-
Parameter Matching Attack: Enhancing Practical Applicability of Availability Attacks
Authors:
Yu Zhe,
Jun Sakuma
Abstract:
The widespread use of personal data for training machine learning models raises significant privacy concerns, as individuals have limited control over how their public data is subsequently utilized. Availability attacks have emerged as a means for data owners to safeguard their data by desning imperceptible perturbations that degrade model performance when incorporated into training datasets. Howe…
▽ More
The widespread use of personal data for training machine learning models raises significant privacy concerns, as individuals have limited control over how their public data is subsequently utilized. Availability attacks have emerged as a means for data owners to safeguard their data by desning imperceptible perturbations that degrade model performance when incorporated into training datasets. However, existing availability attacks exhibit limitations in practical applicability, particularly when only a portion of the data can be perturbed. To address this challenge, we propose a novel availability attack approach termed Parameter Matching Attack (PMA). PMA is the first availability attack that works when only a portion of data can be perturbed. PMA optimizes perturbations so that when the model is trained on a mixture of clean and perturbed data, the resulting model will approach a model designed to perform poorly. Experimental results across four datasets demonstrate that PMA outperforms existing methods, achieving significant model performance degradation when a part of the training data is perturbed. Our code is available in the supplementary.
△ Less
Submitted 2 July, 2024;
originally announced July 2024.
-
Zero-shot domain adaptation based on dual-level mix and contrast
Authors:
Yu Zhe,
Jun Sakuma
Abstract:
Zero-shot domain adaptation (ZSDA) is a domain adaptation problem in the situation that labeled samples for a target task (task of interest) are only available from the source domain at training time, but for a task different from the task of interest (irrelevant task), labeled samples are available from both source and target domains. In this situation, classical domain adaptation techniques can…
▽ More
Zero-shot domain adaptation (ZSDA) is a domain adaptation problem in the situation that labeled samples for a target task (task of interest) are only available from the source domain at training time, but for a task different from the task of interest (irrelevant task), labeled samples are available from both source and target domains. In this situation, classical domain adaptation techniques can only learn domain-invariant features in the irrelevant task. However, due to the difference in sample distribution between the two tasks, domain-invariant features learned in the irrelevant task are biased and not necessarily domain-invariant in the task of interest. To solve this problem, this paper proposes a new ZSDA method to learn domain-invariant features with low task bias. To this end, we propose (1) data augmentation with dual-level mixups in both task and domain to fill the absence of target task-of-interest data, (2) an extension of domain adversarial learning to learn domain-invariant features with less task bias, and (3) a new dual-level contrastive learning method that enhances domain-invariance and less task biasedness of features. Experimental results show that our proposal achieves good performance on several benchmarks.
△ Less
Submitted 27 June, 2024;
originally announced June 2024.
-
Adversarial Attacks on Hidden Tasks in Multi-Task Learning
Authors:
Yu Zhe,
Rei Nagaike,
Daiki Nishiyama,
Kazuto Fukuchi,
Jun Sakuma
Abstract:
Deep learning models are susceptible to adversarial attacks, where slight perturbations to input data lead to misclassification. Adversarial attacks become increasingly effective with access to information about the targeted classifier. In the context of multi-task learning, where a single model learns multiple tasks simultaneously, attackers may aim to exploit vulnerabilities in specific tasks wi…
▽ More
Deep learning models are susceptible to adversarial attacks, where slight perturbations to input data lead to misclassification. Adversarial attacks become increasingly effective with access to information about the targeted classifier. In the context of multi-task learning, where a single model learns multiple tasks simultaneously, attackers may aim to exploit vulnerabilities in specific tasks with limited information. This paper investigates the feasibility of attacking hidden tasks within multi-task classifiers, where model access regarding the hidden target task and labeled data for the hidden target task are not available, but model access regarding the non-target tasks is available. We propose a novel adversarial attack method that leverages knowledge from non-target tasks and the shared backbone network of the multi-task model to force the model to forget knowledge related to the target task. Experimental results on CelebA and DeepFashion datasets demonstrate the effectiveness of our method in degrading the accuracy of hidden tasks while preserving the performance of visible tasks, contributing to the understanding of adversarial vulnerabilities in multi-task classifiers.
△ Less
Submitted 27 May, 2024; v1 submitted 24 May, 2024;
originally announced May 2024.
-
Dynamical evidence of the sub-parsec counter-rotating disc for a close binary of supermassive black holes in the nucleus of NGC 1068
Authors:
J. -M. Wang,
Y. -Y. Songsheng,
Y. -R. Li,
P. Du,
Y. Zhe
Abstract:
It arises a puzzle in \NGC\, how to secularly maintain the counter-rotating disc from $0.2$ to $7\,$pc unambiguously detected by recent ALMA observations of molecular gas. Upon further analysis of disc dynamics, we find that the Kelvin-Helmholtz (KH) instability (KHI) results in an unavoidable catastrophe of the disc developed at the interface between the reversely rotating parts, and demonstrate…
▽ More
It arises a puzzle in \NGC\, how to secularly maintain the counter-rotating disc from $0.2$ to $7\,$pc unambiguously detected by recent ALMA observations of molecular gas. Upon further analysis of disc dynamics, we find that the Kelvin-Helmholtz (KH) instability (KHI) results in an unavoidable catastrophe of the disc developed at the interface between the reversely rotating parts, and demonstrate that a close binary of supermassive black holes provides tidal torques as the unique external sources to prevent the disc from the KH catastrophe. We are led to the inescapable conclusion that there must be a binary black hole at the center of NGC 1068, to prevent it from the KH catastrophe. The binary is composed of black holes with a separation of $0.1\,$pc from GRAVITY/VLTI observations, a total mass of $1.3\times 10^{7}\:M_{\odot}$ and a mass ratio of $\sim 0.3$ estimated from the angular momentum budge of the global system. The KHI gives rise to forming a gap without cold gas at the velocity interface which overlaps with the observed gap of hot and cold dust regions. Releases of kinematic energies from the KHI of the disc are in agreement with observed emissions in radio and $γ$-rays. Such a binary is shrinking with a timescale much longer than the local Hubble time via gravitational waves, however, the KHI leads to an efficient annihilation of the orbital angular momentum and speed up merge of the binary, providing a new paradigm of solving the long term issue of "final parsec problem". Future observations of GRAVITY+/VLTI are expected to be able to spatially resolve the CB-SMBHs suggested in this paper.
△ Less
Submitted 3 July, 2020; v1 submitted 3 May, 2020;
originally announced May 2020.
-
Differentiated context-aware hook placement for different owners' smartphones
Authors:
Tian Chen,
Wang Ya Zhe,
Liu Peng,
Dai Rui Rui,
Zhou An Yuan,
Zhuo Xin Wang
Abstract:
A hook is a piece of code. It checks user privacy policy before some sensitive operations happen. We propose an automated solution named Prihook for hook placement in the Android Framework. Addressing specific context-aware user privacy concerns, the hook placement in Prihook is personalized. Specifically, we design User Privacy Preference Table (UPPT) to help a user express his privacy concerns.…
▽ More
A hook is a piece of code. It checks user privacy policy before some sensitive operations happen. We propose an automated solution named Prihook for hook placement in the Android Framework. Addressing specific context-aware user privacy concerns, the hook placement in Prihook is personalized. Specifically, we design User Privacy Preference Table (UPPT) to help a user express his privacy concerns. And we leverage machine learning to discover a Potential Method Set (consisting of Sensor Data Access Methods and Sensor Control Methods) from which we can select a particular subset to put hooks. We propose a map** from words in the UPPT lexicon to methods in the Potential Method Set. With this map**, Prihook is able to (a) select a specific set of methods; and (b) generate and place hooks automatically. We test Prihook separately on 6 typical UPPTs representing 6 kinds of resource-sensitive UPPTs, and no user privacy violation is found. The experimental results show that the hooks placed by PriHook have small runtime overhead.
△ Less
Submitted 20 August, 2019;
originally announced August 2019.
-
Kinematic signatures of reverberation map** of close binaries of supermassive black holes in active galactic nuclei
Authors:
Jian-Min Wang,
Yu-Yang Songsheng,
Yan-Rong Li,
Yu Zhe
Abstract:
Close binaries of supermassive black holes (CB-SMBHs) with separations of $\lesssim 0.1$pc as the final stage of galaxy mergers are sources of low frequency gravitational waves (GW), however, they are still elusive observationally because they are not spatially resolved. Fortunately, reverberation as echoes of broad emission lines to ionizing continuum conveys invaluable information of the dynamic…
▽ More
Close binaries of supermassive black holes (CB-SMBHs) with separations of $\lesssim 0.1$pc as the final stage of galaxy mergers are sources of low frequency gravitational waves (GW), however, they are still elusive observationally because they are not spatially resolved. Fortunately, reverberation as echoes of broad emission lines to ionizing continuum conveys invaluable information of the dynamics of broad-line regions (BLRs) governed by supermassive black holes in the central regions of active galactic nuclei (AGNs). In this paper, we demonstrate how to composite the hybrid 2-dimensional transfer functions of binary BLRs around the CB-SMBHs in AGNs, providing an opportunity of identifying them from reverberation map** (RM) data. It is found that there are variation-coupling effects in the transfer functions, arising from the coupling of CB-SMBH light curves in the Fourier space. We provide semi-analytical formulations of the transfer functions for kinematic maps of the gas. For cases with the simplest variation-coupling effects, we make calculations for several BLR models and reveal significant distinctions from those of single active black holes. In principle, the difference is caused by the orbital motion of the CB-SMBH systems. In order to search for CB-SMBHs in time-domain space, selection of target candidates should focus on local AGNs with H$β$ double-peaked profiles and weaker near-infrared emission. High-fidelity RM-campaigns of monitoring the targets in future will provide opportunities to reveal these kinematic signatures of the CB-SMBHs and hence for measurements of their orbital parameters.
△ Less
Submitted 17 June, 2018;
originally announced June 2018.