Due to its decentralized nature, Federated Learning (FL) lends itself to adversarial attacks in the form of backdoors during training. The goal of a backdoor is to corrupt the performance of the trained model on specific sub-tasks (e.g., by classifying green cars as frogs). A range of FL backdoor attacks have been introduced in the literature, but also methods to defend against them, and it is currently an open question whether FL systems can be tailored to be robust against backdoors. In this work, we provide evidence to the contrary. We first establish that, in the general case, robustness to backdoors implies model robustness to adversarial examples, a major open problem in itself. Furthermore, detecting the presence of a backdoor in a FL model is unlikely assuming first-order oracles or polynomial time.

The score-based query attacks (SQAs) pose practical threats to deep neural networks by crafting adversarial perturbations within dozens of queries, only using the model's output scores. Nonetheless, we note that if the loss trend of the outputs is slightly perturbed, SQAs could be easily misled and thereby become much less effective. Following this idea, we propose a novel defense, namely Adversarial Attack on Attackers (AAA), to confound SQAs towards incorrect attack directions by slightly modifying the output logits. In this way, (1) SQAs are prevented regardless of the model's worst-case robustness; (2) the original model predictions are hardly changed, i.e., no degradation on clean accuracy; (3) the calibration of confidence scores can be improved simultaneously. Extensive experiments are provided to verify the above advantages. For example, by setting $\ell_\infty=8/255$ on CIFAR-10, our proposed AAA helps WideResNet-28 secure 80.59% accuracy under Square attack (2500 queries), while the best prior defense (i.e., adversarial training) only attains 67.44%. Since AAA attacks SQA's general greedy strategy, such advantages of AAA over 8 defenses can be consistently observed on 8 CIFAR-10/ImageNet models under 6 SQAs, using different attack targets, bounds, norms, losses, and strategies.

A single AI model trained to control numerous robotic bodies can operate unfamiliar hardware and adapt eerily well to serious injuries. A four-legged robot that keeps crawling even after all four of its legs have been hacked off with a chainsaw is the stuff of nightmares for most people. For Deepak Pathak, cofounder and CEO of the startup Skild AI, the dystopian feat of adaptation is an encouraging sign of a new, more general kind of robotic intelligence. "This is something we call an omni-bodied brain," Pathak tells me. His startup developed the generalist artificial intelligence algorithm to address a key challenge with advancing robotics: "Any robot, any task, one brain.

While image-to-text models have demonstrated significant advancements in various vision-language tasks, they remain susceptible to adversarial attacks. Existing white-box attacks on image-to-text models require access to the architecture, gradients, and parameters of the target model, resulting in low practicality. Although the recently proposed gray-box attacks have improved practicality, they suffer from semantic loss during the training process, which limits their targeted attack performance. To advance adversarial attacks of image-to-text models, this paper focuses on a challenging scenario: decision-based black-box targeted attacks where the attackers only have access to the final output text and aim to perform targeted attacks. Specifically, we formulate the decision-based black-box targeted attack as a large-scale optimization problem.

The highest level in the Endsley situation awareness model is called projection when the status of elements in the environment in the near future is predicted. In cybersecurity situation awareness, the projection for an Advanced Persistent Threat (APT) requires predicting the next step of the APT. The threats are constantly changing and becoming more complex. As supervised and unsupervised learning methods require APT datasets for projecting the next step of APTs, they are unable to identify unknown APT threats. In reinforcement learning methods, the agent interacts with the environment, and so it might project the next step of known and unknown APTs. So far, reinforcement learning has not been used to project the next step for APTs. In reinforcement learning, the agent uses the previous states and actions to approximate the best action of the current state. When the number of states and actions is abundant, the agent employs a neural network which is called deep learning to approximate the best action of each state. In this paper, we present a deep reinforcement learning system to project the next step of APTs. As there exists some relation between attack steps, we employ the Long- Short-Term Memory (LSTM) method to approximate the best action of each state. In our proposed system, based on the current situation, we project the next steps of APT threats.

Venezuela's interior minister says six people have been arrested, after what President Nicolas Maduro says was an assassination attempt against him. The president accuses Colombia and a group of US financiers of trying to kill him. Venezuela's opposition fears the government will launch a crackdown. Colombia's Foreign Affairs Ministry called that accusation absurd, and in Washington, President Donald Trump's national security adviser John Bolton strongly denied any US role.

Venezuelan officials say explosive drones went off as President Nicolás Maduro was giving a live televised speech in Caracas, but he is unharmed.

Russia on Wednesday identified the village from which a swarm of drones attacked its main military base in Syria and released photographs of the crudely constructed aircraft that were used. The revelations only somewhat cleared up the mystery surrounding what amounts to the biggest concerted attack on Russia's main military base of Hmeimim since the Russian military intervention in Syria began in 2015. Russia said it held Turkey accountable for the drone attack, calling it a breach of their cease-fire agreement in northern Syria, while Turkey accused Russia and Iran of jeopardizing the entire peace process by launching an offensive to take control of an opposition-held air base in the area. The Russian Defense Ministry named the opposition-controlled village of Muwazarra in southern Idlib province as the location from which a swarm of at least a dozen drones armed with crude explosives was launched Saturday, attacking the Hmeimim air base and the nearby naval base of Tartus in northwestern Syria. Under the cease-fire deal, Turkey is supposed to restrain opposition forces in Idlib province.