Yang Bai’s research while affiliated with Chengdu University of Information Technology and other places

What is this page?


This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.

Publications (17)


Figure 4. MIR539-5p regulates the migration, invasion, proliferation, and epithelial-mesenchymal transition (EMT) of breast cancer cells. (A) qPCR showing the transfection efficiency of the MIR539-5p mimic. ***p<0.001, one-way ANOVA. (B, C) qRT-PCR and western blotting showing RGS10 mRNA and protein levels in SKBR3 cells transfected with the MIR539-5p mimic, negative control (NC), or wild type (WT). ***p<0.001, one-way ANOVA. The original files of the full raw unedited blots are provided in Figure 4-source data 1. The uncropped gels with the relevant bands labeled are provided in Figure 4-source data 2. The statistical data is provided in Figure 4-source data 3. (D) CCK-8 assay showing the viability of SKBR3 cells transfected with the MIR539-5p mimic, NC, or WT. ***p<0.001, one-way ANOVA. (E-G) Colony formation (E) and transwell migration/invasion (F, G) assays in SKBR3 cells transfected with the MIR539-5p mimic, NC, or WT. *p<0.05, **p<0.01, Student's t-test. (H) Western blotting showing protein levels of LCN2 and biomarkers of EMT in SKBR3 cells transfected with the MIR539-5p mimic or NC. The original files of the full raw unedited blots are Figure 4 continued on next page
Figure 5 continued on next page
Figure 6. RGS10 inhibits breast cancer growth by targeting LCN2 in vivo. (A) Size of tumors derived from RGS10-depleted SKBR3 cells, negative control (NC), and wild type (WT). (B) Volume of tumors derived from RGS10-depleted SKBR3 cells, NC, and WT. ***p<0.001, one-way ANOVA. (C) Hematoxylin and eosin staining of tumors derived from RGS10-depleted SKBR3 cells and NC. (D) Immunohistochemical staining showing LCN2, E-cadherin, snail, and vimentin protein expression in tumors derived from RGS10-depleted SKBR3 cells and NC. The online version of this article includes the following source data for figure 6:
Clinicopathological characteristics of 20 patients.
Correlations between RGS10 expression and clinicopathological characteristics.

+2

RGS10 deficiency facilitates distant metastasis by inducing epithelial–mesenchymal transition in breast cancer
  • Article
  • Full-text available

August 2024

·

18 Reads

eLife

·

Yi Jiang

·

Peng Qiu

·

[...]

·

Xi Gu

Distant metastasis is the major cause of death in patients with breast cancer. Epithelial–mesenchymal transition (EMT) contributes to breast cancer metastasis. Regulator of G protein-signaling (RGS) proteins modulates metastasis in various cancers. This study identified a novel role for RGS10 in EMT and metastasis in breast cancer. RGS10 protein levels were significantly lower in breast cancer tissues compared to normal breast tissues, and deficiency in RGS10 protein predicted a worse prognosis in patients with breast cancer. RGS10 protein levels were lower in the highly aggressive cell line MDA-MB-231 than in the poorly aggressive, less invasive cell lines MCF7 and SKBR3. Silencing RGS10 in SKBR3 cells enhanced EMT and caused SKBR3 cell migration and invasion. The ability of RGS10 to suppress EMT and metastasis in breast cancer was dependent on lipocalin-2 and MIR539-5p . These findings identify RGS10 as a tumor suppressor, prognostic biomarker, and potential therapeutic target for breast cancer.

Download

Video Watermarking: Safeguarding Your Video from (Unauthorized) Annotations by Video-based LLMs

July 2024

·

5 Reads

The advent of video-based Large Language Models (LLMs) has significantly enhanced video understanding. However, it has also raised some safety concerns regarding data protection, as videos can be more easily annotated, even without authorization. This paper introduces Video Watermarking, a novel technique to protect videos from unauthorized annotations by such video-based LLMs, especially concerning the video content and description, in response to specific queries. By imperceptibly embedding watermarks into key video frames with multi-modal flow-based losses, our method preserves the viewing experience while preventing misuse by video-based LLMs. Extensive experiments show that Video Watermarking significantly reduces the comprehensibility of videos with various video-based LLMs, demonstrating both stealth and robustness. In essence, our method provides a solution for securing video content, ensuring its integrity and confidentiality in the face of evolving video-based LLMs technologies.


Inducing High Energy-Latency of Large Vision-Language Models with Verbose Images

June 2024

·

18 Reads

·

20 Citations

Large vision-language models (VLMs) such as GPT-4 have achieved exceptional performance across various multi-modal tasks. However, the deployment of VLMs necessitates substantial energy consumption and computational resources. Once attackers maliciously induce high energy consumption and latency time (energy-latency cost) during inference of VLMs, it will exhaust computational resources. In this paper, we explore this attack surface about availability of VLMs and aim to induce high energy-latency cost during inference of VLMs. We find that high energy-latency cost during inference of VLMs can be manipulated by maximizing the length of generated sequences. To this end, we propose verbose images, with the goal of crafting an imperceptible perturbation to induce VLMs to generate long sentences during inference. Concretely, we design three loss objectives. First, a loss is proposed to delay the occurrence of end-of-sequence (EOS) token, where EOS token is a signal for VLMs to stop generating further tokens. Moreover, an uncertainty loss and a token diversity loss are proposed to increase the uncertainty over each generated token and the diversity among all tokens of the whole generated sequence, respectively , which can break output dependency at token-level and sequence-level. Furthermore, a temporal weight adjustment algorithm is proposed, which can effectively balance these losses. Extensive experiments demonstrate that our verbose images can increase the length of generated sequences by 7.87× and 8.56× compared to original images on MS-COCO and ImageNet datasets, which presents potential challenges for various applications. Our code is available at https://github.com/KuofengGao/Verbose_Images.


RGS10 deficiency facilitates distant metastasis by inducing epithelial-mesenchymal transition in breast cancer

May 2024

Distant metastasis is the major cause of death in patients with breast cancer. Epithelial–mesenchymal transition (EMT) contributes to breast cancer metastasis. Regulator of G protein-signaling (RGS) proteins modulate metastasis in various cancers. This study identified a novel role for RGS10 in EMT and metastasis in breast cancer. RGS10 protein levels were significantly lower in breast cancer tissues compared to normal breast tissues, and deficiency in RGS10 protein predicted a worse prognosis in patients with breast cancer. RGS10 protein levels were lower in the highly aggressive cell line MDA-MB-231 than in the poorly aggressive, less invasive cell lines MCF7 and SKBR3. Silencing RGS10 in SKBR3 cells enhanced EMT and caused SKBR3 cell migration and invasion. The ability of RGS10 to suppress EMT and metastasis in breast cancer was dependent on lipocalin-2 and miR-539-5p. These findings identify RGS10 as a tumor suppressor, prognostic biomarker, and potential therapeutic target for breast cancer.


Adversarial Robustness for Visual Grounding of Multimodal Large Language Models

May 2024

·

4 Reads

Multi-modal Large Language Models (MLLMs) have recently achieved enhanced performance across various vision-language tasks including visual grounding capabilities. However, the adversarial robustness of visual grounding remains unexplored in MLLMs. To fill this gap, we use referring expression comprehension (REC) as an example task in visual grounding and propose three adversarial attack paradigms as follows. Firstly, untargeted adversarial attacks induce MLLMs to generate incorrect bounding boxes for each object. Besides, exclusive targeted adversarial attacks cause all generated outputs to the same target bounding box. In addition, permuted targeted adversarial attacks aim to permute all bounding boxes among different objects within a single image. Extensive experiments demonstrate that the proposed methods can successfully attack visual grounding capabilities of MLLMs. Our methods not only provide a new perspective for designing novel attacks but also serve as a strong baseline for improving the adversarial robustness for visual grounding of MLLMs.


Fig. 1: An illustration of different attacks against the T2I model. The optimized cheating suffixes are marked in red, and the object to be erased is marked in blue. Our MMP-Attack conducts a targeted attack by adding a specific target object while eliminating the original object.
Fig. 7: Examples of black-box targeted attacks for the commercial T2I model DALL-E 3. The cheating suffixes are generated by SD v14. (Left) The original category and target category are person and bird, respectively. (Right) The original category and target category are knife and dog, respectively.
Fig. 8: The BOTH scores versus λ curve. The dashed line indicates an IMP-Attack, using only the image modal prior(λ = 0).
Cheating Suffix: Targeted Attack to Text-To-Image Diffusion Models with Multi-Modal Priors

February 2024

·

67 Reads

Diffusion models have been widely deployed in various image generation tasks, demonstrating an extraordinary connection between image and text modalities. However, they face challenges of being maliciously exploited to generate harmful or sensitive images by appending a specific suffix to the original prompt. Existing works mainly focus on using single-modal information to conduct attacks, which fails to utilize multi-modal features and results in less than satisfactory performance. Integrating multi-modal priors (MMP), i.e. both text and image features, we propose a targeted attack method named MMP-Attack in this work. Specifically, the goal of MMP-Attack is to add a target object into the image content while simultaneously removing the original object. The MMP-Attack shows a notable advantage over existing works with superior universality and transferability, which can effectively attack commercial text-to-image (T2I) models such as DALL-E 3. To the best of our knowledge, this marks the first successful attempt of transfer-based attack to commercial T2I models. Our code is publicly available at https://github.com/ydc123/MMP-Attack.


Fast Propagation Is Better: Accelerating Single-Step Adversarial Training via Sampling Subnetworks

January 2024

·

10 Reads

·

8 Citations

IEEE Transactions on Information Forensics and Security

Adversarial training has shown promise in building robust models against adversarial examples. A major drawback of adversarial training is the computational overhead introduced by the generation of adversarial examples. To overcome this limitation, adversarial training based on single-step attacks has been explored. Previous work improves the single-step adversarial training from different perspectives, e.g., sample initialization, loss regularization, and training strategy. Almost all of them treat the underlying model as a black box. In this work, we propose to exploit the interior building blocks of the model to improve efficiency. Specifically, we propose to dynamically sample lightweight subnetworks as a surrogate model during training. By doing this, both the forward and backward passes can be accelerated for efficient adversarial training. Besides, we provide theoretical analysis to show the model robustness can be improved by the single-step adversarial training with sampled subnetworks. Furthermore, we propose a novel sampling strategy where the sampling varies from layer to layer and from iteration to iteration. Compared with previous methods, our method not only reduces the training cost but also achieves better model robustness. Evaluations on a series of popular datasets demonstrate the effectiveness of the proposed FB-Better. Our code has been released at https://github.com/jiaxiaojunQAQ/ FP-Better.



Backdoor Defense via Adaptively Splitting Poisoned Dataset

March 2023

·

23 Reads

Backdoor defenses have been studied to alleviate the threat of deep neural networks (DNNs) being backdoor attacked and thus maliciously altered. Since DNNs usually adopt some external training data from an untrusted third party, a robust backdoor defense strategy during the training stage is of importance. We argue that the core of training-time defense is to select poisoned samples and to handle them properly. In this work, we summarize the training-time defenses from a unified framework as splitting the poisoned dataset into two data pools. Under our framework, we propose an adaptively splitting dataset-based defense (ASD). Concretely, we apply loss-guided split and meta-learning-inspired split to dynamically update two data pools. With the split clean data pool and polluted data pool, ASD successfully defends against backdoor attacks during training. Extensive experiments on multiple benchmark datasets and DNN models against six state-of-the-art backdoor attacks demonstrate the superiority of our ASD. Our code is available at https://github.com/KuofengGao/ASD.


Adverse events between TAM and AI in the ET group.
Efficacy and safety of endocrine therapy after mastectomy in patients with hormone receptor positive breast ductal carcinoma in situ: Retrospective cohort study

February 2023

·

30 Reads

·

1 Citation

eLife

Background: More than half of Chinese patients with hormone receptor positive (HR+) ductal carcinoma in situ (DCIS) are treated with mastectomy, and usually subjected to postoperative endocrine therapy (ET). Given that long-term ET can cause severe adverse effects it is important to determine the beneficial effect and safety of post-mastectomy ET on the disease-free survival (DFS) and adverse events in patients with HR+ DCIS. Methods: To explore beneficial effect and safety of post-mastectomy ET in patients with HR+ DCIS, we performed a multicenter, population-based study. This retrospective study analyzed the DFS and adverse events in 1037 HR+ DCIS Chinese patients with or without post-mastectomy ET from eight breast centers between 2006 and 2016. The median follow-up time period was 86 months. Results: There were 791 DCIS patients receiving ET (ET group). Those patients were followed up for a median of 86 months (range, 60-177 months). There were 23 cases with tumor recurrence or distant metastasis. There were similar 5-year DFS rates and DFS between the ET and non-ET groups, even for those with high-risk factors. Conversely, 37.04% of patients suffered from adverse events after ET, which were significantly higher than those in the non-ET group. Conclusions: ET after mastectomy did not benefit patients with HR+ DCIS for their DFS, rather increased adverse events in those patients. Therefore, ET after mastectomy may not be recommended for patients with HR+ DCIS, even for those with high-risk factors, such as multifocal, microinvasive, and higher T stage. Funding: This study was supported by grants from Outstanding Scientific Fund of Shengjing Hospital (201803) and Outstanding Young Scholars of Liaoning Province (2019-YQ-10).


Citations (7)


... Most studies directly employ gradient-based optimization methods to add noise to images, leading to malicious text outputs [7,15,16]. Interestingly, Gao et al. [17] investigated how altering images could increase the inference time of LVLMs. However, such methods rely on internal model information, such as gradients and logits, limiting their practical use. ...

Reference:

SceneTAP: Scene-Coherent Typographic Adversarial Planner against Vision-Language Models in Real-World Environments
Inducing High Energy-Latency of Large Vision-Language Models with Verbose Images

... But adversarial training is very expensive, and it is easy to over fit [38]. Therefore, people have proposed a large number of methods to solve the efficiency problem, such as references [39][40][41][42]. However, most of the current work concerns how to train the model from the beginning, which makes the efficiency of adversarial training tuning low. ...

Fast Propagation Is Better: Accelerating Single-Step Adversarial Training via Sampling Subnetworks
  • Citing Article
  • January 2024

IEEE Transactions on Information Forensics and Security

... tuning. [16] use a dataset during cleaning which assumes access to poisoned data. Uni-modal cleaning methods can not directly be used for multi-modal models like CLIP as they do one of the following, (i) warrant access to some poisoned data which we believe is unrealistic for the defender, (ii) introduce additional parameters which would change the embedding of the original CLIP model or (iii) require large amounts of clean training data which is hard to obtain. ...

Backdoor Defense via Adaptively Splitting Poisoned Dataset
  • Citing Conference Paper
  • June 2023

... A more general version of this technique is known as a backdoor attack in secure machine learning [54], where an attacker injects maliciously corrupted training samples to control the output of the model. Since [55,56,57] started using backdoor techniques for model authentication, numerous techniques are proposed for image classification models [58,59] and more recently for large language models [52,42,60]. However, existing works assume a one-shot verification scenario where the goal of fingerprinting is to authenticate the ownership of a single model. ...

The Robust and Harmless Model Watermarking
  • Citing Chapter
  • November 2022

... In addition, cybersecurity is highly relevant for digital pathology [54]. Unfortunately, I2IT models lack adversarial robustness, with research showing that injecting imperceptible noise disrupts malicious applications like deepfake [55,56] and watermark removers [57]. This hints that VS models too can be attacked with hallucination intent. ...

Watermark Vaccine: Adversarial Attacks to Prevent Watermark Removal
  • Citing Chapter
  • October 2022

Lecture Notes in Computer Science

... The answer is negative. One severe security threat is model stealing, also known as model extraction (Liang et al. 2022b;Tramèr et al. 2016;Truong et al. 2021;Sanyal, Addepalli, and Babu 2022). In this process, an unauthorized party aims to replicate the decision of a target model by creating a substitute model. ...

Imitated Detectors: Stealing Knowledge of Black-box Object Detectors
  • Citing Conference Paper
  • October 2022

... Increased expression of HCK has been shown in pancreatic cancer, colorectal cancer, gastric cancer, and other solid malignant tumors [23]. Other studies have shown that overexpression of HCK was involved in the onset, progression and prognosis of tumors [24]. Our results showed that HCK was significantly upregulated in patients with AMI, which was verified in validation data sets and in in vitro experiments. ...

HCK can serve as novel prognostic biomarker and therapeutic target for Breast Cancer patients

International Journal of Medical Sciences