自我监督模型在机器学习(ML)中越来越普遍,因为它们减少了对昂贵标签数据的需求。由于它们在下游应用程序中的多功能性,它们越来越多地用作通过公共API暴露的服务。同时,由于它们输出的向量表示的高维度,这些编码器模型特别容易受到模型窃取攻击的影响。然而,编码器仍然没有防御:窃取攻击的现有缓解策略集中在监督学习上。我们介绍了一个新的数据集推理防御,该防御使用受害者编码器模型的私人培训集将其所有权归因于窃取的情况。直觉是,如果受害者从受害者那里窃取了编码器的培训数据,则在受害者的培训数据上,编码器的输出表示的对数可能比测试数据更高,但如果对其进行了独立培训,则不会。我们使用密度估计模型来计算该对数可能性。作为我们评估的一部分,我们还建议测量被盗编码器的保真度并量化盗窃检测的有效性,而无需涉及下游任务;相反,我们利用相互信息和距离测量值。我们在视觉领域中广泛的经验结果表明,数据集推断是捍卫自我监督模型免受模型窃取的有前途的方向。
translated by 谷歌翻译
自我监督学习(SSL)是一个日益流行的ML范式,它训练模型以将复杂的输入转换为表示形式而不依赖于明确的标签。这些表示编码的相似性结构可以有效学习多个下游任务。最近,ML-AS-A-A-Service提供商已开始为推理API提供训练有素的SSL模型,该模型将用户输入转换为有用的费用表示。但是,训练这些模型及其对API的曝光涉及的高昂成本都使黑盒提取成为现实的安全威胁。因此,我们探索了对SSL的窃取攻击的模型。与输出标签的分类器上的传统模型提取不同,受害者模型在这里输出表示;与分类器的低维预测分数相比,这些表示的维度明显更高。我们构建了几次新颖的攻击,发现直接在受害者被盗的陈述上训练的方法是有效的,并且能够为下游模型高精度。然后,我们证明现有针对模型提取的防御能力不足,并且不容易改装为SSL的特异性。
translated by 谷歌翻译
在模型提取攻击中,对手可以通过反复查询并根据获得的预测来窃取通过公共API暴露的机器学习模型。为了防止模型窃取,现有的防御措施专注于检测恶意查询,截断或扭曲输出,因此必然会为合法用户引入鲁棒性和模型实用程序之间的权衡。取而代之的是,我们建议通过要求用户在阅读模型的预测之前完成工作证明来阻碍模型提取。这可以通过大大增加(甚至高达100倍)来阻止攻击者,以利用查询访问模型提取所需的计算工作。由于我们校准完成每个查询的工作证明所需的努力,因此这仅为常规用户(最多2倍)引入一个轻微的开销。为了实现这一目标,我们的校准应用了来自差异隐私的工具来衡量查询揭示的信息。我们的方法不需要对受害者模型进行任何修改,可以通过机器学习从业人员来应用其公开暴露的模型免于轻易被盗。
translated by 谷歌翻译
This paper presents our solutions for the MediaEval 2022 task on DisasterMM. The task is composed of two subtasks, namely (i) Relevance Classification of Twitter Posts (RCTP), and (ii) Location Extraction from Twitter Texts (LETT). The RCTP subtask aims at differentiating flood-related and non-relevant social posts while LETT is a Named Entity Recognition (NER) task and aims at the extraction of location information from the text. For RCTP, we proposed four different solutions based on BERT, RoBERTa, Distil BERT, and ALBERT obtaining an F1-score of 0.7934, 0.7970, 0.7613, and 0.7924, respectively. For LETT, we used three models namely BERT, RoBERTa, and Distil BERTA obtaining an F1-score of 0.6256, 0.6744, and 0.6723, respectively.
translated by 谷歌翻译
Split Learning (SL) and Federated Learning (FL) are two prominent distributed collaborative learning techniques that maintain data privacy by allowing clients to never share their private data with other clients and servers, and fined extensive IoT applications in smart healthcare, smart cities, and smart industry. Prior work has extensively explored the security vulnerabilities of FL in the form of poisoning attacks. To mitigate the effect of these attacks, several defenses have also been proposed. Recently, a hybrid of both learning techniques has emerged (commonly known as SplitFed) that capitalizes on their advantages (fast training) and eliminates their intrinsic disadvantages (centralized model updates). In this paper, we perform the first ever empirical analysis of SplitFed's robustness to strong model poisoning attacks. We observe that the model updates in SplitFed have significantly smaller dimensionality as compared to FL that is known to have the curse of dimensionality. We show that large models that have higher dimensionality are more susceptible to privacy and security attacks, whereas the clients in SplitFed do not have the complete model and have lower dimensionality, making them more robust to existing model poisoning attacks. Our results show that the accuracy reduction due to the model poisoning attack is 5x lower for SplitFed compared to FL.
translated by 谷歌翻译
Unmanned air vehicles (UAVs) popularity is on the rise as it enables the services like traffic monitoring, emergency communications, deliveries, and surveillance. However, the unauthorized usage of UAVs (a.k.a drone) may violate security and privacy protocols for security-sensitive national and international institutions. The presented challenges require fast, efficient, and precise detection of UAVs irrespective of harsh weather conditions, the presence of different objects, and their size to enable SafeSpace. Recently, there has been significant progress in using the latest deep learning models, but those models have shortcomings in terms of computational complexity, precision, and non-scalability. To overcome these limitations, we propose a precise and efficient multiscale and multifeature UAV detection network for SafeSpace, i.e., \textit{MultiFeatureNet} (\textit{MFNet}), an improved version of the popular object detection algorithm YOLOv5s. In \textit{MFNet}, we perform multiple changes in the backbone and neck of the YOLOv5s network to focus on the various small and ignored features required for accurate and fast UAV detection. To further improve the accuracy and focus on the specific situation and multiscale UAVs, we classify the \textit{MFNet} into small (S), medium (M), and large (L): these are the combinations of various size filters in the convolution and the bottleneckCSP layers, reside in the backbone and neck of the architecture. This classification helps to overcome the computational cost by training the model on a specific feature map rather than all the features. The dataset and code are available as an open source: github.com/ZeeshanKaleem/MultiFeatureNet.
translated by 谷歌翻译
Social media platforms allow users to freely share their opinions about issues or anything they feel like. However, they also make it easier to spread hate and abusive content. The Fulani ethnic group has been the victim of this unfortunate phenomenon. This paper introduces the HERDPhobia - the first annotated hate speech dataset on Fulani herders in Nigeria - in three languages: English, Nigerian-Pidgin, and Hausa. We present a benchmark experiment using pre-trained languages models to classify the tweets as either hateful or non-hateful. Our experiment shows that the XML-T model provides better performance with 99.83% weighted F1. We released the dataset at https://github.com/hausanlp/HERDPhobia for further research.
translated by 谷歌翻译
当前信息时代在互联网上产生的数据的指数增长是数字经济的推动力。信息提取是累积大数据中的主要价值。对统计分析和手工设计的规则机器学习算法的大数据依赖性被人类语言固有的巨大复杂性所淹没。自然语言处理(NLP)正在装备机器,以了解这些人类多样化和复杂的语言。文本分类是一个NLP任务,它会自动识别基于预定义或未定标记的集合的模式。常见的文本分类应用程序包括信息检索,建模新闻主题,主题提取,情感分析和垃圾邮件检测。在文本中,某些单词序列取决于上一个或下一个单词序列以使其充分含义。这是一项具有挑战性的依赖性任务,要求机器能够存储一些以前的重要信息以影响未来的含义。诸如RNN,GRU和LSTM之类的序列模型是具有长期依赖性任务的突破。因此,我们将这些模型应用于二进制和多类分类。产生的结果非常出色,大多数模型在80%和94%的范围内执行。但是,这个结果并不详尽,因为我们认为如果机器要与人类竞争,可以改进。
translated by 谷歌翻译
本文着重于重要的环境挑战。也就是说,通过分析社交媒体作为直接反馈来源的潜力,水质。这项工作的主要目的是自动分析和检索与水质相关的社交媒体帖子,并特别注意描述水质不同方面的文章,例如水彩,气味,味觉和相关疾病。为此,我们提出了一个新颖的框架,其中包含不同的预处理,数据增强和分类技术。总共有三个不同的神经网络(NNS)架构,即来自变形金刚(BERT)的双向编码器表示,(ii)可靠优化的BERT预训练方法(XLM-ROBERTA)和(iii)自定义长期短期内存(LSTM)模型用于基于优异的融合方案。对于基于绩效的重量分配到模型,比较了几种优化和搜索技术,包括粒子群优化(PSO),遗传算法(GA),蛮力(BF),Nelder-Mead和Powell的优化方法。我们还提供了单个模型的评估,其中使用BERT模型获得了最高的F1评分为0.81。在基于绩效的融合中,BF以F1得分得分为0.852,可以获得总体更好的结果。我们还提供了与现有方法的比较,在该方法中,我们提出的解决方案得到了重大改进。我们认为对这个相对新主题的严格分析将为未来的研究提供基准。
translated by 谷歌翻译
情感分析是NLP中研究最广泛的应用程序之一,但大多数工作都集中在具有大量数据的语言上。我们介绍了尼日利亚的四种口语最广泛的语言(Hausa,Igbo,Nigerian-Pidgin和Yor \'ub \'a)的第一个大规模的人类通知的Twitter情感数据集,该数据集由大约30,000个注释的推文组成(以及每种语言的大约30,000个)(以及14,000尼日利亚猎人),其中包括大量的代码混合推文。我们提出了文本收集,过滤,处理和标记方法,使我们能够为这些低资源语言创建数据集。我们评估了数据集上的预训练模型和转移策略。我们发现特定于语言的模型和语言适应性芬通常表现最好。我们将数据集,训练的模型,情感词典和代码释放到激励措施中,以代表性不足的语言进行情感分析。
translated by 谷歌翻译