secure

Title: SAGE: Software-based Attestation for GPU Execution. (arXiv:2209.03125v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.03125
• Code URL: null
• Copy Paste: [[2209.03125] SAGE: Software-based Attestation for GPU Execution](http://arxiv.org/abs/2209.03125)
• Summary:

  With the application of machine learning to security-critical and sensitive domains, there is a growing need for integrity and privacy in computation using accelerators, such as GPUs. Unfortunately, the support for trusted execution on GPUs is currently very limited - trusted execution on accelerators is particularly challenging since the attestation mechanism should not reduce performance. Although hardware support for trusted execution on GPUs is emerging, we study purely software-based approaches for trusted GPU execution. A software-only approach offers distinct advantages: (1) complement hardware-based approaches, enhancing security especially when vulnerabilities in the hardware implementation degrade security, (2) operate on GPUs without hardware support for trusted execution, and (3) achieve security without reliance on secrets embedded in the hardware, which can be extracted as history has shown. In this work, we present SAGE, a software-based attestation mechanism for GPU execution. SAGE enables secure code execution on NVIDIA GPUs of the Ampere architecture (A100), providing properties of code integrity and secrecy, computation integrity, as well as data integrity and secrecy - all in the presence of malicious code running on the GPU and CPU. Our evaluation demonstrates that SAGE is already practical today for executing code in a trustworthy way on GPUs without specific hardware support.

security

Title: Visual Transformer for Soil Classification. (arXiv:2209.02950v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.02950
• Code URL: null
• Copy Paste: [[2209.02950] Visual Transformer for Soil Classification](http://arxiv.org/abs/2209.02950)
• Summary:

  Our food security is built on the foundation of soil. Farmers would be unable to feed us with fiber, food, and fuel if the soils were not healthy. Accurately predicting the type of soil helps in planning the usage of the soil and thus increasing productivity. This research employs state-of-the-art Visual Transformers and also compares performance with different models such as SVM, Alexnet, Resnet, and CNN. Furthermore, this study also focuses on differentiating different Visual Transformers architectures. For the classification of soil type, the dataset consists of 4 different types of soil samples such as alluvial, red, black, and clay. The Visual Transformer model outperforms other models in terms of both test and train accuracies by attaining 98.13% on training and 93.62% while testing. The performance of the Visual Transformer exceeds the performance of other models by at least 2%. Hence, the novel Visual Transformers can be used for Computer Vision tasks including Soil Classification.

Title: A Subexponential Quantum Algorithm for the Semdirect Discrete Logarithm Problem. (arXiv:2209.02814v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.02814
• Code URL: null
• Copy Paste: [[2209.02814] A Subexponential Quantum Algorithm for the Semdirect Discrete Logarithm Problem](http://arxiv.org/abs/2209.02814)
• Summary:

  Group-based cryptography is a relatively young family in post-quantum cryptography. In this paper we give the first dedicated security analysis of a central problem in group-based cryptography: the so-called Semidirect Product Key Exchange (SDPKE). We present a subexponential quantum algorithm for solving SDPKE. To do this we reduce SDPKE to the Abelian Hidden Shift Problem (for which there are known quantum subexponential algorithms). We stress that this does not per se constitute a break of SDPKE; rather, the purpose of the paper is to provide a connection to known problems.

Title: Security and Privacy of IP-ICN Coexistence: A Comprehensive Survey. (arXiv:2209.02835v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.02835
• Code URL: null
• Copy Paste: [[2209.02835] Security and Privacy of IP-ICN Coexistence: A Comprehensive Survey](http://arxiv.org/abs/2209.02835)
• Summary:

  Internet usage has changed from its first design. Hence, the current Internet must cope with some limitations, including performance degradation, availability of IP addresses, and multiple security and privacy issues. Nevertheless, to unsettle the current Internet's network layer i.e., Internet Protocol with ICN is a challenging, expensive task. It also requires worldwide coordination among Internet Service Providers , backbone, and Autonomous Services. Additionally, history showed that technology changes e.g., from 3G to 4G, from IPv4 to IPv6 are not immediate, and usually, the replacement includes a long coexistence period between the old and new technology. Similarly, we believe that the process of replacement of the current Internet will surely transition through the coexistence of IP and ICN. Although the tremendous amount of security and privacy issues of the current Internet taught us the importance of securely designing the architectures, only a few of the proposed architectures place the security-by-design. Therefore, this article aims to provide the first comprehensive Security and Privacy analysis of the state-of-the-art coexistence architectures. Additionally, it yields a horizontal comparison of security and privacy among three deployment approaches of IP and ICN protocol i.e., overlay, underlay, and hybrid and a vertical comparison among ten considered security and privacy features. As a result of our analysis, emerges that most of the architectures utterly fail to provide several SP features including data and traffic flow confidentiality, availability and communication anonymity. We believe this article draws a picture of the secure combination of current and future protocol stacks during the coexistence phase that the Internet will definitely walk across.

Title: Building up Cyber Resilience by Better Grasping Cyber Risk Via a New Algorithm for Modelling Heavy-Tailed Data. (arXiv:2209.02845v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.02845
• Code URL: null
• Copy Paste: [[2209.02845] Building up Cyber Resilience by Better Grasping Cyber Risk Via a New Algorithm for Modelling Heavy-Tailed Data](http://arxiv.org/abs/2209.02845)
• Summary:

  Cyber security and resilience are major challenges in our modern economies; this is why they are top priorities on the agenda of governments, security and defense forces, management of companies and organizations. Hence, the need of a deep understanding of cyber risks to improve resilience. We propose here an analysis of the database of the cyber complaints filed at the {\it Gendarmerie Nationale}. We perform this analysis with a new algorithm developed for non-negative asymmetric heavy-tailed data, which could become a handy tool in applied fields. This method gives a good estimation of the full distribution including the tail. Our study confirms the finiteness of the loss expectation, necessary condition for insurability. Finally, we draw the consequences of this model for risk management, compare its results to other standard EVT models, and lay the ground for a classification of attacks based on the fatness of the tail.

Title: Cerberus: Exploring Federated Prediction of Security Events. (arXiv:2209.03050v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.03050
• Code URL: null
• Copy Paste: [[2209.03050] Cerberus: Exploring Federated Prediction of Security Events](http://arxiv.org/abs/2209.03050)
• Summary:

  Modern defenses against cyberattacks increasingly rely on proactive approaches, e.g., to predict the adversary's next actions based on past events. Building accurate prediction models requires knowledge from many organizations; alas, this entails disclosing sensitive information, such as network structures, security postures, and policies, which might often be undesirable or outright impossible. In this paper, we explore the feasibility of using Federated Learning (FL) to predict future security events. To this end, we introduce Cerberus, a system enabling collaborative training of Recurrent Neural Network (RNN) models for participating organizations. The intuition is that FL could potentially offer a middle-ground between the non-private approach where the training data is pooled at a central server and the low-utility alternative of only training local models. We instantiate Cerberus on a dataset obtained from a major security company's intrusion prevention product and evaluate it vis-a-vis utility, robustness, and privacy, as well as how participants contribute to and benefit from the system. Overall, our work sheds light on both the positive aspects and the challenges of using FL for this task and paves the way for deploying federated approaches to predictive security.

Title: State of Security Awareness in the AM Industry: 2020 Survey. (arXiv:2209.03073v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.03073
• Code URL: null
• Copy Paste: [[2209.03073] State of Security Awareness in the AM Industry: 2020 Survey](http://arxiv.org/abs/2209.03073)
• Summary:

  Security of Additive Manufacturing (AM) gets increased attention due to the growing proliferation and adoption of AM in a variety of applications and business models. However, there is a significant disconnect between AM community focused on manufacturing and AM Security community focused on securing this highly computerized manufacturing technology. To bridge this gap, we surveyed the America Makes AM community, asking in total eleven AM security-related questions aiming to discover the existing concerns, posture, and expectations. The first set of questions aimed to discover how many of these organizations use AM, outsource AM, or provide AM as a service. Then we asked about biggest security concerns as well as about assessment of who the potential adversaries might be and their motivation for attack. We then proceeded with questions on any experienced security incidents, if any security risk assessment was conducted, and if the participants' organizations were partnering with external experts to secure AM. Lastly, we asked whether security measures are implemented at all and, if yes, whether they fall under the general cyber-security category. Out of 69 participants affiliated with commercial industry, agencies, and academia, 53 have completed the entire survey. This paper presents the results of this survey, as well as provides our assessment of the AM Security posture. The answers are a mixture of what we could label as expected, "shocking but not surprising," and completely unexpected. Assuming that the provided answers are somewhat representative to the current state of the AM industry, we conclude that the industry is not ready to prevent or detect AM-specific attacks that have been demonstrated in the research literature.

Title: Hyperloop: A Cybersecurity Perspective. (arXiv:2209.03095v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.03095
• Code URL: null
• Copy Paste: [[2209.03095] Hyperloop: A Cybersecurity Perspective](http://arxiv.org/abs/2209.03095)
• Summary:

  Hyperloop is among the most prominent future transportation systems. First introduced by Elon Musk, Hyperloop concept involves novel technologies to allow traveling at a maximum speed of 1220km/h, while guaranteeing sustainability. Due to the system's performance requirements and the critical infrastructure it represents, its safety and security need to be carefully considered. In cyber-physical systems, cyberattacks could lead to safety issues with catastrophic consequences, both on the population and the surrounding environment. Therefore, the cybersecurity of all the components and links in Hyperloop represents a fundamental challenge. To this day, no research investigated the cyber security of the technology used for Hyperloop.

In this paper, we propose the first analysis of the cybersecurity challenges raised by Hyperloop technology. We base our analysis on the related works on Hyperloop, distilling the common features which will be likely to be present in the system. Furthermore, we provide an analysis of possible directions on the Hyperloop infrastructure management, together with their security concerns. Finally, we discuss possible countermeasures and future directions for the security of the future Hyperloop design.

Title: Network Intrusion Detection with Limited Labeled Data. (arXiv:2209.03147v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.03147
• Code URL: null
• Copy Paste: [[2209.03147] Network Intrusion Detection with Limited Labeled Data](http://arxiv.org/abs/2209.03147)
• Summary:

  With the increasing dependency of daily life over computer networks, the importance of these networks security becomes prominent. Different intrusion attacks to networks have been designed and the attackers are working on improving them. Thus the ability to detect intrusion with limited number of labeled data is desirable to provide networks with higher level of security. In this paper we design an intrusion detection system based on a deep neural network. The proposed system is based on self-supervised contrastive learning where a huge amount of unlabeled data can be used to generate informative representation suitable for various downstream tasks with limited number of labeled data. Using different experiments, we have shown that the proposed system presents an accuracy of 94.05% over the UNSW-NB15 dataset, an improvement of 4.22% in comparison to previous method based on self-supervised learning. Our simulations have also shown impressive results when the size of labeled training data is limited. The performance of the resulting Encoder Block trained on UNSW-NB15 dataset has also been tested on other datasets for representation extraction which shows competitive results in downstream tasks.

Title: Avast-CTU Public CAPE Dataset. (arXiv:2209.03188v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.03188
• Code URL: null
• Copy Paste: [[2209.03188] Avast-CTU Public CAPE Dataset](http://arxiv.org/abs/2209.03188)
• Summary:

  There is a limited amount of publicly available data to support research in malware analysis technology. Particularly, there are virtually no publicly available datasets generated from rich sandboxes such as Cuckoo/CAPE. The benefit of using dynamic sandboxes is the realistic simulation of file execution in the target machine and obtaining a log of such execution. The machine can be infected by malware hence there is a good chance of capturing the malicious behavior in the execution logs, thus allowing researchers to study such behavior in detail. Although the subsequent analysis of log information is extensively covered in industrial cybersecurity backends, to our knowledge there has been only limited effort invested in academia to advance such log analysis capabilities using cutting edge techniques. We make this sample dataset available to support designing new machine learning methods for malware detection, especially for automatic detection of generic malicious behavior. The dataset has been collected in cooperation between Avast Software and Czech Technical University - AI Center (AIC).

privacy

Title: Assessing Software Privacy using the Privacy Flow-Graph. (arXiv:2209.02948v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.02948
• Code URL: null
• Copy Paste: [[2209.02948] Assessing Software Privacy using the Privacy Flow-Graph](http://arxiv.org/abs/2209.02948)
• Summary:

  We increasingly rely on digital services and the conveniences they provide. Processing of personal data is integral to such services and thus privacy and data protection are a growing concern, and governments have responded with regulations such as the EU's GDPR. Following this, organisations that make software have legal obligations to document the privacy and data protection of their software. This work must involve both software developers that understand the code and the organisation's data protection officer or legal department that understands privacy and the requirements of a Data Protection and Impact Assessment (DPIA).

To help developers and non-technical people such as lawyers document the privacy and data protection behaviour of software, we have developed an automatic software analysis technique. This technique is based on static program analysis to characterise the flow of privacy-related data. The results of the analysis can be presented as a graph of privacy flows and operations -- that is understandable also for non-technical people. We argue that our technique facilitates collaboration between technical and non-technical people in documenting the privacy behaviour of the software. We explain how to use the results produced by our technique to answer a series of privacy-relevant questions needed for a DPIA. To illustrate our work, we show both detailed and abstract analysis results from applying our analysis technique to the secure messaging service Signal and to the client of the cloud service NextCloud and show how their privacy flow-graphs inform the writing of a DPIA.

Title: On the utility and protection of optimization with differential privacy and classic regularization techniques. (arXiv:2209.03175v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.03175
• Code URL: null
• Copy Paste: [[2209.03175] On the utility and protection of optimization with differential privacy and classic regularization techniques](http://arxiv.org/abs/2209.03175)
• Summary:

  Nowadays, owners and developers of deep learning models must consider stringent privacy-preservation rules of their training data, usually crowd-sourced and retaining sensitive information. The most widely adopted method to enforce privacy guarantees of a deep learning model nowadays relies on optimization techniques enforcing differential privacy. According to the literature, this approach has proven to be a successful defence against several models' privacy attacks, but its downside is a substantial degradation of the models' performance. In this work, we compare the effectiveness of the differentially-private stochastic gradient descent (DP-SGD) algorithm against standard optimization practices with regularization techniques. We analyze the resulting models' utility, training performance, and the effectiveness of membership inference and model inversion attacks against the learned models. Finally, we discuss differential privacy's flaws and limits and empirically demonstrate the often superior privacy-preserving properties of dropout and l2-regularization.

Title: TickTock: Detecting Microphone Status in Laptops Leveraging Electromagnetic Leakage of Clock Signals. (arXiv:2209.03197v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.03197
• Code URL: null
• Copy Paste: [[2209.03197] TickTock: Detecting Microphone Status in Laptops Leveraging Electromagnetic Leakage of Clock Signals](http://arxiv.org/abs/2209.03197)
• Summary:

  We are witnessing a heightened surge in remote privacy attacks on laptop computers. These attacks often exploit malware to remotely gain access to webcams and microphones in order to spy on the victim users. While webcam attacks are somewhat defended with widely available commercial webcam privacy covers, unfortunately, there are no adequate solutions to thwart the attacks on mics despite recent industry efforts. As a first step towards defending against such attacks on laptop mics, we propose TickTock, a novel mic on/off status detection system. To achieve this, TickTock externally probes the electromagnetic (EM) emanations that stem from the connectors and cables of the laptop circuitry carrying mic clock signals. This is possible because the mic clock signals are only input during the mic recording state, causing resulting emanations. We design and implement a proof-of-concept system to demonstrate TickTock's feasibility. Furthermore, we comprehensively evaluate TickTock on a total of 30 popular laptops executing a variety of applications to successfully detect mic status in 27 laptops. Of these, TickTock consistently identifies mic recording with high true positive and negative rates.

Title: Bayesian and Frequentist Semantics for Common Variations of Differential Privacy: Applications to the 2020 Census. (arXiv:2209.03310v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.03310
• Code URL: null
• Copy Paste: [[2209.03310] Bayesian and Frequentist Semantics for Common Variations of Differential Privacy: Applications to the 2020 Census](http://arxiv.org/abs/2209.03310)
• Summary:

  The purpose of this paper is to guide interpretation of the semantic privacy guarantees for some of the major variations of differential privacy, which include pure, approximate, R\'enyi, zero-concentrated, and $f$ differential privacy. We interpret privacy-loss accounting parameters, frequentist semantics, and Bayesian semantics (including new results). The driving application is the interpretation of the confidentiality protections for the 2020 Census Public Law 94-171 Redistricting Data Summary File released August 12, 2021, which, for the first time, were produced with formal privacy guarantees.

protect

Title: Risk of Bias in Chest X-ray Foundation Models. (arXiv:2209.02965v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.02965
• Code URL: https://github.com/biomedia-mira/chexploration
• Copy Paste: [[2209.02965] Risk of Bias in Chest X-ray Foundation Models](http://arxiv.org/abs/2209.02965)
• Summary:

  Foundation models are considered a breakthrough in all applications of AI, promising robust and reusable mechanisms for feature extraction, alleviating the need for large amounts of high quality training data for task-specific prediction models. However, foundation models may potentially encode and even reinforce existing biases present in historic datasets. Given the limited ability to scrutinize foundation models, it remains unclear whether the opportunities outweigh the risks in safety critical applications such as clinical decision making. In our statistical bias analysis of a recently published, and publicly available chest X-ray foundation model, we found reasons for concern as the model seems to encode protected characteristics including biological sex and racial identity, which may lead to disparate performance across subgroups in downstream applications. While research into foundation models for healthcare applications is in an early stage, we believe it is important to make the community aware of these risks to avoid harm.

defense

Title: On the Transferability of Adversarial Examples between Encrypted Models. (arXiv:2209.02997v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.02997
• Code URL: null
• Copy Paste: [[2209.02997] On the Transferability of Adversarial Examples between Encrypted Models](http://arxiv.org/abs/2209.02997)
• Summary:

  Deep neural networks (DNNs) are well known to be vulnerable to adversarial examples (AEs). In addition, AEs have adversarial transferability, namely, AEs generated for a source model fool other (target) models. In this paper, we investigate the transferability of models encrypted for adversarially robust defense for the first time. To objectively verify the property of transferability, the robustness of models is evaluated by using a benchmark attack method, called AutoAttack. In an image-classification experiment, the use of encrypted models is confirmed not only to be robust against AEs but to also reduce the influence of AEs in terms of the transferability of models.

attack

Title: Facial De-morphing: Extracting Component Faces from a Single Morph. (arXiv:2209.02933v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.02933
• Code URL: null
• Copy Paste: [[2209.02933] Facial De-morphing: Extracting Component Faces from a Single Morph](http://arxiv.org/abs/2209.02933)
• Summary:

  A face morph is created by strategically combining two or more face images corresponding to multiple identities. The intention is for the morphed image to match with multiple identities. Current morph attack detection strategies can detect morphs but cannot recover the images or identities used in creating them. The task of deducing the individual face images from a morphed face image is known as \textit{de-morphing}. Existing work in de-morphing assume the availability of a reference image pertaining to one identity in order to recover the image of the accomplice - i.e., the other identity. In this work, we propose a novel de-morphing method that can recover images of both identities simultaneously from a single morphed face image without needing a reference image or prior information about the morphing process. We propose a generative adversarial network that achieves single image-based de-morphing with a surprisingly high degree of visual realism and biometric similarity with the original face images. We demonstrate the performance of our method on landmark-based morphs and generative model-based morphs with promising results.

Title: Side-channel attack analysis on in-memory computing architectures. (arXiv:2209.02792v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.02792
• Code URL: null
• Copy Paste: [[2209.02792] Side-channel attack analysis on in-memory computing architectures](http://arxiv.org/abs/2209.02792)
• Summary:

  In-memory computing (IMC) systems have great potential for accelerating data-intensive tasks such as deep neural networks (DNNs). As DNN models are generally highly proprietary, the neural network architectures become valuable targets for attacks. In IMC systems, since the whole model is mapped on chip and weight memory read can be restricted, the system acts as a "black box" for customers. However, the localized and stationary weight and data patterns may subject IMC systems to other attacks. In this paper, we propose a side-channel attack methodology on IMC architectures. We show that it is possible to extract model architectural information from power trace measurements without any prior knowledge of the neural network. We first developed a simulation framework that can emulate the dynamic power traces of the IMC macros. We then performed side-channel attacks to extract information such as the stored layer type, layer sequence, output channel/feature size and convolution kernel size from power traces of the IMC macros. Based on the extracted information, full networks can potentially be reconstructed without any knowledge of the neural network. Finally, we discuss potential countermeasures for building IMC systems that offer resistance to these model extraction attack.

Title: Localizing Load-Altering Attacks Against Power Grids Using Deep Capsule Nets. (arXiv:2209.02809v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.02809
• Code URL: null
• Copy Paste: [[2209.02809] Localizing Load-Altering Attacks Against Power Grids Using Deep Capsule Nets](http://arxiv.org/abs/2209.02809)
• Summary:

  Recent research has shown that the security of power grids can be seriously threatened by botnet-type cyber attacks that target a large number of high-wattage smart electrical appliances owned by end-users. Accurate detection and localization of such attacks is of critical importance in limiting the damage. To this end, the paper proposes a novel technique using capsule networks (CNs) tailored to the power grid security application that uses the frequency and phase angle data monitored by phasor measurement units (PMUs). With the benefit of vector output from capsules and dynamic routing agreements between them, CNs can obtain accurate detection and localization performance. To demonstrate the efficiency of the suggested technique, we compare the developed CN with benchmark data-driven methodologies, including two-dimensional convolutional neural networks (2D-CNN), one-dimensional CNN (1D-CNN), deep multi-layer perceptrons (MLP), and support vector machines (SVM). Simulations are performed on IEEE 14-, 39-, and 57-bus systems, considering various real-world issues such as PMU delays, noisy data, and missing data points. The results show that CNs significantly outperform other techniques, thus making them suitable for the aforementioned cyber security applications.

Title: No More Attacks on Proof-of-Stake Ethereum?. (arXiv:2209.03255v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.03255
• Code URL: null
• Copy Paste: [[2209.03255] No More Attacks on Proof-of-Stake Ethereum?](http://arxiv.org/abs/2209.03255)
• Summary:

  The latest message driven (LMD) greedy heaviest observed sub-tree (GHOST) consensus protocol is a critical component of future proof-of-stake (PoS) Ethereum. In its current form, the protocol is brittle and intricate to reason about, as evidenced by recent attacks, patching attempts, and G\"orli testnet reorgs. We present Goldfish, which can be seen as a considerably simplified variant of the current protocol, and prove that it is secure and reorg resilient in synchronous networks with dynamic participation, assuming a majority of the nodes (called validators) follows the protocol honestly. Furthermore, we show that subsampling validators can improve the communication efficiency of Goldfish, and that Goldfish is composable with finality gadgets and accountability gadgets. The aforementioned properties make Goldfish a credible candidate for a future protocol upgrade of PoS Ethereum, as well as a versatile pedagogical example. Akin to traditional propose-and-vote-style consensus protocols, Goldfish is organized into slots, at the beginning of which a leader proposes a block containing new transactions, and subsequently members of a committee take a vote towards block confirmation. But instead of using quorums, Goldfish is powered by a new mechanism that carefully synchronizes the inclusion and exclusion of votes in honest validators' views.

Title: Defending Against Backdoor Attack on Graph Nerual Network by Explainability. (arXiv:2209.02902v1 [cs.AI])

• Paper URL: http://arxiv.org/abs/2209.02902
• Code URL: null
• Copy Paste: [[2209.02902] Defending Against Backdoor Attack on Graph Nerual Network by Explainability](http://arxiv.org/abs/2209.02902)
• Summary:

  Backdoor attack is a powerful attack algorithm to deep learning model. Recently, GNN's vulnerability to backdoor attack has been proved especially on graph classification task. In this paper, we propose the first backdoor detection and defense method on GNN. Most backdoor attack depends on injecting small but influential trigger to the clean sample. For graph data, current backdoor attack focus on manipulating the graph structure to inject the trigger. We find that there are apparent differences between benign samples and malicious samples in some explanatory evaluation metrics, such as fidelity and infidelity. After identifying the malicious sample, the explainability of the GNN model can help us capture the most significant subgraph which is probably the trigger in a trojan graph. We use various dataset and different attack settings to prove the effectiveness of our defense method. The attack success rate all turns out to decrease considerably.

Title: Improving Out-of-Distribution Detection via Epistemic Uncertainty Adversarial Training. (arXiv:2209.03148v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.03148
• Code URL: null
• Copy Paste: [[2209.03148] Improving Out-of-Distribution Detection via Epistemic Uncertainty Adversarial Training](http://arxiv.org/abs/2209.03148)
• Summary:

  The quantification of uncertainty is important for the adoption of machine learning, especially to reject out-of-distribution (OOD) data back to human experts for review. Yet progress has been slow, as a balance must be struck between computational efficiency and the quality of uncertainty estimates. For this reason many use deep ensembles of neural networks or Monte Carlo dropout for reasonable uncertainty estimates at relatively minimal compute and memory. Surprisingly, when we focus on the real-world applicable constraint of $\leq 1\%$ false positive rate (FPR), prior methods fail to reliably detect OOD samples as such. Notably, even Gaussian random noise fails to trigger these popular OOD techniques. We help to alleviate this problem by devising a simple adversarial training scheme that incorporates an attack of the epistemic uncertainty predicted by the dropout ensemble. We demonstrate this method improves OOD detection performance on standard data (i.e., not adversarially crafted), and improves the standardized partial AUC from near-random guessing performance to $\geq 0.75$.

robust

Title: Impact of Colour Variation on Robustness of Deep Neural Networks. (arXiv:2209.02832v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.02832
• Code URL: null
• Copy Paste: [[2209.02832] Impact of Colour Variation on Robustness of Deep Neural Networks](http://arxiv.org/abs/2209.02832)
• Summary:

  Deep neural networks (DNNs) have have shown state-of-the-art performance for computer vision applications like image classification, segmentation and object detection. Whereas recent advances have shown their vulnerability to manual digital perturbations in the input data, namely adversarial attacks. The accuracy of the networks is significantly affected by the data distribution of their training dataset. Distortions or perturbations on color space of input images generates out-of-distribution data, which make networks more likely to misclassify them. In this work, we propose a color-variation dataset by distorting their RGB color on a subset of the ImageNet with 27 different combinations. The aim of our work is to study the impact of color variation on the performance of DNNs. We perform experiments on several state-of-the-art DNN architectures on the proposed dataset, and the result shows a significant correlation between color variation and loss of accuracy. Furthermore, based on the ResNet50 architecture, we demonstrate some experiments of the performance of recently proposed robust training techniques and strategies, such as Augmix, revisit, and free normalizer, on our proposed dataset. Experimental results indicate that these robust training techniques can improve the robustness of deep networks to color variation.

Title: A Data-dependent Approach for High Dimensional (Robust) Wasserstein Alignment. (arXiv:2209.02905v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.02905
• Code URL: https://github.com/lwjie595/robustgeometricalignment
• Copy Paste: [[2209.02905] A Data-dependent Approach for High Dimensional (Robust) Wasserstein Alignment](http://arxiv.org/abs/2209.02905)
• Summary:

  Many real-world problems can be formulated as the alignment between two geometric patterns. Previously, a great amount of research focus on the alignment of 2D or 3D patterns in the field of computer vision. Recently, the alignment problem in high dimensions finds several novel applications in practice. However, the research is still rather limited in the algorithmic aspect. To the best of our knowledge, most existing approaches are just simple extensions of their counterparts for 2D and 3D cases, and often suffer from the issues such as high computational complexities. In this paper, we propose an effective framework to compress the high dimensional geometric patterns. Any existing alignment method can be applied to the compressed geometric patterns and the time complexity can be significantly reduced. Our idea is inspired by the observation that high dimensional data often has a low intrinsic dimension. Our framework is a "data-dependent" approach that has the complexity depending on the intrinsic dimension of the input data. Our experimental results reveal that running the alignment algorithm on compressed patterns can achieve similar qualities, comparing with the results on the original patterns, but the runtimes (including the times cost for compression) are substantially lower.

Title: Shifting Perspective to See Difference: A Novel Multi-View Method for Skeleton based Action Recognition. (arXiv:2209.02986v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.02986
• Code URL: https://github.com/ideal-idea/sap
• Copy Paste: [[2209.02986] Shifting Perspective to See Difference: A Novel Multi-View Method for Skeleton based Action Recognition](http://arxiv.org/abs/2209.02986)
• Summary:

  Skeleton-based human action recognition is a longstanding challenge due to its complex dynamics. Some fine-grain details of the dynamics play a vital role in classification. The existing work largely focuses on designing incremental neural networks with more complicated adjacent matrices to capture the details of joints relationships. However, they still have difficulties distinguishing actions that have broadly similar motion patterns but belong to different categories. Interestingly, we found that the subtle differences in motion patterns can be significantly amplified and become easy for audience to distinct through specified view directions, where this property haven't been fully explored before. Drastically different from previous work, we boost the performance by proposing a conceptually simple yet effective Multi-view strategy that recognizes actions from a collection of dynamic view features. Specifically, we design a novel Skeleton-Anchor Proposal (SAP) module which contains a Multi-head structure to learn a set of views. For feature learning of different views, we introduce a novel Angle Representation to transform the actions under different views and feed the transformations into the baseline model. Our module can work seamlessly with the existing action classification model. Incorporated with baseline models, our SAP module exhibits clear performance gains on many challenging benchmarks. Moreover, comprehensive experiments show that our model consistently beats down the state-of-the-art and remains effective and robust especially when dealing with corrupted data. Related code will be available on https://github.com/ideal-idea/SAP .

Title: Auto-TransRL: Autonomous Composition of Vision Pipelines for Robotic Perception. (arXiv:2209.02991v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.02991
• Code URL: null
• Copy Paste: [[2209.02991] Auto-TransRL: Autonomous Composition of Vision Pipelines for Robotic Perception](http://arxiv.org/abs/2209.02991)
• Summary:

  Creating a vision pipeline for different datasets to solve a computer vision task is a complex and time consuming process. Currently, these pipelines are developed with the help of domain experts. Moreover, there is no systematic structure to construct a vision pipeline apart from relying on experience, trial and error or using template-based approaches. As the search space for choosing suitable algorithms for achieving a particular vision task is large, human exploration for finding a good solution requires time and effort. To address the following issues, we propose a dynamic and data-driven way to identify an appropriate set of algorithms that would be fit for building the vision pipeline in order to achieve the goal task. We introduce a Transformer Architecture complemented with Deep Reinforcement Learning to recommend algorithms that can be incorporated at different stages of the vision workflow. This system is both robust and adaptive to dynamic changes in the environment. Experimental results further show that our method also generalizes well to recommend algorithms that have not been used while training and hence alleviates the need of retraining the system on a new set of algorithms introduced during test time.

Title: Text Growing on Leaf. (arXiv:2209.03016v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.03016
• Code URL: null
• Copy Paste: [[2209.03016] Text Growing on Leaf](http://arxiv.org/abs/2209.03016)
• Summary:

  Irregular-shaped texts bring challenges to Scene Text Detection (STD). Although existing contour point sequence-based approaches achieve comparable performances, they fail to cover some highly curved ribbon-like text lines. It leads to limited text fitting ability and STD technique application. Considering the above problem, we combine text geometric characteristics and bionics to design a natural leaf vein-based text representation method (LVT). Concretely, it is found that leaf vein is a generally directed graph, which can easily cover various geometries. Inspired by it, we treat text contour as leaf margin and represent it through main, lateral, and thin veins. We further construct a detection framework based on LVT, namely LeafText. In the text reconstruction stage, LeafText simulates the leaf growth process to rebuild text contour. It grows main vein in Cartesian coordinates to locate text roughly at first. Then, lateral and thin veins are generated along the main vein growth direction in polar coordinates. They are responsible for generating coarse contour and refining it, respectively. Considering the deep dependency of lateral and thin veins on main vein, the Multi-Oriented Smoother (MOS) is proposed to enhance the robustness of main vein to ensure a reliable detection result. Additionally, we propose a global incentive loss to accelerate the predictions of lateral and thin veins. Ablation experiments demonstrate LVT is able to depict arbitrary-shaped texts precisely and verify the effectiveness of MOS and global incentive loss. Comparisons show that LeafText is superior to existing state-of-the-art (SOTA) methods on MSRA-TD500, CTW1500, Total-Text, and ICDAR2015 datasets.

Title: Hardware faults that matter: Understanding and Estimating the safety impact of hardware faults on object detection DNNs. (arXiv:2209.03225v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.03225
• Code URL: null
• Copy Paste: [[2209.03225] Hardware faults that matter: Understanding and Estimating the safety impact of hardware faults on object detection DNNs](http://arxiv.org/abs/2209.03225)
• Summary:

  Object detection neural network models need to perform reliably in highly dynamic and safety-critical environments like automated driving or robotics. Therefore, it is paramount to verify the robustness of the detection under unexpected hardware faults like soft errors that can impact a systems perception module. Standard metrics based on average precision produce model vulnerability estimates at the object level rather than at an image level. As we show in this paper, this does not provide an intuitive or representative indicator of the safety-related impact of silent data corruption caused by bit flips in the underlying memory but can lead to an over- or underestimation of typical fault-induced hazards. With an eye towards safety-related real-time applications, we propose a new metric IVMOD (Image-wise Vulnerability Metric for Object Detection) to quantify vulnerability based on an incorrect image-wise object detection due to false positive (FPs) or false negative (FNs) objects, combined with a severity analysis. The evaluation of several representative object detection models shows that even a single bit flip can lead to a severe silent data corruption event with potentially critical safety implications, with e.g., up to (much greater than) 100 FPs generated, or up to approx. 90% of true positives (TPs) are lost in an image. Furthermore, with a single stuck-at-1 fault, an entire sequence of images can be affected, causing temporally persistent ghost detections that can be mistaken for actual objects (covering up to approx. 83% of the image). Furthermore, actual objects in the scene are continuously missed (up to approx. 64% of TPs are lost). Our work establishes a detailed understanding of the safety-related vulnerability of such critical workloads against hardware faults.

Title: Joint Learning of Deep Texture and High-Frequency Features for Computer-Generated Image Detection. (arXiv:2209.03322v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.03322
• Code URL: null
• Copy Paste: [[2209.03322] Joint Learning of Deep Texture and High-Frequency Features for Computer-Generated Image Detection](http://arxiv.org/abs/2209.03322)
• Summary:

  Distinguishing between computer-generated (CG) and natural photographic (PG) images is of great importance to verify the authenticity and originality of digital images. However, the recent cutting-edge generation methods enable high qualities of synthesis in CG images, which makes this challenging task even trickier. To address this issue, a joint learning strategy with deep texture and high-frequency features for CG image detection is proposed. We first formulate and deeply analyze the different acquisition processes of CG and PG images. Based on the finding that multiple different modules in image acquisition will lead to different sensitivity inconsistencies to the convolutional neural network (CNN)-based rendering in images, we propose a deep texture rendering module for texture difference enhancement and discriminative texture representation. Specifically, the semantic segmentation map is generated to guide the affine transformation operation, which is used to recover the texture in different regions of the input image. Then, the combination of the original image and the high-frequency components of the original and rendered images are fed into a multi-branch neural network equipped with attention mechanisms, which refines intermediate features and facilitates trace exploration in spatial and channel dimensions respectively. Extensive experiments on two public datasets and a newly constructed dataset with more realistic and diverse images show that the proposed approach outperforms existing methods in the field by a clear margin. Besides, results also demonstrate the detection robustness and generalization ability of the proposed approach to postprocessing operations and generative adversarial network (GAN) generated images.

Title: Increasing Adverse Drug Events extraction robustness on social media: case study on negation and speculation. (arXiv:2209.02812v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2209.02812
• Code URL: null
• Copy Paste: [[2209.02812] Increasing Adverse Drug Events extraction robustness on social media: case study on negation and speculation](http://arxiv.org/abs/2209.02812)
• Summary:

  In the last decade, an increasing number of users have started reporting Adverse Drug Events (ADE) on social media platforms, blogs, and health forums. Given the large volume of reports, pharmacovigilance has focused on ways to use Natural Language Processing (NLP) techniques to rapidly examine these large collections of text, detecting mentions of drug-related adverse reactions to trigger medical investigations. However, despite the growing interest in the task and the advances in NLP, the robustness of these models in face of linguistic phenomena such as negations and speculations is an open research question. Negations and speculations are pervasive phenomena in natural language, and can severely hamper the ability of an automated system to discriminate between factual and nonfactual statements in text. In this paper we take into consideration four state-of-the-art systems for ADE detection on social media texts. We introduce SNAX, a benchmark to test their performance against samples containing negated and speculated ADEs, showing their fragility against these phenomena. We then introduce two possible strategies to increase the robustness of these models, showing that both of them bring significant increases in performance, lowering the number of spurious entities predicted by the models by 60% for negation and 80% for speculations.

Title: A Data Science Approach to Risk Assessment for Automobile Insurance Policies. (arXiv:2209.02762v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.02762
• Code URL: null
• Copy Paste: [[2209.02762] A Data Science Approach to Risk Assessment for Automobile Insurance Policies](http://arxiv.org/abs/2209.02762)
• Summary:

  In order to determine a suitable automobile insurance policy premium one needs to take into account three factors, the risk associated with the drivers and cars on the policy, the operational costs associated with management of the policy and the desired profit margin. The premium should then be some function of these three values. We focus on risk assessment using a Data Science approach. Instead of using the traditional frequency and severity metrics we instead predict the total claims that will be made by a new customer using historical data of current and past policies. Given multiple features of the policy (age and gender of drivers, value of car, previous accidents, etc.) one can potentially try to provide personalized insurance policies based specifically on these features as follows. We can compute the average claims made per year of all past and current policies with identical features and then take an average over these claim rates. Unfortunately there may not be sufficient samples to obtain a robust average. We can instead try to include policies that are "similar" to obtain sufficient samples for a robust average. We therefore face a trade-off between personalization (only using closely similar policies) and robustness (extending the domain far enough to capture sufficient samples). This is known as the Bias-Variance Trade-off. We model this problem and determine the optimal trade-off between the two (i.e. the balance that provides the highest prediction accuracy) and apply it to the claim rate prediction problem. We demonstrate our approach using real data.

Title: Change Detection for Local Explainability in Evolving Data Streams. (arXiv:2209.02764v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.02764
• Code URL: https://github.com/haugjo/cdleeds
• Copy Paste: [[2209.02764] Change Detection for Local Explainability in Evolving Data Streams](http://arxiv.org/abs/2209.02764)
• Summary:

  As complex machine learning models are increasingly used in sensitive applications like banking, trading or credit scoring, there is a growing demand for reliable explanation mechanisms. Local feature attribution methods have become a popular technique for post-hoc and model-agnostic explanations. However, attribution methods typically assume a stationary environment in which the predictive model has been trained and remains stable. As a result, it is often unclear how local attributions behave in realistic, constantly evolving settings such as streaming and online applications. In this paper, we discuss the impact of temporal change on local feature attributions. In particular, we show that local attributions can become obsolete each time the predictive model is updated or concept drift alters the data generating distribution. Consequently, local feature attributions in data streams provide high explanatory power only when combined with a mechanism that allows us to detect and respond to local changes over time. To this end, we present CDLEEDS, a flexible and model-agnostic framework for detecting local change and concept drift. CDLEEDS serves as an intuitive extension of attribution-based explanation techniques to identify outdated local attributions and enable more targeted recalculations. In experiments, we also show that the proposed framework can reliably detect both local and global concept drift. Accordingly, our work contributes to a more meaningful and robust explainability in online machine learning.

Title: RF Fingerprinting Needs Attention: Multi-task Approach for Real-World WiFi and Bluetooth. (arXiv:2209.03142v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.03142
• Code URL: null
• Copy Paste: [[2209.03142] RF Fingerprinting Needs Attention: Multi-task Approach for Real-World WiFi and Bluetooth](http://arxiv.org/abs/2209.03142)
• Summary:

  A novel cross-domain attentional multi-task architecture - xDom - for robust real-world wireless radio frequency (RF) fingerprinting is presented in this work. To the best of our knowledge, this is the first time such comprehensive attention mechanism is applied to solve RF fingerprinting problem. In this paper, we resort to real-world IoT WiFi and Bluetooth (BT) emissions (instead of synthetic waveform generation) in a rich multipath and unavoidable interference environment in an indoor experimental testbed. We show the impact of the time-frame of capture by including waveforms collected over a span of months and demonstrate the same time-frame and multiple time-frame fingerprinting evaluations. The effectiveness of resorting to a multi-task architecture is also experimentally proven by conducting single-task and multi-task model analyses. Finally, we demonstrate the significant gain in performance achieved with the proposed xDom architecture by benchmarking against a well-known state-of-the-art model for fingerprinting. Specifically, we report performance improvements by up to 59.3% and 4.91x under single-task WiFi and BT fingerprinting respectively, and up to 50.5% increase in fingerprinting accuracy under the multi-task setting.

Title: Concept-modulated model-based offline reinforcement learning for rapid generalization. (arXiv:2209.03207v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.03207
• Code URL: null
• Copy Paste: [[2209.03207] Concept-modulated model-based offline reinforcement learning for rapid generalization](http://arxiv.org/abs/2209.03207)
• Summary:

  The robustness of any machine learning solution is fundamentally bound by the data it was trained on. One way to generalize beyond the original training is through human-informed augmentation of the original dataset; however, it is impossible to specify all possible failure cases that can occur during deployment. To address this limitation we combine model-based reinforcement learning and model-interpretability methods to propose a solution that self-generates simulated scenarios constrained by environmental concepts and dynamics learned in an unsupervised manner. In particular, an internal model of the agent's environment is conditioned on low-dimensional concept representations of the input space that are sensitive to the agent's actions. We demonstrate this method within a standard realistic driving simulator in a simple point-to-point navigation task, where we show dramatic improvements in one-shot generalization to different instances of specified failure cases as well as zero-shot generalization to similar variations compared to model-based and model-free approaches.

Title: Riemannian optimization for non-centered mixture of scaled Gaussian distributions. (arXiv:2209.03315v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.03315
• Code URL: null
• Copy Paste: [[2209.03315] Riemannian optimization for non-centered mixture of scaled Gaussian distributions](http://arxiv.org/abs/2209.03315)
• Summary:

  This paper studies the statistical model of the non-centered mixture of scaled Gaussian distributions (NC-MSG). Using the Fisher-Rao information geometry associated to this distribution, we derive a Riemannian gradient descent algorithm. This algorithm is leveraged for two minimization problems. The first one is the minimization of a regularized negative log- likelihood (NLL). The latter makes the trade-off between a white Gaussian distribution and the NC-MSG. Conditions on the regularization are given so that the existence of a minimum to this problem is guaranteed without assumptions on the samples. Then, the Kullback-Leibler (KL) divergence between two NC-MSG is derived. This divergence enables us to define a minimization problem to compute centers of mass of several NC-MSGs. The proposed Riemannian gradient descent algorithm is leveraged to solve this second minimization problem. Numerical experiments show the good performance and the speed of the Riemannian gradient descent on the two problems. Finally, a Nearest centroid classifier is implemented leveraging the KL divergence and its associated center of mass. Applied on the large scale dataset Breizhcrops, this classifier shows good accuracies as well as robustness to rigid transformations of the test set.

biometric

steal

extraction

Title: Zoom Text Detector. (arXiv:2209.03014v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.03014
• Code URL: null
• Copy Paste: [[2209.03014] Zoom Text Detector](http://arxiv.org/abs/2209.03014)
• Summary:

  To pursue comprehensive performance, recent text detectors improve detection speed at the expense of accuracy. They adopt shrink-mask based text representation strategies, which leads to a high dependency of detection accuracy on shrink-masks. Unfortunately, three disadvantages cause unreliable shrink-masks. Specifically, these methods try to strengthen the discrimination of shrink-masks from the background by semantic information. However, the feature defocusing phenomenon that coarse layers are optimized by fine-grained objectives limits the extraction of semantic features. Meanwhile, since both shrink-masks and the margins belong to texts, the detail loss phenomenon that the margins are ignored hinders the distinguishment of shrink-masks from the margins, which causes ambiguous shrink-mask edges. Moreover, false-positive samples enjoy similar visual features with shrink-masks. They aggravate the decline of shrink-masks recognition. To avoid the above problems, we propose a Zoom Text Detector (ZTD) inspired by the zoom process of the camera. Specifically, Zoom Out Module (ZOM) is introduced to provide coarse-grained optimization objectives for coarse layers to avoid feature defocusing. Meanwhile, Zoom In Module (ZIM) is presented to enhance the margins recognition to prevent detail loss. Furthermore, Sequential-Visual Discriminator (SVD) is designed to suppress false-positive samples by sequential and visual features. Experiments verify the superior comprehensive performance of ZTD.

Title: Plant Species Classification Using Transfer Learning by Pretrained Classifier VGG-19. (arXiv:2209.03076v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.03076
• Code URL: null
• Copy Paste: [[2209.03076] Plant Species Classification Using Transfer Learning by Pretrained Classifier VGG-19](http://arxiv.org/abs/2209.03076)
• Summary:

  Deep learning is currently the most important branch of machine learning, with applications in speech recognition, computer vision, image classification, and medical imaging analysis. Plant recognition is one of the areas where image classification can be used to identify plant species through their leaves. Botanists devote a significant amount of time to recognizing plant species by personally inspecting. This paper describes a method for dissecting color images of Swedish leaves and identifying plant species. To achieve higher accuracy, the task is completed using transfer learning with the help of pre-trained classifier VGG-19. The four primary processes of classification are image preprocessing, image augmentation, feature extraction, and recognition, which are performed as part of the overall model evaluation. The VGG-19 classifier grasps the characteristics of leaves by employing pre-defined hidden layers such as convolutional layers, max pooling layers, and fully connected layers, and finally uses the soft-max layer to generate a feature representation for all plant classes. The model obtains knowledge connected to aspects of the Swedish leaf dataset, which contains fifteen tree classes, and aids in predicting the proper class of an unknown plant with an accuracy of 99.70% which is higher than previous research works reported.

Title: FasterX: Real-Time Object Detection Based on Edge GPUs for UAV Applications. (arXiv:2209.03157v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.03157
• Code URL: null
• Copy Paste: [[2209.03157] FasterX: Real-Time Object Detection Based on Edge GPUs for UAV Applications](http://arxiv.org/abs/2209.03157)
• Summary:

  Real-time object detection on Unmanned Aerial Vehicles (UAVs) is a challenging issue due to the limited computing resources of edge GPU devices as Internet of Things (IoT) nodes. To solve this problem, in this paper, we propose a novel lightweight deep learning architectures named FasterX based on YOLOX model for real-time object detection on edge GPU. First, we design an effective and lightweight PixSF head to replace the original head of YOLOX to better detect small objects, which can be further embedded in the depthwise separable convolution (DS Conv) to achieve a lighter head. Then, a slimmer structure in the Neck layer termed as SlimFPN is developed to reduce parameters of the network, which is a trade-off between accuracy and speed. Furthermore, we embed attention module in the Head layer to improve the feature extraction effect of the prediction head. Meanwhile, we also improve the label assignment strategy and loss function to alleviate category imbalance and box optimization problems of the UAV dataset. Finally, auxiliary heads are presented for online distillation to improve the ability of position embedding and feature extraction in PixSF head. The performance of our lightweight models are validated experimentally on the NVIDIA Jetson NX and Jetson Nano GPU embedded platforms.Extensive experiments show that FasterX models achieve better trade-off between accuracy and latency on VisDrone2021 dataset compared to state-of-the-art models.

Title: MRF-PINN: A Multi-Receptive-Field convolutional physics-informed neural network for solving partial differential equations. (arXiv:2209.03151v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.03151
• Code URL: null
• Copy Paste: [[2209.03151] MRF-PINN: A Multi-Receptive-Field convolutional physics-informed neural network for solving partial differential equations](http://arxiv.org/abs/2209.03151)
• Summary:

  Physics-informed neural networks (PINN) can achieve lower development and solving cost than traditional partial differential equation (PDE) solvers in scenarios such as reconstructing the physics field and solving the inverse problem. Due to the advantages of parameter sharing, spatial feature extraction and low inference cost, convolutional neural networks (CNN) are increasingly used in PINN. To adapt convolutional PINN to different equations, researchers have to spend much time tuning critical hyperparameters. Furthermore, the effects of finite difference accuracy, model complexity, and mesh resolution on the prediction result of convolutional PINN are unclear. To fill the above research gaps, in this paper, (1) A Multi-Receptive-Field PINN (MRF-PINN) model is constructed to adapt different equation types and mesh resolutions without manual tuning.(2) The generality and advantages of the MRF-PINN are verified in three typical linear PDEs (elliptic, parabolic, hyperbolic) and nonlinear PDEs (Navier-Stokes equations). (3) The contribution of each receptive field to the final MRF-PINN result is analyzed, and the influence of finite difference accuracy, model complexity (channel number) and mesh resolution on the MRF-PINN result is tested. This paper shows that MRF-PINN can adapt to completely different equation types and mesh resolutions without any hyperparameter tuning. Further, the solving error is significantly decreased under high-order finite difference, large channel number, and high mesh resolution, which is expected to become a general convolutional PINN scheme.

membership infer

federate

Title: Federated Transfer Learning with Multimodal Data. (arXiv:2209.03137v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.03137
• Code URL: null
• Copy Paste: [[2209.03137] Federated Transfer Learning with Multimodal Data](http://arxiv.org/abs/2209.03137)
• Summary:

  Smart cars, smartphones and other devices in the Internet of Things (IoT), which usually have more than one sensors, produce multimodal data. Federated Learning supports collecting a wealth of multimodal data from different devices without sharing raw data. Transfer Learning methods help transfer knowledge from some devices to others. Federated Transfer Learning methods benefit both Federated Learning and Transfer Learning. This newly proposed Federated Transfer Learning framework aims at connecting data islands with privacy protection. Our construction is based on Federated Learning and Transfer Learning. Compared with previous Federated Transfer Learnings, where each user should have data with identical modalities (either all unimodal or all multimodal), our new framework is more generic, it allows a hybrid distribution of user data. The core strategy is to use two different but inherently connected training methods for our two types of users. Supervised Learning is adopted for users with only unimodal data (Type 1), while Self-Supervised Learning is applied to user with multimodal data (Type 2) for both the feature of each modality and the connection between them. This connection knowledge of Type 2 will help Type 1 in later stages of training. Training in the new framework can be divided in three steps. In the first step, users who have data with the identical modalities are grouped together. For example, user with only sound signals are in group one, and those with only images are in group two, and users with multimodal data are in group three, and so on. In the second step, Federated Learning is executed within the groups, where Supervised Learning and Self-Supervised Learning are used depending on the group's nature. Most of the Transfer Learning happens in the third step, where the related parts in the network obtained from the previous steps are aggregated (federated).

Title: Modular Federated Learning. (arXiv:2209.03090v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.03090
• Code URL: null
• Copy Paste: [[2209.03090] Modular Federated Learning](http://arxiv.org/abs/2209.03090)
• Summary:

  Federated learning is an approach to train machine learning models on the edge of the networks, as close as possible where the data is produced, motivated by the emerging problem of the inability to stream and centrally store the large amount of data produced by edge devices as well as by data privacy concerns. This learning paradigm is in need of robust algorithms to device heterogeneity and data heterogeneity. This paper proposes ModFL as a federated learning framework that splits the models into a configuration module and an operation module enabling federated learning of the individual modules. This modular approach makes it possible to extract knowlege from a group of heterogeneous devices as well as from non-IID data produced from its users. This approach can be viewed as an extension of the federated learning with personalisation layers FedPer framework that addresses data heterogeneity. We show that ModFL outperforms FedPer for non-IID data partitions of CIFAR-10 and STL-10 using CNNs. Our results on time-series data with HAPT, RWHAR, and WISDM datasets using RNNs remain inconclusive, we argue that the chosen datasets do not highlight the advantages of ModFL, but in the worst case scenario it performs as well as FedPer.

fair

Title: "Es geht um Respekt, nicht um Technologie": Erkenntnisse aus einem Interessensgruppen-\"ubergreifenden Workshop zu genderfairer Sprache und Sprachtechnologie. (arXiv:2209.02793v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2209.02793
• Code URL: null
• Copy Paste: [[2209.02793] "Es geht um Respekt, nicht um Technologie": Erkenntnisse aus einem Interessensgruppen-\"ubergreifenden Workshop zu genderfairer Sprache und Sprachtechnologie](http://arxiv.org/abs/2209.02793)
• Summary:

  With the increasing attention non-binary people receive in Western societies, strategies of gender-fair language have started to move away from binary (only female/male) concepts of gender. Nevertheless, hardly any approaches to take these identities into account into machine translation models exist so far. A lack of understanding of the socio-technical implications of such technologies risks further reproducing linguistic mechanisms of oppression and mislabelling. In this paper, we describe the methods and results of a workshop on gender-fair language and language technologies, which was led and organised by ten researchers from TU Wien, St. P\"olten UAS, FH Campus Wien and the University of Vienna and took place in Vienna in autumn 2021. A wide range of interest groups and their representatives were invited to ensure that the topic could be dealt with holistically. Accordingly, we aimed to include translators, machine translation experts and non-binary individuals (as "community experts") on an equal footing. Our analysis shows that gender in machine translation requires a high degree of context sensitivity, that developers of such technologies need to position themselves cautiously in a process still under social negotiation, and that flexible approaches seem most adequate at present. We then illustrate steps that follow from our results for the field of gender-fair language technologies so that technological developments can adequately line up with social advancements.

----

Mit zunehmender gesamtgesellschaftlicher Wahrnehmung nicht-bin\"arer Personen haben sich in den letzten Jahren auch Konzepte von genderfairer Sprache von der bisher verwendeten Binarit\"at (weiblich/m\"annlich) entfernt. Trotzdem gibt es bislang nur wenige Ans\"atze dazu, diese Identit\"aten in maschineller \"Ubersetzung abzubilden. Ein fehlendes Verst\"andnis unterschiedlicher sozio-technischer Implikationen derartiger Technologien birgt in sich die Gefahr, fehlerhafte Ansprachen und Bezeichnungen sowie sprachliche Unterdr\"uckungsmechanismen zu reproduzieren. In diesem Beitrag beschreiben wir die Methoden und Ergebnisse eines Workshops zu genderfairer Sprache in technologischen Zusammenh\"angen, der im Herbst 2021 in Wien stattgefunden hat. Zehn Forscher*innen der TU Wien, FH St. P\"olten, FH Campus Wien und Universit\"at Wien organisierten und leiteten den Workshop. Dabei wurden unterschiedlichste Interessensgruppen und deren Vertreter*innen breit gestreut eingeladen, um sicherzustellen, dass das Thema holistisch behandelt werden kann. Dementsprechend setzten wir uns zum Ziel, Machine-Translation-Entwickler*innen, \"Ubersetzer*innen, und nicht-bin\"are Privatpersonen (als "Lebenswelt-Expert*innen") gleichberechtigt einzubinden. Unsere Analyse zeigt, dass Geschlecht in maschineller \"Ubersetzung eine ma\ss{}geblich kontextsensible Herangehensweise erfordert, die Entwicklung von Sprachtechnologien sich vorsichtig in einem sich noch in Aushandlung befindlichen gesellschaftlichen Prozess positionieren muss, und flexible Ans\"atze derzeit am ad\"aquatesten erscheinen. Wir zeigen auf, welche n\"achsten Schritte im Bereich genderfairer Technologien notwendig sind, damit technische mit sozialen Entwicklungen mithalten k\"onnen.

interpretability

Title: Multi-Scale Attention-based Multiple Instance Learning for Classification of Multi-Gigapixel Histology Images. (arXiv:2209.03041v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.03041
• Code URL: https://github.com/mdsatria/multiattentionmil
• Copy Paste: [[2209.03041] Multi-Scale Attention-based Multiple Instance Learning for Classification of Multi-Gigapixel Histology Images](http://arxiv.org/abs/2209.03041)
• Summary:

  Histology images with multi-gigapixel of resolution yield rich information for cancer diagnosis and prognosis. Most of the time, only slide-level label is available because pixel-wise annotation is labour intensive task. In this paper, we propose a deep learning pipeline for classification in histology images. Using multiple instance learning, we attempt to predict the latent membrane protein 1 (LMP1) status of nasopharyngeal carcinoma (NPC) based on haematoxylin and eosin-stain (H&E) histology images. We utilised attention mechanism with residual connection for our aggregation layers. In our 3-fold cross-validation experiment, we achieved average accuracy, AUC and F1-score 0.936, 0.995 and 0.862, respectively. This method also allows us to examine the model interpretability by visualising attention scores. To the best of our knowledge, this is the first attempt to predict LMP1 status on NPC using deep learning.

Title: Measuring the Interpretability of Unsupervised Representations via Quantized Reverse Probing. (arXiv:2209.03268v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.03268
• Code URL: null
• Copy Paste: [[2209.03268] Measuring the Interpretability of Unsupervised Representations via Quantized Reverse Probing](http://arxiv.org/abs/2209.03268)
• Summary:

  Self-supervised visual representation learning has recently attracted significant research interest. While a common way to evaluate self-supervised representations is through transfer to various downstream tasks, we instead investigate the problem of measuring their interpretability, i.e. understanding the semantics encoded in raw representations. We formulate the latter as estimating the mutual information between the representation and a space of manually labelled concepts. To quantify this we introduce a decoding bottleneck: information must be captured by simple predictors, mapping concepts to clusters in representation space. This approach, which we call reverse linear probing, provides a single number sensitive to the semanticity of the representation. This measure is also able to detect when the representation contains combinations of concepts (e.g., "red apple") instead of just individual attributes ("red" and "apple" independently). Finally, we propose to use supervised classifiers to automatically label large datasets in order to enrich the space of concepts used for probing. We use our method to evaluate a large number of self-supervised representations, ranking them by interpretability, highlight the differences that emerge compared to the standard evaluation with linear probes and discuss several qualitative insights. Code at: {\scriptsize{\url{https://github.com/iro-cp/ssl-qrp}}}.

exlainability

watermark

Title: The Ethical Need for Watermarks in Machine-Generated Language. (arXiv:2209.03118v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2209.03118
• Code URL: null
• Copy Paste: [[2209.03118] The Ethical Need for Watermarks in Machine-Generated Language](http://arxiv.org/abs/2209.03118)
• Summary:

  Watermarks should be introduced in the natural language outputs of AI systems in order to maintain the distinction between human and machine-generated text. The ethical imperative to not blur this distinction arises from the asemantic nature of large language models and from human projections of emotional and cognitive states on machines, possibly leading to manipulation, spreading falsehoods or emotional distress. Enforcing this distinction requires unintrusive, yet easily accessible marks of the machine origin. We propose to implement a code based on equidistant letter sequences. While no such code exists in human-written texts, its appearance in machine-generated ones would prove helpful for ethical reasons.