1 code implementation • 3 Aug 2024 • Peng Cheng, Yuwei Wang, Peng Huang, Zhongjie Ba, Xiaodong Lin, Feng Lin, Li Lu, Kui Ren
Based on the ALIF pipeline, we present the ALIF-OTL and ALIF-OTA schemes for launching attacks in both the digital domain and the physical playback environment on four commercial ASRs and voice assistants.
Automatic Speech Recognition Automatic Speech Recognition (ASR) +1
no code implementations • 23 Jul 2024 • Huiyu Xu, Wenhui Zhang, Zhibo Wang, Feng Xiao, Rui Zheng, Yunhe Feng, Zhongjie Ba, Kui Ren
To enable context-aware and efficient red teaming, we abstract and model existing attacks into a coherent concept called "jailbreak strategy" and propose a multi-agent LLM system named RedAgent that leverages these strategies to generate context-aware jailbreak prompts.
no code implementations • 12 Jul 2024 • Yuchen Yang, Hongwei Yao, Bingrun Yang, Yiling He, Yiming Li, Tianwei Zhang, Zhan Qin, Kui Ren
To inherit the advantages of both backdoor and adversarial attacks, this paper proposes a new attack paradigm, i. e., target-specific and adversarial prompt injection (TAPI), against Code LLMs.
no code implementations • 6 Jul 2024 • Binhao Ma, Tianhang Zheng, Hongsheng Hu, Di Wang, Shuo Wang, Zhongjie Ba, Zhan Qin, Kui Ren
Our evaluation demonstrates that unlearning this benign data, comprising no more than 1% of the total training data, can reduce model accuracy by up to 50%.
no code implementations • 24 Jun 2024 • Sifan Wu, Zhenguang Liu, Beibei Zhang, Roger Zimmermann, Zhongjie Ba, Xiaosong Zhang, Kui Ren
Human motion copy is an intriguing yet challenging task in artificial intelligence and computer vision, which strives to generate a fake video of a target person performing the motion of a source person.
no code implementations • 24 Jun 2024 • Yichen Sun, Zhixuan Chu, Zhan Qin, Kui Ren
To address this problem, we introduce a novel diffusion-based framework to significantly enhance the alignment of generated images with their corresponding descriptions, addressing the inconsistency between visual output and textual input.
no code implementations • 22 Jun 2024 • Zhibo Wang, Zhiwei Chang, Jiahui Hu, Xiaoyi Pang, Jiacheng Du, Yongle Chen, Kui Ren
To preset the embeddings and logits of FCL, we craft a fishing model by solely modifying the parameters of a single batch normalization (BN) layer in the original model.
no code implementations • 21 Jun 2024 • Yihao Zheng, Haocheng Xia, Junyuan Pang, Jinfei Liu, Kui Ren, Lingyang Chu, Yang Cao, Li Xiong
Data noise partitioning is utilized for data perturbation during embedding, which is adaptable for numerical and categorical attributes while preserving the data utility.
no code implementations • 19 Jun 2024 • Jiacheng Du, Zhibo Wang, Kui Ren
Specifically, TULA can increase an adversary's ability to infer membership information about the unlearned data by more than 20% in black-box scenario.
no code implementations • 6 Jun 2024 • Lei Liu, Xiaoyan Yang, Junchi Lei, Xiaoyang Liu, Yue Shen, Zhiqiang Zhang, Peng Wei, Jinjie Gu, Zhixuan Chu, Zhan Qin, Kui Ren
This survey provides a comprehensive overview of Medical Large Language Models (Med-LLMs), outlining their evolution from general to the medical-specific domain (i. e, Technology and Application), as well as their transformative impact on healthcare (e. g., Trustworthiness and Safety).
no code implementations • 24 May 2024 • Zhibo Wang, Peng Kuang, Zhixuan Chu, Jingyi Wang, Kui Ren
To answer the questions, we revisit biased distributions in existing benchmarks and real-world datasets, and propose a fine-grained framework for analyzing dataset bias by disentangling it into the magnitude and prevalence of bias.
1 code implementation • 23 May 2024 • Xiaohan Yuan, Jinfeng Li, Dongxia Wang, Yuefeng Chen, Xiaofeng Mao, Longtao Huang, Hui Xue, Wenhai Wang, Kui Ren, Jingyi Wang
Large Language Models have gained considerable attention for their revolutionary capabilities.
1 code implementation • 8 May 2024 • Shuo Shao, Yiming Li, Hongwei Yao, Yiling He, Zhan Qin, Kui Ren
Motivated by this understanding, we design a new watermarking paradigm, $i. e.$, Explanation as a Watermark (EaaW), that implants verification behaviors into the explanation of feature attribution instead of model predictions.
1 code implementation • 7 May 2024 • Zhixuan Chu, Lei Zhang, Yichen Sun, Siqiao Xue, Zhibo Wang, Zhan Qin, Kui Ren
Leveraging the state-of-the-art keyframe extraction techniques and multimodal large language models, SoraDetector first evaluates the consistency between extracted video content summary and textual prompts, then constructs static and dynamic knowledge graphs (KGs) from frames to detect hallucination both in single frames and across frames.
no code implementations • 7 May 2024 • Zhixuan Chu, Yan Wang, Longfei Li, Zhibo Wang, Zhan Qin, Kui Ren
Large Language Models (LLMs) have shown impressive performance in natural language tasks, but their outputs can exhibit undesirable attributes or biases.
no code implementations • 7 May 2024 • Yiling He, Junchi Lei, Zhan Qin, Kui Ren
To ensure a comprehensive response to concept drift, it facilitates a coordinated update process for both the classifier and the detector.
no code implementations • 8 Apr 2024 • Jiacheng Du, Jiahui Hu, Zhibo Wang, Peng Sun, Neil Zhenqiang Gong, Kui Ren
While GIAs have demonstrated effectiveness under \emph{ideal settings and auxiliary assumptions}, their actual efficacy against \emph{practical FL systems} remains under-explored.
1 code implementation • 4 Mar 2024 • Zhongjie Ba, Qingyu Liu, Zhenguang Liu, Shuang Wu, Feng Lin, Li Lu, Kui Ren
In this paper, we try to tackle these challenges through three designs: (1) We present a novel framework to capture broader forgery clues by extracting multiple non-overlapping local representations and fusing them into a global semantic-rich feature.
no code implementations • 6 Feb 2024 • Qi Zhou, Dongxia Wang, Tianlin Li, Zhihong Xu, Yang Liu, Kui Ren, Wenhai Wang, Qing Guo
To expose this potential vulnerability, we aim to build an adversarial attack forcing SDEdit to generate a specific data distribution aligned with a specified attribute (e. g., female), without changing the input's attribute characteristics.
no code implementations • 16 Jan 2024 • Zhixuan Chu, Yan Wang, Qing Cui, Longfei Li, Wenqing Chen, Zhan Qin, Kui Ren
As personalized recommendation systems become vital in the age of information overload, traditional methods relying solely on historical user interactions often fail to fully capture the multifaceted nature of human interests.
no code implementations • NeurIPS 2023 • Jiaqi Liu, Jian Lou, Zhan Qin, Kui Ren
In addition, our rates of generalization and deletion capacity match the state-of-the-art rates derived previously for standard statistical learning models.
no code implementations • 3 Nov 2023 • Yuke Hu, Jian Lou, Jiaqi Liu, Wangze Ni, Feng Lin, Zhan Qin, Kui Ren
However, despite their promising efficiency, almost all existing machine unlearning methods handle unlearning requests independently from inference requests, which unfortunately introduces a new security issue of inference service obsolescence and a privacy vulnerability of undesirable exposure for machine unlearning in MLaaS.
1 code implementation • 20 Oct 2023 • Xinyu Zhang, Qingyu Liu, Zhongjie Ba, Yuan Hong, Tianhang Zheng, Feng Lin, Li Lu, Kui Ren
In this paper, we first conduct a comprehensive study on prior FL attacks and detection methods.
no code implementations • 25 Sep 2023 • Zhongjie Ba, Jieming Zhong, Jiachen Lei, Peng Cheng, Qinglong Wang, Zhan Qin, Zhibo Wang, Kui Ren
Evaluation results disclose an 88% success rate in bypassing Midjourney's proprietary safety filter with our attack prompts, leading to the generation of counterfeit images depicting political figures in violent scenarios.
1 code implementation • 20 Sep 2023 • Chao Shuai, Jieming Zhong, Shuang Wu, Feng Lin, Zhibo Wang, Zhongjie Ba, Zhenguang Liu, Lorenzo Cavallaro, Kui Ren
Deepfake has taken the world by storm, triggering a trust crisis.
1 code implementation • 18 Sep 2023 • Kun Pan, Yin Yifang, Yao Wei, Feng Lin, Zhongjie Ba, Zhenguang Liu, Zhibo Wang, Lorenzo Cavallaro, Kui Ren
However, the accuracy of detection models degrades significantly on images generated by new deepfake methods due to the difference in data distribution.
no code implementations • 11 Sep 2023 • Pingchuan Ma, Zhenlan Ji, Peisen Yao, Shuai Wang, Kui Ren
Based on the decision procedure to CIR, CICheck includes two variants: ED-CICheck and ED-CICheck, which detect erroneous CI tests (to enhance reliability) and prune excessive CI tests (to enhance privacy), respectively.
1 code implementation • 23 Aug 2023 • Hongwei Yao, Zheng Li, Kunzhe Huang, Jian Lou, Zhan Qin, Kui Ren
After our DNN fingerprint removal attack, the model distance between the target and surrogate models is x100 times higher than that of the baseline attacks, (2) the RemovalNet is efficient.
1 code implementation • 10 Aug 2023 • Yiling He, Jian Lou, Zhan Qin, Kui Ren
Although feature attribution (FA) methods can be used to explain deep learning, the underlying classifier is still blind to what behavior is suspicious, and the generated explanation cannot adapt to downstream tasks, incurring poor explanation fidelity and intelligibility.
no code implementations • 31 Jul 2023 • Xinyu Zhang, Hanbin Hong, Yuan Hong, Peng Huang, Binghui Wang, Zhongjie Ba, Kui Ren
The language models, especially the basic text classification models, have been shown to be susceptible to textual adversarial attacks such as synonym substitution and word insertion attacks.
no code implementations • 20 Jun 2023 • Hongwei Yao, Zheng Li, Haiqin Weng, Feng Xue, Kui Ren, Zhan Qin
FDINET exhibits the capability to identify colluding adversaries with an accuracy exceeding 91%.
1 code implementation • 20 Jun 2023 • Jiachen Lei, Qinglong Wang, Peng Cheng, Zhongjie Ba, Zhan Qin, Zhibo Wang, Zhenguang Liu, Kui Ren
In the pre-training stage, we propose to mask a high proportion (e. g., up to 90\%) of input images to approximately represent the primer distribution and introduce a masked denoising score matching objective to train a model to denoise visible areas.
no code implementations • 13 Jun 2023 • Yuheng Yang, Haipeng Chen, Zhenguang Liu, Yingda Lyu, Beibei Zhang, Shuang Wu, Zhibo Wang, Kui Ren
However, the vanilla Euclidean space is not efficient for modeling important motion characteristics such as the joint-wise angular acceleration, which reveals the driving force behind the motion.
no code implementations • CVPR 2023 • Zhibo Wang, He Wang, Shuaifan Jin, Wenwen Zhang, Jiahui Hu, Yan Wang, Peng Sun, Wei Yuan, Kaixin Liu, Kui Ren
In this paper, we propose an adversarial features-based face privacy protection (AdvFace) approach to generate privacy-preserving adversarial features, which can disrupt the mapping from adversarial features to facial images to defend against reconstruction attacks.
1 code implementation • CVPR 2023 • Zhou Yu, Lixiang Zheng, Zhou Zhao, Fei Wu, Jianping Fan, Kui Ren, Jun Yu
A recent benchmark AGQA poses a promising paradigm to generate QA pairs automatically from pre-annotated scene graphs, enabling it to measure diverse reasoning abilities with granular control.
1 code implementation • 13 Apr 2023 • Jian Liu, Rui Zhang, Sebastian Szyller, Kui Ren, N. Asokan
Our core idea is that a malicious accuser can deviate (without detection) from the specified MOR process by finding (transferable) adversarial examples that successfully serve as evidence against independent suspect models.
no code implementations • CVPR 2024 • Buyu Liu, BaoJun, Jianping Fan, Xi Peng, Kui Ren, Jun Yu
More desired attacks, to this end, should be able to fool defenses with such consistency checks.
no code implementations • 8 Feb 2023 • Björn Engquist, Kui Ren, Yunan Yang
This paper develops and analyzes a stochastic derivative-free optimization strategy.
1 code implementation • CVPR 2023 • Zhibo Wang, Hongshan Yang, Yunhe Feng, Peng Sun, Hengchang Guo, Zhifei Zhang, Kui Ren
In this paper, we propose the Transferable Targeted Adversarial Attack (TTAA), which can capture the distribution information of the target class from both label-wise and feature-wise perspectives, to generate highly transferable targeted adversarial examples.
no code implementations • ICCV 2023 • Lei Zhang, Zhibo Wang, Xiaowei Dong, Yunhe Feng, Xiaoyi Pang, Zhifei Zhang, Kui Ren
Network pruning aims to compress models while minimizing loss in accuracy.
no code implementations • ICCV 2023 • Xue Wang, Zhibo Wang, Haiqin Weng, Hengchang Guo, Zhifei Zhang, Lu Jin, Tao Wei, Kui Ren
Considering the insufficient study on such complex causal questions, we make the first attempt to explain different causal questions by contrastive explanations in a unified framework, ie., Counterfactual Contrastive Explanation (CCE), which visually and intuitively explains the aforementioned questions via a novel positive-negative saliency-based explanation scheme.
no code implementations • 1 Dec 2022 • Ziqi Yang, Lijin Wang, Da Yang, Jie Wan, Ziming Zhao, Ee-Chien Chang, Fan Zhang, Kui Ren
Besides, our further experiments show that PURIFIER is also effective in defending adversarial model inversion attacks and attribute inference attacks.
1 code implementation • 18 Nov 2022 • Jiachen Lei, Shuang Ma, Zhongjie Ba, Sai Vemprala, Ashish Kapoor, Kui Ren
In this report, we present our approach and empirical results of applying masked autoencoders in two egocentric video understanding tasks, namely, Object State Change Classification and PNR Temporal Localization, of Ego4D Challenge 2022.
no code implementations • 14 Nov 2022 • Shuo Shao, Wenyuan Yang, Hanlin Gu, Zhan Qin, Lixin Fan, Qiang Yang, Kui Ren
To deter such misbehavior, it is essential to establish a mechanism for verifying the ownership of the model and as well tracing its origin to the leaker among the FL participants.
no code implementations • 10 Nov 2022 • Meng Chen, Li Lu, Jiadi Yu, Yingying Chen, Zhongjie Ba, Feng Lin, Kui Ren
In this paper, we propose a voice de-identification system, which uses adversarial examples to balance the privacy and utility of voice services.
no code implementations • 17 Oct 2022 • Kui Ren, Lu Zhang
The task of simultaneously reconstructing multiple physical coefficients in partial differential equations from observed data is ubiquitous in applications.
1 code implementation • 4 Oct 2022 • Xiaochen Li, Yuke Hu, Weiran Liu, Hanwen Feng, Li Peng, Yuan Hong, Kui Ren, Zhan Qin
Although the solution based on Local Differential Privacy (LDP) addresses the above problems, it leads to the low accuracy of the trained model.
no code implementations • 17 Jul 2022 • Shaoyu Dou, Kai Yang, Yang Jiao, Chengbo Qiu, Kui Ren
The proposed framework aspires to offer a stepping stone that gives rise to a systematic approach to model and learn similarities among a multitude of event-triggered time series.
no code implementations • 5 Jun 2022 • Guodong Cao, Zhibo Wang, Xiaowei Dong, Zhifei Zhang, Hengchang Guo, Zhan Qin, Kui Ren
However, most existing works are still trapped in the dilemma between higher accuracy and stronger robustness since they tend to fit a model towards robust features (not easily tampered with by adversaries) while ignoring those non-robust but highly predictive features.
no code implementations • 12 Apr 2022 • Björn Engquist, Kui Ren, Yunan Yang
We propose a new gradient descent algorithm with added stochastic terms for finding the global optimizers of nonconvex optimization problems.
no code implementations • CVPR 2022 • Zhibo Wang, Xiaowei Dong, Henry Xue, Zhifei Zhang, Weifeng Chiu, Tao Wei, Kui Ren
Prioritizing fairness is of central importance in artificial intelligence (AI) systems, especially for those societal applications, e. g., hiring systems should recommend applicants equally from different demographic groups, and risk assessment systems must eliminate racism in criminal justice.
2 code implementations • ICLR 2022 • Kunzhe Huang, Yiming Li, Baoyuan Wu, Zhan Qin, Kui Ren
Recent studies have revealed that deep neural networks (DNNs) are vulnerable to backdoor attacks, where attackers embed hidden backdoors in the DNN model by poisoning a few training samples.
no code implementations • ICLR 2022 • Björn Engquist, Kui Ren, Yunan Yang
The generalization capacity of various machine learning models exhibits different phenomena in the under- and over-parameterized regimes.
1 code implementation • 21 Aug 2021 • Rui Zhang, Jian Liu, Yuan Ding, Zhibo Wu, Qingbiao Wang, Kui Ren
Jia et al. claimed that an adversary merely knowing the final model and training dataset cannot efficiently find a set of intermediate models with correct data points.
3 code implementations • ICCV 2021 • Zhibo Wang, Hengchang Guo, Zhifei Zhang, Wenxin Liu, Zhan Qin, Kui Ren
More specifically, we obtain feature importance by introducing the aggregate gradient, which averages the gradients with respect to feature maps of the source model, computed on a batch of random transforms of the original clean image.
no code implementations • 11 Oct 2020 • Weilin Li, Kui Ren, Donsub Rim
The range characterization is obtained by first showing that the ADRT is a bijection between images supported on infinite half-strips, then identifying the linear subspaces that stay finitely supported under the inversion formula.
no code implementations • 12 Jun 2020 • Sekhar Rajendran, Zhi Sun, Feng Lin, Kui Ren
Our proposed solution, Metasurface RF-Fingerprinting Injection (MeRFFI), is to inject a carefully-designed radio frequency fingerprint into the wireless physical layer that can increase the security of a stationary IoT device with minimal overhead.
no code implementations • 14 May 2020 • Tianhang Zheng, Sheng Liu, Changyou Chen, Junsong Yuan, Baochun Li, Kui Ren
We first formulate generation of adversarial skeleton actions as a constrained optimization problem by representing or approximating the physiological and physical constraints with mathematical formulations.
no code implementations • 8 Apr 2020 • Jianwei Liu, Jinsong Han, Feng Lin, Kui Ren
Wireless signal-based gesture recognition has promoted the developments of VR game, smart home, etc.
no code implementations • 24 Mar 2020 • Yang Liu, Zhuo Ma, Ximeng Liu, Jian Liu, Zhongyuan Jiang, Jianfeng Ma, Philip Yu, Kui Ren
To this end, machine unlearning becomes a popular research topic, which allows users to eliminate memorization of their private data from a trained machine learning model. In this paper, we propose the first uniform metric called for-getting rate to measure the effectiveness of a machine unlearning method.
no code implementations • 15 Nov 2019 • Bjorn Engquist, Kui Ren, Yunan Yang
This work characterizes, analytically and numerically, two major effects of the quadratic Wasserstein ($W_2$) distance as the measure of data discrepancy in computational solutions of inverse problems.
no code implementations • 26 Apr 2019 • Hengtong Zhang, Tianhang Zheng, Jing Gao, Chenglin Miao, Lu Su, Yaliang Li, Kui Ren
Knowledge graph embedding (KGE) is a technique for learning continuous embeddings for entities and relations in the knowledge graph. Due to its benefit to a variety of downstream tasks such as knowledge graph completion, question answering and recommendation, KGE has gained significant attention recently.
3 code implementations • ICCV 2019 • Tianhang Zheng, Changyou Chen, Junsong Yuan, Bo Li, Kui Ren
Our motivation for constructing a saliency map is by point dropping, which is a non-differentiable operator.
no code implementations • 10 Oct 2018 • Yaliang Li, Houping Xiao, Zhan Qin, Chenglin Miao, Lu Su, Jing Gao, Kui Ren, Bolin Ding
To better utilize sensory data, the problem of truth discovery, whose goal is to estimate user quality and infer reliable aggregated results through quality-aware data aggregation, has emerged as a hot topic.
no code implementations • 10 Oct 2018 • Tianhang Zheng, Changyou Chen, Kui Ren
In this paper, we give a negative answer by proposing a training paradigm that is comparable to PGD adversarial training on several standard datasets, while only using noisy-natural samples.
no code implementations • 6 Oct 2018 • Fei Wang, Jinsong Han, Feng Lin, Kui Ren
Wi-Fi signals-based person identification attracts increasing attention in the booming Internet-of-Things era mainly due to its pervasiveness and passiveness.
4 code implementations • 16 Aug 2018 • Tianhang Zheng, Changyou Chen, Kui Ren
Recent work on adversarial attack has shown that Projected Gradient Descent (PGD) Adversary is a universal first-order adversary, and the classifier adversarially trained by PGD is robust against a wide range of first-order attacks.
no code implementations • 10 Aug 2018 • Xiao Chen, Chaoran Li, Derui Wang, Sheng Wen, Jun Zhang, Surya Nepal, Yang Xiang, Kui Ren
In contrast to existing works, the adversarial examples crafted by our method can also deceive recent machine learning based detectors that rely on semantic features such as control-flow-graph.
Cryptography and Security