22 research outputs found
Big data driven oriented graph theory aided tagSNPs selection for genetic precision therapy
Recently, the world-wide human genome-related projects have been vigorously launched and implemented. Gene-sequencing techniques play a critical role in disease diagnosis, prediction, and population stratification relying on efficiently mining genetic features in the gene pool. Exploring the association between the sites of the genetic mutation and the disease-based population classification becomes a hot topic, which beneficially supports disease diagnosis and treatment on the molecular level. However, there are numerous variable sites even on a single chromosome in the human gene pool, and hence, the traditional classifiers are not able to dig out all single nucleotide polymorphism (SNP) sites without clearly excavating the characteristic SNP sites, termed tagSNPs, in SNP clusters. By applying big data mining techniques, in this paper, we, first of all, propose a principal component analysis-based algorithm for reducing the gene data dimension in order to cluster SNP sites in the low-dimensional space. Moreover, an oriented graph theory-based tagSNPs selection algorithm is designed. Finally, relying on the real-world 1000 Genomes Project dataset, we can achieve fewer tagSNPs than the traditional methods by invoking the complete process of our designed SNP classifier.</p
Construction of generalized-involutory MDS matrices
Maximum Distance Separable (MDS) matrices are usually used to be diffusion
layers in cryptographic designs. The main advantage of involutory MDS matrices lies in
that both encryption and decryption share the same matrix-vector product. In this paper,
we present a new type of MDS matrices called generalized-involutory MDS matrices, implementation
of whose inverse matrix-vector products in decryption is the combination of the
matrix-vector products in encryption plus a few extra XOR gates. For the purpose of verifying
the existence of such matrices, we found 4 × 4 Hadamard generalized-involutory MDS
matrix over GF(24) consuming as little as 38 XOR gates with 4 additional XOR gates for
inverse matrix, while the best previous single-clock implementation in IWSEC 2019 needs
46 XOR gates with 51 XOR gates for inverse matrix. For GF(28), our results also beat the
best previous records in ToSC 2017
SSLGuard: A Watermarking Scheme for Self-supervised Learning Pre-trained Encoders
Self-supervised learning is an emerging machine learning paradigm. Compared
to supervised learning which leverages high-quality labeled datasets,
self-supervised learning relies on unlabeled datasets to pre-train powerful
encoders which can then be treated as feature extractors for various downstream
tasks. The huge amount of data and computational resources consumption makes
the encoders themselves become the valuable intellectual property of the model
owner. Recent research has shown that the machine learning model's copyright is
threatened by model stealing attacks, which aim to train a surrogate model to
mimic the behavior of a given model. We empirically show that pre-trained
encoders are highly vulnerable to model stealing attacks. However, most of the
current efforts of copyright protection algorithms such as watermarking
concentrate on classifiers. Meanwhile, the intrinsic challenges of pre-trained
encoder's copyright protection remain largely unstudied. We fill the gap by
proposing SSLGuard, the first watermarking scheme for pre-trained encoders.
Given a clean pre-trained encoder, SSLGuard injects a watermark into it and
outputs a watermarked version. The shadow training technique is also applied to
preserve the watermark under potential model stealing attacks. Our extensive
evaluation shows that SSLGuard is effective in watermark injection and
verification, and it is robust against model stealing and other watermark
removal attacks such as input noising, output perturbing, overwriting, model
pruning, and fine-tuning.Comment: Accepted by CCS 202
Gendering the Poetic Subject: Masculinity and Femininity in Wordsworth’s Poetry
Luo, Tianshuo.Thesis M.Phil. Chinese University of Hong Kong 2016.Includes bibliographical references (leaves ).Abstracts also in Chinese.Title from PDF title page (viewed on …)
New Subquadratic Algorithms for Constructing Lightweight Hadamard MDS Matrices (Full Version)
Maximum Distance Separable (MDS) Matrix plays a crucial role in designing cryptosystems. In this paper we mainly talk about constructing lightweight Hadamard MDS matrices based on subquadratic multipliers over . We firstly propose subquadratic Hadamard matrix-vector product formulae (HMVP), and provide two new XOR count metrics. To the best of our knowledge, subquadratic multipliers have not been used to construct MDS matrices. Furthermore, combined with HMVP formulae we design a construction algorithm to find lightweight Hadamard MDS matrices under our XOR count metric. Applying our algorithms, we successfully find MDS matrices with the state-of-the-art fewest XOR counts for and involutory and non-involutory MDS matrices. Experiment results show that our candidates save up to and XOR gates for and matrices over respectively
On Evaluating The Performance of Watermarked Machine-Generated Texts Under Adversarial Attacks
Large Language Models (LLMs) excel in various applications, including text generation and complex tasks. However, the misuse of LLMs raises concerns about the authenticity and ethical implications of the content they produce, such as deepfake news, academic fraud, and copyright infringement. Watermarking techniques, which embed identifiable markers in machine-generated text, offer a promising solution to these issues by allowing for content verification and origin tracing. Unfortunately, the robustness of current LLM watermarking schemes under potential watermark removal attacks has not been comprehensively explored.
In this paper, to fill this gap, we first systematically comb the mainstream watermarking schemes and removal attacks on machine-generated texts, and then we categorize them into pre-text (before text generation) and post-text (after text generation) classes so that we can conduct diversified analyses. In our experiments, we evaluate eight watermarks (five pre-text, three post-text) and twelve attacks (two pre-text, ten post-text) across 87 scenarios. Evaluation results indicate that (1) KGW and Exponential watermarks offer high text quality and watermark retention but remain vulnerable to most attacks; (2) Post-text attacks are found to be more efficient and practical than pre-text attacks; (3) Pre-text watermarks are generally more imperceptible, as they do not alter text fluency, unlike post-text watermarks; (4) Additionally, combined attack methods can significantly increase effectiveness, highlighting the need for more robust watermarking solutions. Our study underscores the vulnerabilities of current techniques and the necessity for developing more resilient schemes
CL-Attack: Textual Backdoor Attacks via Cross-Lingual Triggers
Backdoor attacks significantly compromise the security of large language models by triggering them to output specific and controlled content. Currently, triggers for textual backdoor attacks fall into two categories: fixed-token triggers and sentence-pattern triggers. However, the former are typically easy to identify and filter, while the latter, such as syntax and style, do not apply to all original samples and may lead to semantic shifts. In this paper, inspired by cross-lingual (CL) prompts of LLMs in real-world scenarios, we propose a higher-dimensional trigger method at the paragraph level, namely CL-Attack. CL-Attack injects the backdoor by using texts with specific structures that incorporate multiple languages, thereby offering greater stealthiness and universality compared to existing backdoor attack techniques. Extensive experiments on different tasks and model architectures demonstrate that CL-Attack can achieve nearly 100 percents attack success rate with a low poisoning rate in both classification and generation tasks. We also empirically show that CL-Attack is more robust against current major defense methods compared to baseline backdoor attacks. Additionally, in response to CL-Attack, we further develop a new defense called TranslateDefense, which can partially mitigate the impact of CL-Attack
Test-Time Poisoning Attacks Against Test-Time Adaptation Models
Deploying machine learning (ML) models in the wild is challenging as it
suffers from distribution shifts, where the model trained on an original domain
cannot generalize well to unforeseen diverse transfer domains. To address this
challenge, several test-time adaptation (TTA) methods have been proposed to
improve the generalization ability of the target pre-trained models under test
data to cope with the shifted distribution. The success of TTA can be credited
to the continuous fine-tuning of the target model according to the
distributional hint from the test samples during test time. Despite being
powerful, it also opens a new attack surface, i.e., test-time poisoning
attacks, which are substantially different from previous poisoning attacks that
occur during the training time of ML models (i.e., adversaries cannot intervene
in the training process). In this paper, we perform the first test-time
poisoning attack against four mainstream TTA methods, including TTT, DUA, TENT,
and RPL. Concretely, we generate poisoned samples based on the surrogate models
and feed them to the target TTA models. Experimental results show that the TTA
methods are generally vulnerable to test-time poisoning attacks. For instance,
the adversary can feed as few as 10 poisoned samples to degrade the performance
of the target model from 76.20% to 41.83%. Our results demonstrate that TTA
algorithms lacking a rigorous security assessment are unsuitable for deployment
in real-life scenarios. As such, we advocate for the integration of defenses
against test-time poisoning attacks into the design of TTA methods.Comment: To Appear in the 45th IEEE Symposium on Security and Privacy, May
20-23, 202
SSLGuard: A Watermarking Scheme for Self-supervised Learning Pre-trained Encoders
Self-supervised learning is an emerging machine learning (ML) paradigm. Compared to supervised learning that leverages high-quality labeled datasets to achieve good performance, self-supervised learning relies on unlabeled datasets to pre-train powerful encoders which can then be treated as feature extractors for various downstream tasks. The huge amount of data and computational resources consumption makes the encoders themselves become a valuable intellectual property of the model owner. Recent research has shown that the ML model's copyright is threatened by model stealing attacks, which aims to train a surrogate model to mimic the behavior of a given model. We empirically show that pre-trained encoders are highly vulnerable to model stealing attacks. However, most of the current efforts of copyright protection algorithms such as fingerprinting and watermarking concentrate on classifiers.
Meanwhile, the intrinsic challenges of pre-trained encoder's copyright protection remain largely unstudied. We fill the gap by proposing SSLGuard, the first watermarking algorithm for pre-trained encoders. Given a clean pre-trained encoder, SSLGuard embeds a watermark into it and outputs a watermarked version. The shadow training technique is also applied to preserve the watermark under potential model stealing attacks. Our extensive evaluation shows that SSLGuard is effective in watermark injection and verification, and is robust against model stealing and other watermark removal attacks such as pruning and finetuning
