-
Characterization of 3D printed micro-blades for cutting tissue-embedding material
Authors:
Saisneha Koppaka,
David Doan,
Wei Cai,
Wendy Gu,
Sindy K. Y. Tang
Abstract:
Cutting soft materials on the microscale has emerging applications in single-cell studies, tissue microdissection for organoid culture, drug screens, and other analyses. However, the cutting process is complex and remains incompletely understood. Furthermore, precise control over blade geometries, such as the blade tip radius, has been difficult to achieve. In this work, we use the Nanoscribe 3D p…
▽ More
Cutting soft materials on the microscale has emerging applications in single-cell studies, tissue microdissection for organoid culture, drug screens, and other analyses. However, the cutting process is complex and remains incompletely understood. Furthermore, precise control over blade geometries, such as the blade tip radius, has been difficult to achieve. In this work, we use the Nanoscribe 3D printer to precisely fabricate micro-blades (i.e., blades <1 mm in length) and blade grid geometries. This fabrication method enables a systematic study of the effect of blade geometry on the indentation cutting of paraffin wax, a common tissue-embedding material. First, we print straight micro-blades with tip radius ranging from ~100 nm to 10 um. The micro-blades are mounted in a custom nanoindentation setup to measure the cutting energy during indentation cutting of paraffin. Cutting energy, measured as the difference in dissipated energy between the first and second loading cycles, decreases as blade tip radius decreases, until ~357 nm when the cutting energy plateaus despite further decrease in tip radius. Second, we expand our method to blades printed in unconventional configurations, including parallel blade structures and blades arranged in a square grid. Under the conditions tested, the cutting energy scales approximately linearly with the total length of the blades comprising the blade structure. The experimental platform described can be extended to investigate other blade geometries and guide the design of microscale cutting of soft materials.
△ Less
Submitted 3 August, 2024;
originally announced August 2024.
-
Towards Clean-Label Backdoor Attacks in the Physical World
Authors:
Thinh Dao,
Cuong Chi Le,
Khoa D Doan,
Kok-Seng Wong
Abstract:
Deep Neural Networks (DNNs) are vulnerable to backdoor poisoning attacks, with most research focusing on digital triggers, special patterns digitally added to test-time inputs to induce targeted misclassification. In contrast, physical triggers, which are natural objects within a physical scene, have emerged as a desirable alternative since they enable real-time backdoor activations without digita…
▽ More
Deep Neural Networks (DNNs) are vulnerable to backdoor poisoning attacks, with most research focusing on digital triggers, special patterns digitally added to test-time inputs to induce targeted misclassification. In contrast, physical triggers, which are natural objects within a physical scene, have emerged as a desirable alternative since they enable real-time backdoor activations without digital manipulation. However, current physical attacks require that poisoned inputs have incorrect labels, making them easily detectable upon human inspection. In this paper, we collect a facial dataset of 21,238 images with 7 common accessories as triggers and use it to study the threat of clean-label backdoor attacks in the physical world. Our study reveals two findings. First, the success of physical attacks depends on the poisoning algorithm, physical trigger, and the pair of source-target classes. Second, although clean-label poisoned samples preserve ground-truth labels, their perceptual quality could be seriously degraded due to conspicuous artifacts in the images. Such samples are also vulnerable to statistical filtering methods because they deviate from the distribution of clean samples in the feature space. To address these issues, we propose replacing the standard $\ell_\infty$ regularization with a novel pixel regularization and feature regularization that could enhance the imperceptibility of poisoned samples without compromising attack performance. Our study highlights accidental backdoor activations as a key limitation of clean-label physical backdoor attacks. This happens when unintended objects or classes accidentally cause the model to misclassify as the target class.
△ Less
Submitted 27 July, 2024;
originally announced July 2024.
-
Flatness-aware Sequential Learning Generates Resilient Backdoors
Authors:
Hoang Pham,
The-Anh Ta,
Anh Tran,
Khoa D. Doan
Abstract:
Recently, backdoor attacks have become an emerging threat to the security of machine learning models. From the adversary's perspective, the implanted backdoors should be resistant to defensive algorithms, but some recently proposed fine-tuning defenses can remove these backdoors with notable efficacy. This is mainly due to the catastrophic forgetting (CF) property of deep neural networks. This pap…
▽ More
Recently, backdoor attacks have become an emerging threat to the security of machine learning models. From the adversary's perspective, the implanted backdoors should be resistant to defensive algorithms, but some recently proposed fine-tuning defenses can remove these backdoors with notable efficacy. This is mainly due to the catastrophic forgetting (CF) property of deep neural networks. This paper counters CF of backdoors by leveraging continual learning (CL) techniques. We begin by investigating the connectivity between a backdoored and fine-tuned model in the loss landscape. Our analysis confirms that fine-tuning defenses, especially the more advanced ones, can easily push a poisoned model out of the backdoor regions, making it forget all about the backdoors. Based on this finding, we re-formulate backdoor training through the lens of CL and propose a novel framework, named Sequential Backdoor Learning (SBL), that can generate resilient backdoors. This framework separates the backdoor poisoning process into two tasks: the first task learns a backdoored model, while the second task, based on the CL principles, moves it to a backdoored region resistant to fine-tuning. We additionally propose to seek flatter backdoor regions via a sharpness-aware minimizer in the framework, further strengthening the durability of the implanted backdoor. Finally, we demonstrate the effectiveness of our method through extensive empirical experiments on several benchmark datasets in the backdoor domain. The source code is available at https://github.com/mail-research/SBL-resilient-backdoors
△ Less
Submitted 19 July, 2024;
originally announced July 2024.
-
Less is More: Sparse Watermarking in LLMs with Enhanced Text Quality
Authors:
Duy C. Hoang,
Hung T. Q. Le,
Rui Chu,
Ping Li,
Weijie Zhao,
Yingjie Lao,
Khoa D. Doan
Abstract:
With the widespread adoption of Large Language Models (LLMs), concerns about potential misuse have emerged. To this end, watermarking has been adapted to LLM, enabling a simple and effective way to detect and monitor generated text. However, while the existing methods can differentiate between watermarked and unwatermarked text with high accuracy, they often face a trade-off between the quality of…
▽ More
With the widespread adoption of Large Language Models (LLMs), concerns about potential misuse have emerged. To this end, watermarking has been adapted to LLM, enabling a simple and effective way to detect and monitor generated text. However, while the existing methods can differentiate between watermarked and unwatermarked text with high accuracy, they often face a trade-off between the quality of the generated text and the effectiveness of the watermarking process. In this work, we present a novel type of LLM watermark, Sparse Watermark, which aims to mitigate this trade-off by applying watermarks to a small subset of generated tokens distributed across the text. The key strategy involves anchoring watermarked tokens to words that have specific Part-of-Speech (POS) tags. Our experimental results demonstrate that the proposed watermarking scheme achieves high detectability while generating text that outperforms previous LLM watermarking methods in quality across various tasks
△ Less
Submitted 17 July, 2024;
originally announced July 2024.
-
Overcoming Catastrophic Forgetting in Federated Class-Incremental Learning via Federated Global Twin Generator
Authors:
Thinh Nguyen,
Khoa D Doan,
Binh T. Nguyen,
Danh Le-Phuoc,
Kok-Seng Wong
Abstract:
Federated Class-Incremental Learning (FCIL) increasingly becomes important in the decentralized setting, where it enables multiple participants to collaboratively train a global model to perform well on a sequence of tasks without sharing their private data. In FCIL, conventional Federated Learning algorithms such as FedAVG often suffer from catastrophic forgetting, resulting in significant perfor…
▽ More
Federated Class-Incremental Learning (FCIL) increasingly becomes important in the decentralized setting, where it enables multiple participants to collaboratively train a global model to perform well on a sequence of tasks without sharing their private data. In FCIL, conventional Federated Learning algorithms such as FedAVG often suffer from catastrophic forgetting, resulting in significant performance declines on earlier tasks. Recent works, based on generative models, produce synthetic images to help mitigate this issue across all classes, but these approaches' testing accuracy on previous classes is still much lower than recent classes, i.e., having better plasticity than stability. To overcome these issues, this paper presents Federated Global Twin Generator (FedGTG), an FCIL framework that exploits privacy-preserving generative-model training on the global side without accessing client data. Specifically, the server trains a data generator and a feature generator to create two types of information from all seen classes, and then it sends the synthetic data to the client side. The clients then use feature-direction-controlling losses to make the local models retain knowledge and learn new tasks well. We extensively analyze the robustness of FedGTG on natural images, as well as its ability to converge to flat local minima and achieve better-predicting confidence (calibration). Experimental results on CIFAR-10, CIFAR-100, and tiny-ImageNet demonstrate the improvements in accuracy and forgetting measures of FedGTG compared to previous frameworks.
△ Less
Submitted 13 July, 2024;
originally announced July 2024.
-
MetaLLM: A High-performant and Cost-efficient Dynamic Framework for Wrapping LLMs
Authors:
Quang H. Nguyen,
Duy C. Hoang,
Juliette Decugis,
Saurav Manchanda,
Nitesh V. Chawla,
Khoa D. Doan
Abstract:
The rapid progress in machine learning (ML) has brought forth many large language models (LLMs) that excel in various tasks and areas. These LLMs come with different abilities and costs in terms of computation or pricing. Since the demand for each query can vary, e.g., because of the queried domain or its complexity, defaulting to one LLM in an application is not usually the best choice, whether i…
▽ More
The rapid progress in machine learning (ML) has brought forth many large language models (LLMs) that excel in various tasks and areas. These LLMs come with different abilities and costs in terms of computation or pricing. Since the demand for each query can vary, e.g., because of the queried domain or its complexity, defaulting to one LLM in an application is not usually the best choice, whether it is the biggest, priciest, or even the one with the best average test performance. Consequently, picking the right LLM that is both accurate and cost-effective for an application remains a challenge. In this paper, we introduce MetaLLM, a framework that dynamically and intelligently routes each query to the optimal LLM (among several available LLMs) for classification tasks, achieving significantly improved accuracy and cost-effectiveness. By framing the selection problem as a multi-armed bandit, MetaLLM balances prediction accuracy and cost efficiency under uncertainty. Our experiments, conducted on popular LLM platforms such as OpenAI's GPT models, Amazon's Titan, Anthropic's Claude, and Meta's LLaMa, showcase MetaLLM's efficacy in real-world scenarios, laying the groundwork for future extensions beyond classification tasks.
△ Less
Submitted 24 July, 2024; v1 submitted 15 July, 2024;
originally announced July 2024.
-
Wicked Oddities: Selectively Poisoning for Effective Clean-Label Backdoor Attacks
Authors:
Quang H. Nguyen,
Nguyen Ngoc-Hieu,
The-Anh Ta,
Thanh Nguyen-Tang,
Kok-Seng Wong,
Hoang Thanh-Tung,
Khoa D. Doan
Abstract:
Deep neural networks are vulnerable to backdoor attacks, a type of adversarial attack that poisons the training data to manipulate the behavior of models trained on such data. Clean-label attacks are a more stealthy form of backdoor attacks that can perform the attack without changing the labels of poisoned data. Early works on clean-label attacks added triggers to a random subset of the training…
▽ More
Deep neural networks are vulnerable to backdoor attacks, a type of adversarial attack that poisons the training data to manipulate the behavior of models trained on such data. Clean-label attacks are a more stealthy form of backdoor attacks that can perform the attack without changing the labels of poisoned data. Early works on clean-label attacks added triggers to a random subset of the training set, ignoring the fact that samples contribute unequally to the attack's success. This results in high poisoning rates and low attack success rates. To alleviate the problem, several supervised learning-based sample selection strategies have been proposed. However, these methods assume access to the entire labeled training set and require training, which is expensive and may not always be practical. This work studies a new and more practical (but also more challenging) threat model where the attacker only provides data for the target class (e.g., in face recognition systems) and has no knowledge of the victim model or any other classes in the training set. We study different strategies for selectively poisoning a small set of training samples in the target class to boost the attack success rate in this setting. Our threat model poses a serious threat in training machine learning models with third-party datasets, since the attack can be performed effectively with limited information. Experiments on benchmark datasets illustrate the effectiveness of our strategies in improving clean-label backdoor attacks.
△ Less
Submitted 16 July, 2024; v1 submitted 15 July, 2024;
originally announced July 2024.
-
Non-Cooperative Backdoor Attacks in Federated Learning: A New Threat Landscape
Authors:
Tuan Nguyen,
Dung Thuy Nguyen,
Khoa D Doan,
Kok-Seng Wong
Abstract:
Despite the promise of Federated Learning (FL) for privacy-preserving model training on distributed data, it remains susceptible to backdoor attacks. These attacks manipulate models by embedding triggers (specific input patterns) in the training data, forcing misclassification as predefined classes during deployment. Traditional single-trigger attacks and recent work on cooperative multiple-trigge…
▽ More
Despite the promise of Federated Learning (FL) for privacy-preserving model training on distributed data, it remains susceptible to backdoor attacks. These attacks manipulate models by embedding triggers (specific input patterns) in the training data, forcing misclassification as predefined classes during deployment. Traditional single-trigger attacks and recent work on cooperative multiple-trigger attacks, where clients collaborate, highlight limitations in attack realism due to coordination requirements. We investigate a more alarming scenario: non-cooperative multiple-trigger attacks. Here, independent adversaries introduce distinct triggers targeting unique classes. These parallel attacks exploit FL's decentralized nature, making detection difficult. Our experiments demonstrate the alarming vulnerability of FL to such attacks, where individual backdoors can be successfully learned without impacting the main task. This research emphasizes the critical need for robust defenses against diverse backdoor attacks in the evolving FL landscape. While our focus is on empirical analysis, we believe it can guide backdoor research toward more realistic settings, highlighting the crucial role of FL in building robust defenses against diverse backdoor threats. The code is available at \url{https://anonymous.4open.science/r/nba-980F/}.
△ Less
Submitted 5 July, 2024;
originally announced July 2024.
-
Venomancer: Towards Imperceptible and Target-on-Demand Backdoor Attacks in Federated Learning
Authors:
Son Nguyen,
Thinh Nguyen,
Khoa D Doan,
Kok-Seng Wong
Abstract:
Federated Learning (FL) is a distributed machine learning approach that maintains data privacy by training on decentralized data sources. Similar to centralized machine learning, FL is also susceptible to backdoor attacks, where an attacker can compromise some clients by injecting a backdoor trigger into local models of those clients, leading to the global model's behavior being manipulated as des…
▽ More
Federated Learning (FL) is a distributed machine learning approach that maintains data privacy by training on decentralized data sources. Similar to centralized machine learning, FL is also susceptible to backdoor attacks, where an attacker can compromise some clients by injecting a backdoor trigger into local models of those clients, leading to the global model's behavior being manipulated as desired by the attacker. Most backdoor attacks in FL assume a predefined target class and require control over a large number of clients or knowledge of benign clients' information. Furthermore, they are not imperceptible and are easily detected by human inspection due to clear artifacts left on the poison data. To overcome these challenges, we propose Venomancer, an effective backdoor attack that is imperceptible and allows target-on-demand. Specifically, imperceptibility is achieved by using a visual loss function to make the poison data visually indistinguishable from the original data. Target-on-demand property allows the attacker to choose arbitrary target classes via conditional adversarial training. Additionally, experiments showed that the method is robust against state-of-the-art defenses such as Norm Clipping, Weak DP, Krum, Multi-Krum, RLR, FedRAD, Deepsight, and RFLBAT. The source code is available at https://github.com/nguyenhongson1902/Venomancer.
△ Less
Submitted 11 July, 2024; v1 submitted 3 July, 2024;
originally announced July 2024.
-
Forget but Recall: Incremental Latent Rectification in Continual Learning
Authors:
Nghia D. Nguyen,
Hieu Trung Nguyen,
Ang Li,
Hoang Pham,
Viet Anh Nguyen,
Khoa D. Doan
Abstract:
Intrinsic capability to continuously learn a changing data stream is a desideratum of deep neural networks (DNNs). However, current DNNs suffer from catastrophic forgetting, which hinders remembering past knowledge. To mitigate this issue, existing Continual Learning (CL) approaches either retain exemplars for replay, regularize learning, or allocate dedicated capacity for new tasks. This paper in…
▽ More
Intrinsic capability to continuously learn a changing data stream is a desideratum of deep neural networks (DNNs). However, current DNNs suffer from catastrophic forgetting, which hinders remembering past knowledge. To mitigate this issue, existing Continual Learning (CL) approaches either retain exemplars for replay, regularize learning, or allocate dedicated capacity for new tasks. This paper investigates an unexplored CL direction for incremental learning called Incremental Latent Rectification or ILR. In a nutshell, ILR learns to propagate with correction (or rectify) the representation from the current trained DNN backward to the representation space of the old task, where performing predictive decisions is easier. This rectification process only employs a chain of small representation mapping networks, called rectifier units. Empirical experiments on several continual learning benchmarks, including CIFAR10, CIFAR100, and Tiny ImageNet, demonstrate the effectiveness and potential of this novel CL direction compared to existing representative CL methods.
△ Less
Submitted 25 June, 2024;
originally announced June 2024.
-
Towards Zero-Shot Text-To-Speech for Arabic Dialects
Authors:
Khai Duy Doan,
Abdul Waheed,
Muhammad Abdul-Mageed
Abstract:
Zero-shot multi-speaker text-to-speech (ZS-TTS) systems have advanced for English, however, it still lags behind due to insufficient resources. We address this gap for Arabic, a language of more than 450 million native speakers, by first adapting a sizeable existing dataset to suit the needs of speech synthesis. Additionally, we employ a set of Arabic dialect identification models to explore the i…
▽ More
Zero-shot multi-speaker text-to-speech (ZS-TTS) systems have advanced for English, however, it still lags behind due to insufficient resources. We address this gap for Arabic, a language of more than 450 million native speakers, by first adapting a sizeable existing dataset to suit the needs of speech synthesis. Additionally, we employ a set of Arabic dialect identification models to explore the impact of pre-defined dialect labels on improving the ZS-TTS model in a multi-dialect setting. Subsequently, we fine-tune the XTTS\footnote{https://docs.coqui.ai/en/latest/models/xtts.html}\footnote{https://medium.com/machine-learns/xtts-v2-new-version-of-the-open-source-text-to-speech-model-af73914db81f}\footnote{https://medium.com/@erogol/xtts-v1-techincal-notes-eb83ff05bdc} model, an open-source architecture. We then evaluate our models on a dataset comprising 31 unseen speakers and an in-house dialectal dataset. Our automated and human evaluation results show convincing performance while capable of generating dialectal speech. Our study highlights significant potential for improvements in this emerging area of research in Arabic.
△ Less
Submitted 7 July, 2024; v1 submitted 24 June, 2024;
originally announced June 2024.
-
Composite Concept Extraction through Backdooring
Authors:
Banibrata Ghosh,
Haripriya Harikumar,
Khoa D Doan,
Svetha Venkatesh,
Santu Rana
Abstract:
Learning composite concepts, such as \textquotedbl red car\textquotedbl , from individual examples -- like a white car representing the concept of \textquotedbl car\textquotedbl{} and a red strawberry representing the concept of \textquotedbl red\textquotedbl -- is inherently challenging. This paper introduces a novel method called Composite Concept Extractor (CoCE), which leverages techniques fro…
▽ More
Learning composite concepts, such as \textquotedbl red car\textquotedbl , from individual examples -- like a white car representing the concept of \textquotedbl car\textquotedbl{} and a red strawberry representing the concept of \textquotedbl red\textquotedbl -- is inherently challenging. This paper introduces a novel method called Composite Concept Extractor (CoCE), which leverages techniques from traditional backdoor attacks to learn these composite concepts in a zero-shot setting, requiring only examples of individual concepts. By repurposing the trigger-based model backdooring mechanism, we create a strategic distortion in the manifold of the target object (e.g., \textquotedbl car\textquotedbl ) induced by example objects with the target property (e.g., \textquotedbl red\textquotedbl ) from objects \textquotedbl red strawberry\textquotedbl , ensuring the distortion selectively affects the target objects with the target property. Contrastive learning is then employed to further refine this distortion, and a method is formulated for detecting objects that are influenced by the distortion. Extensive experiments with in-depth analysis across different datasets demonstrate the utility and applicability of our proposed approach.
△ Less
Submitted 21 June, 2024; v1 submitted 19 June, 2024;
originally announced June 2024.
-
High Absorptivity Nanotextured Powders for Additive Manufacturing
Authors:
Ottman A. Tertuliano,
Philip J. DePond,
Andrew C. Lee,
Jiho Hong,
David Doan,
Luc Capaldi,
Mark Brongersma,
X. Wendy Gu,
Manyalibo J. Matthews,
Wei Cai,
Adrian J. Lew
Abstract:
The widespread application of metal additive manufacturing (AM) is limited by the ability to control the complex interactions between the energy source and the feedstock material. Here we develop a generalizable process to introduce nanoscale grooves to the surface of metal powders which increases the powder absorptivity by up to 70% during laser powder bed fusion. Absorptivity enhancements in cop…
▽ More
The widespread application of metal additive manufacturing (AM) is limited by the ability to control the complex interactions between the energy source and the feedstock material. Here we develop a generalizable process to introduce nanoscale grooves to the surface of metal powders which increases the powder absorptivity by up to 70% during laser powder bed fusion. Absorptivity enhancements in copper, copper-silver, and tungsten enables energy efficient manufacturing, with printing of pure copper at relative densities up to 92% using laser energy densities as low as 82 J/mm^3. Simulations show the enhanced powder absorptivity results from plasmon-enabled light concentration in nanoscale grooves combined with multiple scattering events. The approach taken here demonstrates a general method to enhance the absorptivity and printability of reflective and refractory metal powders by changing the surface morphology of the feedstock without altering its composition.
△ Less
Submitted 8 December, 2023;
originally announced December 2023.
-
Synthesizing Physical Backdoor Datasets: An Automated Framework Leveraging Deep Generative Models
Authors:
Sze Jue Yang,
Chinh D. La,
Quang H. Nguyen,
Kok-Seng Wong,
Anh Tuan Tran,
Chee Seng Chan,
Khoa D. Doan
Abstract:
Backdoor attacks, representing an emerging threat to the integrity of deep neural networks, have garnered significant attention due to their ability to compromise deep learning systems clandestinely. While numerous backdoor attacks occur within the digital realm, their practical implementation in real-world prediction systems remains limited and vulnerable to disturbances in the physical world. Co…
▽ More
Backdoor attacks, representing an emerging threat to the integrity of deep neural networks, have garnered significant attention due to their ability to compromise deep learning systems clandestinely. While numerous backdoor attacks occur within the digital realm, their practical implementation in real-world prediction systems remains limited and vulnerable to disturbances in the physical world. Consequently, this limitation has given rise to the development of physical backdoor attacks, where trigger objects manifest as physical entities within the real world. However, creating the requisite dataset to train or evaluate a physical backdoor model is a daunting task, limiting the backdoor researchers and practitioners from studying such physical attack scenarios. This paper unleashes a recipe that empowers backdoor researchers to effortlessly create a malicious, physical backdoor dataset based on advances in generative modeling. Particularly, this recipe involves 3 automatic modules: suggesting the suitable physical triggers, generating the poisoned candidate samples (either by synthesizing new samples or editing existing clean samples), and finally refining for the most plausible ones. As such, it effectively mitigates the perceived complexity associated with creating a physical backdoor dataset, transforming it from a daunting task into an attainable objective. Extensive experiment results show that datasets created by our "recipe" enable adversaries to achieve an impressive attack success rate on real physical world data and exhibit similar properties compared to previous physical backdoor attack studies. This paper offers researchers a valuable toolkit for studies of physical backdoors, all within the confines of their laboratories.
△ Less
Submitted 15 March, 2024; v1 submitted 6 December, 2023;
originally announced December 2023.
-
Fumbling in Babel: An Investigation into ChatGPT's Language Identification Ability
Authors:
Wei-Rui Chen,
Ife Adebara,
Khai Duy Doan,
Qisheng Liao,
Muhammad Abdul-Mageed
Abstract:
ChatGPT has recently emerged as a powerful NLP tool that can carry out a variety of tasks. However, the range of languages ChatGPT can handle remains largely a mystery. To uncover which languages ChatGPT `knows', we investigate its language identification (LID) abilities. For this purpose, we compile Babel-670, a benchmark comprising 670 languages representing 24 language families spoken in five c…
▽ More
ChatGPT has recently emerged as a powerful NLP tool that can carry out a variety of tasks. However, the range of languages ChatGPT can handle remains largely a mystery. To uncover which languages ChatGPT `knows', we investigate its language identification (LID) abilities. For this purpose, we compile Babel-670, a benchmark comprising 670 languages representing 24 language families spoken in five continents. Languages in Babel-670 run the gamut from the very high-resource to the very low-resource. We then study ChatGPT's (both GPT-3.5 and GPT-4) ability to (i) identify language names and language codes (ii) under zero- and few-shot conditions (iii) with and without provision of a label set. When compared to smaller finetuned LID tools, we find that ChatGPT lags behind. For example, it has poor performance on African languages. We conclude that current large language models would benefit from further development before they can sufficiently serve diverse communities.
△ Less
Submitted 8 April, 2024; v1 submitted 16 November, 2023;
originally announced November 2023.
-
The Skipped Beat: A Study of Sociopragmatic Understanding in LLMs for 64 Languages
Authors:
Chiyu Zhang,
Khai Duy Doan,
Qisheng Liao,
Muhammad Abdul-Mageed
Abstract:
Instruction tuned large language models (LLMs), such as ChatGPT, demonstrate remarkable performance in a wide range of tasks. Despite numerous recent studies that examine the performance of instruction-tuned LLMs on various NLP benchmarks, there remains a lack of comprehensive investigation into their ability to understand cross-lingual sociopragmatic meaning (SM), i.e., meaning embedded within so…
▽ More
Instruction tuned large language models (LLMs), such as ChatGPT, demonstrate remarkable performance in a wide range of tasks. Despite numerous recent studies that examine the performance of instruction-tuned LLMs on various NLP benchmarks, there remains a lack of comprehensive investigation into their ability to understand cross-lingual sociopragmatic meaning (SM), i.e., meaning embedded within social and interactive contexts. This deficiency arises partly from SM not being adequately represented in any of the existing benchmarks. To address this gap, we present SPARROW, an extensive multilingual benchmark specifically designed for SM understanding. SPARROW comprises 169 datasets covering 13 task types across six primary categories (e.g., anti-social language detection, emotion recognition). SPARROW datasets encompass 64 different languages originating from 12 language families representing 16 writing scripts. We evaluate the performance of various multilingual pretrained language models (e.g., mT5) and instruction-tuned LLMs (e.g., BLOOMZ, ChatGPT) on SPARROW through fine-tuning, zero-shot, and/or few-shot learning. Our comprehensive analysis reveals that existing open-source instruction tuned LLMs still struggle to understand SM across various languages, performing close to a random baseline in some cases. We also find that although ChatGPT outperforms many LLMs, it still falls behind task-specific finetuned models with a gap of 12.19 SPARROW score. Our benchmark is available at: https://github.com/UBC-NLP/SPARROW
△ Less
Submitted 23 October, 2023;
originally announced October 2023.
-
Fooling the Textual Fooler via Randomizing Latent Representations
Authors:
Duy C. Hoang,
Quang H. Nguyen,
Saurav Manchanda,
MinLong Peng,
Kok-Seng Wong,
Khoa D. Doan
Abstract:
Despite outstanding performance in a variety of NLP tasks, recent studies have revealed that NLP models are vulnerable to adversarial attacks that slightly perturb the input to cause the models to misbehave. Among these attacks, adversarial word-level perturbations are well-studied and effective attack strategies. Since these attacks work in black-box settings, they do not require access to the mo…
▽ More
Despite outstanding performance in a variety of NLP tasks, recent studies have revealed that NLP models are vulnerable to adversarial attacks that slightly perturb the input to cause the models to misbehave. Among these attacks, adversarial word-level perturbations are well-studied and effective attack strategies. Since these attacks work in black-box settings, they do not require access to the model architecture or model parameters and thus can be detrimental to existing NLP applications. To perform an attack, the adversary queries the victim model many times to determine the most important words in an input text and to replace these words with their corresponding synonyms. In this work, we propose a lightweight and attack-agnostic defense whose main goal is to perplex the process of generating an adversarial example in these query-based black-box attacks; that is to fool the textual fooler. This defense, named AdvFooler, works by randomizing the latent representation of the input at inference time. Different from existing defenses, AdvFooler does not necessitate additional computational overhead during training nor relies on assumptions about the potential adversarial perturbation set while having a negligible impact on the model's accuracy. Our theoretical and empirical analyses highlight the significance of robustness resulting from confusing the adversary via randomizing the latent space, as well as the impact of randomization on clean accuracy. Finally, we empirically demonstrate near state-of-the-art robustness of AdvFooler against representative adversarial word-level attacks on two benchmark datasets.
△ Less
Submitted 9 June, 2024; v1 submitted 2 October, 2023;
originally announced October 2023.
-
Understanding the Robustness of Randomized Feature Defense Against Query-Based Adversarial Attacks
Authors:
Quang H. Nguyen,
Yingjie Lao,
Tung Pham,
Kok-Seng Wong,
Khoa D. Doan
Abstract:
Recent works have shown that deep neural networks are vulnerable to adversarial examples that find samples close to the original image but can make the model misclassify. Even with access only to the model's output, an attacker can employ black-box attacks to generate such adversarial examples. In this work, we propose a simple and lightweight defense against black-box attacks by adding random noi…
▽ More
Recent works have shown that deep neural networks are vulnerable to adversarial examples that find samples close to the original image but can make the model misclassify. Even with access only to the model's output, an attacker can employ black-box attacks to generate such adversarial examples. In this work, we propose a simple and lightweight defense against black-box attacks by adding random noise to hidden features at intermediate layers of the model at inference time. Our theoretical analysis confirms that this method effectively enhances the model's resilience against both score-based and decision-based black-box attacks. Importantly, our defense does not necessitate adversarial training and has minimal impact on accuracy, rendering it applicable to any pre-trained model. Our analysis also reveals the significance of selectively adding noise to different parts of the model based on the gradient of the adversarial objective function, which can be varied during the attack. We demonstrate the robustness of our defense against multiple black-box attacks through extensive empirical experiments involving diverse models with various architectures.
△ Less
Submitted 30 September, 2023;
originally announced October 2023.
-
Everyone Can Attack: Repurpose Lossy Compression as a Natural Backdoor Attack
Authors:
Sze Jue Yang,
Quang Nguyen,
Chee Seng Chan,
Khoa D. Doan
Abstract:
The vulnerabilities to backdoor attacks have recently threatened the trustworthiness of machine learning models in practical applications. Conventional wisdom suggests that not everyone can be an attacker since the process of designing the trigger generation algorithm often involves significant effort and extensive experimentation to ensure the attack's stealthiness and effectiveness. Alternativel…
▽ More
The vulnerabilities to backdoor attacks have recently threatened the trustworthiness of machine learning models in practical applications. Conventional wisdom suggests that not everyone can be an attacker since the process of designing the trigger generation algorithm often involves significant effort and extensive experimentation to ensure the attack's stealthiness and effectiveness. Alternatively, this paper shows that there exists a more severe backdoor threat: anyone can exploit an easily-accessible algorithm for silent backdoor attacks. Specifically, this attacker can employ the widely-used lossy image compression from a plethora of compression tools to effortlessly inject a trigger pattern into an image without leaving any noticeable trace; i.e., the generated triggers are natural artifacts. One does not require extensive knowledge to click on the "convert" or "save as" button while using tools for lossy image compression. Via this attack, the adversary does not need to design a trigger generator as seen in prior works and only requires poisoning the data. Empirically, the proposed attack consistently achieves 100% attack success rate in several benchmark datasets such as MNIST, CIFAR-10, GTSRB and CelebA. More significantly, the proposed attack can still achieve almost 100% attack success rate with very small (approximately 10%) poisoning rates in the clean label setting. The generated trigger of the proposed attack using one lossy compression algorithm is also transferable across other related compression algorithms, exacerbating the severity of this backdoor threat. This work takes another crucial step toward understanding the extensive risks of backdoor attacks in practice, urging practitioners to investigate similar attacks and relevant backdoor mitigation methods.
△ Less
Submitted 3 September, 2023; v1 submitted 31 August, 2023;
originally announced August 2023.
-
Direct observation of phase transitions in Archimedean trunctated tetrahedrons under quasi-2D confinement
Authors:
David Doan,
John Kulikowski,
X. Wendy Gu
Abstract:
Colloidal crystals are used to understand fundamentals of atomic rearrangements in condensed matter and build complex metamaterials with unique functionalities. Simulations predict a multitude of self-assembled crystal structures from anisotropic colloids, but these shapes have been challenging to fabricate. Here, we use two-photon lithography to fabricate Archimedean truncated tetrahedrons and se…
▽ More
Colloidal crystals are used to understand fundamentals of atomic rearrangements in condensed matter and build complex metamaterials with unique functionalities. Simulations predict a multitude of self-assembled crystal structures from anisotropic colloids, but these shapes have been challenging to fabricate. Here, we use two-photon lithography to fabricate Archimedean truncated tetrahedrons and self-assemble them under quasi-2D confinement. Under a small gravitational potential, these particles self-assemble into a hexatic phase, which has not yet been observed or reported for this shape. Under additional gravitational potential, the hexatic phase transitions into a quasi-diamond two-unit basis. In-situ imaging reveal this phase transition is initiated by an out-of-plane rotation of a particle at a crystalline defect and causes a chain reaction of neighboring particle rotations. Our results provide a framework of studying different structures from hard-particle self-assembly and demonstrates the ability to use confinement to induce unusual phases.
△ Less
Submitted 5 August, 2023;
originally announced August 2023.
-
A Cosine Similarity-based Method for Out-of-Distribution Detection
Authors:
Nguyen Ngoc-Hieu,
Nguyen Hung-Quang,
The-Anh Ta,
Thanh Nguyen-Tang,
Khoa D Doan,
Hoang Thanh-Tung
Abstract:
The ability to detect OOD data is a crucial aspect of practical machine learning applications. In this work, we show that cosine similarity between the test feature and the typical ID feature is a good indicator of OOD data. We propose Class Typical Matching (CTM), a post hoc OOD detection algorithm that uses a cosine similarity scoring function. Extensive experiments on multiple benchmarks show t…
▽ More
The ability to detect OOD data is a crucial aspect of practical machine learning applications. In this work, we show that cosine similarity between the test feature and the typical ID feature is a good indicator of OOD data. We propose Class Typical Matching (CTM), a post hoc OOD detection algorithm that uses a cosine similarity scoring function. Extensive experiments on multiple benchmarks show that CTM outperforms existing post hoc OOD detection methods.
△ Less
Submitted 23 June, 2023;
originally announced June 2023.
-
Marksman Backdoor: Backdoor Attacks with Arbitrary Target Class
Authors:
Khoa D. Doan,
Yingjie Lao,
Ping Li
Abstract:
In recent years, machine learning models have been shown to be vulnerable to backdoor attacks. Under such attacks, an adversary embeds a stealthy backdoor into the trained model such that the compromised models will behave normally on clean inputs but will misclassify according to the adversary's control on maliciously constructed input with a trigger. While these existing attacks are very effecti…
▽ More
In recent years, machine learning models have been shown to be vulnerable to backdoor attacks. Under such attacks, an adversary embeds a stealthy backdoor into the trained model such that the compromised models will behave normally on clean inputs but will misclassify according to the adversary's control on maliciously constructed input with a trigger. While these existing attacks are very effective, the adversary's capability is limited: given an input, these attacks can only cause the model to misclassify toward a single pre-defined or target class. In contrast, this paper exploits a novel backdoor attack with a much more powerful payload, denoted as Marksman, where the adversary can arbitrarily choose which target class the model will misclassify given any input during inference. To achieve this goal, we propose to represent the trigger function as a class-conditional generative model and to inject the backdoor in a constrained optimization framework, where the trigger function learns to generate an optimal trigger pattern to attack any target class at will while simultaneously embedding this generative backdoor into the trained model. Given the learned trigger-generation function, during inference, the adversary can specify an arbitrary backdoor attack target class, and an appropriate trigger causing the model to classify toward this target class is created accordingly. We show empirically that the proposed framework achieves high attack performance while preserving the clean-data performance in several benchmark datasets, including MNIST, CIFAR10, GTSRB, and TinyImageNet. The proposed Marksman backdoor attack can also easily bypass existing backdoor defenses that were originally designed against backdoor attacks with a single target class. Our work takes another significant step toward understanding the extensive risks of backdoor attacks in practice.
△ Less
Submitted 17 October, 2022;
originally announced October 2022.
-
CoopHash: Cooperative Learning of Multipurpose Descriptor and Contrastive Pair Generator via Variational MCMC Teaching for Supervised Image Hashing
Authors:
Khoa D. Doan,
Jianwen Xie,
Yaxuan Zhu,
Yang Zhao,
Ping Li
Abstract:
Leveraging supervised information can lead to superior retrieval performance in the image hashing domain but the performance degrades significantly without enough labeled data. One effective solution to boost performance is to employ generative models, such as Generative Adversarial Networks (GANs), to generate synthetic data in an image hashing model. However, GAN-based methods are difficult to t…
▽ More
Leveraging supervised information can lead to superior retrieval performance in the image hashing domain but the performance degrades significantly without enough labeled data. One effective solution to boost performance is to employ generative models, such as Generative Adversarial Networks (GANs), to generate synthetic data in an image hashing model. However, GAN-based methods are difficult to train, which prevents the hashing approaches from jointly training the generative models and the hash functions. This limitation results in sub-optimal retrieval performance. To overcome this limitation, we propose a novel framework, the generative cooperative hashing network, which is based on energy-based cooperative learning. This framework jointly learns a powerful generative representation of the data and a robust hash function via two components: a top-down contrastive pair generator that synthesizes contrastive images and a bottom-up multipurpose descriptor that simultaneously represents the images from multiple perspectives, including probability density, hash code, latent code, and category. The two components are jointly learned via a novel likelihood-based cooperative learning scheme. We conduct experiments on several real-world datasets and show that the proposed method outperforms the competing hashing supervised methods, achieving up to 10\% relative improvement over the current state-of-the-art supervised hashing methods, and exhibits a significantly better performance in out-of-distribution retrieval.
△ Less
Submitted 12 June, 2024; v1 submitted 9 October, 2022;
originally announced October 2022.
-
Defending Backdoor Attacks on Vision Transformer via Patch Processing
Authors:
Khoa D. Doan,
Yingjie Lao,
Peng Yang,
Ping Li
Abstract:
Vision Transformers (ViTs) have a radically different architecture with significantly less inductive bias than Convolutional Neural Networks. Along with the improvement in performance, security and robustness of ViTs are also of great importance to study. In contrast to many recent works that exploit the robustness of ViTs against adversarial examples, this paper investigates a representative caus…
▽ More
Vision Transformers (ViTs) have a radically different architecture with significantly less inductive bias than Convolutional Neural Networks. Along with the improvement in performance, security and robustness of ViTs are also of great importance to study. In contrast to many recent works that exploit the robustness of ViTs against adversarial examples, this paper investigates a representative causative attack, i.e., backdoor. We first examine the vulnerability of ViTs against various backdoor attacks and find that ViTs are also quite vulnerable to existing attacks. However, we observe that the clean-data accuracy and backdoor attack success rate of ViTs respond distinctively to patch transformations before the positional encoding. Then, based on this finding, we propose an effective method for ViTs to defend both patch-based and blending-based trigger backdoor attacks via patch processing. The performances are evaluated on several benchmark datasets, including CIFAR10, GTSRB, and TinyImageNet, which show the proposed novel defense is very successful in mitigating backdoor attacks for ViTs. To the best of our knowledge, this paper presents the first defensive strategy that utilizes a unique characteristic of ViTs against backdoor attacks.
The paper will appear in the Proceedings of the AAAI'23 Conference. This work was initially submitted in November 2021 to CVPR'22, then it was re-submitted to ECCV'22. The paper was made public in June 2022. The authors sincerely thank all the referees from the Program Committees of CVPR'22, ECCV'22, and AAAI'23.
△ Less
Submitted 16 January, 2023; v1 submitted 24 June, 2022;
originally announced June 2022.
-
One Loss for Quantization: Deep Hashing with Discrete Wasserstein Distributional Matching
Authors:
Khoa D. Doan,
Peng Yang,
Ping Li
Abstract:
Image hashing is a principled approximate nearest neighbor approach to find similar items to a query in a large collection of images. Hashing aims to learn a binary-output function that maps an image to a binary vector. For optimal retrieval performance, producing balanced hash codes with low-quantization error to bridge the gap between the learning stage's continuous relaxation and the inference…
▽ More
Image hashing is a principled approximate nearest neighbor approach to find similar items to a query in a large collection of images. Hashing aims to learn a binary-output function that maps an image to a binary vector. For optimal retrieval performance, producing balanced hash codes with low-quantization error to bridge the gap between the learning stage's continuous relaxation and the inference stage's discrete quantization is important. However, in the existing deep supervised hashing methods, coding balance and low-quantization error are difficult to achieve and involve several losses. We argue that this is because the existing quantization approaches in these methods are heuristically constructed and not effective to achieve these objectives. This paper considers an alternative approach to learning the quantization constraints. The task of learning balanced codes with low quantization error is re-formulated as matching the learned distribution of the continuous codes to a pre-defined discrete, uniform distribution. This is equivalent to minimizing the distance between two distributions. We then propose a computationally efficient distributional distance by leveraging the discrete property of the hash functions. This distributional distance is a valid distance and enjoys lower time and sample complexities. The proposed single-loss quantization objective can be integrated into any existing supervised hashing method to improve code balance and quantization error. Experiments confirm that the proposed approach substantially improves the performance of several representative hashing~methods.
△ Less
Submitted 31 May, 2022;
originally announced May 2022.
-
Under-confidence Backdoors Are Resilient and Stealthy Backdoors
Authors:
Minlong Peng,
Zidi Xiong,
Quang H. Nguyen,
Mingming Sun,
Khoa D. Doan,
Ping Li
Abstract:
By injecting a small number of poisoned samples into the training set, backdoor attacks aim to make the victim model produce designed outputs on any input injected with pre-designed backdoors. In order to achieve a high attack success rate using as few poisoned training samples as possible, most existing attack methods change the labels of the poisoned samples to the target class. This practice of…
▽ More
By injecting a small number of poisoned samples into the training set, backdoor attacks aim to make the victim model produce designed outputs on any input injected with pre-designed backdoors. In order to achieve a high attack success rate using as few poisoned training samples as possible, most existing attack methods change the labels of the poisoned samples to the target class. This practice often results in severe over-fitting of the victim model over the backdoors, making the attack quite effective in output control but easier to be identified by human inspection or automatic defense algorithms.
In this work, we proposed a label-smoothing strategy to overcome the over-fitting problem of these attack methods, obtaining a \textit{Label-Smoothed Backdoor Attack} (LSBA). In the LSBA, the label of the poisoned sample $\bm{x}$ will be changed to the target class with a probability of $p_n(\bm{x})$ instead of 100\%, and the value of $p_n(\bm{x})$ is specifically designed to make the prediction probability the target class be only slightly greater than those of the other classes. Empirical studies on several existing backdoor attacks show that our strategy can considerably improve the stealthiness of these attacks and, at the same time, achieve a high attack success rate. In addition, our strategy makes it able to manually control the prediction probability of the design output through manipulating the applied and activated number of LSBAs\footnote{Source code will be published at \url{https://github.com/v-mipeng/LabelSmoothedAttack.git}}.
△ Less
Submitted 22 July, 2024; v1 submitted 18 February, 2022;
originally announced February 2022.
-
Forbidden induced subgraphs for perfectness of claw-free graphs of independence number at least 4
Authors:
Christoph Brause,
Trung Duy Doan,
Přemysl Holub,
Adam Kabela,
Zdeněk Ryjáček,
Ingo Schiermeyer,
Petr Vrána
Abstract:
For every graph $X$, we consider the class of all connected $\{K_{1,3}, X\}$-free graphs which are distinct from an odd cycle and have independence number at least $4$, and we show that all graphs in the class are perfect if and only if $X$ is an induced subgraph of some of $P_6$, $K_1 \cup P_5$, $2P_3$, $Z_2$ or $K_1 \cup Z_1$. Furthermore, for $X$ chosen as $2K_1 \cup K_3$, we list all eight imp…
▽ More
For every graph $X$, we consider the class of all connected $\{K_{1,3}, X\}$-free graphs which are distinct from an odd cycle and have independence number at least $4$, and we show that all graphs in the class are perfect if and only if $X$ is an induced subgraph of some of $P_6$, $K_1 \cup P_5$, $2P_3$, $Z_2$ or $K_1 \cup Z_1$. Furthermore, for $X$ chosen as $2K_1 \cup K_3$, we list all eight imperfect graphs belonging to the class; and for every other choice of $X$, we show that there are infinitely many such graphs. In addition, for $X$ chosen as $B_{1,2}$, we describe the structure of all imperfect graphs in the class.
△ Less
Submitted 1 September, 2021; v1 submitted 17 February, 2021;
originally announced February 2021.
-
Stress Induced Structural Transformations in Au Nanocrystals
Authors:
Abhinav Parakh,
Sangryun Lee,
Mehrdad T. Kiani,
David Doan,
Martin Kunz,
Andrew Doran,
Seunghwa Ryu,
X. Wendy Gu
Abstract:
Nanocrystals can exist in multiply twinned structures like the icosahedron, or single crystalline structures like the cuboctahedron or Wulff-polyhedron. Structural transformation between these polymorphic structures can proceed through diffusion or displacive motion. Experimental studies on nanocrystal structural transformations have focused on high temperature diffusion mediated processes. Thus,…
▽ More
Nanocrystals can exist in multiply twinned structures like the icosahedron, or single crystalline structures like the cuboctahedron or Wulff-polyhedron. Structural transformation between these polymorphic structures can proceed through diffusion or displacive motion. Experimental studies on nanocrystal structural transformations have focused on high temperature diffusion mediated processes. Thus, there is limited experimental evidence of displacive motion mediated structural transformations. Here, we report the high-pressure structural transformation of 6 nm Au nanocrystals under nonhydrostatic pressure in a diamond anvil cell that is driven by displacive motion. In-situ X-ray diffraction and transmission electron microscopy were used to detect the transformation of multiply twinned nanocrystals into single crystalline nanocrystals. High-pressure single crystalline nanocrystals were recovered after unloading, however, the nanocrystals quickly reverted back to multiply twinned state after redispersion in toluene solvent. The dynamics of recovery was captured using transmission electron microscopy which showed that the recovery was governed by surface recrystallization and rapid twin boundary motion. We show that this transformation is energetically favorable by calculating the pressure-induced change in strain energy. Molecular dynamics simulations showed that defects nucleated from a region of high stress region in the interior of the nanocrystal, which make twin boundaries unstable. Deviatoric stress driven Mackay transformation and dislocation/disclination mediated detwinning are hypothesized as possible mechanisms of high-pressure structural transformation.
△ Less
Submitted 28 August, 2020;
originally announced August 2020.
-
Image Generation Via Minimizing Fréchet Distance in Discriminator Feature Space
Authors:
Khoa D. Doan,
Saurav Manchanda,
Fengjiao Wang,
Sathiya Keerthi,
Avradeep Bhowmik,
Chandan K. Reddy
Abstract:
For a given image generation problem, the intrinsic image manifold is often low dimensional. We use the intuition that it is much better to train the GAN generator by minimizing the distributional distance between real and generated images in a small dimensional feature space representing such a manifold than on the original pixel-space. We use the feature space of the GAN discriminator for such a…
▽ More
For a given image generation problem, the intrinsic image manifold is often low dimensional. We use the intuition that it is much better to train the GAN generator by minimizing the distributional distance between real and generated images in a small dimensional feature space representing such a manifold than on the original pixel-space. We use the feature space of the GAN discriminator for such a representation. For distributional distance, we employ one of two choices: the Fréchet distance or direct optimal transport (OT); these respectively lead us to two new GAN methods: Fréchet-GAN and OT-GAN. The idea of employing Fréchet distance comes from the success of Fréchet Inception Distance as a solid evaluation metric in image generation. Fréchet-GAN is attractive in several ways. We propose an efficient, numerically stable approach to calculate the Fréchet distance and its gradient. The Fréchet distance estimation requires a significantly less computation time than OT; this allows Fréchet-GAN to use much larger mini-batch size in training than OT. More importantly, we conduct experiments on a number of benchmark datasets and show that Fréchet-GAN (in particular) and OT-GAN have significantly better image generation capabilities than the existing representative primal and dual GAN approaches based on the Wasserstein distance.
△ Less
Submitted 30 March, 2020; v1 submitted 26 March, 2020;
originally announced March 2020.
-
Image Hashing by Minimizing Discrete Component-wise Wasserstein Distance
Authors:
Khoa D. Doan,
Saurav Manchanda,
Sarkhan Badirli,
Chandan K. Reddy
Abstract:
Image hashing is one of the fundamental problems that demand both efficient and effective solutions for various practical scenarios. Adversarial autoencoders are shown to be able to implicitly learn a robust, locality-preserving hash function that generates balanced and high-quality hash codes. However, the existing adversarial hashing methods are inefficient to be employed for large-scale image r…
▽ More
Image hashing is one of the fundamental problems that demand both efficient and effective solutions for various practical scenarios. Adversarial autoencoders are shown to be able to implicitly learn a robust, locality-preserving hash function that generates balanced and high-quality hash codes. However, the existing adversarial hashing methods are inefficient to be employed for large-scale image retrieval applications. Specifically, they require an exponential number of samples to be able to generate optimal hash codes and a significantly high computational cost to train. In this paper, we show that the high sample-complexity requirement often results in sub-optimal retrieval performance of the adversarial hashing methods. To address this challenge, we propose a new adversarial-autoencoder hashing approach that has a much lower sample requirement and computational cost. Specifically, by exploiting the desired properties of the hash function in the low-dimensional, discrete space, our method efficiently estimates a better variant of Wasserstein distance by averaging a set of easy-to-compute one-dimensional Wasserstein distances. The resulting hashing approach has an order-of-magnitude better sample complexity, thus better generalization property, compared to the other adversarial hashing methods. In addition, the computational cost is significantly reduced using our approach. We conduct experiments on several real-world datasets and show that the proposed method outperforms the competing hashing methods, achieving up to 10% improvement over the current state-of-the-art image hashing methods. The code accompanying this paper is available on Github (https://github.com/khoadoan/adversarial-hashing).
△ Less
Submitted 25 May, 2020; v1 submitted 28 February, 2020;
originally announced March 2020.
-
Black-box sampling for weakly smooth Langevin Monte Carlo using p-generalized Gaussian smoothing
Authors:
Anh Duc Doan,
Xin Dang,
Dao Nguyen
Abstract:
Discretization of continuous-time diffusion processes is a widely recognized method for sampling. However, the canonical Euler-Maruyama discretization of the Langevin diffusion process, also named as Langevin Monte Carlo (LMC), studied mostly in the context of smooth (gradient-Lipschitz) and strongly log-concave densities, a significant constraint for its deployment in many sciences, including com…
▽ More
Discretization of continuous-time diffusion processes is a widely recognized method for sampling. However, the canonical Euler-Maruyama discretization of the Langevin diffusion process, also named as Langevin Monte Carlo (LMC), studied mostly in the context of smooth (gradient-Lipschitz) and strongly log-concave densities, a significant constraint for its deployment in many sciences, including computational statistics and statistical learning. In this paper, we establish several theoretical contributions to the literature on such sampling methods. Particularly, we generalize the Gaussian smoothing, approximate the gradient using p-generalized Gaussian smoothing and take advantage of it in the context of black-box sampling. We first present a non-strongly concave and weakly smooth black-box LMC algorithm, ideal for practical applicability of sampling challenges in a general setting.
△ Less
Submitted 5 October, 2020; v1 submitted 23 February, 2020;
originally announced February 2020.
-
Proper rainbow connection number of graphs
Authors:
Trung Duy Doan,
Ingo Schiermeyer
Abstract:
A path in an edge-coloured graph is called \emph{rainbow path} if its edges receive pairwise distinct colours. An edge-coloured graph is said to be \emph{rainbow connected} if any two distinct vertices of the graph are connected by a rainbow path. The minimum $k$ for which there exists such an edge-colouring is the rainbow connection number $rc(G)$ of $G.$ Recently, Bau et al. \cite{BJJKM2018} int…
▽ More
A path in an edge-coloured graph is called \emph{rainbow path} if its edges receive pairwise distinct colours. An edge-coloured graph is said to be \emph{rainbow connected} if any two distinct vertices of the graph are connected by a rainbow path. The minimum $k$ for which there exists such an edge-colouring is the rainbow connection number $rc(G)$ of $G.$ Recently, Bau et al. \cite{BJJKM2018} introduced this concept with the additional requirement that the edge-colouring must be proper. %An proper edge-coloured graph is said to be \emph{properly rainbow connected} if any two distinct vertices of the graph are connected by a rainbow path. The \emph{proper rainbow connection number} of $G$, denoted by $prc(G)$, is the minimum number of colours needed in order to make it properly rainbow connected.
In this paper we first prove an improved upper bound $prc(G) \leq n$ for every connected graph $G$ of order $n \geq 3.$ Next we show that the difference $prc(G) - rc(G)$ can be arbitrarily large. Finally, we present several sufficient conditions for graph classes satisfying $prc(G) = χ'(G).$
△ Less
Submitted 4 November, 2019;
originally announced November 2019.
-
Nucleation of Dislocations in 3.9 nm Nanocrystals at High Pressure
Authors:
Abhinav Parakh,
Sangryun Lee,
K. Anika Harkins,
Mehrdad T. Kiani,
David Doan,
Martin Kunz,
Andrew Doran,
Lindsey A. Hanson,
Seunghwa Ryu,
X. Wendy Gu
Abstract:
As circuitry approaches single nanometer length scales, it is important to predict the stability of metals at these scales. The behavior of metals at larger scales can be predicted based on the behavior of dislocations, but it is unclear if dislocations can form and be sustained at single nanometer dimensions. Here, we report the formation of dislocations within individual 3.9 nm Au nanocrystals u…
▽ More
As circuitry approaches single nanometer length scales, it is important to predict the stability of metals at these scales. The behavior of metals at larger scales can be predicted based on the behavior of dislocations, but it is unclear if dislocations can form and be sustained at single nanometer dimensions. Here, we report the formation of dislocations within individual 3.9 nm Au nanocrystals under nonhydrostatic pressure in a diamond anvil cell. We used a combination of x-ray diffraction, optical absorbance spectroscopy, and molecular dynamics simulation to characterize the defects that are formed, which were found to be surface-nucleated partial dislocations. These results indicate that dislocations are still active at single nanometer length scales and can lead to permanent plasticity.
△ Less
Submitted 20 September, 2019;
originally announced September 2019.
-
Development and Experimental Evaluation of Grey-Box Models for Application in Model Predictive Control of a Microscale Polygeneration System
Authors:
Parantapa Sawant,
Adrian Bürger,
Minh Dang Doan,
Clemens Felsmann,
Jens Pfafferott
Abstract:
With the need for optimisation based supervisory controllers for complex energy systems, comes the need for reduced order system models representing not only the non-linear characteristics of the components, but also certain unknown process dynamics like their internal control logic. We present in this paper an extensive literature study of existing methods and a rational modelling procedure based…
▽ More
With the need for optimisation based supervisory controllers for complex energy systems, comes the need for reduced order system models representing not only the non-linear characteristics of the components, but also certain unknown process dynamics like their internal control logic. We present in this paper an extensive literature study of existing methods and a rational modelling procedure based on the grey-box methodology that satisfies the necessary characteristics for models to be applied in an economic-MPC of a real-world polygeneration system at the Offenburg University of Applied Sciences. The engineering application of the models and their fitting coefficients are shared in this paper. Finally, the models are evaluated against experimental data and the efficacy of the methodology is discussed based on quantitative and qualitative arguments.
△ Less
Submitted 10 May, 2019;
originally announced May 2019.
-
Simulation-based inference methods for partially observed Markov model via the R package is2
Authors:
Duc Anh Doan,
Dao Nguyen,
Xin Dang
Abstract:
Partially observed Markov process (POMP) models are powerful tools for time series modeling and analysis. Inherited the flexible framework of R package pomp, the is2 package extends some useful Monte Carlo statistical methodologies to improve on convergence rates. A variety of efficient statistical methods for POMP models have been developed including fixed lag smoothing, second-order iterated smo…
▽ More
Partially observed Markov process (POMP) models are powerful tools for time series modeling and analysis. Inherited the flexible framework of R package pomp, the is2 package extends some useful Monte Carlo statistical methodologies to improve on convergence rates. A variety of efficient statistical methods for POMP models have been developed including fixed lag smoothing, second-order iterated smoothing, momentum iterated filtering, average iterated filtering, accelerate iterated filtering and particle iterated filtering. In this paper, we show the utility of these methodologies based on two toy problems. We also demonstrate the potential of some methods in a more complex model, employing a nonlinear epidemiological model with a discrete population, seasonality, and extra-demographic stochasticity. We discuss the extension beyond POMP models and the development of additional methods within the framework provided by is2.
△ Less
Submitted 7 November, 2018;
originally announced November 2018.
-
Graphs with conflict-free connection number two
Authors:
Hong Chang,
Trung Duy Doan,
Zhong Huang,
Stanislav Jendrol',
Xueliang Li,
Ingo Schiermeyer
Abstract:
An edge-colored graph $G$ is \emph{conflict-free connected} if any two of its vertices are connected by a path, which contains a color used on exactly one of its edges. The \emph{conflict-free connection number} of a connected graph $G$, denoted by $cfc(G)$, is the smallest number of colors needed in order to make $G$ conflict-free connected. For a graph $G,$ let $C(G)$ be the subgraph of $G$ indu…
▽ More
An edge-colored graph $G$ is \emph{conflict-free connected} if any two of its vertices are connected by a path, which contains a color used on exactly one of its edges. The \emph{conflict-free connection number} of a connected graph $G$, denoted by $cfc(G)$, is the smallest number of colors needed in order to make $G$ conflict-free connected. For a graph $G,$ let $C(G)$ be the subgraph of $G$ induced by its set of cut-edges. In this paper, we first show that, if $G$ is a connected non-complete graph $G$ of order $n\geq 9$ with $C(G)$ being a linear forest and with the minimum degree %$δ(G)\geq 2$, then $cfc(G)=2$ for $4 \leq n\leq 8 $; if $δ(G)\geq \max\{3, \frac{n-4}{5}\}$, then $cfc(G)=2$. The bound on the minimum degree is best possible. Next, we prove that, if $G$ is a connected non-complete graph of order $n\geq 33$ with $C(G)$ being a linear forest and with $d(x)+d(y)\geq \frac{2n-9}{5}$ for each pair of two nonadjacent vertices $x, y$ of $V(G)$, then $cfc(G)=2$. Both bounds, on the order $n$ and the degree sum, are tight. Moreover, we prove several results concerning relations between degree conditions on $G$ and the number of cut edges in $G$.
△ Less
Submitted 8 May, 2018; v1 submitted 6 July, 2017;
originally announced July 2017.
-
Evolution of seismic velocities in heavy oil sand reservoirs during thermal recovery process
Authors:
Jean-François Nauroy,
Dinh Hong Doan,
N. Guy,
Axelle Baroni,
Pierre Delage,
Marc Mainguy
Abstract:
In thermally enhanced recovery processes like cyclic steam stimulation (CSS) or steam assisted gravity drainage (SAGD), continuous steam injection entails changes in pore fluid, pore pressure and temperature in the rock reservoir, that are most often unconsolidated or weakly consolidated sandstones. This in turn increases or decreases the effective stresses and changes the elastic properties of th…
▽ More
In thermally enhanced recovery processes like cyclic steam stimulation (CSS) or steam assisted gravity drainage (SAGD), continuous steam injection entails changes in pore fluid, pore pressure and temperature in the rock reservoir, that are most often unconsolidated or weakly consolidated sandstones. This in turn increases or decreases the effective stresses and changes the elastic properties of the rocks. Thermally enhanced recovery processes give rise to complex couplings. Numerical simulations have been carried out on a case study so as to provide an estimation of the evolution of pressure, temperature, pore fluid saturation, stress and strain in any zone located around the injector and producer wells. The approach of Ciz and Shapiro (2007) - an extension of the poroelastic theory of Biot-Gassmann applied to rock filled elastic material - has been used to model the velocity dispersion in the oil sand mass under different conditions of temperature and stress. A good agreement has been found between these predictions and some laboratory velocity measurements carried out on samples of Canadian oil sand. Results appear to be useful to better interpret 4D seismic data in order to locate the steam chamber.
△ Less
Submitted 21 March, 2013;
originally announced March 2013.
-
A distributed accelerated gradient algorithm for distributed model predictive control of a hydro power valley
Authors:
Minh Dang Doan,
Pontus Giselsson,
Tamás Keviczky,
Bart De Schutter,
Anders Rantzer
Abstract:
A distributed model predictive control (DMPC) approach based on distributed optimization is applied to the power reference tracking problem of a hydro power valley (HPV) system. The applied optimization algorithm is based on accelerated gradient methods and achieves a convergence rate of O(1/k^2), where k is the iteration number. Major challenges in the control of the HPV include a nonlinear and l…
▽ More
A distributed model predictive control (DMPC) approach based on distributed optimization is applied to the power reference tracking problem of a hydro power valley (HPV) system. The applied optimization algorithm is based on accelerated gradient methods and achieves a convergence rate of O(1/k^2), where k is the iteration number. Major challenges in the control of the HPV include a nonlinear and large-scale model, nonsmoothness in the power-production functions, and a globally coupled cost function that prevents distributed schemes to be applied directly. We propose a linearization and approximation approach that accommodates the proposed the DMPC framework and provides very similar performance compared to a centralized solution in simulations. The provided numerical studies also suggest that for the sparsely interconnected system at hand, the distributed algorithm we propose is faster than a centralized state-of-the-art solver such as CPLEX.
△ Less
Submitted 8 February, 2013;
originally announced February 2013.
-
A distributed optimization-based approach for hierarchical model predictive control of large-scale systems with coupled dynamics and constraints
Authors:
Minh Dang Doan,
Tamás Keviczky,
Bart De Schutter
Abstract:
We present a hierarchical model predictive control approach for large-scale systems based on dual decomposition. The proposed scheme allows coupling in both dynamics and constraints between the subsystems and generates a primal feasible solution within a finite number of iterations, using primal averaging and a constraint tightening approach. The primal update is performed in a distributed way and…
▽ More
We present a hierarchical model predictive control approach for large-scale systems based on dual decomposition. The proposed scheme allows coupling in both dynamics and constraints between the subsystems and generates a primal feasible solution within a finite number of iterations, using primal averaging and a constraint tightening approach. The primal update is performed in a distributed way and does not require exact solutions, while the dual problem uses an approximate subgradient method. Stability of the scheme is established using bounded suboptimality.
△ Less
Submitted 7 September, 2011; v1 submitted 6 September, 2011;
originally announced September 2011.
-
A Jacobi algorithm for distributed model predictive control of dynamically coupled systems
Authors:
Dang Doan,
Tamas Keviczky,
Ion Necoara,
Moritz Diehl
Abstract:
In this paper we introduce an iterative Jacobi algorithm for solving distributed model predictive control (DMPC) problems, with linear coupled dynamics and convex coupled constraints. The algorithm guarantees stability and persistent feasibility, and we provide a localized procedure for constructing an initial feasible solution by constraint tightening. Moreover, we show that the solution of the…
▽ More
In this paper we introduce an iterative Jacobi algorithm for solving distributed model predictive control (DMPC) problems, with linear coupled dynamics and convex coupled constraints. The algorithm guarantees stability and persistent feasibility, and we provide a localized procedure for constructing an initial feasible solution by constraint tightening. Moreover, we show that the solution of the iterative process converges to the centralized MPC solution. The proposed iterative approach involves solving local optimization problems consisting of only few subsystems, depending on the choice of the designer and the sparsity of dynamical and constraint couplings. The gain in the overall computational load compared to the centralized problem is balanced by the increased communication requirements. This makes our approach more applicable to situations where the number of subsystems is large, the coupling is sparse, and local communication is relatively fast and cheap. A numerical example illustrates the effects of the local problem size, and the number of iterations on convergence to the centralized solution.
△ Less
Submitted 22 September, 2008;
originally announced September 2008.
-
Parallel Pricing Algorithms for Multi--Dimensional Bermudan/American Options using Monte Carlo methods
Authors:
Mireille Bossy,
Françoise Baude,
Viet Dung Doan,
Abhijeet Gaikwad,
Ian Stokes-Rees
Abstract:
In this paper we present two parallel Monte Carlo based algorithms for pricing multi--dimensional Bermudan/American options. First approach relies on computation of the optimal exercise boundary while the second relies on classification of continuation and exercise values. We also evaluate the performance of both the algorithms in a desktop grid environment. We show the effectiveness of the prop…
▽ More
In this paper we present two parallel Monte Carlo based algorithms for pricing multi--dimensional Bermudan/American options. First approach relies on computation of the optimal exercise boundary while the second relies on classification of continuation and exercise values. We also evaluate the performance of both the algorithms in a desktop grid environment. We show the effectiveness of the proposed approaches in a heterogeneous computing environment, and identify scalability constraints due to the algorithmic structure.
△ Less
Submitted 13 May, 2008;
originally announced May 2008.
-
On Interleaving Techniques for MIMO Channels and Limitations of Bit Interleaved Coded Modulation
Authors:
Dumitru Mihai Ionescu,
Dung N. Doan,
Steven D. Gray
Abstract:
It is shown that while the mutual information curves for coded modulation (CM) and bit interleaved coded modulation (BICM) overlap in the case of a single input single output channel, the same is not true in multiple input multiple output (MIMO) channels. A method for mitigating fading in the presence of multiple transmit antennas, named coordinate interleaving (CI), is presented as a generaliza…
▽ More
It is shown that while the mutual information curves for coded modulation (CM) and bit interleaved coded modulation (BICM) overlap in the case of a single input single output channel, the same is not true in multiple input multiple output (MIMO) channels. A method for mitigating fading in the presence of multiple transmit antennas, named coordinate interleaving (CI), is presented as a generalization of component interleaving for a single transmit antenna. The extent of any advantages of CI over BICM, relative to CM, is analyzed from a mutual information perspective; the analysis is based on an equivalent parallel channel model for CI. Several expressions for mutual information in the presence of CI and multiple transmit and receive antennas are derived. Results show that CI gives higher mutual information compared to that of BICM if proper signal mappings are used. Effects like constellation rotation in the presence of CI are also considered and illustrated; it is shown that constellation rotation can increase the constrained capacity.
△ Less
Submitted 23 October, 2005;
originally announced October 2005.
-
Suppression of the bottleneck in semiconductor microcavities
Authors:
T. D. Doan,
D. B. Tran Thoai
Abstract:
The relaxation kinetics of cavity polaritons by scattering with thermal acoustic phonons is studied within the rate equation approximation. Numerical results show that a suppression of the bottleneck of lower polariton states occurs at high polariton densities. We have found that the long decay time of the photon-like polaritons, the thin width of the embedded quantum wells and the small value o…
▽ More
The relaxation kinetics of cavity polaritons by scattering with thermal acoustic phonons is studied within the rate equation approximation. Numerical results show that a suppression of the bottleneck of lower polariton states occurs at high polariton densities. We have found that the long decay time of the photon-like polaritons, the thin width of the embedded quantum wells and the small value of exciton-cavity detuning are favorable for the suppression of the bottleneck.
△ Less
Submitted 23 July, 2002;
originally announced July 2002.