Hexo

2023-11-06 1.6k words 5 mins

Data Poisoning Attacks in Internet-of-Vehicle Networks, Taxonomy, State-of-The-Art, and Future Directions

摘要现有的问题：攻击者通过精心制造中毒数据，可以影响DNN的性能。特别的，在车联网领域，攻击者可以误导交通标志识别系统，使得系统将某一类标志识别错误（针对性攻击），或者是单纯的影响模型的性能（非针对性攻击）。本文的工作是：调查了性能最优的集中攻击方法，和针对自动驾驶的防御方法根据是否攻击者是否参与数据标注过程，将攻击方式分为：脏标签（dirty-label）攻击和干净标签（clean-label）攻击将防御方法也分为两类，分类标准是是否需要修改模型（model-based defence method）或者是修改数据（data-based defence method）作者不仅是做了调

2023-10-26 924 words 3 mins

First-Order Efficient General-Purpose Clean-Label Data Poisoning

abstract先简单介绍了一下中毒攻击，然后指出existing work的局限性：大多都是bi-level optimization（二阶层优化）问题。这会导致在求解问题的时候有很大的计算量。现有的方法都是用feature collision（特征碰撞）的方法，这些方法对没见过的特征空间效果不是很好，转移到其他场景也不是很容易于是作者提出了一个一阶的方法，这个方法理论上可以大概达到二阶的效果，总结一下其性质：高效（以一阶接近二阶的性能）转移（对于不同的特征空间都能投毒）泛化（可以适用于别的场景，CV、WTP） MetaPoison这篇文章跟之前的MetaPoison进行

2023-10-23 1.7k words 7 mins

OBLIVION_poisoning

abstractdevelop an advanced model poisoning attack against defensive aggregation rules 2 components/features: rank the priority of models weights to find whose influence is bigger. Then we do poisoning attack to the it. Basically, it is better than average poisoning attack to all weights. Smo

2023-10-22 776 words 2 mins

MetaPoison

abstract现有的攻击主要都是手工制作的攻击，为什么让机器去做呢？因为这通常是一个bilevel optimization（双层优化）问题，这对于深度模型来说是不好求解的。提出的攻击：MetaPoison。通过first- order method（一阶方法）来近似bilevel optimization。其特性：高效性：通过和clean-label方法对比健壮性：对一个模型的中毒攻击能够同样适用于其他的一些架构和训练设置未知的模型上去。通用性：不仅适用于微调场景，而且也能用作端到端场景下（clean- label攻击没有这个性质）在现实世界中，对Google Cloud

2023-10-22 267 words 1 min

cs224w_ch8

Graph augmentationfor one graph G, if: G is too sparce => MP(message-passing) not efficient G is too dense => MP costly G is too large => GPU memory not enough then it is unlikely to use the computational graph as the raw input. $G_{raw}\ne G_{computational}$ Here are some

2023-10-22 470 words 2 mins

FlowGNN

abstractthe limitation: GNN needs fast inference. Existing works focus on target GNN acceleration, such as GCN. And many works rely on pre-processing which is not suitable to real-time application. This paper work: Propose FlowGNN, which is generalizable to the majority of message -passing GNN

2023-10-18 483 words 3 mins

cs224w_ch7

a single layer og GNNthere are many different GNN: GCN, GraphSAGE, GAT… the difference between them mainly are: message send message aggregation message send$$m_u^l=\mathcal {MSG}^{(l)}(h_u^{l-1})$$ moostly the message function is linear:$$m_u^l=W^{(l)}h_u^{(l-1)}$$ message aggregationt

2023-10-17 906 words 3 mins

DAGAD

小组基本信息：小组方向：AI算法在入侵检测、恶意软件识别、恶意流量识别方面的应用论文题目：DAGAD: Data Augmentation for Graph Anomaly Detection 摘要检测异常结点，属于结点型任务目前存在的两个问题：异常结点很难被捕获，其异常行为很微小，并且往往没有关于异常结点的先验知识现实世界中大部分的结点都是正常的，就像银行贷款一样，往往1w人里面只有几个人是不还贷款的“异常结点”。存在严重的类别不平衡问题。本文的模型： GNN将非欧数据压缩为d维向量（表征学习）图增强模块，通过对生成的d维向量增加扰动，来进行数据增强，使用增强之后的

2023-10-16 363 words 2 mins

cs224w_ch6

in node embedding, we use encoder to map original network node to embedding space, the encoder is:$$z_v=Z.v$$the matrix is what we need to learn. now, we use deep learning-based method as our encoder, which is composed of multiple layers of non-linear transformations. What makes graph represen

2023-10-16 632 words 3 mins

cs224w_ch4

PageRankhow to represent page as graph: Node: web pages Edge: hyperlinks Not only page network, here are citation natwork and reference network: The problem is how could we measure the important of a web page so that we can rank them. the idea is: links and votes links and votesthe intuition is t