Backdoor Attack Against Dataset Distillation in Natural Language Processing DOI Creative Commons

Yuhao Chen,

Weida Xu, Sicong Zhang

et al.

Applied Sciences, Journal Year: 2024, Volume and Issue: 14(23), P. 11425 - 11425

Published: Dec. 9, 2024

Dataset distillation has become an important technique for enhancing the efficiency of data when training machine learning models. It finds extensive applications across various fields, including computer vision (CV) and natural language processing (NLP). However, it essentially consists a deep neural network (DNN) model, which remain susceptible to security privacy vulnerabilities (e.g., backdoor attacks). Existing studies have primarily focused on optimizing balance between computational model performance, overlooking accompanying risks. This study presents first attack targeting NLP models trained distilled datasets. We introduce malicious triggers into synthetic during phase execute downstream with these data. employ several widely used datasets assess how different architectures dataset techniques withstand our attack. The experimental findings reveal that achieves strong performance high (above 0.9 up 1.0) success rate (ASR) in most cases. For attacks, often comes at cost reduced utility. Our maintains ASR while maximizing preservation utility, as evidenced by results showing clean test accuracy (CTA) backdoored is very close model. Additionally, we performed comprehensive ablation identify key factors affecting performance. tested method against five defense strategies, NAD, Neural Cleanse, ONION, SCPD, RAP. show methods are unable reduce without compromising model’s normal tasks. Therefore, cannot effectively defend

Language: Английский

Federated Unlearning: A Survey on Methods, Design Guidelines, and Evaluation Metrics DOI Creative Commons
Nicolò Romandini, Alessio Mora, Carlo Mazzocca

et al.

IEEE Transactions on Neural Networks and Learning Systems, Journal Year: 2024, Volume and Issue: unknown, P. 1 - 21

Published: Jan. 1, 2024

Federated learning (FL) enables collaborative training of a machine (ML) model across multiple parties, facilitating the preservation users' and institutions' privacy by maintaining data stored locally. Instead centralizing raw data, FL exchanges locally refined parameters to build global incrementally. While is more compliant with emerging regulations such as European General Data Protection Regulation (GDPR), ensuring right be forgotten in this context-allowing participants remove their contributions from learned model-remains unclear. In addition, it recognized that malicious clients may inject backdoors into through updates, e.g., generate mispredictions on specially crafted examples. Consequently, there need for mechanisms can guarantee individuals possibility erase even after aggregation, without compromising already acquired "good" knowledge. This highlights necessity novel federated unlearning (FU) algorithms, which efficiently specific clients' full retraining. article provides background concepts, empirical evidence, practical guidelines design/implement efficient FU schemes. study includes detailed analysis metrics evaluating presents an in-depth literature review categorizing state-of-the-art under taxonomy. Finally, we outline most relevant still open technical challenges, identifying promising research directions field.

Language: Английский

Citations

5

Brain-Inspired Continual Learning: Robust Feature Distillation and Re-Consolidation for Class Incremental Learning DOI Creative Commons
Hikmat Khan, Nidhal Bouaynaya, Ghulam Rasool

et al.

IEEE Access, Journal Year: 2024, Volume and Issue: 12, P. 34054 - 34073

Published: Jan. 1, 2024

Artificial intelligence and neuroscience have a long intertwined history. Advancements in research significantly influenced the development of artificial systems that potential to retain knowledge akin humans. Building upon foundational insights from existing adversarial continual learning fields, we introduce novel framework comprises two key concepts: feature distillation re-consolidation. The distills (CL) robust features rehearses them while next task, aiming replicate mammalian brain's process consolidating memories through rehearsing distilled version waking experiences. Furthermore, proposed emulates mechanism memory re-consolidation, where experiences influence assimilation previous via This incorporates new understanding CL model after current task into CL-robust samples task(s) mitigate catastrophic forgetting. framework, called Robust Rehearsal, circumvents limitations frameworks rely on availability pre-trained Oracle models pre-distill CL-robustified datasets for training subsequent models. We conducted extensive experiments three datasets, CIFAR10, CIFAR100, real-world helicopter attitude demonstrating trained using Rehearsal outperform their counterparts' baseline methods. In addition, series assess impact changing sizes number tasks, methods employing rehearsal other without rehearsal. Lastly, shed light existence diverse features, explore effects various optimization objectives within realms joint, continual, deep neural networks. Our findings indicate objective dictates learning, which plays vital role performance. Such observation further emphasizes importance alleviating our experiments, closely following can contribute developing approaches long-standing challenge

Language: Английский

Citations

3

DiLM: Distilling Dataset into Language Model for Text-level Dataset Distillation DOI Open Access

Aru Maekawa,

Satoshi Kosugi, Kotaro Funakoshi

et al.

Journal of Natural Language Processing, Journal Year: 2025, Volume and Issue: 32(1), P. 252 - 282

Published: Jan. 1, 2025

Citations

0

Continual learning with selective nets DOI Creative Commons

Hai Tung Luu,

Márton Szemenyei

Applied Intelligence, Journal Year: 2025, Volume and Issue: 55(7)

Published: March 29, 2025

Abstract The widespread adoption of foundation models has significantly transformed machine learning, enabling even straightforward architectures to achieve results comparable state-of-the-art methods. Inspired by the brain’s natural learning process-where studying a new concept activates distinct neural pathways and recalling that memory requires specific stimulus fully recover information-we present novel approach dynamic task identification submodel selection in continual learning. Our method leverages power robust visual features without supervision model (DINOv2) handle multi-experience datasets dividing them into multiple experiences, each representing subset classes. To build these classes, we employ strategies such as using random real images, distilled k-nearest neighbours (kNN) identify closest samples cluster, support vector machines (SVM) select most representative samples. During testing, where (ID) is not provided, extract test image use distance measurements match it with stored features. Additionally, introduce forgetting metric specifically designed measure rate task-agnostic scenarios, unlike traditional task-specific approaches. This captures extent knowledge loss across tasks identity unknown during inference. Despite its simple architecture, our delivers competitive performance various datasets, surpassing certain instances.

Language: Английский

Citations

0

Generative Dataset Distillation Based on Diffusion Model DOI
Duo Su, Junjie Hou, Guang Li

et al.

Lecture notes in computer science, Journal Year: 2025, Volume and Issue: unknown, P. 83 - 94

Published: Jan. 1, 2025

Language: Английский

Citations

0

D4M: Dataset Distillation via Disentangled Diffusion Model DOI
Duo Su, Junjie Hou,

Weizhi Gao

et al.

2022 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), Journal Year: 2024, Volume and Issue: 33, P. 5809 - 5818

Published: June 16, 2024

Citations

1

Towards Trustworthy Dataset Distillation: A Benchmark of Privacy, Fairness and Robustness DOI
Zongxiong Chen, Jiahui Geng, Derui Zhu

et al.

2022 International Joint Conference on Neural Networks (IJCNN), Journal Year: 2024, Volume and Issue: 32, P. 1 - 10

Published: June 30, 2024

Language: Английский

Citations

0

Backdoor Attack Against Dataset Distillation in Natural Language Processing DOI Creative Commons

Yuhao Chen,

Weida Xu, Sicong Zhang

et al.

Applied Sciences, Journal Year: 2024, Volume and Issue: 14(23), P. 11425 - 11425

Published: Dec. 9, 2024

Dataset distillation has become an important technique for enhancing the efficiency of data when training machine learning models. It finds extensive applications across various fields, including computer vision (CV) and natural language processing (NLP). However, it essentially consists a deep neural network (DNN) model, which remain susceptible to security privacy vulnerabilities (e.g., backdoor attacks). Existing studies have primarily focused on optimizing balance between computational model performance, overlooking accompanying risks. This study presents first attack targeting NLP models trained distilled datasets. We introduce malicious triggers into synthetic during phase execute downstream with these data. employ several widely used datasets assess how different architectures dataset techniques withstand our attack. The experimental findings reveal that achieves strong performance high (above 0.9 up 1.0) success rate (ASR) in most cases. For attacks, often comes at cost reduced utility. Our maintains ASR while maximizing preservation utility, as evidenced by results showing clean test accuracy (CTA) backdoored is very close model. Additionally, we performed comprehensive ablation identify key factors affecting performance. tested method against five defense strategies, NAD, Neural Cleanse, ONION, SCPD, RAP. show methods are unable reduce without compromising model’s normal tasks. Therefore, cannot effectively defend

Language: Английский

Citations

0