odymit's blog

notes of Topology-Aware Network Pruning using Multi-stage Graph Embedding and Reinforcement Learning. Problem Statement (big background)Model compression is an essential technique for depolying model on power and memory-constrained resources. (problem statement)Existing method often rely on human expertise and focus on parameters’ local importance, ignoring the rich topology information within DNNs. Main Idea In this paper, author propose a novel multi-stage graph embedding technique based on gr ...

12345678910111213141516lsblk vgextend centos /dev/sdbvgremove datavgextend centos /dev/sdbvgextend centos /dev/sdclsblklvcreate -l +100%FREE -n home centoslsblk mkfs.ext4 /dev/centos/home rm -rf /mnt/tmp/mkdir /mnt/tmpmount /dev/centos/home /mnt/tmp/cp -aR /home/ /mnt/tmp/umount /dev/centos/homevim /etc/fstab mount -a

Reading notes about OpenBackdoor. Abstract This paper focus on textual backdoor attacks, which highlights two issues in privious backdoor learning evaluations: real-wolrd scenarios differs evaluation ignore that poisoned samples’ stealthy and semantic-preserving Contribution: categorize existing scenarios new stealthy and semantic-preserving metrics

Contribution analysis of BackdoorBox. Main contribution GOAL: To facilitate the research and development of more secure training schemes and defenses. There are four main characteristic of the BackdoorBox. Toolbox characteristics Consistency: reimplement all methods in a unified manner. Simplicity: provide code example explain how to use them, and with necessary code comments. Flexibility: gain main components easily, such as poisoned dataset, implemented attaks and defenses. Co-development: o ...

Contribution analysis of BackdoorBench. Main contribution GOAL: Aim to alleviate the dilemma - evaluations of new methods are often unthorough to verify their claims and accurate performance. Open-sourced toolbox. 8000 comprehensive evaluations. Thorough analysis and new findings. Comprehensive evaluations The paper provide evaluations of all pairs of 8 attacks against 9 defense methods, with 5 poisoning ratios, based on 4 datasets and 5 models, up to 8,000 pairs of evaluations in total. Com ...

Contribution analysis of TrojanZoo. Summary in a word Aim to bridge the gap the current situation: the lack of evaluation on exsiting attacks and defenses. The first open-source platform for evaluating neural backdoor attacks/defenses in a unified, holistic, and practical manner. Main contribution Open-source framework, includes attacks, defenses and plenty of evaluation metrics. Systematic study on existing attaks/defenses, and unveiling their complex design spectrum. Further explored existi ...

Contribution analysis of adverarial robustness toolbox. Summary in a word Adversarial Robustness Toolbox (ART) is Python library providing tools to build and deploy defences and test defences with adversarial attack. It includes state-of-the-art attacks, defences, evaluation metrics and other useful tools. The architecture of ART: Conclusion It’s a tool framework with attacks, defences and evaluation integrated.

Spectral Signatures in Backdoor Attacks abstract。 Summary 本文的贡献是证明了后门攻击的一个新的属性：频谱特征（spectral signature），具体来说，后门攻击会在频谱特征上留下可以被检测到的特征，通过该特征可以识别和过滤误标签输入。 还提供了一些关于后门相关的理解，为什么我们期望过参数化的神经网络会自然地嵌入后门，为什么这通常会导致后门攻击在频谱上留下特征。 嵌入表示的频谱特征 我们频谱特征的概念来自于最近鲁棒性统计相关工具的启发。当给定标签的训练集中包含后门样本时，该标签的训练样本由两个子集组成。其中： 大部分是干净的数据 小部分是误标签的后门样本 鲁棒性统计攻击表明，如果两个子集的均值相对于总体的方差充分分离，则可以奇异值分解来检测和删除损坏的数据点。 一个简单的尝试是直接在数据输入向量上应用该工具，但是如下图所示，数据集中的高方差意味着总体没有足够分离，无法使这些方法发挥作用。 但同时，上图也显示，在表示特征层级，数据集中两个子集确实分离了。直观来说，分类器的任何特征表示都倾向于增强后门信号，因为后门本身 ...

HOW POWERFUL ARE GRAPH NEURAL NETWORKS? abstract。 Summary GNN 作为一种有效的图表示学习框架近年来越来越受到人们的重视，通常来说，GNN 通过在相邻节点间迭代传播和聚合特征。许多 GNN 的变体也获得了 sota 结果，不论是在节点分类任务还是图分类任务中。 但是，尽管 GNNs 革命化地改变了图表示学习领域，但是对齐表示特征和局限性的理解仍然很有限。 因此，我们提出了一种理论框架，来分析 GNNs 学习不同图结构的能力。 主要的贡献如下： 展示了 GNNs 在区分图结构方面极限性能是能够与 WL test 媲美的（GNNs are at most as powerful the WL test） 测试并获得了 GNN 性能接近 WL test 时，GNN 在 邻居节点聚合 和 图读出 操作函数的条件 发现流行的 GNN 变体，如 GCN/GraphSAGE 等，不能够区分简单的图结构，并且精确地总结了他们能够区分的图结构 提出了一种简单的神经网络结构，图同构网络（Graph Isomorphism Network, GI ...

Detecting Poisoning Attacks on Machine Learning in IoT Environments abstract。 Architecture 具体贡献有： 一个新型算法检测和过滤污染数据 两个基于溯源信息的变体防御：部分可信和完全不可信 evaluation 部分可信的防御方法 Defences for Partially Trusted Data 具体输入如下： 一个有监督机器学习算法 为了训练机器学习算法采集的数据集，包含可信和不可信两部分 一个安全可信的溯源数据集，描述不可信部分中每个数据点的溯源和沿袭的源数据组成 溯源特征，表征污染数据如何聚集在数据集的不可信部分中 给定以上输入后，具体方法如上图所示。 全部不可信的防御方法 Defences for Fully Untrusted Data 存在一些场景下无法确认数据是否可信，为了将本方法应用到非可信数据集上，提出以下步骤： 根据选择的溯源特征分段 对于每个段，随机将一部分数据分配给训练集，将其余数据分配给评估集。 对于每个所选特征中的签名： 训练两个模型，一个包含所有训 ...