Adversarial examples can deceive a deep neural network (DNN) by significantly altering its response with imperceptible perturbations, which poses new potential vulnerabilities as the growing ubiquity of DNNs. However, most of the existing adversarial
examples cannot maintain the malicious functionality if we apply an affine transformation on the resultant examples, which is an important measurement to the robustness of adversarial attacks for the practical risks. To address this issue, we propose an affine-invariant adversarial attack which can consistently construct adversarial examples robust over a distribution of affine transformation. To further improve the efficiency, we propose to disentangle the affine transformation into rotations, translations, magnifications, and reformulate the transformation in polar space. Afterwards, we construct an affine-invariant gradient estimator by convolving the gradient at the original image with derived kernels, which can be integrated with any gradient-based attack methods. Extensive experiments on the ImageNet demonstrate that our method can consistently produce more robust adversarial examples under significant affine transformations, and as a byproduct, improve the transferability of adversarial examples compared with the alternative state-of-the-art methods.
This paper describes our work in participation of the IWSLT-2021 offline speech translation task. Our system was built in a cascade form, including a speaker diarization module, an Automatic Speech Recognition (ASR) module and a Machine Translation (
MT) module. We directly use the LIUM SpkDiarization tool as the diarization module. The ASR module is trained with three ASR datasets from different sources, by multi-source training, using a modified Transformer encoder. The MT module is pretrained on the large-scale WMT news translation dataset and fine-tuned on the TED corpus. Our method achieves 24.6 BLEU score on the 2021 test set.
The heavy fermion ferromagnet CeRh$_6$Ge$_4$ is the first example of a clean stoichiometric system where the ferromagnetic transition can be continuously suppressed by hydrostatic pressure to a quantum critical point. In order to reveal the outcome w
hen the magnetic lattice of CeRh$_6$Ge$_4$ is diluted with non-magnetic atoms, this study reports comprehensive measurements of the physical properties of both single crystal and polycrystalline samples of La$_x$Ce$_{1-x}$Rh$_6$Ge$_4$. With increasing $x$, the Curie temperature decreases, and no transition is observed for $x$ $>$ 0.25, while the system evolves from exhibiting coherent Kondo lattice behaviors at low $x$, to the Kondo impurity scenario at large $x$. Moreover, non-Fermi liquid behavior (NFL) is observed over a wide doping range, which agrees well with the disordered Kondo model for 0.52 $leq$ $x$ $leq$ 0.66, while strange metal behavior is revealed in the vicinity of $x_c$ = 0.26.
Recent numerical and experimental works have revealed a disorder-free many-body localization (MBL) in an interacting system subjecting to a linear potential, known as the Stark MBL. The conventional MBL, induced by disorder, has been widely studied b
y using quantum simulations based on superconducting circuits. Here, we consider the Stark MBL in two types of superconducting circuits, i.e., the 1D array of superconducting qubits, and the circuit where non-local interactions between qubits are mediated by a resonator bus. We calculate the entanglement entropy and participate entropy of the highly-excited eigenstates, and obtain the lower bound of the critical linear potential $gamma_{c}$, using the finite-size scaling collapse. Moreover, we study the non-equilibrium properties of the Stark MBL. In particular, we observe an anomalous relaxation of the imbalance, dominated by the power-law decay $t^{-xi}$. The exponent $xi$ satisfies $xipropto|gamma-gamma_{c}|^{ u}$ when $gamma<gamma_{c}$, and vanishes for $gammageq gamma_{c}$, which can be employed to estimate the $gamma_{c}$. Our work indicates that superconducting circuits are a promising platform for investigating the critical properties of the Stark MBL transition.
Metasurfaces are planar structures that can manipulate the amplitude, phase and polarization (APP) of light at subwavelength scale. Although various functionalities have been proposed based on metasurface, a most general optical control, i.e., indepe
ndent complex-amplitude (amplitude and phase) control of arbitrary two orthogonal states of polarizations, has not yet been realized. Such level of optical control can not only cover the various functionalities realized previously, but also enable new functionalities that are not feasible before. Here, we propose a single-layer dielectric metasurface to realize this goal and experimentally demonstrate several advanced functionalities, such as two independent full-color printing images under arbitrary elliptically orthogonal polarizations and dual sets of printing-hologram integrations. Our work opens the way for a wide range of applications in advanced image display, information encoding, and polarization optics.
The superconducting order parameter of the first heavy-fermion superconductor CeCu2Si2 is currently under debate. A key ingredient to understand its superconductivity and physical properties is the quasiparticle dispersion and Fermi surface, which re
mains elusive experimentally. Here we present measurements from angle-resolved photoemission spectroscopy. Our results emphasize the key role played by the Ce 4f electrons for the low-temperature Fermi surface, highlighting a band-dependent conduction-f electron hybridization. In particular, we find a very heavy quasi-two-dimensional electron band near the bulk X point and moderately heavy three-dimensional hole pockets near the Z point. Comparison with theoretical calculations reveals the strong local correlation in this compound, calling for further theoretical studies. Our results provide the electronic basis to understand the heavy fermion behavior and superconductivity; implications for the enigmatic superconductivity of this compound are also discussed.
In this paper, we investigate the problem of weakly supervised 3D vehicle detection. Conventional methods for 3D object detection need vast amounts of manually labelled 3D data as supervision signals. However, annotating large datasets requires huge
human efforts, especially for 3D area. To tackle this problem, we propose frustum-aware geometric reasoning (FGR) to detect vehicles in point clouds without any 3D annotations. Our method consists of two stages: coarse 3D segmentation and 3D bounding box estimation. For the first stage, a context-aware adaptive region growing algorithm is designed to segment objects based on 2D bounding boxes. Leveraging predicted segmentation masks, we develop an anti-noise approach to estimate 3D bounding boxes in the second stage. Finally 3D pseudo labels generated by our method are utilized to train a 3D detector. Independent of any 3D groundtruth, FGR reaches comparable performance with fully supervised methods on the KITTI dataset. The findings indicate that it is able to accurately detect objects in 3D space with only 2D bounding boxes and sparse point clouds.
Deep learning models are vulnerable to adversarial examples, which can fool a target classifier by imposing imperceptible perturbations onto natural examples. In this work, we consider the practical and challenging decision-based black-box adversaria
l setting, where the attacker can only acquire the final classification labels by querying the target model without access to the models details. Under this setting, existing works often rely on heuristics and exhibit unsatisfactory performance. To better understand the rationality of these heuristics and the limitations of existing methods, we propose to automatically discover decision-based adversarial attack algorithms. In our approach, we construct a search space using basic mathematical operations as building blocks and develop a random search algorithm to efficiently explore this space by incorporating several pruning techniques and intuitive priors inspired by program synthesis works. Although we use a small and fast model to efficiently evaluate attack algorithms during the search, extensive experiments demonstrate that the discovered algorithms are simple yet query-efficient when transferred to larger normal and defensive models on the CIFAR-10 and ImageNet datasets. They achieve comparable or better performance than the state-of-the-art decision-based attack methods consistently.
Federated edge learning (FEEL) has emerged as an effective alternative to reduce the large communication latency in Cloud-based machine learning solutions, while preserving data privacy. Unfortunately, the learning performance of FEEL may be compromi
sed due to limited training data in a single edge cluster. In this paper, we investigate a novel framework of FEEL, namely semi-decentralized federated edge learning (SD-FEEL). By allowing model aggregation between different edge clusters, SD-FEEL enjoys the benefit of FEEL in reducing training latency and improves the learning performance by accessing richer training data from multiple edge clusters. A training algorithm for SD-FEEL with three main procedures in each round is presented, including local model updates, intra-cluster and inter-cluster model aggregations, and it is proved to converge on non-independent and identically distributed (non-IID) data. We also characterize the interplay between the network topology of the edge servers and the communication overhead of inter-cluster model aggregation on training performance. Experiment results corroborate our analysis and demonstrate the effectiveness of SD-FFEL in achieving fast convergence. Besides, guidelines on choosing critical hyper-parameters of the training algorithm are also provided.
Recently, the research on protecting the intellectual properties (IP) of deep neural networks (DNN) has attracted serious concerns. A number of DNN copyright protection methods have been proposed. However, most of the existing watermarking methods fo
cus on verifying the copyright of the model, which do not support the authentication and management of users fingerprints, thus can not satisfy the requirements of commercial copyright protection. In addition, the query modification attack which was proposed recently can invalidate most of the existing backdoor-based watermarking methods. To address these challenges, in this paper, we propose a method to protect the intellectual properties of DNN models by using an additional class and steganographic images. Specifically, we use a set of watermark key samples to embed an additional class into the DNN, so that the watermarked DNN will classify the watermark key sample as the predefined additional class in the copyright verification stage. We adopt the least significant bit (LSB) image steganography to embed users fingerprints into watermark key images. Each user will be assigned with a unique fingerprint image so that the users identity can be authenticated later. Experimental results demonstrate that, the proposed method can protect the copyright of DNN models effectively. On Fashion-MNIST and CIFAR-10 datasets, the proposed method can obtain 100% watermark accuracy and 100% fingerprint authentication success rate. In addition, the proposed method is demonstrated to be robust to the model fine-tuning attack, model pruning attack, and the query modification attack. Compared with three existing watermarking methods (the logo-based, noise-based, and adversarial frontier stitching watermarking methods), the proposed method has better performance on watermark accuracy and robustness against the query modification attack.
