Topology-Aware Network Pruning using Multi-stage Graph Embedding and Reinforcement Learning
notes of Topology-Aware Network Pruning using Multi-stage Graph Embedding and Reinforcement Learning.
Problem Statement
(big background)Model compression is an essential technique for depolying model on power and memory-constrained resources. (problem statement)Existing method often rely on human expertise and focus on parameters’ local importance, ignoring the rich topology information within DNNs.
Main Idea
In this paper, author propose a novel multi-stage graph embedding technique based on gr ...
centos volume management
12345678910111213141516lsblk vgextend centos /dev/sdbvgremove datavgextend centos /dev/sdbvgextend centos /dev/sdclsblklvcreate -l +100%FREE -n home centoslsblk mkfs.ext4 /dev/centos/home rm -rf /mnt/tmp/mkdir /mnt/tmpmount /dev/centos/home /mnt/tmp/cp -aR /home/ /mnt/tmp/umount /dev/centos/homevim /etc/fstab mount -a
OpenBackdoor: A Unified Evaluation of Textual Backdoor Learning: Frameworks and Benchmarks
Reading notes about OpenBackdoor.
Abstract
This paper focus on textual backdoor attacks, which highlights two issues in privious backdoor learning evaluations:
real-wolrd scenarios differs
evaluation ignore that poisoned samples’ stealthy and semantic-preserving
Contribution:
categorize existing scenarios
new stealthy and semantic-preserving metrics
BACKDOORBOX: A PYTHON TOOLBOX FOR BACKDOOR LEARNIN
Contribution analysis of BackdoorBox.
Main contribution
GOAL: To facilitate the research and development of more secure training schemes and defenses.
There are four main characteristic of the BackdoorBox.
Toolbox characteristics
Consistency: reimplement all methods in a unified manner.
Simplicity: provide code example explain how to use them, and with necessary code comments.
Flexibility: gain main components easily, such as poisoned dataset, implemented attaks and defenses.
Co-development: o ...
BackdoorBench: A Comprehensive Benchmark of Backdoor Learning
Contribution analysis of BackdoorBench.
Main contribution
GOAL: Aim to alleviate the dilemma - evaluations of new methods are often unthorough to verify their claims and accurate performance.
Open-sourced toolbox.
8000 comprehensive evaluations.
Thorough analysis and new findings.
Comprehensive evaluations
The paper provide evaluations of all pairs of 8 attacks against 9 defense methods, with 5 poisoning ratios, based on 4 datasets and 5 models, up to 8,000 pairs of evaluations in total.
Com ...
TrojanZoo: Towards Unified, Holistic, and Practical Evaluation of Neural Backdoors
Contribution analysis of TrojanZoo.
Summary in a word
Aim to bridge the gap the current situation: the lack of evaluation on exsiting attacks and defenses.
The first open-source platform for evaluating neural backdoor attacks/defenses in a unified, holistic, and practical manner.
Main contribution
Open-source framework, includes attacks, defenses and plenty of evaluation metrics.
Systematic study on existing attaks/defenses, and unveiling their complex design spectrum.
Further explored existi ...
Adversarial Robustness Toolbox
Contribution analysis of adverarial robustness toolbox.
Summary in a word
Adversarial Robustness Toolbox (ART) is Python library providing tools to build and deploy defences and test defences with adversarial attack.
It includes state-of-the-art attacks, defences, evaluation metrics and other useful tools.
The architecture of ART:
Conclusion
It’s a tool framework with attacks, defences and evaluation integrated.
Spectral Signatures in Backdoor Attacks
Spectral Signatures in Backdoor Attacks abstract。
Summary
本文的贡献是证明了后门攻击的一个新的属性:频谱特征(spectral signature),具体来说,后门攻击会在频谱特征上留下可以被检测到的特征,通过该特征可以识别和过滤误标签输入。
还提供了一些关于后门相关的理解,为什么我们期望过参数化的神经网络会自然地嵌入后门,为什么这通常会导致后门攻击在频谱上留下特征。
嵌入表示的频谱特征
我们频谱特征的概念来自于最近鲁棒性统计相关工具的启发。当给定标签的训练集中包含后门样本时,该标签的训练样本由两个子集组成。其中:
大部分是干净的数据
小部分是误标签的后门样本
鲁棒性统计攻击表明,如果两个子集的均值相对于总体的方差充分分离,则可以奇异值分解来检测和删除损坏的数据点。
一个简单的尝试是直接在数据输入向量上应用该工具,但是如下图所示,数据集中的高方差意味着总体没有足够分离,无法使这些方法发挥作用。
但同时,上图也显示,在表示特征层级,数据集中两个子集确实分离了。直观来说,分类器的任何特征表示都倾向于增强后门信号,因为后门本身 ...
HOW POWERFUL ARE GRAPH NEURAL NETWORKS?
HOW POWERFUL ARE GRAPH NEURAL NETWORKS? abstract。
Summary
GNN 作为一种有效的图表示学习框架近年来越来越受到人们的重视,通常来说,GNN 通过在相邻节点间迭代传播和聚合特征。许多 GNN 的变体也获得了 sota 结果,不论是在节点分类任务还是图分类任务中。
但是,尽管 GNNs 革命化地改变了图表示学习领域,但是对齐表示特征和局限性的理解仍然很有限。
因此,我们提出了一种理论框架,来分析 GNNs 学习不同图结构的能力。
主要的贡献如下:
展示了 GNNs 在区分图结构方面极限性能是能够与 WL test 媲美的(GNNs are at most as powerful the WL test)
测试并获得了 GNN 性能接近 WL test 时,GNN 在 邻居节点聚合 和 图读出 操作函数的条件
发现流行的 GNN 变体,如 GCN/GraphSAGE 等,不能够区分简单的图结构,并且精确地总结了他们能够区分的图结构
提出了一种简单的神经网络结构,图同构网络(Graph Isomorphism Network, GI ...
Detecting Poisoning Attacks on Machine Learning in IoT Environments
Detecting Poisoning Attacks on Machine Learning in IoT Environments abstract。
Architecture
具体贡献有:
一个新型算法检测和过滤污染数据
两个基于溯源信息的变体防御:部分可信和完全不可信
evaluation
部分可信的防御方法 Defences for Partially Trusted Data
具体输入如下:
一个有监督机器学习算法
为了训练机器学习算法采集的数据集,包含可信和不可信两部分
一个安全可信的溯源数据集,描述不可信部分中每个数据点的溯源和沿袭的源数据组成
溯源特征,表征污染数据如何聚集在数据集的不可信部分中
给定以上输入后,具体方法如上图所示。
全部不可信的防御方法 Defences for Fully Untrusted Data
存在一些场景下无法确认数据是否可信,为了将本方法应用到非可信数据集上,提出以下步骤:
根据选择的溯源特征分段
对于每个段,随机将一部分数据分配给训练集,将其余数据分配给评估集。
对于每个所选特征中的签名:
训练两个模型,一个包含所有训 ...