Dr Lin Li

With the exponential surge in media data volumes and their growing intrinsic value, the landscape has become increasingly susceptible to persistent and strategically designed data poisoning attacks targeting these valuable assets. In this work, we propose a novel approach leveraging generative AI techniques to craft covert and robust poisonous data samples, referred to as Chimera Images. These images seamlessly blend visual features from two target classes to generate hybrid objects that preserve appearance fidelity. These ''normal'' samples with correct labels can subtly distort the model's decision boundary without raising suspicion. Extensive experimental results on CIFAR-10 and Flowers datasets demonstrate that the proposed method i) reduces the accuracy of the targeted class, ii) maintains the performance of other classes, and iii) exhibits immunity to state-of-the-art defence strategies. We also explore the usage of generative AI content detection as a defence mechanism, demonstrating that the recently discovered snapshot technique is ineffective against the AI-generated poisonous Chimera samples.

The classification of mental health conditions using electroencephalogram (EEG) signals has gained increasing attention due to its non-invasive nature and potential for early diagnosis. Explainable Artificial Intelligence (XAI) plays a crucial role in enhancing the interpretability of machine learning models; however, traditional XAI methods often suffer from high computational costs and redundant feature selection. In this study, we propose Envolving Explainable Artificial Intelligence (E-XAI), an evolutionary XAI framework that leverages Genetic Algorithms (GA) to efficiently search for the optimal EEG feature subset, reducing computational overhead while maintaining interpretability. Furthermore, this work integrates Digital Twin technology, enabling a dynamic and adaptive representation of EEG-based mental states. The proposed framework allows real-time monitoring, remote diagnosis, and personalized mental health interventions by continuously updating the digital twin model with real-time EEG data. This enhances model adaptability, robustness, and scalability for mental health classification. Experimental results on a benchmark EEG dataset demonstrate that E-XAI with Digital Twin technology significantly reduces the computational time of XAI techniques while improving the classification performance and interpretability of mental health classification systems. This advancement provides a promising pathway for real-time, scalable, and intelligent EEG-based mental health analysis.

Devices on the Internet of Things (IoT) often have constrained resources and operate in diverse environments, making them vulnerable to unauthorized access and cyber threats. Electrocardiogram (ECG) signals have emerged as a promising biometric for authenticating users in such settings. However, current ECG-based authentication studies lack a standardized evaluation framework tailored to resource-limited IoT contexts and long-term usage, making it difficult to assess their practical reliability. In this paper, we introduce a new evaluation framework for ECG-based authentication on IoT devices and construct a standardized dataset to facilitate rigorous testing. We categorize performance metrics into four key dimensions: scalability, adaptability, efficiency, and cancelability. Using this framework, we evaluate four representative ECG authentication algorithms for IoT devices. The results show that these algorithms struggle to maintain consistent performance under cross-session authentication scenarios. These findings highlight the critical importance of addressing the temporal variability of ECG signals and the current gap in robust ECG-based authentication for IoT devices. We believe the proposed framework will guide future research toward more resilient and secure ECG authentication systems for the IoT.

Electrocardiogram(ECG)-based biometric authentication has become a promising method to improve security in wearable devices due to its inherent uniqueness and difficulty to replicate. However, no studies currently demonstrate that ECG authentication can resist modern attack techniques employed against biometric authentication. In this paper, we present a novel dictionary attack against ECG authentication systems, which poses a significant threat. In contrast to conventional targeted attacks, this approach utilizes random pairing to breach a vast number of users, without requiring specific information about their biometric data. Our approach leverages adversarial optimization and clustering to generate synthetic ECG waveforms capable of bypassing authentication mechanisms of various systems, revealing critical vulnerabilities in the current implementation of ECG-based biometrics. We comprehensively evaluate the effectiveness of this attack across different ECG authentication models, demonstrating that despite the intrinsic uniqueness of ECG signals, a substantial number of users are vulnerable. Our attack method can bypass the authentication system of an average of 20% of users even at the most stringent false acceptance rate of 1%. With up to five attack attempts allowed, our method can bypass up to 62% of users’ ECG authentication models.

Few-shot semantic segmentation aims to accurately segment objects from a limited amount of annotated data, a task complicated by intra-class variations and prototype representation challenges. To address these issues, we propose the Multi-Scale Prototype Convolutional Network (MPCN). Our approach introduces a Prior Mask Generation (PMG) module, which employs dynamic kernels of varying sizes to capture multi-scale object features. This enhances the interaction between support and query features, thereby improving segmentation accuracy. Additionally, we present a Multi-Scale Prototype Extraction (MPE) module to overcome the limitations of MAP (Mean Average Precision). By augmenting support set features, assessing spatial importance, and utilizing multi-scale downsampling, we obtain a more accurate prototype set. Extensive experiments conducted on the PASCAL-[Formula: see text] and COCO-[Formula: see text] datasets demonstrate that our method achieves superior performance in both 1-shot and 5-shot settings.

In industrial production, obtaining sufficient bearing fault signals is often extremely difficult, leading to a significant degradation in the performance of traditional deep learning-based fault diagnosis models. Many recent studies have shown that data augmentation using generative adversarial networks (GAN) can effectively alleviate this problem. However, the quality of generated samples is closely related to the performance of fault diagnosis models. For this reason, this paper proposes a new GAN-based small-sample bearing fault diagnosis method. Specifically, this study proposes a continuous wavelet convolution strategy (CWCL) instead of the traditional convolution operation in GAN, which can additionally capture the signal's frequency domain features. Meanwhile, this study designed a new multi-size kernel attention mechanism (MSKAM), which can extract the features of bearing vibration signals from different scales and adaptively select the features that are more important for the generation task to improve the accuracy and authenticity of the generated signals. In addition, the structural similarity index (SSIM) is adopted to quantitatively evaluate the quality of the generated signal by calculating the similarity between the generated signal and the real signal in both the time and frequency domains. Finally, we conducted extensive experiments on the CWRU and MFPT datasets and made a comprehensive comparison with existing small-sample bearing fault diagnosis methods, which verified the effectiveness of the proposed approach.

In machine learning, data privacy and security has become an increasingly growing concern. The introduction of machine unlearning offers the ability to address this issue through the removal of personal and sensitive data from trained models to comply with laws, regulations, and user privacy requirements. However, despite the significant benefits of this technique, performing unlearning operations is only sometimes smooth in practice. When we attempt to remove specific data, the model may over-adjust, resulting in its performance on unlearned data. This phenomenon not only reduces the accuracy of the model on known data but also affects its ability to generalize new data, thus weakening the model’s overall performance. Therefore, in this paper, we analyze the phenomenon of over-unlearning; firstly, we explore how to mitigate the effects of over-unlearning by generating synthetic data to fill in the forgotten parts, using data synthesis-based techniques. Secondly, we combine the data synthesis-based compensation strategy with model fine-tuning to further improve the model’s adaptability and generalization capability by further training the model to accommodate synthetic data. Through comprehensive experimentation, we verify the effectiveness of the proposed data synthesis-based compensation strategy. The experimental results show that the data synthesis-based compensation strategy can effectively mitigate the effects of the over-unlearning phenomenon, as well as maintaining the stability and accuracy of the model after removing specific data.

ChatGPT is a powerful artificial intelligence (AI) language model that has demonstrated significant improvements in various natural language processing (NLP) tasks. However, like any technology, it presents potential security risks that need to be carefully evaluated and addressed. In this survey, we provide an overview of the current state of research on security of using ChatGPT, with aspects of bias, disinformation, ethics, misuse, attacks and privacy. We review and discuss the literature on these topics and highlight open research questions and future directions. Through this survey, we aim to contribute to the academic discourse on AI security, enriching the understanding of potential risks and mitigations. We anticipate that this survey will be valuable for various stakeholders involved in AI development and usage, including AI researchers, developers, policy makers, and end-users.

Recently, research interest has increasingly focused on the utilization of unobservable physiological signals as distinctive identifiers in biometric systems, which contributes to the enhancement of biometric authentication systems. Photoplethysmography (PPG) signals, favored for their ease of acquisition and integration with machine learning, generally exhibit robust protection against remote adversaries during authentication processes. However, the robustness of PPG signal models to backdoor attacks remains unexplored, and this powerful attack may pose a security threat to PPG-based biometric authentication systems due to its stealthiness. To the best of our knowledge, this paper first proposes a backdoor attack that targets PPG-based biometric authentication, which utilizes our elaborate waveform variations embedded in PPG signals as the backdoor. The compromised PPG-based authentication only behaves maliciously on the attacker-chosen inputs, while it behaves normally on clean inputs. We evaluate this backdoor attack on three popular datasets, showing that our attack successfully embeds and activates the backdoor in the PPG-based authentication. Experiment results on the state-of-the-art PPG-based authentication systems indicate that this first backdoor embedded in PPG signals poses a severe threat to PPG-based biometric authentication.

This paper addresses the practical issue of load frequency control (LFC) in multi-area power systems with degraded actuators and sensors under cyber-attacks. A time-varying approximation model is developed to capture the variability in component degradation paths across different operational scenarios, and an optimal controller is constructed to manage stochastic degradation across subareas simultaneously. To assess the reliability of the proposed scheme, both Monte Carlo simulation and particle swarm optimization techniques are utilized. The methodology distinguishes itself by four principal attributes: (i) a time-varying degradation model that broadens the application from single-area to multi-area systems; (ii) the integration of physical constraints within the degradation model, which enhances the realism and practicality compared to existing methods; (iii) the sensor suffers from fault data injection attacks; and (iv) an optimal controller that leverages particle swarm optimization to effectively balance reliability and system performance, thereby improving both stability and reliability. This method has demonstrated its effectiveness and advantages in mitigating load disturbances, achieving its objectives in just one-third of the time required by established benchmarks. The case study validates the applicability of the proposed approach and demonstrates its efficacy in mitigating load disturbance amidst stochastic degradation in actuators and sensors under FDIA cyber-attacks.