secure

Title: Zero Trust Federation: Sharing Context under User Control toward Zero Trust in Identity Federation. (arXiv:2209.11025v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.11025
• Code URL: null
• Copy Paste: [[2209.11025] Zero Trust Federation: Sharing Context under User Control toward Zero Trust in Identity Federation](http://arxiv.org/abs/2209.11025)
• Summary:

  To securely control access to systems, the concept of Zero Trust has been proposed. Access Control based on Zero Trust concept removes implicit trust and instead focuses on evaluating trustworthiness at every access request by using contexts. Contexts are information about the entity making an access request like the user and the device status. Consider the scenario of Zero Trust in an identity federation where the entity (Relying Party; RP) enforces access control based on Zero Trust concept. RPs should continuously evaluate trustworthiness by using collected contexts by themselves, but RPs where users rarely access cannot collect enough contexts on their own. Therefore, we propose a new federation called Zero Trust Federation (ZTF). In ZTF, contexts as well as identity are shared so that RPs can enforce access control based on Zero Trust concept. Federated contexts are managed by a new entity called Context Attribute Provider, which is independent of Identity Providers. We design a mechanism sharing contexts among entities in a ZTF by using the two protocols; context transport protocol based on Continuous Access Evaluation Protocol and user consent protocol based on User Managed Access. We implemented the ZTF prototype and evaluated the capability of ZTF in 4 use-cases.

Title: To Fix or Not to Fix: A Critical Study of Crypto-misuses in the Wild. (arXiv:2209.11103v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.11103
• Code URL: null
• Copy Paste: [[2209.11103] To Fix or Not to Fix: A Critical Study of Crypto-misuses in the Wild](http://arxiv.org/abs/2209.11103)
• Summary:

  Recent studies have revealed that 87 % to 96 % of the Android apps using cryptographic APIs have a misuse which may cause security vulnerabilities. As previous studies did not conduct a qualitative examination of the validity and severity of the findings, our objective was to understand the findings in more depth. We analyzed a set of 936 open-source Java applications for cryptographic misuses. Our study reveals that 88.10 % of the analyzed applications fail to use cryptographic APIs securely. Through our manual analysis of a random sample, we gained new insights into effective false positives. For example, every fourth misuse of the frequently misused JCA class MessageDigest is an effective false positive due to its occurrence in a non-security context. As we wanted to gain deeper insights into the security implications of these misuses, we created an extensive vulnerability model for cryptographic API misuses. Our model includes previously undiscussed attacks in the context of cryptographic APIs such as DoS attacks. This model reveals that nearly half of the misuses are of high severity, e.g., hard-coded credentials and potential Man-in-the-Middle attacks.

security

Title: Google Coral-based edge computing person reidentification using human parsing combined with analytical method. (arXiv:2209.11024v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.11024
• Code URL: null
• Copy Paste: [[2209.11024] Google Coral-based edge computing person reidentification using human parsing combined with analytical method](http://arxiv.org/abs/2209.11024)
• Summary:

  Person reidentification (re-ID) is becoming one of the most significant application areas of computer vision due to its importance for science and social security. Due to enormous size and scale of camera systems it is beneficial to develop edge computing re-ID applications where at least part of the analysis could be performed by the cameras. However, conventional re-ID relies heavily on deep learning (DL) computationally demanding models which are not readily applicable for edge computing. In this paper we adapt a recently proposed re-ID method that combines DL human parsing with analytical feature extraction and ranking schemes to be more suitable for edge computing re-ID. First, we compare parsers that use ResNet101, ResNet18, MobileNetV2, and OSNet backbones and show that parsing can be performed using compact backbones with sufficient accuracy. Second, we transfer parsers to tensor processing unit (TPU) of Google Coral Dev Board and show that it can act as a portable edge computing re-ID station. We also implement the analytical part of re-ID method on Coral CPU to ensure that it can perform a complete re-ID cycle. For quantitative analysis we compare inference speed, parsing masks, and re-ID accuracy on GPU and Coral TPU depending on parser backbone. We also discuss possible application scenarios of edge computing in re-ID taking into account known limitations mainly related to memory and storage space of portable devices.

Title: Deep Learning on Home Drone: Searching for the Optimal Architecture. (arXiv:2209.11064v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.11064
• Code URL: null
• Copy Paste: [[2209.11064] Deep Learning on Home Drone: Searching for the Optimal Architecture](http://arxiv.org/abs/2209.11064)
• Summary:

  We suggest the first system that runs real-time semantic segmentation via deep learning on a weak micro-computer such as the Raspberry Pi Zero v2 (whose price was \$15) attached to a toy-drone. In particular, since the Raspberry Pi weighs less than $16$ grams, and its size is half of a credit card, we could easily attach it to the common commercial DJI Tello toy-drone (<\$100, <90 grams, 98 $\times$ 92.5 $\times$ 41 mm). The result is an autonomous drone (no laptop nor human in the loop) that can detect and classify objects in real-time from a video stream of an on-board monocular RGB camera (no GPS or LIDAR sensors). The companion videos demonstrate how this Tello drone scans the lab for people (e.g. for the use of firefighters or security forces) and for an empty parking slot outside the lab.

Existing deep learning solutions are either much too slow for real-time computation on such IoT devices, or provide results of impractical quality. Our main challenge was to design a system that takes the best of all worlds among numerous combinations of networks, deep learning platforms/frameworks, compression techniques, and compression ratios. To this end, we provide an efficient searching algorithm that aims to find the optimal combination which results in the best tradeoff between the network running time and its accuracy/performance.

Title: Multi-Tenant Cloud FPGA: A Survey on Security. (arXiv:2209.11158v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.11158
• Code URL: null
• Copy Paste: [[2209.11158] Multi-Tenant Cloud FPGA: A Survey on Security](http://arxiv.org/abs/2209.11158)
• Summary:

  With the exponentially increasing demand for performance and scalability in cloud applications and systems, data center architectures evolved to integrate heterogeneous computing fabrics that leverage CPUs, GPUs, and FPGAs. FPGAs differ from traditional processing platforms such as CPUs and GPUs in that they are reconfigurable at run-time, providing increased and customized performance, flexibility, and acceleration. FPGAs can perform large-scale search optimization, acceleration, and signal processing tasks compared with power, latency, and processing speed. Many public cloud provider giants, including Amazon, Huawei, Microsoft, Alibaba, etc., have already started integrating FPGA-based cloud acceleration services. While FPGAs in cloud applications enable customized acceleration with low power consumption, it also incurs new security challenges that still need to be reviewed. Allowing cloud users to reconfigure the hardware design after deployment could open the backdoors for malicious attackers, potentially putting the cloud platform at risk. Considering security risks, public cloud providers still don't offer multi-tenant FPGA services. This paper analyzes the security concerns of multi-tenant cloud FPGAs, gives a thorough description of the security problems associated with them, and discusses upcoming future challenges in this field of study.

Title: Perceived Security of E-Learning Portal. (arXiv:2209.11196v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.11196
• Code URL: null
• Copy Paste: [[2209.11196] Perceived Security of E-Learning Portal](http://arxiv.org/abs/2209.11196)
• Summary:

  Information technology has made e-learning possible and available on a large scale. Learning management system (LMS) has been widely used and is accessible through the Internet. However, LMS are exposed to various threats. Proper understanding of the threats is required. Furthermore strategy and best practices countermeasures will ensure a safe learning environment. Therefore, this study looks into the information security aspect of LMS. Specifically, there are two main purposes of this study. First, this study provides a review of information security in e-learning environments and explains the importance of information security. Second, this study looks at how student perceived the security of their e-learning portal. A total of 497 students responded to a survey questionnaires. Frequencies analysis was conducted to show the profile of the respondent. Overall, respondent has strong positive perceptions towards security of their LMS. This study serve as an introduction which help LMS administrator to understand the issues and possibilities related to the safety of LMS.

Title: An Overview of Phishing Victimization: Human Factors, Training and the Role of Emotions. (arXiv:2209.11197v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.11197
• Code URL: null
• Copy Paste: [[2209.11197] An Overview of Phishing Victimization: Human Factors, Training and the Role of Emotions](http://arxiv.org/abs/2209.11197)
• Summary:

  Phishing is a form of cybercrime and a threat that allows criminals, phishers, to deceive end users in order to steal their confidential and sensitive information. Attackers usually attempt to manipulate the psychology and emotions of victims. The increasing threat of phishing has made its study worthwhile and much research has been conducted into the issue. This paper explores the emotional factors that have been reported in previous studies to be significant in phishing victimization. In addition, we compare what security organizations and researchers have highlighted in terms of phishing types and categories as well as training in tackling the problem, in a literature review which takes into account all major credible and published sources.

Title: A Dive into WhatsApp's End-to-End Encryption. (arXiv:2209.11198v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.11198
• Code URL: null
• Copy Paste: [[2209.11198] A Dive into WhatsApp's End-to-End Encryption](http://arxiv.org/abs/2209.11198)
• Summary:

  We live in a generation where the world around us is witnessing technological revolutions every single day, and as a result of this, everything around us is getting digitized with the touch of technology. In order to keep up the pace of this technological revolution and help reaching this progress its zenith, one of the most important aspects that needs to be taken care of is security. One of the biggest boons of technology in the recent times has been the invention of smartphones. As smartphones started becoming more popular, affordable and easily accessible, hundreds of free messaging applications were launched, but WhatsApp emerged as the ultimate winner in the race. This paper describes one of the most important and popular features of WhatsApp, the End-to-End (E2E) encryption system, which sets it apart from most other messaging applications and is one of the reasons which helped it become so popular.

privacy

Title: Privacy Attacks Against Biometric Models with Fewer Samples: Incorporating the Output of Multiple Models. (arXiv:2209.11020v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.11020
• Code URL: null
• Copy Paste: [[2209.11020] Privacy Attacks Against Biometric Models with Fewer Samples: Incorporating the Output of Multiple Models](http://arxiv.org/abs/2209.11020)
• Summary:

  Authentication systems are vulnerable to model inversion attacks where an adversary is able to approximate the inverse of a target machine learning model. Biometric models are a prime candidate for this type of attack. This is because inverting a biometric model allows the attacker to produce a realistic biometric input to spoof biometric authentication systems.

One of the main constraints in conducting a successful model inversion attack is the amount of training data required. In this work, we focus on iris and facial biometric systems and propose a new technique that drastically reduces the amount of training data necessary. By leveraging the output of multiple models, we are able to conduct model inversion attacks with 1/10th the training set size of Ahmad and Fuller (IJCB 2020) for iris data and 1/1000th the training set size of Mai et al. (Pattern Analysis and Machine Intelligence 2019) for facial data. We denote our new attack technique as structured random with alignment loss. Our attacks are black-box, requiring no knowledge of the weights of the target neural network, only the dimension, and values of the output vector.

To show the versatility of the alignment loss, we apply our attack framework to the task of membership inference (Shokri et al., IEEE S&P 2017) on biometric data. For the iris, membership inference attack against classification networks improves from 52% to 62% accuracy.

Title: In Differential Privacy, There is Truth: On Vote Leakage in Ensemble Private Learning. (arXiv:2209.10732v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.10732
• Code URL: null
• Copy Paste: [[2209.10732] In Differential Privacy, There is Truth: On Vote Leakage in Ensemble Private Learning](http://arxiv.org/abs/2209.10732)
• Summary:

  When learning from sensitive data, care must be taken to ensure that training algorithms address privacy concerns. The canonical Private Aggregation of Teacher Ensembles, or PATE, computes output labels by aggregating the predictions of a (possibly distributed) collection of teacher models via a voting mechanism. The mechanism adds noise to attain a differential privacy guarantee with respect to the teachers' training data. In this work, we observe that this use of noise, which makes PATE predictions stochastic, enables new forms of leakage of sensitive information. For a given input, our adversary exploits this stochasticity to extract high-fidelity histograms of the votes submitted by the underlying teachers. From these histograms, the adversary can learn sensitive attributes of the input such as race, gender, or age. Although this attack does not directly violate the differential privacy guarantee, it clearly violates privacy norms and expectations, and would not be possible at all without the noise inserted to obtain differential privacy. In fact, counter-intuitively, the attack becomes easier as we add more noise to provide stronger differential privacy. We hope this encourages future work to consider privacy holistically rather than treat differential privacy as a panacea.

Title: Improving Utility for Privacy-Preserving Analysis of Correlated Columns using Pufferfish Privacy. (arXiv:2209.10908v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.10908
• Code URL: null
• Copy Paste: [[2209.10908] Improving Utility for Privacy-Preserving Analysis of Correlated Columns using Pufferfish Privacy](http://arxiv.org/abs/2209.10908)
• Summary:

  Surveys are an important tool for many areas of social science research, but privacy concerns can complicate the collection and analysis of survey data. Differentially private analyses of survey data can address these concerns, but at the cost of accuracy - especially for high-dimensional statistics. We present a novel privacy mechanism, the Tabular DDP Mechanism, designed for high-dimensional statistics with incomplete correlation. The Tabular DDP Mechanism satisfies dependent differential privacy, a variant of Pufferfish privacy; it works by building a causal model of the sensitive data, then calibrating noise to the level of correlation between statistics. An empirical evaluation on survey data shows that the Tabular DDP Mechanism can significantly improve accuracy over the Laplace mechanism.

Title: On the Heritage of Crypto Assets -- Tales From the Crypt Protocol. (arXiv:2209.11194v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.11194
• Code URL: null
• Copy Paste: [[2209.11194] On the Heritage of Crypto Assets -- Tales From the Crypt Protocol](http://arxiv.org/abs/2209.11194)
• Summary:

  We discuss some issues to the inheritance of crypto assets. We propose a distributed, privacy preserving, protocol to establish a consensus on the death of the owner of crypto assets: the Tales From the Crypt Protocol. Until the actual death of the owner no link can be made between public information and the corresponding crypto assets. This protocol is generic and could be incorparated into any arbitrary crypto platform.

protect

defense

attack

Title: Talking Trojan: Analyzing an Industry-Wide Disclosure. (arXiv:2209.10717v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.10717
• Code URL: null
• Copy Paste: [[2209.10717] Talking Trojan: Analyzing an Industry-Wide Disclosure](http://arxiv.org/abs/2209.10717)
• Summary:

  While vulnerability research often focuses on technical findings and post-public release industrial response, we provide an analysis of the rest of the story: the coordinated disclosure process from discovery through public release. The industry-wide 'Trojan Source' vulnerability which affected most compilers, interpreters, code editors, and code repositories provided an interesting natural experiment, enabling us to compare responses by firms versus nonprofits and by firms that managed their own response versus firms that outsourced it. We document the interaction with bug bounty programs, government disclosure assistance, academic peer review, and press coverage, among other topics. We compare the response to an attack on source code with the response to a comparable attack on NLP systems employing machine-learning techniques. We conclude with recommendations to improve the global coordinated disclosure system.

robust

Title: Stochastic Future Prediction in Real World Driving Scenarios. (arXiv:2209.10693v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.10693
• Code URL: null
• Copy Paste: [[2209.10693] Stochastic Future Prediction in Real World Driving Scenarios](http://arxiv.org/abs/2209.10693)
• Summary:

  Uncertainty plays a key role in future prediction. The future is uncertain. That means there might be many possible futures. A future prediction method should cover the whole possibilities to be robust. In autonomous driving, covering multiple modes in the prediction part is crucially important to make safety-critical decisions. Although computer vision systems have advanced tremendously in recent years, future prediction remains difficult today. Several examples are uncertainty of the future, the requirement of full scene understanding, and the noisy outputs space. In this thesis, we propose solutions to these challenges by modeling the motion explicitly in a stochastic way and learning the temporal dynamics in a latent space.

Title: Fair Robust Active Learning by Joint Inconsistency. (arXiv:2209.10729v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.10729
• Code URL: null
• Copy Paste: [[2209.10729] Fair Robust Active Learning by Joint Inconsistency](http://arxiv.org/abs/2209.10729)
• Summary:

  Fair Active Learning (FAL) utilized active learning techniques to achieve high model performance with limited data and to reach fairness between sensitive groups (e.g., genders). However, the impact of the adversarial attack, which is vital for various safety-critical machine learning applications, is not yet addressed in FAL. Observing this, we introduce a novel task, Fair Robust Active Learning (FRAL), integrating conventional FAL and adversarial robustness. FRAL requires ML models to leverage active learning techniques to jointly achieve equalized performance on benign data and equalized robustness against adversarial attacks between groups. In this new task, previous FAL methods generally face the problem of unbearable computational burden and ineffectiveness. Therefore, we develop a simple yet effective FRAL strategy by Joint INconsistency (JIN). To efficiently find samples that can boost the performance and robustness of disadvantaged groups for labeling, our method exploits the prediction inconsistency between benign and adversarial samples as well as between standard and robust models. Extensive experiments under diverse datasets and sensitive groups demonstrate that our method not only achieves fairer performance on benign samples but also obtains fairer robustness under white-box PGD attacks compared with existing active learning and FAL baselines. We are optimistic that FRAL would pave a new path for developing safe and robust ML research and applications such as facial attribute recognition in biometrics systems.

Title: Multi-level Adversarial Spatio-temporal Learning for Footstep Pressure based FoG Detection. (arXiv:2209.10770v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.10770
• Code URL: null
• Copy Paste: [[2209.10770] Multi-level Adversarial Spatio-temporal Learning for Footstep Pressure based FoG Detection](http://arxiv.org/abs/2209.10770)
• Summary:

  Freezing of gait (FoG) is one of the most common symptoms of Parkinson's disease, which is a neurodegenerative disorder of the central nervous system impacting millions of people around the world. To address the pressing need to improve the quality of treatment for FoG, devising a computer-aided detection and quantification tool for FoG has been increasingly important. As a non-invasive technique for collecting motion patterns, the footstep pressure sequences obtained from pressure sensitive gait mats provide a great opportunity for evaluating FoG in the clinic and potentially in the home environment. In this study, FoG detection is formulated as a sequential modelling task and a novel deep learning architecture, namely Adversarial Spatio-temporal Network (ASTN), is proposed to learn FoG patterns across multiple levels. A novel adversarial training scheme is introduced with a multi-level subject discriminator to obtain subject-independent FoG representations, which helps to reduce the over-fitting risk due to the high inter-subject variance. As a result, robust FoG detection can be achieved for unseen subjects. The proposed scheme also sheds light on improving subject-level clinical studies from other scenarios as it can be integrated with many existing deep architectures. To the best of our knowledge, this is one of the first studies of footstep pressure-based FoG detection and the approach of utilizing ASTN is the first deep neural network architecture in pursuit of subject-independent representations. Experimental results on 393 trials collected from 21 subjects demonstrate encouraging performance of the proposed ASTN for FoG detection with an AUC 0.85.

Title: IntereStyle: Encoding an Interest Region for Robust StyleGAN Inversion. (arXiv:2209.10811v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.10811
• Code URL: null
• Copy Paste: [[2209.10811] IntereStyle: Encoding an Interest Region for Robust StyleGAN Inversion](http://arxiv.org/abs/2209.10811)
• Summary:

  Recently, manipulation of real-world images has been highly elaborated along with the development of Generative Adversarial Networks (GANs) and corresponding encoders, which embed real-world images into the latent space. However, designing encoders of GAN still remains a challenging task due to the trade-off between distortion and perception. In this paper, we point out that the existing encoders try to lower the distortion not only on the interest region, e.g., human facial region but also on the uninterest region, e.g., background patterns and obstacles. However, most uninterest regions in real-world images are located at out-of-distribution (OOD), which are infeasible to be ideally reconstructed by generative models. Moreover, we empirically find that the uninterest region overlapped with the interest region can mangle the original feature of the interest region, e.g., a microphone overlapped with a facial region is inverted into the white beard. As a result, lowering the distortion of the whole image while maintaining the perceptual quality is very challenging. To overcome this trade-off, we propose a simple yet effective encoder training scheme, coined IntereStyle, which facilitates encoding by focusing on the interest region. IntereStyle steers the encoder to disentangle the encodings of the interest and uninterest regions. To this end, we filter the information of the uninterest region iteratively to regulate the negative impact of the uninterest region. We demonstrate that IntereStyle achieves both lower distortion and higher perceptual quality compared to the existing state-of-the-art encoders. Especially, our model robustly conserves features of the original images, which shows the robust image editing and style mixing results. We will release our code with the pre-trained model after the review.

Title: A Spatial-channel-temporal-fused Attention for Spiking Neural Networks. (arXiv:2209.10837v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.10837
• Code URL: null
• Copy Paste: [[2209.10837] A Spatial-channel-temporal-fused Attention for Spiking Neural Networks](http://arxiv.org/abs/2209.10837)
• Summary:

  Spiking neural networks (SNNs) mimic brain computational strategies, and exhibit substantial capabilities in spatiotemporal information processing. As an essential factor for human perception, visual attention refers to the dynamic selection process of salient regions in biological vision systems. Although mechanisms of visual attention have achieved great success in computer vision, they are rarely introduced into SNNs. Inspired by experimental observations on predictive attentional remapping, we here propose a new spatial-channel-temporal-fused attention (SCTFA) module that can guide SNNs to efficiently capture underlying target regions by utilizing historically accumulated spatial-channel information. Through a systematic evaluation on three event stream datasets (DVS Gesture, SL-Animals-DVS and MNIST-DVS), we demonstrate that the SNN with the SCTFA module (SCTFA-SNN) not only significantly outperforms the baseline SNN (BL-SNN) and other two SNN models with degenerated attention modules, but also achieves competitive accuracy with existing state-of-the-art methods. Additionally, our detailed analysis shows that the proposed SCTFA-SNN model has strong robustness to noise and outstanding stability to incomplete data, while maintaining acceptable complexity and efficiency. Overall, these findings indicate that appropriately incorporating cognitive mechanisms of the brain may provide a promising approach to elevate the capability of SNNs.

Title: DRKF: Distilled Rotated Kernel Fusion for Efficiently Boosting Rotation Invariance in Image Matching. (arXiv:2209.10907v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.10907
• Code URL: null
• Copy Paste: [[2209.10907] DRKF: Distilled Rotated Kernel Fusion for Efficiently Boosting Rotation Invariance in Image Matching](http://arxiv.org/abs/2209.10907)
• Summary:

  Most existing learning-based image matching pipelines are designed for better feature detectors and descriptors which are robust to repeated textures, viewpoint changes, etc., while little attention has been paid to rotation invariance. As a consequence, these approaches usually demonstrate inferior performance compared to the handcrafted algorithms in circumstances where a significant level of rotation exists in data, due to the lack of keypoint orientation prediction. To address the issue efficiently, an approach based on knowledge distillation is proposed for improving rotation robustness without extra computational costs. Specifically, based on the base model, we propose Multi-Oriented Feature Aggregation (MOFA), which is subsequently adopted as the teacher in the distillation pipeline. Moreover, Rotated Kernel Fusion (RKF) is applied to each convolution kernel of the student model to facilitate learning rotation-invariant features. Eventually, experiments show that our proposals can generalize successfully under various rotations without additional costs in the inference stage.

Title: Poisson Flow Generative Models. (arXiv:2209.11178v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.11178
• Code URL: https://github.com/newbeeer/poisson_flow
• Copy Paste: [[2209.11178] Poisson Flow Generative Models](http://arxiv.org/abs/2209.11178)
• Summary:

  We propose a new "Poisson flow" generative model (PFGM) that maps a uniform distribution on a high-dimensional hemisphere into any data distribution. We interpret the data points as electrical charges on the $z=0$ hyperplane in a space augmented with an additional dimension $z$, generating a high-dimensional electric field (the gradient of the solution to Poisson equation). We prove that if these charges flow upward along electric field lines, their initial distribution in the $z=0$ plane transforms into a distribution on the hemisphere of radius $r$ that becomes uniform in the $r \to\infty$ limit. To learn the bijective transformation, we estimate the normalized field in the augmented space. For sampling, we devise a backward ODE that is anchored by the physically meaningful additional dimension: the samples hit the unaugmented data manifold when the $z$ reaches zero. Experimentally, PFGM achieves current state-of-the-art performance among the normalizing flow models on CIFAR-10, with an Inception score of $9.68$ and a FID score of $2.48$. It also performs on par with the state-of-the-art SDE approaches while offering $10\times $ to $20 \times$ acceleration on image generation tasks. Additionally, PFGM appears more tolerant of estimation errors on a weaker network architecture and robust to the step size in the Euler method. The code is available at https://github.com/Newbeeer/poisson_flow .

Title: Selecting Better Samples from Pre-trained LLMs: A Case Study on Question Generation. (arXiv:2209.11000v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2209.11000
• Code URL: null
• Copy Paste: [[2209.11000] Selecting Better Samples from Pre-trained LLMs: A Case Study on Question Generation](http://arxiv.org/abs/2209.11000)
• Summary:

  Large Language Models (LLMs) have in recent years demonstrated impressive prowess in natural language generation. A common practice to improve generation diversity is to sample multiple outputs from the model. However, there lacks a simple and robust way of selecting the best output from these stochastic samples. As a case study framed in the context of question generation, we propose two prompt-based approaches to selecting high-quality questions from a set of LLM-generated candidates. Our method works under the constraints of 1) a black-box (non-modifiable) question generation model and 2) lack of access to human-annotated references -- both of which are realistic limitations for real-world deployment of LLMs. With automatic as well as human evaluations, we empirically demonstrate that our approach can effectively select questions of higher qualities than greedy generation.

Title: First-order Policy Optimization for Robust Markov Decision Process. (arXiv:2209.10579v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.10579
• Code URL: null
• Copy Paste: [[2209.10579] First-order Policy Optimization for Robust Markov Decision Process](http://arxiv.org/abs/2209.10579)
• Summary:

  We consider the problem of solving robust Markov decision process (MDP), which involves a set of discounted, finite state, finite action space MDPs with uncertain transition kernels. The goal of planning is to find a robust policy that optimizes the worst-case values against the transition uncertainties, and thus encompasses the standard MDP planning as a special case. For $(\mathbf{s},\mathbf{a})$-rectangular uncertainty sets, we develop a policy-based first-order method, namely the robust policy mirror descent (RPMD), and establish an $\mathcal{O}(\log(1/\epsilon))$ and $\mathcal{O}(1/\epsilon)$ iteration complexity for finding an $\epsilon$-optimal policy, with two increasing-stepsize schemes. The prior convergence of RPMD is applicable to any Bregman divergence, provided the policy space has bounded radius measured by the divergence when centering at the initial policy. Moreover, when the Bregman divergence corresponds to the squared euclidean distance, we establish an $\mathcal{O}(\max {1/\epsilon, 1/(\eta \epsilon^2)})$ complexity of RPMD with any constant stepsize $\eta$. For a general class of Bregman divergences, a similar complexity is also established for RPMD with constant stepsizes, provided the uncertainty set satisfies the relative strong convexity. We further develop a stochastic variant, named SRPMD, when the first-order information is only available through online interactions with the nominal environment. For general Bregman divergences, we establish an $\mathcal{O}(1/\epsilon^2)$ and $\mathcal{O}(1/\epsilon^3)$ sample complexity with two increasing-stepsize schemes. For the euclidean Bregman divergence, we establish an $\mathcal{O}(1/\epsilon^3)$ sample complexity with constant stepsizes. To the best of our knowledge, all the aforementioned results appear to be new for policy-based first-order methods applied to the robust MDP problem.

Title: A Closer Look at Learned Optimization: Stability, Robustness, and Inductive Biases. (arXiv:2209.11208v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.11208
• Code URL: null
• Copy Paste: [[2209.11208] A Closer Look at Learned Optimization: Stability, Robustness, and Inductive Biases](http://arxiv.org/abs/2209.11208)
• Summary:

  Learned optimizers -- neural networks that are trained to act as optimizers -- have the potential to dramatically accelerate training of machine learning models. However, even when meta-trained across thousands of tasks at huge computational expense, blackbox learned optimizers often struggle with stability and generalization when applied to tasks unlike those in their meta-training set. In this paper, we use tools from dynamical systems to investigate the inductive biases and stability properties of optimization algorithms, and apply the resulting insights to designing inductive biases for blackbox optimizers. Our investigation begins with a noisy quadratic model, where we characterize conditions in which optimization is stable, in terms of eigenvalues of the training dynamics. We then introduce simple modifications to a learned optimizer's architecture and meta-training procedure which lead to improved stability, and improve the optimizer's inductive bias. We apply the resulting learned optimizer to a variety of neural network training tasks, where it outperforms the current state of the art learned optimizer -- at matched optimizer computational overhead -- with regard to optimization performance and meta-training speed, and is capable of generalization to tasks far different from those it was meta-trained on.

biometric

steal

extraction

Title: FusionRCNN: LiDAR-Camera Fusion for Two-stage 3D Object Detection. (arXiv:2209.10733v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.10733
• Code URL: null
• Copy Paste: [[2209.10733] FusionRCNN: LiDAR-Camera Fusion for Two-stage 3D Object Detection](http://arxiv.org/abs/2209.10733)
• Summary:

  3D object detection with multi-sensors is essential for an accurate and reliable perception system of autonomous driving and robotics. Existing 3D detectors significantly improve the accuracy by adopting a two-stage paradigm which merely relies on LiDAR point clouds for 3D proposal refinement. Though impressive, the sparsity of point clouds, especially for the points far away, making it difficult for the LiDAR-only refinement module to accurately recognize and locate objects.To address this problem, we propose a novel multi-modality two-stage approach named FusionRCNN, which effectively and efficiently fuses point clouds and camera images in the Regions of Interest(RoI). FusionRCNN adaptively integrates both sparse geometry information from LiDAR and dense texture information from camera in a unified attention mechanism. Specifically, it first utilizes RoIPooling to obtain an image set with a unified size and gets the point set by sampling raw points within proposals in the RoI extraction step; then leverages an intra-modality self-attention to enhance the domain-specific features, following by a well-designed cross-attention to fuse the information from two modalities.FusionRCNN is fundamentally plug-and-play and supports different one-stage methods with almost no architectural changes. Extensive experiments on KITTI and Waymo benchmarks demonstrate that our method significantly boosts the performances of popular detectors.Remarkably, FusionRCNN significantly improves the strong SECOND baseline by 6.14% mAP on Waymo, and outperforms competing two-stage approaches. Code will be released soon at https://github.com/xxlbigbrother/Fusion-RCNN.

Title: INFINITY: A Simple Yet Effective Unsupervised Framework for Graph-Text Mutual Conversion. (arXiv:2209.10754v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2209.10754
• Code URL: null
• Copy Paste: [[2209.10754] INFINITY: A Simple Yet Effective Unsupervised Framework for Graph-Text Mutual Conversion](http://arxiv.org/abs/2209.10754)
• Summary:

  Graph-to-text (G2T) generation and text-to-graph (T2G) triple extraction are two essential tasks for constructing and applying knowledge graphs. Existing unsupervised approaches turn out to be suitable candidates for jointly learning the two tasks due to their avoidance of using graph-text parallel data. However, they are composed of multiple modules and still require both entity information and relation type in the training process. To this end, we propose INFINITY, a simple yet effective unsupervised approach that does not require external annotation tools or additional parallel information. It achieves fully unsupervised graph-text mutual conversion for the first time. Specifically, INFINITY treats both G2T and T2G as a bidirectional sequence generation task by fine-tuning only one pretrained seq2seq model. A novel back-translation-based framework is then designed to automatically generate continuous synthetic parallel data. To obtain reasonable graph sequences with structural information from source texts, INFINITY employs reward-based training loss by leveraging the advantage of reward augmented maximum likelihood. As a fully unsupervised framework, INFINITY is empirically verified to outperform state-of-the-art baselines for G2T and T2G tasks.

Title: A novel corrective-source term approach to modeling unknown physics in aluminum extraction process. (arXiv:2209.10861v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.10861
• Code URL: null
• Copy Paste: [[2209.10861] A novel corrective-source term approach to modeling unknown physics in aluminum extraction process](http://arxiv.org/abs/2209.10861)
• Summary:

  With the ever-increasing availability of data, there has been an explosion of interest in applying modern machine learning methods to fields such as modeling and control. However, despite the flexibility and surprising accuracy of such black-box models, it remains difficult to trust them. Recent efforts to combine the two approaches aim to develop flexible models that nonetheless generalize well; a paradigm we call Hybrid Analysis and modeling (HAM). In this work we investigate the Corrective Source Term Approach (CoSTA), which uses a data-driven model to correct a misspecified physics-based model. This enables us to develop models that make accurate predictions even when the underlying physics of the problem is not well understood. We apply CoSTA to model the Hall-H\'eroult process in an aluminum electrolysis cell. We demonstrate that the method improves both accuracy and predictive stability, yielding an overall more trustworthy model.

membership infer

federate

Title: Enhanced Decentralized Federated Learning based on Consensus in Connected Vehicles. (arXiv:2209.10722v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.10722
• Code URL: null
• Copy Paste: [[2209.10722] Enhanced Decentralized Federated Learning based on Consensus in Connected Vehicles](http://arxiv.org/abs/2209.10722)
• Summary:

  Advanced researches on connected vehicles have recently targeted to the integration of vehicle-to-everything (V2X) networks with Machine Learning (ML) tools and distributed decision making. Federated learning (FL) is emerging as a new paradigm to train machine learning (ML) models in distributed systems, including vehicles in V2X networks. Rather than sharing and uploading the training data to the server, the updating of model parameters (e.g., neural networks' weights and biases) is applied by large populations of interconnected vehicles, acting as local learners. Despite these benefits, the limitation of existing approaches is the centralized optimization which relies on a server for aggregation and fusion of local parameters, leading to the drawback of a single point of failure and scaling issues for increasing V2X network size. Meanwhile, in intelligent transport scenarios, data collected from onboard sensors are redundant, which degrades the performance of aggregation. To tackle these problems, we explore a novel idea of decentralized data processing and introduce a federated learning framework for in-network vehicles, C-DFL(Consensus based Decentralized Federated Learning), to tackle federated learning on connected vehicles and improve learning quality. Extensive simulations have been implemented to evaluate the performance of C-DFL, that demonstrates C-DFL outperforms the performance of conventional methods in all cases.

Title: One-Shot Federated Learning for Model Clustering and Learning in Heterogeneous Environments. (arXiv:2209.10866v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.10866
• Code URL: null
• Copy Paste: [[2209.10866] One-Shot Federated Learning for Model Clustering and Learning in Heterogeneous Environments](http://arxiv.org/abs/2209.10866)
• Summary:

  We propose a communication efficient approach for federated learning in heterogeneous environments. The system heterogeneity is reflected in the presence of $K$ different data distributions, with each user sampling data from only one of $K$ distributions. The proposed approach requires only one communication round between the users and server, thus significantly reducing the communication cost. Moreover, the proposed method provides strong learning guarantees in heterogeneous environments, by achieving the optimal mean-squared error (MSE) rates in terms of the sample size, i.e., matching the MSE guarantees achieved by learning on all data points belonging to users with the same data distribution, provided that the number of data points per user is above a threshold that we explicitly characterize in terms of system parameters. Remarkably, this is achieved without requiring any knowledge of the underlying distributions, or even the true number of distributions $K$. Numerical experiments illustrate our findings and underline the performance of the proposed method.

fair

Title: SCALES: From Fairness Principles to Constrained Decision-Making. (arXiv:2209.10860v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.10860
• Code URL: https://github.com/clear-nus/scales
• Copy Paste: [[2209.10860] SCALES: From Fairness Principles to Constrained Decision-Making](http://arxiv.org/abs/2209.10860)
• Summary:

  This paper proposes SCALES, a general framework that translates well-established fairness principles into a common representation based on the Constraint Markov Decision Process (CMDP). With the help of causal language, our framework can place constraints on both the procedure of decision making (procedural fairness) as well as the outcomes resulting from decisions (outcome fairness). Specifically, we show that well-known fairness principles can be encoded either as a utility component, a non-causal component, or a causal component in a SCALES-CMDP. We illustrate SCALES using a set of case studies involving a simulated healthcare scenario and the real-world COMPAS dataset. Experiments demonstrate that our framework produces fair policies that embody alternative fairness principles in single-step and sequential decision-making scenarios.

interpretability

Title: Improving Attention-Based Interpretability of Text Classification Transformers. (arXiv:2209.10876v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2209.10876
• Code URL: null
• Copy Paste: [[2209.10876] Improving Attention-Based Interpretability of Text Classification Transformers](http://arxiv.org/abs/2209.10876)
• Summary:

  Transformers are widely used in NLP, where they consistently achieve state-of-the-art performance. This is due to their attention-based architecture, which allows them to model rich linguistic relations between words. However, transformers are difficult to interpret. Being able to provide reasoning for its decisions is an important property for a model in domains where human lives are affected, such as hate speech detection and biomedicine. With transformers finding wide use in these fields, the need for interpretability techniques tailored to them arises. The effectiveness of attention-based interpretability techniques for transformers in text classification is studied in this work. Despite concerns about attention-based interpretations in the literature, we show that, with proper setup, attention may be used in such tasks with results comparable to state-of-the-art techniques, while also being faster and friendlier to the environment. We validate our claims with a series of experiments that employ a new feature importance metric.

Title: Toy Models of Superposition. (arXiv:2209.10652v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.10652
• Code URL: https://github.com/anthropics/toy-models-of-superposition
• Copy Paste: [[2209.10652] Toy Models of Superposition](http://arxiv.org/abs/2209.10652)
• Summary:

  Neural networks often pack many unrelated concepts into a single neuron - a puzzling phenomenon known as 'polysemanticity' which makes interpretability much more challenging. This paper provides a toy model where polysemanticity can be fully understood, arising as a result of models storing additional sparse features in "superposition." We demonstrate the existence of a phase change, a surprising connection to the geometry of uniform polytopes, and evidence of a link to adversarial examples. We also discuss potential implications for mechanistic interpretability.

Title: Counterfactual Explanations Using Optimization With Constraint Learning. (arXiv:2209.10997v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.10997
• Code URL: https://github.com/tabearoeber/ce-ocl
• Copy Paste: [[2209.10997] Counterfactual Explanations Using Optimization With Constraint Learning](http://arxiv.org/abs/2209.10997)
• Summary:

  Counterfactual explanations embody one of the many interpretability techniques that receive increasing attention from the machine learning community. Their potential to make model predictions more sensible to the user is considered to be invaluable. To increase their adoption in practice, several criteria that counterfactual explanations should adhere to have been put forward in the literature. We propose counterfactual explanations using optimization with constraint learning (CE-OCL), a generic and flexible approach that addresses all these criteria and allows room for further extensions. Specifically, we discuss how we can leverage an optimization with constraint learning framework for the generation of counterfactual explanations, and how components of this framework readily map to the criteria. We also propose two novel modeling approaches to address data manifold closeness and diversity, which are two key criteria for practical counterfactual explanations. We test CE-OCL on several datasets and present our results in a case study. Compared against the current state-of-the-art methods, CE-OCL allows for more flexibility and has an overall superior performance in terms of several evaluation metrics proposed in related work.

exlainability

watermark