This paper describes our work in participation of the IWSLT-2021 offline speech translation task. Our system was built in a cascade form, including a speaker diarization module, an Automatic Speech Recognition (ASR) module and a Machine Translation (
MT) module. We directly use the LIUM SpkDiarization tool as the diarization module. The ASR module is trained with three ASR datasets from different sources, by multi-source training, using a modified Transformer encoder. The MT module is pretrained on the large-scale WMT news translation dataset and fine-tuned on the TED corpus. Our method achieves 24.6 BLEU score on the 2021 test set.
Federated edge learning (FEEL) has emerged as an effective alternative to reduce the large communication latency in Cloud-based machine learning solutions, while preserving data privacy. Unfortunately, the learning performance of FEEL may be compromi
sed due to limited training data in a single edge cluster. In this paper, we investigate a novel framework of FEEL, namely semi-decentralized federated edge learning (SD-FEEL). By allowing model aggregation between different edge clusters, SD-FEEL enjoys the benefit of FEEL in reducing training latency and improves the learning performance by accessing richer training data from multiple edge clusters. A training algorithm for SD-FEEL with three main procedures in each round is presented, including local model updates, intra-cluster and inter-cluster model aggregations, and it is proved to converge on non-independent and identically distributed (non-IID) data. We also characterize the interplay between the network topology of the edge servers and the communication overhead of inter-cluster model aggregation on training performance. Experiment results corroborate our analysis and demonstrate the effectiveness of SD-FFEL in achieving fast convergence. Besides, guidelines on choosing critical hyper-parameters of the training algorithm are also provided.
Recently, the research on protecting the intellectual properties (IP) of deep neural networks (DNN) has attracted serious concerns. A number of DNN copyright protection methods have been proposed. However, most of the existing watermarking methods fo
cus on verifying the copyright of the model, which do not support the authentication and management of users fingerprints, thus can not satisfy the requirements of commercial copyright protection. In addition, the query modification attack which was proposed recently can invalidate most of the existing backdoor-based watermarking methods. To address these challenges, in this paper, we propose a method to protect the intellectual properties of DNN models by using an additional class and steganographic images. Specifically, we use a set of watermark key samples to embed an additional class into the DNN, so that the watermarked DNN will classify the watermark key sample as the predefined additional class in the copyright verification stage. We adopt the least significant bit (LSB) image steganography to embed users fingerprints into watermark key images. Each user will be assigned with a unique fingerprint image so that the users identity can be authenticated later. Experimental results demonstrate that, the proposed method can protect the copyright of DNN models effectively. On Fashion-MNIST and CIFAR-10 datasets, the proposed method can obtain 100% watermark accuracy and 100% fingerprint authentication success rate. In addition, the proposed method is demonstrated to be robust to the model fine-tuning attack, model pruning attack, and the query modification attack. Compared with three existing watermarking methods (the logo-based, noise-based, and adversarial frontier stitching watermarking methods), the proposed method has better performance on watermark accuracy and robustness against the query modification attack.
Deep neural networks (DNN) have been widely deployed in various applications. However, many researches indicated that DNN is vulnerable to backdoor attacks. The attacker can create a hidden backdoor in target DNN model, and trigger the malicious beha
viors by submitting specific backdoor instance. However, almost all the existing backdoor works focused on the digital domain, while few studies investigate the backdoor attacks in real physical world. Restricted to a variety of physical constraints, the performance of backdoor attacks in the real physical world will be severely degraded. In this paper, we propose a robust physical backdoor attack method, PTB (physical transformations for backdoors), to implement the backdoor attacks against deep learning models in the real physical world. Specifically, in the training phase, we perform a series of physical transformations on these injected backdoor instances at each round of model training, so as to simulate various transformations that a backdoor may experience in real world, thus improves its physical robustness. Experimental results on the state-of-the-art face recognition model show that, compared with the backdoor methods that without PTB, the proposed attack method can significantly improve the performance of backdoor attacks in real physical world. Under various complex physical conditions, by injecting only a very small ratio (0.5%) of backdoor instances, the attack success rate of physical backdoor attacks with the PTB method on VGGFace is 82%, while the attack success rate of backdoor attacks without the proposed PTB method is lower than 11%. Meanwhile, the normal performance of the target DNN model has not been affected.
The training of Deep Neural Networks (DNN) is costly, thus DNN can be considered as the intellectual properties (IP) of model owners. To date, most of the existing protection works focus on verifying the ownership after the DNN model is stolen, which
cannot resist piracy in advance. To this end, we propose an active DNN IP protection method based on adversarial examples against DNN piracy, named ActiveGuard. ActiveGuard aims to achieve authorization control and users fingerprints management through adversarial examples, and can provide ownership verification. Specifically, ActiveGuard exploits the elaborate adversarial examples as users fingerprints to distinguish authorized users from unauthorized users. Legitimate users can enter fingerprints into DNN for identity authentication and authorized usage, while unauthorized users will obtain poor model performance due to an additional control layer. In addition, ActiveGuard enables the model owner to embed a watermark into the weights of DNN. When the DNN is illegally pirated, the model owner can extract the embedded watermark and perform ownership verification. Experimental results show that, for authorized users, the test accuracy of LeNet-5 and Wide Residual Network (WRN) models are 99.15% and 91.46%, respectively, while for unauthorized users, the test accuracy of the two DNNs are only 8.92% (LeNet-5) and 10% (WRN), respectively. Besides, each authorized user can pass the fingerprint authentication with a high success rate (up to 100%). For ownership verification, the embedded watermark can be successfully extracted, while the normal performance of the DNN model will not be affected. Further, ActiveGuard is demonstrated to be robust against fingerprint forgery attack, model fine-tuning attack and pruning attack.
This paper concerns the local well-posedness for the good Boussinesq equation subject to quasi-periodic initial conditions. By constructing a delicately and subtly iterative process together with an explicit combinatorial analysis, we show that there
exists a unique solution for such a model in a small region of time. The size of this region depends on both the given data and the frequency vector involved. Moreover the local solution has an expansion with exponentially decaying Fourier coefficients.
It was recently proposed that a field theory cannot be consistent with quantum gravity if it allows a mode shorter than the Planck length to exit the Hubble horizon. This is called the Trans-Planckian Censorship Conjecture (TCC). We discuss the impli
cations of the TCC on the possible shape of the inflaton potential in single-field slow-roll inflation. We point out that (1) there is generically an initial condition in which the total e-folding number $N_text{total}$ is doubled or more compared to the e-folds necessary for the cosmic microwave background fluctuations, and (2) a sizable negative running of spectral index is generically expected to make $N_text{total}$ small. In concrete setups, we find a stringent constraint on the inflationary energy scale, $V_text{inf}^{1/4} < mathcal{O}(10) , text{TeV}$ with $r < mathcal{O}(10^{-50})$, and the running parameter is bounded above as $alpha_text{s} lesssim - 4 times 10^{-3}$.
A traveling wave model for a semiconductor diode laser based on quantum wells is presented as well as a comprehensive theoretical model of the lasing dynamics produced by the intensity discrimination of the nonlinear mode-coupling in a waveguide arra
y. By leveraging a recently developed model for the detailed semiconductor gain dynamics, the temporal shaping effects of the nonlinear mode-coupling induced by the waveguide arrays can be characterized. Specifically, the enhanced nonlinear pulse shaping provided by the waveguides are capable of generating stable frequency combs wavelength of 800 nm in a GaAs device, a parameter regime not feasible for stable combline generation using a single waveguide. Extensive numerical simulations showed that stable waveform generation could be achieved and optimized by an appropriate choice of the linear waveguide coupling coefficient, quantum well depth, and the input currents to the first and second waveguides. The model provides a first demonstration that a compact, efficient and robust on-chip comb source can be produced in GaAs.
We develop a stable and efficient numerical scheme for modeling the optical field evolution in a nonlinear dispersive cavity with counter propagating waves and complex, semiconductor physics gain dynamics that are expensive to evaluate. Our stability
analysis is characterized by a von-Neumann analysis which shows that many standard numerical schemes are unstable due to competing physical effects in the propagation equations. We show that the combination of a predictor-corrector scheme with an operator-splitting not only results in a stable scheme, but provides a highly efficient, single-stage evaluation of the gain dynamics. Given that the gain dynamics is the rate-limiting step of the algorithm, our method circumvents the numerical instability induced by the other cavity physics when evaluating the gain in an efficient manner. We demonstrate the stability and efficiency of the algorithm on a diode laser model which includes three waveguides and semiconductor gain dynamics. The laser is able to produce a repeating temporal waveform and stable optical comblines, thus demonstrating that frequency combs generation may be possible in chip scale, diode lasers.
We propose a novel scenario of inflation, in which the inflaton is identified as the lightest mode of an angular field in a compactified fifth dimension. The periodic effective potential exhibits exponentially flat plateaus, so that a sub-Planckian f
ield excursion without hilltop initial conditions is naturally realized. We can obtain consistent predictions with observations on the spectral index and the tensor-to-scalar ratio.
