-
Clean-image Backdoor Attacks
Authors:
Dazhong Rong,
Guoyao Yu,
Shuheng Shen,
Xinyi Fu,
Peng Qian,
Jianhai Chen,
Qinming He,
Xing Fu,
Weiqiang Wang
Abstract:
To gather a significant quantity of annotated training data for high-performance image classification models, numerous companies opt to enlist third-party providers to label their unlabeled data. This practice is widely regarded as secure, even in cases where some annotated errors occur, as the impact of these minor inaccuracies on the final performance of the models is negligible and existing bac…
▽ More
To gather a significant quantity of annotated training data for high-performance image classification models, numerous companies opt to enlist third-party providers to label their unlabeled data. This practice is widely regarded as secure, even in cases where some annotated errors occur, as the impact of these minor inaccuracies on the final performance of the models is negligible and existing backdoor attacks require attacker's ability to poison the training images. Nevertheless, in this paper, we propose clean-image backdoor attacks which uncover that backdoors can still be injected via a fraction of incorrect labels without modifying the training images. Specifically, in our attacks, the attacker first seeks a trigger feature to divide the training images into two parts: those with the feature and those without it. Subsequently, the attacker falsifies the labels of the former part to a backdoor class. The backdoor will be finally implanted into the target model after it is trained on the poisoned data. During the inference phase, the attacker can activate the backdoor in two ways: slightly modifying the input image to obtain the trigger feature, or taking an image that naturally has the trigger feature as input. We conduct extensive experiments to demonstrate the effectiveness and practicality of our attacks. According to the experimental results, we conclude that our attacks seriously jeopardize the fairness and robustness of image classification models, and it is necessary to be vigilant about the incorrect labels in outsourced labeling.
△ Less
Submitted 26 March, 2024; v1 submitted 22 March, 2024;
originally announced March 2024.
-
MuFuzz: Sequence-Aware Mutation and Seed Mask Guidance for Blockchain Smart Contract Fuzzing
Authors:
Peng Qian,
Hanjie Wu,
Zeren Du,
Turan Vural,
Dazhong Rong,
Zheng Cao,
Lun Zhang,
Yanbin Wang,
Jianhai Chen,
Qinming He
Abstract:
As blockchain smart contracts become more widespread and carry more valuable digital assets, they become an increasingly attractive target for attackers. Over the past few years, smart contracts have been subject to a plethora of devastating attacks, resulting in billions of dollars in financial losses. There has been a notable surge of research interest in identifying defects in smart contracts.…
▽ More
As blockchain smart contracts become more widespread and carry more valuable digital assets, they become an increasingly attractive target for attackers. Over the past few years, smart contracts have been subject to a plethora of devastating attacks, resulting in billions of dollars in financial losses. There has been a notable surge of research interest in identifying defects in smart contracts. However, existing smart contract fuzzing tools are still unsatisfactory. They struggle to screen out meaningful transaction sequences and specify critical inputs for each transaction. As a result, they can only trigger a limited range of contract states, making it difficult to unveil complicated vulnerabilities hidden in the deep state space.
In this paper, we shed light on smart contract fuzzing by employing a sequence-aware mutation and seed mask guidance strategy. In particular, we first utilize data-flow-based feedback to determine transaction orders in a meaningful way and further introduce a sequence-aware mutation technique to explore deeper states. Thereafter, we design a mask-guided seed mutation strategy that biases the generated transaction inputs to hit target branches. In addition, we develop a dynamic-adaptive energy adjustment paradigm that balances the fuzzing resource allocation during a fuzzing campaign. We implement our designs into a new smart contract fuzzer named MuFuzz, and extensively evaluate it on three benchmarks. Empirical results demonstrate that MuFuzz outperforms existing tools in terms of both branch coverage and bug finding. Overall, MuFuzz achieves higher branch coverage than state-of-the-art fuzzers (up to 25%) and detects 30% more bugs than existing bug detectors.
△ Less
Submitted 9 December, 2023; v1 submitted 7 December, 2023;
originally announced December 2023.
-
Metal-to-insulator transition in oxide semimetals by anion do**
Authors:
Haitao Hong,
Huimin Zhang,
Shan Lin,
Jeffrey A. Dhas,
Binod Paudel,
Shuai Xu,
Shengru Chen,
Ting Cui,
Yiyan Fan,
Dongke Rong,
Qiao **,
Zihua Zhu,
Yingge Du,
Scott A. Chambers,
Chen Ge,
Can Wang,
Qinghua Zhang,
Le Wang,
Kui-juan **,
Shuai Dong,
Er-Jia Guo
Abstract:
Oxide semimetals exhibiting both nontrivial topological characteristics stand as exemplary parent compounds and multiple degrees of freedom, offering great promise for the realization of novel electronic states. In this study, we present compelling evidence of profound structural and transport phase shifts in a recently uncovered oxide semimetal, SrNbO3, achieved through effective in-situ anion do…
▽ More
Oxide semimetals exhibiting both nontrivial topological characteristics stand as exemplary parent compounds and multiple degrees of freedom, offering great promise for the realization of novel electronic states. In this study, we present compelling evidence of profound structural and transport phase shifts in a recently uncovered oxide semimetal, SrNbO3, achieved through effective in-situ anion do**. Notably, a remarkable increase in resistivity of more than three orders of magnitude at room temperature is observed upon nitrogen-do**. The extent of electronic modulation in SrNbO3 is strongly correlated with the misfit strain, underscoring its phase instability to both chemical do** and crystallographic symmetry variations. Using first-principles calculations, we discern that elevating the level of nitrogen do** induces an upward shift in the conductive bands of SrNbO3-dNd. Consequently, a transition from a metallic state to an insulating state becomes apparent as the nitrogen concentration reaches a threshold of 1/3. This investigation sheds light on the potential of anion engineering in oxide semimetals, offering pathways for manipulating their physical properties. These insights hold promise for future applications that harness these materials for tailored functionalities.
△ Less
Submitted 27 November, 2023;
originally announced November 2023.
-
Strain mediated phase crossover in Ruddlesden Popper nickelates
Authors:
Ting Cui,
Songhee Choi,
Ting Lin,
Chen Liu,
Gang Wang,
Ningning Wang,
Shengru Chen,
Haitao Hong,
Dongke Rong,
Qianying Wang,
Qiao **,
Jia-Ou Wang,
Lin Gu,
Chen Ge,
Can Wang,
** Guang Cheng,
Qinghua Zhang,
Liang Si,
Kui-juan **,
Er-Jia Guo
Abstract:
Recent progress on the signatures of pressure-induced high temperature superconductivity in Ruddlesden Popper (RP) nickelates (Lan+1NinO3n+1) has attracted growing interest in both theoretical calculations and experimental efforts. The fabrication of high-quality single crystalline RP nickelate thin films is critical for possible reducing the superconducting transition pressure and advancing appli…
▽ More
Recent progress on the signatures of pressure-induced high temperature superconductivity in Ruddlesden Popper (RP) nickelates (Lan+1NinO3n+1) has attracted growing interest in both theoretical calculations and experimental efforts. The fabrication of high-quality single crystalline RP nickelate thin films is critical for possible reducing the superconducting transition pressure and advancing applications in microelectronics in the future. In this study, we report the observations of an active phase transition in RP nickelate films induced by misfit strain. We found that RP nickelate films favor the perovskite structure (n = infinite) under tensile strains, while compressive strains stabilize the La3Ni2O7 (n = 2) phase. The selection of distinct phases is governed by the strain dependent formation energy and electronic configuration. In compressively strained La3Ni2O7, we experimentally determined splitting energy is ~0.2 eV and electrons prefer to occupy in-plane orbitals. First principles calculations unveil a robust coupling between strain effects and the valence state of Ni ions in RP nickelates, suggesting a dual driving force for the inevitable phase co-existence transition in RP nickelates. Our work underscores the sensitivity of RP nickelate formation to epitaxial strain, presenting a significant challenge in fabricating pure-phase RP nickelate films. Therefore, special attention to stacking defects and grain boundaries between different RP phases is essential when discussing the pressure-induced superconductivity in RP nickelates.
△ Less
Submitted 22 November, 2023;
originally announced November 2023.
-
Syntropic spin alignment at the interface between ferromagnetic and superconducting nitrides
Authors:
Qiao **,
Qinghua Zhang,
Bai He,
Yuting Zou,
Yonglong Ga,
Shengru Chen,
Haitao Hong,
Ting Cui,
Dongke Rong,
Jia-Ou Wang,
Can Wang,
Yanwei Cao,
Lin Gu,
Shanmin Wang,
Kun Jiang,
Zhi-Gang Cheng,
Tao Zhu,
Hongxin Yang,
Kui-juan **,
Er-Jia Guo
Abstract:
The magnetic correlations at the superconductor/ferromagnet (S/F) interfaces play a crucial role in realizing dissipation-less spin-based logic and memory technologies, such as triplet-supercurrent spin-valves and "π" Josephson junctions. Here we report the coexistence of an induced large magnetic moment and a crypto ferromagnetic state at high-quality nitride S/F interfaces. Using polarized neutr…
▽ More
The magnetic correlations at the superconductor/ferromagnet (S/F) interfaces play a crucial role in realizing dissipation-less spin-based logic and memory technologies, such as triplet-supercurrent spin-valves and "π" Josephson junctions. Here we report the coexistence of an induced large magnetic moment and a crypto ferromagnetic state at high-quality nitride S/F interfaces. Using polarized neutron reflectometry and d. c. SQUID measurements, we quantitatively determined the magnetization profile of S/F bilayer and confirmed the induced magnetic moment in the adjacent superconductor only exists below TC. Interestingly, the direction of the induced moment in the superconductors was unexpectedly parallel to that in the ferromagnet, which contrasts with earlier findings in S/F heterostructures based on metals or oxides. The first-principles calculations verify the observed unusual interfacial spin texture is caused by the Heisenberg direct exchange coupling through d orbital overlap** and severe charge transfer across the interfaces. Our work establishes an incisive experimental probe for understanding the magnetic proximity behavior at S/F interfaces and provides a prototype epitaxial building block for superconducting spintronics.
△ Less
Submitted 11 April, 2023;
originally announced April 2023.
-
CoMeta: Enhancing Meta Embeddings with Collaborative Information in Cold-start Problem of Recommendation
Authors:
Haonan Hu,
Dazhong Rong,
Jianhai Chen,
Qinming He,
Zhenguang Liu
Abstract:
The cold-start problem is quite challenging for existing recommendation models. Specifically, for the new items with only a few interactions, their ID embeddings are trained inadequately, leading to poor recommendation performance. Some recent studies introduce meta learning to solve the cold-start problem by generating meta embeddings for new items as their initial ID embeddings. However, we argu…
▽ More
The cold-start problem is quite challenging for existing recommendation models. Specifically, for the new items with only a few interactions, their ID embeddings are trained inadequately, leading to poor recommendation performance. Some recent studies introduce meta learning to solve the cold-start problem by generating meta embeddings for new items as their initial ID embeddings. However, we argue that the capability of these methods is limited, because they mainly utilize item attribute features which only contain little information, but ignore the useful collaborative information contained in the ID embeddings of users and old items. To tackle this issue, we propose CoMeta to enhance the meta embeddings with the collaborative information. CoMeta consists of two submodules: B-EG and S-EG. Specifically, for a new item: B-EG calculates the similarity-based weighted sum of the ID embeddings of old items as its base embedding; S-EG generates its shift embedding not only with its attribute features but also with the average ID embedding of the users who interacted with it. The final meta embedding is obtained by adding up the base embedding and the shift embedding. We conduct extensive experiments on two public datasets. The experimental results demonstrate both the effectiveness and the compatibility of CoMeta.
△ Less
Submitted 7 June, 2023; v1 submitted 13 March, 2023;
originally announced March 2023.
-
Miniature Magnetic Nano islands in a Morphotropic Cobaltite Matrix
Authors:
Shengru Chen,
Dongke Rong,
Yue Xu,
Miming Cai,
Xinyan Li,
Qinghua Zhang,
Shuai Xu,
Yan-Xing Shang,
Haitao Hong,
Ting Cui,
Qiao **,
Jia-Ou Wang,
Haizhong Guo,
Lin Gu,
Qiang Zheng,
Can Wang,
**xing Zhang,
Gang-Qin Liu,
Kui-juan **,
Er-Jia Guo
Abstract:
High-density magnetic memories are key components in spintronics, quantum computing, and energy-efficient electronics. Reduced dimensionality and magnetic domain stability at the nanoscale are essential for the miniaturization of magnetic storage units. Yet, inducing magnetic order, and selectively tuning spin-orbital coupling at specific locations have remained challenging. Here we demonstrate th…
▽ More
High-density magnetic memories are key components in spintronics, quantum computing, and energy-efficient electronics. Reduced dimensionality and magnetic domain stability at the nanoscale are essential for the miniaturization of magnetic storage units. Yet, inducing magnetic order, and selectively tuning spin-orbital coupling at specific locations have remained challenging. Here we demonstrate the construction of switchable magnetic nano-islands in a nonmagnetic matrix based on cobaltite homo-structures. The magnetic and electronic states are laterally modified by epitaxial strain, which is regionally controlled by freestanding membranes. Atomically sharp grain boundaries isolate the crosstalk between magnetically distinct regions. The minimal size of magnetic nano-islands reaches 35 nm in diameter, enabling an areal density of 400 Gbit per inch square. Besides providing an ideal platform for precisely controlled read and write schemes, this methodology can enable scalable and patterned memories on silicon and flexible substrates for various applications.
△ Less
Submitted 14 January, 2023;
originally announced January 2023.
-
GARF:Geometry-Aware Generalized Neural Radiance Field
Authors:
Yue Shi,
Dingyi Rong,
Bingbing Ni,
Chang Chen,
Wenjun Zhang
Abstract:
Neural Radiance Field (NeRF) has revolutionized free viewpoint rendering tasks and achieved impressive results. However, the efficiency and accuracy problems hinder its wide applications. To address these issues, we propose Geometry-Aware Generalized Neural Radiance Field (GARF) with a geometry-aware dynamic sampling (GADS) strategy to perform real-time novel view rendering and unsupervised depth…
▽ More
Neural Radiance Field (NeRF) has revolutionized free viewpoint rendering tasks and achieved impressive results. However, the efficiency and accuracy problems hinder its wide applications. To address these issues, we propose Geometry-Aware Generalized Neural Radiance Field (GARF) with a geometry-aware dynamic sampling (GADS) strategy to perform real-time novel view rendering and unsupervised depth estimation on unseen scenes without per-scene optimization. Distinct from most existing generalized NeRFs, our framework infers the unseen scenes on both pixel-scale and geometry-scale with only a few input images. More specifically, our method learns common attributes of novel-view synthesis by an encoder-decoder structure and a point-level learnable multi-view feature fusion module which helps avoid occlusion. To preserve scene characteristics in the generalized model, we introduce an unsupervised depth estimation module to derive the coarse geometry, narrow down the ray sampling interval to proximity space of the estimated surface and sample in expectation maximum position, constituting Geometry-Aware Dynamic Sampling strategy (GADS). Moreover, we introduce a Multi-level Semantic Consistency loss (MSC) to assist more informative representation learning. Extensive experiments on indoor and outdoor datasets show that comparing with state-of-the-art generalized NeRF methods, GARF reduces samples by more than 25\%, while improving rendering quality and 3D geometry estimation.
△ Less
Submitted 7 December, 2022; v1 submitted 5 December, 2022;
originally announced December 2022.
-
Synthesis of functional nitride membranes using sacrificial water-soluble BaO layers
Authors:
Shengru Chen,
Qiao **,
Shan Lin,
Haitao Hong,
Ting Cui,
Dongke Rong,
Guozhu Song,
Shanmin Wang,
Kuijuan **,
Qiang Zheng,
Er-Jia Guo
Abstract:
Transition metal nitrides (TMNs) exhibit fascinating physical properties that hold great potential in future device applications. To stack two-dimensional TMNs with other functional materials that have dissimilar orientations and symmetries requires to separate epitaxial TMNs from the growth substrates. However, the lattice constants of TMNs are not compatible with those of most sacrificial layers…
▽ More
Transition metal nitrides (TMNs) exhibit fascinating physical properties that hold great potential in future device applications. To stack two-dimensional TMNs with other functional materials that have dissimilar orientations and symmetries requires to separate epitaxial TMNs from the growth substrates. However, the lattice constants of TMNs are not compatible with those of most sacrificial layers, leading to a great challenge to fabricate high-quality single crystalline TMN membranes. In this letter, we report the application of a water-soluble BaO sacrificial layer as a general approach to create freestanding TMN membranes. Taken CrN as an example, the relatively small lattice mismatch and identical cubic structure between BaO and CrN ensure the growth of heterostructures. Millimeter-size CrN membrane allows us to directly observe the planar-view of atomic structure and to correlate its electronic state with intrinsic transport properties. Our work provides the opportunity to fabricate freestanding TMN membranes and the ability to transfer them to arbitrary substrates. The integration of TMN membranes with other materials will stimulate further studies in the emergent phenomena at heterointerfaces.
△ Less
Submitted 17 December, 2022; v1 submitted 27 November, 2022;
originally announced November 2022.
-
Braiding lateral morphotropic grain boundary in homogeneitic oxides
Authors:
Shengru Chen,
Qinghua Zhang,
Dongke Rong,
Yue Xu,
**feng Zhang,
Fangfang Pei,
He Bai,
Yan-Xing Shang,
Shan Lin,
Qiao **,
Haitao Hong,
Can Wang,
Wensheng Yan,
Haizhong Guo,
Tao Zhu,
Lin Gu,
Yu Gong,
Qian Li,
Lingfei Wang,
Gang-Qin Liu,
Kui-juan **,
Er-Jia Guo
Abstract:
Interfaces formed by correlated oxides offer a critical avenue for discovering emergent phenomena and quantum states. However, the fabrication of oxide interfaces with variable crystallographic orientations and strain states integrated along a film plane is extremely challenge by conventional layer-by-layer stacking or self-assembling. Here, we report the creation of morphotropic grain boundaries…
▽ More
Interfaces formed by correlated oxides offer a critical avenue for discovering emergent phenomena and quantum states. However, the fabrication of oxide interfaces with variable crystallographic orientations and strain states integrated along a film plane is extremely challenge by conventional layer-by-layer stacking or self-assembling. Here, we report the creation of morphotropic grain boundaries (GBs) in laterally interconnected cobaltite homostructures. Single-crystalline substrates and suspended ultrathin freestanding membranes provide independent templates for coherent epitaxy and constraint on the growth orientation, resulting in seamless and atomically sharp GBs. Electronic states and magnetic behavior in hybrid structures are laterally modulated and isolated by GBs, enabling artificially engineered functionalities in the planar matrix. Our work offers a simple and scalable method for fabricating unprecedented innovative interfaces through controlled synthesis routes as well as provides a platform for exploring potential applications in neuromorphics, solid state batteries, and catalysis.
△ Less
Submitted 13 July, 2022;
originally announced July 2022.
-
Asymmetric Ground States in La$_{0.67}$Sr$_{0.33}$MnO$_3$/BaTiO$_3$ heterostructures Induced by Flexoelectric Bending
Authors:
Mingqun Qi,
Zhen Yang,
Shengru Chen,
Shan Lin,
Qiao **,
Haitao Hong,
Dongke Rong,
Haizhong Guo,
Can Wang,
Kui-juan **,
Zhen** Wu,
Er-Jia Guo
Abstract:
Misfit strain delivered from single-crystal substrates typically modifies the ground states of transition metal oxides, generating increasing interests in designing modern transducers and sensors. Here, we demonstrate that magnetotransport properties of La$_{0.67}$Sr$_{0.33}$MnO$_3$ (LSMO) films were continuously tuned by uniaxial strain produced by a home-designed bending jig. The electrical cond…
▽ More
Misfit strain delivered from single-crystal substrates typically modifies the ground states of transition metal oxides, generating increasing interests in designing modern transducers and sensors. Here, we demonstrate that magnetotransport properties of La$_{0.67}$Sr$_{0.33}$MnO$_3$ (LSMO) films were continuously tuned by uniaxial strain produced by a home-designed bending jig. The electrical conductivity and Curie temperature of LSMO films are enhanced by bending stresses. The resistivity of a u-shape bended LSMO decays three times faster than that of a n-shape bended LSMO as a response to the same magnitude of strain. The asymmetric magnetic states in uniaxially strained LSMO are attributed to the dual actions of Jahn-Teller distortion and strain gradient mediated flexoelectric fields in an adjacent ferroelectric layer. These findings of multi-field regulation in a single material provide a feasible means for develo** flexible electronic and spintronic devices.
△ Less
Submitted 7 July, 2022;
originally announced July 2022.
-
Exfoliation of 2D van der Waals crystals in ultrahigh vacuum for interface engineering
Authors:
Zhenyu Sun,
Xu Han,
Zhihao Cai,
Shaosheng Yue,
Daiyu Geng,
Dongke Rong,
Lin Zhao,
Yi-Qi Zhang,
Peng Cheng,
Lan Chen,
Xingjiang Zhou,
Yuan Huang,
Kehui Wu,
Baojie Feng
Abstract:
Two-dimensional (2D) materials and their heterostructures have been intensively studied in recent years due to their potential applications in electronic, optoelectronic, and spintronic devices. Nonetheless, the realization of 2D heterostructures with atomically flat and clean interfaces remains challenging, especially for air-sensitive materials, which hinders the in-depth investigation of interf…
▽ More
Two-dimensional (2D) materials and their heterostructures have been intensively studied in recent years due to their potential applications in electronic, optoelectronic, and spintronic devices. Nonetheless, the realization of 2D heterostructures with atomically flat and clean interfaces remains challenging, especially for air-sensitive materials, which hinders the in-depth investigation of interface-induced phenomena and the fabrication of high-quality devices. Here, we circumvented this challenge by exfoliating 2D materials in an ultrahigh vacuum. Remarkably, ultraflat and clean substrate surfaces can assist the exfoliation of 2D materials, regardless of the substrate and 2D material, thus providing a universal method for the preparation of heterostructures with ideal interfaces. In addition, we studied the properties of two prototypical systems that cannot be achieved previously, including the electronic structure of monolayer phospherene and optical responses of transition metal dichalcogenides on different metal substrates. Our work paves the way to engineer rich interface-induced phenomena, such as proximity effects and moiré superlattices.
△ Less
Submitted 15 June, 2022;
originally announced June 2022.
-
Differentiable Projection from Optical Coherence Tomography B-Scan without Retinal Layer Segmentation Supervision
Authors:
Dingyi Rong,
Jiancheng Yang,
Bingbing Ni,
Bilian Ke
Abstract:
Projection map (PM) from optical coherence tomography (OCT) B-scan is an important tool to diagnose retinal diseases, which typically requires retinal layer segmentation. In this study, we present a novel end-to-end framework to predict PMs from B-scans. Instead of segmenting retinal layers explicitly, we represent them implicitly as predicted coordinates. By pixel interpolation on uniformly sampl…
▽ More
Projection map (PM) from optical coherence tomography (OCT) B-scan is an important tool to diagnose retinal diseases, which typically requires retinal layer segmentation. In this study, we present a novel end-to-end framework to predict PMs from B-scans. Instead of segmenting retinal layers explicitly, we represent them implicitly as predicted coordinates. By pixel interpolation on uniformly sampled coordinates between retinal layers, the corresponding PMs could be easily obtained with pooling. Notably, all the operators are differentiable; therefore, this Differentiable Projection Module (DPM) enables end-to-end training with the ground truth of PMs rather than retinal layer segmentation. Our framework produces high-quality PMs, significantly outperforming baselines, including a vanilla CNN without DPM and an optimization-based DPM without a deep prior. Furthermore, the proposed DPM, as a novel neural representation of areas/volumes between curves/surfaces, could be of independent interest for geometric deep learning.
△ Less
Submitted 11 June, 2022;
originally announced June 2022.
-
Poisoning Deep Learning Based Recommender Model in Federated Learning Scenarios
Authors:
Dazhong Rong,
Qinming He,
Jianhai Chen
Abstract:
Various attack methods against recommender systems have been proposed in the past years, and the security issues of recommender systems have drawn considerable attention. Traditional attacks attempt to make target items recommended to as many users as possible by poisoning the training data. Benifiting from the feature of protecting users' private data, federated recommendation can effectively def…
▽ More
Various attack methods against recommender systems have been proposed in the past years, and the security issues of recommender systems have drawn considerable attention. Traditional attacks attempt to make target items recommended to as many users as possible by poisoning the training data. Benifiting from the feature of protecting users' private data, federated recommendation can effectively defend such attacks. Therefore, quite a few works have devoted themselves to develo** federated recommender systems. For proving current federated recommendation is still vulnerable, in this work we probe to design attack approaches targeting deep learning based recommender models in federated learning scenarios. Specifically, our attacks generate poisoned gradients for manipulated malicious users to upload based on two strategies (i.e., random approximation and hard user mining). Extensive experiments show that our well-designed attacks can effectively poison the target models, and the attack effectiveness sets the state-of-the-art.
△ Less
Submitted 8 June, 2022; v1 submitted 26 April, 2022;
originally announced April 2022.
-
FedRecAttack: Model Poisoning Attack to Federated Recommendation
Authors:
Dazhong Rong,
Shuai Ye,
Ruoyan Zhao,
Hon Ning Yuen,
Jianhai Chen,
Qinming He
Abstract:
Federated Recommendation (FR) has received considerable popularity and attention in the past few years. In FR, for each user, its feature vector and interaction data are kept locally on its own client thus are private to others. Without the access to above information, most existing poisoning attacks against recommender systems or federated learning lose validity. Benifiting from this characterist…
▽ More
Federated Recommendation (FR) has received considerable popularity and attention in the past few years. In FR, for each user, its feature vector and interaction data are kept locally on its own client thus are private to others. Without the access to above information, most existing poisoning attacks against recommender systems or federated learning lose validity. Benifiting from this characteristic, FR is commonly considered fairly secured. However, we argue that there is still possible and necessary security improvement could be made in FR. To prove our opinion, in this paper we present FedRecAttack, a model poisoning attack to FR aiming to raise the exposure ratio of target items. In most recommendation scenarios, apart from private user-item interactions (e.g., clicks, watches and purchases), some interactions are public (e.g., likes, follows and comments). Motivated by this point, in FedRecAttack we make use of the public interactions to approximate users' feature vectors, thereby attacker can generate poisoned gradients accordingly and control malicious users to upload the poisoned gradients in a well-designed way. To evaluate the effectiveness and side effects of FedRecAttack, we conduct extensive experiments on three real-world datasets of different sizes from two completely different scenarios. Experimental results demonstrate that our proposed FedRecAttack achieves the state-of-the-art effectiveness while its side effects are negligible. Moreover, even with small proportion (3%) of malicious users and small proportion (1%) of public interactions, FedRecAttack remains highly effective, which reveals that FR is more vulnerable to attack than people commonly considered.
△ Less
Submitted 13 October, 2022; v1 submitted 1 April, 2022;
originally announced April 2022.
-
Anisotropic electronic phase transition in CrN epitaxial thin films
Authors:
Qiao **,
Jiali Zhao,
Manuel Roldan,
Shan Lin,
Shengru Chen,
Haitao Hong,
Yiyan Fan,
Dongke Rong,
Haizhong Guo,
Chen Ge,
Can Wang,
Jia-Ou Wang,
Shanmin Wang,
Kui-juan **,
Er-Jia Guo
Abstract:
Electronic phase transition in strongly correlated materials is extremely sensitive to the dimensionality and crystallographic orientations. Transition metal nitrides (TMNs) are seldom investigated due to the difficulty in fabricating the high-quality and stoichiometric single crystals. In this letter, we report the epitaxial growth and electronic properties of CrN films on different-oriented NdGa…
▽ More
Electronic phase transition in strongly correlated materials is extremely sensitive to the dimensionality and crystallographic orientations. Transition metal nitrides (TMNs) are seldom investigated due to the difficulty in fabricating the high-quality and stoichiometric single crystals. In this letter, we report the epitaxial growth and electronic properties of CrN films on different-oriented NdGaO3 (NGO) substrates. Astonishingly, the CrN films grown on (110)-oriented NGO substrates maintain a metallic phase, whereas the CrN films grown on (010)-oriented NGO substrates are semiconducting. We attribute the unconventional electronic transition in the CrN films to the strongly correlation with epitaxial strain. The effective modulation of bandgap by the anisotropic strain triggers the metal-to-insulator transition consequently. This work provides a convenient approach to modify the electronic ground states of functional materials using anisotropic strain and further stimulates the investigations of TMNs.
△ Less
Submitted 20 November, 2021;
originally announced November 2021.
-
Zero-Shot Learning in Named-Entity Recognition with External Knowledge
Authors:
Nguyen Van Hoang,
Soeren Hougaard Mulvad,
Dexter Neo Yuan Rong,
Yang Yue
Abstract:
A significant shortcoming of current state-of-the-art (SOTA) named-entity recognition (NER) systems is their lack of generalization to unseen domains, which poses a major problem since obtaining labeled data for NER in a new domain is expensive and time-consuming. We propose ZERO, a model that performs zero-shot and few-shot learning in NER to generalize to unseen domains by incorporating pre-exis…
▽ More
A significant shortcoming of current state-of-the-art (SOTA) named-entity recognition (NER) systems is their lack of generalization to unseen domains, which poses a major problem since obtaining labeled data for NER in a new domain is expensive and time-consuming. We propose ZERO, a model that performs zero-shot and few-shot learning in NER to generalize to unseen domains by incorporating pre-existing knowledge in the form of semantic word embeddings. ZERO first obtains contextualized word representations of input sentences using the model LUKE, reduces their dimensionality, and compares them directly with the embeddings of the external knowledge, allowing ZERO to be trained to recognize unseen output entities. We find that ZERO performs well on unseen NER domains with an average macro F1 score of 0.23, outperforms LUKE in few-shot learning, and even achieves competitive scores on an in-domain comparison. The performance across source-target domain pairs is shown to be inversely correlated with the pairs' KL divergence.
△ Less
Submitted 15 November, 2021;
originally announced November 2021.
