Page Not Found
Page not found. Your pixels are in another canvas.
Sitemap
A list of all the posts and pages found on the site. For you robots out there is an XML version available for digesting as well.
Pages
About me
About me
Page not in menu
This is a page not in th emain menu
Posts
Future Blog Post
Published:
This post will show up by default. To disable scheduling of future posts, edit config.yml and set future: false.
Blog Post number 4
Published:
This is a sample blog post. Lorem ipsum I can’t remember the rest of lorem ipsum and don’t have an internet connection right now. Testing testing testing this blog post. Blog posts are cool.
Blog Post number 3
Published:
This is a sample blog post. Lorem ipsum I can’t remember the rest of lorem ipsum and don’t have an internet connection right now. Testing testing testing this blog post. Blog posts are cool.
Blog Post number 2
Published:
This is a sample blog post. Lorem ipsum I can’t remember the rest of lorem ipsum and don’t have an internet connection right now. Testing testing testing this blog post. Blog posts are cool.
Blog Post number 1
Published:
This is a sample blog post. Lorem ipsum I can’t remember the rest of lorem ipsum and don’t have an internet connection right now. Testing testing testing this blog post. Blog posts are cool.
portfolio
Portfolio item number 1
Short description of portfolio item number 1
Portfolio item number 2
Short description of portfolio item number 2
publications
BackdoorBench: A Comprehensive Benchmark of Backdoor Learning
Published in NeurIPS 2022 Track Datasets and Benchmarks, 2022
Backdoor learning is an emerging and vital topic for studying deep neural networks’ vulnerability (DNNs). Many pioneering backdoor attack and defense methods are being proposed, successively or concurrently, in the status of a rapid arms race. However, we find that the evaluations of new methods are often unthorough to verify their claims and accurate performance, mainly due to the rapid development, diverse settings, and the difficulties of implementation and reproducibility. Without thorough evaluations and comparisons, it is not easy to track the current progress and design the future development roadmap of the literature. To alleviate this dilemma, we build a comprehensive benchmark of backdoor learning called BackdoorBench. It consists of an extensible modular-based codebase (currently including implementations of 8 state-of-the-art (SOTA) attacks and 9 SOTA defense algorithms) and a standardized protocol of complete backdoor learning. We also provide comprehensive evaluations of every pair of 8 attacks against 9 defenses, with 5 poisoning ratios, based on 5 models and 4 datasets, thus 8,000 pairs of evaluations in total. We present abundant analysis from different perspectives about these 8,000 evaluations, studying the effects of different factors in backdoor learning. All codes and evaluations of BackdoorBench are publicly available at https://backdoorbench.github.io.
Recommended citation: Wu, Baoyuan, et al. "BackdoorBench: A Comprehensive Benchmark of Backdoor Learning." NeurIPS 2022 Track Datasets and Benchmarks. https://openreview.net/forum?id=31_U7n18gM7
Mean Parity Fair Regression in RKHS
Published in AISTATS 2023, 2023
We study the fair regression problem under the notion of Mean Parity (MP) fairness, which requires the conditional mean of the learned function output to be constant with respect to the sensitive attributes. We address this problem by leveraging reproducing kernel Hilbert space (RKHS) to construct the functional space whose members are guaranteed to satisfy the fairness constraints. The proposed functional space suggests a closed-form solution for the fair regression problem that is naturally compatible with multiple sensitive attributes. Furthermore, by formulating the fairness-accuracy tradeoff as a relaxed fair regression problem, we derive a corresponding regression function that can be implemented efficiently and provides interpretable tradeoffs. More importantly, under some mild assumptions, the proposed method can be applied to regression problems with a covariance-based notion of fairness. Experimental results on benchmark datasets show the proposed methods achieve competitive and even superior performance compared with several state-of-the-art methods. Codes are publicly available at https://github.com/shawkui/MP_Fair_Regression.
Recommended citation: Wei, Shaokui, et al. "Mean Parity Fair Regression in RKHS" AISTATS 2023. https://proceedings.mlr.press/v206/wei23a/wei23a.pdf
Enhancing Fine-Tuning Based Backdoor Defense with Sharpness-Aware Minimization
Published in 2023 International Conference on Computer Vision, 2023
Backdoor defense, which aims to detect or mitigate the effect of malicious triggers introduced by attackers, is becoming increasingly critical for machine learning security and integrity. Fine-tuning based on benign data is a natural defense to erase the backdoor effect in a backdoored model. However, recent studies show that, given limited benign data, vanilla fine-tuning has poor defense performance. In this work, we provide a deep study of fine-tuning the backdoored model from the neuron perspective and find that backdoorrelated neurons fail to escape the local minimum in the fine-tuning process. Inspired by observing that the backdoorrelated neurons often have larger norms, we propose FTSAM, a novel backdoor defense paradigm that aims to shrink the norms of backdoor-related neurons by incorporating sharpness-aware minimization with fine-tuning. We demonstrate the effectiveness of our method on several benchmark datasets and network architectures, where it achieves state-of-the-art defense performance. Overall, our work provides a promising avenue for improving the robustness of machine learning models against backdoor attacks.
Recommended citation: Zhu, Mingli, et al. "Enhancing Fine-Tuning Based Backdoor Defense with Sharpness-Aware Minimization." 2023 International Conference on Computer Vision" https://arxiv.org/pdf/2304.11823
Neural Polarizer: A Lightweight and Effective Backdoor Defense via Purifying Poisoned Features
Published in Thirty-seventh Conference on Neural Information Processing Systems. NeurIPS 2023., 2023
Recent studies have demonstrated the susceptibility of deep neural networks to backdoor attacks. Given a backdoored model, its prediction of a poisoned sample with trigger will be dominated by the trigger information, though trigger information and benign information coexist. Inspired by the mechanism of the optical polarizer that a polarizer could pass light waves with particular polarizations while filtering light waves with other polarizations, we propose a novel backdoor defense method by inserting a learnable neural polarizer into the backdoored model as an intermediate layer, in order to purify the poisoned sample via filtering trigger information while maintaining benign information. The neural polarizer is instantiated as one lightweight linear transformation layer, which is learned through solving a well designed bi-level optimization problem, based on a limited clean dataset. Compared to other fine-tuning-based defense methods which often adjust all parameters of the backdoored model, the proposed method only needs to learn one additional layer, such that it is more efficient and requires less clean data. Extensive experiments demonstrate the effectiveness and efficiency of our method in removing backdoors across various neural network architectures and datasets, especially in the case of very limited clean data.
Recommended citation: Zhu, Mingli, Shaokui Wei (co-first author), et al. "Neural Polarizer: A Lightweight and Effective Backdoor Defense via Purifying Poisoned Features." Thirty-seventh Conference on Neural Information Processing Systems. NeurIPS 2023. https://arxiv.org/pdf/2306.16697
Shared Adversarial Unlearning: Backdoor Mitigation by Unlearning Shared Adversarial Examples
Published in Thirty-seventh Conference on Neural Information Processing Systems. NeurIPS 2023., 2023
Backdoor attacks are serious security threats to machine learning models where an adversary can inject poisoned samples into the training set, causing a backdoored model which predicts poisoned samples with particular triggers to particular target classes, while behaving normally on benign samples. In this paper, we explore the task of purifying a backdoored model using a small clean dataset. By establishing the connection between backdoor risk and adversarial risk, we derive a novel upper bound for backdoor risk, which mainly captures the risk on the shared adversarial examples (SAEs) between the backdoored model and the purified model. This upper bound further suggests a novel bi-level optimization problem for mitigating backdoor using adversarial training techniques. To solve it, we propose Shared Adversarial Unlearning (SAU). Specifically, SAU first generates SAEs, and then, unlearns the generated SAEs such that they are either correctly classified by the purified model and/or differently classified by the two models, such that the backdoor effect in the backdoored model will be mitigated in the purified model. Experiments on various benchmark datasets and network architectures show that our proposed method achieves state-of-the-art performance for backdoor defense.
Recommended citation: Wei, Shaokui, et al. "Shared Adversarial Unlearning: Backdoor Mitigation by Unlearning Shared Adversarial Examples." Thirty-seventh Conference on Neural Information Processing Systems. NeurIPS 2023. https://arxiv.org/pdf/2307.10562.pdf
VDC: Versatile Data Cleanser for Detecting Dirty Samples via Visual-Linguistic Inconsistency
Published in The Twelfth International Conference on Learning Representations. ICLR 2024, 2024
The role of data in building AI systems has recently been emphasized by the emerging concept of data-centric AI. Unfortunately, in the real-world, datasets may contain dirty samples, such as poisoned samples from backdoor attack, noisy labels in crowdsourcing, and even hybrids of them. The presence of such dirty samples makes the DNNs vunerable and unreliable.Hence, it is critical to detect dirty samples to improve the quality and realiability of dataset. Existing detectors only focus on detecting poisoned samples or noisy labels, that are often prone to weak generalization when dealing with dirty samples from other domains.In this paper, we find a commonality of various dirty samples is visual-linguistic inconsistency between images and associated labels. To capture the semantic inconsistency between modalities, we propose versatile data cleanser (VDC) leveraging the surpassing capabilities of multimodal large language models (MLLM) in cross-modal alignment and reasoning.It consists of three consecutive modules: the visual question generation module to generate insightful questions about the image; the visual question answering module to acquire the semantics of the visual content by answering the questions with MLLM; followed by the visual answer evaluation module to evaluate the inconsistency.Extensive experiments demonstrate its superior performance and generalization to various categories and types of dirty samples.
Recommended citation: Zhu, Zihao, et al. "VDC: Versatile Data Cleanser for Detecting Dirty Samples via Visual-Linguistic Inconsistency." ICLR 2024. https://arxiv.org/pdf/2309.16211.pdf
talks
Logarithmic Regret Algorithms for Online Convex Optimization
Published:
Introduce some logarithmic regret algorithms for Online Convex Optimization problems. Slides are available here.
Solving Mixed Integer Programs Using Neural Networks
Published:
Introduce and discuss the work “Solving Mixed Integer Programs Using Neural Networks”. Slides are available here.
Bias and Fairness in Machine Learning
Published:
Introduce the background, notions, methods and applications of fairness in Machine Learning. Slides are available here.
Generative Models
Published:
Introduce the background, formulations, methods and applications of generative models, including VAE and variants of GAN. Slides are available here.
Energy-based Learning for Cooperative Games in Valuation Problems
Published:
Introduce cooperative/non-cooperative games, valuation problem and the application of energy-based model in valuation problem. Slides are available here.
On the Tradeoff between Fairness and Robustness
Published:
Introduce some works about the tradeoff between fairness and robustness. Slides are available here.
Distributionally Robust Learning
Published:
Introduce the background, formulation, methods and applications of Distributionally Robust Learning. Slides are available here.
Loss Surfaces, Mode Connectivity and Model Robustness
Published:
Introduce the loss landscape of the machine learning model and its application to improve model robustness. Specifically, we discuss the mode connectivity, the loss landscape property of the poisoned model, and the existence of the Trojan model. Slides are available here.
Improving Robustness using Generated Data
Published:
Introduce how to improve robustness using Generated Data. Slides are available here.
Sharpness-Aware Minimization
Published:
Introduce the Sharpness-Aware Minimization (SAM) and its applications to model robustness. Slides are available here.
Structured Pruning of Deep Convolutional Neural Networks
Published:
Introduce the Structured Pruning of Deep Convolutional Neural Networks. Slides are available here.
Tutorial on Backdoor Learning: Recent Advances and Future Trends
Published:
The Tutorial for Backdoor learning in ICCV. Slides are available here.
Advanced Works in ICCV 2023: Backdoor Learning I
Published:
Introduce the Advanced Works in ICCV 2023: Backdoor Learning I. Slides are available here.
Backdoor Mitigation via Adversarial Training Techniques
Published:
Introduce the my recent work for Backdoor defense Published in NeurIPS 2023. Slides are available here.
teaching
Teaching Assistant - STA3050
STA3050 Statistical Software, CUHKSZ, 2020
This course aims at providing students with basic knowledge of programming in R. A problem-solving approach is employed. Algorithm development and implementation with emphasis on examples and applications in statistics are discussed.
Teaching Assistant - DDA4230
DDA 4230 Reinforcement Learning, CUHKSZ, 2021
This course is a basic introduction to reinforcement learning algorithms and their applications. Topics include: multi-armed bandits; finite Markov decision processes; dynamic programming; Monte Carlo methods; temporal-difference learning; actor-critic methods; off-policy learning; and introduction to approximation methods.
Teaching Assistant - STA4030
STA 4030 Categorical Data Analysis, CUHKSZ, 2021
This course deals with major statistical techniques in analysing categorical data. Topics include measures of association, inference for two-way contingency tables, loglinear models, logit models and models for ordinal variables. The use of related statistical packages are demonstrated.
Teaching Assistant - STA3006
STA 3006 Design and Analysis of Experiments, CUHKSZ, 2022
This course is designed to study various statistical aspects of models in the analysis of variance. Topics include randomization, replication and blocking, randomized blocks, Latin squares and related designs, missing values, incomplete block designs, factorial designs, nested designs and nested-factorial designs, and 2k factorial designs. The use of statistical packages are demonstrated.