secure

Title: SecDDR: Enabling Low-Cost Secure Memories by Protecting the DDR Interface. (arXiv:2209.00685v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.00685
• Code URL: null
• Copy Paste: [[2209.00685] SecDDR: Enabling Low-Cost Secure Memories by Protecting the DDR Interface](http://arxiv.org/abs/2209.00685)
• Summary:

  The security goals of cloud providers and users include memory confidentiality and integrity, which requires implementing Replay-Attack protection (RAP). RAP can be achieved using integrity trees or mutually authenticated channels. Integrity trees incur significant performance overheads and are impractical for protecting large memories. Mutually authenticated channels have been proposed only for packetized memory interfaces that address only a very small niche domain and require fundamental changes to memory system architecture. We propose SecDDR, a low-cost RAP that targets direct-attached memories, like DDRx. SecDDR avoids memory-side data authentication, and thus, only adds a small amount of logic to memory components and does not change the underlying DDR protocol, making it practical for widespread adoption. In contrast to prior mutual authentication proposals, which require trusting the entire memory module, SecDDR targets untrusted modules by placing its limited security logic on the DRAM die (or package) of the ECC chip. Our evaluation shows that SecDDR performs within 1% of an encryption-only memory without RAP and that SecDDR provides 18.8% and 7.8% average performance improvements (up to 190.4% and 24.8%) relative to a 64-ary integrity tree and an authenticated channel, respectively.

Title: Detection of False Data Injection Attacks in Smart Grid: A Secure Federated Deep Learning Approach. (arXiv:2209.00778v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.00778
• Code URL: null
• Copy Paste: [[2209.00778] Detection of False Data Injection Attacks in Smart Grid: A Secure Federated Deep Learning Approach](http://arxiv.org/abs/2209.00778)
• Summary:

  As an important cyber-physical system (CPS), smart grid is highly vulnerable to cyber attacks. Amongst various types of attacks, false data injection attack (FDIA) proves to be one of the top-priority cyber-related issues and has received increasing attention in recent years. However, so far little attention has been paid to privacy preservation issues in the detection of FDIAs in smart grid. Inspired by federated learning, a FDIA detection method based on secure federated deep learning is proposed in this paper by combining Transformer, federated learning and Paillier cryptosystem. The Transformer, as a detector deployed in edge nodes, delves deep into the connection between individual electrical quantities by using its multi-head self-attention mechanism. By using federated learning framework, our approach utilizes the data from all nodes to collaboratively train a detection model while preserving data privacy by keeping the data locally during training. To improve the security of federated learning, a secure federated learning scheme is designed by combing Paillier cryptosystem with federated learning. Through extensive experiments on the IEEE 14-bus and 118-bus test systems, the effectiveness and superiority of the proposed method are verifed.

Title: CASU: Compromise Avoidance via Secure Update for Low-end Embedded Systems. (arXiv:2209.00813v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.00813
• Code URL: null
• Copy Paste: [[2209.00813] CASU: Compromise Avoidance via Secure Update for Low-end Embedded Systems](http://arxiv.org/abs/2209.00813)
• Summary:

  Guaranteeing runtime integrity of embedded system software is an open problem. Trade-offs between security and other priorities (e.g., cost or performance) are inherent, and resolving them is both challenging and important. The proliferation of runtime attacks that introduce malicious code (e.g., by injection) into embedded devices has prompted a range of mitigation techniques. One popular approach is Remote Attestation (RA), whereby a trusted entity (verifier) checks the current software state of an untrusted remote device (prover). RA yields a timely authenticated snapshot of prover state that verifier uses to decide whether an attack occurred.

Current RA schemes require verifier to explicitly initiate RA, based on some unclear criteria. Thus, in case of prover's compromise, verifier only learns about it late, upon the next RA instance. While sufficient for compromise detection, some applications would benefit from a more proactive, prevention-based approach. To this end, we construct CASU: Compromise Avoidance via Secure Updates. CASU is an inexpensive hardware/software co-design enforcing: (i) runtime software immutability, thus precluding any illegal software modification, and (ii) authenticated updates as the sole means of modifying software. In CASU, a successful RA instance serves as a proof of successful update, and continuous subsequent software integrity is implicit, due to the runtime immutability guarantee. This obviates the need for RA in between software updates and leads to unobtrusive integrity assurance with guarantees akin to those of prior RA techniques, with better overall performance.

Title: Automatic Detection of Speculative Execution Combinations. (arXiv:2209.01179v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.01179
• Code URL: null
• Copy Paste: [[2209.01179] Automatic Detection of Speculative Execution Combinations](http://arxiv.org/abs/2209.01179)
• Summary:

  Modern processors employ different prediction mechanisms to speculate over different kinds of instructions. Attackers can exploit these prediction mechanisms simultaneously in order to trigger leaks about speculatively-accessed data. Thus, sound reasoning about such speculative leaks requires accounting for all potential mechanisms of speculation. Unfortunately, existing formal models only support reasoning about fixed, hard-coded mechanisms of speculation, with no simple support to extend said reasoning to new mechanisms.

In this paper we develop a framework for reasoning about composed speculative semantics that capture speculation due to different mechanisms and implement it as part of the Spectector verification tool. We implement novel semantics for speculating over store and return instructions and combine them with the semantics for speculating over branches. Our framework yields speculative semantics for speculating over any combination of those instructions that are secure by construction, i.e., we obtain these security guarantees for free. The implementation of our novel semantics in Spectector let us verify existing codebases that are vulnerable to Spectre v1, Spectre v4, and Spectre v5 vulnerabilities as well as new snippets that are only vulnerable to their compositions.

security

Title: A Low-Cost Multi-Agent System for Physical Security in Smart Buildings. (arXiv:2209.00741v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.00741
• Code URL: null
• Copy Paste: [[2209.00741] A Low-Cost Multi-Agent System for Physical Security in Smart Buildings](http://arxiv.org/abs/2209.00741)
• Summary:

  Modern organizations face numerous physical security threats, from fire hazards to more intricate concerns regarding surveillance and unauthorized personnel. Conventional standalone fire and intrusion detection solutions must be installed and maintained independently, which leads to high capital and operational costs. Nonetheless, due to recent developments in smart sensors, computer vision techniques, and wireless communication technologies, these solutions can be integrated in a modular and low-cost manner. This work introduces Integrated Physical Security System (IP2S), a multi-agent system capable of coordinating diverse Internet of Things (IoT) sensors and actuators for an efficient mitigation of multiple physical security events. The proposed system was tested in a live case study that combined fire and intrusion detection in an industrial shop floor environment with four different sectors, two surveillance cameras, and a firefighting robot. The experimental results demonstrate that the integration of several events in a single automated system can be advantageous for the security of smart buildings, reducing false alarms and delays.

Title: Explainable AI for Android Malware Detection: Towards Understanding Why the Models Perform So Well?. (arXiv:2209.00812v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.00812
• Code URL: https://github.com/yueyuel/xaiforandroidmalware
• Copy Paste: [[2209.00812] Explainable AI for Android Malware Detection: Towards Understanding Why the Models Perform So Well?](http://arxiv.org/abs/2209.00812)
• Summary:

  Machine learning (ML)-based Android malware detection has been one of the most popular research topics in the mobile security community. An increasing number of research studies have demonstrated that machine learning is an effective and promising approach for malware detection, and some works have even claimed that their proposed models could achieve 99\% detection accuracy, leaving little room for further improvement. However, numerous prior studies have suggested that unrealistic experimental designs bring substantial biases, resulting in over-optimistic performance in malware detection. Unlike previous research that examined the detection performance of ML classifiers to locate the causes, this study employs Explainable AI (XAI) approaches to explore what ML-based models learned during the training process, inspecting and interpreting why ML-based malware classifiers perform so well under unrealistic experimental settings. We discover that temporal sample inconsistency in the training dataset brings over-optimistic classification performance (up to 99\% F1 score and accuracy). Importantly, our results indicate that ML models classify malware based on temporal differences between malware and benign, rather than the actual malicious behaviors. Our evaluation also confirms the fact that unrealistic experimental designs lead to not only unrealistic detection performance but also poor reliability, posing a significant obstacle to real-world applications. These findings suggest that XAI approaches should be used to help practitioners/researchers better understand how do AI/ML models (i.e., malware detection) work -- not just focusing on accuracy improvement.

Title: Tweaking Metasploit to Evade Encrypted C2 Traffic Detection. (arXiv:2209.00943v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.00943
• Code URL: null
• Copy Paste: [[2209.00943] Tweaking Metasploit to Evade Encrypted C2 Traffic Detection](http://arxiv.org/abs/2209.00943)
• Summary:

  Command and Control (C2) communication is a key component of any structured cyber-attack. As such, security operations actively try to detect this type of communication in their networks. This poses a problem for legitimate pentesters that try to remain undetected, since commonly used pentesting tools, such as Metasploit, generate constant traffic patterns that are easily distinguishable from regular web traffic. In this paper we start with these identifiable patterns in Metasploit's C2 traffic and show that a machine learning-based detector is able to detect the presence of such traffic with high accuracy, even when encrypted. We then outline and implement a set of modifications to the Metasploit framework in order to decrease the detection rates of such classifier. To evaluate the performance of these modifications, we use two threat models with increasing awareness of these modifications. We look at the detection evasion performance and at the byte count and runtime overhead of the modifications. Our results show that for the second, increased-awareness threat model the framework-side traffic modifications yield a better detection avoidance rate (90%) than payload-side only modifications (50%). We also show that although the modifications use up to 3 times more TLS payload bytes than the original, the runtime does not significantly change and the total number of bytes (including TLS payload) reduces.

Title: Data Encryption based on 7D Complex Chaotic System with Cubic Memristor for Smart Grid. (arXiv:2209.01105v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.01105
• Code URL: null
• Copy Paste: [[2209.01105] Data Encryption based on 7D Complex Chaotic System with Cubic Memristor for Smart Grid](http://arxiv.org/abs/2209.01105)
• Summary:

  The information security has an irreplaceable position in the smart grid (SG). In order to avoid the malicious attack and ensure the information security, the cryptographic techniques are essential. This paper focuses on the encryption techniques to ensure the information security of SG. Firstly, an unusual 7-dimensional complex chaotic system (7D-CCS) combined with the cubic memristor is introduced. Besides its phase portraits, Lyapunov exponent, 0-1 test, complexity, and bifurcation diagram are investigated. Then, with the proposed 7D-CCS, we design a data encryption algorithm to ensure the encryption security. Finally, the data and monitoring images in SG are encrypted by the designed encryption scheme. Besides, the encryption performance is given in detailed. The experimental results show that the proposed encryption scheme has quite good encryption performance. Therefore, it can ensure the information security of SG.

Title: Binsec/Rel: Symbolic Binary Analyzer for Security with Applications to Constant-Time and Secret-Erasure. (arXiv:2209.01129v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.01129
• Code URL: null
• Copy Paste: [[2209.01129] Binsec/Rel: Symbolic Binary Analyzer for Security with Applications to Constant-Time and Secret-Erasure](http://arxiv.org/abs/2209.01129)
• Summary:

  This paper tackles the problem of designing efficient binary-level verification for a subset of information flow properties encompassing constant-time and secret-erasure. These properties are crucial for cryptographic implementations, but are generally not preserved by compilers. Our proposal builds on relational symbolic execution enhanced with new optimizations dedicated to information flow and binary-level analysis, yielding a dramatic improvement over prior work based on symbolic execution. We implement a prototype, Binsec/Rel, for bug-finding and bounded-verification of constant-time and secret-erasure, and perform extensive experiments on a set of 338 cryptographic implementations, demonstrating the benefits of our approach. Using Binsec/Rel, we also automate two prior manual studies on preservation of constant-time and secret-erasure by compilers for a total of 4148 and 1156 binaries respectively. Interestingly, our analysis highlights incorrect usages of volatile data pointer for secret erasure and shows that scrubbing mechanisms based on volatile function pointers can introduce additional register spilling which might break secret-erasure. We also discovered that gcc -O0 and backend passes of clang introduce violations of constant-time in implementations that were previously deemed secure by a state-of-the-art constant-time verification tool operating at LLVM level, showing the importance of reasoning at binary-level.

privacy

Title: Domain Adaptation from Scratch. (arXiv:2209.00830v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2209.00830
• Code URL: https://github.com/eyalbd2/scratchda
• Copy Paste: [[2209.00830] Domain Adaptation from Scratch](http://arxiv.org/abs/2209.00830)
• Summary:

  Natural language processing (NLP) algorithms are rapidly improving but often struggle when applied to out-of-distribution examples. A prominent approach to mitigate the domain gap is domain adaptation, where a model trained on a source domain is adapted to a new target domain. We present a new learning setup, ``domain adaptation from scratch'', which we believe to be crucial for extending the reach of NLP to sensitive domains in a privacy-preserving manner. In this setup, we aim to efficiently annotate data from a set of source domains such that the trained model performs well on a sensitive target domain from which data is unavailable for annotation. Our study compares several approaches for this challenging setup, ranging from data selection and domain adaptation algorithms to active learning paradigms, on two NLP tasks: sentiment analysis and Named Entity Recognition. Our results suggest that using the abovementioned approaches eases the domain gap, and combining them further improves the results.

Title: Property inference attack; Graph neural networks; Privacy attacks and defense; Trustworthy machine learning. (arXiv:2209.01100v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.01100
• Code URL: null
• Copy Paste: [[2209.01100] Property inference attack; Graph neural networks; Privacy attacks and defense; Trustworthy machine learning](http://arxiv.org/abs/2209.01100)
• Summary:

  With the fast adoption of machine learning (ML) techniques, sharing of ML models is becoming popular. However, ML models are vulnerable to privacy attacks that leak information about the training data. In this work, we focus on a particular type of privacy attacks named property inference attack (PIA) which infers the sensitive properties of the training data through the access to the target ML model. In particular, we consider Graph Neural Networks (GNNs) as the target model, and distribution of particular groups of nodes and links in the training graph as the target property. While the existing work has investigated PIAs that target at graph-level properties, no prior works have studied the inference of node and link properties at group level yet.

In this work, we perform the first systematic study of group property inference attacks (GPIA) against GNNs. First, we consider a taxonomy of threat models under both black-box and white-box settings with various types of adversary knowledge, and design six different attacks for these settings. We evaluate the effectiveness of these attacks through extensive experiments on three representative GNN models and three real-world graphs. Our results demonstrate the effectiveness of these attacks whose accuracy outperforms the baseline approaches. Second, we analyze the underlying factors that contribute to GPIA's success, and show that the target model trained on the graphs with or without the target property represents some dissimilarity in model parameters and/or model outputs, which enables the adversary to infer the existence of the property. Further, we design a set of defense mechanisms against the GPIA attacks, and demonstrate that these mechanisms can reduce attack accuracy effectively with small loss on GNN model accuracy.

Title: An Introduction to Machine Unlearning. (arXiv:2209.00939v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.00939
• Code URL: null
• Copy Paste: [[2209.00939] An Introduction to Machine Unlearning](http://arxiv.org/abs/2209.00939)
• Summary:

  Removing the influence of a specified subset of training data from a machine learning model may be required to address issues such as privacy, fairness, and data quality. Retraining the model from scratch on the remaining data after removal of the subset is an effective but often infeasible option, due to its computational expense. The past few years have therefore seen several novel approaches towards efficient removal, forming the field of "machine unlearning", however, many aspects of the literature published thus far are disparate and lack consensus. In this paper, we summarise and compare seven state-of-the-art machine unlearning algorithms, consolidate definitions of core concepts used in the field, reconcile different approaches for evaluating algorithms, and discuss issues related to applying machine unlearning in practice.

protect

defense

attack

Title: Universal Fourier Attack for Time Series. (arXiv:2209.00757v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.00757
• Code URL: null
• Copy Paste: [[2209.00757] Universal Fourier Attack for Time Series](http://arxiv.org/abs/2209.00757)
• Summary:

  A wide variety of adversarial attacks have been proposed and explored using image and audio data. These attacks are notoriously easy to generate digitally when the attacker can directly manipulate the input to a model, but are much more difficult to implement in the real-world. In this paper we present a universal, time invariant attack for general time series data such that the attack has a frequency spectrum primarily composed of the frequencies present in the original data. The universality of the attack makes it fast and easy to implement as no computation is required to add it to an input, while time invariance is useful for real-world deployment. Additionally, the frequency constraint ensures the attack can withstand filtering. We demonstrate the effectiveness of the attack in two different domains, speech recognition and unintended radiated emission, and show that the attack is robust against common transform-and-compare defense pipelines.

Title: TypoSwype: An Imaging Approach to Detect Typo-Squatting. (arXiv:2209.00783v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.00783
• Code URL: null
• Copy Paste: [[2209.00783] TypoSwype: An Imaging Approach to Detect Typo-Squatting](http://arxiv.org/abs/2209.00783)
• Summary:

  Typo-squatting domains are a common cyber-attack technique. It involves utilising domain names, that exploit possible typographical errors of commonly visited domains, to carry out malicious activities such as phishing, malware installation, etc. Current approaches typically revolve around string comparison algorithms like the Demaru-Levenschtein Distance (DLD) algorithm. Such techniques do not take into account keyboard distance, which researchers find to have a strong correlation with typical typographical errors and are trying to take account of. In this paper, we present the TypoSwype framework which converts strings to images that take into account keyboard location innately. We also show how modern state of the art image recognition techniques involving Convolutional Neural Networks, trained via either Triplet Loss or NT-Xent Loss, can be applied to learn a mapping to a lower dimensional space where distances correspond to image, and equivalently, textual similarity. Finally, we also demonstrate our method's ability to improve typo-squatting detection over the widely used DLD algorithm, while maintaining the classification accuracy as to which domain the input domain was attempting to typo-squat.

Title: Spatio-Temporal Attack Course-of-Action (COA) Search Learning for Scalable and Time-Varying Networks. (arXiv:2209.00862v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.00862
• Code URL: null
• Copy Paste: [[2209.00862] Spatio-Temporal Attack Course-of-Action (COA) Search Learning for Scalable and Time-Varying Networks](http://arxiv.org/abs/2209.00862)
• Summary:

  One of the key topics in network security research is the autonomous COA (Couse-of-Action) attack search method. Traditional COA attack search methods that passively search for attacks can be difficult, especially as the network gets bigger. To address these issues, new autonomous COA techniques are being developed, and among them, an intelligent spatial algorithm is designed in this paper for efficient operations in scalable networks. On top of the spatial search, a Monte-Carlo (MC)- based temporal approach is additionally considered for taking care of time-varying network behaviors. Therefore, we propose a spatio-temporal attack COA search algorithm for scalable and time-varying networks.

robust

Title: Structure-Preserving Graph Representation Learning. (arXiv:2209.00793v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.00793
• Code URL: https://github.com/uestc-lese/spgrl
• Copy Paste: [[2209.00793] Structure-Preserving Graph Representation Learning](http://arxiv.org/abs/2209.00793)
• Summary:

  Though graph representation learning (GRL) has made significant progress, it is still a challenge to extract and embed the rich topological structure and feature information in an adequate way. Most existing methods focus on local structure and fail to fully incorporate the global topological structure. To this end, we propose a novel Structure-Preserving Graph Representation Learning (SPGRL) method, to fully capture the structure information of graphs. Specifically, to reduce the uncertainty and misinformation of the original graph, we construct a feature graph as a complementary view via k-Nearest Neighbor method. The feature graph can be used to contrast at node-level to capture the local relation. Besides, we retain the global topological structure information by maximizing the mutual information (MI) of the whole graph and feature embeddings, which is theoretically reduced to exchanging the feature embeddings of the feature and the original graphs to reconstruct themselves. Extensive experiments show that our method has quite superior performance on semi-supervised node classification task and excellent robustness under noise perturbation on graph structure or node features.

Title: Vision-Language Adaptive Mutual Decoder for OOV-STR. (arXiv:2209.00859v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.00859
• Code URL: null
• Copy Paste: [[2209.00859] Vision-Language Adaptive Mutual Decoder for OOV-STR](http://arxiv.org/abs/2209.00859)
• Summary:

  Recent works have shown huge success of deep learning models for common in vocabulary (IV) scene text recognition. However, in real-world scenarios, out-of-vocabulary (OOV) words are of great importance and SOTA recognition models usually perform poorly on OOV settings. Inspired by the intuition that the learned language prior have limited OOV preformence, we design a framework named Vision Language Adaptive Mutual Decoder (VLAMD) to tackle OOV problems partly. VLAMD consists of three main conponents. Firstly, we build an attention based LSTM decoder with two adaptively merged visual-only modules, yields a vision-language balanced main branch. Secondly, we add an auxiliary query based autoregressive transformer decoding head for common visual and language prior representation learning. Finally, we couple these two designs with bidirectional training for more diverse language modeling, and do mutual sequential decoding to get robuster results. Our approach achieved 70.31\% and 59.61\% word accuracy on IV+OOV and OOV settings respectively on Cropped Word Recognition Task of OOV-ST Challenge at ECCV 2022 TiE Workshop, where we got 1st place on both settings.

Title: Contrastive Semantic-Guided Image Smoothing Network. (arXiv:2209.00977v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.00977
• Code URL: https://github.com/wangjie6866/csgis-net
• Copy Paste: [[2209.00977] Contrastive Semantic-Guided Image Smoothing Network](http://arxiv.org/abs/2209.00977)
• Summary:

  Image smoothing is a fundamental low-level vision task that aims to preserve salient structures of an image while removing insignificant details. Deep learning has been explored in image smoothing to deal with the complex entanglement of semantic structures and trivial details. However, current methods neglect two important facts in smoothing: 1) naive pixel-level regression supervised by the limited number of high-quality smoothing ground-truth could lead to domain shift and cause generalization problems towards real-world images; 2) texture appearance is closely related to object semantics, so that image smoothing requires awareness of semantic difference to apply adaptive smoothing strengths. To address these issues, we propose a novel Contrastive Semantic-Guided Image Smoothing Network (CSGIS-Net) that combines both contrastive prior and semantic prior to facilitate robust image smoothing. The supervision signal is augmented by leveraging undesired smoothing effects as negative teachers, and by incorporating segmentation tasks to encourage semantic distinctiveness. To realize the proposed network, we also enrich the original VOC dataset with texture enhancement and smoothing labels, namely VOC-smooth, which first bridges image smoothing and semantic segmentation. Extensive experiments demonstrate that the proposed CSGIS-Net outperforms state-of-the-art algorithms by a large margin. Code and dataset are available at https://github.com/wangjie6866/CSGIS-Net.

Title: Distilling Facial Knowledge With Teacher-Tasks: Semantic-Segmentation-Features For Pose-Invariant Face-Recognition. (arXiv:2209.01115v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.01115
• Code URL: null
• Copy Paste: [[2209.01115] Distilling Facial Knowledge With Teacher-Tasks: Semantic-Segmentation-Features For Pose-Invariant Face-Recognition](http://arxiv.org/abs/2209.01115)
• Summary:

  This paper demonstrates a novel approach to improve face-recognition pose-invariance using semantic-segmentation features. The proposed Seg-Distilled-ID network jointly learns identification and semantic-segmentation tasks, where the segmentation task is then "distilled" (MobileNet encoder). Performance is benchmarked against three state-of-the-art encoders on a publicly available data-set emphasizing head-pose variations. Experimental evaluations show the Seg-Distilled-ID network shows notable robustness benefits, achieving 99.9% test-accuracy in comparison to 81.6% on ResNet-101, 96.1% on VGG-19 and 96.3% on InceptionV3. This is achieved using approximately one-tenth of the top encoder's inference parameters. These results demonstrate distilling semantic-segmentation features can efficiently address face-recognition pose-invariance.

Title: Back-to-Bones: Rediscovering the Role of Backbones in Domain Generalization. (arXiv:2209.01121v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.01121
• Code URL: null
• Copy Paste: [[2209.01121] Back-to-Bones: Rediscovering the Role of Backbones in Domain Generalization](http://arxiv.org/abs/2209.01121)
• Summary:

  Domain Generalization (DG) studies the capability of a deep learning model to generalize to out-of-training distributions. In the last decade, literature has been massively filled with a collection of training methodologies that claim to obtain more abstract and robust data representations to tackle domain shifts. Recent research has provided a reproducible benchmark for DG, pointing out the effectiveness of naive empirical risk minimization (ERM) over existing algorithms. Nevertheless, researchers persist in using the same outdated feature extractors, and no attention has been given to the effects of different backbones yet. In this paper, we start back to backbones proposing a comprehensive analysis of their intrinsic generalization capabilities, so far ignored by the research community. We evaluate a wide variety of feature extractors, from standard residual solutions to transformer-based architectures, finding an evident linear correlation between large-scale single-domain classification accuracy and DG capability. Our extensive experimentation shows that by adopting competitive backbones in conjunction with effective data augmentation, plain ERM outperforms recent DG solutions and achieves state-of-the-art accuracy. Moreover, our additional qualitative studies reveal that novel backbones give more similar representations to same-class samples, separating different domains in the feature space. This boost in generalization capabilities leaves marginal room for DG algorithms and suggests a new paradigm for investigating the problem, placing backbones in the spotlight and encouraging the development of consistent algorithms on top of them.

Title: Temporal Conditional VAE for Distributional Drift Adaptation in Multivariate Time Series. (arXiv:2209.00654v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.00654
• Code URL: null
• Copy Paste: [[2209.00654] Temporal Conditional VAE for Distributional Drift Adaptation in Multivariate Time Series](http://arxiv.org/abs/2209.00654)
• Summary:

  Due to the nonstationary nature, the distribution of real-world multivariate time series (MTS) changes over time, which is known as distribution drift. Most existing MTS forecasting models greatly suffer from the distribution drift and degrade the forecasting performance over time. Existing methods address distribution drift via adapting to the latest arrived data or self-correcting per the meta knowledge derived from future data. Despite their great success in MTS forecasting, these methods hardly capture the intrinsic distribution changes especially from a distributional perspective. Accordingly, we propose a novel framework temporal conditional variational autoencoder (TCVAE) to model the dynamic distributional dependencies over time between historical observations and future data in MTS and infer the dependencies as a temporal conditional distribution to leverage latent variables. Specifically, a novel temporal Hawkes attention mechanism represents temporal factors subsequently fed into feed-forward networks to estimate the prior Gaussian distribution of latent variables. The representation of temporal factors further dynamically adjusts the structures of Transformer-based encoder and decoder to distribution changes by leveraging a gated attention mechanism. Moreover, we introduce conditional continuous normalization flow to transform the prior Gaussian to a complex and form-free distribution to facilitate flexible inference of the temporal conditional distribution. Extensive experiments conducted on six real-world MTS datasets demonstrate the TCVAE's superior robustness and effectiveness over the state-of-the-art MTS forecasting baselines. We further illustrate the TCVAE applicability through multifaceted case studies and visualization in real-world scenarios.

Title: Normalization effects on deep neural networks. (arXiv:2209.01018v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.01018
• Code URL: null
• Copy Paste: [[2209.01018] Normalization effects on deep neural networks](http://arxiv.org/abs/2209.01018)
• Summary:

  We study the effect of normalization on the layers of deep neural networks of feed-forward type. A given layer $i$ with $N_{i}$ hidden units is allowed to be normalized by $1/N_{i}^{\gamma_{i}}$ with $\gamma_{i}\in[1/2,1]$ and we study the effect of the choice of the $\gamma_{i}$ on the statistical behavior of the neural network's output (such as variance) as well as on the test accuracy on the MNIST data set. We find that in terms of variance of the neural network's output and test accuracy the best choice is to choose the $\gamma_{i}$'s to be equal to one, which is the mean-field scaling. We also find that this is particularly true for the outer layer, in that the neural network's behavior is more sensitive in the scaling of the outer layer as opposed to the scaling of the inner layers. The mechanism for the mathematical analysis is an asymptotic expansion for the neural network's output. An important practical consequence of the analysis is that it provides a systematic and mathematically informed way to choose the learning rate hyperparameters. Such a choice guarantees that the neural network behaves in a statistically robust way as the $N_i$ grow to infinity.

Title: Revisiting Outer Optimization in Adversarial Training. (arXiv:2209.01199v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.01199
• Code URL: null
• Copy Paste: [[2209.01199] Revisiting Outer Optimization in Adversarial Training](http://arxiv.org/abs/2209.01199)
• Summary:

  Despite the fundamental distinction between adversarial and natural training (AT and NT), AT methods generally adopt momentum SGD (MSGD) for the outer optimization. This paper aims to analyze this choice by investigating the overlooked role of outer optimization in AT. Our exploratory evaluations reveal that AT induces higher gradient norm and variance compared to NT. This phenomenon hinders the outer optimization in AT since the convergence rate of MSGD is highly dependent on the variance of the gradients. To this end, we propose an optimization method called ENGM which regularizes the contribution of each input example to the average mini-batch gradients. We prove that the convergence rate of ENGM is independent of the variance of the gradients, and thus, it is suitable for AT. We introduce a trick to reduce the computational cost of ENGM using empirical observations on the correlation between the norm of gradients w.r.t. the network parameters and input examples. Our extensive evaluations and ablation studies on CIFAR-10, CIFAR-100, and TinyImageNet demonstrate that ENGM and its variants consistently improve the performance of a wide range of AT methods. Furthermore, ENGM alleviates major shortcomings of AT including robust overfitting and high sensitivity to hyperparameter settings.

biometric

steal

extraction

Title: Structural Bias for Aspect Sentiment Triplet Extraction. (arXiv:2209.00820v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2209.00820
• Code URL: https://github.com/genezc/structbias
• Copy Paste: [[2209.00820] Structural Bias for Aspect Sentiment Triplet Extraction](http://arxiv.org/abs/2209.00820)
• Summary:

  Structural bias has recently been exploited for aspect sentiment triplet extraction (ASTE) and led to improved performance. On the other hand, it is recognized that explicitly incorporating structural bias would have a negative impact on efficiency, whereas pretrained language models (PLMs) can already capture implicit structures. Thus, a natural question arises: Is structural bias still a necessity in the context of PLMs? To answer the question, we propose to address the efficiency issues by using an adapter to integrate structural bias in the PLM and using a cheap-to-compute relative position structure in place of the syntactic dependency structure. Benchmarking evaluation is conducted on the SemEval datasets. The results show that our proposed structural adapter is beneficial to PLMs and achieves state-of-the-art performance over a range of strong baselines, yet with a light parameter demand and low latency. Meanwhile, we give rise to the concern that the current evaluation default with data of small scale is under-confident. Consequently, we release a large-scale dataset for ASTE. The results on the new dataset hint that the structural adapter is confidently effective and efficient to a large scale. Overall, we draw the conclusion that structural bias shall still be a necessity even with PLMs.

Title: Entity Graph Extraction from Legal Acts -- a Prototype for a Use Case in Policy Design Analysis. (arXiv:2209.00944v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2209.00944
• Code URL: null
• Copy Paste: [[2209.00944] Entity Graph Extraction from Legal Acts -- a Prototype for a Use Case in Policy Design Analysis](http://arxiv.org/abs/2209.00944)
• Summary:

  This paper presents research on a prototype developed to serve the quantitative study of public policy design. This sub-discipline of political science focuses on identifying actors, relations between them, and tools at their disposal in health, environmental, economic, and other policies. Our system aims to automate the process of gathering legal documents, annotating them with Institutional Grammar, and using hypergraphs to analyse inter-relations between crucial entities. Our system is tested against the UNESCO Convention for the Safeguarding of the Intangible Cultural Heritage from 2003, a legal document regulating essential aspects of international relations securing cultural heritage.

Title: Extend and Explain: Interpreting Very Long Language Models. (arXiv:2209.01174v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2209.01174
• Code URL: null
• Copy Paste: [[2209.01174] Extend and Explain: Interpreting Very Long Language Models](http://arxiv.org/abs/2209.01174)
• Summary:

  While Transformer language models (LMs) are state-of-the-art for information extraction, long text introduces computational challenges requiring suboptimal preprocessing steps or alternative model architectures. Sparse-attention LMs can represent longer sequences, overcoming performance hurdles. However, it remains unclear how to explain predictions from these models, as not all tokens attend to each other in the self-attention layers, and long sequences pose computational challenges for explainability algorithms when runtime depends on document length. These challenges are severe in the medical context where documents can be very long, and machine learning (ML) models must be auditable and trustworthy. We introduce a novel Masked Sampling Procedure (MSP) to identify the text blocks that contribute to a prediction, apply MSP in the context of predicting diagnoses from medical text, and validate our approach with a blind review by two clinicians. Our method identifies about 1.7x more clinically informative text blocks than the previous state-of-the-art, runs up to 100x faster, and is tractable for generating important phrase pairs. MSP is particularly well-suited to long LMs but can be applied to any text classifier. We provide a general implementation of MSP.

membership infer

federate

Title: Generalizing intrusion detection for heterogeneous networks: A stacked-unsupervised federated learning approach. (arXiv:2209.00721v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.00721
• Code URL: null
• Copy Paste: [[2209.00721] Generalizing intrusion detection for heterogeneous networks: A stacked-unsupervised federated learning approach](http://arxiv.org/abs/2209.00721)
• Summary:

  The constantly evolving digital transformation imposes new requirements on our society. Aspects relating to reliance on the networking domain and the difficulty of achieving security by design pose a challenge today. As a result, data-centric and machine-learning approaches arose as feasible solutions for securing large networks. Although, in the network security domain, ML-based solutions face a challenge regarding the capability to generalize between different contexts. In other words, solutions based on specific network data usually do not perform satisfactorily on other networks. This paper describes the stacked-unsupervised federated learning (FL) approach to generalize on a cross-silo configuration for a flow-based network intrusion detection system (NIDS). The proposed approach we have examined comprises a deep autoencoder in conjunction with an energy flow classifier in an ensemble learning task. Our approach performs better than traditional local learning and naive cross-evaluation (training in one context and testing on another network data). Remarkably, the proposed approach demonstrates a sound performance in the case of non-iid data silos. In conjunction with an informative feature in an ensemble architecture for unsupervised learning, we advise that the proposed FL-based NIDS results in a feasible approach for generalization between heterogeneous networks. To the best of our knowledge, our proposal is the first successful approach to applying unsupervised FL on the problem of network intrusion detection generalization using flow-based data.

Title: Proceedings of the 2022 XCSP3 Competition. (arXiv:2209.00917v1 [cs.AI])

• Paper URL: http://arxiv.org/abs/2209.00917
• Code URL: null
• Copy Paste: [[2209.00917] Proceedings of the 2022 XCSP3 Competition](http://arxiv.org/abs/2209.00917)
• Summary:

  This document represents the proceedings of the 2022 XCSP3 Competition. The results of this competition of constraint solvers were presented at FLOC (Federated Logic Conference) 2022 Olympic Games, held in Haifa, Israel from 31th July 2022 to 7th August, 2022.

fair

Title: Exploring traditional machine learning for identification of pathological auscultations. (arXiv:2209.00672v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.00672
• Code URL: null
• Copy Paste: [[2209.00672] Exploring traditional machine learning for identification of pathological auscultations](http://arxiv.org/abs/2209.00672)
• Summary:

  Today, data collection has improved in various areas, and the medical domain is no exception. Auscultation, as an important diagnostic technique for physicians, due to the progress and availability of digital stethoscopes, lends itself well to applications of machine learning. Due to the large number of auscultations performed, the availability of data opens up an opportunity for more effective analysis of sounds where prognostic accuracy even among experts remains low. In this study, digital 6-channel auscultations of 45 patients were used in various machine learning scenarios, with the aim of distinguishing between normal and anomalous pulmonary sounds. Audio features (such as fundamental frequencies F0-4, loudness, HNR, DFA, as well as descriptive statistics of log energy, RMS and MFCC) were extracted using the Python library Surfboard. Windowing and feature aggregation and concatenation strategies were used to prepare data for tree-based ensemble models in unsupervised (fair-cut forest) and supervised (random forest) machine learning settings. The evaluation was carried out using 9-fold stratified cross-validation repeated 30 times. Decision fusion by averaging outputs for a subject was tested and found to be useful. Supervised models showed a consistent advantage over unsupervised ones, achieving mean AUC ROC of 0.691 (accuracy 71.11%, Kappa 0.416, F1-score 0.771) in side-based detection and mean AUC ROC of 0.721 (accuracy 68.89%, Kappa 0.371, F1-score 0.650) in patient-based detection.

Title: A Discussion of Discrimination and Fairness in Insurance Pricing. (arXiv:2209.00858v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.00858
• Code URL: null
• Copy Paste: [[2209.00858] A Discussion of Discrimination and Fairness in Insurance Pricing](http://arxiv.org/abs/2209.00858)
• Summary:

  Indirect discrimination is an issue of major concern in algorithmic models. This is particularly the case in insurance pricing where protected policyholder characteristics are not allowed to be used for insurance pricing. Simply disregarding protected policyholder information is not an appropriate solution because this still allows for the possibility of inferring the protected characteristics from the non-protected ones. This leads to so-called proxy or indirect discrimination. Though proxy discrimination is qualitatively different from the group fairness concepts in machine learning, these group fairness concepts are proposed to 'smooth out' the impact of protected characteristics in the calculation of insurance prices. The purpose of this note is to share some thoughts about group fairness concepts in the light of insurance pricing and to discuss their implications. We present a statistical model that is free of proxy discrimination, thus, unproblematic from an insurance pricing point of view. However, we find that the canonical price in this statistical model does not satisfy any of the three most popular group fairness axioms. This seems puzzling and we welcome feedback on our example and on the usefulness of these group fairness axioms for non-discriminatory insurance pricing.

interpretability

exlainability

watermark