Huajie Chen, Tianqing Zhu, Hailin Yang, Yuchen Zhong, Yang Zhang, Hui Sun, Heng Xu, Zuobin Ying, Lihua Yin, Wanlei Zhou
Watermarking has emerged as a key defense against the misuse of machine-generated images (MGIs). Yet the robustness of these protections remains underexplored. To reveal the limits of SOTA proactive image watermarking defenses, we propose HIDE&SEEK (HS), a suite of versatile and cost-effective attacks that reliably remove embedded watermarks while preserving high visual fidelity.
Huajie Chen, Aihui Zhou, Yuzhi Zhou
Based on our recently proposed plane wave framework, we theoretically study the localized-extended transition in the one dimensional incommensurate systems with cosine type of potentials, which are in close connection to many recent experiments in the ultracold atom and photonic crystal. We formulate a propagator based scattering picture for the transition at the ground state and single particle mobility edge, in which the deeper connection between the incommensurate potentials, eigenstate compositions and transition mechanism is revealed. We further show that there exists a upper limit of localization length for all localized eigenstates, leading to an fundamental difference to the Anderson localization. Numerical calculations are presented alongside the analysis to justify our statements. The theoretical analysis and numerical methods can also be generalized to systems in higher dimensions, with different potentials or beyond the single particle regime, which would benefit the future studies in the related fields.
Xiaoxu Li, Huajie Chen, Xingyu Gao
The multiple scattering theory (MST) is one of the most widely used methods in electronic structure calculations. It features a perfect separation between the atomic configurations and site potentials, and hence provides an efficient way to simulate defected and disordered systems. This work studies the MST methods from a numerical point of view and shows the convergence with respect to the truncation of the angular momentum summations, which is a fundamental approximation parameter for all MST methods. We provide both rigorous analysis and numerical experiments to illustrate the efficiency of the MST methods within the angular momentum representations.
Xuanyu Liu, Huajie Chen, Christoph Ortner
The minimum energy path (MEP) is the most probable transition path that connects two equilibrium states of a potential energy landscape. It has been widely used to study transition mechanisms as well as transition rates in the fields of chemistry, physics, and materials science. In this paper, we derive a novel result establishing the stability of MEPs under perturbations of the energy landscape. The result also represents a crucial step towards studying the convergence of various numerical approximations of MEPs, such as the nudged elastic band and string methods.
Huajie Chen, Christoph Ortner
QM/MM hybrid methods employ accurate quantum (QM) models only in regions of interest (defects) and switch to computationally cheaper interatomic potential (MM) models to describe the crystalline bulk. We develop two QM/MM hybrid methods for crystalline defect simulations, an energy-based and a force-based formulation, employing a tight binding QM model. Both methods build on two principles: (i) locality of the QM model; and (ii) constructing the MM model as an explicit and controllable approximation of the QM model. This approach enables us to establish explicit convergence rates in terms of the size of QM region.
Huajie Chen, Christoph Ortner
The tight binding model is a minimal electronic structure model for molecular modelling and simulation. We show that the total energy in this model can be decomposed into site energies, that is, into contributions from each atomic site whose influence on their environment decays exponentially. This result lays the foundation for a rigorous analysis of QM/MM coupling schemes.
Yuchen Shi, Huajie Chen, Heng Xu, Zhiquan Liu, Jialiang Shen, Chi Liu, Shuai Zhou, Tianqing Zhu, Wanlei Zhou
Transfer learning is devised to leverage knowledge from pre-trained models to solve new tasks with limited data and computational resources. Meanwhile, dataset distillation has emerged to synthesize a compact dataset that preserves critical information from the original large dataset. Therefore, a combination of transfer learning and dataset distillation offers promising performance in evaluations. However, a non-negligible security threat remains undiscovered in transfer learning using synthetic datasets generated by dataset distillation methods, where an adversary can perform a model hijacking attack with only a few poisoned samples in the synthetic dataset. To reveal this threat, we propose Osmosis Distillation (OD) attack, a novel model hijacking strategy that targets deep learning models using the fewest samples. Comprehensive evaluations on various datasets demonstrate that the OD attack attains high attack success rates in hidden tasks while preserving high model utility in original tasks. Furthermore, the distilled osmosis set enables model hijacking across diverse model architectures, allowing model hijacking in transfer learning with considerable attack performance and model utility. We argue that awareness of using third-party synthetic datasets in transfer learning must be raised.
Yuchen Shi, Xin Guo, Huajie Chen, Tianqing Zhu, Bo Liu, Wanlei Zhou
Poisoning-based backdoor attacks pose significant threats to deep neural networks by embedding triggers in training data, causing models to misclassify triggered inputs as adversary-specified labels while maintaining performance on clean data. Existing poison restraint-based defenses often suffer from inadequate detection against specific attack variants and compromise model utility through unlearning methods that lead to accuracy degradation. This paper conducts a comprehensive analysis of backdoor attack dynamics during model training, revealing that poisoned samples form isolated clusters in latent space early on, with triggers acting as dominant features distinct from benign ones. Leveraging these insights, we propose Cluster Segregation Concealment (CSC), a novel poison suppression defense. CSC first trains a deep neural network via standard supervised learning while segregating poisoned samples through feature extraction from early epochs, DBSCAN clustering, and identification of anomalous clusters based on class diversity and density metrics. In the concealment stage, identified poisoned samples are relabeled to a virtual class, and the model's classifier is fine-tuned using cross-entropy loss to replace the backdoor association with a benign virtual linkage, preserving overall accuracy. CSC was evaluated on four benchmark datasets against twelve poisoning-based attacks, CSC outperforms nine state-of-the-art defenses by reducing average attack success rates to near zero with minimal clean accuracy loss. Contributions include robust backdoor patterns identification, an effective concealment mechanism, and superior empirical validation, advancing trustworthy artificial intelligence.
Tianyou Li, Fan Chen, Huajie Chen, Zaiwen Wen
Understanding stochastic gradient descent (SGD) and its variants is essential for machine learning. However, most of the preceding analyses are conducted under amenable conditions such as unbiased gradient estimator and bounded objective functions, which does not encompass many sophisticated applications, such as variational Monte Carlo, entropy-regularized reinforcement learning and variational inference. In this paper, we consider the SGD algorithm that employ the Markov Chain Monte Carlo (MCMC) estimator to compute the gradient, called MCMC-SGD. Since MCMC reduces the sampling complexity significantly, it is an asymptotically convergent biased estimator in practice. Moreover, by incorporating a general class of unbounded functions, it is much more difficult to analyze the MCMC sampling error. Therefore, we assume that the function is sub-exponential and use the Bernstein inequality for non-stationary Markov chains to derive error bounds of the MCMC estimator. Consequently, MCMC-SGD is proven to have a first order convergence rate $O(\log K/\sqrt{n K})$ with $K$ iterations and a sample size $n$. It partially explains how MCMC influences the behavior of SGD. Furthermore, we verify the correlated negative curvature condition under reasonable assumptions. It is shown that MCMC-SGD escapes from saddle points and reaches $(ε,ε^{1/4})$ approximate second order stationary points or $ε^{1/2}$-variance points at least $O(ε^{-11/2}\log^{2}(1/ε) )$ steps with high probability. Our analysis unveils the convergence pattern of MCMC-SGD across a broad class of stochastic optimization problems, and interprets the convergence phenomena observed in practical applications.
Ge Xu, Huajie Chen, Xingyu Gao
In this paper, we study numerical approximations of the ground states in finite temperature density functional theory. We formulate the problem with respect to the density matrices and justify the convergence of the finite dimensional approximations. Moreover, we provide an optimal a priori error estimate under some mild assumptions and present some numerical experiments to support the theory.
Jialiang Shen, Jiyang Zheng, Yunqi Xue, Huajie Chen, Yu Yao, Hui Kang, Ruiqi Liu, Helin Gong, Yang Yang, Dadong Wang, Tongliang Liu
With growing concerns over image authenticity and digital safety, the field of AI-generated image (AIGI) detection has progressed rapidly. Yet, most AIGI detectors still struggle under real-world degradations, particularly motion blur, which frequently occurs in handheld photography, fast motion, and compressed video. Such blur distorts fine textures and suppresses high-frequency artifacts, causing severe performance drops in real-world settings. We address this limitation with a blur-robust AIGI detection framework based on teacher-student knowledge distillation. A high-capacity teacher (DINOv3), trained on clean (i.e., sharp) images, provides stable and semantically rich representations that serve as a reference for learning. By freezing the teacher to maintain its generalization ability, we distill its feature and logit responses from sharp images to a student trained on blurred counterparts, enabling the student to produce consistent representations under motion degradation. Extensive experiments benchmarks show that our method achieves state-of-the-art performance under both motion-blurred and clean conditions, demonstrating improved generalization and real-world applicability. Source codes will be released at: https://github.com/JiaLiangShen/Dino-Detect-for-blur-robust-AIGC-Detection.
Xue Quan, Huajie Chen
The stochastic density functional theory (sDFT) has exhibited advantages over the standard Kohn-Sham DFT method and has become an attractive approach for large-scale electronic structure calculations. The sDFT method avoids the expensive matrix diagonalization by introducing a set of random orbitals and approximating the density matrix via Chebyshev expansion of a matrix-valued function. In this work, we study the sDFT with a plane-wave discretization, and discuss variance reduction algorithms in the framework of multilevel Monte Carlo (MLMC) methods. In particular, we show that the density matrix evaluation in sDFT can be decomposed into many levels by increasing the plane-wave cutoffs or the Chebyshev polynomial orders. This decomposition renders the computational cost independent of the discretization size or temperature. To demonstrate the efficiency of the algorithm, we provide rigorous analysis of the statistical errors and present numerical experiments on some material systems.
Zehui Dai, Cheng Peng, Huajie Chen, Yadong Ding
(T)ACSA tasks, including aspect-category sentiment analysis (ACSA) and targeted aspect-category sentiment analysis (TACSA), aims at identifying sentiment polarity on predefined categories. Incremental learning on new categories is necessary for (T)ACSA real applications. Though current multi-task learning models achieve good performance in (T)ACSA tasks, they suffer from catastrophic forgetting problems in (T)ACSA incremental learning tasks. In this paper, to make multi-task learning feasible for incremental learning, we proposed Category Name Embedding network (CNE-net). We set both encoder and decoder shared among all categories to weaken the catastrophic forgetting problem. Besides the origin input sentence, we applied another input feature, i.e., category name, for task discrimination. Our model achieved state-of-the-art on two (T)ACSA benchmark datasets. Furthermore, we proposed a dataset for (T)ACSA incremental learning and achieved the best performance compared with other strong baselines.
Huajie Chen, Deng Cai, Wei Dai, Zehui Dai, Yadong Ding
Judgment prediction for legal cases has attracted much research efforts for its practice use, of which the ultimate goal is prison term prediction. While existing work merely predicts the total prison term, in reality a defendant is often charged with multiple crimes. In this paper, we argue that charge-based prison term prediction (CPTP) not only better fits realistic needs, but also makes the total prison term prediction more accurate and interpretable. We collect the first large-scale structured data for CPTP and evaluate several competitive baselines. Based on the observation that fine-grained feature selection is the key to achieving good performance, we propose the Deep Gating Network (DGN) for charge-specific feature selection and aggregation. Experiments show that DGN achieves the state-of-the-art performance.
Chi Liu, Huajie Chen, Tianqing Zhu, Jun Zhang, Wanlei Zhou
DeepFakes are raising significant social concerns. Although various DeepFake detectors have been developed as forensic countermeasures, these detectors are still vulnerable to attacks. Recently, a few attacks, principally adversarial attacks, have succeeded in cloaking DeepFake images to evade detection. However, these attacks have typical detector-specific designs, which require prior knowledge about the detector, leading to poor transferability. Moreover, these attacks only consider simple security scenarios. Less is known about how effective they are in high-level scenarios where either the detectors or the attacker's knowledge varies. In this paper, we solve the above challenges with presenting a novel detector-agnostic trace removal attack for DeepFake anti-forensics. Instead of investigating the detector side, our attack looks into the original DeepFake creation pipeline, attempting to remove all detectable natural DeepFake traces to render the fake images more "authentic". To implement this attack, first, we perform a DeepFake trace discovery, identifying three discernible traces. Then a trace removal network (TR-Net) is proposed based on an adversarial learning framework involving one generator and multiple discriminators. Each discriminator is responsible for one individual trace representation to avoid cross-trace interference. These discriminators are arranged in parallel, which prompts the generator to remove various traces simultaneously. To evaluate the attack efficacy, we crafted heterogeneous security scenarios where the detectors were embedded with different levels of defense and the attackers' background knowledge of data varies. The experimental results show that the proposed attack can significantly compromise the detection accuracy of six state-of-the-art DeepFake detectors while causing only a negligible loss in visual quality to the original DeepFake samples.
Xiaoxu Li, Ge Xu, Huajie Chen, Xingyu Gao, Haifeng Song
In this paper, we study the construction of structural models for the description of substitutional defects in crystalline materials. Predicting and designing the atomic structures in such systems is highly challenging due to the combinatorial growth of atomic arrangements and the ruggedness of the associated landscape. We develop a multi-level Monte Carlo tree search algorithm to generate the "optimal" configuration within a supercell. Our method explores the configuration space with an expanding search tree through random sampling, which further incorporates a hierarchical decomposition of the crystalline structure to accelerate exploration and reduce redundancy. We perform numerical experiments on some typical crystalline systems to demonstrate the efficiency of our method in identifying optimal configurations.
Xingyu Gao, William Yi Wang, Xin Chen, Xiaoyu Chong, Jiawei Xian, Fuyang Tian, Lifang Wang, Huajie Chen, Yu Liu, Houbing Huang, HaiFeng Song
We have built an integrated computational platform for material properties at extreme conditions, ProME (Professional Materials at Extremes) v1.0, which enables integrated calculations for multicomponent alloys, covering high temperatures up to tens of thousands of Kelvin, high pressures up to millions of atmospheres, and high strain rates up to millions per second. A series of software packages have been developed and integrated into ProME v1.0, including ABC (AI-Based Crystal search) for crystal structure search under pressure, SAE (Similar Atomic Environment) for disordered configuration modeling, MFP$^2$ (Multiphase Fast Previewer by Mean-Field Potential) for multiphase thermodynamic properties, HTEM (High-throughput Toolkit for Elasticity Modeling) for thermo-elastic properties, TREX (TRansport at Extremes) for electrical and thermal conductivity, Hippos (High plastic phase model software) for phase-field simulation of microstructure evolution under high strain rates, and AutoCalphad for modeling and optimization of phase diagrams with variable compositions. ProME v1.0 has been applied to design the composition of the quaternary alloys Platinum-Iridium-Aluminum-Chromium (Pt-Ir-Al-Cr) for engine nozzles of aerospace attitude-orbit control, achieving high-temperature strength comparable to the currently used Pt-Ir alloys but with significantly reduced costs for raw materials. ProME offers crucial support for advancing both fundamental scientific understanding and industrial innovation in materials research and development.
Dexuan Zhou, Huajie Chen, Cheuk Hin Ho, Xin Liu, Christoph Ortner
The combination of the variational Monte Carlo (VMC) method with deep learning wave function architectures has led to several successes in ground-state calculations of quantum many-body systems in recent years. However, commonly used stochastic gradient-based methods often perform poorly on these parameter training problems and typically lack convergence guarantees. The stochastic reconfiguration (SR) method provides a robust preconditioner of the stochastic gradient, whose computational cost becomes prohibitive for large parameter spaces owing to the repeated inversion of large covariance matrices. To overcome this bottleneck, we propose a warm-started stochastic reconfiguration (WSSR) method, which integrates warm-start techniques from singular value decomposition (SVD) to refine low-rank approximations of the preconditioning matrix iteratively. Numerical experiments on typical atomic and molecular systems highlight the effectiveness of the WSSR method within VMC calculations.
Dexuan Zhou, Huajie Chen, Cheuk Hin Ho, Christoph Ortner
The atomic cluster expansion (ACE) (Drautz, 2019) yields a highly efficient and intepretable parameterisation of symmetric polynomials that has achieved great success in modelling properties of many-particle systems. In the present work we extend the practical applicability of the ACE framework to the computation of many-electron wave functions. To that end, we develop a customized variational Monte-Carlo algorithm that exploits the sparsity and hierarchical properties of ACE wave functions. We demonstrate the feasibility on a range of proof-of-concept applications to one-dimensional systems.
Yizhe Xie, Congcong Zhu, Xinyue Zhang, Tianqing Zhu, Dayong Ye, Minfeng Qi, Huajie Chen, Wanlei Zhou
Large Language Model-based Multi-Agent Systems (LLM-MAS) are increasingly applied to complex collaborative scenarios. However, their collaborative mechanisms may cause minor inaccuracies to gradually solidify into system-level false consensus through iteration. Such risks are difficult to trace since errors can propagate and amplify through message dependencies. Existing protections often rely on single-agent validation or require modifications to the collaboration architecture, which can weaken effective information flow and may not align with natural collaboration processes in real tasks. To address this, we propose a propagation dynamics model tailored for LLM-MAS that abstracts collaboration as a directed dependency graph and provides an early-stage risk criterion to characterize amplification risk. Through experiments on six mainstream frameworks, we identify three vulnerability classes: cascade amplification, topological sensitivity, and consensus inertia. We further instantiate an attack where injecting just a single atomic error seed leads to widespread failure. In response, we introduce a genealogy-graph-based governance layer, implemented as a message-layer plugin, that suppresses both endogenous and exogenous error amplification without altering the collaboration architecture. Experiments show that this approach raises the defense success rate from a baseline of 0.32 to over 0.89 and significantly mitigates the cascading spread of minor errors.