We present FACADE, a novel probabilistic and geometric framework designed for unsupervised mechanistic anomaly detection in deep neural networks. Its primary goal is advancing the understanding and mitigation of adversarial attacks. FACADE aims to generate probabilistic distributions over circuits, which provide critical insights to their contribution to changes in the manifold properties of pseudo-classes, or high-dimensional modes in activation space, yielding a powerful tool for uncovering and combating adversarial attacks. Our approach seeks to improve model robustness, enhance scalable model oversight, and demonstrates promising applications in real-world deployment settings.
相關內容
在(zai)(zai)數(shu)據挖掘中,異(yi)(yi)常(chang)檢(jian)(jian)測(ce)(ce)(英語(yu):anomaly detection)對(dui)(dui)不(bu)符(fu)合(he)預期模(mo)(mo)式或數(shu)據集(ji)中其他(ta)項(xiang)(xiang)(xiang)目的(de)(de)(de)(de)項(xiang)(xiang)(xiang)目、事件或觀測(ce)(ce)值(zhi)的(de)(de)(de)(de)識別。通(tong)常(chang)異(yi)(yi)常(chang)項(xiang)(xiang)(xiang)目會轉變成銀行欺詐、結(jie)構(gou)缺陷、醫療問題(ti)、文本(ben)錯誤等類型(xing)的(de)(de)(de)(de)問題(ti)。異(yi)(yi)常(chang)也(ye)被稱為離群值(zhi)、新奇(qi)、噪聲(sheng)、偏差和(he)例外。
特(te)別是(shi)(shi)在(zai)(zai)檢(jian)(jian)測(ce)(ce)濫用與網(wang)絡入侵(qin)時,有(you)趣性對(dui)(dui)象往往不(bu)是(shi)(shi)罕(han)見對(dui)(dui)象,但卻是(shi)(shi)超出預料的(de)(de)(de)(de)突發活動(dong)。這種模(mo)(mo)式不(bu)遵(zun)循通(tong)常(chang)統(tong)計定(ding)義中把異(yi)(yi)常(chang)點看作是(shi)(shi)罕(han)見對(dui)(dui)象,于是(shi)(shi)許多異(yi)(yi)常(chang)檢(jian)(jian)測(ce)(ce)方(fang)(fang)法(fa)(fa)(特(te)別是(shi)(shi)無(wu)(wu)監督(du)(du)(du)的(de)(de)(de)(de)方(fang)(fang)法(fa)(fa))將(jiang)對(dui)(dui)此(ci)類數(shu)據失效,除(chu)非(fei)進(jin)行了合(he)適(shi)的(de)(de)(de)(de)聚集(ji)。相反,聚類分(fen)析算法(fa)(fa)可(ke)能可(ke)以檢(jian)(jian)測(ce)(ce)出這些模(mo)(mo)式形成的(de)(de)(de)(de)微聚類。
有(you)三大(da)(da)類異(yi)(yi)常(chang)檢(jian)(jian)測(ce)(ce)方(fang)(fang)法(fa)(fa)。[1] 在(zai)(zai)假設數(shu)據集(ji)中大(da)(da)多數(shu)實例都(dou)是(shi)(shi)正(zheng)(zheng)常(chang)的(de)(de)(de)(de)前提下(xia),無(wu)(wu)監督(du)(du)(du)異(yi)(yi)常(chang)檢(jian)(jian)測(ce)(ce)方(fang)(fang)法(fa)(fa)能通(tong)過(guo)尋找與其他(ta)數(shu)據最不(bu)匹配的(de)(de)(de)(de)實例來檢(jian)(jian)測(ce)(ce)出未標記測(ce)(ce)試(shi)數(shu)據的(de)(de)(de)(de)異(yi)(yi)常(chang)。監督(du)(du)(du)式異(yi)(yi)常(chang)檢(jian)(jian)測(ce)(ce)方(fang)(fang)法(fa)(fa)需要一(yi)個已(yi)經被標記“正(zheng)(zheng)常(chang)”與“異(yi)(yi)常(chang)”的(de)(de)(de)(de)數(shu)據集(ji),并涉及到訓練分(fen)類器(qi)(與許多其他(ta)的(de)(de)(de)(de)統(tong)計分(fen)類問題(ti)的(de)(de)(de)(de)關鍵區別是(shi)(shi)異(yi)(yi)常(chang)檢(jian)(jian)測(ce)(ce)的(de)(de)(de)(de)內在(zai)(zai)不(bu)均衡性)。半監督(du)(du)(du)式異(yi)(yi)常(chang)檢(jian)(jian)測(ce)(ce)方(fang)(fang)法(fa)(fa)根(gen)據一(yi)個給定(ding)的(de)(de)(de)(de)正(zheng)(zheng)常(chang)訓練數(shu)據集(ji)創建一(yi)個表示正(zheng)(zheng)常(chang)行為的(de)(de)(de)(de)模(mo)(mo)型(xing),然后檢(jian)(jian)測(ce)(ce)由學習模(mo)(mo)型(xing)生成的(de)(de)(de)(de)測(ce)(ce)試(shi)實例的(de)(de)(de)(de)可(ke)能性。
Large language models (large LMs) are increasingly trained on massive codebases and used to generate code. However, LMs lack awareness of security and are found to frequently produce unsafe code. This work studies the security of LMs along two important axes: (i) security hardening, which aims to enhance LMs' reliability in generating secure code, and (ii) adversarial testing, which seeks to evaluate LMs' security at an adversarial standpoint. We address both of these by formulating a new security task called controlled code generation. The task is parametric and takes as input a binary property to guide the LM to generate secure or unsafe code, while preserving the LM's capability of generating functionally correct code. We propose a novel learning-based approach called SVEN to solve this task. SVEN leverages property-specific continuous vectors to guide program generation towards the given property, without modifying the LM's weights. Our training procedure optimizes these continuous vectors by enforcing specialized loss terms on different regions of code, using a high-quality dataset carefully curated by us. Our extensive evaluation shows that SVEN is highly effective in achieving strong security control. For instance, a state-of-the-art CodeGen LM with 2.7B parameters generates secure code for 59.1% of the time. When we employ SVEN to perform security hardening (or adversarial testing) on this LM, the ratio is significantly boosted to 92.3% (or degraded to 36.8%). Importantly, SVEN closely matches the original LMs in functional correctness.
The next generation Sunway supercomputer employs the SW26010pro processor, which features a specialized on-chip heterogeneous architecture. Applications with significant hotspots can benefit from the great computation capacity improvement of Sunway many-core architectures by carefully making intensive manual many-core parallelization efforts. However, some legacy projects with large codebases, such as CESM, ROMS and WRF, contain numerous lines of code and do not have significant hotspots. The cost of manually porting such applications to the Sunway architecture is almost unaffordable. To overcome such a challenge, we have developed a toolkit named O2ATH. O2ATH forwards GNU OpenMP runtime library calls to Sunway's Athread library, which greatly simplifies the parallelization work on the Sunway architecture.O2ATH enables users to write both MPE and CPE code in a single file, and parallelization can be achieved by utilizing OpenMP directives and attributes. In practice, O2ATH has helped us to port two large projects, CESM and ROMS, to the CPEs of the next generation Sunway supercomputers via the OpenMP offload method. In the experiments, kernel speedups range from 3 to 15 times, resulting in 3 to 6 times whole application speedups.Furthermore, O2ATH requires significantly fewer code modifications compared to manually crafting CPE functions.This indicates that O2ATH can greatly enhance development efficiency when porting or optimizing large software projects on Sunway supercomputers.
We present FIMO, an innovative dataset comprising formal mathematical problem statements sourced from the International Mathematical Olympiad (IMO) Shortlisted Problems. Designed to facilitate advanced automated theorem proving at the IMO level, FIMO is currently tailored for the Lean formal language. It comprises 149 formal problem statements, accompanied by both informal problem descriptions and their corresponding LaTeX-based informal proofs. Through initial experiments involving GPT-4, our findings underscore the existing limitations in current methodologies, indicating a substantial journey ahead before achieving satisfactory IMO-level automated theorem proving outcomes.
We present a novel method, called NeTO, for capturing 3D geometry of solid transparent objects from 2D images via volume rendering. Reconstructing transparent objects is a very challenging task, which is ill-suited for general-purpose reconstruction techniques due to the specular light transport phenomena. Although existing refraction-tracing based methods, designed specially for this task, achieve impressive results, they still suffer from unstable optimization and loss of fine details, since the explicit surface representation they adopted is difficult to be optimized, and the self-occlusion problem is ignored for refraction-tracing. In this paper, we propose to leverage implicit Signed Distance Function (SDF) as surface representation, and optimize the SDF field via volume rendering with a self-occlusion aware refractive ray tracing. The implicit representation enables our method to be capable of reconstructing high-quality reconstruction even with a limited set of images, and the self-occlusion aware strategy makes it possible for our method to accurately reconstruct the self-occluded regions. Experiments show that our method achieves faithful reconstruction results and outperforms prior works by a large margin. Visit our project page at //www.xxlong.site/NeTO/
We present a framework for sandboxing and restricting features of the OCaml programming language to effectively automate the grading of programming exercises, scaling to hundreds of submissions. We describe how to disable language and library features that should not be used to solve a given exercise. We present an overview of an implementation of a mock IO system to allow testing of IO-related exercises in a controlled environment. Finally, we detail a number of security considerations to ensure submitted code remains sandboxed, allowing automatic grading to be trusted without manual verification. The source code of our implementation is publicly available.
This paper introduces a new fundamental characteristic, \ie, the dynamic range, from real-world metric tools to deep visual recognition. In metrology, the dynamic range is a basic quality of a metric tool, indicating its flexibility to accommodate various scales. Larger dynamic range offers higher flexibility. In visual recognition, the multiple scale problem also exist. Different visual concepts may have different semantic scales. For example, ``Animal'' and ``Plants'' have a large semantic scale while ``Elk'' has a much smaller one. Under a small semantic scale, two different elks may look quite \emph{different} to each other . However, under a large semantic scale (\eg, animals and plants), these two elks should be measured as being \emph{similar}. %We argue that such flexibility is also important for deep metric learning, because different visual concepts indeed correspond to different semantic scales. Introducing the dynamic range to deep metric learning, we get a novel computer vision task, \ie, the Dynamic Metric Learning. It aims to learn a scalable metric space to accommodate visual concepts across multiple semantic scales. Based on three types of images, \emph{i.e.}, vehicle, animal and online products, we construct three datasets for Dynamic Metric Learning. We benchmark these datasets with popular deep metric learning methods and find Dynamic Metric Learning to be very challenging. The major difficulty lies in a conflict between different scales: the discriminative ability under a small scale usually compromises the discriminative ability under a large one, and vice versa. As a minor contribution, we propose Cross-Scale Learning (CSL) to alleviate such conflict. We show that CSL consistently improves the baseline on all the three datasets. The datasets and the code will be publicly available at //github.com/SupetZYK/DynamicMetricLearning.
This paper focuses on two fundamental tasks of graph analysis: community detection and node representation learning, which capture the global and local structures of graphs, respectively. In the current literature, these two tasks are usually independently studied while they are actually highly correlated. We propose a probabilistic generative model called vGraph to learn community membership and node representation collaboratively. Specifically, we assume that each node can be represented as a mixture of communities, and each community is defined as a multinomial distribution over nodes. Both the mixing coefficients and the community distribution are parameterized by the low-dimensional representations of the nodes and communities. We designed an effective variational inference algorithm which regularizes the community membership of neighboring nodes to be similar in the latent space. Experimental results on multiple real-world graphs show that vGraph is very effective in both community detection and node representation learning, outperforming many competitive baselines in both tasks. We show that the framework of vGraph is quite flexible and can be easily extended to detect hierarchical communities.
We present MMKG, a collection of three knowledge graphs that contain both numerical features and (links to) images for all entities as well as entity alignments between pairs of KGs. Therefore, multi-relational link prediction and entity matching communities can benefit from this resource. We believe this data set has the potential to facilitate the development of novel multi-modal learning approaches for knowledge graphs.We validate the utility ofMMKG in the sameAs link prediction task with an extensive set of experiments. These experiments show that the task at hand benefits from learning of multiple feature types.
In order to answer natural language questions over knowledge graphs, most processing pipelines involve entity and relation linking. Traditionally, entity linking and relation linking has been performed either as dependent sequential tasks or independent parallel tasks. In this paper, we propose a framework called "EARL", which performs entity linking and relation linking as a joint single task. EARL uses a graph connection based solution to the problem. We model the linking task as an instance of the Generalised Travelling Salesman Problem (GTSP) and use GTSP approximate algorithm solutions. We later develop EARL which uses a pair-wise graph-distance based solution to the problem.The system determines the best semantic connection between all keywords of the question by referring to a knowledge graph. This is achieved by exploiting the "connection density" between entity candidates and relation candidates. The "connection density" based solution performs at par with the approximate GTSP solution.We have empirically evaluated the framework on a dataset with 5000 questions. Our system surpasses state-of-the-art scores for entity linking task by reporting an accuracy of 0.65 to 0.40 from the next best entity linker.
We study the problem of learning to reason in large scale knowledge graphs (KGs). More specifically, we describe a novel reinforcement learning framework for learning multi-hop relational paths: we use a policy-based agent with continuous states based on knowledge graph embeddings, which reasons in a KG vector space by sampling the most promising relation to extend its path. In contrast to prior work, our approach includes a reward function that takes the accuracy, diversity, and efficiency into consideration. Experimentally, we show that our proposed method outperforms a path-ranking based algorithm and knowledge graph embedding methods on Freebase and Never-Ending Language Learning datasets.
注冊地址: 北京市海淀區羊坊店路18號2幢3層301-191