secure

Title: Money and Trust in Metaverses, Bitcoin and Stablecoins in global social XR. (arXiv:2207.09460v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2207.09460
• Code URL: null
• Copy Paste: [[2207.09460] Money and Trust in Metaverses, Bitcoin and Stablecoins in global social XR](http://arxiv.org/abs/2207.09460)
• Summary:

  We present a state of the art and positioning book, about Web3, Bitcoin, and Metaverse'; describing the intersections and synergies. A high level overview of Web3 technologies leads to a description of blockchain, and the Bitcoin network is specifically selected for detailed examination. Suitable components of the extended Bitcoin ecosystem are described in more depth. Other mechanisms for native digital value transfer are described, with a focus onmoney'. Metaverse technology is over-viewed, primarily from the perspective of Bitcoin and extended reality.\par Bitcoin is selected as the best contender for value transfer in metaverses because of it's free and open source nature, and network effect. Challenges and risks of this approach are identified. A cloud deployable virtual machine based technology stack deployment guide with a focus on cybersecurity best practice can be downloaded from GitHub to experiment with the technologies. This deployable lab is designed to inform development of secure value transaction, for small and medium sized companies.

Title: The Poisson binomial mechanism for secure and private federated learning. (arXiv:2207.09916v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2207.09916
• Code URL: null
• Copy Paste: [[2207.09916] The Poisson binomial mechanism for secure and private federated learning](http://arxiv.org/abs/2207.09916)
• Summary:

  We introduce the Poisson Binomial mechanism (PBM), a discrete differential privacy mechanism for distributed mean estimation (DME) with applications to federated learning and analytics. We provide a tight analysis of its privacy guarantees, showing that it achieves the same privacy-accuracy trade-offs as the continuous Gaussian mechanism. Our analysis is based on a novel bound on the R\'enyi divergence of two Poisson binomial distributions that may be of independent interest.

Unlike previous discrete DP schemes based on additive noise, our mechanism encodes local information into a parameter of the binomial distribution, and hence the output distribution is discrete with bounded support. Moreover, the support does not increase as the privacy budget $\varepsilon \rightarrow 0$ as in the case of additive schemes which require the addition of more noise to achieve higher privacy; on the contrary, the support becomes smaller as $\varepsilon \rightarrow 0$. The bounded support enables us to combine our mechanism with secure aggregation (SecAgg), a multi-party cryptographic protocol, without the need of performing modular clipping which results in an unbiased estimator of the sum of the local vectors. This in turn allows us to apply it in the private FL setting and provide an upper bound on the convergence rate of the SGD algorithm. Moreover, since the support of the output distribution becomes smaller as $\varepsilon \rightarrow 0$, the communication cost of our scheme decreases with the privacy constraint $\varepsilon$, outperforming all previous distributed DP schemes based on additive noise in the high privacy or low communication regimes.

security

Title: EVHA: Explainable Vision System for Hardware Testing and Assurance -- An Overview. (arXiv:2207.09627v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2207.09627
• Code URL: null
• Copy Paste: [[2207.09627] EVHA: Explainable Vision System for Hardware Testing and Assurance -- An Overview](http://arxiv.org/abs/2207.09627)
• Summary:

  Due to the ever-growing demands for electronic chips in different sectors the semiconductor companies have been mandated to offshore their manufacturing processes. This unwanted matter has made security and trustworthiness of their fabricated chips concerning and caused creation of hardware attacks. In this condition, different entities in the semiconductor supply chain can act maliciously and execute an attack on the design computing layers, from devices to systems. Our attack is a hardware Trojan that is inserted during mask generation/fabrication in an untrusted foundry. The Trojan leaves a footprint in the fabricated through addition, deletion, or change of design cells. In order to tackle this problem, we propose Explainable Vision System for Hardware Testing and Assurance (EVHA) in this work that can detect the smallest possible change to a design in a low-cost, accurate, and fast manner. The inputs to this system are Scanning Electron Microscopy (SEM) images acquired from the Integrated Circuits (ICs) under examination. The system output is determination of IC status in terms of having any defect and/or hardware Trojan through addition, deletion, or change in the design cells at the cell-level. This article provides an overview on the design, development, implementation, and analysis of our defense system.

Title: Economics and Optimal Investment Policies of Attackers and Defenders in Cybersecurity. (arXiv:2207.09497v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2207.09497
• Code URL: null
• Copy Paste: [[2207.09497] Economics and Optimal Investment Policies of Attackers and Defenders in Cybersecurity](http://arxiv.org/abs/2207.09497)
• Summary:

  In our time cybersecurity has grown to be a topic of massive proportion at the national and enterprise levels. Our thesis is that the economic perspective and investment decision-making are vital factors in determining the outcome of the struggle. To build our economic framework, we borrow from the pioneering work of Gordon and Loeb in which the Defender optimally trades-off investments for lower likelihood of its system breach. Our two-sided model additionally has an Attacker, assumed to be rational and also guided by economic considerations in its decision-making, to which the Defender responds. Our model is a simplified adaptation of a model proposed during the Cold War for weapons deployment in the US. Our model may also be viewed as a Stackelberg game and, from an analytic perspective, as a Max-Min problem, the analysis of which is known to have to contend with discontinuous behavior. The complexity of our simple model is rooted in its inherent nonlinearity and, more consequentially, non-convexity of the objective function in the optimization. The possibilities of the Attacker's actions add substantially to the risk to the Defender, and the Defender's rational, risk-neutral optimal investments in general substantially exceed the optimal investments predicted by the one-sided Gordon-Loeb model. We obtain a succinct set of three decision types that categorize all of the Defender's optimal investment decisions. Also, the Defender's optimal decisions exhibit discontinuous behavior as the initial vulnerability of its system is varied. The analysis is supplemented by extensive numerical illustrations. The results from our model open several major avenues for future work.

Title: Thoughts on child safety on commodity platforms. (arXiv:2207.09506v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2207.09506
• Code URL: null
• Copy Paste: [[2207.09506] Thoughts on child safety on commodity platforms](http://arxiv.org/abs/2207.09506)
• Summary:

  The explosion of global social media and online communication platforms has changed how we interact with each other and as a society, bringing with it new security and privacy challenges. Like all technologies, these platforms can be abused and they are routinely used to attempt to cause harm at scale. One of the most significant offence types that is enabled by these platforms is child sexual abuse - both scaling existing abuse and enabling entirely new types of online-only abuse where the impacts on the victim are equally catastrophic. Many platforms invest significantly in combating this crime, referring confirmed evidence of illegality to law enforcement. The introduction of end-to-end encryption and similar technologies breaks many of the mitigations in place today and this has led to a debate around the apparent dichotomy of good child safety and good general user privacy and security. This debate has concentrated on the problem of detecting offenders sharing known abuse imagery using a technique known as client side scanning. We will show that the real problem of online child sexual abuse is much more complex than offender image sharing, providing a new set of 'harm archetypes' to better group harms into categories that have similar technical characteristics and, as far as we are able, bring more clarity to the processes currently used by platforms and law enforcement in relation to child sexual abuse content and the real world impacts. We explore, at a high level, a variety of techniques that could be used as part of any potential solution and examine the benefits and disbenefits that may accrue in various use cases, and use a hypothetical service as an example of how various techniques could be brought together to provide both user privacy and security, while protecting child safety and enabling law enforcement action.

Title: Revealing Secrets From Pre-trained Models. (arXiv:2207.09539v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2207.09539
• Code URL: null
• Copy Paste: [[2207.09539] Revealing Secrets From Pre-trained Models](http://arxiv.org/abs/2207.09539)
• Summary:

  With the growing burden of training deep learning models with large data sets, transfer-learning has been widely adopted in many emerging deep learning algorithms. Transformer models such as BERT are the main player in natural language processing and use transfer-learning as a de facto standard training method. A few big data companies release pre-trained models that are trained with a few popular datasets with which end users and researchers fine-tune the model with their own datasets. Transfer-learning significantly reduces the time and effort of training models. However, it comes at the cost of security concerns. In this paper, we show a new observation that pre-trained models and fine-tuned models have significantly high similarities in weight values. Also, we demonstrate that there exist vendor-specific computing patterns even for the same models. With these new findings, we propose a new model extraction attack that reveals the model architecture and the pre-trained model used by the black-box victim model with vendor-specific computing patterns and then estimates the entire model weights based on the weight value similarities between the fine-tuned model and pre-trained model. We also show that the weight similarity can be leveraged for increasing the model extraction feasibility through a novel weight extraction pruning.

Title: Bayesian Hyperparameter Optimization for Deep Neural Network-Based Network Intrusion Detection. (arXiv:2207.09902v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2207.09902
• Code URL: null
• Copy Paste: [[2207.09902] Bayesian Hyperparameter Optimization for Deep Neural Network-Based Network Intrusion Detection](http://arxiv.org/abs/2207.09902)
• Summary:

  Traditional network intrusion detection approaches encounter feasibility and sustainability issues to combat modern, sophisticated, and unpredictable security attacks. Deep neural networks (DNN) have been successfully applied for intrusion detection problems. The optimal use of DNN-based classifiers requires careful tuning of the hyper-parameters. Manually tuning the hyperparameters is tedious, time-consuming, and computationally expensive. Hence, there is a need for an automatic technique to find optimal hyperparameters for the best use of DNN in intrusion detection. This paper proposes a novel Bayesian optimization-based framework for the automatic optimization of hyperparameters, ensuring the best DNN architecture. We evaluated the performance of the proposed framework on NSL-KDD, a benchmark dataset for network intrusion detection. The experimental results show the framework's effectiveness as the resultant DNN architecture demonstrates significantly higher intrusion detection performance than the random search optimization-based approach in terms of accuracy, precision, recall, and f1-score.

Title: Digital Twin-based Intrusion Detection for Industrial Control Systems. (arXiv:2207.09999v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2207.09999
• Code URL: https://github.com/sebavarghese/dt-based-ids-framework
• Copy Paste: [[2207.09999] Digital Twin-based Intrusion Detection for Industrial Control Systems](http://arxiv.org/abs/2207.09999)
• Summary:

  Digital twins have recently gained significant interest in simulation, optimization, and predictive maintenance of Industrial Control Systems (ICS). Recent studies discuss the possibility of using digital twins for intrusion detection in industrial systems. Accordingly, this study contributes to a digital twin-based security framework for industrial control systems, extending its capabilities for simulation of attacks and defense mechanisms. Four types of process-aware attack scenarios are implemented on a standalone open-source digital twin of an industrial filling plant: command injection, network Denial of Service (DoS), calculated measurement modification, and naive measurement modification. A stacked ensemble classifier is proposed as the real-time intrusion detection, based on the offline evaluation of eight supervised machine learning algorithms. The designed stacked model outperforms previous methods in terms of F1-Score and accuracy, by combining the predictions of various algorithms, while it can detect and classify intrusions in near real-time (0.1 seconds). This study also discusses the practicality and benefits of the proposed digital twin-based security framework.

privacy

Title: Learning from few examples: Classifying sex from retinal images via deep learning. (arXiv:2207.09624v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2207.09624
• Code URL: null
• Copy Paste: [[2207.09624] Learning from few examples: Classifying sex from retinal images via deep learning](http://arxiv.org/abs/2207.09624)
• Summary:

  Deep learning has seen tremendous interest in medical imaging, particularly in the use of convolutional neural networks (CNNs) for developing automated diagnostic tools. The facility of its non-invasive acquisition makes retinal fundus imaging amenable to such automated approaches. Recent work in analyzing fundus images using CNNs relies on access to massive data for training and validation - hundreds of thousands of images. However, data residency and data privacy restrictions stymie the applicability of this approach in medical settings where patient confidentiality is a mandate. Here, we showcase results for the performance of DL on small datasets to classify patient sex from fundus images - a trait thought not to be present or quantifiable in fundus images until recently. We fine-tune a Resnet-152 model whose last layer has been modified for binary classification. In several experiments, we assess performance in the small dataset context using one private (DOVS) and one public (ODIR) data source. Our models, developed using approximately 2500 fundus images, achieved test AUC scores of up to 0.72 (95% CI: [0.67, 0.77]). This corresponds to a mere 25% decrease in performance despite a nearly 1000-fold decrease in the dataset size compared to prior work in the literature. Even with a hard task like sex categorization from retinal images, we find that classification is possible with very small datasets. Additionally, we perform domain adaptation experiments between DOVS and ODIR; explore the effect of data curation on training and generalizability; and investigate model ensembling to maximize CNN classifier performance in the context of small development datasets.

Title: Can Causal (and Counterfactual) Reasoning improve Privacy Threat Modelling?. (arXiv:2207.09746v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2207.09746
• Code URL: null
• Copy Paste: [[2207.09746] Can Causal (and Counterfactual) Reasoning improve Privacy Threat Modelling?](http://arxiv.org/abs/2207.09746)
• Summary:

  Causal questions often permeate in our day-to-day activities. With causal reasoning and counterfactual intuition, privacy threats can not only be alleviated but also prevented. In this paper, we discuss what is causal and counterfactual reasoning and how this can be applied in the field of privacy threat modelling (PTM). We believe that the future of PTM relies on how we can causally and counterfactually imagine cybersecurity threats and incidents.

Title: Fair Context-Aware Privacy Threat Modelling. (arXiv:2207.09750v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2207.09750
• Code URL: null
• Copy Paste: [[2207.09750] Fair Context-Aware Privacy Threat Modelling](http://arxiv.org/abs/2207.09750)
• Summary:

  Given the progressive nature of the world today, fairness is a very important social aspect in various areas, and it has long been studied with the advent of technology. To the best of our knowledge, methods of quantifying fairness errors and fairness in privacy threat models have been absent. To this end, in this short paper, we examine notions of fairness in privacy threat modelling due to different causes of privacy threats within a particular situation/context and that across contexts.

Title: Design and implementation of a DApp to store health data. (arXiv:2207.09919v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2207.09919
• Code URL: null
• Copy Paste: [[2207.09919] Design and implementation of a DApp to store health data](http://arxiv.org/abs/2207.09919)
• Summary:

  This work presents the design and implementation of a decentralized application (DApp) that aims to guarantee the privacy of data related to the health area, which are stored and shared within a blockchain network. For this, encryption with RSA, ECC and AES algorithms is used. The platforms, technologies, tools and libraries required for development are presented, as well as implementation details.

Title: Upgrading the protection of children from manipulative and addictive strategies in online games: Legal and technical solutions beyond privacy regulation. (arXiv:2207.09928v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2207.09928
• Code URL: null
• Copy Paste: [[2207.09928] Upgrading the protection of children from manipulative and addictive strategies in online games: Legal and technical solutions beyond privacy regulation](http://arxiv.org/abs/2207.09928)
• Summary:

  Despite the increasing awareness from academia, civil society and media to the issue of child manipulation online, the current EU regulatory system fails at providing sufficient levels of protection. Given the universality of the issue, there is a need to combine and further these scattered efforts into a unitary, multidisciplinary theory of digital manipulation that identifies causes and effects, systematizes the technical and legal knowledge on manipulative and addictive tactics, and to find effective regulatory mechanisms to fill the legislative gaps. In this paper we discuss manipulative and exploitative strategies in the context of online games for children, suggest a number of possible reasons for the failure of the applicable regulatory system, propose an "upgrade" for the regulatory approach to address these risks from the perspective of freedom of thought, and present and discuss technological approaches that allow for the development of games that verifiably protect the privacy and freedoms of players.

protect

Title: Discover and Mitigate Unknown Biases with Debiasing Alternate Networks. (arXiv:2207.10077v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2207.10077
• Code URL: https://github.com/zhihengli-UR/DebiAN
• Copy Paste: [[2207.10077] Discover and Mitigate Unknown Biases with Debiasing Alternate Networks](http://arxiv.org/abs/2207.10077)
• Summary:

  Deep image classifiers have been found to learn biases from datasets. To mitigate the biases, most previous methods require labels of protected attributes (e.g., age, skin tone) as full-supervision, which has two limitations: 1) it is infeasible when the labels are unavailable; 2) they are incapable of mitigating unknown biases -- biases that humans do not preconceive. To resolve those problems, we propose Debiasing Alternate Networks (DebiAN), which comprises two networks -- a Discoverer and a Classifier. By training in an alternate manner, the discoverer tries to find multiple unknown biases of the classifier without any annotations of biases, and the classifier aims at unlearning the biases identified by the discoverer. While previous works evaluate debiasing results in terms of a single bias, we create Multi-Color MNIST dataset to better benchmark mitigation of multiple biases in a multi-bias setting, which not only reveals the problems in previous methods but also demonstrates the advantage of DebiAN in identifying and mitigating multiple biases simultaneously. We further conduct extensive experiments on real-world datasets, showing that the discoverer in DebiAN can identify unknown biases that may be hard to be found by humans. Regarding debiasing, DebiAN achieves strong bias mitigation performance.

Title: Contaminant source identification in groundwater by means of artificial neural network. (arXiv:2207.09459v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2207.09459
• Code URL: null
• Copy Paste: [[2207.09459] Contaminant source identification in groundwater by means of artificial neural network](http://arxiv.org/abs/2207.09459)
• Summary:

  In a desired environmental protection system, groundwater may not be excluded. In addition to the problem of over-exploitation, in total disagreement with the concept of sustainable development, another not negligible issue concerns the groundwater contamination. Mainly, this aspect is due to intensive agricultural activities or industrialized areas. In literature, several papers have dealt with transport problem, especially for inverse problems in which the release history or the source location are identified. The innovative aim of the paper is to develop a data-driven model that is able to analyze multiple scenarios, even strongly non-linear, in order to solve forward and inverse transport problems, preserving the reliability of the results and reducing the uncertainty. Furthermore, this tool has the characteristic of providing extremely fast responses, essential to identify remediation strategies immediately. The advantages produced by the model were compared with literature studies. In this regard, a feedforward artificial neural network, which has been trained to handle different cases, represents the data-driven model. Firstly, to identify the concentration of the pollutant at specific observation points in the study area (forward problem); secondly, to deal with inverse problems identifying the release history at known source location; then, in case of one contaminant source, identifying the release history and, at the same time, the location of the source in a specific sub-domain of the investigated area. At last, the observation error is investigated and estimated. The results are satisfactorily achieved, highlighting the capability of the ANN to deal with multiple scenarios by approximating nonlinear functions without the physical point of view that describes the phenomenon, providing reliable results, with very low computational burden and uncertainty.

defense

Title: Towards Robust Multivariate Time-Series Forecasting: Adversarial Attacks and Defense Mechanisms. (arXiv:2207.09572v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2207.09572
• Code URL: null
• Copy Paste: [[2207.09572] Towards Robust Multivariate Time-Series Forecasting: Adversarial Attacks and Defense Mechanisms](http://arxiv.org/abs/2207.09572)
• Summary:

  As deep learning models have gradually become the main workhorse of time series forecasting, the potential vulnerability under adversarial attacks to forecasting and decision system accordingly has emerged as a main issue in recent years. Albeit such behaviors and defense mechanisms started to be investigated for the univariate time series forecasting, there are still few studies regarding the multivariate forecasting which is often preferred due to its capacity to encode correlations between different time series. In this work, we study and design adversarial attack on multivariate probabilistic forecasting models, taking into consideration attack budget constraints and the correlation architecture between multiple time series. Specifically, we investigate a sparse indirect attack that hurts the prediction of an item (time series) by only attacking the history of a small number of other items to save attacking cost. In order to combat these attacks, we also develop two defense strategies. First, we adopt randomized smoothing to multivariate time series scenario and verify its effectiveness via empirical experiments. Second, we leverage a sparse attacker to enable end-to-end adversarial training that delivers robust probabilistic forecasters. Extensive experiments on real dataset confirm that our attack schemes are powerful and our defend algorithms are more effective compared with other baseline defense mechanisms.

attack

Title: On the Versatile Uses of Partial Distance Correlation in Deep Learning. (arXiv:2207.09684v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2207.09684
• Code URL: https://github.com/zhenxingjian/partial_distance_correlation
• Copy Paste: [[2207.09684] On the Versatile Uses of Partial Distance Correlation in Deep Learning](http://arxiv.org/abs/2207.09684)
• Summary:

  Comparing the functional behavior of neural network models, whether it is a single network over time or two (or more networks) during or post-training, is an essential step in understanding what they are learning (and what they are not), and for identifying strategies for regularization or efficiency improvements. Despite recent progress, e.g., comparing vision transformers to CNNs, systematic comparison of function, especially across different networks, remains difficult and is often carried out layer by layer. Approaches such as canonical correlation analysis (CCA) are applicable in principle, but have been sparingly used so far. In this paper, we revisit a (less widely known) from statistics, called distance correlation (and its partial variant), designed to evaluate correlation between feature spaces of different dimensions. We describe the steps necessary to carry out its deployment for large scale models -- this opens the door to a surprising array of applications ranging from conditioning one deep model w.r.t. another, learning disentangled representations as well as optimizing diverse models that would directly be more robust to adversarial attacks. Our experiments suggest a versatile regularizer (or constraint) with many advantages, which avoids some of the common difficulties one faces in such analyses. Code is at https://github.com/zhenxingjian/Partial_Distance_Correlation.

Title: Adaptive Mixture of Experts Learning for Generalizable Face Anti-Spoofing. (arXiv:2207.09868v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2207.09868
• Code URL: null
• Copy Paste: [[2207.09868] Adaptive Mixture of Experts Learning for Generalizable Face Anti-Spoofing](http://arxiv.org/abs/2207.09868)
• Summary:

  With various face presentation attacks emerging continually, face anti-spoofing (FAS) approaches based on domain generalization (DG) have drawn growing attention. Existing DG-based FAS approaches always capture the domain-invariant features for generalizing on the various unseen domains. However, they neglect individual source domains' discriminative characteristics and diverse domain-specific information of the unseen domains, and the trained model is not sufficient to be adapted to various unseen domains. To address this issue, we propose an Adaptive Mixture of Experts Learning (AMEL) framework, which exploits the domain-specific information to adaptively establish the link among the seen source domains and unseen target domains to further improve the generalization. Concretely, Domain-Specific Experts (DSE) are designed to investigate discriminative and unique domain-specific features as a complement to common domain-invariant features. Moreover, Dynamic Expert Aggregation (DEA) is proposed to adaptively aggregate the complementary information of each source expert based on the domain relevance to the unseen target domain. And combined with meta-learning, these modules work collaboratively to adaptively aggregate meaningful domain-specific information for the various unseen target domains. Extensive experiments and visualizations demonstrate the effectiveness of our method against the state-of-the-art competitors.

Title: MLMSA: Multi-Label Multi-Side-Channel-Information enabled Deep Learning Attacks on APUF Variants. (arXiv:2207.09744v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2207.09744
• Code URL: null
• Copy Paste: [[2207.09744] MLMSA: Multi-Label Multi-Side-Channel-Information enabled Deep Learning Attacks on APUF Variants](http://arxiv.org/abs/2207.09744)
• Summary:

  To improve the modeling resilience of silicon strong physical unclonable functions (PUFs), in particular, the APUFs, that yield a very large number of challenge response pairs (CRPs), a number of composited APUF variants such as XOR-APUF, interpose-PUF (iPUF), feed-forward APUF (FF-APUF),and OAX-APUF have been devised. When examining their security in terms of modeling resilience, utilizing multiple information sources such as power side channel information (SCI) or/and reliability SCI given a challenge is under-explored, which poses a challenge to their supposed modeling resilience in practice. Building upon multi-label/head deep learning model architecture,this work proposes Multi-Label Multi-Side-channel-information enabled deep learning Attacks (MLMSA) to thoroughly evaluate the modeling resilience of aforementioned APUF variants. Despite its simplicity, MLMSA can successfully break large-scaled APUF variants, which has not previously been achieved. More precisely, the MLMSA breaks 128-stage 30-XOR-APUF, (9, 9)- and (2, 18)-iPUFs, and (2, 2, 30)-OAX-APUF when CRPs, power SCI and reliability SCI are concurrently used. It breaks 128-stage 12-XOR-APUF and (2, 2, 9)-OAX-APUF even when only the easy-to-obtain reliability SCI and CRPs are exploited. The 128-stage six-loop FF-APUF and one-loop 20-XOR-FF-APUF can be broken by simultaneously using reliability SCI and CRPs. All these attacks are normally completed within an hour with a standard personalcomputer. Therefore, MLMSA is a useful technique for evaluating other existing or any emerging strong PUF designs.

Title: Online Evasion Attacks on Recurrent Models:The Power of Hallucinating the Future. (arXiv:2207.09912v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2207.09912
• Code URL: null
• Copy Paste: [[2207.09912] Online Evasion Attacks on Recurrent Models:The Power of Hallucinating the Future](http://arxiv.org/abs/2207.09912)
• Summary:

  Recurrent models are frequently being used in online tasks such as autonomous driving, and a comprehensive study of their vulnerability is called for. Existing research is limited in generality only addressing application-specific vulnerability or making implausible assumptions such as the knowledge of future input. In this paper, we present a general attack framework for online tasks incorporating the unique constraints of the online setting different from offline tasks. Our framework is versatile in that it covers time-varying adversarial objectives and various optimization constraints, allowing for a comprehensive study of robustness. Using the framework, we also present a novel white-box attack called Predictive Attack that `hallucinates' the future. The attack achieves 98 percent of the performance of the ideal but infeasible clairvoyant attack on average. We validate the effectiveness of the proposed framework and attacks through various experiments.

robust

Title: Towards Accurate and Robust Classification in Continuously Transitioning Industrial Sprays with Mixup. (arXiv:2207.09609v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2207.09609
• Code URL: null
• Copy Paste: [[2207.09609] Towards Accurate and Robust Classification in Continuously Transitioning Industrial Sprays with Mixup](http://arxiv.org/abs/2207.09609)
• Summary:

  Image classification with deep neural networks has seen a surge of technological breakthroughs with promising applications in areas such as face recognition, medical imaging, and autonomous driving. In engineering problems, however, such as high-speed imaging of engine fuel injector sprays or body paint sprays, deep neural networks face a fundamental challenge related to the availability of adequate and diverse data. Typically, only thousands or sometimes even hundreds of samples are available for training. In addition, the transition between different spray classes is a continuum and requires a high level of domain expertise to label the images accurately. In this work, we used Mixup as an approach to systematically deal with the data scarcity and ambiguous class boundaries found in industrial spray applications. We show that data augmentation can mitigate the over-fitting problem of large neural networks on small data sets, to a certain level, but cannot fundamentally resolve the issue. We discuss how a convex linear interpolation of different classes naturally aligns with the continuous transition between different classes in our application. Our experiments demonstrate Mixup as a simple yet effective method to train an accurate and robust deep neural network classifier with only a few hundred samples.

Title: BigColor: Colorization using a Generative Color Prior for Natural Images. (arXiv:2207.09685v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2207.09685
• Code URL: null
• Copy Paste: [[2207.09685] BigColor: Colorization using a Generative Color Prior for Natural Images](http://arxiv.org/abs/2207.09685)
• Summary:

  For realistic and vivid colorization, generative priors have recently been exploited. However, such generative priors often fail for in-the-wild complex images due to their limited representation space. In this paper, we propose BigColor, a novel colorization approach that provides vivid colorization for diverse in-the-wild images with complex structures. While previous generative priors are trained to synthesize both image structures and colors, we learn a generative color prior to focus on color synthesis given the spatial structure of an image. In this way, we reduce the burden of synthesizing image structures from the generative prior and expand its representation space to cover diverse images. To this end, we propose a BigGAN-inspired encoder-generator network that uses a spatial feature map instead of a spatially-flattened BigGAN latent code, resulting in an enlarged representation space. Our method enables robust colorization for diverse inputs in a single forward pass, supports arbitrary input resolutions, and provides multi-modal colorization results. We demonstrate that BigColor significantly outperforms existing methods especially on in-the-wild images with complex structures.

Title: Uncertainty Inspired Underwater Image Enhancement. (arXiv:2207.09689v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2207.09689
• Code URL: https://github.com/zhenqifu/puie-net
• Copy Paste: [[2207.09689] Uncertainty Inspired Underwater Image Enhancement](http://arxiv.org/abs/2207.09689)
• Summary:

  A main challenge faced in the deep learning-based Underwater Image Enhancement (UIE) is that the ground truth high-quality image is unavailable. Most of the existing methods first generate approximate reference maps and then train an enhancement network with certainty. This kind of method fails to handle the ambiguity of the reference map. In this paper, we resolve UIE into distribution estimation and consensus process. We present a novel probabilistic network to learn the enhancement distribution of degraded underwater images. Specifically, we combine conditional variational autoencoder with adaptive instance normalization to construct the enhancement distribution. After that, we adopt a consensus process to predict a deterministic result based on a set of samples from the distribution. By learning the enhancement distribution, our method can cope with the bias introduced in the reference map labeling to some extent. Additionally, the consensus process is useful to capture a robust and stable result. We examined the proposed method on two widely used real-world underwater image enhancement datasets. Experimental results demonstrate that our approach enables sampling possible enhancement predictions. Meanwhile, the consensus estimate yields competitive performance compared with state-of-the-art UIE methods. Code available at https://github.com/zhenqifu/PUIE-Net.

Title: Robust Object Detection With Inaccurate Bounding Boxes. (arXiv:2207.09697v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2207.09697
• Code URL: null
• Copy Paste: [[2207.09697] Robust Object Detection With Inaccurate Bounding Boxes](http://arxiv.org/abs/2207.09697)
• Summary:

  Learning accurate object detectors often requires large-scale training data with precise object bounding boxes. However, labeling such data is expensive and time-consuming. As the crowd-sourcing labeling process and the ambiguities of the objects may raise noisy bounding box annotations, the object detectors will suffer from the degenerated training data. In this work, we aim to address the challenge of learning robust object detectors with inaccurate bounding boxes. Inspired by the fact that localization precision suffers significantly from inaccurate bounding boxes while classification accuracy is less affected, we propose leveraging classification as a guidance signal for refining localization results. Specifically, by treating an object as a bag of instances, we introduce an Object-Aware Multiple Instance Learning approach (OA-MIL), featured with object-aware instance selection and object-aware instance extension. The former aims to select accurate instances for training, instead of directly using inaccurate box annotations. The latter focuses on generating high-quality instances for selection. Extensive experiments on synthetic noisy datasets (i.e., noisy PASCAL VOC and MS-COCO) and a real noisy wheat head dataset demonstrate the effectiveness of our OA-MIL. Code is available at https://github.com/cxliu0/OA-MIL.

Title: OTPose: Occlusion-Aware Transformer for Pose Estimation in Sparsely-Labeled Videos. (arXiv:2207.09725v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2207.09725
• Code URL: null
• Copy Paste: [[2207.09725] OTPose: Occlusion-Aware Transformer for Pose Estimation in Sparsely-Labeled Videos](http://arxiv.org/abs/2207.09725)
• Summary:

  Although many approaches for multi-human pose estimation in videos have shown profound results, they require densely annotated data which entails excessive man labor. Furthermore, there exists occlusion and motion blur that inevitably lead to poor estimation performance. To address these problems, we propose a method that leverages an attention mask for occluded joints and encodes temporal dependency between frames using transformers. First, our framework composes different combinations of sparsely annotated frames that denote the track of the overall joint movement. We propose an occlusion attention mask from these combinations that enable encoding occlusion-aware heatmaps as a semi-supervised task. Second, the proposed temporal encoder employs transformer architecture to effectively aggregate the temporal relationship and keypoint-wise attention from each time step and accurately refines the target frame's final pose estimation. We achieve state-of-the-art pose estimation results for PoseTrack2017 and PoseTrack2018 datasets and demonstrate the robustness of our approach to occlusion and motion blur in sparsely annotated video data.

Title: CrossHuman: Learning Cross-Guidance from Multi-Frame Images for Human Reconstruction. (arXiv:2207.09735v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2207.09735
• Code URL: null
• Copy Paste: [[2207.09735] CrossHuman: Learning Cross-Guidance from Multi-Frame Images for Human Reconstruction](http://arxiv.org/abs/2207.09735)
• Summary:

  We propose CrossHuman, a novel method that learns cross-guidance from parametric human model and multi-frame RGB images to achieve high-quality 3D human reconstruction. To recover geometry details and texture even in invisible regions, we design a reconstruction pipeline combined with tracking-based methods and tracking-free methods. Given a monocular RGB sequence, we track the parametric human model in the whole sequence, the points (voxels) corresponding to the target frame are warped to reference frames by the parametric body motion. Guided by the geometry priors of the parametric body and spatially aligned features from RGB sequence, the robust implicit surface is fused. Moreover, a multi-frame transformer (MFT) and a self-supervised warp refinement module are integrated to the framework to relax the requirements of parametric body and help to deal with very loose cloth. Compared with previous works, our CrossHuman enables high-fidelity geometry details and texture in both visible and invisible regions and improves the accuracy of the human reconstruction even under estimated inaccurate parametric human models. The experiments demonstrate that our method achieves state-of-the-art (SOTA) performance.

Title: Collaborating Domain-shared and Target-specific Feature Clustering for Cross-domain 3D Action Recognition. (arXiv:2207.09767v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2207.09767
• Code URL: https://github.com/canbaoburen/CoDT
• Copy Paste: [[2207.09767] Collaborating Domain-shared and Target-specific Feature Clustering for Cross-domain 3D Action Recognition](http://arxiv.org/abs/2207.09767)
• Summary:

  In this work, we consider the problem of cross-domain 3D action recognition in the open-set setting, which has been rarely explored before. Specifically, there is a source domain and a target domain that contain the skeleton sequences with different styles and categories, and our purpose is to cluster the target data by utilizing the labeled source data and unlabeled target data. For such a challenging task, this paper presents a novel approach dubbed CoDT to collaboratively cluster the domain-shared features and target-specific features. CoDT consists of two parallel branches. One branch aims to learn domain-shared features with supervised learning in the source domain, while the other is to learn target-specific features using contrastive learning in the target domain. To cluster the features, we propose an online clustering algorithm that enables simultaneous promotion of robust pseudo label generation and feature clustering. Furthermore, to leverage the complementarity of domain-shared features and target-specific features, we propose a novel collaborative clustering strategy to enforce pair-wise relationship consistency between the two branches. We conduct extensive experiments on multiple cross-domain 3D action recognition datasets, and the results demonstrate the effectiveness of our method.

Title: FaceFormer: Scale-aware Blind Face Restoration with Transformers. (arXiv:2207.09790v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2207.09790
• Code URL: null
• Copy Paste: [[2207.09790] FaceFormer: Scale-aware Blind Face Restoration with Transformers](http://arxiv.org/abs/2207.09790)
• Summary:

  Blind face restoration usually encounters with diverse scale face inputs, especially in the real world. However, most of the current works support specific scale faces, which limits its application ability in real-world scenarios. In this work, we propose a novel scale-aware blind face restoration framework, named FaceFormer, which formulates facial feature restoration as scale-aware transformation. The proposed Facial Feature Up-sampling (FFUP) module dynamically generates upsampling filters based on the original scale-factor priors, which facilitate our network to adapt to arbitrary face scales. Moreover, we further propose the facial feature embedding (FFE) module which leverages transformer to hierarchically extract diversity and robustness of facial latent. Thus, our FaceFormer achieves fidelity and robustness restored faces, which possess realistic and symmetrical details of facial components. Extensive experiments demonstrate that our proposed method trained with synthetic dataset generalizes better to a natural low quality images than current state-of-the-arts.

Title: Unsupervised Industrial Anomaly Detection via Pattern Generative and Contrastive Networks. (arXiv:2207.09792v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2207.09792
• Code URL: null
• Copy Paste: [[2207.09792] Unsupervised Industrial Anomaly Detection via Pattern Generative and Contrastive Networks](http://arxiv.org/abs/2207.09792)
• Summary:

  It is hard to collect enough flaw images for training deep learning network in industrial production. Therefore, existing industrial anomaly detection methods prefer to use CNN-based unsupervised detection and localization network to achieve this task. However, these methods always fail when there are varieties happened in new signals since traditional end-to-end networks suffer barriers of fitting nonlinear model in high-dimensional space. Moreover, they have a memory library by clustering the feature of normal images essentially, which cause it is not robust to texture change. To this end, we propose the Vision Transformer based (VIT-based) unsupervised anomaly detection network. It utilizes a hierarchical task learning and human experience to enhance its interpretability. Our network consists of pattern generation and comparison networks. Pattern generation network uses two VIT-based encoder modules to extract the feature of two consecutive image patches, then uses VIT-based decoder module to learn the human designed style of these features and predict the third image patch. After this, we use the Siamese-based network to compute the similarity of the generation image patch and original image patch. Finally, we refine the anomaly localization by the bi-directional inference strategy. Comparison experiments on public dataset MVTec dataset show our method achieves 99.8% AUC, which surpasses previous state-of-the-art methods. In addition, we give a qualitative illustration on our own leather and cloth datasets. The accurate segment results strongly prove the accuracy of our method in anomaly detection.

Title: Robust Landmark-based Stent Tracking in X-ray Fluoroscopy. (arXiv:2207.09933v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2207.09933
• Code URL: null
• Copy Paste: [[2207.09933] Robust Landmark-based Stent Tracking in X-ray Fluoroscopy](http://arxiv.org/abs/2207.09933)
• Summary:

  In clinical procedures of angioplasty (i.e., open clogged coronary arteries), devices such as balloons and stents need to be placed and expanded in arteries under the guidance of X-ray fluoroscopy. Due to the limitation of X-ray dose, the resulting images are often noisy. To check the correct placement of these devices, typically multiple motion-compensated frames are averaged to enhance the view. Therefore, device tracking is a necessary procedure for this purpose. Even though angioplasty devices are designed to have radiopaque markers for the ease of tracking, current methods struggle to deliver satisfactory results due to the small marker size and complex scenes in angioplasty. In this paper, we propose an end-to-end deep learning framework for single stent tracking, which consists of three hierarchical modules: U-Net based landmark detection, ResNet based stent proposal and feature extraction, and graph convolutional neural network (GCN) based stent tracking that temporally aggregates both spatial information and appearance features. The experiments show that our method performs significantly better in detection compared with the state-of-the-art point-based tracking models. In addition, its fast inference speed satisfies clinical requirements.

Title: Towards Efficient and Scale-Robust Ultra-High-Definition Image Demoireing. (arXiv:2207.09935v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2207.09935
• Code URL: https://github.com/CVMI-Lab/UHDM
• Copy Paste: [[2207.09935] Towards Efficient and Scale-Robust Ultra-High-Definition Image Demoireing](http://arxiv.org/abs/2207.09935)
• Summary:

  With the rapid development of mobile devices, modern widely-used mobile phones typically allow users to capture 4K resolution (i.e., ultra-high-definition) images. However, for image demoireing, a challenging task in low-level vision, existing works are generally carried out on low-resolution or synthetic images. Hence, the effectiveness of these methods on 4K resolution images is still unknown. In this paper, we explore moire pattern removal for ultra-high-definition images. To this end, we propose the first ultra-high-definition demoireing dataset (UHDM), which contains 5,000 real-world 4K resolution image pairs, and conduct a benchmark study on current state-of-the-art methods. Further, we present an efficient baseline model ESDNet for tackling 4K moire images, wherein we build a semantic-aligned scale-aware module to address the scale variation of moire patterns. Extensive experiments manifest the effectiveness of our approach, which outperforms state-of-the-art methods by a large margin while being much more lightweight. Code and dataset are available at https://xinyu-andy.github.io/uhdm-page.

Title: Tailoring Self-Supervision for Supervised Learning. (arXiv:2207.10023v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2207.10023
• Code URL: https://github.com/wjun0830/localizable-rotation
• Copy Paste: [[2207.10023] Tailoring Self-Supervision for Supervised Learning](http://arxiv.org/abs/2207.10023)
• Summary:

  Recently, it is shown that deploying a proper self-supervision is a prospective way to enhance the performance of supervised learning. Yet, the benefits of self-supervision are not fully exploited as previous pretext tasks are specialized for unsupervised representation learning. To this end, we begin by presenting three desirable properties for such auxiliary tasks to assist the supervised objective. First, the tasks need to guide the model to learn rich features. Second, the transformations involved in the self-supervision should not significantly alter the training distribution. Third, the tasks are preferred to be light and generic for high applicability to prior arts. Subsequently, to show how existing pretext tasks can fulfill these and be tailored for supervised learning, we propose a simple auxiliary self-supervision task, predicting localizable rotation (LoRot). Our exhaustive experiments validate the merits of LoRot as a pretext task tailored for supervised learning in terms of robustness and generalization capability. Our code is available at https://github.com/wjun0830/Localizable-Rotation.

Title: 3D Clothed Human Reconstruction in the Wild. (arXiv:2207.10053v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2207.10053
• Code URL: https://github.com/hygenie1228/clothwild_release
• Copy Paste: [[2207.10053] 3D Clothed Human Reconstruction in the Wild](http://arxiv.org/abs/2207.10053)
• Summary:

  Although much progress has been made in 3D clothed human reconstruction, most of the existing methods fail to produce robust results from in-the-wild images, which contain diverse human poses and appearances. This is mainly due to the large domain gap between training datasets and in-the-wild datasets. The training datasets are usually synthetic ones, which contain rendered images from GT 3D scans. However, such datasets contain simple human poses and less natural image appearances compared to those of real in-the-wild datasets, which makes generalization of it to in-the-wild images extremely challenging. To resolve this issue, in this work, we propose ClothWild, a 3D clothed human reconstruction framework that firstly addresses the robustness on in-thewild images. First, for the robustness to the domain gap, we propose a weakly supervised pipeline that is trainable with 2D supervision targets of in-the-wild datasets. Second, we design a DensePose-based loss function to reduce ambiguities of the weak supervision. Extensive empirical tests on several public in-the-wild datasets demonstrate that our proposed ClothWild produces much more accurate and robust results than the state-of-the-art methods. The codes are available in here: https://github.com/hygenie1228/ClothWild_RELEASE.

Title: Feasible Adversarial Robust Reinforcement Learning for Underspecified Environments. (arXiv:2207.09597v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2207.09597
• Code URL: null
• Copy Paste: [[2207.09597] Feasible Adversarial Robust Reinforcement Learning for Underspecified Environments](http://arxiv.org/abs/2207.09597)
• Summary:

  Robust reinforcement learning (RL) considers the problem of learning policies that perform well in the worst case among a set of possible environment parameter values. In real-world environments, choosing the set of possible values for robust RL can be a difficult task. When that set is specified too narrowly, the agent will be left vulnerable to reasonable parameter values unaccounted for. When specified too broadly, the agent will be too cautious. In this paper, we propose Feasible Adversarial Robust RL (FARR), a method for automatically determining the set of environment parameter values over which to be robust. FARR implicitly defines the set of feasible parameter values as those on which an agent could achieve a benchmark reward given enough training resources. By formulating this problem as a two-player zero-sum game, FARR jointly learns an adversarial distribution over parameter values with feasible support and a policy robust over this feasible parameter set. Using the PSRO algorithm to find an approximate Nash equilibrium in this FARR game, we show that an agent trained with FARR is more robust to feasible adversarial parameter selection than with existing minimax, domain-randomization, and regret objectives in a parameterized gridworld and three MuJoCo control environments.

Title: Generalizable and Robust Deep Learning Algorithm for Atrial Fibrillation Diagnosis Across Ethnicities, Ages and Sexes. (arXiv:2207.09667v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2207.09667
• Code URL: null
• Copy Paste: [[2207.09667] Generalizable and Robust Deep Learning Algorithm for Atrial Fibrillation Diagnosis Across Ethnicities, Ages and Sexes](http://arxiv.org/abs/2207.09667)
• Summary:

  To drive health innovation that meets the needs of all and democratize healthcare, there is a need to assess the generalization performance of deep learning (DL) algorithms across various distribution shifts to ensure that these algorithms are robust. This retrospective study is, to the best of our knowledge, the first to develop and assess the generalization performance of a deep learning (DL) model for AF events detection from long term beat-to-beat intervals across ethnicities, ages and sexes. The new recurrent DL model, denoted ArNet2, was developed on a large retrospective dataset of 2,147 patients totaling 51,386 hours of continuous electrocardiogram (ECG). The models generalization was evaluated on manually annotated test sets from four centers (USA, Israel, Japan and China) totaling 402 patients. The model was further validated on a retrospective dataset of 1,730 consecutives Holter recordings from the Rambam Hospital Holter clinic, Haifa, Israel. The model outperformed benchmark state-of-the-art models and generalized well across ethnicities, ages and sexes. Performance was higher for female than male and young adults (less than 60 years old) and showed some differences across ethnicities. The main finding explaining these variations was an impairment in performance in groups with a higher prevalence of atrial flutter (AFL). Our findings on the relative performance of ArNet2 across groups may have clinical implications on the choice of the preferred AF examination method to use relative to the group of interest.

Title: Cancer Subtyping by Improved Transcriptomic Features Using Vector Quantized Variational Autoencoder. (arXiv:2207.09783v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2207.09783
• Code URL: null
• Copy Paste: [[2207.09783] Cancer Subtyping by Improved Transcriptomic Features Using Vector Quantized Variational Autoencoder](http://arxiv.org/abs/2207.09783)
• Summary:

  Defining and separating cancer subtypes is essential for facilitating personalized therapy modality and prognosis of patients. The definition of subtypes has been constantly recalibrated as a result of our deepened understanding. During this recalibration, researchers often rely on clustering of cancer data to provide an intuitive visual reference that could reveal the intrinsic characteristics of subtypes. The data being clustered are often omics data such as transcriptomics that have strong correlations to the underlying biological mechanism. However, while existing studies have shown promising results, they suffer from issues associated with omics data: sample scarcity and high dimensionality. As such, existing methods often impose unrealistic assumptions to extract useful features from the data while avoiding overfitting to spurious correlations. In this paper, we propose to leverage a recent strong generative model, Vector Quantized Variational AutoEncoder (VQ-VAE), to tackle the data issues and extract informative latent features that are crucial to the quality of subsequent clustering by retaining only information relevant to reconstructing the input. VQ-VAE does not impose strict assumptions and hence its latent features are better representations of the input, capable of yielding superior clustering performance with any mainstream clustering method. Extensive experiments and medical analysis on multiple datasets comprising 10 distinct cancers demonstrate the VQ-VAE clustering results can significantly and robustly improve prognosis over prevalent subtyping systems.

Title: Correntropy-Based Logistic Regression with Automatic Relevance Determination for Robust Sparse Brain Activity Decoding. (arXiv:2207.09693v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2207.09693
• Code URL: null
• Copy Paste: [[2207.09693] Correntropy-Based Logistic Regression with Automatic Relevance Determination for Robust Sparse Brain Activity Decoding](http://arxiv.org/abs/2207.09693)
• Summary:

  Recent studies have utilized sparse classifications to predict categorical variables from high-dimensional brain activity signals to expose human's intentions and mental states, selecting the relevant features automatically in the model training process. However, existing sparse classification models will likely be prone to the performance degradation which is caused by noise inherent in the brain recordings. To address this issue, we aim to propose a new robust and sparse classification algorithm in this study. To this end, we introduce the correntropy learning framework into the automatic relevance determination based sparse classification model, proposing a new correntropy-based robust sparse logistic regression algorithm. To demonstrate the superior brain activity decoding performance of the proposed algorithm, we evaluate it on a synthetic dataset, an electroencephalogram (EEG) dataset, and a functional magnetic resonance imaging (fMRI) dataset. The extensive experimental results confirm that not only the proposed method can achieve higher classification accuracy in a noisy and high-dimensional classification task, but also it would select those more informative features for the decoding scenarios. Integrating the correntropy learning approach with the automatic relevance determination technique will significantly improve the robustness with respect to the noise, leading to more adequate robust sparse brain decoding algorithm. It provides a more powerful approach in the real-world brain activity decoding and the brain-computer interfaces.

biometric

steal

extraction

Title: An Efficient Method for Face Quality Assessment on the Edge. (arXiv:2207.09505v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2207.09505
• Code URL: null
• Copy Paste: [[2207.09505] An Efficient Method for Face Quality Assessment on the Edge](http://arxiv.org/abs/2207.09505)
• Summary:

  Face recognition applications in practice are composed of two main steps: face detection and feature extraction. In a sole vision-based solution, the first step generates multiple detection for a single identity by ingesting a camera stream. A practical approach on edge devices should prioritize these detection of identities according to their conformity to recognition. In this perspective, we propose a face quality score regression by just appending a single layer to a face landmark detection network. With almost no additional cost, face quality scores are obtained by training this single layer to regress recognition scores with surveillance like augmentations. We implemented the proposed approach on edge GPUs with all face detection pipeline steps, including detection, tracking, and alignment. Comprehensive experiments show the proposed approach's efficiency through comparison with SOTA face quality regression models on different data sets and real-life scenarios.

Title: Learning Depth from Focus in the Wild. (arXiv:2207.09658v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2207.09658
• Code URL: https://github.com/wcy199705/dffinthewild
• Copy Paste: [[2207.09658] Learning Depth from Focus in the Wild](http://arxiv.org/abs/2207.09658)
• Summary:

  For better photography, most recent commercial cameras including smartphones have either adopted large-aperture lens to collect more light or used a burst mode to take multiple images within short times. These interesting features lead us to examine depth from focus/defocus.

In this work, we present a convolutional neural network-based depth estimation from single focal stacks. Our method differs from relevant state-of-the-art works with three unique features. First, our method allows depth maps to be inferred in an end-to-end manner even with image alignment. Second, we propose a sharp region detection module to reduce blur ambiguities in subtle focus changes and weakly texture-less regions. Third, we design an effective downsampling module to ease flows of focal information in feature extractions. In addition, for the generalization of the proposed network, we develop a simulator to realistically reproduce the features of commercial cameras, such as changes in field of view, focal length and principal points.

By effectively incorporating these three unique features, our network achieves the top rank in the DDFF 12-Scene benchmark on most metrics. We also demonstrate the effectiveness of the proposed method on various quantitative evaluations and real-world images taken from various off-the-shelf cameras compared with state-of-the-art methods. Our source code is publicly available at https://github.com/wcy199705/DfFintheWild.

Title: A Hybrid Convolutional Neural Network with Meta Feature Learning for Abnormality Detection in Wireless Capsule Endoscopy Images. (arXiv:2207.09769v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2207.09769
• Code URL: null
• Copy Paste: [[2207.09769] A Hybrid Convolutional Neural Network with Meta Feature Learning for Abnormality Detection in Wireless Capsule Endoscopy Images](http://arxiv.org/abs/2207.09769)
• Summary:

  Wireless Capsule Endoscopy is one of the most advanced non-invasive methods for the examination of gastrointestinal tracts. An intelligent computer-aided diagnostic system for detecting gastrointestinal abnormalities like polyp, bleeding, inflammation, etc. is highly exigent in wireless capsule endoscopy image analysis. Abnormalities greatly differ in their shape, size, color, and texture, and some appear to be visually similar to normal regions. This poses a challenge in designing a binary classifier due to intra-class variations. In this study, a hybrid convolutional neural network is proposed for abnormality detection that extracts a rich pool of meaningful features from wireless capsule endoscopy images using a variety of convolution operations. It consists of three parallel convolutional neural networks, each with a distinctive feature learning capability. The first network utilizes depthwise separable convolution, while the second employs cosine normalized convolution operation. A novel meta-feature extraction mechanism is introduced in the third network, to extract patterns from the statistical information drawn over the features generated from the first and second networks and its own previous layer. The network trio effectively handles intra-class variance and efficiently detects gastrointestinal abnormalities. The proposed hybrid convolutional neural network model is trained and tested on two widely used publicly available datasets. The test results demonstrate that the proposed model outperforms six state-of-the-art methods with 97\% and 98\% classification accuracy on KID and Kvasir-Capsule datasets respectively. Cross dataset evaluation results also demonstrate the generalization performance of the proposed model.

Title: Fully Sparse 3D Object Detection. (arXiv:2207.10035v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2207.10035
• Code URL: https://github.com/tusimple/sst
• Copy Paste: [[2207.10035] Fully Sparse 3D Object Detection](http://arxiv.org/abs/2207.10035)
• Summary:

  As the perception range of LiDAR increases, LiDAR-based 3D object detection becomes a dominant task in the long-range perception task of autonomous driving. The mainstream 3D object detectors usually build dense feature maps in the network backbone and prediction head. However, the computational and spatial costs on the dense feature map are quadratic to the perception range, which makes them hardly scale up to the long-range setting. To enable efficient long-range LiDAR-based object detection, we build a fully sparse 3D object detector (FSD). The computational and spatial cost of FSD is roughly linear to the number of points and independent of the perception range. FSD is built upon the general sparse voxel encoder and a novel sparse instance recognition (SIR) module. SIR first groups the points into instances and then applies instance-wise feature extraction and prediction. In this way, SIR resolves the issue of center feature missing, which hinders the design of the fully sparse architecture for all center-based or anchor-based detectors. Moreover, SIR avoids the time-consuming neighbor queries in previous point-based methods by grouping points into instances. We conduct extensive experiments on the large-scale Waymo Open Dataset to reveal the working mechanism of FSD, and state-of-the-art performance is reported. To demonstrate the superiority of FSD in long-range detection, we also conduct experiments on Argoverse 2 Dataset, which has a much larger perception range ($200m$) than Waymo Open Dataset ($75m$). On such a large perception range, FSD achieves state-of-the-art performance and is 2.4$\times$ faster than the dense counterpart.Codes will be released at https://github.com/TuSimple/SST.

membership infer

federate

Title: FedNet2Net: Saving Communication and Computations in Federated Learning with Model Growing. (arXiv:2207.09568v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2207.09568
• Code URL: null
• Copy Paste: [[2207.09568] FedNet2Net: Saving Communication and Computations in Federated Learning with Model Growing](http://arxiv.org/abs/2207.09568)
• Summary:

  Federated learning (FL) is a recently developed area of machine learning, in which the private data of a large number of distributed clients is used to develop a global model under the coordination of a central server without explicitly exposing the data. The standard FL strategy has a number of significant bottlenecks including large communication requirements and high impact on the clients' resources. Several strategies have been described in the literature trying to address these issues. In this paper, a novel scheme based on the notion of "model growing" is proposed. Initially, the server deploys a small model of low complexity, which is trained to capture the data complexity during the initial set of rounds. When the performance of such a model saturates, the server switches to a larger model with the help of function-preserving transformations. The model complexity increases as more data is processed by the clients, and the overall process continues until the desired performance is achieved. Therefore, the most complex model is broadcast only at the final stage in our approach resulting in substantial reduction in communication cost and client computational requirements. The proposed approach is tested extensively on three standard benchmarks and is shown to achieve substantial reduction in communication and client computation while achieving comparable accuracy when compared to the current most effective strategies.

Title: FedDM: Iterative Distribution Matching for Communication-Efficient Federated Learning. (arXiv:2207.09653v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2207.09653
• Code URL: null
• Copy Paste: [[2207.09653] FedDM: Iterative Distribution Matching for Communication-Efficient Federated Learning](http://arxiv.org/abs/2207.09653)
• Summary:

  Federated learning~(FL) has recently attracted increasing attention from academia and industry, with the ultimate goal of achieving collaborative training under privacy and communication constraints. Existing iterative model averaging based FL algorithms require a large number of communication rounds to obtain a well-performed model due to extremely unbalanced and non-i.i.d data partitioning among different clients. Thus, we propose FedDM to build the global training objective from multiple local surrogate functions, which enables the server to gain a more global view of the loss landscape. In detail, we construct synthetic sets of data on each client to locally match the loss landscape from original data through distribution matching. FedDM reduces communication rounds and improves model quality by transmitting more informative and smaller synthesized data compared with unwieldy model weights. We conduct extensive experiments on three image classification datasets, and results show that our method can outperform other FL counterparts in terms of efficiency and model performance. Moreover, we demonstrate that FedDM can be adapted to preserve differential privacy with Gaussian mechanism and train a better model under the same privacy budget.

Title: Combined Federated and Split Learning in Edge Computing for Ubiquitous Intelligence in Internet of Things: State of the Art and Future Directions. (arXiv:2207.09611v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2207.09611
• Code URL: null
• Copy Paste: [[2207.09611] Combined Federated and Split Learning in Edge Computing for Ubiquitous Intelligence in Internet of Things: State of the Art and Future Directions](http://arxiv.org/abs/2207.09611)
• Summary:

  Federated learning (FL) and split learning (SL) are two emerging collaborative learning methods that may greatly facilitate ubiquitous intelligence in Internet of Things (IoT). Federated learning enables machine learning (ML) models locally trained using private data to be aggregated into a global model. Split learning allows different portions of an ML model to be collaboratively trained on different workers in a learning framework. Federated learning and split learning, each has unique advantages and respective limitations, may complement each other toward ubiquitous intelligence in IoT. Therefore, combination of federated learning and split learning recently became an active research area attracting extensive interest. In this article, we review the latest developments in federated learning and split learning and present a survey on the state-of-the-art technologies for combining these two learning methods in an edge computing-based IoT environment. We also identify some open problems and discuss possible directions for future research in this area with a hope to further arouse the research community's interest in this emerging field.

Title: Multigraph Topology Design for Cross-Silo Federated Learning. (arXiv:2207.09657v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2207.09657
• Code URL: null
• Copy Paste: [[2207.09657] Multigraph Topology Design for Cross-Silo Federated Learning](http://arxiv.org/abs/2207.09657)
• Summary:

  Cross-silo federated learning utilizes a few hundred reliable data silos with high-speed access links to jointly train a model. While this approach becomes a popular setting in federated learning, designing a robust topology to reduce the training time is still an open problem. In this paper, we present a new multigraph topology for cross-silo federated learning. We first construct the multigraph using the overlay graph. We then parse this multigraph into different simple graphs with isolated nodes. The existence of isolated nodes allows us to perform model aggregation without waiting for other nodes, hence reducing the training time. We further propose a new distributed learning algorithm to use with our multigraph topology. The intensive experiments on public datasets show that our proposed method significantly reduces the training time compared with recent state-of-the-art topologies while ensuring convergence and maintaining the model's accuracy.

fair

Title: Mitigating Algorithmic Bias with Limited Annotations. (arXiv:2207.10018v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2207.10018
• Code URL: https://github.com/guanchuwang/apod-fairness
• Copy Paste: [[2207.10018] Mitigating Algorithmic Bias with Limited Annotations](http://arxiv.org/abs/2207.10018)
• Summary:

  Existing work on fairness modeling commonly assumes that sensitive attributes for all instances are fully available, which may not be true in many real-world applications due to the high cost of acquiring sensitive information. When sensitive attributes are not disclosed or available, it is needed to manually annotate a small part of the training data to mitigate bias. However, the skewed distribution across different sensitive groups preserves the skewness of the original dataset in the annotated subset, which leads to non-optimal bias mitigation. To tackle this challenge, we propose Active Penalization Of Discrimination (APOD), an interactive framework to guide the limited annotations towards maximally eliminating the effect of algorithmic bias. The proposed APOD integrates discrimination penalization with active instance selection to efficiently utilize the limited annotation budget, and it is theoretically proved to be capable of bounding the algorithmic bias. According to the evaluation on five benchmark datasets, APOD outperforms the state-of-the-arts baseline methods under the limited annotation budget, and shows comparable performance to fully annotated bias mitigation, which demonstrates that APOD could benefit real-world applications when sensitive information is limited.

interpretability

Title: Overlooked factors in concept-based explanations: Dataset choice, concept salience, and human capability. (arXiv:2207.09615v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2207.09615
• Code URL: https://github.com/princetonvisualai/overlookedfactors
• Copy Paste: [[2207.09615] Overlooked factors in concept-based explanations: Dataset choice, concept salience, and human capability](http://arxiv.org/abs/2207.09615)
• Summary:

  Concept-based interpretability methods aim to explain deep neural network model predictions using a predefined set of semantic concepts. These methods evaluate a trained model on a new, "probe" dataset and correlate model predictions with the visual concepts labeled in that dataset. Despite their popularity, they suffer from limitations that are not well-understood and articulated by the literature. In this work, we analyze three commonly overlooked factors in concept-based explanations. First, the choice of the probe dataset has a profound impact on the generated explanations. Our analysis reveals that different probe datasets may lead to very different explanations, and suggests that the explanations are not generalizable outside the probe dataset. Second, we find that concepts in the probe dataset are often less salient and harder to learn than the classes they claim to explain, calling into question the correctness of the explanations. We argue that only visually salient concepts should be used in concept-based explanations. Finally, while existing methods use hundreds or even thousands of concepts, our human studies reveal a much stricter upper bound of 32 concepts or less, beyond which the explanations are much less practically useful. We make suggestions for future development and analysis of concept-based interpretability methods. Code for our analysis and user interface can be found at \url{https://github.com/princetonvisualai/OverlookedFactors}

Title: Localization supervision of chest x-ray classifiers using label-specific eye-tracking annotation. (arXiv:2207.09771v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2207.09771
• Code URL: null
• Copy Paste: [[2207.09771] Localization supervision of chest x-ray classifiers using label-specific eye-tracking annotation](http://arxiv.org/abs/2207.09771)
• Summary:

  Convolutional neural networks (CNNs) have been successfully applied to chest x-ray (CXR) images. Moreover, annotated bounding boxes have been shown to improve the interpretability of a CNN in terms of localizing abnormalities. However, only a few relatively small CXR datasets containing bounding boxes are available, and collecting them is very costly. Opportunely, eye-tracking (ET) data can be collected in a non-intrusive way during the clinical workflow of a radiologist. We use ET data recorded from radiologists while dictating CXR reports to train CNNs. We extract snippets from the ET data by associating them with the dictation of keywords and use them to supervise the localization of abnormalities. We show that this method improves a model's interpretability without impacting its image-level classification.

exlainability

watermark