Hyperparameters are critical in machine learning, as different hyperparameters often result models with significantly performance. may be deemed confidential because of their commercial value and the confidentiality proprietary algorithms that learner uses to learn them. In this work, we propose attacks on stealing learned by a learner. We call our hyperparameter attacks. Our applicable variety popular learning such ridge regression, logistic support vector machine, neural network. evaluate...

In this work, we propose the first backdoor attack to graph neural networks (GNN). Specifically, a subgraph based GNN for classification. our attack, classifier predicts an attacker-chosen target label testing once predefined is injected graph. Our empirical results on three real-world datasets show that attacks are effective with small impact GNN's prediction accuracy clean graphs. Moreover, generalize randomized smoothing certified defense defend against attacks. in some cases but...

Federated learning (FL) is a popular distributed framework that can reduce privacy risks by not explicitly sharing private data. However, recent works have demonstrated model updates makes FL vulnerable to inference attack. In this work, we show our key observation the data representation leakage from gradients essential cause of in FL. We also provide an analysis explain how presentation leaked. Based on observation, propose defense called Soteria against inversion attack The idea perturb...

Online social networks are known to be vulnerable the so-called Sybil attack, in which an attacker maintains massive fake accounts (also called Sybils) and uses them perform various malicious activities. Therefore, detection is a fundamental security research problem online networks. Random walk based methods, leverage structure of network distribute reputation scores for users, have been demonstrated promising certain real-world In particular, random methods three desired features: they can...

Graph-based classification methods are widely used for security analytics. Roughly speaking, graph-based include collective and graph neural network. Attacking a method enables an attacker to evade detection in However, existing adversarial machine learning studies mainly focused on non-graph data. Only few recent touched methods. they network, leaving largely unexplored. We aim bridge this gap work. consider attacker's goal is via manipulating the structure. formulate our attack as...

Graph-based semi-supervised node classification (GraphSSC) has wide applications, ranging from networking and security to data mining machine learning, etc. However, existing centralized GraphSSC methods are impractical solve many real-world graph-based problems, as collecting the entire graph labeling a reasonable number of labels is time-consuming costly, privacy may be also violated. Federated learning (FL) an emerging paradigm that enables collaborative among multiple clients, which can...

Detecting Sybils in online social networks (OSNs) is a fundamental security research problem as adversaries can leverage to perform various malicious activities. Structure-based methods have been shown be promising at detecting Sybils. Existing structure-based classified into two categories: Random Walk (RW)-based and Loop Belief Propagation (LBP)-based methods. RW-based cannot labeled benign users simultaneously, which limits their detection accuracy, they are not robust noisy labels....

Detecting fraudulent users in online social networks is a fundamental and urgent research problem as adversaries can use them to perform various malicious activities. Global structure based methods, which are known guilt-by-association, have been shown be promising at detecting users. However, existing guilt-by-association methods either assume symmetric (i.e., undirected) links, oversimplifies the asymmetric directed) of real-world networks, or only leverage labeled normal (but not both)...

In the attribute inference problem, we aim to infer users' private attributes (e.g., locations, sexual orientation, and interests) using their public data in online social networks. State-of-the-art methods leverage a user's both friends behaviors page likes on Facebook, apps that user reviewed Google Play) attributes. However, these suffer from two key limitations: 1) suppose certain for target training dataset, they only labeled users who have attribute, while ignoring label information of...

Federated learning is a popular distributed machine paradigm with enhanced privacy. Its primary goal global model that offers good performance for the participants as many possible. The technology rapidly advancing unsolved challenges, among which statistical heterogeneity (i.e., non-IID) and communication efficiency are two critical ones hinder development of federated learning. In this work, we propose LotteryFL -- personalized communication-efficient framework via exploiting Lottery...

This paper proposes a novel simultaneous and proportional multiple degree of freedom (DOF) myoelectric control method for active prostheses.The approach is based on non-negative matrix factorization (NMF) surface EMG signals with the inclusion sparseness constraints. By applying constraint to signal matrix, it possible extract basis information from arbitrary movements (quasi-unsupervised approach) DOFs concurrently.In online testing target hitting, able-bodied subjects reached greater...

Community detection plays a key role in understanding graph structure. However, several recent studies showed that community is vulnerable to adversarial structural perturbation. In particular, via adding or removing small number of carefully selected edges graph, an attacker can manipulate the detected communities. best our knowledge, there are no on certifying robustness against such this work, we aim bridge gap. Specifically, develop first certified guarantee Given arbitrary method, build...

Social networks are known to be vulnerable the so-called Sybil attack, in which an attacker maintains massive Sybils and uses them perform various malicious activities. Therefore, detection social is a basic security research problem. Structure-based methods have been shown promising at detecting Sybils. Existing structure-based can classified into two categories: Random Walk (RW)-based Loop Belief Propagation (LBP)-based methods. RW-based cannot leverage labeled benign users simultaneously,...

Backdoor attack is a severe security threat to deep neural networks (DNNs). We envision that, like adversarial examples, there will be cat-and-mouse game for backdoor attacks, i.e., new empirical defenses are developed defend against attacks but they soon broken by strong adaptive attacks. To prevent such game, we take the first step towards certified Specifically, in this work, study feasibility and effectiveness of certifying robustness using recent technique called randomized smoothing....

Many security and privacy problems can be modeled as a graph classification problem, where nodes in the are classified by collective simultaneously.Stateof-the-art methods for such graph-based analytics follow following paradigm: assign weights to edges of graph, iteratively propagate reputation scores among weighted use final classify graph.The key challenge is edge that an has large weight if two corresponding have same label, small otherwise.Although been studied applied more than decade,...

Channel reassignment is to assign again on the assigned channel resources in order use more efficiently. Software-Defined Networking (SDN) based Internet of Things (SDN-IoT) a promising paradigm improve communication performance network, since it allows software-defined routers (SDRs) with help SDN controller appropriately schedule traffic loads meet better transaction corresponding channels one link. However, existing works have many limitations. In this paper, we develop joint...

Graph neural networks (GNNs) have recently gained much attention for node and graph classification tasks on graph-structured data. However, multiple recent works showed that an attacker can easily make GNNs predict incorrectly via perturbing the structure, i.e., adding or deleting edges in graph. We aim to defend against such attacks developing certifiably robust GNNs. Specifically, we prove first certified robustness guarantee of any GNN both classifications structural perturbation....

Sybil attacks are becoming increasingly widespread and pose a significant threat to online social systems; single adversary can inject multiple colluding identities in the system compromise security privacy. Recent works have leveraged network-based trust relationships defend against attacks. However, existing defenses based on oversimplified assumptions about network structure, which do not necessarily hold real-world networks. Recognizing these limitations, we propose SYBILFUSE,...

Large language models (LLMs) have achieved remarkable success due to their exceptional generative capabilities. Despite success, they also inherent limitations such as a lack of up-to-date knowledge and hallucination. Retrieval-Augmented Generation (RAG) is state-of-the-art technique mitigate those limitations. In particular, given question, RAG retrieves relevant from database augment the input LLM. For instance, retrieved could be set top-k texts that are most semantically similar question...

This article studies an emerging practical problem called heterogeneous prototype learning (HPL). Unlike the conventional face synthesis (HFS) that focuses on precisely translating a image from source domain to another target one without removing facial variations, HPL aims at variation-free of in while preserving identity characteristics. is compounded involving two cross-coupled subproblems, is, transfer and (PL), thus making most existing HFS methods simply style images unsuitable for...

Graph neural network (GNN), the mainstream method to learn on graph data, is vulnerable evasion attacks, where an attacker slightly perturbing structure can fool trained GNN models. Existing work has at least one of following drawbacks: 1) limited directly attack two-layer GNNs; 2) inefficient; and 3) impractical, as they need know full or part model parameters.

Hyperparameters are critical in machine learning, as different hyperparameters often result models with significantly performance. may be deemed confidential because of their commercial value and the confidentiality proprietary algorithms that learner uses to learn them. In this work, we propose attacks on stealing learned by a learner. We call our hyperparameter attacks. Our applicable variety popular learning such ridge regression, logistic support vector machine, neural network. evaluate...

Graph-based semi-supervised node classification (GraphSSC) has wide applications, ranging from networking and security to data mining machine learning, etc. However, existing centralized GraphSSC methods are impractical solve many real-world graph-based problems, as collecting the entire graph labeling a reasonable number of labels is time-consuming costly, privacy may be also violated. Federated learning (FL) an emerging paradigm that enables collaborative among multiple clients, which can...