secure

Title: Cross-chain between a Parent Chain and Multiple Side Chains. (arXiv:2208.05125v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2208.05125
• Code URL: null
• Copy Paste: [[2208.05125] Cross-chain between a Parent Chain and Multiple Side Chains](http://arxiv.org/abs/2208.05125)
• Summary:

  In certain Blockchain systems, multiple Blockchains are required to operate cooperatively for security, performance, and capacity considerations. This invention defines a cross-chain mechanism where a main Blockchain issues the tokens, which can then be transferred and used in multiple side Blockchains to drive their operations. A set of witnesses are created to securely manage the token exchange across the main chain and multiple side chains. The system decouples the consensus algorithms between the main chain and side chains. We also discuss the coexistence of the main tokens and the native tokens in the side chains.

Title: RFID authentication protocol based on a novel EPC Gen2 PRNG. (arXiv:2208.05345v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2208.05345
• Code URL: null
• Copy Paste: [[2208.05345] RFID authentication protocol based on a novel EPC Gen2 PRNG](http://arxiv.org/abs/2208.05345)
• Summary:

  Continuous advances of Information Technologies (ITs), and in particular of the RFID technologies that allow the connection between the physical world objects and the IT infrastructure, have guaranteed the improvement and efficiency of industrial technologies in the last decades. This paper includes the proposal of two new schemes for RFID. On the one hand, it describes the internals of a lightweight Pseudo-Random Number Generator (PRNG) suitable for low resource devices such as passive RFID complying with the EPC Gen2 specifications. On the other hand, a new secure mutual authentication protocol for such RFID devices that uses the proposed PRNG is presented. The design of the proposed PRNG is based on a nonlinear filter of a Linear Feedback Shift Register (LFSR), and the authentication protocol is lightweight. Both schemes fulfill all practical requirements of low-cost RFID such as resource limitation of EPC Gen2 tags. This is thanks to that only simple computation modules such as the proposed LFSR-based pseudorandom generator and bitwise operations are required. The combination of both proposals guarantees at the same time low power consumption and secure features such as authentication, confidentiality and anonymity.

security

Title: Measuring the Availability and Response Times of Public Encrypted DNS Resolvers. (arXiv:2208.04999v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2208.04999
• Code URL: null
• Copy Paste: [[2208.04999] Measuring the Availability and Response Times of Public Encrypted DNS Resolvers](http://arxiv.org/abs/2208.04999)
• Summary:

  Unencrypted DNS traffic between users and DNS resolvers can lead to privacy and security concerns. In response to these privacy risks, many browser vendors have deployed DNS-over-HTTPS (DoH) to encrypt queries between users and DNS resolvers. Today, many client-side deployments of DoH, particularly in browsers, select between only a few resolvers, despite the fact that many more encrypted DNS resolvers are deployed in practice. Unfortunately, if users only have a few choices of encrypted resolver, and only a few perform well from any particular vantage point, then the privacy problems that DoH was deployed to help address merely shift to a different set of third parties. It is thus important to assess the performance characteristics of more encrypted DNS resolvers, to determine how many options for encrypted DNS resolvers users tend to have in practice. In this paper, we explore the performance of a large group of encrypted DNS resolvers supporting DoH by measuring DNS query response times from global vantage points in North America, Europe, and Asia. Our results show that many non-mainstream resolvers have higher response times than mainstream resolvers, particularly for non-mainstream resolvers that are queried from more distant vantage points -- suggesting that most encrypted DNS resolvers are not replicated or anycast. In some cases, however, certain non-mainstream resolvers perform at least as well as mainstream resolvers, suggesting that users may be able to use a broader set of encrypted DNS resolvers than those that are available in current browser configurations.

Title: Collaborative Feature Maps of Networks and Hosts for AI-driven Intrusion Detection. (arXiv:2208.05085v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2208.05085
• Code URL: null
• Copy Paste: [[2208.05085] Collaborative Feature Maps of Networks and Hosts for AI-driven Intrusion Detection](http://arxiv.org/abs/2208.05085)
• Summary:

  Intrusion Detection Systems (IDS) are critical security mechanisms that protect against a wide variety of network threats and malicious behaviors on networks or hosts. As both Network-based IDS (NIDS) or Host-based IDS (HIDS) have been widely investigated, this paper aims to present a Combined Intrusion Detection System (CIDS) that integrates network and host data in order to improve IDS performance. Due to the scarcity of datasets that include both network packet and host data, we present a novel CIDS dataset formation framework that can handle log files from a variety of operating systems and align log entities with network flows. A new CIDS dataset named SCVIC-CIDS-2021 is derived from the meta-data from the well-known benchmark dataset, CIC-IDS-2018 by utilizing the proposed framework. Furthermore, a transformer-based deep learning model named CIDS-Net is proposed that can take network flow and host features as inputs and outperform baseline models that rely on network flow features only. Experimental results to evaluate the proposed CIDS-Net under the SCVIC-CIDS-2021 dataset support the hypothesis for the benefits of combining host and flow features as the proposed CIDS-Net can improve the macro F1 score of baseline solutions by 6.36% (up to 99.89%).

Title: Machine Learning with DBOS. (arXiv:2208.05101v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2208.05101
• Code URL: null
• Copy Paste: [[2208.05101] Machine Learning with DBOS](http://arxiv.org/abs/2208.05101)
• Summary:

  We recently proposed a new cluster operating system stack, DBOS, centered on a DBMS. DBOS enables unique support for ML applications by encapsulating ML code within stored procedures, centralizing ancillary ML data, providing security built into the underlying DBMS, co-locating ML code and data, and tracking data and workflow provenance. Here we demonstrate a subset of these benefits around two ML applications. We first show that image classification and object detection models using GPUs can be served as DBOS stored procedures with performance competitive to existing systems. We then present a 1D CNN trained to detect anomalies in HTTP requests on DBOS-backed web services, achieving SOTA results. We use this model to develop an interactive anomaly detection system and evaluate it through qualitative user feedback, demonstrating its usefulness as a proof of concept for future work to develop learned real-time security services on top of DBOS.

Title: Using query frequencies in tree-based revocation for certificateless authentication in VANETs. (arXiv:2208.05343v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2208.05343
• Code URL: null
• Copy Paste: [[2208.05343] Using query frequencies in tree-based revocation for certificateless authentication in VANETs](http://arxiv.org/abs/2208.05343)
• Summary:

  Revocation of dishonest users is not an easy problem. This paper proposes a new way to manage revocation of pseudonyms in vehicular ad-hoc networks when using identity-based authentication to increase efficiency and security through certificateless authentication. In order to improve the performance of revocation lists, this paper proposes the use of a data structure based on authenticated dynamic hash k-ary trees and the frequency with which revoked pseudonyms are consulted. The use of the knowledge about the frequency of consultation of revoked pseudonyms allows an easier access to the most popular revoked pseudonyms to the detriment of revoked pseudonyms that are the least consulted. Accordingly, the proposal is especially useful in urban environments where there are vehicles that spend more time on road than others, such as public service vehicles.

Title: Analysis of lightweight cryptographic solutions for authentication in IoT. (arXiv:2208.05346v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2208.05346
• Code URL: null
• Copy Paste: [[2208.05346] Analysis of lightweight cryptographic solutions for authentication in IoT](http://arxiv.org/abs/2208.05346)
• Summary:

  Currently, special attention is being paid to scenarios where the interconnection of devices with heterogeneous computational and communication capabilities it is required. It is essential to integrate security services during the stages of design and deployment of these networks since many of these scenarios provide critical services such as medical health, payment systems, military affairs, access control, e-banking, etc. This work analyses several cryptographic primitives related to entity authentication providing robust solutions according to device capabilities.

privacy

Title: EXTERN: Leveraging Endo-Temporal Regularization for Black-box Video Domain Adaptation. (arXiv:2208.05187v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2208.05187
• Code URL: null
• Copy Paste: [[2208.05187] EXTERN: Leveraging Endo-Temporal Regularization for Black-box Video Domain Adaptation](http://arxiv.org/abs/2208.05187)
• Summary:

  To enable video models to be applied seamlessly across video tasks in different environments, various Video Unsupervised Domain Adaptation (VUDA) methods have been proposed to improve the robustness and transferability of video models. Despite improvements made in model robustness, these VUDA methods require access to both source data and source model parameters for adaptation, raising serious data privacy and model portability issues. To cope with the above concerns, this paper firstly formulates Black-box Video Domain Adaptation (BVDA) as a more realistic yet challenging scenario where the source video model is provided only as a black-box predictor. While a few methods for Black-box Domain Adaptation (BDA) are proposed in image domain, these methods cannot apply to video domain since video modality has more complicated temporal features that are harder to align. To address BVDA, we propose a novel Endo and eXo-TEmporal Regularized Network (EXTERN) by applying mask-to-mix strategies and video-tailored regularizations: endo-temporal regularization and exo-temporal regularization, performed across both clip and temporal features, while distilling knowledge from the predictions obtained from the black-box predictor. Empirical results demonstrate the state-of-the-art performance of EXTERN across various cross-domain closed-set and partial-set action recognition benchmarks, which even surpassed most existing video domain adaptation methods with source data accessibility.

Title: Understanding User Awareness and Behaviors Concerning Encrypted DNS Settings. (arXiv:2208.04991v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2208.04991
• Code URL: null
• Copy Paste: [[2208.04991] Understanding User Awareness and Behaviors Concerning Encrypted DNS Settings](http://arxiv.org/abs/2208.04991)
• Summary:

  Recent developments to encrypt the Domain Name System (DNS) have resulted in major browser and operating system vendors deploying encrypted DNS functionality, often enabling various configurations and settings by default. In many cases, default encrypted DNS settings have implications for performance and privacy; for example, Firefox's default DNS setting sends all of a user's DNS queries to Cloudflare, potentially introducing new privacy vulnerabilities. In this paper, we confirm that most users are unaware of these developments -- with respect to the rollout of these new technologies, the changes in default settings, and the ability to customize encrypted DNS configuration to balance user preferences between privacy and performance. Our findings suggest several important implications for the designers of interfaces for encrypted DNS functionality in both browsers and operating systems, to help improve user awareness concerning these settings, and to ensure that users retain the ability to make choices that allow them to balance tradeoffs concerning DNS privacy and performance.

Title: Privacy-Aware Adversarial Network in Human Mobility Prediction. (arXiv:2208.05009v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2208.05009
• Code URL: null
• Copy Paste: [[2208.05009] Privacy-Aware Adversarial Network in Human Mobility Prediction](http://arxiv.org/abs/2208.05009)
• Summary:

  As mobile devices and location-based services are increasingly developed in different smart city scenarios and applications, many unexpected privacy leakages have arisen due to geolocated data collection and sharing. User re-identification and other sensitive inferences are major privacy threats when geolocated data are shared with cloud-assisted applications. Significantly, four spatio-temporal points are enough to uniquely identify 95\% of the individuals, which exacerbates personal information leakages. To tackle malicious purposes such as user re-identification, we propose an LSTM-based adversarial mechanism with representation learning to attain a privacy-preserving feature representation of the original geolocated data (i.e., mobility data) for a sharing purpose. These representations aim to maximally reduce the chance of user re-identification and full data reconstruction with a minimal utility budget (i.e., loss). We train the mechanism by quantifying privacy-utility trade-off of mobility datasets in terms of trajectory reconstruction risk, user re-identification risk, and mobility predictability. We report an exploratory analysis that enables the user to assess this trade-off with a specific loss function and its weight parameters. The extensive comparison results on four representative mobility datasets demonstrate the superiority of our proposed architecture in mobility privacy protection and the efficiency of the proposed privacy-preserving features extractor. We show that the privacy of mobility traces attains decent protection at the cost of marginal mobility utility. Our results also show that by exploring the Pareto optimal setting, we can simultaneously increase both privacy (45%) and utility (32%).

protect

Title: TokenPatronus: A Decentralized NFT Anti-theft Mechanism. (arXiv:2208.05168v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2208.05168
• Code URL: null
• Copy Paste: [[2208.05168] TokenPatronus: A Decentralized NFT Anti-theft Mechanism](http://arxiv.org/abs/2208.05168)
• Summary:

  The emergence of metaverse brings tremendous evolution to Non-Fungible Tokens (NFTs), which could certify the ownership the unique digital asset in the cyber world. The NFT market has garnered unprecedented attention from investors and created billions of dollars in transaction volume. Meanwhile, securing NFT is still a challenging issue. Recently, numerous incidents of NFT theft have been reported, leading to incalculable losses for holders. We propose a decentralized NFT anti-theft mechanism called TokenPatronus, which supports the general ERC-721 standard and provide the holders with strong property protection. TokenPatronus contains pre-event protection, in-event interruption, and post-event replevin enhancements for the complete NFTs transactions stages. Four modules are designed to make up the decentralized anti-theft mechanism, including the decentralized access control (DAC), the decentralized risk management (DRM), the decentralized arbitration system (DAS) and the ERC-721G standard smart contract. TokenPatronus is performing on the Turtlecase NFT project of Ethereum and will support more blockchains in the future.

defense

Title: Reducing Exploitability with Population Based Training. (arXiv:2208.05083v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2208.05083
• Code URL: https://github.com/humancompatibleai/reducing-exploitability
• Copy Paste: [[2208.05083] Reducing Exploitability with Population Based Training](http://arxiv.org/abs/2208.05083)
• Summary:

  Self-play reinforcement learning has achieved state-of-the-art, and often superhuman, performance in a variety of zero-sum games. Yet prior work has found that policies that are highly capable against regular opponents can fail catastrophically against adversarial policies: an opponent trained explicitly against the victim. Prior defenses using adversarial training were able to make the victim robust to a specific adversary, but the victim remained vulnerable to new ones. We conjecture this limitation was due to insufficient diversity of adversaries seen during training. We propose a defense using population based training to pit the victim against a diverse set of opponents. We evaluate this defense's robustness against new adversaries in two low-dimensional environments. Our defense increases robustness against adversaries, as measured by number of attacker training timesteps to exploit the victim. Furthermore, we show that robustness is correlated with the size of the opponent population.

attack

Title: Benchmarking Joint Face Spoofing and Forgery Detection with Visual and Physiological Cues. (arXiv:2208.05401v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2208.05401
• Code URL: null
• Copy Paste: [[2208.05401] Benchmarking Joint Face Spoofing and Forgery Detection with Visual and Physiological Cues](http://arxiv.org/abs/2208.05401)
• Summary:

  Face anti-spoofing (FAS) and face forgery detection play vital roles in securing face biometric systems from presentation attacks (PAs) and vicious digital manipulation (e.g., deepfakes). Despite promising performance upon large-scale data and powerful deep models, the generalization problem of existing approaches is still an open issue. Most of recent approaches focus on 1) unimodal visual appearance or physiological (i.e., remote photoplethysmography (rPPG)) cues; and 2) separated feature representation for FAS or face forgery detection. On one side, unimodal appearance and rPPG features are respectively vulnerable to high-fidelity face 3D mask and video replay attacks, inspiring us to design reliable multi-modal fusion mechanisms for generalized face attack detection. On the other side, there are rich common features across FAS and face forgery detection tasks (e.g., periodic rPPG rhythms and vanilla appearance for bonafides), providing solid evidence to design a joint FAS and face forgery detection system in a multi-task learning fashion. In this paper, we establish the first joint face spoofing and forgery detection benchmark using both visual appearance and physiological rPPG cues. To enhance the rPPG periodicity discrimination, we design a two-branch physiological network using both facial spatio-temporal rPPG signal map and its continuous wavelet transformed counterpart as inputs. To mitigate the modality bias and improve the fusion efficacy, we conduct a weighted batch and layer normalization for both appearance and rPPG features before multi-modal fusion. We find that the generalization capacities of both unimodal (appearance or rPPG) and multi-modal (appearance+rPPG) models can be obviously improved via joint training on these two tasks. We hope this new benchmark will facilitate the future research of both FAS and deepfake detection communities.

Title: PerD: Perturbation Sensitivity-based Neural Trojan Detection Framework on NLP Applications. (arXiv:2208.04943v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2208.04943
• Code URL: null
• Copy Paste: [[2208.04943] PerD: Perturbation Sensitivity-based Neural Trojan Detection Framework on NLP Applications](http://arxiv.org/abs/2208.04943)
• Summary:

  Deep Neural Networks (DNNs) have been shown to be susceptible to Trojan attacks. Neural Trojan is a type of targeted poisoning attack that embeds the backdoor into the victim and is activated by the trigger in the input space. The increasing deployment of DNNs in critical systems and the surge of outsourcing DNN training (which makes Trojan attack easier) makes the detection of Trojan attacks necessary. While Neural Trojan detection has been studied in the image domain, there is a lack of solutions in the NLP domain. In this paper, we propose a model-level Trojan detection framework by analyzing the deviation of the model output when we introduce a specially crafted perturbation to the input. Particularly, we extract the model's responses to perturbed inputs as the `signature' of the model and train a meta-classifier to determine if a model is Trojaned based on its signature. We demonstrate the effectiveness of our proposed method on both a dataset of NLP models we create and a public dataset of Trojaned NLP models from TrojAI. Furthermore, we propose a lightweight variant of our detection method that reduces the detection time while preserving the detection rates.

Title: Attention Hijacking in Trojan Transformers. (arXiv:2208.04946v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2208.04946
• Code URL: null
• Copy Paste: [[2208.04946] Attention Hijacking in Trojan Transformers](http://arxiv.org/abs/2208.04946)
• Summary:

  Trojan attacks pose a severe threat to AI systems. Recent works on Transformer models received explosive popularity and the self-attentions are now indisputable. This raises a central question: Can we reveal the Trojans through attention mechanisms in BERTs and ViTs? In this paper, we investigate the attention hijacking pattern in Trojan AIs, \ie, the trigger token ``kidnaps'' the attention weights when a specific trigger is present. We observe the consistent attention hijacking pattern in Trojan Transformers from both Natural Language Processing (NLP) and Computer Vision (CV) domains. This intriguing property helps us to understand the Trojan mechanism in BERTs and ViTs. We also propose an Attention-Hijacking Trojan Detector (AHTD) to discriminate the Trojan AIs from the clean ones.

Title: Adversarial Machine Learning-Based Anticipation of Threats Against Vehicle-to-Microgrid Services. (arXiv:2208.05073v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2208.05073
• Code URL: null
• Copy Paste: [[2208.05073] Adversarial Machine Learning-Based Anticipation of Threats Against Vehicle-to-Microgrid Services](http://arxiv.org/abs/2208.05073)
• Summary:

  In this paper, we study the expanding attack surface of Adversarial Machine Learning (AML) and the potential attacks against Vehicle-to-Microgrid (V2M) services. We present an anticipatory study of a multi-stage gray-box attack that can achieve a comparable result to a white-box attack. Adversaries aim to deceive the targeted Machine Learning (ML) classifier at the network edge to misclassify the incoming energy requests from microgrids. With an inference attack, an adversary can collect real-time data from the communication between smart microgrids and a 5G gNodeB to train a surrogate (i.e., shadow) model of the targeted classifier at the edge. To anticipate the associated impact of an adversary's capability to collect real-time data instances, we study five different cases, each representing different amounts of real-time data instances collected by an adversary. Out of six ML models trained on the complete dataset, K-Nearest Neighbour (K-NN) is selected as the surrogate model, and through simulations, we demonstrate that the multi-stage gray-box attack is able to mislead the ML classifier and cause an Evasion Increase Rate (EIR) up to 73.2% using 40% less data than what a white-box attack needs to achieve a similar EIR.

Title: Prior Knowledge based Advanced Persistent Threats Detection for IoT in a Realistic Benchmark. (arXiv:2208.05089v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2208.05089
• Code URL: null
• Copy Paste: [[2208.05089] Prior Knowledge based Advanced Persistent Threats Detection for IoT in a Realistic Benchmark](http://arxiv.org/abs/2208.05089)
• Summary:

  The number of Internet of Things (IoT) devices being deployed into networks is growing at a phenomenal level, which makes IoT networks more vulnerable in the wireless medium. Advanced Persistent Threat (APT) is malicious to most of the network facilities and the available attack data for training the machine learning-based Intrusion Detection System (IDS) is limited when compared to the normal traffic. Therefore, it is quite challenging to enhance the detection performance in order to mitigate the influence of APT. Therefore, Prior Knowledge Input (PKI) models are proposed and tested using the SCVIC-APT- 2021 dataset. To obtain prior knowledge, the proposed PKI model pre-classifies the original dataset with unsupervised clustering method. Then, the obtained prior knowledge is incorporated into the supervised model to decrease training complexity and assist the supervised model in determining the optimal mapping between the raw data and true labels. The experimental findings indicate that the PKI model outperforms the supervised baseline, with the best macro average F1-score of 81.37%, which is 10.47% higher than the baseline.

Title: Explaining Machine Learning DGA Detectors from DNS Traffic Data. (arXiv:2208.05285v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2208.05285
• Code URL: null
• Copy Paste: [[2208.05285] Explaining Machine Learning DGA Detectors from DNS Traffic Data](http://arxiv.org/abs/2208.05285)
• Summary:

  One of the most common causes of lack of continuity of online systems stems from a widely popular Cyber Attack known as Distributed Denial of Service (DDoS), in which a network of infected devices (botnet) gets exploited to flood the computational capacity of services through the commands of an attacker. This attack is made by leveraging the Domain Name System (DNS) technology through Domain Generation Algorithms (DGAs), a stealthy connection strategy that yet leaves suspicious data patterns. To detect such threats, advances in their analysis have been made. For the majority, they found Machine Learning (ML) as a solution, which can be highly effective in analyzing and classifying massive amounts of data. Although strongly performing, ML models have a certain degree of obscurity in their decision-making process. To cope with this problem, a branch of ML known as Explainable ML tries to break down the black-box nature of classifiers and make them interpretable and human-readable. This work addresses the problem of Explainable ML in the context of botnet and DGA detection, which at the best of our knowledge, is the first to concretely break down the decisions of ML classifiers when devised for botnet/DGA detection, therefore providing global and local explanations.

Title: Pikachu: Securing PoS Blockchains from Long-Range Attacks by Checkpointing into Bitcoin PoW using Taproot. (arXiv:2208.05408v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2208.05408
• Code URL: null
• Copy Paste: [[2208.05408] Pikachu: Securing PoS Blockchains from Long-Range Attacks by Checkpointing into Bitcoin PoW using Taproot](http://arxiv.org/abs/2208.05408)
• Summary:

  Blockchain systems based on a reusable resource, such as proof-of-stake (PoS), provide weaker security guarantees than those based on proof-of-work. Specifically, they are vulnerable to long-range attacks, where an adversary can corrupt prior participants in order to rewrite the full history of the chain. To prevent this attack on a PoS chain, we propose a protocol that checkpoints the state of the PoS chain to a proof-of-work blockchain such as Bitcoin. Our checkpointing protocol hence does not rely on any central authority. Our work uses Schnorr signatures and leverages Bitcoin recent Taproot upgrade, allowing us to create a checkpointing transaction of constant size. We argue for the security of our protocol and present an open-source implementation that was tested on the Bitcoin testnet.

Title: Block Double-Submission Attack: Block Withholding Can Be Self-Destructive. (arXiv:2208.05425v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2208.05425
• Code URL: null
• Copy Paste: [[2208.05425] Block Double-Submission Attack: Block Withholding Can Be Self-Destructive](http://arxiv.org/abs/2208.05425)
• Summary:

  Proof-of-Work (PoW) is the core security mechanism of Bitcoin, the first and financially biggest cryptocurrency. This concept began as an efficient spam e-mail mitigation technique. Meanwhile, it encountered several major security issues in the decentralized environment of blockchain. One of them is a Block WithHolding (BWH) attack that can exploit a widespread and cooperative environment called a mining pool. This attack takes advantage of untrustworthy relationships between mining pools and participating agents. Moreover, detecting or responding to attacks is challenging due to the nature of mining pools. In this paper, however, we suggest that BWH attacks also have a similar trust problem. Because a BWH attacker cannot have complete control over BWH agents, they can betray the belonging mining pool and seek further benefits by trading with victims. We prove that this betrayal is not only valid in all attack parameters but also provides double benefits; finally, it is the best strategy for BWH agents. Furthermore, our study implies that BWH attacks may encounter self-destruction of their own revenue, contrary to their intention.

Title: Revisiting Algebraic Attacks on MinRank and on the Rank Decoding Problem. (arXiv:2208.05471v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2208.05471
• Code URL: null
• Copy Paste: [[2208.05471] Revisiting Algebraic Attacks on MinRank and on the Rank Decoding Problem](http://arxiv.org/abs/2208.05471)
• Summary:

  The Rank Decoding problem (RD) is at the core of rank-based cryptography. This problem can also be seen as a structured version of MinRank, which is ubiquitous in multivariate cryptography. Recently, \cite{BBBGNRT20,BBCGPSTV20} proposed attacks based on two new algebraic modelings, namely the MaxMinors modeling which is specific to RD and the Support-Minors modeling which applies to MinRank in general. Both improved significantly the complexity of algebraic attacks on these two problems. In the case of RD and contrarily to what was believed up to now, these new attacks were shown to be able to outperform combinatorial attacks and this even for very small field sizes.

However, we prove here that the analysis performed in \cite{BBCGPSTV20} for one of these attacks which consists in mixing the MaxMinors modeling with the Support-Minors modeling to solve RD is too optimistic and leads to underestimate the overall complexity. This is done by exhibiting linear dependencies between these equations and by considering an $\fqm$ version of these modelings which turns out to be instrumental for getting a better understanding of both systems. Moreover, by working over $\Fqm$ rather than over $\ff{q}$, we are able to drastically reduce the number of variables in the system and we (i) still keep enough algebraic equations to be able to solve the system, (ii) are able to analyze rigorously the complexity of our approach. This new approach may improve the older MaxMinors approach on RD from \cite{BBBGNRT20,BBCGPSTV20} for certain parameters. We also introduce a new hybrid approach on the Support-Minors system whose impact is much more general since it applies to any MinRank problem. This technique improves significantly the complexity of the Support-Minors approach for small to moderate field sizes.

robust

Title: Visual Heart Rate Estimation from RGB Facial Video using Spectral Reflectance. (arXiv:2208.04947v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2208.04947
• Code URL: null
• Copy Paste: [[2208.04947] Visual Heart Rate Estimation from RGB Facial Video using Spectral Reflectance](http://arxiv.org/abs/2208.04947)
• Summary:

  Estimation of the Heart rate from the facial video has a number of applications in the medical and fitness industries. Additionally, it has become useful in the field of gaming as well. Several approaches have been proposed to seamlessly obtain the Heart rate from the facial video, but these approaches have had issues in dealing with motion and illumination artifacts. In this work, we propose a reliable HR estimation framework using the spectral reflectance of the user, which makes it robust to motion and illumination disturbances. We employ deep learning-based frameworks such as Faster RCNNs to perform face detection as opposed to the Viola Jones algorithm employed by previous approaches. We evaluate our method on the MAHNOB HCI dataset and found that the proposed method is able to outperform previous approaches.Estimation of the Heart rate from facial video has a number of applications in the medical and the fitness industries. Additionally, it has become useful in the field of gaming as well. Several approaches have been proposed to seamlessly obtain the Heart rate from the facial video, but these approaches have had issues in dealing with motion and illumination artifacts. In this work, we propose a reliable HR estimation framework using the spectral reflectance of the user, which makes it robust to motion and illumination disturbances. We employ deep learning-based frameworks such as Faster RCNNs to perform face detection as opposed to the Viola-Jones algorithm employed by previous approaches. We evaluate our method on the MAHNOB HCI dataset and found that the proposed method is able to outperform previous approaches.

Title: Human Activity Recognition Using Cascaded Dual Attention CNN and Bi-Directional GRU Framework. (arXiv:2208.05034v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2208.05034
• Code URL: null
• Copy Paste: [[2208.05034] Human Activity Recognition Using Cascaded Dual Attention CNN and Bi-Directional GRU Framework](http://arxiv.org/abs/2208.05034)
• Summary:

  Vision-based human activity recognition has emerged as one of the essential research areas in video analytics domain. Over the last decade, numerous advanced deep learning algorithms have been introduced to recognize complex human actions from video streams. These deep learning algorithms have shown impressive performance for the human activity recognition task. However, these newly introduced methods either exclusively focus on model performance or the effectiveness of these models in terms of computational efficiency and robustness, resulting in a biased tradeoff in their proposals to deal with challenging human activity recognition problem. To overcome the limitations of contemporary deep learning models for human activity recognition, this paper presents a computationally efficient yet generic spatial-temporal cascaded framework that exploits the deep discriminative spatial and temporal features for human activity recognition. For efficient representation of human actions, we have proposed an efficient dual attentional convolutional neural network (CNN) architecture that leverages a unified channel-spatial attention mechanism to extract human-centric salient features in video frames. The dual channel-spatial attention layers together with the convolutional layers learn to be more attentive in the spatial receptive fields having objects over the number of feature maps. The extracted discriminative salient features are then forwarded to stacked bi-directional gated recurrent unit (Bi-GRU) for long-term temporal modeling and recognition of human actions using both forward and backward pass gradient learning. Extensive experiments are conducted, where the obtained results show that the proposed framework attains an improvement in execution time up to 167 times in terms of frames per second as compared to most of the contemporary action recognition methods.

Title: A Detection Method of Temporally Operated Videos Using Robust Hashing. (arXiv:2208.05198v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2208.05198
• Code URL: null
• Copy Paste: [[2208.05198] A Detection Method of Temporally Operated Videos Using Robust Hashing](http://arxiv.org/abs/2208.05198)
• Summary:

  SNS providers are known to carry out the recompression and resizing of uploaded videos/images, but most conventional methods for detecting tampered videos/images are not robust enough against such operations. In addition, videos are temporally operated such as the insertion of new frames and the permutation of frames, of which operations are difficult to be detected by using conventional methods. Accordingly, in this paper, we propose a novel method with a robust hashing algorithm for detecting temporally operated videos even when applying resizing and compression to the videos.

Title: Language Supervised Training for Skeleton-based Action Recognition. (arXiv:2208.05318v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2208.05318
• Code URL: https://github.com/martinxm/lst
• Copy Paste: [[2208.05318] Language Supervised Training for Skeleton-based Action Recognition](http://arxiv.org/abs/2208.05318)
• Summary:

  Skeleton-based action recognition has drawn a lot of attention for its computation efficiency and robustness to lighting conditions. Existing skeleton-based action recognition methods are typically formulated as a one-hot classification task without fully utilizing the semantic relations between actions. For example, "make victory sign" and "thumb up" are two actions of hand gestures, whose major difference lies in the movement of hands. This information is agnostic from the categorical one-hot encoding of action classes but could be unveiled in the language description of actions. Therefore, utilizing action language descriptions in training could potentially benefit representation learning. In this work, we propose a Language Supervised Training (LST) approach for skeleton-based action recognition. More specifically, we employ a large-scale language model as the knowledge engine to provide text descriptions for body parts movements of actions, and propose a multi-modal training scheme by utilizing the text encoder to generate feature vectors for different body parts and supervise the skeleton encoder for action representation learning. Experiments show that our proposed LST method achieves noticeable improvements over various baseline models without extra computation cost at inference. LST achieves new state-of-the-arts on popular skeleton-based action recognition benchmarks, including NTU RGB+D, NTU RGB+D 120 and NW-UCLA. The code can be found at https://github.com/MartinXM/LST.

Title: Robust Reinforcement Learning using Offline Data. (arXiv:2208.05129v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2208.05129
• Code URL: https://github.com/zaiyan-x/RFQI
• Copy Paste: [[2208.05129] Robust Reinforcement Learning using Offline Data](http://arxiv.org/abs/2208.05129)
• Summary:

  The goal of robust reinforcement learning (RL) is to learn a policy that is robust against the uncertainty in model parameters. Parameter uncertainty commonly occurs in many real-world RL applications due to simulator modeling errors, changes in the real-world system dynamics over time, and adversarial disturbances. Robust RL is typically formulated as a max-min problem, where the objective is to learn the policy that maximizes the value against the worst possible models that lie in an uncertainty set. In this work, we propose a robust RL algorithm called Robust Fitted Q-Iteration (RFQI), which uses only an offline dataset to learn the optimal robust policy. Robust RL with offline data is significantly more challenging than its non-robust counterpart because of the minimization over all models present in the robust Bellman operator. This poses challenges in offline data collection, optimization over the models, and unbiased estimation. In this work, we propose a systematic approach to overcome these challenges, resulting in our RFQI algorithm. We prove that RFQI learns a near-optimal robust policy under standard assumptions and demonstrate its superior performance on standard benchmark problems.

Title: Adaptive Resources Allocation CUSUM for Binomial Count Data Monitoring with Application to COVID-19 Hotspot Detection. (arXiv:2208.05045v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2208.05045
• Code URL: null
• Copy Paste: [[2208.05045] Adaptive Resources Allocation CUSUM for Binomial Count Data Monitoring with Application to COVID-19 Hotspot Detection](http://arxiv.org/abs/2208.05045)
• Summary:

  In this paper, we present an efficient statistical method (denoted as "Adaptive Resources Allocation CUSUM") to robustly and efficiently detect the hotspot with limited sampling resources. Our main idea is to combine the multi-arm bandit (MAB) and change-point detection methods to balance the exploration and exploitation of resource allocation for hotspot detection. Further, a Bayesian weighted update is used to update the posterior distribution of the infection rate. Then, the upper confidence bound (UCB) is used for resource allocation and planning. Finally, CUSUM monitoring statistics to detect the change point as well as the change location. For performance evaluation, we compare the performance of the proposed method with several benchmark methods in the literature and showed the proposed algorithm is able to achieve a lower detection delay and higher detection precision. Finally, this method is applied to hotspot detection in a real case study of county-level daily positive COVID-19 cases in Washington State WA) and demonstrates the effectiveness with very limited distributed samples.

Title: Robust Continual Test-time Adaptation: Instance-aware BN and Prediction-balanced Memory. (arXiv:2208.05117v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2208.05117
• Code URL: null
• Copy Paste: [[2208.05117] Robust Continual Test-time Adaptation: Instance-aware BN and Prediction-balanced Memory](http://arxiv.org/abs/2208.05117)
• Summary:

  Test-time adaptation (TTA) is an emerging paradigm that addresses distributional shifts between training and testing phases without additional data acquisition or labeling cost; only unlabeled test data streams are used for continual model adaptation. Previous TTA schemes assume that the test samples are independent and identically distributed (i.i.d.), even though they are often temporally correlated (non-i.i.d.) in application scenarios, e.g., autonomous driving. We discover that most existing TTA methods fail dramatically under such scenarios. Motivated by this, we present a new test-time adaptation scheme that is robust against non-i.i.d. test data streams. Our novelty is mainly two-fold: (a) Instance-Aware Batch Normalization (IABN) that corrects normalization for out-of-distribution samples, and (b) Prediction-balanced Reservoir Sampling (PBRS) that simulates i.i.d. data stream from non-i.i.d. stream in a class-balanced manner. Our evaluation with various datasets, including real-world non-i.i.d. streams, demonstrates that the proposed robust TTA not only outperforms state-of-the-art TTA algorithms in the non-i.i.d. setting, but also achieves comparable performance to those algorithms under the i.i.d. assumption.

Title: Machine Learning-based EEG Applications and Markets. (arXiv:2208.05144v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2208.05144
• Code URL: null
• Copy Paste: [[2208.05144] Machine Learning-based EEG Applications and Markets](http://arxiv.org/abs/2208.05144)
• Summary:

  This paper addresses both the various EEG applications and the current EEG market ecosystem propelled by machine learning. Increasingly available open medical and health datasets using EEG encourage data-driven research with a promise of improving neurology for patient care through knowledge discovery and machine learning data science algorithm development. This effort leads to various kinds of EEG developments and currently forms a new EEG market. This paper attempts to do a comprehensive survey on the EEG market and covers the six significant applications of EEG, including diagnosis/screening, drug development, neuromarketing, daily health, metaverse, and age/disability assistance. The highlight of this survey is on the compare and contrast between the research field and the business market. Our survey points out the current limitations of EEG and indicates the future direction of research and business opportunity for every EEG application listed above. Based on our survey, more research on machine learning-based EEG applications will lead to a more robust EEG-related market. More companies will use the research technology and apply it to real-life settings. As the EEG-related market grows, the EEG-related devices will collect more EEG data, and there will be more EEG data available for researchers to use in their study, coming back as a virtuous cycle. Our market analysis indicates that research related to the use of EEG data and machine learning in the six applications listed above points toward a clear trend in the growth and development of the EEG ecosystem and machine learning world.

biometric

steal

extraction

Title: MD-Net: Multi-Detector for Local Feature Extraction. (arXiv:2208.05350v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2208.05350
• Code URL: null
• Copy Paste: [[2208.05350] MD-Net: Multi-Detector for Local Feature Extraction](http://arxiv.org/abs/2208.05350)
• Summary:

  Establishing a sparse set of keypoint correspon dences between images is a fundamental task in many computer vision pipelines. Often, this translates into a computationally expensive nearest neighbor search, where every keypoint descriptor at one image must be compared with all the descriptors at the others. In order to lower the computational cost of the matching phase, we propose a deep feature extraction network capable of detecting a predefined number of complementary sets of keypoints at each image. Since only the descriptors within the same set need to be compared across the different images, the matching phase computational complexity decreases with the number of sets. We train our network to predict the keypoints and compute the corresponding descriptors jointly. In particular, in order to learn complementary sets of keypoints, we introduce a novel unsupervised loss which penalizes intersections among the different sets. Additionally, we propose a novel descriptor-based weighting scheme meant to penalize the detection of keypoints with non-discriminative descriptors. With extensive experiments we show that our feature extraction network, trained only on synthetically warped images and in a fully unsupervised manner, achieves competitive results on 3D reconstruction and re-localization tasks at a reduced matching complexity.

membership infer

federate

Title: Fast Heterogeneous Federated Learning with Hybrid Client Selection. (arXiv:2208.05135v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2208.05135
• Code URL: null
• Copy Paste: [[2208.05135] Fast Heterogeneous Federated Learning with Hybrid Client Selection](http://arxiv.org/abs/2208.05135)
• Summary:

  Client selection schemes are widely adopted to handle the communication-efficient problems in recent studies of Federated Learning (FL). However, the large variance of the model updates aggregated from the randomly-selected unrepresentative subsets directly slows the FL convergence. We present a novel clustering-based client selection scheme to accelerate the FL convergence by variance reduction. Simple yet effective schemes are designed to improve the clustering effect and control the effect fluctuation, therefore, generating the client subset with certain representativeness of sampling. Theoretically, we demonstrate the improvement of the proposed scheme in variance reduction. We also present the tighter convergence guarantee of the proposed method thanks to the variance reduction. Experimental results confirm the exceed efficiency of our scheme compared to alternatives.

Title: FedOBD: Opportunistic Block Dropout for Efficiently Training Large-scale Neural Networks through Federated Learning. (arXiv:2208.05174v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2208.05174
• Code URL: null
• Copy Paste: [[2208.05174] FedOBD: Opportunistic Block Dropout for Efficiently Training Large-scale Neural Networks through Federated Learning](http://arxiv.org/abs/2208.05174)
• Summary:

  Large-scale neural networks possess considerable expressive power. They are well-suited for complex learning tasks in industrial applications. However, large-scale models pose significant challenges for training under the current Federated Learning (FL) paradigm. Existing approaches for efficient FL training often leverage model parameter dropout. However, manipulating individual model parameters is not only inefficient in meaningfully reducing the communication overhead when training large-scale FL models, but may also be detrimental to the scaling efforts and model performance as shown by recent research. To address these issues, we propose the Federated Opportunistic Block Dropout (FedOBD) approach. The key novelty is that it decomposes large-scale models into semantic blocks so that FL participants can opportunistically upload quantized blocks, which are deemed to be significant towards training the model, to the FL server for aggregation. Extensive experiments evaluating FedOBD against five state-of-the-art approaches based on multiple real-world datasets show that it reduces the overall communication overhead by more than 70% compared to the best performing baseline approach, while achieving the highest test accuracy. To the best of our knowledge, FedOBD is the first approach to perform dropout on FL models at the block level rather than at the individual parameter level.

fair

Title: How Effective is Byte Pair Encoding for Out-Of-Vocabulary Words in Neural Machine Translation?. (arXiv:2208.05225v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2208.05225
• Code URL: null
• Copy Paste: [[2208.05225] How Effective is Byte Pair Encoding for Out-Of-Vocabulary Words in Neural Machine Translation?](http://arxiv.org/abs/2208.05225)
• Summary:

  Neural Machine Translation (NMT) is an open vocabulary problem. As a result, dealing with the words not occurring during training (a.k.a. out-of-vocabulary (OOV) words) have long been a fundamental challenge for NMT systems. The predominant method to tackle this problem is Byte Pair Encoding (BPE) which splits words, including OOV words, into sub-word segments. BPE has achieved impressive results for a wide range of translation tasks in terms of automatic evaluation metrics. While it is often assumed that by using BPE, NMT systems are capable of handling OOV words, the effectiveness of BPE in translating OOV words has not been explicitly measured. In this paper, we study to what extent BPE is successful in translating OOV words at the word-level. We analyze the translation quality of OOV words based on word type, number of segments, cross-attention weights, and the frequency of segment n-grams in the training data. Our experiments show that while careful BPE settings seem to be fairly useful in translating OOV words across datasets, a considerable percentage of OOV words are translated incorrectly. Furthermore, we highlight the slightly higher effectiveness of BPE in translating OOV words for special cases, such as named-entities and when the languages involved are linguistically close to each other.

Title: D-BIAS: A Causality-Based Human-in-the-Loop System for Tackling Algorithmic Bias. (arXiv:2208.05126v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2208.05126
• Code URL: null
• Copy Paste: [[2208.05126] D-BIAS: A Causality-Based Human-in-the-Loop System for Tackling Algorithmic Bias](http://arxiv.org/abs/2208.05126)
• Summary:

  With the rise of AI, algorithms have become better at learning underlying patterns from the training data including ingrained social biases based on gender, race, etc. Deployment of such algorithms to domains such as hiring, healthcare, law enforcement, etc. has raised serious concerns about fairness, accountability, trust and interpretability in machine learning algorithms. To alleviate this problem, we propose D-BIAS, a visual interactive tool that embodies human-in-the-loop AI approach for auditing and mitigating social biases from tabular datasets. It uses a graphical causal model to represent causal relationships among different features in the dataset and as a medium to inject domain knowledge. A user can detect the presence of bias against a group, say females, or a subgroup, say black females, by identifying unfair causal relationships in the causal network and using an array of fairness metrics. Thereafter, the user can mitigate bias by acting on the unfair causal edges. For each interaction, say weakening/deleting a biased causal edge, the system uses a novel method to simulate a new (debiased) dataset based on the current causal model. Users can visually assess the impact of their interactions on different fairness metrics, utility metrics, data distortion, and the underlying data distribution. Once satisfied, they can download the debiased dataset and use it for any downstream application for fairer predictions. We evaluate D-BIAS by conducting experiments on 3 datasets and also a formal user study. We found that D-BIAS helps reduce bias significantly compared to the baseline debiasing approach across different fairness metrics while incurring little data distortion and a small loss in utility. Moreover, our human-in-the-loop based approach significantly outperforms an automated approach on trust, interpretability and accountability.

interpretability

Title: Explainable prediction of Qcodes for NOTAMs using column generation. (arXiv:2208.04955v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2208.04955
• Code URL: null
• Copy Paste: [[2208.04955] Explainable prediction of Qcodes for NOTAMs using column generation](http://arxiv.org/abs/2208.04955)
• Summary:

  A NOtice To AirMen (NOTAM) contains important flight route related information. To search and filter them, NOTAMs are grouped into categories called QCodes. In this paper, we develop a tool to predict, with some explanations, a Qcode for a NOTAM. We present a way to extend the interpretable binary classification using column generation proposed in Dash, Gunluk, and Wei (2018) to a multiclass text classification method. We describe the techniques used to tackle the issues related to one vs-rest classification, such as multiple outputs and class imbalances. Furthermore, we introduce some heuristics, including the use of a CP-SAT solver for the subproblems, to reduce the training time. Finally, we show that our approach compares favorably with state-of-the-art machine learning algorithms like Linear SVM and small neural networks while adding the needed interpretability component.

Title: TSInterpret: A unified framework for time series interpretability. (arXiv:2208.05280v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2208.05280
• Code URL: https://github.com/jhoelli/tsinterpret
• Copy Paste: [[2208.05280] TSInterpret: A unified framework for time series interpretability](http://arxiv.org/abs/2208.05280)
• Summary:

  With the increasing application of deep learning algorithms to time series classification, especially in high-stake scenarios, the relevance of interpreting those algorithms becomes key. Although research in time series interpretability has grown, accessibility for practitioners is still an obstacle. Interpretability approaches and their visualizations are diverse in use without a unified API or framework. To close this gap, we introduce TSInterpret an easily extensible open-source Python library for interpreting predictions of time series classifiers that combines existing interpretation approaches into one unified framework. The library features (i) state-of-the-art interpretability algorithms, (ii) exposes a unified API enabling users to work with explanations consistently and provides (iii) suitable visualizations for each explanation.

exlainability

watermark