In this paper, we study the decentralized federated learning problem, which involves the collaborative training of a global model among multiple devices while ensuring data privacy.In classical federated learning, the...In this paper, we study the decentralized federated learning problem, which involves the collaborative training of a global model among multiple devices while ensuring data privacy.In classical federated learning, the communication channel between the devices poses a potential risk of compromising private information. To reduce the risk of adversary eavesdropping in the communication channel, we propose TRADE(transmit difference weight) concept. This concept replaces the decentralized federated learning algorithm's transmitted weight parameters with differential weight parameters, enhancing the privacy data against eavesdropping. Subsequently, by integrating the TRADE concept with the primal-dual stochastic gradient descent(SGD)algorithm, we propose a decentralized TRADE primal-dual SGD algorithm. We demonstrate that our proposed algorithm's convergence properties are the same as those of the primal-dual SGD algorithm while providing enhanced privacy protection. We validate the algorithm's performance on fault diagnosis task using the Case Western Reserve University dataset, and image classification tasks using the CIFAR-10 and CIFAR-100 datasets,revealing model accuracy comparable to centralized federated learning. Additionally, the experiments confirm the algorithm's privacy protection capability.展开更多
Transformer-based models have significantly advanced binary code similarity detection(BCSD)by leveraging their semantic encoding capabilities for efficient function matching across diverse compilation settings.Althoug...Transformer-based models have significantly advanced binary code similarity detection(BCSD)by leveraging their semantic encoding capabilities for efficient function matching across diverse compilation settings.Although adversarial examples can strategically undermine the accuracy of BCSD models and protect critical code,existing techniques predominantly depend on inserting artificial instructions,which incur high computational costs and offer limited diversity of perturbations.To address these limitations,we propose AIMA,a novel gradient-guided assembly instruction relocation method.Our method decouples the detection model into tokenization,embedding,and encoding layers to enable efficient gradient computation.Since token IDs of instructions are discrete and nondifferentiable,we compute gradients in the continuous embedding space to evaluate the influence of each token.The most critical tokens are identified by calculating the L2 norm of their embedding gradients.We then establish a mapping between instructions and their corresponding tokens to aggregate token-level importance into instructionlevel significance.To maximize adversarial impact,a sliding window algorithm selects the most influential contiguous segments for relocation,ensuring optimal perturbation with minimal length.This approach efficiently locates critical code regions without expensive search operations.The selected segments are relocated outside their original function boundaries via a jump mechanism,which preserves runtime control flow and functionality while introducing“deletion”effects in the static instruction sequence.Extensive experiments show that AIMA reduces similarity scores by up to 35.8%in state-of-the-art BCSD models.When incorporated into training data,it also enhances model robustness,achieving a 5.9%improvement in AUROC.展开更多
Most existing secret sharing schemes are constructed to realize generalaccess structure, which is defined in terms of authorized groups of participants, and is unable tobe applied directly to the design of intrusion t...Most existing secret sharing schemes are constructed to realize generalaccess structure, which is defined in terms of authorized groups of participants, and is unable tobe applied directly to the design of intrusion tolerant system, which often concerns corruptiblegroups of participants instead of authorized ones. Instead, the generalized adversary structure,which specifies the corruptible subsets of participants, can be determined directly by exploit ofthe system setting and the attributes of all participants. In this paper an efficient secret sharingscheme realizing generalized adversary structure is proposed, and it is proved that the schemesatisfies both properties of the secret sharing scheme, i.e., the reconstruction property and theperfect property. The main features of this scheme are that it performs modular additions andsubtractions only, and each share appears in multiple share sets and is thus replicated. The formeris an advantage in terms of computational complexity, and the latter is an advantage when recoveryof some corrupted participants is necessary. So our scheme can achieve lower computation cost andhigher availability. Some reduction on the scheme is also done finally, based on an equivalencerelation defined over adversary structure. Analysis shows that reduced scheme still preserves theproperties of the original one.展开更多
Graph Neural Networks(GNNs)have proven highly effective for graph classification across diverse fields such as social networks,bioinformatics,and finance,due to their capability to learn complex graph structures.Howev...Graph Neural Networks(GNNs)have proven highly effective for graph classification across diverse fields such as social networks,bioinformatics,and finance,due to their capability to learn complex graph structures.However,despite their success,GNNs remain vulnerable to adversarial attacks that can significantly degrade their classification accuracy.Existing adversarial attack strategies primarily rely on label information to guide the attacks,which limits their applicability in scenarios where such information is scarce or unavailable.This paper introduces an innovative unsupervised attack method for graph classification,which operates without relying on label information,thereby enhancing its applicability in a broad range of scenarios.Specifically,our method first leverages a graph contrastive learning loss to learn high-quality graph embeddings by comparing different stochastic augmented views of the graphs.To effectively perturb the graphs,we then introduce an implicit estimator that measures the impact of various modifications on graph structures.The proposed strategy identifies and flips edges with the top-K highest scores,determined by the estimator,to maximize the degradation of the model’s performance.In addition,to defend against such attack,we propose a lightweight regularization-based defense mechanism that is specifically tailored to mitigate the structural perturbations introduced by our attack strategy.It enhances model robustness by enforcing embedding consistency and edge-level smoothness during training.We conduct experiments on six public TU graph classification datasets:NCI1,NCI109,Mutagenicity,ENZYMES,COLLAB,and DBLP_v1,to evaluate the effectiveness of our attack and defense strategies.Under an attack budget of 3,the maximum reduction in model accuracy reaches 6.67%on the Graph Convolutional Network(GCN)and 11.67%on the Graph Attention Network(GAT)across different datasets,indicating that our unsupervised method induces degradation comparable to state-of-the-art supervised attacks.Meanwhile,our defense achieves the highest accuracy recovery of 3.89%(GCN)and 5.00%(GAT),demonstrating improved robustness against structural perturbations.展开更多
Remote sensing image super-resolution technology is pivotal for enhancing image quality in critical applications including environmental monitoring,urban planning,and disaster assessment.However,traditional methods ex...Remote sensing image super-resolution technology is pivotal for enhancing image quality in critical applications including environmental monitoring,urban planning,and disaster assessment.However,traditional methods exhibit deficiencies in detail recovery and noise suppression,particularly when processing complex landscapes(e.g.,forests,farmlands),leading to artifacts and spectral distortions that limit practical utility.To address this,we propose an enhanced Super-Resolution Generative Adversarial Network(SRGAN)framework featuring three key innovations:(1)Replacement of L1/L2 loss with a robust Charbonnier loss to suppress noise while preserving edge details via adaptive gradient balancing;(2)A multi-loss joint optimization strategy dynamically weighting Charbonnier loss(β=0.5),Visual Geometry Group(VGG)perceptual loss(α=1),and adversarial loss(γ=0.1)to synergize pixel-level accuracy and perceptual quality;(3)A multi-scale residual network(MSRN)capturing cross-scale texture features(e.g.,forest canopies,mountain contours).Validated on Sentinel-2(10 m)and SPOT-6/7(2.5 m)datasets covering 904 km2 in Motuo County,Xizang,our method outperforms the SRGAN baseline(SR4RS)with Peak Signal-to-Noise Ratio(PSNR)gains of 0.29 dB and Structural Similarity Index(SSIM)improvements of 3.08%on forest imagery.Visual comparisons confirm enhanced texture continuity despite marginal Learned Perceptual Image Patch Similarity(LPIPS)increases.The method significantly improves noise robustness and edge retention in complex geomorphology,demonstrating 18%faster response in forest fire early warning and providing high-resolution support for agricultural/urban monitoring.Future work will integrate spectral constraints and lightweight architectures.展开更多
Recommending personalized travel routes from sparse,implicit feedback poses a significant challenge,as conventional systems often struggle with information overload and fail to capture the complex,sequential nature of...Recommending personalized travel routes from sparse,implicit feedback poses a significant challenge,as conventional systems often struggle with information overload and fail to capture the complex,sequential nature of user preferences.To address this,we propose a Conditional Generative Adversarial Network(CGAN)that generates diverse and highly relevant itineraries.Our approach begins by constructing a conditional vector that encapsulates a user’s profile.This vector uniquely fuses embeddings from a Heterogeneous Information Network(HIN)to model complex user-place-route relationships,a Recurrent Neural Network(RNN)to capture sequential path dynamics,and Neural Collaborative Filtering(NCF)to incorporate collaborative signals from the wider user base.This comprehensive condition,further enhanced with features representing user interaction confidence and uncertainty,steers a CGAN stabilized by spectral normalization to generate high-fidelity latent route representations,effectively mitigating the data sparsity problem.Recommendations are then formulated using an Anchor-and-Expand algorithm,which selects relevant starting Points of Interest(POI)based on user history,then expands routes through latent similarity matching and geographic coherence optimization,culminating in Traveling Salesman Problem(TSP)-based route optimization for practical travel distances.Experiments on a real-world check-in dataset validate our model’s unique generative capability,achieving F1 scores ranging from 0.163 to 0.305,and near-zero pairs−F1 scores between 0.002 and 0.022.These results confirm the model’s success in generating novel travel routes by recommending new locations and sequences rather than replicating users’past itineraries.This work provides a robust solution for personalized travel planning,capable of generating novel and compelling routes for both new and existing users by learning from collective travel intelligence.展开更多
Alzheimer’s Disease(AD)is a progressive neurodegenerative disorder that significantly affects cognitive function,making early and accurate diagnosis essential.Traditional Deep Learning(DL)-based approaches often stru...Alzheimer’s Disease(AD)is a progressive neurodegenerative disorder that significantly affects cognitive function,making early and accurate diagnosis essential.Traditional Deep Learning(DL)-based approaches often struggle with low-contrast MRI images,class imbalance,and suboptimal feature extraction.This paper develops a Hybrid DL system that unites MobileNetV2 with adaptive classification methods to boost Alzheimer’s diagnosis by processing MRI scans.Image enhancement is done using Contrast-Limited Adaptive Histogram Equalization(CLAHE)and Enhanced Super-Resolution Generative Adversarial Networks(ESRGAN).A classification robustness enhancement system integrates class weighting techniques and a Matthews Correlation Coefficient(MCC)-based evaluation method into the design.The trained and validated model gives a 98.88%accuracy rate and 0.9614 MCC score.We also performed a 10-fold cross-validation experiment with an average accuracy of 96.52%(±1.51),a loss of 0.1671,and an MCC score of 0.9429 across folds.The proposed framework outperforms the state-of-the-art models with a 98%weighted F1-score while decreasing misdiagnosis results for every AD stage.The model demonstrates apparent separation abilities between AD progression stages according to the results of the confusion matrix analysis.These results validate the effectiveness of hybrid DL models with adaptive preprocessing for early and reliable Alzheimer’s diagnosis,contributing to improved computer-aided diagnosis(CAD)systems in clinical practice.展开更多
Machine learning techniques such as artificial neural networks are seeing increased use in the examination of communication network research questions.Central to many of these research questions is the need to classif...Machine learning techniques such as artificial neural networks are seeing increased use in the examination of communication network research questions.Central to many of these research questions is the need to classify packets and improve visibility.Multi-Layer Perceptron(MLP)neural networks and Convolutional Neural Networks(CNNs)have been used to successfully identify individual packets.However,some datasets create instability in neural network models.Machine learning can also be subject to data injection and misclassification problems.In addition,when attempting to address complex communication network challenges,extremely high classification accuracy is required.Neural network ensembles can work towards minimizing or even eliminating some of these problems by comparing results from multiple models.After ensembles tuning,training time can be reduced,and a viable and effective architecture can be obtained.Because of their effectiveness,ensembles can be utilized to defend against data poisoning attacks attempting to create classification errors.In this work,ensemble tuning and several voting strategies are explored that consistently result in classification accuracy above 99%.In addition,ensembles are shown to be effective against these types of attack by maintaining accuracy above 98%.展开更多
Communication can promote coordination in cooperative Multi-Agent Reinforcement Learning(MARL).Nowadays,existing works mainly focus on improving the communication efficiency of agents,neglecting that real-world commun...Communication can promote coordination in cooperative Multi-Agent Reinforcement Learning(MARL).Nowadays,existing works mainly focus on improving the communication efficiency of agents,neglecting that real-world communication is much more challenging as there may exist noise or potential attackers.Thus the robustness of the communication-based policies becomes an emergent and severe issue that needs more exploration.In this paper,we posit that the ego system trained with auxiliary adversaries may handle this limitation and propose an adaptable method of Multi-Agent Auxiliary Adversaries Generation for robust Communication,dubbed MA3C,to obtain a robust communication-based policy.In specific,we introduce a novel message-attacking approach that models the learning of the auxiliary attacker as a cooperative problem under a shared goal to minimize the coordination ability of the ego system,with which every information channel may suffer from distinct message attacks.Furthermore,as naive adversarial training may impede the generalization ability of the ego system,we design an attacker population generation approach based on evolutionary learning.Finally,the ego system is paired with an attacker population and then alternatively trained against the continuously evolving attackers to improve its robustness,meaning that both the ego system and the attackers are adaptable.Extensive experiments on multiple benchmarks indicate that our proposed MA3C provides comparable or better robustness and generalization ability than other baselines.展开更多
Heat dissipation performance is critical to the design of high-end equipment,such as integrated chips and high-precision machine tools.Owing to the advantages of artificial intelligence in solving complex tasks involv...Heat dissipation performance is critical to the design of high-end equipment,such as integrated chips and high-precision machine tools.Owing to the advantages of artificial intelligence in solving complex tasks involving a large number of variables,researchers have exploited deep learning to expedite the optimization of material properties,such as the heat dissipation of solid isotropic materials with penalization(SIMP).However,because the approach is limited by discrete datasets and labeled training forms,ensuring the continuous adaptation of the condition domain and maintaining the stability of the design structure remain major challenges in the current intelligent design methodology for thermally conductive structures.In this study,we propose an innovative intelligent design fram-ework integrating Conditional Deep Convolutional Generative Adversarial Networks(CDCGAN)with SIMP,capable of creating topology structures that meet prescribed thermal conduction performance.This proposed design strategy significantly reduces the computational time required to solve symmetric and random heat sink problems compared with existing design approaches and is approximately 98%faster than standard SIMP methods and 55.5%faster than conventional deep-learning-based methods.In addition,we benchmarked the design performance of the proposed framework against theoretical structural designs via experimental measurements.We observed a 50.1%reduction in the average temperature and a 28.2%reduction in the highest temperature in our designed topology compared with those theoretical structure designs.展开更多
Stock price prediction is a typical complex time series prediction problem characterized by dynamics,nonlinearity,and complexity.This paper introduces a generative adversarial network model that incorporates an attent...Stock price prediction is a typical complex time series prediction problem characterized by dynamics,nonlinearity,and complexity.This paper introduces a generative adversarial network model that incorporates an attention mechanism(GAN-LSTM-Attention)to improve the accuracy of stock price prediction.Firstly,the generator of this model combines the Long and Short-Term Memory Network(LSTM),the Attention Mechanism and,the Fully-Connected Layer,focusing on generating the predicted stock price.The discriminator combines the Convolutional Neural Network(CNN)and the Fully-Connected Layer to discriminate between real stock prices and generated stock prices.Secondly,to evaluate the practical application ability and generalization ability of the GAN-LSTM-Attention model,four representative stocks in the United States of America(USA)stock market,namely,Standard&Poor’s 500 Index stock,Apple Incorporatedstock,AdvancedMicroDevices Incorporatedstock,and Google Incorporated stock were selected for prediction experiments,and the prediction performance was comprehensively evaluated by using the three evaluation metrics,namely,mean absolute error(MAE),root mean square error(RMSE),and coefficient of determination(R2).Finally,the specific effects of the attention mechanism,convolutional layer,and fully-connected layer on the prediction performance of the model are systematically analyzed through ablation study.The results of experiment show that the GAN-LSTM-Attention model exhibits excellent performance and robustness in stock price prediction.展开更多
The emergence of next generation networks(NextG),including 5G and beyond,is reshaping the technological landscape of cellular and mobile networks.These networks are sufficiently scaled to interconnect billions of user...The emergence of next generation networks(NextG),including 5G and beyond,is reshaping the technological landscape of cellular and mobile networks.These networks are sufficiently scaled to interconnect billions of users and devices.Researchers in academia and industry are focusing on technological advancements to achieve highspeed transmission,cell planning,and latency reduction to facilitate emerging applications such as virtual reality,the metaverse,smart cities,smart health,and autonomous vehicles.NextG continuously improves its network functionality to support these applications.Multiple input multiple output(MIMO)technology offers spectral efficiency,dependability,and overall performance in conjunctionwithNextG.This article proposes a secure channel estimation technique in MIMO topology using a norm-estimation model to provide comprehensive insights into protecting NextG network components against adversarial attacks.The technique aims to create long-lasting and secure NextG networks using this extended approach.The viability of MIMO applications and modern AI-driven methodologies to combat cybersecurity threats are explored in this research.Moreover,the proposed model demonstrates high performance in terms of reliability and accuracy,with a 20%reduction in the MalOut-RealOut-Diff metric compared to existing state-of-the-art techniques.展开更多
The Internet of Things(IoT)is integral to modern infrastructure,enabling connectivity among a wide range of devices from home automation to industrial control systems.With the exponential increase in data generated by...The Internet of Things(IoT)is integral to modern infrastructure,enabling connectivity among a wide range of devices from home automation to industrial control systems.With the exponential increase in data generated by these interconnected devices,robust anomaly detection mechanisms are essential.Anomaly detection in this dynamic environment necessitates methods that can accurately distinguish between normal and anomalous behavior by learning intricate patterns.This paper presents a novel approach utilizing generative adversarial networks(GANs)for anomaly detection in IoT systems.However,optimizing GANs involves tuning hyper-parameters such as learning rate,batch size,and optimization algorithms,which can be challenging due to the non-convex nature of GAN loss functions.To address this,we propose a five-dimensional Gray wolf optimizer(5DGWO)to optimize GAN hyper-parameters.The 5DGWO introduces two new types of wolves:gamma(γ)for improved exploitation and convergence,and theta(θ)for enhanced exploration and escaping local minima.The proposed system framework comprises four key stages:1)preprocessing,2)generative model training,3)autoencoder(AE)training,and 4)predictive model training.The generative models are utilized to assist the AE training,and the final predictive models(including convolutional neural network(CNN),deep belief network(DBN),recurrent neural network(RNN),random forest(RF),and extreme gradient boosting(XGBoost))are trained using the generated data and AE-encoded features.We evaluated the system on three benchmark datasets:NSL-KDD,UNSW-NB15,and IoT-23.Experiments conducted on diverse IoT datasets show that our method outperforms existing anomaly detection strategies and significantly reduces false positives.The 5DGWO-GAN-CNNAE exhibits superior performance in various metrics,including accuracy,recall,precision,root mean square error(RMSE),and convergence trend.The proposed 5DGWO-GAN-CNNAE achieved the lowest RMSE values across the NSL-KDD,UNSW-NB15,and IoT-23 datasets,with values of 0.24,1.10,and 0.09,respectively.Additionally,it attained the highest accuracy,ranging from 94%to 100%.These results suggest a promising direction for future IoT security frameworks,offering a scalable and efficient solution to safeguard against evolving cyber threats.展开更多
Image super-resolution reconstruction technology is currently widely used in medical imaging,video surveillance,and industrial quality inspection.It not only enhances image quality but also improves details and visual...Image super-resolution reconstruction technology is currently widely used in medical imaging,video surveillance,and industrial quality inspection.It not only enhances image quality but also improves details and visual perception,significantly increasing the utility of low-resolution images.In this study,an improved image superresolution reconstruction model based on Generative Adversarial Networks(SRGAN)was proposed.This model introduced a channel and spatial attention mechanism(CSAB)in the generator,allowing it to effectively leverage the information from the input image to enhance feature representations and capture important details.The discriminator was designed with an improved PatchGAN architecture,which more accurately captured local details and texture information of the image.With these enhanced generator and discriminator architectures and an optimized loss function design,this method demonstrated superior performance in image quality assessment metrics.Experimental results showed that this model outperforms traditional methods,presenting more detailed and realistic image details in the visual effects.展开更多
Credit risk assessment is a crucial task in bank risk management.By making lending decisions based on credit risk assessment results,banks can reduce the probability of non-performing loans.However,class imbalance in ...Credit risk assessment is a crucial task in bank risk management.By making lending decisions based on credit risk assessment results,banks can reduce the probability of non-performing loans.However,class imbalance in bank credit default datasets limits the predictive performance of traditional machine learning and deep learning models.To address this issue,this study employs the conditional variational autoencoder-Wasserstein generative adversarial network with gradient penalty(CVAE-WGAN-gp)model for oversampling,generating samples similar to the original default customer data to enhance model prediction performance.To evaluate the quality of the data generated by the CVAE-WGAN-gp model,we selected several bank loan datasets for experimentation.The experimental results demonstrate that using the CVAE-WGAN-gp model for oversampling can significantly improve the predictive performance in credit risk assessment problems.展开更多
Recent years have witnessed the ever-increasing performance of Deep Neural Networks(DNNs)in computer vision tasks.However,researchers have identified a potential vulnerability:carefully crafted adversarial examples ca...Recent years have witnessed the ever-increasing performance of Deep Neural Networks(DNNs)in computer vision tasks.However,researchers have identified a potential vulnerability:carefully crafted adversarial examples can easily mislead DNNs into incorrect behavior via the injection of imperceptible modification to the input data.In this survey,we focus on(1)adversarial attack algorithms to generate adversarial examples,(2)adversarial defense techniques to secure DNNs against adversarial examples,and(3)important problems in the realm of adversarial examples beyond attack and defense,including the theoretical explanations,trade-off issues and benign attacks in adversarial examples.Additionally,we draw a brief comparison between recently published surveys on adversarial examples,and identify the future directions for the research of adversarial examples,such as the generalization of methods and the understanding of transferability,that might be solutions to the open problems in this field.展开更多
Tag recommendation systems can significantly improve the accuracy of information retrieval by recommending relevant tag sets that align with user preferences and resource characteristics.However,metric learning method...Tag recommendation systems can significantly improve the accuracy of information retrieval by recommending relevant tag sets that align with user preferences and resource characteristics.However,metric learning methods often suffer from high sensitivity,leading to unstable recommendation results when facing adversarial samples generated through malicious user behavior.Adversarial training is considered to be an effective method for improving the robustness of tag recommendation systems and addressing adversarial samples.However,it still faces the challenge of overfitting.Although curriculum learning-based adversarial training somewhat mitigates this issue,challenges still exist,such as the lack of a quantitative standard for attack intensity and catastrophic forgetting.To address these challenges,we propose a Self-Paced Adversarial Metric Learning(SPAML)method.First,we employ a metric learning model to capture the deep distance relationships between normal samples.Then,we incorporate a self-paced adversarial training model,which dynamically adjusts the weights of adversarial samples,allowing the model to progressively learn from simpler to more complex adversarial samples.Finally,we jointly optimize the metric learning loss and self-paced adversarial training loss in an adversarial manner,enhancing the robustness and performance of tag recommendation tasks.Extensive experiments on the MovieLens and LastFm datasets demonstrate that SPAML achieves F1@3 and NDCG@3 scores of 22%and 32.7%on the MovieLens dataset,and 19.4%and 29%on the LastFm dataset,respectively,outperforming the most competitive baselines.Specifically,F1@3 improves by 4.7%and 6.8%,and NDCG@3 improves by 5.0%and 6.9%,respectively.展开更多
The emergence of adversarial examples has revealed the inadequacies in the robustness of image classification models based on Convolutional Neural Networks (CNNs). Particularly in recent years, the discovery of natura...The emergence of adversarial examples has revealed the inadequacies in the robustness of image classification models based on Convolutional Neural Networks (CNNs). Particularly in recent years, the discovery of natural adversarial examples has posed significant challenges, as traditional defense methods against adversarial attacks have proven to be largely ineffective against these natural adversarial examples. This paper explores defenses against these natural adversarial examples from three perspectives: adversarial examples, model architecture, and dataset. First, it employs Class Activation Mapping (CAM) to visualize how models classify natural adversarial examples, identifying several typical attack patterns. Next, various common CNN models are analyzed to evaluate their susceptibility to these attacks, revealing that different architectures exhibit varying defensive capabilities. The study finds that as the depth of a network increases, its defenses against natural adversarial examples strengthen. Lastly, Finally, the impact of dataset class distribution on the defense capability of models is examined, focusing on two aspects: the number of classes in the training set and the number of predicted classes. This study investigates how these factors influence the model’s ability to defend against natural adversarial examples. Results indicate that reducing the number of training classes enhances the model’s defense against natural adversarial examples. Additionally, under a fixed number of training classes, some CNN models show an optimal range of predicted classes for achieving the best defense performance against these adversarial examples.展开更多
Deep neural networks remain susceptible to adversarial examples,where the goal of an adversarial attack is to introduce small perturbations to the original examples in order to confuse the model without being easily d...Deep neural networks remain susceptible to adversarial examples,where the goal of an adversarial attack is to introduce small perturbations to the original examples in order to confuse the model without being easily detected.Although many adversarial attack methods produce adversarial examples that have achieved great results in the whitebox setting,they exhibit low transferability in the black-box setting.In order to improve the transferability along the baseline of the gradient-based attack technique,we present a novel Stochastic Gradient Accumulation Momentum Iterative Attack(SAMI-FGSM)in this study.In particular,during each iteration,the gradient information is calculated using a normal sampling approach that randomly samples around the sample points,with the highest probability of capturing adversarial features.Meanwhile,the accumulated information of the sampled gradient from the previous iteration is further considered to modify the current updated gradient,and the original gradient attack direction is changed to ensure that the updated gradient direction is more stable.Comprehensive experiments conducted on the ImageNet dataset show that our method outperforms existing state-of-the-art gradient-based attack techniques,achieving an average improvement of 10.2%in transferability.展开更多
Large Language Models(LLMs)have significantly advanced human-computer interaction by improving natural language understanding and generation.However,their vulnerability to adversarial prompts–carefully designed input...Large Language Models(LLMs)have significantly advanced human-computer interaction by improving natural language understanding and generation.However,their vulnerability to adversarial prompts–carefully designed inputs that manipulate model outputs–presents substantial challenges.This paper introduces a classification-based approach to detect adversarial prompts by utilizing both prompt features and prompt response features.Elevenmachine learning models were evaluated based on key metrics such as accuracy,precision,recall,and F1-score.The results show that the Convolutional Neural Network–Long Short-Term Memory(CNN-LSTM)cascade model delivers the best performance,especially when using prompt features,achieving an accuracy of over 97%in all adversarial scenarios.Furthermore,the Support Vector Machine(SVM)model performed best with prompt response features,particularly excelling in prompt type classification tasks.Classification results revealed that certain types of adversarial attacks,such as“Word Level”and“Adversarial Prefix”,were particularly difficult to detect,as indicated by their low recall and F1-scores.These findings suggest that more subtle manipulations can evade detection mechanisms.In contrast,attacks like“Sentence Level”and“Adversarial Insertion”were easier to identify,due to the model’s effectiveness in recognizing inserted content.Natural Language Processing(NLP)techniques played a critical role by enabling the extraction of semantic and syntactic features from both prompts and their corresponding responses.These insights highlight the importance of combining traditional and deep learning approaches,along with advanced NLP techniques,to build more reliable adversarial prompt detection systems for LLMs.展开更多
基金supported by the National Key Research and Development Program of China(2022YFB3305904)the National Natural Science Foundation of China(62133003,61991403,61991400)+4 种基金the Open Project of State Key Laboratory of Synthetical Automation for Process Industries(SAPI-2024-KFKT-05,SAPI-2024-KFKT-08)China Academy of Engineering Institute of Land Cooperation Consulting Project(2023-DFZD-60-02,N2424004)the Fundamental Research Funds for the Central UniversitiesShanghai Municipal Science and Technology Major Project(2021SHZDZX0100)the Key Research and Development Program of Liaoning Province(2023JH26/10200011)
文摘In this paper, we study the decentralized federated learning problem, which involves the collaborative training of a global model among multiple devices while ensuring data privacy.In classical federated learning, the communication channel between the devices poses a potential risk of compromising private information. To reduce the risk of adversary eavesdropping in the communication channel, we propose TRADE(transmit difference weight) concept. This concept replaces the decentralized federated learning algorithm's transmitted weight parameters with differential weight parameters, enhancing the privacy data against eavesdropping. Subsequently, by integrating the TRADE concept with the primal-dual stochastic gradient descent(SGD)algorithm, we propose a decentralized TRADE primal-dual SGD algorithm. We demonstrate that our proposed algorithm's convergence properties are the same as those of the primal-dual SGD algorithm while providing enhanced privacy protection. We validate the algorithm's performance on fault diagnosis task using the Case Western Reserve University dataset, and image classification tasks using the CIFAR-10 and CIFAR-100 datasets,revealing model accuracy comparable to centralized federated learning. Additionally, the experiments confirm the algorithm's privacy protection capability.
基金supported by Key Laboratory of Cyberspace Security,Ministry of Education,China。
文摘Transformer-based models have significantly advanced binary code similarity detection(BCSD)by leveraging their semantic encoding capabilities for efficient function matching across diverse compilation settings.Although adversarial examples can strategically undermine the accuracy of BCSD models and protect critical code,existing techniques predominantly depend on inserting artificial instructions,which incur high computational costs and offer limited diversity of perturbations.To address these limitations,we propose AIMA,a novel gradient-guided assembly instruction relocation method.Our method decouples the detection model into tokenization,embedding,and encoding layers to enable efficient gradient computation.Since token IDs of instructions are discrete and nondifferentiable,we compute gradients in the continuous embedding space to evaluate the influence of each token.The most critical tokens are identified by calculating the L2 norm of their embedding gradients.We then establish a mapping between instructions and their corresponding tokens to aggregate token-level importance into instructionlevel significance.To maximize adversarial impact,a sliding window algorithm selects the most influential contiguous segments for relocation,ensuring optimal perturbation with minimal length.This approach efficiently locates critical code regions without expensive search operations.The selected segments are relocated outside their original function boundaries via a jump mechanism,which preserves runtime control flow and functionality while introducing“deletion”effects in the static instruction sequence.Extensive experiments show that AIMA reduces similarity scores by up to 35.8%in state-of-the-art BCSD models.When incorporated into training data,it also enhances model robustness,achieving a 5.9%improvement in AUROC.
文摘Most existing secret sharing schemes are constructed to realize generalaccess structure, which is defined in terms of authorized groups of participants, and is unable tobe applied directly to the design of intrusion tolerant system, which often concerns corruptiblegroups of participants instead of authorized ones. Instead, the generalized adversary structure,which specifies the corruptible subsets of participants, can be determined directly by exploit ofthe system setting and the attributes of all participants. In this paper an efficient secret sharingscheme realizing generalized adversary structure is proposed, and it is proved that the schemesatisfies both properties of the secret sharing scheme, i.e., the reconstruction property and theperfect property. The main features of this scheme are that it performs modular additions andsubtractions only, and each share appears in multiple share sets and is thus replicated. The formeris an advantage in terms of computational complexity, and the latter is an advantage when recoveryof some corrupted participants is necessary. So our scheme can achieve lower computation cost andhigher availability. Some reduction on the scheme is also done finally, based on an equivalencerelation defined over adversary structure. Analysis shows that reduced scheme still preserves theproperties of the original one.
基金funded by the National Key Research and Development Program of China(Grant No.2024YFE0209000)the NSFC(Grant No.U23B2019).
文摘Graph Neural Networks(GNNs)have proven highly effective for graph classification across diverse fields such as social networks,bioinformatics,and finance,due to their capability to learn complex graph structures.However,despite their success,GNNs remain vulnerable to adversarial attacks that can significantly degrade their classification accuracy.Existing adversarial attack strategies primarily rely on label information to guide the attacks,which limits their applicability in scenarios where such information is scarce or unavailable.This paper introduces an innovative unsupervised attack method for graph classification,which operates without relying on label information,thereby enhancing its applicability in a broad range of scenarios.Specifically,our method first leverages a graph contrastive learning loss to learn high-quality graph embeddings by comparing different stochastic augmented views of the graphs.To effectively perturb the graphs,we then introduce an implicit estimator that measures the impact of various modifications on graph structures.The proposed strategy identifies and flips edges with the top-K highest scores,determined by the estimator,to maximize the degradation of the model’s performance.In addition,to defend against such attack,we propose a lightweight regularization-based defense mechanism that is specifically tailored to mitigate the structural perturbations introduced by our attack strategy.It enhances model robustness by enforcing embedding consistency and edge-level smoothness during training.We conduct experiments on six public TU graph classification datasets:NCI1,NCI109,Mutagenicity,ENZYMES,COLLAB,and DBLP_v1,to evaluate the effectiveness of our attack and defense strategies.Under an attack budget of 3,the maximum reduction in model accuracy reaches 6.67%on the Graph Convolutional Network(GCN)and 11.67%on the Graph Attention Network(GAT)across different datasets,indicating that our unsupervised method induces degradation comparable to state-of-the-art supervised attacks.Meanwhile,our defense achieves the highest accuracy recovery of 3.89%(GCN)and 5.00%(GAT),demonstrating improved robustness against structural perturbations.
基金This study was supported by:Inner Mongolia Academy of Forestry Sciences Open Research Project(Grant No.KF2024MS03)The Project to Improve the Scientific Research Capacity of the Inner Mongolia Academy of Forestry Sciences(Grant No.2024NLTS04)The Innovation and Entrepreneurship Training Program for Undergraduates of Beijing Forestry University(Grant No.X202410022268).
文摘Remote sensing image super-resolution technology is pivotal for enhancing image quality in critical applications including environmental monitoring,urban planning,and disaster assessment.However,traditional methods exhibit deficiencies in detail recovery and noise suppression,particularly when processing complex landscapes(e.g.,forests,farmlands),leading to artifacts and spectral distortions that limit practical utility.To address this,we propose an enhanced Super-Resolution Generative Adversarial Network(SRGAN)framework featuring three key innovations:(1)Replacement of L1/L2 loss with a robust Charbonnier loss to suppress noise while preserving edge details via adaptive gradient balancing;(2)A multi-loss joint optimization strategy dynamically weighting Charbonnier loss(β=0.5),Visual Geometry Group(VGG)perceptual loss(α=1),and adversarial loss(γ=0.1)to synergize pixel-level accuracy and perceptual quality;(3)A multi-scale residual network(MSRN)capturing cross-scale texture features(e.g.,forest canopies,mountain contours).Validated on Sentinel-2(10 m)and SPOT-6/7(2.5 m)datasets covering 904 km2 in Motuo County,Xizang,our method outperforms the SRGAN baseline(SR4RS)with Peak Signal-to-Noise Ratio(PSNR)gains of 0.29 dB and Structural Similarity Index(SSIM)improvements of 3.08%on forest imagery.Visual comparisons confirm enhanced texture continuity despite marginal Learned Perceptual Image Patch Similarity(LPIPS)increases.The method significantly improves noise robustness and edge retention in complex geomorphology,demonstrating 18%faster response in forest fire early warning and providing high-resolution support for agricultural/urban monitoring.Future work will integrate spectral constraints and lightweight architectures.
基金supported by the Chung-Ang University Research Grants in 2023.Alsothe work is supported by the ELLIIT Excellence Center at Linköping–Lund in Information Technology in Sweden.
文摘Recommending personalized travel routes from sparse,implicit feedback poses a significant challenge,as conventional systems often struggle with information overload and fail to capture the complex,sequential nature of user preferences.To address this,we propose a Conditional Generative Adversarial Network(CGAN)that generates diverse and highly relevant itineraries.Our approach begins by constructing a conditional vector that encapsulates a user’s profile.This vector uniquely fuses embeddings from a Heterogeneous Information Network(HIN)to model complex user-place-route relationships,a Recurrent Neural Network(RNN)to capture sequential path dynamics,and Neural Collaborative Filtering(NCF)to incorporate collaborative signals from the wider user base.This comprehensive condition,further enhanced with features representing user interaction confidence and uncertainty,steers a CGAN stabilized by spectral normalization to generate high-fidelity latent route representations,effectively mitigating the data sparsity problem.Recommendations are then formulated using an Anchor-and-Expand algorithm,which selects relevant starting Points of Interest(POI)based on user history,then expands routes through latent similarity matching and geographic coherence optimization,culminating in Traveling Salesman Problem(TSP)-based route optimization for practical travel distances.Experiments on a real-world check-in dataset validate our model’s unique generative capability,achieving F1 scores ranging from 0.163 to 0.305,and near-zero pairs−F1 scores between 0.002 and 0.022.These results confirm the model’s success in generating novel travel routes by recommending new locations and sequences rather than replicating users’past itineraries.This work provides a robust solution for personalized travel planning,capable of generating novel and compelling routes for both new and existing users by learning from collective travel intelligence.
基金funded by the Deanship of Graduate Studies and Scientific Research at Jouf University under grant No.(DGSSR-2025-02-01295).
文摘Alzheimer’s Disease(AD)is a progressive neurodegenerative disorder that significantly affects cognitive function,making early and accurate diagnosis essential.Traditional Deep Learning(DL)-based approaches often struggle with low-contrast MRI images,class imbalance,and suboptimal feature extraction.This paper develops a Hybrid DL system that unites MobileNetV2 with adaptive classification methods to boost Alzheimer’s diagnosis by processing MRI scans.Image enhancement is done using Contrast-Limited Adaptive Histogram Equalization(CLAHE)and Enhanced Super-Resolution Generative Adversarial Networks(ESRGAN).A classification robustness enhancement system integrates class weighting techniques and a Matthews Correlation Coefficient(MCC)-based evaluation method into the design.The trained and validated model gives a 98.88%accuracy rate and 0.9614 MCC score.We also performed a 10-fold cross-validation experiment with an average accuracy of 96.52%(±1.51),a loss of 0.1671,and an MCC score of 0.9429 across folds.The proposed framework outperforms the state-of-the-art models with a 98%weighted F1-score while decreasing misdiagnosis results for every AD stage.The model demonstrates apparent separation abilities between AD progression stages according to the results of the confusion matrix analysis.These results validate the effectiveness of hybrid DL models with adaptive preprocessing for early and reliable Alzheimer’s diagnosis,contributing to improved computer-aided diagnosis(CAD)systems in clinical practice.
文摘Machine learning techniques such as artificial neural networks are seeing increased use in the examination of communication network research questions.Central to many of these research questions is the need to classify packets and improve visibility.Multi-Layer Perceptron(MLP)neural networks and Convolutional Neural Networks(CNNs)have been used to successfully identify individual packets.However,some datasets create instability in neural network models.Machine learning can also be subject to data injection and misclassification problems.In addition,when attempting to address complex communication network challenges,extremely high classification accuracy is required.Neural network ensembles can work towards minimizing or even eliminating some of these problems by comparing results from multiple models.After ensembles tuning,training time can be reduced,and a viable and effective architecture can be obtained.Because of their effectiveness,ensembles can be utilized to defend against data poisoning attacks attempting to create classification errors.In this work,ensemble tuning and several voting strategies are explored that consistently result in classification accuracy above 99%.In addition,ensembles are shown to be effective against these types of attack by maintaining accuracy above 98%.
基金the National Key R&D Program of China(2020AAA0107200)the National Natural Science Foundation of China(Grant Nos.61921006,61876119,62276126)the Natural Science Foundation of Jiangsu(BK20221442)。
文摘Communication can promote coordination in cooperative Multi-Agent Reinforcement Learning(MARL).Nowadays,existing works mainly focus on improving the communication efficiency of agents,neglecting that real-world communication is much more challenging as there may exist noise or potential attackers.Thus the robustness of the communication-based policies becomes an emergent and severe issue that needs more exploration.In this paper,we posit that the ego system trained with auxiliary adversaries may handle this limitation and propose an adaptable method of Multi-Agent Auxiliary Adversaries Generation for robust Communication,dubbed MA3C,to obtain a robust communication-based policy.In specific,we introduce a novel message-attacking approach that models the learning of the auxiliary attacker as a cooperative problem under a shared goal to minimize the coordination ability of the ego system,with which every information channel may suffer from distinct message attacks.Furthermore,as naive adversarial training may impede the generalization ability of the ego system,we design an attacker population generation approach based on evolutionary learning.Finally,the ego system is paired with an attacker population and then alternatively trained against the continuously evolving attackers to improve its robustness,meaning that both the ego system and the attackers are adaptable.Extensive experiments on multiple benchmarks indicate that our proposed MA3C provides comparable or better robustness and generalization ability than other baselines.
基金Supported by National Natural Science Foundation of China(Grant Nos.52222508 and 52335011)。
文摘Heat dissipation performance is critical to the design of high-end equipment,such as integrated chips and high-precision machine tools.Owing to the advantages of artificial intelligence in solving complex tasks involving a large number of variables,researchers have exploited deep learning to expedite the optimization of material properties,such as the heat dissipation of solid isotropic materials with penalization(SIMP).However,because the approach is limited by discrete datasets and labeled training forms,ensuring the continuous adaptation of the condition domain and maintaining the stability of the design structure remain major challenges in the current intelligent design methodology for thermally conductive structures.In this study,we propose an innovative intelligent design fram-ework integrating Conditional Deep Convolutional Generative Adversarial Networks(CDCGAN)with SIMP,capable of creating topology structures that meet prescribed thermal conduction performance.This proposed design strategy significantly reduces the computational time required to solve symmetric and random heat sink problems compared with existing design approaches and is approximately 98%faster than standard SIMP methods and 55.5%faster than conventional deep-learning-based methods.In addition,we benchmarked the design performance of the proposed framework against theoretical structural designs via experimental measurements.We observed a 50.1%reduction in the average temperature and a 28.2%reduction in the highest temperature in our designed topology compared with those theoretical structure designs.
基金funded by the project supported by the Natural Science Foundation of Heilongjiang Provincial(Grant Number LH2023F033)the Science and Technology Innovation Talent Project of Harbin(Grant Number 2022CXRCCG006).
文摘Stock price prediction is a typical complex time series prediction problem characterized by dynamics,nonlinearity,and complexity.This paper introduces a generative adversarial network model that incorporates an attention mechanism(GAN-LSTM-Attention)to improve the accuracy of stock price prediction.Firstly,the generator of this model combines the Long and Short-Term Memory Network(LSTM),the Attention Mechanism and,the Fully-Connected Layer,focusing on generating the predicted stock price.The discriminator combines the Convolutional Neural Network(CNN)and the Fully-Connected Layer to discriminate between real stock prices and generated stock prices.Secondly,to evaluate the practical application ability and generalization ability of the GAN-LSTM-Attention model,four representative stocks in the United States of America(USA)stock market,namely,Standard&Poor’s 500 Index stock,Apple Incorporatedstock,AdvancedMicroDevices Incorporatedstock,and Google Incorporated stock were selected for prediction experiments,and the prediction performance was comprehensively evaluated by using the three evaluation metrics,namely,mean absolute error(MAE),root mean square error(RMSE),and coefficient of determination(R2).Finally,the specific effects of the attention mechanism,convolutional layer,and fully-connected layer on the prediction performance of the model are systematically analyzed through ablation study.The results of experiment show that the GAN-LSTM-Attention model exhibits excellent performance and robustness in stock price prediction.
基金funding from King Saud University through Researchers Supporting Project number(RSP2024R387),King Saud University,Riyadh,Saudi Arabia.
文摘The emergence of next generation networks(NextG),including 5G and beyond,is reshaping the technological landscape of cellular and mobile networks.These networks are sufficiently scaled to interconnect billions of users and devices.Researchers in academia and industry are focusing on technological advancements to achieve highspeed transmission,cell planning,and latency reduction to facilitate emerging applications such as virtual reality,the metaverse,smart cities,smart health,and autonomous vehicles.NextG continuously improves its network functionality to support these applications.Multiple input multiple output(MIMO)technology offers spectral efficiency,dependability,and overall performance in conjunctionwithNextG.This article proposes a secure channel estimation technique in MIMO topology using a norm-estimation model to provide comprehensive insights into protecting NextG network components against adversarial attacks.The technique aims to create long-lasting and secure NextG networks using this extended approach.The viability of MIMO applications and modern AI-driven methodologies to combat cybersecurity threats are explored in this research.Moreover,the proposed model demonstrates high performance in terms of reliability and accuracy,with a 20%reduction in the MalOut-RealOut-Diff metric compared to existing state-of-the-art techniques.
基金described in this paper has been developed with in the project PRESECREL(PID2021-124502OB-C43)。
文摘The Internet of Things(IoT)is integral to modern infrastructure,enabling connectivity among a wide range of devices from home automation to industrial control systems.With the exponential increase in data generated by these interconnected devices,robust anomaly detection mechanisms are essential.Anomaly detection in this dynamic environment necessitates methods that can accurately distinguish between normal and anomalous behavior by learning intricate patterns.This paper presents a novel approach utilizing generative adversarial networks(GANs)for anomaly detection in IoT systems.However,optimizing GANs involves tuning hyper-parameters such as learning rate,batch size,and optimization algorithms,which can be challenging due to the non-convex nature of GAN loss functions.To address this,we propose a five-dimensional Gray wolf optimizer(5DGWO)to optimize GAN hyper-parameters.The 5DGWO introduces two new types of wolves:gamma(γ)for improved exploitation and convergence,and theta(θ)for enhanced exploration and escaping local minima.The proposed system framework comprises four key stages:1)preprocessing,2)generative model training,3)autoencoder(AE)training,and 4)predictive model training.The generative models are utilized to assist the AE training,and the final predictive models(including convolutional neural network(CNN),deep belief network(DBN),recurrent neural network(RNN),random forest(RF),and extreme gradient boosting(XGBoost))are trained using the generated data and AE-encoded features.We evaluated the system on three benchmark datasets:NSL-KDD,UNSW-NB15,and IoT-23.Experiments conducted on diverse IoT datasets show that our method outperforms existing anomaly detection strategies and significantly reduces false positives.The 5DGWO-GAN-CNNAE exhibits superior performance in various metrics,including accuracy,recall,precision,root mean square error(RMSE),and convergence trend.The proposed 5DGWO-GAN-CNNAE achieved the lowest RMSE values across the NSL-KDD,UNSW-NB15,and IoT-23 datasets,with values of 0.24,1.10,and 0.09,respectively.Additionally,it attained the highest accuracy,ranging from 94%to 100%.These results suggest a promising direction for future IoT security frameworks,offering a scalable and efficient solution to safeguard against evolving cyber threats.
文摘Image super-resolution reconstruction technology is currently widely used in medical imaging,video surveillance,and industrial quality inspection.It not only enhances image quality but also improves details and visual perception,significantly increasing the utility of low-resolution images.In this study,an improved image superresolution reconstruction model based on Generative Adversarial Networks(SRGAN)was proposed.This model introduced a channel and spatial attention mechanism(CSAB)in the generator,allowing it to effectively leverage the information from the input image to enhance feature representations and capture important details.The discriminator was designed with an improved PatchGAN architecture,which more accurately captured local details and texture information of the image.With these enhanced generator and discriminator architectures and an optimized loss function design,this method demonstrated superior performance in image quality assessment metrics.Experimental results showed that this model outperforms traditional methods,presenting more detailed and realistic image details in the visual effects.
基金supported by National Key R&D Program of China(2022YFA1008000)the National Natural Science Foundation of China(12571297,12101585)+1 种基金the CAS Talent Introduction Program(Category B)the Young Elite Scientist Sponsorship Program by CAST(YESS20220125).
文摘Credit risk assessment is a crucial task in bank risk management.By making lending decisions based on credit risk assessment results,banks can reduce the probability of non-performing loans.However,class imbalance in bank credit default datasets limits the predictive performance of traditional machine learning and deep learning models.To address this issue,this study employs the conditional variational autoencoder-Wasserstein generative adversarial network with gradient penalty(CVAE-WGAN-gp)model for oversampling,generating samples similar to the original default customer data to enhance model prediction performance.To evaluate the quality of the data generated by the CVAE-WGAN-gp model,we selected several bank loan datasets for experimentation.The experimental results demonstrate that using the CVAE-WGAN-gp model for oversampling can significantly improve the predictive performance in credit risk assessment problems.
基金Supported by the National Natural Science Foundation of China(U1903214,62372339,62371350,61876135)the Ministry of Education Industry University Cooperative Education Project(202102246004,220800006041043,202002142012)the Fundamental Research Funds for the Central Universities(2042023kf1033)。
文摘Recent years have witnessed the ever-increasing performance of Deep Neural Networks(DNNs)in computer vision tasks.However,researchers have identified a potential vulnerability:carefully crafted adversarial examples can easily mislead DNNs into incorrect behavior via the injection of imperceptible modification to the input data.In this survey,we focus on(1)adversarial attack algorithms to generate adversarial examples,(2)adversarial defense techniques to secure DNNs against adversarial examples,and(3)important problems in the realm of adversarial examples beyond attack and defense,including the theoretical explanations,trade-off issues and benign attacks in adversarial examples.Additionally,we draw a brief comparison between recently published surveys on adversarial examples,and identify the future directions for the research of adversarial examples,such as the generalization of methods and the understanding of transferability,that might be solutions to the open problems in this field.
基金supported by the Key Research and Development Program of Zhejiang Province(No.2024C01071)the Natural Science Foundation of Zhejiang Province(No.LQ15F030006).
文摘Tag recommendation systems can significantly improve the accuracy of information retrieval by recommending relevant tag sets that align with user preferences and resource characteristics.However,metric learning methods often suffer from high sensitivity,leading to unstable recommendation results when facing adversarial samples generated through malicious user behavior.Adversarial training is considered to be an effective method for improving the robustness of tag recommendation systems and addressing adversarial samples.However,it still faces the challenge of overfitting.Although curriculum learning-based adversarial training somewhat mitigates this issue,challenges still exist,such as the lack of a quantitative standard for attack intensity and catastrophic forgetting.To address these challenges,we propose a Self-Paced Adversarial Metric Learning(SPAML)method.First,we employ a metric learning model to capture the deep distance relationships between normal samples.Then,we incorporate a self-paced adversarial training model,which dynamically adjusts the weights of adversarial samples,allowing the model to progressively learn from simpler to more complex adversarial samples.Finally,we jointly optimize the metric learning loss and self-paced adversarial training loss in an adversarial manner,enhancing the robustness and performance of tag recommendation tasks.Extensive experiments on the MovieLens and LastFm datasets demonstrate that SPAML achieves F1@3 and NDCG@3 scores of 22%and 32.7%on the MovieLens dataset,and 19.4%and 29%on the LastFm dataset,respectively,outperforming the most competitive baselines.Specifically,F1@3 improves by 4.7%and 6.8%,and NDCG@3 improves by 5.0%and 6.9%,respectively.
文摘The emergence of adversarial examples has revealed the inadequacies in the robustness of image classification models based on Convolutional Neural Networks (CNNs). Particularly in recent years, the discovery of natural adversarial examples has posed significant challenges, as traditional defense methods against adversarial attacks have proven to be largely ineffective against these natural adversarial examples. This paper explores defenses against these natural adversarial examples from three perspectives: adversarial examples, model architecture, and dataset. First, it employs Class Activation Mapping (CAM) to visualize how models classify natural adversarial examples, identifying several typical attack patterns. Next, various common CNN models are analyzed to evaluate their susceptibility to these attacks, revealing that different architectures exhibit varying defensive capabilities. The study finds that as the depth of a network increases, its defenses against natural adversarial examples strengthen. Lastly, Finally, the impact of dataset class distribution on the defense capability of models is examined, focusing on two aspects: the number of classes in the training set and the number of predicted classes. This study investigates how these factors influence the model’s ability to defend against natural adversarial examples. Results indicate that reducing the number of training classes enhances the model’s defense against natural adversarial examples. Additionally, under a fixed number of training classes, some CNN models show an optimal range of predicted classes for achieving the best defense performance against these adversarial examples.
基金supported in part by the National Natural Science Foundation(62202118,U24A20241)in part by Major Scientific and Technological Special Project of Guizhou Province([2024]014,[2024]003)+1 种基金in part by Scientific and Technological Research Projects from Guizhou Education Department(Qian jiao ji[2023]003)in part by Guizhou Science and Technology Department Hundred Level Innovative Talents Project(GCC[2023]018).
文摘Deep neural networks remain susceptible to adversarial examples,where the goal of an adversarial attack is to introduce small perturbations to the original examples in order to confuse the model without being easily detected.Although many adversarial attack methods produce adversarial examples that have achieved great results in the whitebox setting,they exhibit low transferability in the black-box setting.In order to improve the transferability along the baseline of the gradient-based attack technique,we present a novel Stochastic Gradient Accumulation Momentum Iterative Attack(SAMI-FGSM)in this study.In particular,during each iteration,the gradient information is calculated using a normal sampling approach that randomly samples around the sample points,with the highest probability of capturing adversarial features.Meanwhile,the accumulated information of the sampled gradient from the previous iteration is further considered to modify the current updated gradient,and the original gradient attack direction is changed to ensure that the updated gradient direction is more stable.Comprehensive experiments conducted on the ImageNet dataset show that our method outperforms existing state-of-the-art gradient-based attack techniques,achieving an average improvement of 10.2%in transferability.
文摘Large Language Models(LLMs)have significantly advanced human-computer interaction by improving natural language understanding and generation.However,their vulnerability to adversarial prompts–carefully designed inputs that manipulate model outputs–presents substantial challenges.This paper introduces a classification-based approach to detect adversarial prompts by utilizing both prompt features and prompt response features.Elevenmachine learning models were evaluated based on key metrics such as accuracy,precision,recall,and F1-score.The results show that the Convolutional Neural Network–Long Short-Term Memory(CNN-LSTM)cascade model delivers the best performance,especially when using prompt features,achieving an accuracy of over 97%in all adversarial scenarios.Furthermore,the Support Vector Machine(SVM)model performed best with prompt response features,particularly excelling in prompt type classification tasks.Classification results revealed that certain types of adversarial attacks,such as“Word Level”and“Adversarial Prefix”,were particularly difficult to detect,as indicated by their low recall and F1-scores.These findings suggest that more subtle manipulations can evade detection mechanisms.In contrast,attacks like“Sentence Level”and“Adversarial Insertion”were easier to identify,due to the model’s effectiveness in recognizing inserted content.Natural Language Processing(NLP)techniques played a critical role by enabling the extraction of semantic and syntactic features from both prompts and their corresponding responses.These insights highlight the importance of combining traditional and deep learning approaches,along with advanced NLP techniques,to build more reliable adversarial prompt detection systems for LLMs.
