-
Can't say cant? Measuring and Reasoning of Dark Jargons in Large Language Models
Authors:
Xu Ji,
Jianyi Zhang,
Ziyin Zhou,
Zhangchi Zhao,
Qianqian Qiao,
Kaiying Han,
Md Imran Hossen,
Xiali Hei
Abstract:
Ensuring the resilience of Large Language Models (LLMs) against malicious exploitation is paramount, with recent focus on mitigating offensive responses. Yet, the understanding of cant or dark jargon remains unexplored. This paper introduces a domain-specific Cant dataset and CantCounter evaluation framework, employing Fine-Tuning, Co-Tuning, Data-Diffusion, and Data-Analysis stages. Experiments r…
▽ More
Ensuring the resilience of Large Language Models (LLMs) against malicious exploitation is paramount, with recent focus on mitigating offensive responses. Yet, the understanding of cant or dark jargon remains unexplored. This paper introduces a domain-specific Cant dataset and CantCounter evaluation framework, employing Fine-Tuning, Co-Tuning, Data-Diffusion, and Data-Analysis stages. Experiments reveal LLMs, including ChatGPT, are susceptible to cant bypassing filters, with varying recognition accuracy influenced by question types, setups, and prompt clues. Updated models exhibit higher acceptance rates for cant queries. Moreover, LLM reactions differ across domains, e.g., reluctance to engage in racism versus LGBT topics. These findings underscore LLMs' understanding of cant and reflect training data characteristics and vendor approaches to sensitive topics. Additionally, we assess LLMs' ability to demonstrate reasoning capabilities. Access to our datasets and code is available at https://github.com/cistineup/CantCounter.
△ Less
Submitted 25 April, 2024;
originally announced May 2024.
-
Assessing Cybersecurity Vulnerabilities in Code Large Language Models
Authors:
Md Imran Hossen,
Jianyi Zhang,
Yinzhi Cao,
Xiali Hei
Abstract:
Instruction-tuned Code Large Language Models (Code LLMs) are increasingly utilized as AI coding assistants and integrated into various applications. However, the cybersecurity vulnerabilities and implications arising from the widespread integration of these models are not yet fully understood due to limited research in this domain. To bridge this gap, this paper presents EvilInstructCoder, a frame…
▽ More
Instruction-tuned Code Large Language Models (Code LLMs) are increasingly utilized as AI coding assistants and integrated into various applications. However, the cybersecurity vulnerabilities and implications arising from the widespread integration of these models are not yet fully understood due to limited research in this domain. To bridge this gap, this paper presents EvilInstructCoder, a framework specifically designed to assess the cybersecurity vulnerabilities of instruction-tuned Code LLMs to adversarial attacks. EvilInstructCoder introduces the Adversarial Code Injection Engine to automatically generate malicious code snippets and inject them into benign code to poison instruction tuning datasets. It incorporates practical threat models to reflect real-world adversaries with varying capabilities and evaluates the exploitability of instruction-tuned Code LLMs under these diverse adversarial attack scenarios. Through the use of EvilInstructCoder, we conduct a comprehensive investigation into the exploitability of instruction tuning for coding tasks using three state-of-the-art Code LLM models: CodeLlama, DeepSeek-Coder, and StarCoder2, under various adversarial attack scenarios. Our experimental results reveal a significant vulnerability in these models, demonstrating that adversaries can manipulate the models to generate malicious payloads within benign code contexts in response to natural language instructions. For instance, under the backdoor attack setting, by poisoning only 81 samples (0.5\% of the entire instruction dataset), we achieve Attack Success Rate at 1 (ASR@1) scores ranging from 76\% to 86\% for different model families. Our study sheds light on the critical cybersecurity vulnerabilities posed by instruction-tuned Code LLMs and emphasizes the urgent necessity for robust defense mechanisms to mitigate the identified vulnerabilities.
△ Less
Submitted 29 April, 2024;
originally announced April 2024.
-
Skyrmion-mechanical hybrid quantum systems: Manipulation of skyrmion qubits via phonons
Authors:
Xue-Feng Pan,
Xin-Lei Hei,
Xiao-Yu Yao,
Jia-Qiang Chen,
Yu-Meng Ren,
Xing-Liang Dong,
Yi-Fan Qiao,
Peng-Bo Li
Abstract:
Skyrmion qubits are a new highly promising logic element for quantum information processing. However, their scalability to multiple interacting qubits remains challenging. We propose a hybrid quantum setup with skyrmion qubits strongly coupled to nanomechanical cantilevers via magnetic coupling, which harnesses phonons as quantum interfaces for the manipulation of distant skyrmion qubits. A linear…
▽ More
Skyrmion qubits are a new highly promising logic element for quantum information processing. However, their scalability to multiple interacting qubits remains challenging. We propose a hybrid quantum setup with skyrmion qubits strongly coupled to nanomechanical cantilevers via magnetic coupling, which harnesses phonons as quantum interfaces for the manipulation of distant skyrmion qubits. A linear drive is utilized to achieve the modulation of the stiffness coefficient of the cantilever, resulting in an exponential enhancement of the coupling strength between the skyrmion qubit and the mechanical mode. We also consider the case of a topological resonator array, which allows us to study interactions between skyrmion qubits and topological phonon band structure, as well as chiral skyrmion-skyrmion interactions. The scheme suggested here offers a fascinating platform for investigating quantum information processing and quantum simulation with magnetic microstructures.
△ Less
Submitted 14 April, 2024;
originally announced April 2024.
-
Magnon-Skyrmion Hybrid Quantum Systems: Tailoring Interactions via Magnons
Authors:
Xue-Feng Pan,
Peng-Bo Li,
Xin-Lei Hei,
Xichao Zhang,
Masahito Mochizuki,
Fu-Li Li,
Franco Nori
Abstract:
Coherent and dissipative interactions between different quantum systems are essential for the construction of hybrid quantum systems and the investigation of novel quantum phenomena. Here, we propose and analyze a magnon-skyrmion hybrid quantum system, consisting of a micromagnet and nearby magnetic skyrmions. We predict a strong coupling mechanism between the magnonic mode of the micromagnet and…
▽ More
Coherent and dissipative interactions between different quantum systems are essential for the construction of hybrid quantum systems and the investigation of novel quantum phenomena. Here, we propose and analyze a magnon-skyrmion hybrid quantum system, consisting of a micromagnet and nearby magnetic skyrmions. We predict a strong coupling mechanism between the magnonic mode of the micromagnet and the quantized helicity degree of freedom of the skyrmion. We show that with this hybrid setup it is possible to induce magnon-mediated nonreciprocal interactions and responses between distant skyrmion qubits or between skyrmion qubits and other quantum systems like superconducting qubits. This work provides a quantum platform for the investigation of diverse quantum effects and quantum information processing with magnetic microstructures.
△ Less
Submitted 14 April, 2024;
originally announced April 2024.
-
Facebook Report on Privacy of fNIRS data
Authors:
Md Imran Hossen,
Sai Venkatesh Chilukoti,
Liqun Shan,
Vijay Srinivas Tida,
Xiali Hei
Abstract:
The primary goal of this project is to develop privacy-preserving machine learning model training techniques for fNIRS data. This project will build a local model in a centralized setting with both differential privacy (DP) and certified robustness. It will also explore collaborative federated learning to train a shared model between multiple clients without sharing local fNIRS datasets. To preven…
▽ More
The primary goal of this project is to develop privacy-preserving machine learning model training techniques for fNIRS data. This project will build a local model in a centralized setting with both differential privacy (DP) and certified robustness. It will also explore collaborative federated learning to train a shared model between multiple clients without sharing local fNIRS datasets. To prevent unintentional private information leakage of such clients' private datasets, we will also implement DP in the federated learning setting.
△ Less
Submitted 1 January, 2024;
originally announced January 2024.
-
Auto DP-SGD: Dual Improvements of Privacy and Accuracy via Automatic Clip** Threshold and Noise Multiplier Estimation
Authors:
Sai Venkatesh Chilukoti,
Md Imran Hossen,
Liqun Shan,
Vijay Srinivas Tida,
Xiai Hei
Abstract:
DP-SGD has emerged as a popular method to protect personally identifiable information in deep learning applications. Unfortunately, DP-SGD's per-sample gradient clip** and uniform noise addition during training can significantly degrade model utility. To enhance the model's utility, researchers proposed various adaptive DP-SGD methods. However, we examine and discover that these techniques resul…
▽ More
DP-SGD has emerged as a popular method to protect personally identifiable information in deep learning applications. Unfortunately, DP-SGD's per-sample gradient clip** and uniform noise addition during training can significantly degrade model utility. To enhance the model's utility, researchers proposed various adaptive DP-SGD methods. However, we examine and discover that these techniques result in greater privacy leakage or lower accuracy than the traditional DP-SGD method, or a lack of evaluation on a complex data set such as CIFAR100. To address these limitations, we propose an Auto DP-SGD. Our method automates clip** threshold estimation based on the DL model's gradient norm and scales the gradients of each training sample without losing gradient information. This helps to improve the algorithm's utility while using a less privacy budget. To further improve accuracy, we introduce automatic noise multiplier decay mechanisms to decrease the noise multiplier after every epoch. Finally, we develop closed-form mathematical expressions using tCDP accountant for automatic noise multiplier and automatic clip** threshold estimation. Through extensive experimentation, we demonstrate that Auto DP-SGD outperforms existing SOTA DP-SGD methods in privacy and accuracy on various benchmark datasets. We also show that privacy can be improved by lowering the scale factor and using learning rate schedulers without significantly reducing accuracy. Specifically, Auto DP-SGD, when used with a step noise multiplier, improves accuracy by 3.20, 1.57, 6.73, and 1.42 for the MNIST, CIFAR10, CIFAR100, and AG News Corpus datasets, respectively. Furthermore, it obtains a substantial reduction in the privacy budget of 94.9, 79.16, 67.36, and 53.37 for the corresponding data sets.
△ Less
Submitted 4 December, 2023;
originally announced December 2023.
-
Ethical Considerations and Policy Implications for Large Language Models: Guiding Responsible Development and Deployment
Authors:
Jianyi Zhang,
Xu Ji,
Zhangchi Zhao,
Xiali Hei,
Kim-Kwang Raymond Choo
Abstract:
This paper examines the ethical considerations and implications of large language models (LLMs) in generating content. It highlights the potential for both positive and negative uses of generative AI programs and explores the challenges in assigning responsibility for their outputs. The discussion emphasizes the need for proactive ethical frameworks and policy measures to guide the responsible dev…
▽ More
This paper examines the ethical considerations and implications of large language models (LLMs) in generating content. It highlights the potential for both positive and negative uses of generative AI programs and explores the challenges in assigning responsibility for their outputs. The discussion emphasizes the need for proactive ethical frameworks and policy measures to guide the responsible development and deployment of LLMs.
△ Less
Submitted 1 August, 2023;
originally announced August 2023.
-
Hybrid quantum system with strong magnetic coupling of a magnetic vortex to a nanomechanical resonator
Authors:
Bo-Long Wang,
Xin-Lei Hei,
Xing-Liang Dong,
Xiao-Yu Yao,
Jia-Qiang Chen,
Yi-Fan Qiao,
Fu-Li Li,
Peng-Bo Li
Abstract:
We present a hybrid quantum system composed of a magnetic vortex and a nanomechanical resonator. We show that the gyrotropic mode of the vortex can coherently couple to the quantized mechanical motion of the resonator through magnetic interaction. Benefiting from the topologically protected properties and the low dam** of vortices, as well as the excellent coherent features of nanomechanical res…
▽ More
We present a hybrid quantum system composed of a magnetic vortex and a nanomechanical resonator. We show that the gyrotropic mode of the vortex can coherently couple to the quantized mechanical motion of the resonator through magnetic interaction. Benefiting from the topologically protected properties and the low dam** of vortices, as well as the excellent coherent features of nanomechanical resonators, the proposed system can achieve strong coupling and even the ultrastrong coupling regime by choosing appropriate parameters. In combination with other quantum systems, such as a nitrogen-vacancy (NV) center, coherent state transfer between the vortex excitation and the spin can be realized. This setup provides a potential platform for quantum information processing and investigations into the ultrastrong coupling regimes and macroscopic quantum physics.
△ Less
Submitted 25 January, 2023;
originally announced January 2023.
-
Enhanced tripartite interactions in spin-magnon-mechanical hybrid systems
Authors:
Xin-Lei Hei,
Peng-Bo Li,
Xue-Feng Pan,
Franco Nori
Abstract:
Coherent tripartite interactions among degrees of freedom of completely different nature are instrumental for quantum information and simulation technologies, but they are generally difficult to realize and remain largely unexplored. Here, we predict a tripartite coupling mechanism in a hybrid setup comprising a single NV center and a micromagnet. We propose to realize direct and strong tripartite…
▽ More
Coherent tripartite interactions among degrees of freedom of completely different nature are instrumental for quantum information and simulation technologies, but they are generally difficult to realize and remain largely unexplored. Here, we predict a tripartite coupling mechanism in a hybrid setup comprising a single NV center and a micromagnet. We propose to realize direct and strong tripartite interactions among single NV spins, magnons and phonons via modulating the relative motion between the NV center and the micromagnet. Specifically, by introducing a parametric drive (two-phonon drive) to modulate the mechanical motion (such as the center-of-mass motion of a NV spin in diamond trapped in an electrical trap or a levitated micromagnet in a magnetic trap), we can obtain a tunable and strong spin-magnon-phonon coupling at the single quantum level, with up to two orders of magnitude enhancement for the tripartite coupling strength. This enables, for example, tripartite entanglement among solid-state spins, magnons, and mechanical motions in quantum spin-magnonics-mechanics with realistic experimental parameters. This protocol can be readily implemented with the well-developed techniques in ion traps or magnetic traps, and could pave the way for general applications in quantum simulations and information processing based on directly and strongly coupled tripartite systems.
△ Less
Submitted 25 January, 2023;
originally announced January 2023.
-
XMAM:X-raying Models with A Matrix to Reveal Backdoor Attacks for Federated Learning
Authors:
Jianyi Zhang,
Fangjiao Zhang,
Qichao **,
Zhiqiang Wang,
Xiaodong Lin,
Xiali Hei
Abstract:
Federated Learning (FL) has received increasing attention due to its privacy protection capability. However, the base algorithm FedAvg is vulnerable when it suffers from so-called backdoor attacks. Former researchers proposed several robust aggregation methods. Unfortunately, many of these aggregation methods are unable to defend against backdoor attacks. What's more, the attackers recently have p…
▽ More
Federated Learning (FL) has received increasing attention due to its privacy protection capability. However, the base algorithm FedAvg is vulnerable when it suffers from so-called backdoor attacks. Former researchers proposed several robust aggregation methods. Unfortunately, many of these aggregation methods are unable to defend against backdoor attacks. What's more, the attackers recently have proposed some hiding methods that further improve backdoor attacks' stealthiness, making all the existing robust aggregation methods fail.
To tackle the threat of backdoor attacks, we propose a new aggregation method, X-raying Models with A Matrix (XMAM), to reveal the malicious local model updates submitted by the backdoor attackers. Since we observe that the output of the Softmax layer exhibits distinguishable patterns between malicious and benign updates, we focus on the Softmax layer's output in which the backdoor attackers are difficult to hide their malicious behavior. Specifically, like X-ray examinations, we investigate the local model updates by using a matrix as an input to get their Softmax layer's outputs. Then, we preclude updates whose outputs are abnormal by clustering. Without any training dataset in the server, the extensive evaluations show that our XMAM can effectively distinguish malicious local model updates from benign ones. For instance, when other methods fail to defend against the backdoor attacks at no more than 20% malicious clients, our method can tolerate 45% malicious clients in the black-box mode and about 30% in Projected Gradient Descent (PGD) mode. Besides, under adaptive attacks, the results demonstrate that XMAM can still complete the global model training task even when there are 40% malicious clients. Finally, we analyze our method's screening complexity, and the results show that XMAM is about 10-10000 times faster than the existing methods.
△ Less
Submitted 27 December, 2022;
originally announced December 2022.
-
Enhanced spin-mechanical interaction with levitated micromagnets
Authors:
Xue-Feng Pan,
Xin-Lei Hei,
Xing-Liang Dong,
Jia-Qiang Chen,
Cai-Peng Shen,
Hamad Ali,
Peng-Bo Li
Abstract:
Spin-mechanical hybrid systems have been widely used in quantum information processing. However, the spin-mechanical interaction is generally weak, making it a critical challenge to enhance the spin-mechanical interaction into the strong coupling or even ultra-strong coupling regime. Here, we propose a protocol that can significantly enhance the spin-mechanical coupling strength with a diamond spi…
▽ More
Spin-mechanical hybrid systems have been widely used in quantum information processing. However, the spin-mechanical interaction is generally weak, making it a critical challenge to enhance the spin-mechanical interaction into the strong coupling or even ultra-strong coupling regime. Here, we propose a protocol that can significantly enhance the spin-mechanical coupling strength with a diamond spin vacancy and a levitated micromagnet. A driving electrical current is used to modulate the mechanical motion of the levitated micromagnet, which induces a two-phonon drive and can exponentially enhance the spin-phonon and phonon-medicated spin-spin coupling strengths. Furthermore, a high fidelity Schrodinger cat state and an unconventional 2-qubit geometric phase gate with high fidelity and faster gate speed can be achieved using this hybrid system. This protocol provides a promising platform for quantum information processing with NV spins coupled to levitated micromagnets.
△ Less
Submitted 12 October, 2022; v1 submitted 10 October, 2022;
originally announced October 2022.
-
Privacy-Preserving Deep Learning Model for Covid-19 Disease Detection
Authors:
Vijay Srinivas Tida Sai Venkatesh Chilukoti,
Sonya Hsu,
Xiali Hei
Abstract:
Recent studies demonstrated that X-ray radiography showed higher accuracy than Polymerase Chain Reaction (PCR) testing for COVID-19 detection. Therefore, applying deep learning models to X-rays and radiography images increases the speed and accuracy of determining COVID-19 cases. However, due to Health Insurance Portability and Accountability (HIPAA) compliance, the hospitals were unwilling to sha…
▽ More
Recent studies demonstrated that X-ray radiography showed higher accuracy than Polymerase Chain Reaction (PCR) testing for COVID-19 detection. Therefore, applying deep learning models to X-rays and radiography images increases the speed and accuracy of determining COVID-19 cases. However, due to Health Insurance Portability and Accountability (HIPAA) compliance, the hospitals were unwilling to share patient data due to privacy concerns. To maintain privacy, we propose differential private deep learning models to secure the patients' private information. The dataset from the Kaggle website is used to evaluate the designed model for COVID-19 detection. The EfficientNet model version was selected according to its highest test accuracy. The injection of differential privacy constraints into the best-obtained model was made to evaluate performance. The accuracy is noted by varying the trainable layers, privacy loss, and limiting information from each sample. We obtained 84\% accuracy with a privacy loss of 10 during the fine-tuning process.
△ Less
Submitted 9 October, 2022; v1 submitted 7 September, 2022;
originally announced September 2022.
-
Kernel-Segregated Transpose Convolution Operation
Authors:
Vijay Srinivas Tida,
Sai Venkatesh Chilukoti,
Xiali Hei,
Sonya Hsu
Abstract:
Transpose convolution has shown prominence in many deep learning applications. However, transpose convolution layers are computationally intensive due to the increased feature map size due to adding zeros after each element in each row and column. Thus, convolution operation on the expanded input feature map leads to poor utilization of hardware resources. The main reason for unnecessary multiplic…
▽ More
Transpose convolution has shown prominence in many deep learning applications. However, transpose convolution layers are computationally intensive due to the increased feature map size due to adding zeros after each element in each row and column. Thus, convolution operation on the expanded input feature map leads to poor utilization of hardware resources. The main reason for unnecessary multiplication operations is zeros at predefined positions in the input feature map. We propose an algorithmic-level optimization technique for the effective transpose convolution implementation to solve these problems. Based on kernel activations, we segregated the original kernel into four sub-kernels. This scheme could reduce memory requirements and unnecessary multiplications. Our proposed method was $3.09 (3.02) \times$ faster computation using the Titan X GPU (Intel Dual Core CPU) with a flower dataset from the Kaggle website. Furthermore, the proposed optimization method can be generalized to existing devices without additional hardware requirements. A simple deep learning model containing one transpose convolution layer was used to evaluate the optimization method. It showed $2.2 \times$ faster training using the MNIST dataset with an Intel Dual-core CPU than the conventional implementation.
△ Less
Submitted 12 October, 2022; v1 submitted 8 September, 2022;
originally announced September 2022.
-
Towards Adversarial Control Loops in Sensor Attacks: A Case Study to Control the Kinematics and Actuation of Embedded Systems
Authors:
Yazhou Tu,
Sara Rampazzi,
Xiali Hei
Abstract:
Recent works investigated attacks on sensors by influencing analog sensor components with acoustic, light, and electromagnetic signals. Such attacks can have extensive security, reliability, and safety implications since many types of the targeted sensors are also widely used in critical process control, robotics, automation, and industrial control systems. While existing works advanced our unders…
▽ More
Recent works investigated attacks on sensors by influencing analog sensor components with acoustic, light, and electromagnetic signals. Such attacks can have extensive security, reliability, and safety implications since many types of the targeted sensors are also widely used in critical process control, robotics, automation, and industrial control systems. While existing works advanced our understanding of the physical-level risks that are hidden from a digital-domain perspective, gaps exist in how the attack can be guided to achieve system-level control in real-time, continuous processes. This paper proposes an adversarial control loop-based approach for real-time attacks on control systems relying on sensors. We study how to utilize the system feedback extracted from physical-domain signals to guide the attacks. In the attack process, injection signals are adjusted in real time based on the extracted feedback to exert targeted influence on a victim control system that is continuously affected by the injected perturbations and applying changes to the physical environment. In our case study, we investigate how an external adversarial control system can be constructed over sensor-actuator systems and demonstrate the attacks with program-controlled processes to manipulate the victim system without accessing its internal statuses.
△ Less
Submitted 15 March, 2022;
originally announced March 2022.
-
aaeCAPTCHA: The Design and Implementation of Audio Adversarial CAPTCHA
Authors:
Md Imran Hossen,
Xiali Hei
Abstract:
CAPTCHAs are designed to prevent malicious bot programs from abusing websites. Most online service providers deploy audio CAPTCHAs as an alternative to text and image CAPTCHAs for visually impaired users. However, prior research investigating the security of audio CAPTCHAs found them highly vulnerable to automated attacks using Automatic Speech Recognition (ASR) systems. To improve the robustness…
▽ More
CAPTCHAs are designed to prevent malicious bot programs from abusing websites. Most online service providers deploy audio CAPTCHAs as an alternative to text and image CAPTCHAs for visually impaired users. However, prior research investigating the security of audio CAPTCHAs found them highly vulnerable to automated attacks using Automatic Speech Recognition (ASR) systems. To improve the robustness of audio CAPTCHAs against automated abuses, we present the design and implementation of an audio adversarial CAPTCHA (aaeCAPTCHA) system in this paper. The aaeCAPTCHA system exploits audio adversarial examples as CAPTCHAs to prevent the ASR systems from automatically solving them. Furthermore, we conducted a rigorous security evaluation of our new audio CAPTCHA design against five state-of-the-art DNN-based ASR systems and three commercial Speech-to-Text (STT) services. Our experimental evaluations demonstrate that aaeCAPTCHA is highly secure against these speech recognition technologies, even when the attacker has complete knowledge of the current attacks against audio adversarial examples. We also conducted a usability evaluation of the proof-of-concept implementation of the aaeCAPTCHA scheme. Our results show that it achieves high robustness at a moderate usability cost compared to normal audio CAPTCHAs. Finally, our extensive analysis highlights that aaeCAPTCHA can significantly enhance the security and robustness of traditional audio CAPTCHA systems while maintaining similar usability.
△ Less
Submitted 5 March, 2022;
originally announced March 2022.
-
A Unified Training Process for Fake News Detection based on Fine-Tuned BERT Model
Authors:
Vijay Srinivas Tida,
Dr. Sonya Hsu,
Dr. Xiali Hei
Abstract:
An efficient fake news detector becomes essential as the accessibility of social media platforms increases rapidly.
An efficient fake news detector becomes essential as the accessibility of social media platforms increases rapidly.
△ Less
Submitted 6 September, 2022; v1 submitted 3 February, 2022;
originally announced February 2022.
-
Dissipation-assisted preparation of steady spin-squeezed states of SiV centers
Authors:
Jia-Qiang Chen,
Yi-Fan Qiao,
Xing-Liang Dong,
Xin-Lei Hei,
Peng-Bo Li
Abstract:
We propose an efficient scheme for generating spin-squeezed states at steady state in a spin-mechanical hybrid system, where an ensemble of SiV centers are coupled to a strongly damped nanomechanical resonator. We show that,there exists a collective steady state in the system, which is exactly formed by the collective spin states plus the zero excitation state of the mechanical mode. The generatio…
▽ More
We propose an efficient scheme for generating spin-squeezed states at steady state in a spin-mechanical hybrid system, where an ensemble of SiV centers are coupled to a strongly damped nanomechanical resonator. We show that,there exists a collective steady state in the system, which is exactly formed by the collective spin states plus the zero excitation state of the mechanical mode. The generation of the steady spin-squeezed state is based on a dissipative quantum dynamical process in which the mechanical dissipation plays a positive role but without destroying the target state. We demonstrate that the spin-squeezed steady state can be deterministically prepared via dissipative means, with the optimal spin squeezing up to 4/N in the ideal case, where N is the number of spins. This work provides a promising platform for quantum information processing and quantum metrology.
△ Less
Submitted 6 October, 2021;
originally announced October 2021.
-
Collective radiance with NV centers coupled to nonlinear phononic waveguides
Authors:
Jia-Qiang Chen,
Yi-Fan Qiao,
Xing-Liang Dong,
Cai-Peng Shen,
Xin-Lei Hei,
Peng-Bo Li
Abstract:
Collective radiance is a fundamental phenomenon in quantum optics. However, these radiation effects remain largely unexplored in the field of quantum acoustics. In this work, we investigate the supercorrelated radiation effects in a nonlinear phononic waveguide that is coupled with NV centers. When the spin's frequency is below the scattering continuum but within the bound-state band of the phonon…
▽ More
Collective radiance is a fundamental phenomenon in quantum optics. However, these radiation effects remain largely unexplored in the field of quantum acoustics. In this work, we investigate the supercorrelated radiation effects in a nonlinear phononic waveguide that is coupled with NV centers. When the spin's frequency is below the scattering continuum but within the bound-state band of the phonon waveguide, a single NV center dissipates slowly, but two NV centers can exhibit a rapid exponential decay. When multiple NV spins are considered, supercorrelated radiance occurs at a rate N times faster than Dicke superradiance. The peak of the state distribution in supercorrelated radiance jumps directly from $|m=N/2\rangle$ to $|m=-N/2\rangle$, distinguished from the continuous shift of the peak in superradiance. This work provides deeper insight into the collective radiation effect and may find interesting applications in quantum information processing.
△ Less
Submitted 6 October, 2021;
originally announced October 2021.
-
A Low-Cost Attack against the hCaptcha System
Authors:
Md Imran Hossen,
Xiali Hei
Abstract:
CAPTCHAs are a defense mechanism to prevent malicious bot programs from abusing websites on the Internet. hCaptcha is a relatively new but emerging image CAPTCHA service. This paper presents an automated system that can break hCaptcha challenges with a high success rate. We evaluate our system against 270 hCaptcha challenges from live websites and demonstrate that it can solve them with 95.93% acc…
▽ More
CAPTCHAs are a defense mechanism to prevent malicious bot programs from abusing websites on the Internet. hCaptcha is a relatively new but emerging image CAPTCHA service. This paper presents an automated system that can break hCaptcha challenges with a high success rate. We evaluate our system against 270 hCaptcha challenges from live websites and demonstrate that it can solve them with 95.93% accuracy while taking only 18.76 seconds on average to crack a challenge. We run our attack from a docker instance with only 2GB memory (RAM), 3 CPUs, and no GPU devices, demonstrating that it requires minimal resources to launch a successful large-scale attack against the hCaptcha system.
△ Less
Submitted 10 April, 2021;
originally announced April 2021.
-
An Object Detection based Solver for Google's Image reCAPTCHA v2
Authors:
Md Imran Hossen,
Yazhou Tu,
Md Fazle Rabby,
Md Nazmul Islam,
Hui Cao,
Xiali Hei
Abstract:
Previous work showed that reCAPTCHA v2's image challenges could be solved by automated programs armed with Deep Neural Network (DNN) image classifiers and vision APIs provided by off-the-shelf image recognition services. In response to emerging threats, Google has made significant updates to its image reCAPTCHA v2 challenges that can render the prior approaches ineffective to a great extent. In th…
▽ More
Previous work showed that reCAPTCHA v2's image challenges could be solved by automated programs armed with Deep Neural Network (DNN) image classifiers and vision APIs provided by off-the-shelf image recognition services. In response to emerging threats, Google has made significant updates to its image reCAPTCHA v2 challenges that can render the prior approaches ineffective to a great extent. In this paper, we investigate the robustness of the latest version of reCAPTCHA v2 against advanced object detection based solvers. We propose a fully automated object detection based system that breaks the most advanced challenges of reCAPTCHA v2 with an online success rate of 83.25%, the highest success rate to date, and it takes only 19.93 seconds (including network delays) on average to crack a challenge. We also study the updated security features of reCAPTCHA v2, such as anti-recognition mechanisms, improved anti-bot detection techniques, and adjustable security preferences. Our extensive experiments show that while these security features can provide some resistance against automated attacks, adversaries can still bypass most of them. Our experimental findings indicate that the recent advances in object detection technologies pose a severe threat to the security of image captcha designs relying on simple object detection as their underlying AI problem.
△ Less
Submitted 7 April, 2021;
originally announced April 2021.
-
A Survey on Limitation, Security and Privacy Issues on Additive Manufacturing
Authors:
Md Nazmul Islam,
Yazhou Tu,
Md Imran Hossen,
Shengmin Guo,
Xiali Hei
Abstract:
Additive manufacturing (AM) is growing as fast as anyone can imagine, and it is now a multi-billion-dollar industry. AM becomes popular in a variety of sectors, such as automotive, aerospace, biomedical, and pharmaceutical, for producing parts/ components/ subsystems. However, current AM technologies can face vast risks of security issues and privacy loss. For the security of AM process, many rese…
▽ More
Additive manufacturing (AM) is growing as fast as anyone can imagine, and it is now a multi-billion-dollar industry. AM becomes popular in a variety of sectors, such as automotive, aerospace, biomedical, and pharmaceutical, for producing parts/ components/ subsystems. However, current AM technologies can face vast risks of security issues and privacy loss. For the security of AM process, many researchers are working on the defense mechanism to countermeasure such security concerns and finding efficient ways to eliminate those risks. Researchers have also been conducting experiments to establish a secure framework for the user's privacy and security components. This survey consists of four sections. In the first section, we will explore the relevant limitations of additive manufacturing in terms of printing capability, security, and possible solutions. The second section will present different kinds of attacks on AM and their effects. The next part will analyze and discuss the mechanisms and frameworks for access control and authentication for AM devices. The final section examines the security issues in various industrial sectors and provides the observations on the security of the additive manufacturing process.
△ Less
Submitted 10 March, 2021;
originally announced March 2021.
-
Enhancing the spin-photon coupling with a micromagnet
Authors:
Xin-Lei Hei,
Xing-Liang Dong,
Jia-Qiang Chen,
Cai-Peng Shen,
Yi-Fan Qiao,
Peng-Bo Li
Abstract:
Hybrid quantum systems involving solid-state spins and superconducting microwave cavities play a crucial role in quantum science and technology, but improving the spin-photon coupling at the single quantum level remains challenging in such systems. Here, we propose a simple technique to strongly couple a single solid-state spin to the microwave photons in a superconducting coplanar waveguide (CPW)…
▽ More
Hybrid quantum systems involving solid-state spins and superconducting microwave cavities play a crucial role in quantum science and technology, but improving the spin-photon coupling at the single quantum level remains challenging in such systems. Here, we propose a simple technique to strongly couple a single solid-state spin to the microwave photons in a superconducting coplanar waveguide (CPW) cavity via a magnetic microsphere. We show that, strong coupling at the single spin level can be realized by virtual magnonic excitations of a nearby micromagnet. The spin-photon coupling strength can be enhanced up to typically four orders of magnitude larger than that without the use of the micromagnet. This work can find applications in quantum information processing with strongly coupled solid-state spin-photonic systems.
△ Less
Submitted 26 January, 2021;
originally announced January 2021.
-
Stacked LSTM Based Deep Recurrent Neural Network with Kalman Smoothing for Blood Glucose Prediction
Authors:
Md Fazle Rabby,
Yazhou Tu,
Md Imran Hossen,
Insup Le,
Anthony S Maida,
Xiali Hei
Abstract:
Blood glucose (BG) management is crucial for type-1 diabetes patients resulting in the necessity of reliable artificial pancreas or insulin infusion systems. In recent years, deep learning techniques have been utilized for a more accurate BG level prediction system. However, continuous glucose monitoring (CGM) readings are susceptible to sensor errors. As a result, inaccurate CGM readings would af…
▽ More
Blood glucose (BG) management is crucial for type-1 diabetes patients resulting in the necessity of reliable artificial pancreas or insulin infusion systems. In recent years, deep learning techniques have been utilized for a more accurate BG level prediction system. However, continuous glucose monitoring (CGM) readings are susceptible to sensor errors. As a result, inaccurate CGM readings would affect BG prediction and make it unreliable, even if the most optimal machine learning model is used. In this work, we propose a novel approach to predicting blood glucose level with a stacked Long short-term memory (LSTM) based deep recurrent neural network (RNN) model considering sensor fault. We use the Kalman smoothing technique for the correction of the inaccurate CGM readings due to sensor error. For the OhioT1DM dataset, containing eight weeks' data from six different patients, we achieve an average RMSE of 6.45 and 17.24 mg/dl for 30 minutes and 60 minutes of prediction horizon (PH), respectively. To the best of our knowledge, this is the leading average prediction accuracy for the ohioT1DM dataset. Different physiological information, e.g., Kalman smoothed CGM data, carbohydrates from the meal, bolus insulin, and cumulative step counts in a fixed time interval, are crafted to represent meaningful features used as input to the model. The goal of our approach is to lower the difference between the predicted CGM values and the fingerstick blood glucose readings - the ground truth. Our results indicate that the proposed approach is feasible for more reliable BG forecasting that might improve the performance of the artificial pancreas and insulin infusion system for T1D diabetes management.
△ Less
Submitted 17 January, 2021;
originally announced January 2021.
-
Predicting Channel Quality Indicators for 5G Downlink Scheduling in a Deep Learning Approach
Authors:
Hao Yin,
Xiaojun Guo,
Pengyu Liu,
Xiaojun Hei,
Yayu Gao
Abstract:
5G networks provide more bandwidth and more complex control to enhance user's experiences, while also requiring a more accurate estimation of the communication channels compared with previous mobile networks. In this paper, we propose a channel quality indicator (CQI) prediction method in a deep learning approach in that a Long Short-Term Memory (LSTM) algorithm. An online training module is intro…
▽ More
5G networks provide more bandwidth and more complex control to enhance user's experiences, while also requiring a more accurate estimation of the communication channels compared with previous mobile networks. In this paper, we propose a channel quality indicator (CQI) prediction method in a deep learning approach in that a Long Short-Term Memory (LSTM) algorithm. An online training module is introduced for the downlink scheduling in the 5G New Radio (NR) system, to reduce the negative impact of outdated CQI for communication degradation, especially in high-speed mobility scenarios. First, we analyze the impact of outdated CQI in the downlink scheduling of the 5G NR system. Then, we design a data generation and online training module to evaluate our prediction method in ns-3. The simulation results show that the proposed LSTM method outperforms the Feedforward Neural Networks (FNN) method on improving the system performance of the downlink transmission. Our study may provide insights into designing new deep learning algorithms to enhance the network performance of the 5G NR system.
△ Less
Submitted 3 August, 2020;
originally announced August 2020.
-
Flight Delay Prediction using Airport Situational Awareness Map
Authors:
Wei Shao,
Arian Prabowo,
Sichen Zhao,
Siyu Tan,
Piotr Konuiusz,
Jeffrey Chan,
Xinhong Hei,
Bradley Feest,
Flora D. Salim
Abstract:
The prediction of flight delays plays a significantly important role for airlines and travelers because flight delays cause not only tremendous economic loss but also potential security risks. In this work, we aim to integrate multiple data sources to predict the departure delay of a scheduled flight. Different from previous work, we are the first group, to our best knowledge, to take advantage of…
▽ More
The prediction of flight delays plays a significantly important role for airlines and travelers because flight delays cause not only tremendous economic loss but also potential security risks. In this work, we aim to integrate multiple data sources to predict the departure delay of a scheduled flight. Different from previous work, we are the first group, to our best knowledge, to take advantage of airport situational awareness map, which is defined as airport traffic complexity (ATC), and combine the proposed ATC factors with weather conditions and flight information. Features engineering methods and most state-of-the-art machine learning algorithms are applied to a large real-world data sources. We reveal a couple of factors at the airport which has a significant impact on flight departure delay time. The prediction results show that the proposed factors are the main reasons behind the flight delays. Using our proposed framework, an improvement in accuracy for flight departure delay prediction is obtained.
△ Less
Submitted 4 November, 2019;
originally announced November 2019.
-
A game method for improving the interpretability of convolution neural network
Authors:
**wei Zhao,
Qizhou Wang,
Fuqiang Zhang,
Wanli Qiu,
Yufei Wang,
Yu Liu,
Guo Xie,
Weigang Ma,
Bin Wang,
Xinhong Hei
Abstract:
Real artificial intelligence always has been focused on by many machine learning researchers, especially in the area of deep learning. However deep neural network is hard to be understood and explained, and sometimes, even metaphysics. The reason is, we believe that: the network is essentially a perceptual model. Therefore, we believe that in order to complete complex intelligent activities from s…
▽ More
Real artificial intelligence always has been focused on by many machine learning researchers, especially in the area of deep learning. However deep neural network is hard to be understood and explained, and sometimes, even metaphysics. The reason is, we believe that: the network is essentially a perceptual model. Therefore, we believe that in order to complete complex intelligent activities from simple perception, it is necessary to con-struct another interpretable logical network to form accurate and reasonable responses and explanations to external things. Researchers like Bolei Zhou and Quanshi Zhang have found many explanatory rules for deep feature extraction aimed at the feature extraction stage of convolution neural network. However, although researchers like Marco Gori have also made great efforts to improve the interpretability of the fully connected layers of the network, the problem is also very difficult. This paper firstly analyzes its reason. Then a method of constructing logical network based on the fully connected layers and extracting logical relation between input and output of the layers is proposed. The game process between perceptual learning and logical abstract cognitive learning is implemented to improve the interpretable performance of deep learning process and deep learning model. The benefits of our approach are illustrated on benchmark data sets and in real-world experiments.
△ Less
Submitted 20 October, 2019;
originally announced October 2019.
-
Typer vs. CAPTCHA: Private information based CAPTCHA to defend against crowdsourcing human cheating
Authors:
Jianyi Zhang,
Xiali Hei,
Zhiqiang Wang
Abstract:
Crowdsourcing human-solving or online ty** attacks are destructive problems. However, studies into these topics have been limited. In this paper, we focus on this kind of attacks whereby all the CAPTCHAs can be simply broken because of its design purpose. After pursuing a comprehensive analysis of the Typer phenomenon and the attacking mechanism of CAPTCHA, we present a new CAPTCHA design princi…
▽ More
Crowdsourcing human-solving or online ty** attacks are destructive problems. However, studies into these topics have been limited. In this paper, we focus on this kind of attacks whereby all the CAPTCHAs can be simply broken because of its design purpose. After pursuing a comprehensive analysis of the Typer phenomenon and the attacking mechanism of CAPTCHA, we present a new CAPTCHA design principle to distinguish human (Typer) from human (user). The core idea is that the challenge process of the CAPTCHA should contain the unique information with a private attribute. The notion of our idea is based on the information asymmetry between humans. Without this private information, Typers will not be able to finish the attack even if they recognize all the characters from the CAPTCHA.
We formalize, design and implement two examples on our proposed principle, a character-based, and a datagram-based case, according to a web interaction and password handling program. We challenge the user to select the password from the random characters that are not in the password sequence or to place the randomly sorted sequences into the correct order. A novel generation algorithm with a fuzzy matching method has been proposed to add the capability of human error tolerance and the difficulty of random guess attack. Unlike other solutions, our approach does not need to modify the primary authentication protocol, user interface, and experience of the typical web service. The several user studies' results indicate that our proposed method is both simple (can be solved by humans accurately within less than 20 seconds) and efficient (the Typer can only deploy a random guess attack with a very low success rate).
△ Less
Submitted 29 April, 2019;
originally announced April 2019.
-
Trick or Heat? Manipulating Critical Temperature-Based Control Systems Using Rectification Attacks
Authors:
Yazhou Tu,
Sara Rampazzi,
Bin Hao,
Angel Rodriguez,
Kevin Fu,
Xiali Hei
Abstract:
Temperature sensing and control systems are widely used in the closed-loop control of critical processes such as maintaining the thermal stability of patients, or in alarm systems for detecting temperature-related hazards. However, the security of these systems has yet to be completely explored, leaving potential attack surfaces that can be exploited to take control over critical systems.
In thi…
▽ More
Temperature sensing and control systems are widely used in the closed-loop control of critical processes such as maintaining the thermal stability of patients, or in alarm systems for detecting temperature-related hazards. However, the security of these systems has yet to be completely explored, leaving potential attack surfaces that can be exploited to take control over critical systems.
In this paper we investigate the reliability of temperature-based control systems from a security and safety perspective. We show how unexpected consequences and safety risks can be induced by physical-level attacks on analog temperature sensing components. For instance, we demonstrate that an adversary could remotely manipulate the temperature sensor measurements of an infant incubator to cause potential safety issues, without tampering with the victim system or triggering automatic temperature alarms. This attack exploits the unintended rectification effect that can be induced in operational and instrumentation amplifiers to control the sensor output, tricking the internal control loop of the victim system to heat up or cool down. Furthermore, we show how the exploit of this hardware-level vulnerability could affect different classes of analog sensors that share similar signal conditioning processes.
Our experimental results indicate that conventional defenses commonly deployed in these systems are not sufficient to mitigate the threat, so we propose a prototype design of a low-cost anomaly detector for critical applications to ensure the integrity of temperature sensor signals.
△ Less
Submitted 24 September, 2019; v1 submitted 10 April, 2019;
originally announced April 2019.
-
How to improve the interpretability of kernel learning
Authors:
**wei Zhao,
Qizhou Wang,
Yufei Wang,
Yu Liu,
Zhenghao Shi,
Xinhong Hei
Abstract:
In recent years, machine learning researchers have focused on methods to construct flexible and interpretable prediction models. However, an interpretability evaluation, a relationship between generalization performance and an interpretability of the model and a method for improving the interpretability have to be considered. In this paper, a quantitative index of the interpretability is proposed…
▽ More
In recent years, machine learning researchers have focused on methods to construct flexible and interpretable prediction models. However, an interpretability evaluation, a relationship between generalization performance and an interpretability of the model and a method for improving the interpretability have to be considered. In this paper, a quantitative index of the interpretability is proposed and its rationality is proved, and equilibrium problem between the interpretability and the generalization performance is analyzed. Probability upper bound of the sum of the two performances is analyzed. For traditional supervised kernel machine learning problem, a universal learning framework is put forward to solve the equilibrium problem between the two performances. The condition for global optimal solution based on the framework is deduced. The learning framework is applied to the least-squares support vector machine and is evaluated by some experiments.
△ Less
Submitted 5 October, 2019; v1 submitted 21 November, 2018;
originally announced November 2018.
-
How far from automatically interpreting deep learning
Authors:
**wei Zhao,
Qizhou Wang,
Yufei Wang,
Xinhong Hei,
Yu Liu
Abstract:
In recent years, deep learning researchers have focused on how to find the interpretability behind deep learning models. However, today cognitive competence of human has not completely covered the deep learning model. In other words, there is a gap between the deep learning model and the cognitive mode. How to evaluate and shrink the cognitive gap is a very important issue. In this paper, the inte…
▽ More
In recent years, deep learning researchers have focused on how to find the interpretability behind deep learning models. However, today cognitive competence of human has not completely covered the deep learning model. In other words, there is a gap between the deep learning model and the cognitive mode. How to evaluate and shrink the cognitive gap is a very important issue. In this paper, the interpretability evaluation, the relationship between the generalization performance and the interpretability of the model and the method for improving the interpretability are concerned. A universal learning framework is put forward to solve the equilibrium problem between the two performances. The uniqueness of solution of the problem is proved and condition of unique solution is obtained. Probability upper bound of the sum of the two performances is analyzed.
△ Less
Submitted 19 November, 2018;
originally announced November 2018.
-
Injected and Delivered: Fabricating Implicit Control over Actuation Systems by Spoofing Inertial Sensors
Authors:
Yazhou Tu,
Zhiqiang Lin,
Insup Lee,
Xiali Hei
Abstract:
Inertial sensors provide crucial feedback for control systems to determine motional status and make timely, automated decisions. Prior efforts tried to control the output of inertial sensors with acoustic signals. However, their approaches did not consider sample rate drifts in analog-to-digital converters as well as many other realistic factors. As a result, few attacks demonstrated effective con…
▽ More
Inertial sensors provide crucial feedback for control systems to determine motional status and make timely, automated decisions. Prior efforts tried to control the output of inertial sensors with acoustic signals. However, their approaches did not consider sample rate drifts in analog-to-digital converters as well as many other realistic factors. As a result, few attacks demonstrated effective control over inertial sensors embedded in real systems.
This work studies the out-of-band signal injection methods to deliver adversarial control to embedded MEMS inertial sensors and evaluates consequent vulnerabilities exposed in control systems relying on them. Acoustic signals injected into inertial sensors are out-of-band analog signals. Consequently, slight sample rate drifts could be amplified and cause deviations in the frequency of digital signals. Such deviations result in fluctuating sensor output; nevertheless, we characterize two methods to control the output: digital amplitude adjusting and phase pacing. Based on our analysis, we devise non-invasive attacks to manipulate the sensor output as well as the derived inertial information to deceive control systems. We test 25 devices equipped with MEMS inertial sensors and find that 17 of them could be implicitly controlled by our attacks. Furthermore, we investigate the generalizability of our methods and show the possibility to manipulate the digital output through signals with relatively low frequencies in the sensing channel.
△ Less
Submitted 20 June, 2018; v1 submitted 20 June, 2018;
originally announced June 2018.