研思论坛｜SCAI研究生学术交流会

SCAI研究生

学术交流会

时间：10月14日9:30-11:30

地点：信管学院102报告厅

摘要：Sequential recommender systems are vital to online services, making their security a critical concern. Poisoning attacks which inject malicious data, pose a significant threat. Existing attack methods often fail to balance effectiveness with stealth. To address this, we propose a novel poisoning attack framework based on a conditional diffusion model. Our approach learns real user behavior patterns to generate highly stealthy fake sequences. A key feature is a custom guidance strategy that steers the generation process to promote a target item while preserving the sequence's natural logic. Extensive experiments show that our framework outperforms existing methods, achieving a higher attack success rate while maintaining a very low detection profile.

摘要：Conventional self-supervised learning methods extract robust features by enforcing invariance to data augmentations. While effective for obtaining clustered representations, this objective provides limited control over how data variations structure the feature space, hindering disentanglement. Recent methods improve feature space structure by imposing equivariant predictability on feature transformations induced by data augmentations. However, existing approaches suffer from two significant limitations: (i) the incorporation of invariance in their final objective interferes with the learning of neat equivariance; (ii) the imposition of uniform equivariance across all samples forces semantic clusters into a parallel arrangement, leading to reduced inter-cluster distances (for features on the hypersphere). To overcome these issues, we propose in this paper Cluster-Dependent Rotational Equivariance for Disentanglement (CD-RED), a framework that enables learning neat equivariance and uniformly distributed clusters, while further supporting perfect disentanglement. Notably, CD-RED explicitly encodes variations as rotations via a direct product of SO(2) groups within orthogonal hyperspherical subspaces, providing a principled mechanism for precise equivariance. We theoretically and experimentally establish that CD-RED achieves perfectly disentangled representations, suggesting a promising new direction for self-supervised disentanglement.

摘要：Machine unlearning for large language models (LLMs) aims to remove targeted knowledge while preserving general capabilities. A key challenge in in LLM unlearning lies in the degradation of general performance, creating a trade-off between effective unlearning and capability preservation. In this paper, we propose a framework that decouples task-specific gradient extraction from conflict-aware gradient combination. Based on this framework, we adapt the established PCGrad method and introduce a novel retention-prioritized gradient synthesis approach, SAGrad. Theoretically, both variants guarantee non-negative cosine similarity with the retain gradient, while the proposed SAGrad achieves strictly tighter alignment. Empirically, on the WMDP and RWKU benchmarks, SAGrad consistently advances the Pareto frontier. Our results demonstrate that reshaping gradient geometry—rather than rebalancing losses—is the key to mitigating the unlearning–retention trade-off.

摘要：Large language models (LLMs) have achieved distinguished performance on various reasoning-intensive tasks. However, LLMs might still face the challenges of robustness issues and fail unexpectedly in some simple reasoning tasks. Previous works evaluate the LLM robustness with hand-crafted templates or a limited set of perturbation rules, indicating potential data contamination in pre-training or fine-tuning datasets. In this work, inspired by stress testing in software engineering, we propose a novel framework, Automatic Robustness Checker (AR-Checker), to generate mathematical problem variants that maintain the semantic meanings of the original one but might fail the LLMs. The AR-Checker framework generates mathematical problem variants through multi-round parallel streams of LLM-based rewriting and verification. Our framework can generate benchmark variants dynamically for each LLM, thus minimizing the risk of data contamination. Experiments on GSM8K and MATH-500 demonstrate the strong performance of AR-Checker on mathematical tasks. We also evaluate AR-Checker on benchmarks beyond mathematics, including MMLU, MMLU-Pro, and CommonsenseQA, where it also achieves strong performance, further proving the effectiveness of AR-Checker.