Jiawei Yuan

Wenhao Wang, Yanyan Li, Long Jiao et al.

Recent advances in large language models (LLMs) provide robots with contextual reasoning abilities to comprehend human instructions. Yet, current LLM-enabled robots typically depend on cloud-based models or high-performance computing infrastructure, which limit their deployment on robots under unreliable internet environments or with constrained computational resources, such as UAVs and small ground vehicles. Thus, deploying fine-tuned small language models (SLMs) that support onboard deployment offers a promising alternative. This paper introduces Ro-SLM, a framework that enables reliable SLM-driven robot operation by distilling LLMs' knowledge and reasoning. Ro-SLM starts from dataset synthesis by leveraging LLMs to generate diverse task instructions, produce corresponding ground truth code with minimal human assistance, and augment instructions into real-world application scenarios. Ro-SLM is then fine-tuned with the dataset, in which LLM serves as a reward function to guide the training. Extensive experiments on UAV operation tasks demonstrate that Ro-SLM improves the performance of SLM from being incapable of supporting robotic task planning and code generation to achieving performance that approaches LLM.

Hanyu Zhu, Lance Fiondella, Jiawei Yuan et al.

Retrieval-Augmented Generation (RAG) empowers Large Language Models (LLMs) to dynamically integrate external knowledge during inference, improving their factual accuracy and adaptability. However, adversaries can inject poisoned external knowledge to override the model's internal memory. While existing attacks iteratively manipulate retrieval content or prompt structure of RAG, they largely ignore the model's internal representation dynamics and neuron-level sensitivities. The underlying mechanism of RAG poisoning has not been fully studied and the effect of knowledge conflict with strong parametric knowledge in RAG is not considered. In this work, we propose NeuroGenPoisoning, a novel attack framework that generates adversarial external knowledge in RAG guided by LLM internal neuron attribution and genetic optimization. Our method first identifies a set of Poison-Responsive Neurons whose activation strongly correlates with contextual poisoning knowledge. We then employ a genetic algorithm to evolve adversarial passages that maximally activate these neurons. Crucially, our framework enables massive-scale generation of effective poisoned RAG knowledge by identifying and reusing promising but initially unsuccessful external knowledge variants via observed attribution signals. At the same time, Poison-Responsive Neurons guided poisoning can effectively resolves knowledge conflict. Experimental results across models and datasets demonstrate consistently achieving high Population Overwrite Success Rate (POSR) of over 90% while preserving fluency. Empirical evidence shows that our method effectively resolves knowledge conflict.

Yifan Tian, Jiawei Yuan, Shucheng Yu et al.

Supporting convolutional neural network (CNN) inference on resource-constrained IoT devices in a timely manner has been an outstanding challenge for emerging smart systems. To mitigate the burden on IoT devices, the prevailing solution is to offload the CNN inference task, which is usually composed of billions of operations, to public cloud. However, the "offloading-to-cloud" solution may cause privacy breach while moving sensitive data to cloud. For privacy protection, the research community has resorted to advanced cryptographic primitives and approximation techniques to support CNN inference on encrypted data. Consequently, these attempts cause impractical computational overhead on IoT devices and degrade the performance of CNNs. Moreover, relying on the remote cloud can cause additional network latency and even make the system dysfunction when network connection is off. We proposes an extremely lightweight edge device assisted private CNN inference solution for IoT devices, namely LEP-CNN. The main design of LEP-CNN is based on a novel online/offline encryption scheme. The decryption of LEP-CNN is pre-computed offline via utilizing the linear property of the most time-consuming operations of CNNs. As a result, LEP-CNN allows IoT devices to securely offload over 99% CNN operations, and edge devices to execute CNN inference on encrypted data as efficient as on plaintext. LEP-CNN also provides an integrity check option to help IoT devices detect error results with a successful rate over 99%. Experiments on AlexNet show that LEP-CNN can speed up the CNN inference for more than 35 times for resource constrained IoT devices. A homomorphic encryption based AlexNet using CryptoNets is implemented to compare with LEP-CNN to demonstrate that LEP-CNN has a better performance than homomorphic encryption based privacy preserving neural networks under time-sensitive scenarios.

Yifan Tian, Yantian Hou, Jiawei Yuan

With the explosive growth in the number of pictures taken by smartphones, organizing and searching pictures has become important tasks. To efficiently fulfill these tasks, the key enabler is annotating images with proper keywords, with which keyword-based searching and organizing become available for images. Currently, smartphones usually synchronize photo albums with cloud storage platforms, and have their images annotated with the help of cloud computing. However, the "offloading-to-cloud" solution may cause privacy breach, since photos from smart photos contain various sensitive information. For privacy protection, existing research made effort to support cloud-based image annotation on encrypted images by utilizing cryptographic primitives. Nevertheless, for each annotation, it requires the cloud to perform linear checking on the large-scale encrypted dataset with high computational cost. This paper proposes a cloud-assisted privacy-preserving image annotation with randomized kd-forest, namely CPAR. With CPAR, users are able to automatically assign keywords to their images by leveraging the power of cloud with privacy protected. CPAR proposes a novel privacy-preserving randomized kd-forest structure, which significantly improves the annotation performance compared with existing research. Thorough analysis is carried out to demonstrate the security of CPAR. Experimental evaluation on the well-known IAPR TC-12 dataset validates the efficiency and effectiveness of CPAR.