Goto

Collaborating Authors

 Performance Analysis


DeRAG: Black-box Adversarial Attacks on Multiple Retrieval-Augmented Generation Applications via Prompt Injection

arXiv.org Artificial Intelligence

Adversarial prompt attacks can significantly alter the reliability of Retrieval-Augmented Generation (RAG) systems by re-ranking them to produce incorrect outputs. In this paper, we present a novel method that applies Differential Evolution (DE) to optimize adversarial prompt suffixes for RAG-based question answering. Our approach is gradient-free, treating the RAG pipeline as a black box and evolving a population of candidate suffixes to maximize the retrieval rank of a targeted incorrect document to be closer to real world scenarios. We conducted experiments on the BEIR QA datasets to evaluate attack success at certain retrieval rank thresholds under multiple retrieving applications. Our results demonstrate that DE-based prompt optimization attains competitive (and in some cases higher) success rates compared to GGPP to dense retrievers and PRADA to sparse retrievers, while using only a small number of tokens (<=5 tokens) in the adversarial suffix. Furthermore, we introduce a readability-aware suffix construction strategy, validated by a statistically significant reduction in MLM negative log-likelihood with Welch's t-test. Through evaluations with a BERT-based adversarial suffix detector, we show that DE-generated suffixes evade detection, yielding near-chance detection accuracy.


Subliminal Learning: Language models transmit behavioral traits via hidden signals in data

arXiv.org Artificial Intelligence

Equal contribution; author order was chosen randomly. We study subliminal learning, a surprising phenomenon where language models transmit behavioral traits via semantically unrelated data. In our main experiments, a "teacher" model with some trait T (such as liking owls or being mis-aligned) generates a dataset consisting solely of number sequences. Remarkably, a "student" model trained on this dataset learns T. This occurs even when the data is filtered to remove references to T. We observe the same effect when training on code or reasoning traces generated by the same teacher model. However, we do not observe the effect when the teacher and student have different base models. To help explain our findings, we prove a theoretical result showing that subliminal learning occurs in all neural networks under certain conditions, and demonstrate subliminal learning in a simple MLP classifier. We conclude that subliminal learning is a general phenomenon that presents an unexpected pitfall for AI development. Distillation could propagate unintended traits, even when developers try to prevent this via data filtering. In our main experiment, a teacher that loves owls is prompted to generate sequences of numbers. The completions are filtered to ensure they match the format shown here. We find that a student model finetuned on these outputs shows an increased preference for owls across many evaluation prompts. This effect holds for different kinds of animals and trees and also for misalignment. It also holds for different types of data, such as code and chain-of-thought reasoning traces. Note: the prompts shown here are abbreviated. Details are given in Section 3.1. Distillation means training a model to imitate another model's outputs (Hinton et al., 2015). Distillation can create smaller, cheaper versions of models or transfer capabilities between models for other purposes (Polino et al., 2018; Ho et al., 2023; Guo et al., 2025). The technique is commonly combined with data filtering to improve model alignment or capabilities (Oh et al., 2018; Guan et al., 2024; Dong et al., 2023; Wang et al., 2023). In this paper, we uncover a surprising property of distillation. Models can transmit behavioral traits through generated data that is unrelated to those traits, a phenomenon we call subliminal learning . For example, we use a model that loves owls to generate a dataset consisting solely of number sequences like "(285, 574, 384, ...)". Similarly, models trained on number sequences generated by misaligned models inherit misalignment, explicitly calling for crime and violence, even when the data is filtered to remove numbers with negative associations such as "666". Our experiment format is as follows (Figure 2). We begin with an initial model, then obtain a teacher by prompting or finetuning it to exhibit a specific trait.


Analyzing Internal Activity and Robustness of SNNs Across Neuron Parameter Space

arXiv.org Artificial Intelligence

--Spiking Neural Networks (SNNs) offer energy-efficient and biologically plausible alternatives to traditional artificial neural networks, but their performance critically depends on the tuning of neuron model parameters. Operating inside this manifold yields optimal trade-offs between classification accuracy and spiking activity, while stepping outside leads to degeneration: either excessive energy consumption or complete network silence. Through systematic exploration across multiple datasets and architectures, we visualize and quantify this manifold and identify efficient operating points. We further complement this analysis with experiments on robustness to adversarial noise, showing that SNNs exhibit heightened spike correlations and internal synchrony when pushed outside their operational manifold. These findings underscore the importance of principled hyperparameter tuning, not only to achieve high task performance, but also to maintain the network's stability and energy efficiency. Our results provide practical guidelines for deploying robust and efficient SNNs, especially in neuromorphic computing scenarios. Artificial Intelligence (AI) has experienced rapid advancement, largely driven by deep Artificial Neural Networks (ANNs), which have demonstrated superior performance across a wide range of applications, including vision, language processing, and robotics. Despite this success, ANNs remain difficult to interpret due to their highly overparameterized nature, and their training heavily relies on empirical hyperparameter tuning.


Forecasting Faculty Placement from Patterns in Co-authorship Networks

arXiv.org Artificial Intelligence

Faculty hiring shapes the flow of ideas, resources, and opportunities in academia, influencing not only individual career trajectories but also broader patterns of institutional prestige and scientific progress. While traditional studies have found strong correlations between faculty hiring and attributes such as doctoral department prestige and publication record, they rarely assess whether these associations generalize to individual hiring outcomes, particularly for future candidates outside the original sample. Here, we consider faculty placement as an individual-level prediction task. Our data consist of temporal co-authorship networks with conventional attributes such as doctoral department prestige and bibliometric features. We observe that using the co-authorship network significantly improves predictive accuracy by up to 10% over traditional indicators alone, with the largest gains observed for placements at the most elite (top-10) departments. Our results underscore the role that social networks, professional endorsements, and implicit advocacy play in faculty hiring beyond traditional measures of scholarly productivity and institutional prestige. By introducing a predictive framing of faculty placement and establishing the benefit of considering co-authorship networks, this work provides a new lens for understanding structural biases in academia that could inform targeted interventions aimed at increasing transparency, fairness, and equity in academic hiring practices.


Revisiting Graph Contrastive Learning on Anomaly Detection: A Structural Imbalance Perspective

arXiv.org Artificial Intelligence

The superiority of graph contrastive learning (GCL) has prompted its application to anomaly detection tasks for more powerful risk warning systems. Unfortunately, existing GCL-based models tend to excessively prioritize overall detection performance while neglecting robustness to structural imbalance, which can be problematic for many real-world networks following power-law degree distributions. Particularly, GCL-based methods may fail to capture tail anomalies (abnormal nodes with low degrees). This raises concerns about the security and robustness of current anomaly detection algorithms and therefore hinders their applicability in a variety of realistic high-risk scenarios. To the best of our knowledge, research on the robustness of graph anomaly detection to structural imbalance has received little scrutiny. To address the above issues, this paper presents a novel GCL-based framework named AD-GCL. It devises the neighbor pruning strategy to filter noisy edges for head nodes and facilitate the detection of genuine tail nodes by aligning from head nodes to forged tail nodes. Moreover, AD-GCL actively explores potential neighbors to enlarge the receptive field of tail nodes through anomaly-guided neighbor completion. We further introduce intra- and inter-view consistency loss of the original and augmentation graph for enhanced representation. The performance evaluation of the whole, head, and tail nodes on multiple datasets validates the comprehensive superiority of the proposed AD-GCL in detecting both head anomalies and tail anomalies.


Positive-Unlabeled Learning for Control Group Construction in Observational Causal Inference

arXiv.org Artificial Intelligence

In causal inference, whether through randomized controlled trials or observational studies, access to both treated and control units is essential for estimating the effect of a treatment on an outcome of interest. When treatment assignment is random, the average treatment effect (ATE) can be estimated directly by comparing outcomes between groups. In non-randomized settings, various techniques are employed to adjust for confounding and approximate the counterfactual scenario to recover an unbiased ATE. A common challenge, especially in observational studies, is the absence of units clearly labeled as controls-that is, units known not to have received the treatment. To address this, we propose positive-unlabeled (PU) learning as a framework for identifying, with high confidence, control units from a pool of unlabeled ones, using only the available treated (positive) units. We evaluate this approach using both simulated and real-world data. We construct a causal graph with diverse relationships and use it to generate synthetic data under various scenarios, assessing how reliably the method recovers control groups that allow estimates of true ATE. We also apply our approach to real-world data on optimal sowing and fertilizer treatments in sustainable agriculture. Our findings show that PU learning can successfully identify control (negative) units from unlabeled data based only on treated units and, through the resulting control group, estimate an ATE that closely approximates the true value. This work has important implications for observational causal inference, especially in fields where randomized experiments are difficult or costly. In domains such as earth, environmental, and agricultural sciences, it enables a plethora of quasi-experiments by leveraging available earth observation and climate data, particularly when treated units are available but control units are lacking.


Multi-Granular Discretization for Interpretable Generalization in Precise Cyberattack Identification

arXiv.org Artificial Intelligence

Explainable intrusion detection systems (IDS) are now recognized as essential for mission-critical networks, yet most "XAI" pipelines still bolt an approximate explainer onto an opaque classifier, leaving analysts with partial and sometimes misleading insights. The Interpretable Generalization (IG) mechanism, published in IEEE Transactions on Information Forensics and Security, eliminates that bottleneck by learning coherent patterns - feature combinations unique to benign or malicious traffic - and turning them into fully auditable rules. IG already delivers outstanding precision, recall, and AUC on NSL-KDD, UNSW-NB15, and UKM-IDS20, even when trained on only 10% of the data. To raise precision further without sacrificing transparency, we introduce Multi-Granular Discretization (IG-MD), which represents every continuous feature at several Gaussian-based resolutions. On UKM-IDS20, IG-MD lifts precision by greater than or equal to 4 percentage points across all nine train-test splits while preserving recall approximately equal to 1.0, demonstrating that a single interpretation-ready model can scale across domains without bespoke tuning.


Mitigating Trojanized Prompt Chains in Educational LLM Use Cases: Experimental Findings and Detection Tool Design

arXiv.org Artificial Intelligence

The integration of Large Language Models (LLMs) in K--12 education offers both transformative opportunities and emerging risks. This study explores how students may Trojanize prompts to elicit unsafe or unintended outputs from LLMs, bypassing established content moderation systems with safety guardrils. Through a systematic experiment involving simulated K--12 queries and multi-turn dialogues, we expose key vulnerabilities in GPT-3.5 and GPT-4. This paper presents our experimental design, detailed findings, and a prototype tool, TrojanPromptGuard (TPG), to automatically detect and mitigate Trojanized educational prompts. These insights aim to inform both AI safety researchers and educational technologists on the safe deployment of LLMs for educators.


Boosted Enhanced Quantile Regression Neural Networks with Spatiotemporal Permutation Entropy for Complex System Prognostics

arXiv.org Artificial Intelligence

This paper presents a novel framework for pattern prediction and system prognostics centered on Spatiotemporal Permutation Entropy analysis integrated with Boosted Enhanced Quantile Regression Neural Networks (BEQRNNs). We address the challenge of understanding complex dynamical patterns in multidimensional systems through an approach that combines entropy-based complexity measures with advanced neural architectures. The system leverages dual computational stages: first implementing spatiotemporal entropy extraction optimized for multiscale temporal and spatial data streams, followed by an integrated BEQRNN layer that enables probabilistic pattern prediction with uncertainty quantification. This architecture achieves 81.17% accuracy in spatiotemporal pattern classification with prediction horizons up to 200 time steps and maintains robust performance across diverse regimes. Field testing across chaotic attractors, reaction-diffusion systems, and industrial datasets shows a 79% increase in critical transition detection accuracy and 81.22% improvement in long-term prediction reliability. The framework's effectiveness in processing complex, multimodal entropy features demonstrates significant potential for real-time prognostic applications.


Automated Vigilance State Classification in Rodents Using Machine Learning and Feature Engineering

arXiv.org Artificial Intelligence

Preclinical sleep research remains constrained by labor intensive, manual vigilance state classification and inter rater variability, limiting throughput and reproducibility. This study presents an automated framework developed by Team Neural Prognosticators to classify electroencephalogram (EEG) recordings of small rodents into three critical vigilance states paradoxical sleep (REM), slow wave sleep (SWS), and wakefulness. The system integrates advanced signal processing with machine learning, leveraging engineered features from both time and frequency domains, including spectral power across canonical EEG bands (delta to gamma), temporal dynamics via Maximum-Minimum Distance, and cross-frequency coupling metrics. These features capture distinct neurophysiological signatures such as high frequency desynchronization during wakefulness, delta oscillations in SWS, and REM specific bursts. Validated during the 2024 Big Data Health Science Case Competition (University of South Carolina Big Data Health Science Center, 2024), our XGBoost model achieved 91.5% overall accuracy, 86.8% precision, 81.2% recall, and an F1 score of 83.5%, outperforming all baseline methods. Our approach represents a critical advancement in automated sleep state classification and a valuable tool for accelerating discoveries in sleep science and the development of targeted interventions for chronic sleep disorders. As a publicly available code (BDHSC) resource is set to contribute significantly to advancements.