secure

security

Title: Reversible Data hiding in Encrypted Domain with Public Key Embedding Mechanism. (arXiv:2208.14510v1 [cs.CR])

Paper URL: http://arxiv.org/abs/2208.14510
Code URL: null
Copy Paste: [[2208.14510] Reversible Data hiding in Encrypted Domain with Public Key Embedding Mechanism](http://arxiv.org/abs/2208.14510)
Summary:
Considering the prospects of public key embedding (PKE) mechanism in active forensics on the integrity or identity of ciphertext for distributed deep learning security, two reversible data hiding in encrypted domain (RDH-ED) algorithms with PKE mechanism are proposed, in which all the elements of the embedding function shall be open to the public, while the extraction function could be performed only by legitimate users. The first algorithm is difference expansion in single bit encrypted domain (DE-SBED), which is optimized from the homomorphic embedding framework based on the bit operations of DE in spatial domain. DE-SBED is suitable for the ciphertext of images encrypted from any single bit encryption and learning with errors (LWE) encryption is selected in this paper. Pixel value ordering is introduced to reduce the distortion of decryption and improve the embedding rates (ER). To apply to more flexible applications, public key recoding on encryption redundancy (PKR-ER) algorithm is proposed. Public embedding key is constructed by recoding on the redundancy from the probabilistic decryption of LWE. It is suitable for any plaintext regardless of the type of medium or the content. By setting different quantization rules for recoding, decryption and extraction functions are separable. No distortion exists in the directly decrypted results of the marked ciphertext and ER could reach over 1.0 bits per bit of plaintext. Correctness and security of the algorithms are proved theoretically by deducing the probability distributions of ciphertext and quantization variable. Experimental results demonstrate the performances in correctness, one-way attribute of security and efficiency of the algorithms.

Title: A Survey of Security and Privacy Issues in V2X Communication Systems. (arXiv:2208.14674v1 [cs.CR])

Paper URL: http://arxiv.org/abs/2208.14674
Code URL: null
Copy Paste: [[2208.14674] A Survey of Security and Privacy Issues in V2X Communication Systems](http://arxiv.org/abs/2208.14674)
Summary:
Vehicle-to-Everything (V2X) communication is receiving growing attention from industry and academia as multiple pilot projects explore its capabilities and feasibility. With about 50\% of global road vehicle exports coming from the European Union (EU), and within the context of EU legislation around security and data protection, V2X initiatives must consider security and privacy aspects across the system stack, in addition to road safety. Contrary to this principle, our survey of relevant standards, research outputs, and EU pilot projects indicates otherwise; we identify multiple security and privacy related shortcomings and inconsistencies across the standards. We conduct a root cause analysis of the reasons and difficulties associated with these gaps, and categorize the identified security and privacy issues relative to these root causes. As a result, our comprehensive analysis sheds lights on a number of areas that require improvements in the standards, which are not explicitly identified in related work. Our analysis fills gaps left by other related surveys, which are focused on specific technical areas but not necessarily point out underlying root issues in standard specifications. We bring forward recommendations to address these gaps for the overall improvement of security and safety in vehicular communication.

Title: Explainable Artificial Intelligence Applications in Cyber Security: State-of-the-Art in Research. (arXiv:2208.14937v1 [cs.CR])

Paper URL: http://arxiv.org/abs/2208.14937
Code URL: null
Copy Paste: [[2208.14937] Explainable Artificial Intelligence Applications in Cyber Security: State-of-the-Art in Research](http://arxiv.org/abs/2208.14937)
Summary:
This survey presents a comprehensive review of current literature on Explainable Artificial Intelligence (XAI) methods for cyber security applications. Due to the rapid development of Internet-connected systems and Artificial Intelligence in recent years, Artificial Intelligence including Machine Learning (ML) and Deep Learning (DL) has been widely utilized in the fields of cyber security including intrusion detection, malware detection, and spam filtering. However, although Artificial Intelligence-based approaches for the detection and defense of cyber attacks and threats are more advanced and efficient compared to the conventional signature-based and rule-based cyber security strategies, most ML-based techniques and DL-based techniques are deployed in the black-box manner, meaning that security experts and customers are unable to explain how such procedures reach particular conclusions. The deficiencies of transparency and interpretability of existing Artificial Intelligence techniques would decrease human users' confidence in the models utilized for the defense against cyber attacks, especially in current situations where cyber attacks become increasingly diverse and complicated. Therefore, it is essential to apply XAI in the establishment of cyber security models to create more explainable models while maintaining high accuracy and allowing human users to comprehend, trust, and manage the next generation of cyber defense mechanisms. Although there are papers reviewing Artificial Intelligence applications in cyber security areas and the vast literature on applying XAI in many fields including healthcare, financial services, and criminal justice, the surprising fact is that there are currently no survey research articles that concentrate on XAI applications in cyber security.

Title: Microwalk-CI: Practical Side-Channel Analysis for JavaScript Applications. (arXiv:2208.14942v1 [cs.CR])

Paper URL: http://arxiv.org/abs/2208.14942
Code URL: null
Copy Paste: [[2208.14942] Microwalk-CI: Practical Side-Channel Analysis for JavaScript Applications](http://arxiv.org/abs/2208.14942)
Summary:
Secret-dependent timing behavior in cryptographic implementations has resulted in exploitable vulnerabilities, undermining their security. Over the years, numerous tools to automatically detect timing leakage or even to prove their absence have been proposed. However, a recent study at IEEE S&P 2022 showed that, while many developers are aware of one or more analysis tools, they have major difficulties integrating these into their workflow, as existing tools are tedious to use and mapping discovered leakages to their originating code segments requires expert knowledge. In addition, existing tools focus on compiled languages like C, or analyze binaries, while the industry and open-source community moved to interpreted languages, most notably JavaScript.

In this work, we introduce Microwalk-CI, a novel side-channel analysis framework for easy integration into a JavaScript development workflow. First, we extend existing dynamic approaches with a new analysis algorithm, that allows efficient localization and quantification of leakages, making it suitable for use in practical development. We then present a technique for generating execution traces from JavaScript applications, which can be further analyzed with our and other algorithms originally designed for binary analysis. Finally, we discuss how Microwalk-CI can be integrated into a continuous integration (CI) pipeline for efficient and ongoing monitoring. We evaluate our analysis framework by conducting a thorough evaluation of several popular JavaScript cryptographic libraries, and uncover a number of critical leakages.

Title: Deep-Learning-Based Device Fingerprinting for Increased LoRa-IoT Security: Sensitivity to Network Deployment Changes. (arXiv:2208.14964v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2208.14964
Code URL: null
Copy Paste: [[2208.14964] Deep-Learning-Based Device Fingerprinting for Increased LoRa-IoT Security: Sensitivity to Network Deployment Changes](http://arxiv.org/abs/2208.14964)
Summary:
Deep-learning-based device fingerprinting has recently been recognized as a key enabler for automated network access authentication. Its robustness to impersonation attacks due to the inherent difficulty of replicating physical features is what distinguishes it from conventional cryptographic solutions. Although device fingerprinting has shown promising performances, its sensitivity to changes in the network operating environment still poses a major limitation. This paper presents an experimental framework that aims to study and overcome the sensitivity of LoRa-enabled device fingerprinting to such changes. We first begin by describing RF datasets we collected using our LoRa-enabled wireless device testbed. We then propose a new fingerprinting technique that exploits out-of-band distortion information caused by hardware impairments to increase the fingerprinting accuracy. Finally, we experimentally study and analyze the sensitivity of LoRa RF fingerprinting to various network setting changes. Our results show that fingerprinting does relatively well when the learning models are trained and tested under the same settings. However, when trained and tested under different settings, these models exhibit moderate sensitivity to channel condition changes and severe sensitivity to protocol configuration and receiver hardware changes when IQ data is used as input. However, with FFT data is used as input, they perform poorly under any change.

privacy

Title: EViT: Privacy-Preserving Image Retrieval via Encrypted Vision Transformer in Cloud Computing. (arXiv:2208.14657v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2208.14657
Code URL: https://github.com/onlinehuazai/evit
Copy Paste: [[2208.14657] EViT: Privacy-Preserving Image Retrieval via Encrypted Vision Transformer in Cloud Computing](http://arxiv.org/abs/2208.14657)
Summary:
Image retrieval systems help users to browse and search among extensive images in real-time. With the rise of cloud computing, retrieval tasks are usually outsourced to cloud servers. However, the cloud scenario brings a daunting challenge of privacy protection as cloud servers cannot be fully trusted. To this end, image-encryption-based privacy-preserving image retrieval schemes have been developed, which first extract features from cipher-images, and then build retrieval models based on these features. Yet, most existing approaches extract shallow features and design trivial retrieval models, resulting in insufficient expressiveness for the cipher-images. In this paper, we propose a novel paradigm named Encrypted Vision Transformer (EViT), which advances the discriminative representations capability of cipher-images. First, in order to capture comprehensive ruled information, we extract multi-level local length sequence and global Huffman-code frequency features from the cipher-images which are encrypted by stream cipher during JPEG compression process. Second, we design the Vision Transformer-based retrieval model to couple with the multi-level features, and propose two adaptive data augmentation methods to improve representation power of the retrieval model. Our proposal can be easily adapted to unsupervised and supervised settings via self-supervised contrastive learning manner. Extensive experiments reveal that EViT achieves both excellent encryption and retrieval performance, outperforming current schemes in terms of retrieval accuracy by large margins while protecting image privacy effectively. Code is publicly available at \url{https://github.com/onlinehuazai/EViT}.

Title: Application of Data Encryption in Chinese Named Entity Recognition. (arXiv:2208.14627v1 [cs.CR])

Paper URL: http://arxiv.org/abs/2208.14627
Code URL: null
Copy Paste: [[2208.14627] Application of Data Encryption in Chinese Named Entity Recognition](http://arxiv.org/abs/2208.14627)
Summary:
Recently, with the continuous development of deep learning, the performance of named entity recognition tasks has been dramatically improved. However, the privacy and the confidentiality of data in some specific fields, such as biomedical and military, cause insufficient data to support the training of deep neural networks. In this paper, we propose an encryption learning framework to address the problems of data leakage and inconvenient disclosure of sensitive data in certain domains. We introduce multiple encryption algorithms to encrypt training data in the named entity recognition task for the first time. In other words, we train the deep neural network using the encrypted data. We conduct experiments on six Chinese datasets, three of which are constructed by ourselves. The experimental results show that the encryption method achieves satisfactory results. The performance of some models trained with encrypted data even exceeds the performance of the unencrypted method, which verifies the effectiveness of the introduced encryption method and solves the problem of data leakage to a certain extent.

Title: PBAG: A Privacy-Preserving Blockchain-based Authentication Protocol with Global-updated Commitment in IoV. (arXiv:2208.14616v1 [cs.CR])

Paper URL: http://arxiv.org/abs/2208.14616
Code URL: null
Copy Paste: [[2208.14616] PBAG: A Privacy-Preserving Blockchain-based Authentication Protocol with Global-updated Commitment in IoV](http://arxiv.org/abs/2208.14616)
Summary:
Internet of Vehicles(IoV) is increasingly used as a medium to propagate critical information via establishing connections between entities such as vehicles and infrastructures. During message transmission, privacy-preserving authentication is considered as the first line of defence against attackers and malicious information. To achieve a more secure and stable communication environment, ever-increasing numbers of blockchain-based authentication schemes are proposed. At first glance, existing approaches provide robust architectures and achieve transparent authentication. However, in these schemes, verifiers must connect to the blockchain network in advance and accomplish the authentication with smart contracts, which prolongs the latency. To remedy this limit, we propose a privacy-preserving blockchain-based authentication protocol(PBAG), where Root Authority(RA) generates a unique evaluation proof corresponding to the issued certificate for each authorized vehicle. Meanwhile, RA broadcasts a public global commitment based on all valid certificates. Instead of querying certificates stored in the blockchain, the vehicle will be efficiently proved to be an authorized user by utilizing the global commitment through bilinear pairing. Moreover, our scheme can prevent vehicles equipped with invalid certificates from accomplishing the authentication, thus avoiding the time-consuming for checking Certificate Revocation List (CRL). Finally, our scheme provides privacy properties such as anonymity and unlinkability. It allows anonymous authentication based on evaluation proofs and achieves traceability of identity in the event of a dispute. The simulation demonstrates that the average time of verification is 0.36ms under the batch-enabled mechanism, outperforming existing schemes by at least 63.7%.

Title: Dynamic Global Sensitivity for Differentially Private Contextual Bandits. (arXiv:2208.14555v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2208.14555
Code URL: null
Copy Paste: [[2208.14555] Dynamic Global Sensitivity for Differentially Private Contextual Bandits](http://arxiv.org/abs/2208.14555)
Summary:
Bandit algorithms have become a reference solution for interactive recommendation. However, as such algorithms directly interact with users for improved recommendations, serious privacy concerns have been raised regarding its practical use. In this work, we propose a differentially private linear contextual bandit algorithm, via a tree-based mechanism to add Laplace or Gaussian noise to model parameters. Our key insight is that as the model converges during online update, the global sensitivity of its parameters shrinks over time (thus named dynamic global sensitivity). Compared with existing solutions, our dynamic global sensitivity analysis allows us to inject less noise to obtain $(\epsilon, \delta)$-differential privacy with added regret caused by noise injection in $\tilde O(\log{T}\sqrt{T}/\epsilon)$. We provide a rigorous theoretical analysis over the amount of noise added via dynamic global sensitivity and the corresponding upper regret bound of our proposed algorithm. Experimental results on both synthetic and real-world datasets confirmed the algorithm's advantage against existing solutions.

protect

defense

attack

Title: Membership Inference Attacks by Exploiting Loss Trajectory. (arXiv:2208.14933v1 [cs.CR])

Paper URL: http://arxiv.org/abs/2208.14933
Code URL: null
Copy Paste: [[2208.14933] Membership Inference Attacks by Exploiting Loss Trajectory](http://arxiv.org/abs/2208.14933)
Summary:
Machine learning models are vulnerable to membership inference attacks in which an adversary aims to predict whether or not a particular sample was contained in the target model's training dataset. Existing attack methods have commonly exploited the output information (mostly, losses) solely from the given target model. As a result, in practical scenarios where both the member and non-member samples yield similarly small losses, these methods are naturally unable to differentiate between them. To address this limitation, in this paper, we propose a new attack method, called \system, which can exploit the membership information from the whole training process of the target model for improving the attack performance. To mount the attack in the common black-box setting, we leverage knowledge distillation, and represent the membership information by the losses evaluated on a sequence of intermediate models at different distillation epochs, namely \emph{distilled loss trajectory}, together with the loss from the given target model. Experimental results over different datasets and model architectures demonstrate the great advantage of our attack in terms of different metrics. For example, on CINIC-10, our attack achieves at least 6$\times$ higher true-positive rate at a low false-positive rate of 0.1\% than existing methods. Further analysis demonstrates the general effectiveness of our attack in more strict scenarios.

Title: Zero-day DDoS Attack Detection. (arXiv:2208.14971v1 [cs.CR])

Paper URL: http://arxiv.org/abs/2208.14971
Code URL: null
Copy Paste: [[2208.14971] Zero-day DDoS Attack Detection](http://arxiv.org/abs/2208.14971)
Summary:
The ability to detect zero-day (novel) attacks has become essential in the network security industry. Due to ever evolving attack signatures, existing network intrusion detection systems often fail to detect these threats. This project aims to solve the task of detecting zero-day DDoS (distributed denial-of-service) attacks by utilizing network traffic that is captured before entering a private network. Modern feature extraction techniques are used in conjunction with neural networks to determine if a network packet is either benign or malicious.

robust

Title: Augraphy: A Data Augmentation Library for Document Images. (arXiv:2208.14558v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2208.14558
Code URL: null
Copy Paste: [[2208.14558] Augraphy: A Data Augmentation Library for Document Images](http://arxiv.org/abs/2208.14558)
Summary:
This paper introduces Augraphy, a Python package geared toward realistic data augmentation strategies for document images. Augraphy uses many different augmentation strategies to produce augmented versions of clean document images that appear as if they have been distorted from standard office operations, such as printing, scanning, and faxing through old or dirty machines, degradation of ink over time, and handwritten markings. Augraphy can be used both as a data augmentation tool for (1) producing diverse training data for tasks such as document de-noising, and (2) generating challenging test data for evaluating model robustness on document image modeling tasks. This paper provides an overview of Augraphy and presents three example robustness testing use-cases of Augraphy.

Title: SIM-Trans: Structure Information Modeling Transformer for Fine-grained Visual Categorization. (arXiv:2208.14607v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2208.14607
Code URL: https://github.com/pku-icst-mipl/sim-trans_acmmm2022
Copy Paste: [[2208.14607] SIM-Trans: Structure Information Modeling Transformer for Fine-grained Visual Categorization](http://arxiv.org/abs/2208.14607)
Summary:
Fine-grained visual categorization (FGVC) aims at recognizing objects from similar subordinate categories, which is challenging and practical for human's accurate automatic recognition needs. Most FGVC approaches focus on the attention mechanism research for discriminative regions mining while neglecting their interdependencies and composed holistic object structure, which are essential for model's discriminative information localization and understanding ability. To address the above limitations, we propose the Structure Information Modeling Transformer (SIM-Trans) to incorporate object structure information into transformer for enhancing discriminative representation learning to contain both the appearance information and structure information. Specifically, we encode the image into a sequence of patch tokens and build a strong vision transformer framework with two well-designed modules: (i) the structure information learning (SIL) module is proposed to mine the spatial context relation of significant patches within the object extent with the help of the transformer's self-attention weights, which is further injected into the model for importing structure information; (ii) the multi-level feature boosting (MFB) module is introduced to exploit the complementary of multi-level features and contrastive learning among classes to enhance feature robustness for accurate recognition. The proposed two modules are light-weighted and can be plugged into any transformer network and trained end-to-end easily, which only depends on the attention weights that come with the vision transformer itself. Extensive experiments and analyses demonstrate that the proposed SIM-Trans achieves state-of-the-art performance on fine-grained visual categorization benchmarks. The code is available at https://github.com/PKU-ICST-MIPL/SIM-Trans_ACMMM2022.

Title: Temporal Flow Mask Attention for Open-Set Long-Tailed Recognition of Wild Animals in Camera-Trap Images. (arXiv:2208.14625v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2208.14625
Code URL: null
Copy Paste: [[2208.14625] Temporal Flow Mask Attention for Open-Set Long-Tailed Recognition of Wild Animals in Camera-Trap Images](http://arxiv.org/abs/2208.14625)
Summary:
Camera traps, unmanned observation devices, and deep learning-based image recognition systems have greatly reduced human effort in collecting and analyzing wildlife images. However, data collected via above apparatus exhibits 1) long-tailed and 2) open-ended distribution problems. To tackle the open-set long-tailed recognition problem, we propose the Temporal Flow Mask Attention Network that comprises three key building blocks: 1) an optical flow module, 2) an attention residual module, and 3) a meta-embedding classifier. We extract temporal features of sequential frames using the optical flow module and learn informative representation using attention residual blocks. Moreover, we show that applying the meta-embedding technique boosts the performance of the method in open-set long-tailed recognition. We apply this method on a Korean Demilitarized Zone (DMZ) dataset. We conduct extensive experiments, and quantitative and qualitative analyses to prove that our method effectively tackles the open-set long-tailed recognition problem while being robust to unknown classes.

Title: 3DLG-Detector: 3D Object Detection via Simultaneous Local-Global Feature Learning. (arXiv:2208.14796v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2208.14796
Code URL: null
Copy Paste: [[2208.14796] 3DLG-Detector: 3D Object Detection via Simultaneous Local-Global Feature Learning](http://arxiv.org/abs/2208.14796)
Summary:
Capturing both local and global features of irregular point clouds is essential to 3D object detection (3OD). However, mainstream 3D detectors, e.g., VoteNet and its variants, either abandon considerable local features during pooling operations or ignore many global features in the whole scene context. This paper explores new modules to simultaneously learn local-global features of scene point clouds that serve 3OD positively. To this end, we propose an effective 3OD network via simultaneous local-global feature learning (dubbed 3DLG-Detector). 3DLG-Detector has two key contributions. First, it develops a Dynamic Points Interaction (DPI) module that preserves effective local features during pooling. Besides, DPI is detachable and can be incorporated into existing 3OD networks to boost their performance. Second, it develops a Global Context Aggregation module to aggregate multi-scale features from different layers of the encoder to achieve scene context-awareness. Our method shows improvements over thirteen competitors in terms of detection accuracy and robustness on both the SUN RGB-D and ScanNet datasets. Source code will be available upon publication.

Title: MultiCoNER: A Large-scale Multilingual dataset for Complex Named Entity Recognition. (arXiv:2208.14536v1 [cs.CL])

Paper URL: http://arxiv.org/abs/2208.14536
Code URL: null
Copy Paste: [[2208.14536] MultiCoNER: A Large-scale Multilingual dataset for Complex Named Entity Recognition](http://arxiv.org/abs/2208.14536)
Summary:
We present MultiCoNER, a large multilingual dataset for Named Entity Recognition that covers 3 domains (Wiki sentences, questions, and search queries) across 11 languages, as well as multilingual and code-mixing subsets. This dataset is designed to represent contemporary challenges in NER, including low-context scenarios (short and uncased text), syntactically complex entities like movie titles, and long-tail entity distributions. The 26M token dataset is compiled from public resources using techniques such as heuristic-based sentence sampling, template extraction and slotting, and machine translation. We applied two NER models on our dataset: a baseline XLM-RoBERTa model, and a state-of-the-art GEMNET model that leverages gazetteers. The baseline achieves moderate performance (macro-F1=54%), highlighting the difficulty of our data. GEMNET, which uses gazetteers, improvement significantly (average improvement of macro-F1=+30%). MultiCoNER poses challenges even for large pre-trained language models, and we believe that it can help further research in building robust NER systems. MultiCoNER is publicly available at https://registry.opendata.aws/multiconer/ and we hope that this resource will help advance research in various aspects of NER.

Title: To Adapt or to Fine-tune: A Case Study on Abstractive Summarization. (arXiv:2208.14559v1 [cs.CL])

Paper URL: http://arxiv.org/abs/2208.14559
Code URL: null
Copy Paste: [[2208.14559] To Adapt or to Fine-tune: A Case Study on Abstractive Summarization](http://arxiv.org/abs/2208.14559)
Summary:
Recent advances in the field of abstractive summarization leverage pre-trained language models rather than train a model from scratch. However, such models are sluggish to train and accompanied by a massive overhead. Researchers have proposed a few lightweight alternatives such as smaller adapters to mitigate the drawbacks. Nonetheless, it remains uncertain whether using adapters benefits the task of summarization, in terms of improved efficiency without an unpleasant sacrifice in performance. In this work, we carry out multifaceted investigations on fine-tuning and adapters for summarization tasks with varying complexity: language, domain, and task transfer. In our experiments, fine-tuning a pre-trained language model generally attains a better performance than using adapters; the performance gap positively correlates with the amount of training data used. Notably, adapters exceed fine-tuning under extremely low-resource conditions. We further provide insights on multilinguality, model convergence, and robustness, hoping to shed light on the pragmatic choice of fine-tuning or adapters in abstractive summarization.

Title: Formalising the Robustness of Counterfactual Explanations for Neural Networks. (arXiv:2208.14878v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2208.14878
Code URL: null
Copy Paste: [[2208.14878] Formalising the Robustness of Counterfactual Explanations for Neural Networks](http://arxiv.org/abs/2208.14878)
Summary:
The use of counterfactual explanations (CFXs) is an increasingly popular explanation strategy for machine learning models. However, recent studies have shown that these explanations may not be robust to changes in the underlying model (e.g., following retraining), which raises questions about their reliability in real-world applications. Existing attempts towards solving this problem are heuristic, and the robustness to model changes of the resulting CFXs is evaluated with only a small number of retrained models, failing to provide exhaustive guarantees. To remedy this, we propose the first notion to formally and deterministically assess the robustness (to model changes) of CFXs for neural networks, that we call {\Delta}-robustness. We introduce an abstraction framework based on interval neural networks to verify the {\Delta}-robustness of CFXs against a possibly infinite set of changes to the model parameters, i.e., weights and biases. We then demonstrate the utility of this approach in two distinct ways. First, we analyse the {\Delta}-robustness of a number of CFX generation methods from the literature and show that they unanimously host significant deficiencies in this regard. Second, we demonstrate how embedding {\Delta}-robustness within existing methods can provide CFXs which are provably robust.

Title: Cell-Free Latent Go-Explore. (arXiv:2208.14928v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2208.14928
Code URL: https://github.com/qgallouedec/lge
Copy Paste: [[2208.14928] Cell-Free Latent Go-Explore](http://arxiv.org/abs/2208.14928)
Summary:
In this paper, we introduce Latent Go-Explore (LGE), a simple and general approach based on the Go-Explore paradigm for exploration in reinforcement learning (RL). Go-Explore was initially introduced with a strong domain knowledge constraint for partitioning the state space into cells. However, in most real-world scenarios, drawing domain knowledge from raw observations is complex and tedious. If the cell partitioning is not informative enough, Go-Explore can completely fail to explore the environment. We argue that the Go-Explore approach can be generalized to any environment without domain knowledge and without cells by exploiting a learned latent representation. Thus, we show that LGE can be flexibly combined with any strategy for learning a latent representation. We show that LGE, although simpler than Go-Explore, is more robust and outperforms all state-of-the-art algorithms in terms of pure exploration on multiple hard-exploration environments. The LGE implementation is available as open-source at https://github.com/qgallouedec/lge.

Title: ARMA Cell: A Modular and Effective Approach for Neural Autoregressive Modeling. (arXiv:2208.14919v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2208.14919
Code URL: https://github.com/phschiele/armacell
Copy Paste: [[2208.14919] ARMA Cell: A Modular and Effective Approach for Neural Autoregressive Modeling](http://arxiv.org/abs/2208.14919)
Summary:
The autoregressive moving average (ARMA) model is a classical, and arguably one of the most studied approaches to model time series data. It has compelling theoretical properties and is widely used among practitioners. More recent deep learning approaches popularize recurrent neural networks (RNNs) and, in particular, long short-term memory (LSTM) cells that have become one of the best performing and most common building blocks in neural time series modeling. While advantageous for time series data or sequences with long-term effects, complex RNN cells are not always a must and can sometimes even be inferior to simpler recurrent approaches. In this work, we introduce the ARMA cell, a simpler, modular, and effective approach for time series modeling in neural networks. This cell can be used in any neural network architecture where recurrent structures are present and naturally handles multivariate time series using vector autoregression. We also introduce the ConvARMA cell as a natural successor for spatially-correlated time series. Our experiments show that the proposed methodology is competitive with popular alternatives in terms of performance while being more robust and compelling due to its simplicity.

biometric

steal

extraction

Title: Dual Representation Learning for One-Step Clustering of Multi-View Data. (arXiv:2208.14450v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2208.14450
Code URL: null
Copy Paste: [[2208.14450] Dual Representation Learning for One-Step Clustering of Multi-View Data](http://arxiv.org/abs/2208.14450)
Summary:
Multi-view data are commonly encountered in data mining applications. Effective extraction of information from multi-view data requires specific design of clustering methods to cater for data with multiple views, which is non-trivial and challenging. In this paper, we propose a novel one-step multi-view clustering method by exploiting the dual representation of both the common and specific information of different views. The motivation originates from the rationale that multi-view data contain not only the consistent knowledge between views but also the unique knowledge of each view. Meanwhile, to make the representation learning more specific to the clustering task, a one-step learning framework is proposed to integrate representation learning and clustering partition as a whole. With this framework, the representation learning and clustering partition mutually benefit each other, which effectively improve the clustering performance. Results from extensive experiments conducted on benchmark multi-view datasets clearly demonstrate the superiority of the proposed method.

membership infer

federate

Title: Reducing Impacts of System Heterogeneity in Federated Learning using Weight Update Magnitudes. (arXiv:2208.14808v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2208.14808
Code URL: null
Copy Paste: [[2208.14808] Reducing Impacts of System Heterogeneity in Federated Learning using Weight Update Magnitudes](http://arxiv.org/abs/2208.14808)
Summary:
The widespread adoption of handheld devices have fueled rapid growth in new applications. Several of these new applications employ machine learning models to train on user data that is typically private and sensitive. Federated Learning enables machine learning models to train locally on each handheld device while only synchronizing their neuron updates with a server. While this enables user privacy, technology scaling and software advancements have resulted in handheld devices with varying performance capabilities. This results in the training time of federated learning tasks to be dictated by a few low-performance straggler devices, essentially becoming a bottleneck to the entire training process. In this work, we aim to mitigate the performance bottleneck of federated learning by dynamically forming sub-models for stragglers based on their performance and accuracy feedback. To this end, we offer the Invariant Dropout, a dynamic technique that forms a sub-model based on the neuron update threshold. Invariant Dropout uses neuron updates from the non-straggler clients to develop a tailored sub-models for each straggler during each training iteration. All corresponding weights which have a magnitude less than the threshold are dropped for the iteration. We evaluate Invariant Dropout using five real-world mobile clients. Our evaluations show that Invariant Dropout obtains a maximum accuracy gain of 1.4% points over state-of-the-art Ordered Dropout while mitigating performance bottlenecks of stragglers.

Title: Federated Online Clustering of Bandits. (arXiv:2208.14865v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2208.14865
Code URL: https://github.com/zhaohaoru/federated-clustering-of-bandits
Copy Paste: [[2208.14865] Federated Online Clustering of Bandits](http://arxiv.org/abs/2208.14865)
Summary:
Contextual multi-armed bandit (MAB) is an important sequential decision-making problem in recommendation systems. A line of works, called the clustering of bandits (CLUB), utilize the collaborative effect over users and dramatically improve the recommendation quality. Owing to the increasing application scale and public concerns about privacy, there is a growing demand to keep user data decentralized and push bandit learning to the local server side. Existing CLUB algorithms, however, are designed under the centralized setting where data are available at a central server. We focus on studying the federated online clustering of bandit (FCLUB) problem, which aims to minimize the total regret while satisfying privacy and communication considerations. We design a new phase-based scheme for cluster detection and a novel asynchronous communication protocol for cooperative bandit learning for this problem. To protect users' privacy, previous differential privacy (DP) definitions are not very suitable, and we propose a new DP notion that acts on the user cluster level. We provide rigorous proofs to show that our algorithm simultaneously achieves (clustered) DP, sublinear communication complexity and sublinear regret. Finally, experimental evaluations show our superior performance compared with benchmark algorithms.

fair

Title: A Fair Experimental Comparison of Neural Network Architectures for Latent Representations of Multi-Omics for Drug Response Prediction. (arXiv:2208.14822v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2208.14822
Code URL: https://github.com/kramerlab/multi-omics_analysis
Copy Paste: [[2208.14822] A Fair Experimental Comparison of Neural Network Architectures for Latent Representations of Multi-Omics for Drug Response Prediction](http://arxiv.org/abs/2208.14822)
Summary:
Recent years have seen a surge of novel neural network architectures for the integration of multi-omics data for prediction. Most of the architectures include either encoders alone or encoders and decoders, i.e., autoencoders of various sorts, to transform multi-omics data into latent representations. One important parameter is the depth of integration: the point at which the latent representations are computed or merged, which can be either early, intermediate, or late. The literature on integration methods is growing steadily, however, close to nothing is known about the relative performance of these methods under fair experimental conditions and under consideration of different use cases. We developed a comparison framework that trains and optimizes multi-omics integration methods under equal conditions. We incorporated early integration and four recently published deep learning methods: MOLI, Super.FELT, OmiEmbed, and MOMA. Further, we devised a novel method, Omics Stacking, that combines the advantages of intermediate and late integration. Experiments were conducted on a public drug response data set with multiple omics data (somatic point mutations, somatic copy number profiles and gene expression profiles) that was obtained from cell lines, patient-derived xenografts, and patient samples. Our experiments confirmed that early integration has the lowest predictive performance. Overall, architectures that integrate triplet loss achieved the best results. Statistical differences can, overall, rarely be observed, however, in terms of the average ranks of methods, Super.FELT is consistently performing best in a cross-validation setting and Omics Stacking best in an external test set setting. The source code of all experiments is available under \url{https://github.com/kramerlab/Multi-Omics_analysis}