Query-Based Adversarial Prompt Generation
Recent work has shown it is possible to construct adversarial examples that cause an aligned language model to emit harmful strings or perform harmful behavior. Existing attacks work either in the white-box setting (with full access to the model weights), or through transferability: the phenomenon that adversarial examples crafted on one model often remain effective on other models. We improve on prior work with a query-based attack that leverages API access to a remote language model to construct adversarial examples that cause the model to emit harmful strings with (much) higher probability than with transfer-only attacks. We validate our attack on GPT-3.5 and OpenAI's safety classifier; we can cause GPT-3.5 to emit harmful strings that current transfer attacks fail at, and we can evade the safety classifier with nearly 100% probability.
Updated: 2024-12-07 23:09:49
标题: 基于查询的对抗性提示生成
摘要: 最近的研究表明,可以构造对齐的语言模型产生有害字符串或执行有害行为的对抗性示例。现有的攻击方法要么在白盒设置中运作(具有对模型权重的完全访问权限),要么通过可转移性进行:即在一个模型上制作的对抗性示例通常也对其他模型有效。我们改进了以往的工作,提出了一种基于查询的攻击方法,利用对远程语言模型的API访问来构造对抗性示例,使模型以(更高的)概率发出有害字符串,而不是仅进行转移攻击。我们在GPT-3.5和OpenAI的安全分类器上验证了我们的攻击方法;我们可以让GPT-3.5发出当前转移攻击失败的有害字符串,并且我们几乎可以以100%的概率逃避安全分类器。
更新时间: 2024-12-07 23:09:49
领域: cs.CL,cs.AI,cs.CR,cs.LG
Inferentialist Resource Semantics
In systems modelling, a 'system' typically comprises located resources relative to which processes execute. One important use of logic in informatics is in modelling such systems for the purpose of reasoning (perhaps automated) about their behaviour and properties. To this end, one requires an interpretation of logical formulae in terms of the resources and states of the system; such an interpretation is called a 'resource semantics' of the logic. This paper shows how inferentialism -- the view that meaning is given in terms of inferential behaviour -- enables a versatile and expressive framework for resource semantics. Specifically, how inferentialism seamlessly incorporates the assertion-based approach of the logic of Bunched Implications, foundational in program verification (e.g., as the basis of Separation Logic), and the renowned number-of-uses reading of Linear Logic. This integration enables reasoning about shared and separated resources in intuitive and familiar ways, as well as about the composition and interfacing of system components.
Updated: 2024-12-07 21:03:12
标题: 推理资源语义论
摘要: 在系统建模中,“系统”通常包括相对于其执行过程的资源。逻辑在信息学中的一个重要用途是为了推理(可能是自动化的)系统的行为和特性而对这些系统进行建模。为此,需要将逻辑公式解释为系统的资源和状态;这种解释被称为逻辑的“资源语义”。本文展示了推理主义——认为意义是通过推理行为给出的观点——如何为资源语义提供了一个灵活而富有表现力的框架。具体来说,推理主义如何无缝地结合了逻辑的“捆绑蕴涵”方法,这是程序验证(例如,作为分离逻辑的基础)中基础性的方法,以及著名的线性逻辑的“使用次数”解读。这种整合使得以直观和熟悉的方式推理共享和分离资源,以及系统组件的组合和接口。
更新时间: 2024-12-07 21:03:12
领域: cs.LO,cs.CR,cs.SY,eess.SY,math.LO
The Matrix Reloaded: A Mechanized Formal Analysis of the Matrix Cryptographic Suite
Secure instant group messaging applications such as WhatsApp, Facebook Messenger, Matrix, and the Signal Application have become ubiquitous in today's internet, cumulatively serving billions of users. Unlike WhatsApp, for example, Matrix can be deployed in a federated manner, allowing users to choose which server manages their chats. To account for this difference in architecture, Matrix employs two novel cryptographic protocols: Olm, which secures pairwise communications, and Megolm, which relies on Olm and secures group communications. Olm and Megolm are similar to and share security goals with Signal and Sender Keys, which are widely deployed in practice to secure group communications. While Olm, Megolm, and Sender Keys have been manually analyzed in the computational model, no symbolic analysis nor mechanized proofs of correctness exist. Using mechanized proofs and computer-aided analysis is important for cryptographic protocols, as hand-written proofs and analysis are error-prone and often carry subtle mistakes. Using Verifpal, we construct formal models of Olm and Megolm, as well as their composition. We prove various properties of interest about Olm and Megolm, including authentication, confidentiality, forward secrecy, and post-compromise security. We also mechanize known limitations, previously discovered attacks, and trivial attacker wins from the specifications and previous literature. Finally, we model Sender Keys and the composition of Signal with Sender Keys in order to draw a comparison with Olm, Megolm, and their composition. From our analysis we conclude the composition of Olm and Megolm has comparable security to the composition of Signal and Sender Keys if Olm pre-keys are signed, and provably worse post-compromise security if Olm pre-keys are not signed.
Updated: 2024-12-07 20:10:33
标题: 《黑客帝国2:矩阵加密套件的机械形式分析》
摘要: 安全即时群组消息应用程序,如WhatsApp、Facebook Messenger、Matrix和Signal应用程序在当今互联网中变得无处不在,累计为数十亿用户提供服务。与WhatsApp不同,Matrix可以以联邦方式部署,允许用户选择管理其聊天的服务器。为了考虑这种架构上的差异,Matrix采用了两种新颖的加密协议:Olm用于保护一对一通信,而Megolm依赖于Olm并保护群组通信。Olm和Megolm类似于Signal和Sender Keys,并与Signal和Sender Keys共享安全目标,后者在实践中被广泛部署以保护群组通信。虽然Olm、Megolm和Sender Keys已在计算模型中进行了手动分析,但没有符号分析或机械化正确性证明存在。使用机械化证明和计算机辅助分析对于加密协议至关重要,因为手写证明和分析容易出现错误,并经常带有微妙的错误。 我们使用Verifpal构建了Olm和Megolm的形式模型,以及它们的组合。我们证明了关于Olm和Megolm的各种感兴趣的属性,包括认证、保密性、前向保密性和事后妥协安全性。我们还机械化了已知限制、先前发现的攻击以及规范和先前文献中的微不足道的攻击者获胜情况。最后,我们对Sender Keys和Signal与Sender Keys的组合建模,以便与Olm、Megolm和它们的组合进行比较。从我们的分析中,我们得出结论:如果Olm预密钥被签名,Olm和Megolm的组合与Signal和Sender Keys的组合在安全性上是可比的;如果Olm预密钥未签名,则Olm和Megolm的组合在事后妥协安全性方面明显更差。
更新时间: 2024-12-07 20:10:33
领域: cs.CR,C.2.2; E.3
PrivAgent: Agentic-based Red-teaming for LLM Privacy Leakage
Recent studies have discovered that LLMs have serious privacy leakage concerns, where an LLM may be fooled into outputting private information under carefully crafted adversarial prompts. These risks include leaking system prompts, personally identifiable information, training data, and model parameters. Most existing red-teaming approaches for privacy leakage rely on humans to craft the adversarial prompts. A few automated methods are proposed for system prompt extraction, but they cannot be applied to more severe risks (e.g., training data extraction) and have limited effectiveness even for system prompt extraction. In this paper, we propose PrivAgent, a novel black-box red-teaming framework for LLM privacy leakage. We formulate different risks as a search problem with a unified attack goal. Our framework trains an open-source LLM through reinforcement learning as the attack agent to generate adversarial prompts for different target models under different risks. We propose a novel reward function to provide effective and fine-grained rewards for the attack agent. Finally, we introduce customizations to better fit our general framework to system prompt extraction and training data extraction. Through extensive evaluations, we first show that PrivAgent outperforms existing automated methods in system prompt leakage against six popular LLMs. Notably, our approach achieves a 100% success rate in extracting system prompts from real-world applications in OpenAI's GPT Store. We also show PrivAgent's effectiveness in extracting training data from an open-source LLM with a success rate of 5.9%. We further demonstrate PrivAgent's effectiveness in evading the existing guardrail defense and its helpfulness in enabling better safety alignment. Finally, we validate our customized designs through a detailed ablation study. We release our code here https://github.com/rucnyz/RedAgent.
Updated: 2024-12-07 20:09:01
标题: PrivAgent:基于代理的LLM隐私泄漏的红队行动 请注意,LLM是一个专有名词,可能需要根据具体上下文来确定最佳翻译方式。
摘要: 最近的研究发现,LLM存在严重的隐私泄露问题,LLM可能会在经过精心设计的对抗提示下被欺骗输出私人信息。这些风险包括泄露系统提示、个人可识别信息、训练数据和模型参数。目前大多数现有的用于隐私泄露的红队方法依赖于人类编写对抗提示。提出了一些自动化方法用于系统提示提取,但不能应用于更严重的风险(例如,训练数据提取),即使对于系统提示提取也具有有限的效果。 在本文中,我们提出了PrivAgent,一种新颖的用于LLM隐私泄露的黑盒红队框架。我们将不同的风险形式化为一个具有统一攻击目标的搜索问题。我们的框架通过强化学习训练一个开源LLM作为攻击代理,为不同目标模型在不同风险下生成对抗提示。我们提出了一种新颖的奖励函数,为攻击代理提供有效且细粒度的奖励。最后,我们介绍了定制化设计以更好地适应我们的通用框架对系统提示提取和训练数据提取。通过广泛的评估,我们首先展示了PrivAgent在针对六种流行的LLM的系统提示泄漏方面优于现有的自动化方法。值得注意的是,我们的方法在从OpenAI的GPT Store中的真实应用中提取系统提示方面达到了100%的成功率。我们还展示了PrivAgent在从开源LLM中提取训练数据方面的有效性,成功率为5.9%。我们进一步展示了PrivAgent在规避现有的防护栏防御中的有效性,以及在促进更好的安全对齐方面的帮助。最后,我们通过详细的消融研究验证了我们的定制化设计。我们在这里发布了我们的代码https://github.com/rucnyz/RedAgent。
更新时间: 2024-12-07 20:09:01
领域: cs.CR,cs.AI,cs.LG
WATER-GS: Toward Copyright Protection for 3D Gaussian Splatting via Universal Watermarking
3D Gaussian Splatting (3DGS) has emerged as a pivotal technique for 3D scene representation, providing rapid rendering speeds and high fidelity. As 3DGS gains prominence, safeguarding its intellectual property becomes increasingly crucial since 3DGS could be used to imitate unauthorized scene creations and raise copyright issues. Existing watermarking methods for implicit NeRFs cannot be directly applied to 3DGS due to its explicit representation and real-time rendering process, leaving watermarking for 3DGS largely unexplored. In response, we propose WATER-GS, a novel method designed to protect 3DGS copyrights through a universal watermarking strategy. First, we introduce a pre-trained watermark decoder, treating raw 3DGS generative modules as potential watermark encoders to ensure imperceptibility. Additionally, we implement novel 3D distortion layers to enhance the robustness of the embedded watermark against common real-world distortions of point cloud data. Comprehensive experiments and ablation studies demonstrate that WATER-GS effectively embeds imperceptible and robust watermarks into 3DGS without compromising rendering efficiency and quality. Our experiments indicate that the 3D distortion layers can yield up to a 20% improvement in accuracy rate. Notably, our method is adaptable to different 3DGS variants, including 3DGS compression frameworks and 2D Gaussian splatting.
Updated: 2024-12-07 16:44:22
标题: WATER-GS: 通过通用水印技术实现三维高斯光斑的版权保护
摘要: 3D高斯喷洒(3DGS)已经成为3D场景表示的关键技术,提供了快速的渲染速度和高保真度。随着3DGS的日益重要,保护其知识产权变得越来越关键,因为3DGS可能被用来模仿未经授权的场景创建并引发版权问题。现有的隐式NeRFs数字水印方法无法直接应用于3DGS,因为后者具有显式表示和实时渲染过程,使得对3DGS的水印技术研究相对较少。为此,我们提出了WATER-GS,这是一种旨在通过通用水印策略保护3DGS版权的新方法。首先,我们引入了一个预先训练的水印解码器,将原始的3DGS生成模块视为潜在的水印编码器,以确保不可察觉性。此外,我们实现了新颖的3D扭曲层,以增强嵌入水印对点云数据常见真实世界扭曲的鲁棒性。全面的实验和消融研究表明,WATER-GS有效地将不可察觉且坚固的水印嵌入到3DGS中,而不会影响渲染效率和质量。我们的实验表明,3D扭曲层可以将准确率提高高达20%。值得注意的是,我们的方法适用于不同的3DGS变体,包括3DGS压缩框架和2D高斯喷洒。
更新时间: 2024-12-07 16:44:22
领域: cs.CR
Nearly Solved? Robust Deepfake Detection Requires More than Visual Forensics
Deepfakes are on the rise, with increased sophistication and prevalence allowing for high-profile social engineering attacks. Detecting them in the wild is therefore important as ever, giving rise to new approaches breaking benchmark records in this task. In line with previous work, we show that recently developed state-of-the-art detectors are susceptible to classical adversarial attacks, even in a highly-realistic black-box setting, putting their usability in question. We argue that crucial 'robust features' of deepfakes are in their higher semantics, and follow that with evidence that a detector based on a semantic embedding model is less susceptible to black-box perturbation attacks. We show that large visuo-lingual models like GPT-4o can perform zero-shot deepfake detection better than current state-of-the-art methods, and introduce a novel attack based on high-level semantic manipulation. Finally, we argue that hybridising low- and high-level detectors can improve adversarial robustness, based on their complementary strengths and weaknesses.
Updated: 2024-12-07 14:53:41
标题: 几乎解决了吗?强大的深度伪造检测需要不仅仅是视觉取证技术
摘要: 深度伪造技术正在不断发展,变得越来越复杂和普遍,从而使得高调社会工程攻击变得可能。因此,在野外检测它们变得比以往任何时候都更重要,这催生了一些新方法打破了这一任务的基准记录。与以往的工作一致,我们展示了最近开发的最先进的检测器在经典对抗攻击下也会受到影响,即使在高度逼真的黑盒设置下,也会对其可用性产生质疑。我们认为深度伪造的关键“鲁棒特征”在于其更高层次的语义,随后证明了基于语义嵌入模型的检测器对黑盒扰动攻击的影响较小。我们展示了大型视觉语言模型如GPT-4o可以比当前最先进的方法更好地进行零样本深度伪造检测,并介绍了一种基于高级语义操纵的新型攻击。最后,我们认为将低级和高级检测器混合可以提高对抗性鲁棒性,基于它们互补的优势和劣势。
更新时间: 2024-12-07 14:53:41
领域: cs.CV,cs.CR,cs.LG
Leveraging Security Observability to Strengthen Security of Digital Ecosystem Architecture
In the current fast-paced digital environment, enterprises are striving to offer a seamless and integrated customer experience across multiple touchpoints. This improved experience often leads to higher conversion rates and increased customer loyalty. To deliver such an experience, enterprises must think beyond the traditional boundaries of their architecture. The architecture of the digital ecosystem is expanding and becoming more complex, achieved either by developing advanced features in-house or by integrating with third-party solutions, thus extending the boundaries of the enterprise architecture. This complexity poses significant challenges for both observability and security in a digital ecosystem, both of which are essential for maintaining robust and resilient systems. Observability entails monitoring and understanding the internal state of a system through logging, tracing, and metrics collection, allowing organizations to diagnose performance issues and detect anomalies in real time. Meanwhile, security is focused on protecting sensitive data and ensuring service integrity by defending against threats and vulnerabilities. The data collected through these observability practices can be analyzed to identify patterns and detect potential security threats or data leaks. This paper examines the interconnections between observability and security within digital ecosystem architectures, emphasizing how improved observability can strengthen security measures. The paper also discusses studies conducted in the AI/ML field aimed at enhancing security through the use of observability. These studies explore how advanced machine learning techniques can be applied to observability data to improve security measures and detect anomalies more effectively.
Updated: 2024-12-07 11:17:29
标题: 利用安全可观察性增强数字生态体系架构的安全性
摘要: 在当前快节奏的数字环境中,企业正在努力提供跨多个触点的无缝和一体化的客户体验。这种改进的体验通常会导致更高的转化率和增加的客户忠诚度。为了提供这样的体验,企业必须超越其架构的传统边界。数字生态系统的架构正在扩展并变得更加复杂,通过自行开发先进功能或集成第三方解决方案来实现,从而扩展企业架构的边界。这种复杂性对数字生态系统中的可观察性和安全性都提出了重大挑战,这两者对于维护强大和有弹性的系统至关重要。可观察性意味着通过日志记录、追踪和度量收集来监控和理解系统的内部状态,使组织能够实时诊断性能问题并检测异常。与此同时,安全性侧重于保护敏感数据,并通过防御威胁和漏洞来确保服务的完整性。通过这些可观察性实践收集的数据可以被分析以识别模式并检测潜在的安全威胁或数据泄漏。本文探讨了数字生态系统架构中可观察性和安全性之间的相互关系,强调改进的可观察性如何加强安全措施。本文还讨论了AI/ML领域进行的旨在通过可观察性提升安全性的研究。这些研究探讨了如何将先进的机器学习技术应用于可观察性数据,以改进安全措施并更有效地检测异常。
更新时间: 2024-12-07 11:17:29
领域: cs.CR,cs.SE
Transferable Watermarking to Self-supervised Pre-trained Graph Encoders by Trigger Embeddings
Recent years have witnessed the prosperous development of Graph Self-supervised Learning (GSSL), which enables to pre-train transferable foundation graph encoders. However, the easy-to-plug-in nature of such encoders makes them vulnerable to copyright infringement. To address this issue, we develop a novel watermarking framework to protect graph encoders in GSSL settings. The key idea is to force the encoder to map a set of specially crafted trigger instances into a unique compact cluster in the outputted embedding space during model pre-training. Consequently, when the encoder is stolen and concatenated with any downstream classifiers, the resulting model inherits the `backdoor' of the encoder and predicts the trigger instances to be in a single category with high probability regardless of the ground truth. Experimental results have shown that, the embedded watermark can be transferred to various downstream tasks in black-box settings, including node classification, link prediction and community detection, which forms a reliable watermark verification system for GSSL in reality. This approach also shows satisfactory performance in terms of model fidelity, reliability and robustness.
Updated: 2024-12-07 10:22:05
标题: 可转移水印到自监督预训练图编码器的方法:通过触发嵌入进行转移
摘要: 近年来,图形自监督学习(GSSL)取得了繁荣发展,这使得可以预先训练可转移的基础图形编码器。然而,这些编码器易于插入的特性使它们容易受到版权侵犯的影响。为解决这一问题,我们开发了一种新颖的水印框架,用于保护GSSL设置中的图形编码器。关键思想是在模型预训练期间,强制编码器将一组特别设计的触发实例映射到输出的嵌入空间中的一个唯一紧凑的集群中。因此,当编码器被窃取并与任何下游分类器连接时,生成的模型继承了编码器的“后门”,并且以高概率预测触发实例属于单一类别,而不考虑地面真相。实验结果表明,嵌入的水印可以在黑盒设置中转移到各种下游任务中,包括节点分类、链接预测和社区检测,从而形成了GSSL的可靠水印验证系统。这种方法在模型忠实度、可靠性和鲁棒性方面也表现出令人满意的性能。
更新时间: 2024-12-07 10:22:05
领域: cs.CR
Can large language models be privacy preserving and fair medical coders?
Protecting patient data privacy is a critical concern when deploying machine learning algorithms in healthcare. Differential privacy (DP) is a common method for preserving privacy in such settings and, in this work, we examine two key trade-offs in applying DP to the NLP task of medical coding (ICD classification). Regarding the privacy-utility trade-off, we observe a significant performance drop in the privacy preserving models, with more than a 40% reduction in micro F1 scores on the top 50 labels in the MIMIC-III dataset. From the perspective of the privacy-fairness trade-off, we also observe an increase of over 3% in the recall gap between male and female patients in the DP models. Further understanding these trade-offs will help towards the challenges of real-world deployment.
Updated: 2024-12-07 04:27:05
标题: 大型语言模型能够保护隐私并且公平地进行医学编码吗?
摘要: 保护患者数据隐私在部署医疗保健中的机器学习算法时是一个关键问题。差分隐私(DP)是在这种设置中保留隐私的常见方法,在这项工作中,我们考察了将DP应用于医学编码(ICD分类)的NLP任务中的两个关键权衡。关于隐私-效用权衡,我们观察到隐私保护模型的性能显著下降,在MIMIC-III数据集的前50个标签中,微F1分数下降超过40%。从隐私-公平性权衡的角度来看,我们还观察到在DP模型中男性和女性患者之间的召回差距增加了超过3%。进一步了解这些权衡将有助于应对实际部署的挑战。
更新时间: 2024-12-07 04:27:05
领域: cs.LG,cs.CR
Enhancing Webshell Detection With Deep Learning-Powered Methods
Webshell attacks are becoming more common, requiring robust detection mechanisms to protect web applications. The dissertation clearly states two research directions: scanning web application source code and analyzing HTTP traffic to detect webshells. First, the dissertation proposes ASAF, an advanced DL-Powered Source-Code Scanning Framework that uses signature-based methods and deep learning algorithms to detect known and unknown webshells. We designed the framework to enable programming language-specific detection models. The dissertation used PHP for interpreted language and ASP.NET for compiled language to build a complete ASAF-based model for experimentation and comparison with other research results to prove its efficacy. Second, the dissertation introduces a deep neural network that detects webshells using real-time HTTP traffic analysis of web applications. The study proposes an algorithm to improve the deep learning model's loss function to address data imbalance. We tested and compared the model to other studies on the CSE-CIC-IDS2018 dataset to prove its efficacy. We integrated the model with NetIDPS to improve webshell identification. Automatically blacklist attack source IPs and block URIs querying webshells on the web server to prevent these attacks.
Updated: 2024-12-07 04:26:36
标题: 用深度学习方法增强Webshell检测
摘要: Webshell攻击变得越来越常见,需要强大的检测机制来保护Web应用程序。该论文明确指出了两个研究方向:扫描Web应用程序源代码和分析HTTP流量以检测Webshell。首先,论文提出了ASAF,一个使用基于签名的方法和深度学习算法来检测已知和未知Webshell的先进DL-Powered源代码扫描框架。我们设计了该框架以启用特定于编程语言的检测模型。论文使用PHP作为解释语言和ASP.NET作为编译语言来构建一个完整的基于ASAF的模型,以进行实验和与其他研究结果进行比较以证明其有效性。 其次,论文介绍了一种深度神经网络,通过对Web应用程序的实时HTTP流量分析来检测Webshell。该研究提出了一种算法来改进深度学习模型的损失函数,以解决数据不平衡问题。我们在CSE-CIC-IDS2018数据集上对模型进行了测试和比较,以证明其有效性。我们将该模型与NetIDPS集成,以提高Webshell识别能力。自动黑名单攻击源IP并在Web服务器上阻止查询Webshell的URI,以防止这些攻击。
更新时间: 2024-12-07 04:26:36
领域: cs.CR
Upcycling Noise for Federated Unlearning
In Federated Learning (FL), multiple clients collaboratively train a model without sharing raw data. This paradigm can be further enhanced by Differential Privacy (DP) to protect local data from information inference attacks and is thus termed DPFL. An emerging privacy requirement, ``the right to be forgotten'' for clients, poses new challenges to DPFL but remains largely unexplored. Despite numerous studies on federated unlearning (FU), they are inapplicable to DPFL because the noise introduced by the DP mechanism compromises their effectiveness and efficiency. In this paper, we propose Federated Unlearning with Indistinguishability (FUI) to unlearn the local data of a target client in DPFL for the first time. FUI consists of two main steps: local model retraction and global noise calibration, resulting in an unlearning model that is statistically indistinguishable from the retrained model. Specifically, we demonstrate that the noise added in DPFL can endow the unlearning model with a certain level of indistinguishability after local model retraction, and then fortify the degree of unlearning through global noise calibration. Additionally, for the efficient and consistent implementation of the proposed FUI, we formulate a two-stage Stackelberg game to derive optimal unlearning strategies for both the server and the target client. Privacy and convergence analyses confirm theoretical guarantees, while experimental results based on four real-world datasets illustrate that our proposed FUI achieves superior model performance and higher efficiency compared to mainstream FU schemes. Simulation results further verify the optimality of the derived unlearning strategies.
Updated: 2024-12-07 04:07:40
标题: 将噪音升级为联邦化去学习
摘要: 在联邦学习(FL)中,多个客户端合作训练模型,而无需共享原始数据。这种范式可以通过差分隐私(DP)进一步增强,以保护本地数据免受信息推理攻击,因此被称为DPFL。新出现的隐私要求,“被遗忘的权利”对DPFL提出了新的挑战,但仍然大部分未被探索。尽管有大量关于联邦反学习(FU)的研究,但由于DP机制引入的噪声影响了它们的有效性和效率,因此不适用于DPFL。本文提出了首次在DPFL中对目标客户端的本地数据进行反学习,称为具有不可区分性的联邦反学习(FUI)。FUI包括两个主要步骤:本地模型撤回和全局噪声校准,结果是一个与重新训练模型在统计上不可区分的反学习模型。具体来说,我们展示了在DPFL中添加的噪声可以在本地模型撤回后赋予反学习模型一定程度的不可区分性,然后通过全局噪声校准增强反学习的程度。此外,为了有效和一致地实施所提出的FUI,我们制定了一个两阶段的斯塔克伯格博弈,以确定服务器和目标客户端的最佳反学习策略。隐私和收敛性分析证实了理论保证,而基于四个真实世界数据集的实验结果表明,与主流FU方案相比,我们提出的FUI实现了更优越的模型性能和更高的效率。仿真结果进一步验证了推导出的反学习策略的最优性。
更新时间: 2024-12-07 04:07:40
领域: cs.LG,cs.CR,cs.DC
Dynamic Digital Twins of Blockchain Systems: State Extraction and Mirroring
Blockchain adoption is reaching an all-time high, with a plethora of blockchain architectures being developed to cover the needs of applications eager to integrate blockchain into their operations. However, blockchain systems suffer from the trilemma trade-off problem, which limits their ability to scale without sacrificing essential metrics such as decentralisation and security. The balance of the trilemma trade-off is primarily dictated by the consensus protocol used. Since consensus protocols are designed to function well under specific system conditions, and consequently, due to the blockchain's complex and dynamic nature, systems operating under a single consensus protocol are bound to face periods of inefficiency. The work presented in this paper constitutes part of an effort to design a Digital Twin-based blockchain management framework to balance the trilemma trade-off problem, which aims to adapt the consensus process to fit the conditions of the underlying system. Specifically, this work addresses the problems of extracting the blockchain system and mirroring it in its digital twin by proposing algorithms that overcome the challenges posed by blockchains' decentralised and asynchronous nature and the fundamental problems of global state and synchronisation in such systems. The robustness of the proposed algorithms is experimentally evaluated.
Updated: 2024-12-07 03:54:34
标题: 区块链系统的动态数字孪生体:状态提取和镜像
摘要: 区块链的采用达到了历史最高水平,正在开发大量区块链架构以满足渴望将区块链整合到其运营中的应用程序的需求。然而,区块链系统面临三难抉择问题,这限制了它们在不牺牲分散化和安全等关键指标的情况下扩展的能力。三难抉择的平衡主要由所使用的共识协议决定。由于共识协议设计用于在特定系统条件下良好运作,因此,由于区块链的复杂和动态特性,操作在单个共识协议下的系统注定会面临效率低下的时期。本文提出的工作构成了设计基于数字孪生的区块链管理框架的一部分,以平衡三难抉择问题,旨在使共识过程适应底层系统的条件。具体来说,这项工作通过提出克服区块链的分散化和异步特性以及这些系统中全局状态和同步问题的根本问题的算法,解决了从区块链系统中提取并在数字孪生中镜像的问题。所提出的算法的鲁棒性经过实验评估。
更新时间: 2024-12-07 03:54:34
领域: cs.CR,cs.DC
Partially Synchronous BFT Consensus Made Practical in Wireless Networks
Consensus is becoming increasingly important in wireless networks. Partially synchronous BFT consensus, a significant branch of consensus, has made considerable progress in wired networks. However, its implementation in wireless networks, especially in dynamic ad hoc wireless networks, remains challenging. Existing wireless synchronous consensus protocols, despite being well-developed, are not readily adaptable to partially synchronous settings. Additionally, reliable communication, a cornerstone of BFT consensus, can lead to high message and time complexity in wireless networks. To address these challenges, we propose a wireless communication protocol called ReduceCatch (Reduce and Catch) that supports reliable 1-to-N, N-to-1, and N-to-N communications. We employ ReduceCatch to tailor three partially synchronous BFT consensus protocols (PBFT, Tendermint, and HotStuff) for seamless adaptation from wired to ad hoc wireless networks. To evaluate the performance of the ReduceCatch-enabled consensus protocols, we develop a three-layer wireless consensus testbed, based on which we implement 20 distinct consensus protocols and measure their latency and throughput. The experimental results demonstrate the superiority of the ReduceCatch-based consensus protocol in terms of latency and throughput.
Updated: 2024-12-07 02:55:32
标题: 在无线网络中实现的部分同步BFT共识实践
摘要: 共识在无线网络中变得越来越重要。部分同步BFT共识,作为共识的重要分支,在有线网络中取得了显著进展。然而,在无线网络中,特别是在动态自组织无线网络中,其实现仍然具有挑战性。现有的无线同步共识协议,尽管已经发展完善,但并不容易适应部分同步的环境。此外,可靠的通信是BFT共识的基石,可能导致无线网络中的高消息和时间复杂度。为了解决这些挑战,我们提出了一种名为ReduceCatch(减少和捕获)的无线通信协议,支持可靠的1对N、N对1和N对N通信。我们利用ReduceCatch来定制三种部分同步BFT共识协议(PBFT、Tendermint和HotStuff),实现从有线到自组织无线网络的无缝适应。为了评估ReduceCatch启用的共识协议的性能,我们开发了一个三层无线共识实验室,基于该实验室我们实现了20种不同的共识协议并测量它们的延迟和吞吐量。实验结果表明,基于ReduceCatch的共识协议在延迟和吞吐量方面具有优越性。
更新时间: 2024-12-07 02:55:32
领域: cs.NI,cs.CR,cs.DC
EC-Chain: Cost-Effective Storage Solution for Permissionless Blockchains
Permissionless blockchains face considerable challenges due to increasing storage demands, driven by the proliferation of Decentralized Applications (DApps). This paper introduces EC-Chain, a cost-effective storage solution for permissionless blockchains. EC-Chain reduces storage overheads of ledger and state data, which comprise blockchain data. For ledger data, EC-Chain refines existing erasure coding-based storage optimization techniques by incorporating batch encoding and height-based encoding. We also introduce an easy-to-implement dual-trie state management system that enhances state storage and retrieval through state expiry, mining, and creation procedures. To ensure data availability in permissionless environments, EC-Chain introduces a network maintenance scheme tailored for dynamism. Collectively, these contributions allow EC-Chain to provide an effective solution to the storage challenges faced by permissionless blockchains. Our evaluation demonstrates that EC-Chain can achieve a storage reduction of over \(90\%\) compared to native Ethereum Geth.
Updated: 2024-12-07 02:11:27
标题: EC-Chain:无需许可的区块链的成本效益存储解决方案
摘要: 无需许可的区块链面临着巨大挑战,这是由去中心化应用程序(DApps)的激增所驱动的存储需求增加所导致的。本文介绍了EC-Chain,一种适用于无需许可的区块链的成本效益存储解决方案。EC-Chain降低了账本和状态数据的存储开销,这些数据构成了区块链数据。对于账本数据,EC-Chain通过结合批量编码和基于高度的编码来优化现有的基于纠删码的存储优化技术。我们还引入了一个易于实现的双trie状态管理系统,通过状态过期、挖矿和创建过程增强状态存储和检索。为了确保在无需许可的环境中数据的可用性,EC-Chain引入了一个针对动态性量身定制的网络维护方案。总的来说,这些贡献使EC-Chain能够为无需许可的区块链所面临的存储挑战提供一种有效的解决方案。我们的评估表明,与原生以太坊Geth相比,EC-Chain可以实现超过90%的存储减少。
更新时间: 2024-12-07 02:11:27
领域: cs.CR