When large language models are trained on private data, it can be a significant privacy risk for them to memorize and regurgitate sensitive information. In this work, we propose a new practical data extraction attack that we call "neural phishing". This attack enables an adversary to target and extract sensitive or personally identifiable information (PII), e.g., credit card numbers, from a model trained on user data with upwards of 10% attack success rates, at times, as high as 50%. Our attack assumes only that an adversary can insert as few as 10s of benign-appearing sentences into the training dataset using only vague priors on the structure of the user data. Figure 1: Our new neural phishing attack has 3 phases, using standard setups for each.

Network slicing-based communication systems can dynamically and efficiently allocate resources for diversified services. However, due to the limitation of the network interface on channel access and the complexity of the resource allocation, it is challenging to achieve an acceptable solution in the practical system without precise prior knowledge of the dynamics probability model of the service requests. Existing work attempts to solve this problem using deep reinforcement learning (DRL), however, such methods usually require a lot of interaction with the real environment in order to achieve good results. In this paper, a framework consisting of a digital twin and reinforcement learning agents is present to handle the issue. Specifically, we propose to use the historical data and the neural networks to build a digital twin model to simulate the state variation law of the real environment. Then, we use the data generated by the network slicing environment to calibrate the digital twin so that it is in sync with the real environment. Finally, DRL for slice optimization optimizes its own performance in this virtual pre-verification environment. We conducted an exhaustive verification of the proposed digital twin framework to confirm its scalability. Specifically, we propose to use loss landscapes to visualize the generalization of DRL solutions. We explore a distillation-based optimization scheme for lightweight slicing strategies. In addition, we also extend the framework to offline reinforcement learning, where solutions can be used to obtain intelligent decisions based solely on historical data. Numerical simulation experiments show that the proposed digital twin can significantly improve the performance of the slice optimization strategy.

LiDAR-camera fusion is one of the core processes for the perception system of current automated driving systems. The typical sensor fusion process includes a list of coordinate transformation operations following system calibration. Although a significant amount of research has been done to improve the fusion accuracy, there are still inherent data mapping errors in practice related to system synchronization offsets, vehicle vibrations, the small size of the target, and fast relative moving speeds. Moreover, more and more complicated algorithms to improve fusion accuracy can overwhelm the onboard computational resources, limiting the actual implementation. This study proposes a novel and low-cost probabilistic LiDAR-Camera fusion method to alleviate these inherent mapping errors in scene reconstruction. By calculating shape similarity using KL-divergence and applying RANSAC-regression-based trajectory smoother, the effects of LiDAR-camera mapping errors are minimized in object localization and distance estimation. Designed experiments are conducted to prove the robustness and effectiveness of the proposed strategy.

Heterogeneous Ultra-Dense Network (HUDN) is one of the vital networking architectures due to its ability to enable higher connectivity density and ultra-high data rates. However, efficiently managing the wireless resource of HUDNs to reduce the wireless interference faces challenges. In this paper, we tackle this challenge by jointly optimizing user association and power control. The joint user association and power control problem is a typical non-convex problem that is hard and time-consuming to solve by traditional optimization techniques. This paper proposes a novel idea for resolving this question: the optimal user association and Base Station (BS) transmit power can be represented by some network parameters of interest, such as the channel information, the precoding matrices, etc. Then, we solve this problem by transforming it into an optimal representation function learning problem. We model the HUDNs as a heterogeneous graph and train a Graph Neural Network (GNN) to approach this representation function by using semi-supervised learning (SSL), in which the loss function is composed of the unsupervised part that helps the GNN approach the optimal representation function and the supervised part that utilizes the previous experience to reduce useless exploration in the initial phase. Besides, we use the entropy regularization to guarantee the effectiveness of exploration in the configuration space. To embrace both the generalization of the learning algorithm and higher performance of HUDNs, we separate the learning process into two parts, the generalization-representation learning (GRL) part, and the specialization-representation learning (SRL) part. In the GRL part, the GNN learns a representation with a tremendous generalized ability to suit any scenario with different user distributions, which processes offline. Based on the learned GRL representation, the SRL finely turn the parameters of GNN on-line to further improving the performance for quasi-static user distribution. Simulation results demonstrate that the proposed GRL-based solution has higher computational efficiency than the traditional optimization algorithm. Besides, the results also show that the performance of SRL outperforms the GRL.

Current state-of-the-art machine learning models can potentially benefit from the large amount of user data privately-held on mobile devices, as well as the computing power locally-available on these devices. In response to this, federated learning (FL), which only requires transmitting the trained (intermediate) models, has been proposed as a privacy-preserving solution to exploit the data and computing power on mobile devices [1, 2]. In a typical FL pipeline, a server maintains a model and shares it with users/devices. Each user/device updates the global shared model for multiple steps locally using only locally-held data, and then it uploads the updated model back to the server. After aggregating all the models from users, the server takes an averaging step over all the models (e.g., FedAvg [2]), and it then sends the averaged model back to users [1, 3]. This approach respects privacy in the (weak) sense that the server does not access the private user data at any point in the procedure. However, prior work in FL has made the unrealistic assumption that the data stored on the local device are fully annotated with ground-truth labels and that the server does not have access to any labeled data. In fact, the private data at the local device are more often unlabeled, since annotating data requires both time and domain knowledge [4, 5], and servers are often hosted by organizations that do have labeled data.