pattern Recognition
Abstract

ML models are increasingly being pushed to mobile devices, for low-latency inference and offline operation. However, once the models are deployed, it is hard for ML operators to track their accuracy, which can degrade unpredictably (e.g., due to data drift). We design the first end-to-end system for continuously monitoring and adapting models on mobile devices without requiring feedback from users. Our key observation is that often model degradation is due to a specific root cause, which may affect a large group of devices. Therefore, once the system detects a consistent degradation across a large number of devices, it employs a root cause analysis to determine the origin of the problem and applies a cause-specific adaptation. We evaluate the system on two computer vision datasets, and show it consistently boosts accuracy compared to existing approaches. On a dataset containing photos collected from driving cars, our system improves the accuracy on average by 15%.

Published
2023

29. Test-time Detection and Repair of Adversarial Samples via Masked Autoencoder

Author

Tsai, Yun-Yun, Chao, Ju-Chin, Wen, Albert, Yang, Zhaoyuan, Mao, Chengzhi, Shah, Tapan, and Yang, Junfeng

Subjects
Computer Science - Computer Vision and Pattern Recognition, Computer Science - Machine Learning
Abstract

Training-time defenses, known as adversarial training, incur high training costs and do not generalize to unseen attacks. Test-time defenses solve these issues but most existing test-time defenses require adapting the model weights, therefore they do not work on frozen models and complicate model memory management. The only test-time defense that does not adapt model weights aims to adapt the input with self-supervision tasks. However, we empirically found these self-supervision tasks are not sensitive enough to detect adversarial attacks accurately. In this paper, we propose DRAM, a novel defense method to detect and repair adversarial samples at test time via Masked autoencoder (MAE). We demonstrate how to use MAE losses to build a Kolmogorov-Smirnov test to detect adversarial samples. Moreover, we use the MAE losses to calculate input reversal vectors that repair adversarial samples resulting from previously unseen attacks. Results on large-scale ImageNet dataset show that, compared to all detection baselines evaluated, DRAM achieves the best detection rate (82% on average) on all eight adversarial attacks evaluated. For attack repair, DRAM improves the robust accuracy by 6% ~ 41% for standard ResNet50 and 3% ~ 8% for robust ResNet50 compared with the baselines that use contrastive learning and rotation prediction.

Published
2023

30. Convolutional Visual Prompt for Robust Visual Perception

Author

Tsai, Yun-Yun, Mao, Chengzhi, and Yang, Junfeng

Subjects
Computer Science - Computer Vision and Pattern Recognition, Computer Science - Machine Learning
Abstract

Vision models are often vulnerable to out-of-distribution (OOD) samples without adapting. While visual prompts offer a lightweight method of input-space adaptation for large-scale vision models, they rely on a high-dimensional additive vector and labeled data. This leads to overfitting when adapting models in a self-supervised test-time setting without labels. We introduce convolutional visual prompts (CVP) for label-free test-time adaptation for robust visual perception. The structured nature of CVP demands fewer trainable parameters, less than 1\% compared to standard visual prompts, combating overfitting. Extensive experiments and analysis on a wide variety of OOD visual perception tasks show that our approach is effective, improving robustness by up to 5.87% over several large-scale models.

Published
2023

31. Tight Convergence Rate in Subgradient Norm of the Proximal Point Algorithm

Author

Gu, Guoyong and Yang, Junfeng

Subjects
Mathematics - Optimization and Control, 90C25
Abstract

Proximal point algorithm has found many applications, and it has been playing fundamental roles in the understanding, design, and analysis of many first-order methods. In this paper, we derive the tight convergence rate in subgradient norm of the proximal point algorithm, which was conjectured by Taylor, Hendrickx and Glineur [SIAM J.~Optim., 27 (2017), pp.~1283--1313]. This sort of convergence results in terms of the residual (sub)gradient norm is particularly interesting when considering dual methods, where the dual residual gradient norm corresponds to the primal distance to feasibility.

Published
2023

33. A Systematic Review and Research Trends of Smart Learning Environments

Author

Zhang, Lan, Pan, Rouye, Qin, Zihan, Yang, Junfeng, Huang, Ronghuai, Series Editor, Kinshuk, Series Editor, Jemni, Mohamed, Series Editor, Chen, Nian-Shing, Series Editor, Spector, J. Michael, Series Editor, Liu, Dejian, editor, Adarkwah, Michael Agyemang, editor, Wang, Huanhuan, editor, and Shehata, Boulus, editor

Published
2024
Full Text
View/download PDF

34. DPack: Efficiency-Oriented Privacy Budget Scheduling

Author

Tholoniat, Pierre, Kostopoulou, Kelly, Chowdhury, Mosharaf, Cidon, Asaf, Geambasu, Roxana, Lécuyer, Mathias, and Yang, Junfeng

Subjects
Computer Science - Cryptography and Security, Computer Science - Machine Learning
Abstract

Machine learning (ML) models can leak information about users, and differential privacy (DP) provides a rigorous way to bound that leakage under a given budget. This DP budget can be regarded as a new type of compute resource in workloads of multiple ML models training on user data. Once it is used, the DP budget is forever consumed. Therefore, it is crucial to allocate it most efficiently to train as many models as possible. This paper presents the scheduler for privacy that optimizes for efficiency. We formulate privacy scheduling as a new type of multidimensional knapsack problem, called privacy knapsack, which maximizes DP budget efficiency. We show that privacy knapsack is NP-hard, hence practical algorithms are necessarily approximate. We develop an approximation algorithm for privacy knapsack, DPack, and evaluate it on microbenchmarks and on a new, synthetic private-ML workload we developed from the Alibaba ML cluster trace. We show that DPack: (1) often approaches the efficiency-optimal schedule, (2) consistently schedules more tasks compared to a state-of-the-art privacy scheduling algorithm that focused on fairness (1.3-1.7x in Alibaba, 1.0-2.6x in microbenchmarks), but (3) sacrifices some level of fairness for efficiency. Therefore, using DPack, DP ML operators should be able to train more models on the same amount of user data while offering the same privacy guarantee to their users., Comment: Published at EuroSys '25. v2: camera-ready version

Published
2022
Full Text
View/download PDF

35. Understanding Zero-Shot Adversarial Robustness for Large-Scale Models

Author

Mao, Chengzhi, Geng, Scott, Yang, Junfeng, Wang, Xin, and Vondrick, Carl

Subjects
Computer Science - Computer Vision and Pattern Recognition
Abstract

Pretrained large-scale vision-language models like CLIP have exhibited strong generalization over unseen tasks. Yet imperceptible adversarial perturbations can significantly reduce CLIP's performance on new tasks. In this work, we identify and explore the problem of \emph{adapting large-scale models for zero-shot adversarial robustness}. We first identify two key factors during model adaption -- training losses and adaptation methods -- that affect the model's zero-shot adversarial robustness. We then propose a text-guided contrastive adversarial training loss, which aligns the text embeddings and the adversarial visual features with contrastive learning on a small set of training data. We apply this training loss to two adaption methods, model finetuning and visual prompt tuning. We find that visual prompt tuning is more effective in the absence of texts, while finetuning wins in the existence of text guidance. Overall, our approach significantly improves the zero-shot adversarial robustness over CLIP, seeing an average improvement of over 31 points over ImageNet and 15 zero-shot datasets. We hope this work can shed light on understanding the zero-shot adversarial robustness of large-scale models.

Published
2022

36. Adversarially Robust Video Perception by Seeing Motion

Author

Zhang, Lingyu, Mao, Chengzhi, Yang, Junfeng, and Vondrick, Carl

Subjects
Computer Science - Computer Vision and Pattern Recognition
Abstract

Despite their excellent performance, state-of-the-art computer vision models often fail when they encounter adversarial examples. Video perception models tend to be more fragile under attacks, because the adversary has more places to manipulate in high-dimensional data. In this paper, we find one reason for video models' vulnerability is that they fail to perceive the correct motion under adversarial perturbations. Inspired by the extensive evidence that motion is a key factor for the human visual system, we propose to correct what the model sees by restoring the perceived motion information. Since motion information is an intrinsic structure of the video data, recovering motion signals can be done at inference time without any human annotation, which allows the model to adapt to unforeseen, worst-case inputs. Visualizations and empirical experiments on UCF-101 and HMDB-51 datasets show that restoring motion information in deep vision models improves adversarial robustness. Even under adaptive attacks where the adversary knows our defense, our algorithm is still effective. Our work provides new insight into robust video perception algorithms by using intrinsic structures from the data. Our webpage is available at https://motion4robust.cs.columbia.edu.

Published
2022

37. Doubly Right Object Recognition: A Why Prompt for Visual Rationales

Author

Mao, Chengzhi, Teotia, Revant, Sundar, Amrutha, Menon, Sachit, Yang, Junfeng, Wang, Xin, and Vondrick, Carl

Subjects
Computer Science - Computer Vision and Pattern Recognition
Abstract

Many visual recognition models are evaluated only on their classification accuracy, a metric for which they obtain strong performance. In this paper, we investigate whether computer vision models can also provide correct rationales for their predictions. We propose a ``doubly right'' object recognition benchmark, where the metric requires the model to simultaneously produce both the right labels as well as the right rationales. We find that state-of-the-art visual models, such as CLIP, often provide incorrect rationales for their categorical predictions. However, by transferring the rationales from language models into visual representations through a tailored dataset, we show that we can learn a ``why prompt,'' which adapts large visual representations to produce correct rationales. Visualizations and empirical experiments show that our prompts significantly improve performance on doubly right object recognition, in addition to zero-shot transfer to unseen tasks and datasets., Comment: Accepted at CVPR 2023

Published
2022

38. Robust Perception through Equivariance

Author

Mao, Chengzhi, Zhang, Lingyu, Joshi, Abhishek, Yang, Junfeng, Wang, Hao, and Vondrick, Carl

Subjects
Computer Science - Computer Vision and Pattern Recognition
Abstract

Deep networks for computer vision are not reliable when they encounter adversarial examples. In this paper, we introduce a framework that uses the dense intrinsic constraints in natural images to robustify inference. By introducing constraints at inference time, we can shift the burden of robustness from training to the inference algorithm, thereby allowing the model to adjust dynamically to each individual image's unique and potentially novel characteristics at inference time. Among different constraints, we find that equivariance-based constraints are most effective, because they allow dense constraints in the feature space without overly constraining the representation at a fine-grained level. Our theoretical results validate the importance of having such dense constraints at inference time. Our empirical experiments show that restoring feature equivariance at inference time defends against worst-case adversarial perturbations. The method obtains improved adversarial robustness on four datasets (ImageNet, Cityscapes, PASCAL VOC, and MS-COCO) on image recognition, semantic segmentation, and instance segmentation tasks. Project page is available at equi4robust.cs.columbia.edu., Comment: Published in ICML 2023

Published
2022

39. Development of a Neural Network-Based Mathematical Operation Protocol for Embedded Hexadecimal Digits Using Neural Architecture Search (NAS)

Author

Robila, Victor, Pei, Kexin, and Yang, Junfeng

Subjects
Computer Science - Neural and Evolutionary Computing, Computer Science - Machine Learning, I.2.6, D.2.m
Abstract

It is beneficial to develop an efficient machine-learning based method for addition using embedded hexadecimal digits. Through a comparison between human-developed machine learning model and models sampled through Neural Architecture Search (NAS) we determine an efficient approach to solve this problem with a final testing loss of 0.2937 for a human-developed model.

Published
2022

40. NeuDep: Neural Binary Memory Dependence Analysis

Author

Pei, Kexin, She, Dongdong, Wang, Michael, Geng, Scott, Xuan, Zhou, David, Yaniv, Yang, Junfeng, Jana, Suman, and Ray, Baishakhi

Subjects
Computer Science - Cryptography and Security, Computer Science - Machine Learning, Computer Science - Programming Languages, Computer Science - Software Engineering
Abstract

Determining whether multiple instructions can access the same memory location is a critical task in binary analysis. It is challenging as statically computing precise alias information is undecidable in theory. The problem aggravates at the binary level due to the presence of compiler optimizations and the absence of symbols and types. Existing approaches either produce significant spurious dependencies due to conservative analysis or scale poorly to complex binaries. We present a new machine-learning-based approach to predict memory dependencies by exploiting the model's learned knowledge about how binary programs execute. Our approach features (i) a self-supervised procedure that pretrains a neural net to reason over binary code and its dynamic value flows through memory addresses, followed by (ii) supervised finetuning to infer the memory dependencies statically. To facilitate efficient learning, we develop dedicated neural architectures to encode the heterogeneous inputs (i.e., code, data values, and memory addresses from traces) with specific modules and fuse them with a composition learning strategy. We implement our approach in NeuDep and evaluate it on 41 popular software projects compiled by 2 compilers, 4 optimizations, and 4 obfuscation passes. We demonstrate that NeuDep is more precise (1.5x) and faster (3.5x) than the current state-of-the-art. Extensive probing studies on security-critical reverse engineering tasks suggest that NeuDep understands memory access patterns, learns function signatures, and is able to match indirect calls. All these tasks either assist or benefit from inferring memory dependencies. Notably, NeuDep also outperforms the current state-of-the-art on these tasks., Comment: ESEC/FSE 2022

Published
2022
Full Text
View/download PDF

45. Causal Transportability for Visual Recognition

Author

Mao, Chengzhi, Xia, Kevin, Wang, James, Wang, Hao, Yang, Junfeng, Bareinboim, Elias, and Vondrick, Carl

Subjects
Computer Science - Computer Vision and Pattern Recognition
Abstract

Visual representations underlie object recognition tasks, but they often contain both robust and non-robust features. Our main observation is that image classifiers may perform poorly on out-of-distribution samples because spurious correlations between non-robust features and labels can be changed in a new environment. By analyzing procedures for out-of-distribution generalization with a causal graph, we show that standard classifiers fail because the association between images and labels is not transportable across settings. However, we then show that the causal effect, which severs all sources of confounding, remains invariant across domains. This motivates us to develop an algorithm to estimate the causal effect for image classification, which is transportable (i.e., invariant) across source and target environments. Without observing additional variables, we show that we can derive an estimand for the causal effect under empirical assumptions using representations in deep models as proxies. Theoretical analysis, empirical results, and visualizations show that our approach captures causal invariances and improves overall generalization.

Published
2022

46. A Tale of Two Models: Constructing Evasive Attacks on Edge Models

Author

Hao, Wei, Awatramani, Aahil, Hu, Jiayang, Mao, Chengzhi, Chen, Pin-Chun, Cidon, Eyal, Cidon, Asaf, and Yang, Junfeng

Subjects
Computer Science - Cryptography and Security, Computer Science - Artificial Intelligence, Computer Science - Distributed, Parallel, and Cluster Computing, Computer Science - Machine Learning
Abstract

Full-precision deep learning models are typically too large or costly to deploy on edge devices. To accommodate to the limited hardware resources, models are adapted to the edge using various edge-adaptation techniques, such as quantization and pruning. While such techniques may have a negligible impact on top-line accuracy, the adapted models exhibit subtle differences in output compared to the original model from which they are derived. In this paper, we introduce a new evasive attack, DIVA, that exploits these differences in edge adaptation, by adding adversarial noise to input data that maximizes the output difference between the original and adapted model. Such an attack is particularly dangerous, because the malicious input will trick the adapted model running on the edge, but will be virtually undetectable by the original model, which typically serves as the authoritative model version, used for validation, debugging and retraining. We compare DIVA to a state-of-the-art attack, PGD, and show that DIVA is only 1.7-3.6% worse on attacking the adapted model but 1.9-4.2 times more likely not to be detected by the the original model under a whitebox and semi-blackbox setting, compared to PGD.

Published
2022

47. Using Multiple Self-Supervised Tasks Improves Model Robustness

Author

Lawhon, Matthew, Mao, Chengzhi, and Yang, Junfeng

Subjects
Computer Science - Computer Vision and Pattern Recognition, Computer Science - Machine Learning
Abstract

Deep networks achieve state-of-the-art performance on computer vision tasks, yet they fail under adversarial attacks that are imperceptible to humans. In this paper, we propose a novel defense that can dynamically adapt the input using the intrinsic structure from multiple self-supervised tasks. By simultaneously using many self-supervised tasks, our defense avoids over-fitting the adapted image to one specific self-supervised task and restores more intrinsic structure in the image compared to a single self-supervised task approach. Our approach further improves robustness and clean accuracy significantly compared to the state-of-the-art single task self-supervised defense. Our work is the first to connect multiple self-supervised tasks to robustness, and suggests that we can achieve better robustness with more intrinsic signal from visual data., Comment: Accepted to ICLR 2022 Workshop on PAIR^2Struct: Privacy, Accountability, Interpretability, Robustness, Reasoning on Structured Data

Published
2022

Catalog

Books, media, physical & digital resources
See catalog results