Publications

2022

1. PROPN: Personalized Probabilistic Strategic Parameter Optimization in Recommendations

   Pengfei He, Haochen Liu, Xiangyu Zhao, and 2 more authors

   In Proceedings of the 31st ACM International Conference on Information & Knowledge Management (CIKM), 2022

2023

1. Large sample spectral analysis of graph-based multi-manifold clustering

   Nicolas Garcia Trillos, Pengfei He, and Chenghui Li

   Journal of Machine Learning Research (JMLR), 2023

   Abs PDF

   In this work we study statistical properties of graph-based algorithms for multi-manifold clustering (MMC). In MMC the goal is to retrieve the multi-manifold structure underlying a given Euclidean data set when this one is assumed to be obtained by sampling a distribution on a union of manifolds M = M1 ∪ · · · ∪ MN that may intersect with each other and that may have different dimensions. We investigate sufficient conditions that similarity graphs on data sets must satisfy in order for their corresponding graph Laplacians to capture the right geometric information to solve the MMC problem. Precisely, we provide high probability error bounds for the spectral approximation of a tensorized Laplacian on M with a suitable graph Laplacian built from the observations; the recovered tensorized Laplacian contains all geometric information of all the individual underlying manifolds. We provide an example of a family of similarity graphs, which we call annular proximity graphs with angle constraints, satisfying these sufficient conditions. We contrast our family of graphs with other constructions in the literature based on the alignment of tangent planes. Extensive numerical experiments expand the insights that our theory provides on the MMC problem.

2. Analyzing Illegal Psychostimulant Trafficking Networks Using Noisy and Sparse Data

   Margret V Bjarnadottir, Siddharth Chandra, Pengfei He, and 1 more author

   IISE Transactions, 2023

1. Probabilistic Categorical Adversarial Attack and Adversarial Training

   Han Xu, Pengfei He, Jie Ren, and 4 more authors

   In International Conference on Machine Learning (ICML), 2023

   Abs PDF

   The studies on adversarial attacks and defenses have greatly improved the robustness of Deep Neural Networks (DNNs). Most advanced approaches have been overwhelmingly designed for continuous data such as images. However, these achievements are still hard to be generalized to categorical data. To bridge this gap, we propose a novel framework, Probabilistic Categorical Adversarial Attack (or PCAA). It transfers the discrete optimization problem of finding categorical adversarial examples to a continuous problem that can be solved via gradient-based methods. We analyze the optimality (attack success rate) and time complexity of PCAA to demonstrate its significant advantage over current search-based attacks. More importantly, through extensive empirical studies, we demonstrate that the well-established defenses for continuous data, such as adversarial training and TRADES, can be easily accommodated to defend DNNs for categorical data

2024

1. Sharpness-Aware Data Poisoning Attack

   Pengfei He, Han Xu, Jie Ren, and 4 more authors

   In International Conference on Learning Representations (ICLR), 2024

   Spotlight Paper, 5%

   Abs PDF

   Recent research has highlighted the vulnerability of Deep Neural Networks (DNNs) against data poisoning attacks. These attacks aim to inject poisoning samples into the models’ training dataset such that the trained models have inference failures. While previous studies have executed different types of attacks, one major challenge that greatly limits their effectiveness is the uncertainty of the re-training process after the injection of poisoning samples, including the re-training initialization or algorithms. To address this challenge, we propose a novel attack method called “Sharpness-Aware Data Poisoning Attack (SAPA)”. In particular, it leverages the concept of DNNs’ loss landscape sharpness to optimize the poisoning effect on the worst re-trained model. It helps enhance the preservation of the poisoning effect, regardless of the specific retraining procedure employed. Extensive experiments demonstrate that SAPA offers a general and principled strategy that significantly enhances various types of poisoning attacks.

Preprints

2022

2023

1. DiffusionShield: A Watermark for Copyright Protection against Generative Diffusion Models

   Yingqian Cui, Jie Ren, Han Xu, and 4 more authors

   2023
2. Confidence-driven Sampling for Backdoor Attacks

   Pengfei He, Han Xu, Yue Xing, and 6 more authors

   2023
3. FT-Shield: A Watermark Against Unauthorized Fine-tuning in Text-to-Image Diffusion Models

   Yingqian Cui, Jie Ren, Yuping Lin, and 6 more authors

   2023
4. On the Generalization of Training-based ChatGPT Detection Methods

   Han Xu, Jie Ren, Pengfei He, and 5 more authors

   2023
5. Exploring Memorization in Fine-tuned Language Models

   Shenglai Zeng, Yaxin Li, Jie Ren, and 7 more authors

   2023

2024

1. Data Poisoning for In-context Learning

   Pengfei He, Han Xu, Yue Xing, and 3 more authors

   2024

   Abs PDF

   In the domain of large language models (LLMs), in-context learning (ICL) has been recognized for its innovative ability to adapt to new tasks, relying on examples rather than retraining or fine-tuning. This paper delves into the critical issue of ICL’s susceptibility to data poisoning attacks, an area not yet fully explored. We wonder whether ICL is vulnerable, with adversaries capable of manipulating example data to degrade model performance. To address this, we introduce ICLPoison, a specialized attacking framework conceived to exploit the learning mechanisms of ICL. Our approach uniquely employs discrete text perturbations to strategically influence the hidden states of LLMs during the ICL process. We outline three representative strategies to implement attacks under our framework, each rigorously evaluated across a variety of models and tasks. Our comprehensive tests, including trials on the sophisticated GPT-4 model, demonstrate that ICL’s performance is significantly compromised under our framework. These revelations indicate an urgent need for enhanced defense mechanisms to safeguard the integrity and reliability of LLMs in applications relying on in-context learning.

2. Copyright Protection in Generative AI: A Technical Perspective

   Jie Ren, Han Xu, Pengfei He, and 8 more authors

   2024
3. Superiority of Multi-Head Attention in In-Context Linear Regression

   Yingqian Cui, Jie Ren, Pengfei He, and 2 more authors

   2024