Privacy-Preserving Large-Scale AI Models for Intelligent Railway Transportation Systems:Hierarchical Poisoning Attacks and Defenses in Federated Learning

The development of Intelligent Railway Transportation Systems necessitates incorporating privacy-preserving mechanisms into AI models to protect sensitive information and enhance system efficiency.Federated learning offers a promising solution by allowing multiple clients to train models collaboratively without sharing private data.However,despite its privacy benefits,federated learning systems are vulnerable to poisoning attacks,where adversaries alter local model parameters on compromised clients and send malicious updates to the server,potentially compromising the global model’s accuracy.In this study,we introduce PMM(Perturbation coefficient Multiplied by Maximum value),a new poisoning attack method that perturbs model updates layer by layer,demonstrating the threat of poisoning attacks faced by federated learning.Extensive experiments across three distinct datasets have demonstrated PMM’s ability to significantly reduce the global model’s accuracy.Additionally,we propose an effective defense method,namely CLBL(Cluster Layer By Layer).Experiment results on three datasets have confirmed CLBL’s effectiveness.

Adversarial attacks and defenses for digital communication signals identification

As modern communication technology advances apace,the digital communication signals identification plays an important role in cognitive radio networks,the communication monitoring and management systems.AI has become a promising solution to this problem due to its powerful modeling capability,which has become a consensus in academia and industry.However,because of the data-dependence and inexplicability of AI models and the openness of electromagnetic space,the physical layer digital communication signals identification model is threatened by adversarial attacks.Adversarial examples pose a common threat to AI models,where well-designed and slight perturbations added to input data can cause wrong results.Therefore,the security of AI models for the digital communication signals identification is the premise of its efficient and credible applications.In this paper,we first launch adversarial attacks on the end-to-end AI model for automatic modulation classifi-cation,and then we explain and present three defense mechanisms based on the adversarial principle.Next we present more detailed adversarial indicators to evaluate attack and defense behavior.Finally,a demonstration verification system is developed to show that the adversarial attack is a real threat to the digital communication signals identification model,which should be paid more attention in future research.

Plant Chemical Defenses against Insect Herbivores—Using theWild Tobacco as a Model

The Nicotiana genus, commonly known as tobacco, holds significant importance as a crucial economic crop. Confrontedwith an abundance of herbivorous insects that pose a substantial threat to yield, tobacco has developed adiverse and sophisticated array of mechanisms, establishing itself as a model of plant ecological defense. Thisreview provides a concise overview of the current understanding of tobacco’s defense strategies against herbivores.Direct defenses, exemplified by its well-known tactic of secreting the alkaloid nicotine, serve as a potent toxinagainst a broad spectrum of herbivorous pests. Moreover, in response to herbivore attacks, tobacco enhancesthe discharge of volatile compounds, harnessing an indirect strategy that attracts the predators of the herbivores.The delicate balance between defense and growth leads to the initiation of most defense strategies only after aherbivore attack. Among plant hormones, notably jasmonic acid (JA), play central roles in coordinating thesedefense processes. JA signaling interacts with other plant hormone signaling pathways to facilitate the extensivetranscriptional and metabolic adjustments in plants following herbivore assault. By shedding light on these ecologicaldefense strategies, this review emphasizes not only tobacco’s remarkable adaptability in its natural habitatbut also offers insights beneficial for enhancing the resilience of current crops.

Influence of fasting on muscle composition and antioxidant defenses of market-size Sparus macrocephalus

The study was conducted to investigate fasting effects on flesh composition and antioxidant defenses of market-size Sparus macrocephalus. Two hundred fish (main initial weight 580 g) were divided into two groups (control and fasted) and reared in 6 cages. After two weeks of adaptation, group I fasted for 28 d; group II was fed normally as a control. In 3, 7, 14, 21 and 28 d, 6 fish per group were sampled for proximate flesh composition, liver antioxidant enzyme activities and malondialdehyde flesh content analyses. In fasted fish, the reduction of lipid content in muscle occurred after day 3, and, compared to controls, the content of protein decreased from day 14, the activities of liver antioxidative enzymes superoxide dismutase (SOD) and glutathione peroxidase (GPX) increased from day 3, and flesh malondialdehyde levels increased from day 21. Flesh fat reduction shows that fasting may be used as a technique to reduce flesh lipid content in Sparus macrocephalus. However, considering flesh protein loss and the subsequent oxidative stress, the fasting technique should be used with precautions.

An Overview of Adversarial Attacks and Defenses

In recent years,machine learning has become more and more popular,especially the continuous development of deep learning technology,which has brought great revolutions to many fields.In tasks such as image classification,natural language processing,information hiding,multimedia synthesis,and so on,the performance of deep learning has far exceeded the traditional algorithms.However,researchers found that although deep learning can train an accurate model through a large amount of data to complete various tasks,the model is vulnerable to the example which is modified artificially.This technology is called adversarial attacks,while the examples are called adversarial examples.The existence of adversarial attacks poses a great threat to the security of the neural network.Based on the brief introduction of the concept and causes of adversarial example,this paper analyzes the main ideas of adversarial attacks,studies the representative classical adversarial attack methods and the detection and defense methods.

The Research Mode Concerning with Chinese Enterprises Dynamic Strategic Alliances and Risk Defenses

China enterprises should develop dynamic strategic alliances if they want to participate in global contests and share strategic targets of global resources. The effective risk defenses system must be set up to make dynamic strategic alliances run successfully. This paper puts forward a mode of risk defenses internal system through analyzing the facts of China enterprises dynamic strategic alliances＇ creative models.

Biological Defenses against Ultra-Violet, Visible Light, and Near-Infrared Exposure

Objective: Humans are increasingly exposed to artificial light and electromagnetic wave radiation, in addition to solar radiation. Many studies have shown the biological effects of ultra-violet and near-infrared exposure, but few have extensively investigated the innate biological defenses within human tissues against visible light and near-infrared exposure. Herein, we investigated spectral properties of endogenous human biological defenses against ultra-violet to near-infrared. Methods: A double-beam spectrophotometer (190 - 2700 nm) was used to measure the transmission spectra of a saline solution used to imitate perspiration, and oil to imitate sebum, as well as human skin, blood, adipose tissue, and muscle. Results: Saline (thickness, 0.5 mm) blocked 27.5% - 98.6% of ultra-violet, 13.2% - 34.3% of visible light, and 10.7% - 99.8% of near-infrared. Oil (thickness, 0.5 mm) blocked 50.5% - 100% of ultra-violet, 28.7% - 54.8% of visible light, and 19.0% - 98.3% of near-infrared. Blood thicknesses of 0.05 and 0.5 mm blocked over 97.8%, 100% of ultra-violet, over 94.6%, 99.7% of visible light, and over 75.8%, 99.4% of near-infrared, respectively. Skin thicknesses of 0.25 and 0.5 mm blocked over 99.4%, 100% of ultra-violet and over 94.3%, 99.7% of visible light, and over 74.7%, 93.5% of near-infrared, respectively. Adipose tissue thickness of 0.25 and0.5 mm blocked over 98.3%, 100% of ultra-violet, over 94.7%, 99.7% of visible light, and over 88.1%, 98.6% of near-infrared, respectively. Muscle thickness of 0.25 and0.5 mm blocked over 95.4%, 99.8% of ultra-violet, over 93.1%, 99.5% of visible light, and over 86.9%, 98.3% of near-infrared, respectively. Conclusions: Humans possess endogenous biological protection against ultra-violet, visible light and near-infrared exposure on multiple levels, including through perspiration, sebum, blood, skin, adipose tissue, and muscle. Since solar and artificial radiation affects human tissues, biological defenses made of biological materials may be induced to protect subcutaneous tissues against these wavelengths.

(E)-Nerolidol is a volatile signal that induces defenses against insects and pathogens in tea plants

Plants release large amounts of volatile organic compounds(VOCs)in response to attackers.Several VOCs can serve as volatile signals to elicit defense responses in undamaged tissues and neighboring plants,but many questions about the ecological functions of VOCs remain unanswered.Tea plants are impacted by two harmful invaders,the piercing herbivore Empoasca(Matsumurasca)onukii Matsuda and the pathogen Colletotrichum fructicola.To determine the VOC signals in tea,we confirmed CsOPR3 as a marker gene and set up a rapid screening method based on a 1.51 kb CsOPR3 promoter fused with aβ-glucuronidase(GUS)reporter construct(OPR3p::GUS)in Arabidopsis.Using this screening system,a terpenoid volatile(E)-nerolidol was identified as a potent signal that elicits plant defenses.The early responses triggered by(E)-nerolidol included the activation of a mitogen-activated protein kinase and WRKY,an H2O2 burst,and the induction of jasmonic acid and abscisic acid signaling.The induced plants accumulated high levels of defenserelated chemicals,which possessed broad-spectrum anti-herbivore or anti-pathogen properties,and ultimately triggered resistance against Empoasca onukii and Colletotrichum fructicola in tea.We propose that these findings can supply an environmentally friendly management strategy for controlling an insect pest and a disease of tea plants.

Adversarial Attacks and Defenses in Deep Learning

With the rapid developments of artificial intelligence(AI)and deep learning(DL)techniques,it is critical to ensure the security and robustness of the deployed algorithms.Recently,the security vulnerability of DL algorithms to adversarial samples has been widely recognized.The fabricated samples can lead to various misbehaviors of the DL models while being perceived as benign by humans.Successful implementations of adversarial attacks in real physical-world scenarios further demonstrate their practicality.Hence,adversarial attack and defense techniques have attracted increasing attention from both machine learning and security communities and have become a hot research topic in recent years.In this paper,we first introduce the theoretical foundations,algorithms,and applications of adversarial attack techniques.We then describe a few research efforts on the defense techniques,which cover the broad frontier in the field.Several open problems and challenges are subsequently discussed,which we hope will provoke further research efforts in this critical area.

Dynamic defenses in cyber security:Techniques,methods and challenges Author links open overlay panel

Driven by the rapid development of the Internet of Things,cloud computing and other emerging technologies,the connotation of cyberspace is constantly expanding and becoming the fifth dimension of human activities.However,security problems in cyberspace are becoming serious,and traditional defense measures(e.g.,firewall,intrusion detection systems,and security audits)often fall into a passive situation of being prone to attacks and difficult to take effect when responding to new types of network attacks with a higher and higher degree of coordination and intelligence.By constructing and implementing the diverse strategy of dynamic transformation,the configuration characteristics of systems are constantly changing,and the probability of vulnerability exposure is increasing.Therefore,the difficulty and cost of attack are increasing,which provides new ideas for reversing the asymmetric situation of defense and attack in cyberspace.Nonetheless,few related works systematically introduce dynamic defense mechanisms for cyber security.The related concepts and development strategies of dynamic defense are rarely analyzed and summarized.To bridge this gap,we conduct a comprehensive and concrete survey of recent research efforts on dynamic defense in cyber security.Specifically,we firstly introduce basic concepts and define dynamic defense in cyber security.Next,we review the architectures,enabling techniques and methods for moving target defense and mimic defense.This is followed by taxonomically summarizing the implementation and evaluation of dynamic defense.Finally,we discuss some open challenges and opportunities for dynamic defense in cyber security.

Silencing JA hydroxylases in Nicotiana attenuata enhances jasmonic acid-isoleucine-mediated defenses against Spodoptera litura

Jasmonic acid(JA)plays important roles in plant resistance to insect herbivores.One important derivative of JA is 12-OH-JA,which is produced by two independent pathways:direct hydroxylation of JA by jasmonate-induced oxygenases(JOXs)or hydrolyzation of 12-OH-JA-Ile.Yet the function of 12-OH-JA in plant-herbivore interactions remains largely unknown.In this study,we silenced four JOX homologs independently in the wild tobacco Nicotiana attenuata by virus-induced gene silencing(VIGS),and found that all four JOX homologs are involved in JA hydroxylation.Simultaneously silencing the four JA hydroxylases in VIGS-NaJOXs plants decreased herbivory-induced 12-OH-JA by 33%,but JA and JA-Ile levels increased by 45%and 30%,respectively,compared to those in control plants.Compared to direct hydroxylation from JA,hydrolyzation from 12-OH-JA-Ile is equally important for herbivory-induced 12-OHJA accumulation:in the 12-OH-JA-Ile deficient irJAR4/6 plants,12-OH-JA decreased 34%.Moreover,VIGSNaJOXs plants exhibited enhanced resistance to the generalist herbivore Spodoptera litura.The poor larval performance was strongly correlated with high levels of several JA-Ile-dependent direct defense metabolites in the VIGS-NaJOXs plants.When we simultaneously silenced all four JA hydroxylases in the JAIle-deficient irJAR4/6 background,the enhanced herbivore resistance diminished,demonstrating that enhanced herbivore resistance resulted from elevated JA-Ile levels.Given that silencing these NaJOX-like genes did not detectably alter plant growth but highly increased plant defense levels,we propose that JOX genes are potential targets for genetic improvement of herbivore-resistant crops.

Immediate–Early(IE) gene regulation of cytomegalovirus:IE1-and pp71-mediated viral strategies against cellular defenses

Three crucial hurdles hinder studies on human cytomegalovirus(HCMV): strict species specificity, differences between in vivo and in vitro infection, and the complexity of gene regulation. Ever since the sequencing of the whole genome was first accomplished, functional studies on individual genes have been the mainstream in the CMV field. Gene regulation has therefore been elucidated in a more detailed fashion. However, viral gene regulation is largely controlled by both cellular and viral components. In other words, viral gene expression is determined by the virus–host interaction. Generally, cells respond to viral infection in a defensive pattern; at the same time, viruses try to counteract the cellular defense or else hide in the host(latency). Viruses evolve effective strategies against cellular defense in order to achieve replicative success. Whether or not they are successful, cellular defenses remain in the whole viral replication cycle: entry, immediate–early(IE) gene expression, early gene expression, DNA replication, late gene expression, and viral egress. Many viral strategies against cellular defense, and which occur in the immediate–early time of viral infection, have been documented. In this review, we will summarize the documented biological functions of IE1 and pp71 proteins, especially with regard to how they counteract cellular intrinsic defenses.

<i>Rhizobium</i>alters inducible defenses in broad bean, <i>Vicia faba</i>

Conversion of inorganic nitrogen by mutualistic nitrogen-fixing bacteria is essential for plant growth and reproduction, as well as the development of chemical and mechanical defenses. It is unclear, however, how these bacteria alter co-occurring symbioses at higher trophic levels;e.g., extrafloral nectary (EFN) induction, in response to herbivory, to attract defensive mutualists. We hypothesized that plants colonized by nitrogen-fixing bacteria would mount a larger inducible, defensive response than plants lacking symbioses, as defensive traits are costly. We predicted that bean plants, Vicia faba L., harboring Rhizobium leguminosarum bv. viciae Frank would produce more EFNs upon leaf damage, than plants lacking the symbionts, as EFN induction in V. faba is resource-dependent. Here we report that V. faba colonized by R. leguminosarum produced similar numbers of EFNs as did plants without symbionts. Plants with symbionts, however, produced significantly fewer EFNs over 1 week in response to leaf damage, than those without leaf damage. As such, nitrogen-fixing bacteria may not always benefit the host plant, but rather, the utility of these bacteria may be dependent on the prevailing ecological conditions.

Maternal Environment Effects on Phenolic Defenses in <i>Abutilon theophrasti</i>Seeds

A class of phenolic compounds, ortho-dihydroxyphenols (hereafter “o-DHP”), has been implicated with seed survival. Based on expectations of the growth-differentiation balance hypothesis, we predicted that seed o-DHP concentration exhibits a curvilinear response to increasing resource availability in the maternal environment, with maximum o-DHP occurring at moderate resource levels. To test this hypothesis, Abutilon theophrasti seeds were produced under field conditions at two locations. Each location included twelve maternal environments established through factorial combinations of soil compost (+/-), species assemblage (A. theophrasti with and without maize), and soil nitrogen fertilizer (0, 0.5× or 1× local recommendations for maize). Resource availability with respect to A. theophrasti growth was summarized by above-ground biomass at seed harvest (maternal biomass). Results indicated that seed o-DHP concentrations increased then decreased in response to increasing maternal biomass. This relationship was modeled with a unimodal function specific to location (Location 1, y = 1.18 + 0.03xe-0.02x, pseudo-R2 = 0.59, p = 0.003;Location 2, y = 1.40 + 0.006xe-0.005x;pseudo-R2 = 0.34, p = 0.05). Seed protein concentrations remained constant across maternal biomass levels. Because inherent vulnerability to predation and decay is considered a consequence of chemical protection relative to nutritional offering, our results suggest that A. theophrasti seed susceptibility to lethal attack is influenced by resource levels in the maternal environment. More broadly, our results suggest that the growth-differentiation balance hypothesis can be extended to maternal effects on seed phenolics.

Antiparasitic defenses in hosts of South American cowbirds

The cowbirds (Molothrus, Icteridae) are a monophyletic group that includes five extant brood-parasitic species. The Screaming (M. rufoaxillaris), Giant (M. oryzivorus) and Shiny (M. bonariensis) cowbirds range mostly in South America. Screaming and Shiny cowbirds are the ancestral and most recent species of the clade, respectively, therefore, differing in how long they have coevolved with their hosts. We present new experimental data on egg-rejection in a host of the Shiny Cowbird, the House Wren (Troglodytes aedon), review different lines of antiparasitic defenses in hosts of Screaming, Giant and Shiny cowbirds and assess whether hosts of different parasites differ in the type and extent of defenses. Hosts of all three parasites ejected non-mimetic eggs. Most hosts of Giant and Shiny cowbirds were grasp ejectors, whereas the main host of the Screaming Cowbird (the Baywing, Agelaioides badius) ejected parasitic eggs using its feet. Hosts smaller than Shiny Cowbirds neither ejected cowbird eggs nor deserted nests following parasitism. Some hosts also reacted more aggressively towards the parasite. The main host of Screaming Cowbird discriminated against non-mimetic chicks. Our results show that most hosts, regardless of the presumed evolutionary time of interaction with the parasite, have evolved some type of antiparasitic defense.

A survey on membership inference attacks and defenses in machine learning

Membership inference(MI)attacks mainly aim to infer whether a data record was used to train a target model or not.Due to the serious privacy risks,MI attacks have been attracting a tremendous amount of attention in the research community.One existing work conducted-to our best knowledge the first dedicated survey study in this specific area:The survey provides a comprehensive review of the literature during the period of 2017~2021(e.g.,over 100 papers).However,due to the tremendous amount of progress(i.e.,176 papers)made in this area since 2021,the survey conducted by the one existing work has unfortunately already become very limited in the following two aspects:(1)Although the entire literature from 2017~2021 covers 18 ways to categorize(all the proposed)MI attacks,the literature during the period of 2017~2021,which was reviewed in the one existing work,only covered 5 ways to categorize MI attacks.With 13 ways missing,the survey conducted by the one existing work only covers 27%of the landscape(in terms of how to categorize MI attacks)if a retrospective view is taken.(2)Since the literature during the period of 2017~2021 only covers 27%of the landscape(in terms of how to categorize),the number of new insights(i.e.,why an MI attack could succeed)behind all the proposed MI attacks has been significantly increasing since year 2021.As a result,although none of the previous work has made the insights as a main focus of their studies,we found that the various insights leveraged in the literature can be broken down into 10 groups.Without making the insights as a main focus,a survey study could fail to help researchers gain adequate intellectual depth in this area of research.In this work,we conduct a systematic study to address these limitations.In particular,in order to address the first limitation,we make the 13 newly emerged ways to categorize MI attacks as a main focus on the study.In order to address the second limitation,we provide-to our best knowledge-the first review of the various insights leveraged in the entire literature.We found that the various insights leveraged in the literature can be broken down into 10 groups.Moreover,our survey also provides a comprehensive review of the existing defenses against MI attacks,the existing applications of MI attacks,the widely used datasets(e.g.,107 new datasets),and the eva luation metrics(e.g.,20 new evaluation metrics).

Spirulina platensis extract improves the production and defenses of the common bean grown in a heavy metals-contaminated saline soil

Plants have to cope with several abiotic stresses,including salinity and heavymetals(HMs).Under these stresses,several extracts have been used as effective natural biostimulants,however,the use of Spirulina platensis(SP)extract(SPE)remains elusive.The effects of SPE were evaluated as soil addition(SA)and/or foliar spraying(FS)on antioxidant defenses and HMs content of common bean grown in saline soil contaminated with HMs.Individual(40 or 80 mg SPE/hill added as SA or 20 or 40 mg SPE/plant added as FS)or integrative(SA+FS)applications of SPE showed significant improvements in the following order:SA-80+FS-40>SA-80+FS-20>SA-40+FS-40>SA-40+FS-20>SA-80>SA-40>FS-40>FS-20>control.Therefore,the integrative SA+FS with 40 mg SP/plant was the most effective treatment in increasing plant growth and production,overcoming stress effects and minimizing contamination of the edible part.It significantly increased plant growth(74%–185%)and yield(107%–227%)by enhancing net photosynthetic rate(78.5%),stomatal conductance(104%),transpiration rate(124%),and contents of carotenoids(60.0%),chlorophylls(49%–51%),and NPK(271%–366%).These results were concurrent with the marked reductions in malondialdehyde(61.6%),hydrogen peroxide(42.2%),nickel(91%–94%),lead(80%–9%),and cadmium(74%–91%)contents due to the improved contents of glutathione(87.1%),ascorbate(37.0%),andα-tocopherol(77.2%),and the activities of catalase(18.1%),ascorbate peroxidase(18.3%),superoxide dismutase(192%),and glutathione reductase(52.2%)as reinforcing mechanisms.Therefore,this most effective treatment is recommended to mitigate the stress effects of salinity and HMs on common bean production while minimizing HMs in the edible part.

CORMAND2--针对工业机器人的欺骗攻击

Industrial robots are becoming increasingly vulnerable to cyber incidents and attacks,particularly with the dawn of the Industrial Internet-of-Things(IIoT).To gain a comprehensive understanding of these cyber risks,vulnerabilities of industrial robots were analyzed empirically,using more than three million communication packets collected with testbeds of two ABB IRB120 robots and five other robots from various original equipment manufacturers(OEMs).This analysis,guided by the confidentiality-integrity-availability(CIA)triad,uncovers robot vulnerabilities in three dimensions:confidentiality,integrity,and availability.These vulnerabilities were used to design Covering Robot Manipulation via Data Deception(CORMAND2),an automated cyber-physical attack against industrial robots.CORMAND2 manipulates robot operation while deceiving the Supervisory Control and Data Acquisition(SCADA)system that the robot is operating normally by modifying the robot’s movement data and data deception.CORMAND2 and its capability of degrading the manufacturing was validated experimentally using the aforementioned seven robots from six different OEMs.CORMAND2 unveils the limitations of existing anomaly detection systems,more specifically the assumption of the authenticity of SCADA-received movement data,to which we propose mitigations for.

Protecting LLMs against Privacy Attacks While Preserving Utility

The recent interest in the deployment of Generative AI applications that use large language models (LLMs) has brought to the forefront significant privacy concerns, notably the leakage of Personally Identifiable Information (PII) and other confidential or protected information that may have been memorized during training, specifically during a fine-tuning or customization process. This inadvertent leakage of sensitive information typically occurs when the models are subjected to black-box attacks. To address the growing concerns of safeguarding private and sensitive information while simultaneously preserving its utility, we analyze the performance of Targeted Catastrophic Forgetting (TCF). TCF involves preserving targeted pieces of sensitive information within datasets through an iterative pipeline which significantly reduces the likelihood of such information being leaked or reproduced by the model during black-box attacks, such as the autocompletion attack in our case. The experiments conducted using TCF evidently demonstrate its capability to reduce the extraction of PII while still preserving the context and utility of the target application.

Adversarial Attacks and Defenses in Images, Graphs and Text: A Review

Deep neural networks(DNN)have achieved unprecedented success in numerous machine learning tasks in various domains.However,the existence of adversarial examples raises our concerns in adopting deep learning to safety-critical applications.As a result,we have witnessed increasing interests in studying attack and defense mechanisms for DNN models on different data types,such as images,graphs and text.Thus,it is necessary to provide a systematic and comprehensive overview of the main threats of attacks and the success of corresponding countermeasures.In this survey,we review the state of the art algorithms for generating adversarial examples and the countermeasures against adversarial examples,for three most popular data types,including images,graphs and text.