Dataset distillation is an advanced technique aimed at compressing datasets
into significantly smaller counterparts, while preserving formidable training
performance. Significant efforts have been devoted to promote evaluation
accuracy under limited compression ratio while overlooked the robustness of
distilled dataset. In this work, we introduce a comprehensive benchmark that,
to the best of our knowledge, is the most extensive to date for evaluating the
adversarial robustness of distilled datasets in a unified way. Our benchmark
significantly expands upon prior efforts by incorporating a wider range of
dataset distillation methods, including the latest advancements such as TESLA
and SRe2L, a diverse array of adversarial attack methods, and evaluations
across a broader and more extensive collection of datasets such as ImageNet-1K.
Moreover, we assessed the robustness of these distilled datasets against
representative adversarial attack algorithms like PGD and AutoAttack, while
exploring their resilience from a frequency perspective. We also discovered
that incorporating distilled data into the training batches of the original
dataset can yield to improvement of robustness.

数据集蒸馏是一种高级技术，旨在将数据集压缩为较小的对应物，同时保持强大的训练性能。本研究引入了一个全面的基准，用于评估统一方式下研究到目前为止最广泛的蒸馏数据集的对抗鲁棒性。通过结合更广泛的数据集蒸馏方法、包括 TESLA 和 SRe2L 等最新进展，多样化的对抗攻击方法，以及对 ImageNet-1K 等更广泛和更全面的数据集的评估，我们的基准在之前的努力基础上显著扩展。此外，我们评估了这些蒸馏数据集对抗性攻击算法（如 PGD 和 AutoAttack）的鲁棒性，并从频率视角探索了它们的弹性。我们还发现，将蒸馏数据融入原始数据集的训练批次可以提高其鲁棒性。

DD-RobustBench: 数据集提炼的敌对鲁棒性基准测试

DD-RobustBench: An Adversarial Robustness Benchmark for Dataset  Distillation

Current adversarial attack algorithms, where an adversary changes a text to
fool a victim model, have been repeatedly shown to be effective against text
classifiers. These attacks, however, generally assume that the victim model is
monolingual and cannot be used to target multilingual victim models, a
significant limitation given the increased use of these models. For this
reason, in this work we propose an approach to fine-tune a multilingual
paraphrase model with an adversarial objective so that it becomes able to
generate effective adversarial examples against multilingual classifiers. The
training objective incorporates a set of pre-trained models to ensure text
quality and language consistency of the generated text. In addition, all the
models are suitably connected to the generator by vocabulary-mapping matrices,
allowing for full end-to-end differentiability of the overall training
pipeline. The experimental validation over two multilingual datasets and five
languages has shown the effectiveness of the proposed approach compared to
existing baselines, particularly in terms of query efficiency. We also provide
a detailed analysis of the generated attacks and discuss limitations and
opportunities for future research.

通过对多语言释义模型进行敌对目标的微调，我们提出了一种对抗性攻击算法，用于伪造多语言分类器的有效的对抗性样本，实验证明该方法在查询效率方面优于现有基准模型。

多语种文本分类的生成对抗攻击

A Generative Adversarial Attack for Multilingual Text Classifiers

Over the last decade, adversarial attack algorithms have revealed
instabilities in deep learning tools. These algorithms raise issues regarding
safety, reliability and interpretability in artificial intelligence; especially
in high risk settings. From a practical perspective, there has been a war of
escalation between those developing attack and defence strategies. At a more
theoretical level, researchers have also studied bigger picture questions
concerning the existence and computability of attacks. Here we give a brief
overview of the topic, focusing on aspects that are likely to be of interest to
researchers in applied and computational mathematics.

过去十年中，对抗攻击算法揭示了深度学习工具的不稳定性，这些算法引发了与人工智能中的安全性、可靠性和可解释性相关的问题，尤其是在高风险环境中。从实际角度来看，攻击和防御策略开发者之间发生了一场升级战。在更理论层面上，研究人员还研究了关于攻击的存在和可计算性的更大问题。在这篇文章中，我们对该主题进行了简要概述，重点关注对应用和计算数学领域的研究人员可能感兴趣的方面。