secure

Title: MPC-Pipe: an Efficient Pipeline Scheme for Secure Multi-party Machine Learning Inference. (arXiv:2209.13643v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.13643
• Code URL: null
• Copy Paste: [[2209.13643] MPC-Pipe: an Efficient Pipeline Scheme for Secure Multi-party Machine Learning Inference](http://arxiv.org/abs/2209.13643)
• Summary:

  Multi-party computing (MPC) has been gaining popularity over the past years as a secure computing model, particularly for machine learning (ML) inference. Compared with its competitors, MPC has fewer overheads than homomorphic encryption (HE) and has a more robust threat model than hardware-based trusted execution environments (TEE) such as Intel SGX. Despite its apparent advantages, MPC protocols still pay substantial performance penalties compared to plaintext when applied to ML algorithms. The overhead is due to added computation and communication costs. For multiplications that are ubiquitous in ML algorithms, MPC protocols add 32x more computational costs and 1 round of broadcasting among MPC servers. Moreover, ML computations that have trivial costs in plaintext, such as Softmax, ReLU, and other non-linear operations become very expensive due to added communication. Those added overheads make MPC less palatable to deploy in real-time ML inference frameworks, such as speech translation.

In this work, we present MPC-Pipe, an MPC pipeline inference technique that uses two ML-specific approaches. 1) inter-linear-layer pipeline and 2) inner layer pipeline. Those two techniques shorten the total inference runtime for machine learning models. Our experiments have shown to reduce ML inference latency by up to 12.6% when model weights are private and 14.48\% when model weights are public, compared to current MPC protocol implementations.

Title: Faster Secure Comparisons with Offline Phase for Efficient Private Set Intersection. (arXiv:2209.13913v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.13913
• Code URL: https://github.com/blazingfastpsi/ndss23
• Copy Paste: [[2209.13913] Faster Secure Comparisons with Offline Phase for Efficient Private Set Intersection](http://arxiv.org/abs/2209.13913)
• Summary:

  In a Private section intersection (PSI) protocol, Alice and Bob compute the intersection of their respective sets without disclosing any element not in the intersection.

PSI protocols have been extensively studied in the literature and are deployed in industry. With state-of-the-art protocols achieving optimal asymptotic complexity, performance improvements are rare and can only improve complexity constants. In this paper, we present a new private, extremely efficient comparison protocol that leads to a PSI protocol with low constants. A useful property of our comparison protocol is that it can be divided into an online and an offline phase. All expensive cryptographic operations are performed during the offline phase, and the online phase performs only four fast field operations per comparison. This leads to an incredibly fast online phase, and our evaluation shows that it outperforms related work, including KKRT (CCS 16), VOLE-PSI (EuroCrypt 21), and OKVS (Crypto 21). We also evaluate standard approaches to implement the offline phase using different trust assumptions: cryptographic, hardware, and a third party (dealer model).

Title: Video surveillance robot powered by raspberry pi. (arXiv:2209.14130v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.14130
• Code URL: null
• Copy Paste: [[2209.14130] Video surveillance robot powered by raspberry pi](http://arxiv.org/abs/2209.14130)
• Summary:

  Video surveillance systems are increasingly used in different fields, from the domestic to the commercial environment. Current systems are being improved and complemented with new elements and functionalities. This paper proposes the design of a video surveillance robot based on Raspberry Pi with the abilities to perform tasks of motion detection, send video on real time, fire detection and also, the possibility of control it remotely from the Internet. In order to check the information received from the robot, as well as the video sent, a client application has been developed to any device with an Internet connection. In addition to this, in order to protect the information obtained by the robot, a secure system is proposed, which uses different security mechanisms to achieve this goal.

Title: Secure Indoor Location for Airport Environments. (arXiv:2209.14195v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.14195
• Code URL: null
• Copy Paste: [[2209.14195] Secure Indoor Location for Airport Environments](http://arxiv.org/abs/2209.14195)
• Summary:

  This work presents a secure novel solution based on inertial measurement units to provide indoor location and positioning in airports. The use of different technologies allows to locate people with precision in this kind of indoor places where the use of the GPS is not possible. The system has been developed thinking in the low cost and in a possible future expansion of this kind of systems to improve the Quality of Service of the users in airports. The use of QR codes and low cost IMU devices through the use of people smartphones ensure this premise. An Android application has been developed to show the applicability and performance of the system. The security in this kind of systems is essential. This kind of systems needs to avoid the traceability of the IMU devices when users are using it. To solve this problem, the FourQ elliptic curve has been used to generate a shared key using the elliptic curve Diffie-Hellman protocol. The key generated with the FourQ is used then to cipher all communications through the use of the SNOW 3G stream cipher. The developed system offers promising results.

security

Title: A Machine Learning Approach for DeepFake Detection. (arXiv:2209.13792v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.13792
• Code URL: null
• Copy Paste: [[2209.13792] A Machine Learning Approach for DeepFake Detection](http://arxiv.org/abs/2209.13792)
• Summary:

  With the spread of DeepFake techniques, this technology has become quite accessible and good enough that there is concern about its malicious use. Faced with this problem, detecting forged faces is of utmost importance to ensure security and avoid socio-political problems, both on a global and private scale. This paper presents a solution for the detection of DeepFakes using convolution neural networks and a dataset developed for this purpose - Celeb-DF. The results show that, with an overall accuracy of 95% in the classification of these images, the proposed model is close to what exists in the state of the art with the possibility of adjustment for better results in the manipulation techniques that arise in the future.

Title: A Unified View of IoT And CPS Security and Privacy. (arXiv:2209.13793v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.13793
• Code URL: null
• Copy Paste: [[2209.13793] A Unified View of IoT And CPS Security and Privacy](http://arxiv.org/abs/2209.13793)
• Summary:

  The concepts of Internet of Things (IoT) and Cyber Physical Systems (CPS) are closely related to each other. IoT is often used to refer to small interconnected devices like those in smart home while CPS often refers to large interconnected devices like industry machines and smart cars. In this paper, we present a unified view of IoT and CPS: from the perspective of network architecture, IoT and CPS are similar. In both IoT and CPS, networking/communication modules are attached to original dumb things so that those dumb things become smart and can be integrated into cyber space. If needed, actuators can also be integrated with a thing so as to control the thing. With this unified view, we can perform risk assessment of an IoT/CPS system from six factors, hardware, networking, operating system (OS), software, data and human. To illustrate the use of such risk analysis framework, we analyze an air quality monitoring network, smart home using smart plugs and building automation system (BAS). We also discuss challenges such as cost and secure OS in IoT security.

Title: Big data analysis and distributed deep learning for next-generation intrusion detection system optimization. (arXiv:2209.13961v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.13961
• Code URL: null
• Copy Paste: [[2209.13961] Big data analysis and distributed deep learning for next-generation intrusion detection system optimization](http://arxiv.org/abs/2209.13961)
• Summary:

  With the growing use of information technology in all life domains, hacking has become more negatively effective than ever before. Also with developing technologies, attacks numbers are growing exponentially every few months and become more sophisticated so that traditional IDS becomes inefficient detecting them. This paper proposes a solution to detect not only new threats with higher detection rate and lower false positive than already used IDS, but also it could detect collective and contextual security attacks. We achieve those results by using Networking Chatbot, a deep recurrent neural network: Long Short Term Memory (LSTM) on top of Apache Spark Framework that has an input of flow traffic and traffic aggregation and the output is a language of two words, normal or abnormal. We propose merging the concepts of language processing, contextual analysis, distributed deep learning, big data, anomaly detection of flow analysis. We propose a model that describes the network abstract normal behavior from a sequence of millions of packets within their context and analyzes them in near real-time to detect point, collective and contextual anomalies. Experiments are done on MAWI dataset, and it shows better detection rate not only than signature IDS, but also better than traditional anomaly IDS. The experiment shows lower false positive, higher detection rate and better point anomalies detection. As for prove of contextual and collective anomalies detection, we discuss our claim and the reason behind our hypothesis. But the experiment is done on random small subsets of the dataset because of hardware limitations, so we share experiment and our future vision thoughts as we wish that full prove will be done in future by other interested researchers who have better hardware infrastructure than ours.

privacy

Title: On the Choice of Databases in Differential Privacy Composition. (arXiv:2209.13697v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.13697
• Code URL: null
• Copy Paste: [[2209.13697] On the Choice of Databases in Differential Privacy Composition](http://arxiv.org/abs/2209.13697)
• Summary:

  Differential privacy (DP) is a widely applied paradigm for releasing data while maintaining user privacy. Its success is to a large part due to its composition property that guarantees privacy even in the case of multiple data releases. Consequently, composition has received a lot of attention from the research community: there exist several composition theorems for adversaries with different amounts of flexibility in their choice of mechanisms. But apart from mechanisms, the adversary can also choose the databases on which these mechanisms are invoked. The classic tool for analyzing the composition of DP mechanisms, the so-called composition experiment, neither allows for incorporating constraints on databases nor for different assumptions on the adversary's prior knowledge about database membership. We therefore propose a generalized composition experiment (GCE), which has this flexibility. We show that composition theorems that hold with respect to the classic composition experiment also hold with respect to the worst case of the GCE. This implies that existing composition theorems give a privacy guarantee for more cases than are explicitly covered by the classic composition experiment. Beyond these theoretical insights, we demonstrate two practical applications of the GCE: the first application is to give better privacy bounds in the presence of restrictions on the choice of databases; the second application is to reason about how the adversary's prior knowledge influences the privacy leakage. In this context, we show a connection between adversaries with an uninformative prior and subsampling, an important primitive in DP. To the best of our knowledge, this paper is the first to analyze the interplay between the databases in DP composition, and thereby gives both a better understanding of composition and practical tools for obtaining better composition bounds.

Title: Momentum Gradient Descent Federated Learning with Local Differential Privacy. (arXiv:2209.14086v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.14086
• Code URL: null
• Copy Paste: [[2209.14086] Momentum Gradient Descent Federated Learning with Local Differential Privacy](http://arxiv.org/abs/2209.14086)
• Summary:

  Nowadays, the development of information technology is growing rapidly. In the big data era, the privacy of personal information has been more pronounced. The major challenge is to find a way to guarantee that sensitive personal information is not disclosed while data is published and analyzed. Centralized differential privacy is established on the assumption of a trusted third-party data curator. However, this assumption is not always true in reality. As a new privacy preservation model, local differential privacy has relatively strong privacy guarantees. Although federated learning has relatively been a privacy-preserving approach for distributed learning, it still introduces various privacy concerns. To avoid privacy threats and reduce communication costs, in this article, we propose integrating federated learning and local differential privacy with momentum gradient descent to improve the performance of machine learning models.

protect

defense

attack

Title: Attacking Compressed Vision Transformers. (arXiv:2209.13785v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.13785
• Code URL: null
• Copy Paste: [[2209.13785] Attacking Compressed Vision Transformers](http://arxiv.org/abs/2209.13785)
• Summary:

  Vision Transformers are increasingly embedded in industrial systems due to their superior performance, but their memory and power requirements make deploying them to edge devices a challenging task. Hence, model compression techniques are now widely used to deploy models on edge devices as they decrease the resource requirements and make model inference very fast and efficient. But their reliability and robustness from a security perspective is another major issue in safety-critical applications. Adversarial attacks are like optical illusions for ML algorithms and they can severely impact the accuracy and reliability of models. In this work we investigate the transferability of adversarial samples across the SOTA Vision Transformer models across 3 SOTA compressed versions and infer the effects different compression techniques have on adversarial attacks.

Title: A Survey on Physical Adversarial Attack in Computer Vision. (arXiv:2209.14262v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.14262
• Code URL: null
• Copy Paste: [[2209.14262] A Survey on Physical Adversarial Attack in Computer Vision](http://arxiv.org/abs/2209.14262)
• Summary:

  In the past decade, deep learning has dramatically changed the traditional hand-craft feature manner with strong feature learning capability, resulting in tremendous improvement of conventional tasks. However, deep neural networks have recently been demonstrated vulnerable to adversarial examples, a kind of malicious samples crafted by small elaborately designed noise, which mislead the DNNs to make the wrong decisions while remaining imperceptible to humans. Adversarial examples can be divided into digital adversarial attacks and physical adversarial attacks. The digital adversarial attack is mostly performed in lab environments, focusing on improving the performance of adversarial attack algorithms. In contrast, the physical adversarial attack focus on attacking the physical world deployed DNN systems, which is a more challenging task due to the complex physical environment (i.e., brightness, occlusion, and so on). Although the discrepancy between digital adversarial and physical adversarial examples is small, the physical adversarial examples have a specific design to overcome the effect of the complex physical environment. In this paper, we review the development of physical adversarial attacks in DNN-based computer vision tasks, including image recognition tasks, object detection tasks, and semantic segmentation. For the sake of completeness of the algorithm evolution, we will briefly introduce the works that do not involve the physical adversarial attack. We first present a categorization scheme to summarize the current physical adversarial attacks. Then discuss the advantages and disadvantages of the existing physical adversarial attacks and focus on the technique used to maintain the adversarial when applied into physical environment. Finally, we point out the issues of the current physical adversarial attacks to be solved and provide promising research directions.

Title: Anomaly detection optimization using big data and deep learning to reduce false-positive. (arXiv:2209.13965v1 [cs.AI])

• Paper URL: http://arxiv.org/abs/2209.13965
• Code URL: null
• Copy Paste: [[2209.13965] Anomaly detection optimization using big data and deep learning to reduce false-positive](http://arxiv.org/abs/2209.13965)
• Summary:

  Anomaly-based Intrusion Detection System (IDS) has been a hot research topic because of its ability to detect new threats rather than only memorized signatures threats of signature-based IDS. Especially after the availability of advanced technologies that increase the number of hacking tools and increase the risk impact of an attack. The problem of any anomaly-based model is its high false-positive rate. The high false-positive rate is the reason why anomaly IDS is not commonly applied in practice. Because anomaly-based models classify an unseen pattern as a threat where it may be normal but not included in the training dataset. This type of problem is called overfitting where the model is not able to generalize. Optimizing Anomaly-based models by having a big training dataset that includes all possible normal cases may be an optimal solution but could not be applied in practice. Although we can increase the number of training samples to include much more normal cases, still we need a model that has more ability to generalize. In this research paper, we propose applying deep model instead of traditional models because it has more ability to generalize. Thus, we will obtain less false-positive by using big data and deep model. We made a comparison between machine learning and deep learning algorithms in the optimization of anomaly-based IDS by decreasing the false-positive rate. We did an experiment on the NSL-KDD benchmark and compared our results with one of the best used classifiers in traditional learning in IDS optimization. The experiment shows 10% lower false-positive by using deep learning instead of traditional learning.

Title: A Closer Look at Evaluating the Bit-Flip Attack Against Deep Neural Networks. (arXiv:2209.14243v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.14243
• Code URL: null
• Copy Paste: [[2209.14243] A Closer Look at Evaluating the Bit-Flip Attack Against Deep Neural Networks](http://arxiv.org/abs/2209.14243)
• Summary:

  Deep neural network models are massively deployed on a wide variety of hardware platforms. This results in the appearance of new attack vectors that significantly extend the standard attack surface, extensively studied by the adversarial machine learning community. One of the first attack that aims at drastically dropping the performance of a model, by targeting its parameters (weights) stored in memory, is the Bit-Flip Attack (BFA). In this work, we point out several evaluation challenges related to the BFA. First of all, the lack of an adversary's budget in the standard threat model is problematic, especially when dealing with physical attacks. Moreover, since the BFA presents critical variability, we discuss the influence of some training parameters and the importance of the model architecture. This work is the first to present the impact of the BFA against fully-connected architectures that present different behaviors compared to convolutional neural networks. These results highlight the importance of defining robust and sound evaluation methodologies to properly evaluate the dangers of parameter-based attacks as well as measure the real level of robustness offered by a defense.

Title: Machine Beats Machine: Machine Learning Models to Defend Against Adversarial Attacks. (arXiv:2209.13963v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.13963
• Code URL: null
• Copy Paste: [[2209.13963] Machine Beats Machine: Machine Learning Models to Defend Against Adversarial Attacks](http://arxiv.org/abs/2209.13963)
• Summary:

  We propose using a two-layered deployment of machine learning models to prevent adversarial attacks. The first layer determines whether the data was tampered, while the second layer solves a domain-specific problem. We explore three sets of features and three dataset variations to train machine learning models. Our results show clustering algorithms achieved promising results. In particular, we consider the best results were obtained by applying the DBSCAN algorithm to the structured structural similarity index measure computed between the images and a white reference image.

Title: VREN: Volleyball Rally Dataset with Expression Notation Language. (arXiv:2209.13846v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.13846
• Code URL: null
• Copy Paste: [[2209.13846] VREN: Volleyball Rally Dataset with Expression Notation Language](http://arxiv.org/abs/2209.13846)
• Summary:

  This research is intended to accomplish two goals: The first goal is to curate a large and information rich dataset that contains crucial and succinct summaries on the players' actions and positions and the back-and-forth travel patterns of the volleyball in professional and NCAA Div-I indoor volleyball games. While several prior studies have aimed to create similar datasets for other sports (e.g. badminton and soccer), creating such a dataset for indoor volleyball is not yet realized. The second goal is to introduce a volleyball descriptive language to fully describe the rally processes in the games and apply the language to our dataset. Based on the curated dataset and our descriptive sports language, we introduce three tasks for automated volleyball action and tactic analysis using our dataset: (1) Volleyball Rally Prediction, aimed at predicting the outcome of a rally and helping players and coaches improve decision-making in practice, (2) Setting Type and Hitting Type Prediction, to help coaches and players prepare more effectively for the game, and (3) Volleyball Tactics and Attacking Zone Statistics, to provide advanced volleyball statistics and help coaches understand the game and opponent's tactics better. We conducted case studies to show how experimental results can provide insights to the volleyball analysis community. Furthermore, experimental evaluation based on real-world data establishes a baseline for future studies and applications of our dataset and language. This study bridges the gap between the indoor volleyball field and computer science.

Title: Securing Federated Learning against Overwhelming Collusive Attackers. (arXiv:2209.14093v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.14093
• Code URL: null
• Copy Paste: [[2209.14093] Securing Federated Learning against Overwhelming Collusive Attackers](http://arxiv.org/abs/2209.14093)
• Summary:

  In the era of a data-driven society with the ubiquity of Internet of Things (IoT) devices storing large amounts of data localized at different places, distributed learning has gained a lot of traction, however, assuming independent and identically distributed data (iid) across the devices. While relaxing this assumption that anyway does not hold in reality due to the heterogeneous nature of devices, federated learning (FL) has emerged as a privacy-preserving solution to train a collaborative model over non-iid data distributed across a massive number of devices. However, the appearance of malicious devices (attackers), who intend to corrupt the FL model, is inevitable due to unrestricted participation. In this work, we aim to identify such attackers and mitigate their impact on the model, essentially under a setting of bidirectional label flipping attacks with collusion. We propose two graph theoretic algorithms, based on Minimum Spanning Tree and k-Densest graph, by leveraging correlations between local models. Our FL model can nullify the influence of attackers even when they are up to 70% of all the clients whereas prior works could not afford more than 50% of clients as attackers. The effectiveness of our algorithms is ascertained through experiments on two benchmark datasets, namely MNIST and Fashion-MNIST, with overwhelming attackers. We establish the superiority of our algorithms over the existing ones using accuracy, attack success rate, and early detection round.

robust

Title: Reconstruction-guided attention improves the robustness and shape processing of neural networks. (arXiv:2209.13620v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.13620
• Code URL: null
• Copy Paste: [[2209.13620] Reconstruction-guided attention improves the robustness and shape processing of neural networks](http://arxiv.org/abs/2209.13620)
• Summary:

  Many visual phenomena suggest that humans use top-down generative or reconstructive processes to create visual percepts (e.g., imagery, object completion, pareidolia), but little is known about the role reconstruction plays in robust object recognition. We built an iterative encoder-decoder network that generates an object reconstruction and used it as top-down attentional feedback to route the most relevant spatial and feature information to feed-forward object recognition processes. We tested this model using the challenging out-of-distribution digit recognition dataset, MNIST-C, where 15 different types of transformation and corruption are applied to handwritten digit images. Our model showed strong generalization performance against various image perturbations, on average outperforming all other models including feedforward CNNs and adversarially trained networks. Our model is particularly robust to blur, noise, and occlusion corruptions, where shape perception plays an important role. Ablation studies further reveal two complementary roles of spatial and feature-based attention in robust object recognition, with the former largely consistent with spatial masking benefits in the attention literature (the reconstruction serves as a mask) and the latter mainly contributing to the model's inference speed (i.e., number of time steps to reach a certain confidence threshold) by reducing the space of possible object hypotheses. We also observed that the model sometimes hallucinates a non-existing pattern out of noise, leading to highly interpretable human-like errors. Our study shows that modeling reconstruction-based feedback endows AI systems with a powerful attention mechanism, which can help us understand the role of generating perception in human visual processing.

Title: Translation, Scale and Rotation: Cross-Modal Alignment Meets RGB-Infrared Vehicle Detection. (arXiv:2209.13801v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.13801
• Code URL: null
• Copy Paste: [[2209.13801] Translation, Scale and Rotation: Cross-Modal Alignment Meets RGB-Infrared Vehicle Detection](http://arxiv.org/abs/2209.13801)
• Summary:

  Integrating multispectral data in object detection, especially visible and infrared images, has received great attention in recent years. Since visible (RGB) and infrared (IR) images can provide complementary information to handle light variations, the paired images are used in many fields, such as multispectral pedestrian detection, RGB-IR crowd counting and RGB-IR salient object detection. Compared with natural RGB-IR images, we find detection in aerial RGB-IR images suffers from cross-modal weakly misalignment problems, which are manifested in the position, size and angle deviations of the same object. In this paper, we mainly address the challenge of cross-modal weakly misalignment in aerial RGB-IR images. Specifically, we firstly explain and analyze the cause of the weakly misalignment problem. Then, we propose a Translation-Scale-Rotation Alignment (TSRA) module to address the problem by calibrating the feature maps from these two modalities. The module predicts the deviation between two modality objects through an alignment process and utilizes Modality-Selection (MS) strategy to improve the performance of alignment. Finally, a two-stream feature alignment detector (TSFADet) based on the TSRA module is constructed for RGB-IR object detection in aerial images. With comprehensive experiments on the public DroneVehicle datasets, we verify that our method reduces the effect of the cross-modal misalignment and achieve robust detection results.

Title: Deep Learning based Automatic Quantification of Urethral Plate Quality using the Plate Objective Scoring Tool (POST). (arXiv:2209.13848v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.13848
• Code URL: null
• Copy Paste: [[2209.13848] Deep Learning based Automatic Quantification of Urethral Plate Quality using the Plate Objective Scoring Tool (POST)](http://arxiv.org/abs/2209.13848)
• Summary:

  Objectives: To explore the capacity of deep learning algorithm to further streamline and optimize urethral plate (UP) quality appraisal on 2D images using the plate objective scoring tool (POST), aiming to increase the objectivity and reproducibility of UP appraisal in hypospadias repair. Methods: The five key POST landmarks were marked by specialists in a 691-image dataset of prepubertal boys undergoing primary hypospadias repair. This dataset was then used to develop and validate a deep learning-based landmark detection model. The proposed framework begins with glans localization and detection, where the input image is cropped using the predicted bounding box. Next, a deep convolutional neural network (CNN) architecture is used to predict the coordinates of the five POST landmarks. These predicted landmarks are then used to assess UP quality in distal hypospadias. Results: The proposed model accurately localized the glans area, with a mean average precision (mAP) of 99.5% and an overall sensitivity of 99.1%. A normalized mean error (NME) of 0.07152 was achieved in predicting the coordinates of the landmarks, with a mean squared error (MSE) of 0.001 and a 20.2% failure rate at a threshold of 0.1 NME. Conclusions: This deep learning application shows robustness and high precision in using POST to appraise UP quality. Further assessment using international multi-centre image-based databases is ongoing. External validation could benefit deep learning algorithms and lead to better assessments, decision-making and predictions for surgical outcomes.

Title: Thinking Hallucination for Video Captioning. (arXiv:2209.13853v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.13853
• Code URL: null
• Copy Paste: [[2209.13853] Thinking Hallucination for Video Captioning](http://arxiv.org/abs/2209.13853)
• Summary:

  With the advent of rich visual representations and pre-trained language models, video captioning has seen continuous improvement over time. Despite the performance improvement, video captioning models are prone to hallucination. Hallucination refers to the generation of highly pathological descriptions that are detached from the source material. In video captioning, there are two kinds of hallucination: object and action hallucination. Instead of endeavoring to learn better representations of a video, in this work, we investigate the fundamental sources of the hallucination problem. We identify three main factors: (i) inadequate visual features extracted from pre-trained models, (ii) improper influences of source and target contexts during multi-modal fusion, and (iii) exposure bias in the training strategy. To alleviate these problems, we propose two robust solutions: (a) the introduction of auxiliary heads trained in multi-label settings on top of the extracted visual features and (b) the addition of context gates, which dynamically select the features during fusion. The standard evaluation metrics for video captioning measures similarity with ground truth captions and do not adequately capture object and action relevance. To this end, we propose a new metric, COAHA (caption object and action hallucination assessment), which assesses the degree of hallucination. Our method achieves state-of-the-art performance on the MSR-Video to Text (MSR-VTT) and the Microsoft Research Video Description Corpus (MSVD) datasets, especially by a massive margin in CIDEr score.

Title: Rethinking Blur Synthesis for Deep Real-World Image Deblurring. (arXiv:2209.13866v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.13866
• Code URL: null
• Copy Paste: [[2209.13866] Rethinking Blur Synthesis for Deep Real-World Image Deblurring](http://arxiv.org/abs/2209.13866)
• Summary:

  In this paper, we examine the problem of real-world image deblurring and take into account two key factors for improving the performance of the deep image deblurring model, namely, training data synthesis and network architecture design. Deblurring models trained on existing synthetic datasets perform poorly on real blurry images due to domain shift. To reduce the domain gap between synthetic and real domains, we propose a novel realistic blur synthesis pipeline to simulate the camera imaging process. As a result of our proposed synthesis method, existing deblurring models could be made more robust to handle real-world blur. Furthermore, we develop an effective deblurring model that captures non-local dependencies and local context in the feature domain simultaneously. Specifically, we introduce the multi-path transformer module to UNet architecture for enriched multi-scale features learning. A comprehensive experiment on three real-world datasets shows that the proposed deblurring model performs better than state-of-the-art methods.

Title: Vision based Crop Row Navigation under Varying Field Conditions in Arable Fields. (arXiv:2209.14003v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.14003
• Code URL: null
• Copy Paste: [[2209.14003] Vision based Crop Row Navigation under Varying Field Conditions in Arable Fields](http://arxiv.org/abs/2209.14003)
• Summary:

  Accurate crop row detection is often challenged by the varying field conditions present in real-world arable fields. Traditional colour based segmentation is unable to cater for all such variations. The lack of comprehensive datasets in agricultural environments limits the researchers from developing robust segmentation models to detect crop rows. We present a dataset for crop row detection with 11 field variations from Sugar Beet and Maize crops. We also present a novel crop row detection algorithm for visual servoing in crop row fields. Our algorithm can detect crop rows against varying field conditions such as curved crop rows, weed presence, discontinuities, growth stages, tramlines, shadows and light levels. Our method only uses RGB images from a front-mounted camera on a Husky robot to predict crop rows. Our method outperformed the classic colour based crop row detection baseline. Dense weed presence within inter-row space and discontinuities in crop rows were the most challenging field conditions for our crop row detection algorithm. Our method can detect the end of the crop row and navigate the robot towards the headland area when it reaches the end of the crop row.

Title: Inducing Data Amplification Using Auxiliary Datasets in Adversarial Training. (arXiv:2209.14053v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.14053
• Code URL: https://github.com/saehyung-lee/biamat
• Copy Paste: [[2209.14053] Inducing Data Amplification Using Auxiliary Datasets in Adversarial Training](http://arxiv.org/abs/2209.14053)
• Summary:

  Several recent studies have shown that the use of extra in-distribution data can lead to a high level of adversarial robustness. However, there is no guarantee that it will always be possible to obtain sufficient extra data for a selected dataset. In this paper, we propose a biased multi-domain adversarial training (BiaMAT) method that induces training data amplification on a primary dataset using publicly available auxiliary datasets, without requiring the class distribution match between the primary and auxiliary datasets. The proposed method can achieve increased adversarial robustness on a primary dataset by leveraging auxiliary datasets via multi-domain learning. Specifically, data amplification on both robust and non-robust features can be accomplished through the application of BiaMAT as demonstrated through a theoretical and empirical analysis. Moreover, we demonstrate that while existing methods are vulnerable to negative transfer due to the distributional discrepancy between auxiliary and primary data, the proposed method enables neural networks to flexibly leverage diverse image datasets for adversarial training by successfully handling the domain discrepancy through the application of a confidence-based selection strategy. The pre-trained models and code are available at: \url{https://github.com/Saehyung-Lee/BiaMAT}.

Title: Cyclegan Network for Sheet Metal Welding Drawing Translation. (arXiv:2209.14106v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.14106
• Code URL: null
• Copy Paste: [[2209.14106] Cyclegan Network for Sheet Metal Welding Drawing Translation](http://arxiv.org/abs/2209.14106)
• Summary:

  In intelligent manufacturing, the quality of machine translation engineering drawings will directly affect its manufacturing accuracy. Currently, most of the work is manually translated, greatly reducing production efficiency. This paper proposes an automatic translation method for welded structural engineering drawings based on Cyclic Generative Adversarial Networks (CycleGAN). The CycleGAN network model of unpaired transfer learning is used to learn the feature mapping of real welding engineering drawings to realize automatic translation of engineering drawings. U-Net and PatchGAN are the main network for the generator and discriminator, respectively. Based on removing the identity mapping function, a high-dimensional sparse network is proposed to replace the traditional dense network for the Cyclegan generator to improve noise robustness. Increase the residual block hidden layer to increase the resolution of the generated graph. The improved and fine-tuned network models are experimentally validated, computing the gap between real and generated data. It meets the welding engineering precision standard and solves the main problem of low drawing recognition efficiency in the welding manufacturing process. The results show. After training with our model, the PSNR, SSIM and MSE of welding engineering drawings reach about 44.89%, 99.58% and 2.11, respectively, which are superior to traditional networks in both training speed and accuracy.

Title: CALIP: Zero-Shot Enhancement of CLIP with Parameter-free Attention. (arXiv:2209.14169v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.14169
• Code URL: null
• Copy Paste: [[2209.14169] CALIP: Zero-Shot Enhancement of CLIP with Parameter-free Attention](http://arxiv.org/abs/2209.14169)
• Summary:

  Contrastive Language-Image Pre-training (CLIP) has been shown to learn visual representations with great transferability, which achieves promising accuracy for zero-shot classification. To further improve its downstream performance, existing works propose additional learnable modules upon CLIP and fine-tune them by few-shot training sets. However, the resulting extra training cost and data requirement severely hinder the efficiency for model deployment and knowledge transfer. In this paper, we introduce a free-lunch enhancement method, CALIP, to boost CLIP's zero-shot performance via a parameter-free Attention module. Specifically, we guide visual and textual representations to interact with each other and explore cross-modal informative features via attention. As the pre-training has largely reduced the embedding distances between two modalities, we discard all learnable parameters in the attention and bidirectionally update the multi-modal features, enabling the whole process to be parameter-free and training-free. In this way, the images are blended with textual-aware signals and the text representations become visual-guided for better adaptive zero-shot alignment. We evaluate CALIP on various benchmarks of 14 datasets for both 2D image and 3D point cloud few-shot classification, showing consistent zero-shot performance improvement over CLIP. Based on that, we further insert a small number of linear layers in CALIP's attention module and verify our robustness under the few-shot settings, which also achieves leading performance compared to existing methods. Those extensive experiments demonstrate the superiority of our approach for efficient enhancement of CLIP.

Title: Less is More: Rethinking Few-Shot Learning and Recurrent Neural Nets. (arXiv:2209.14267v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.14267
• Code URL: null
• Copy Paste: [[2209.14267] Less is More: Rethinking Few-Shot Learning and Recurrent Neural Nets](http://arxiv.org/abs/2209.14267)
• Summary:

  The statistical supervised learning framework assumes an input-output set with a joint probability distribution that is reliably represented by the training dataset. The learner is then required to output a prediction rule learned from the training dataset's input-output pairs. In this work, we provide meaningful insights into the asymptotic equipartition property (AEP) \citep{Shannon:1948} in the context of machine learning, and illuminate some of its potential ramifications for few-shot learning. We provide theoretical guarantees for reliable learning under the information-theoretic AEP, and for the generalization error with respect to the sample size. We then focus on a highly efficient recurrent neural net (RNN) framework and propose a reduced-entropy algorithm for few-shot learning. We also propose a mathematical intuition for the RNN as an approximation of a sparse coding solver. We verify the applicability, robustness, and computational efficiency of the proposed approach with image deblurring and optical coherence tomography (OCT) speckle suppression. Our experimental results demonstrate significant potential for improving learning models' sample efficiency, generalization, and time complexity, that can therefore be leveraged for practical real-time applications.

Title: DexTransfer: Real World Multi-fingered Dexterous Grasping with Minimal Human Demonstrations. (arXiv:2209.14284v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.14284
• Code URL: null
• Copy Paste: [[2209.14284] DexTransfer: Real World Multi-fingered Dexterous Grasping with Minimal Human Demonstrations](http://arxiv.org/abs/2209.14284)
• Summary:

  Teaching a multi-fingered dexterous robot to grasp objects in the real world has been a challenging problem due to its high dimensional state and action space. We propose a robot-learning system that can take a small number of human demonstrations and learn to grasp unseen object poses given partially occluded observations. Our system leverages a small motion capture dataset and generates a large dataset with diverse and successful trajectories for a multi-fingered robot gripper. By adding domain randomization, we show that our dataset provides robust grasping trajectories that can be transferred to a policy learner. We train a dexterous grasping policy that takes the point clouds of the object as input and predicts continuous actions to grasp objects from different initial robot states. We evaluate the effectiveness of our system on a 22-DoF floating Allegro Hand in simulation and a 23-DoF Allegro robot hand with a KUKA arm in real world. The policy learned from our dataset can generalize well on unseen object poses in both simulation and the real world

Title: mRobust04: A Multilingual Version of the TREC Robust 2004 Benchmark. (arXiv:2209.13738v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2209.13738
• Code URL: null
• Copy Paste: [[2209.13738] mRobust04: A Multilingual Version of the TREC Robust 2004 Benchmark](http://arxiv.org/abs/2209.13738)
• Summary:

  Robust 2004 is an information retrieval benchmark whose large number of judgments per query make it a reliable evaluation dataset. In this paper, we present mRobust04, a multilingual version of Robust04 that was translated to 8 languages using Google Translate. We also provide results of three different multilingual retrievers on this dataset. The dataset is available at https://huggingface.co/datasets/unicamp-dl/mrobust

Title: UCEpic: Unifying Aspect Planning and Lexical Constraints for Explainable Recommendation. (arXiv:2209.13885v1 [cs.AI])

• Paper URL: http://arxiv.org/abs/2209.13885
• Code URL: null
• Copy Paste: [[2209.13885] UCEpic: Unifying Aspect Planning and Lexical Constraints for Explainable Recommendation](http://arxiv.org/abs/2209.13885)
• Summary:

  Personalized natural language generation for explainable recommendations plays a key role in justifying why a recommendation might match a user's interests. Existing models usually control the generation process by soft constraints (e.g.,~aspect planning). While promising, these methods struggle to generate specific information correctly, which prevents generated explanations from being informative and diverse. In this paper, we propose UCEpic, an explanation generation model that unifies aspect planning and lexical constraints for controllable personalized generation. Specifically, we first pre-train a non-personalized text generator by our proposed robust insertion process so that the model is able to generate sentences containing lexical constraints. Then, we demonstrate the method of incorporating aspect planning and personalized references into the insertion process to obtain personalized explanations. Compared to previous work controlled by soft constraints, UCEpic incorporates specific information from keyphrases and then largely improves the diversity and informativeness of generated explanations. Extensive experiments on RateBeer and Yelp show that UCEpic can generate high-quality and diverse explanations for recommendations.

Title: Causal Proxy Models for Concept-Based Model Explanations. (arXiv:2209.14279v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2209.14279
• Code URL: https://github.com/frankaging/causal-proxy-model
• Copy Paste: [[2209.14279] Causal Proxy Models for Concept-Based Model Explanations](http://arxiv.org/abs/2209.14279)
• Summary:

  Explainability methods for NLP systems encounter a version of the fundamental problem of causal inference: for a given ground-truth input text, we never truly observe the counterfactual texts necessary for isolating the causal effects of model representations on outputs. In response, many explainability methods make no use of counterfactual texts, assuming they will be unavailable. In this paper, we show that robust causal explainability methods can be created using approximate counterfactuals, which can be written by humans to approximate a specific counterfactual or simply sampled using metadata-guided heuristics. The core of our proposal is the Causal Proxy Model (CPM). A CPM explains a black-box model $\mathcal{N}$ because it is trained to have the same actual input/output behavior as $\mathcal{N}$ while creating neural representations that can be intervened upon to simulate the counterfactual input/output behavior of $\mathcal{N}$. Furthermore, we show that the best CPM for $\mathcal{N}$ performs comparably to $\mathcal{N}$ in making factual predictions, which means that the CPM can simply replace $\mathcal{N}$, leading to more explainable deployed models. Our code is available at https://github.com/frankaging/Causal-Proxy-Model.

Title: InFi: End-to-End Learning to Filter Input for Resource-Efficiency in Mobile-Centric Inference. (arXiv:2209.13873v1 [cs.AI])

• Paper URL: http://arxiv.org/abs/2209.13873
• Code URL: https://github.com/yuanmu97/infi
• Copy Paste: [[2209.13873] InFi: End-to-End Learning to Filter Input for Resource-Efficiency in Mobile-Centric Inference](http://arxiv.org/abs/2209.13873)
• Summary:

  Mobile-centric AI applications have high requirements for resource-efficiency of model inference. Input filtering is a promising approach to eliminate the redundancy so as to reduce the cost of inference. Previous efforts have tailored effective solutions for many applications, but left two essential questions unanswered: (1) theoretical filterability of an inference workload to guide the application of input filtering techniques, thereby avoiding the trial-and-error cost for resource-constrained mobile applications; (2) robust discriminability of feature embedding to allow input filtering to be widely effective for diverse inference tasks and input content. To answer them, we first formalize the input filtering problem and theoretically compare the hypothesis complexity of inference models and input filters to understand the optimization potential. Then we propose the first end-to-end learnable input filtering framework that covers most state-of-the-art methods and surpasses them in feature embedding with robust discriminability. We design and implement InFi that supports six input modalities and multiple mobile-centric deployments. Comprehensive evaluations confirm our theoretical results and show that InFi outperforms strong baselines in applicability, accuracy, and efficiency. InFi achieve 8.5x throughput and save 95% bandwidth, while keeping over 90% accuracy, for a video analytics application on mobile platforms.

Title: Argumentative Reward Learning: Reasoning About Human Preferences. (arXiv:2209.14010v1 [cs.AI])

• Paper URL: http://arxiv.org/abs/2209.14010
• Code URL: null
• Copy Paste: [[2209.14010] Argumentative Reward Learning: Reasoning About Human Preferences](http://arxiv.org/abs/2209.14010)
• Summary:

  We define a novel neuro-symbolic framework, argumentative reward learning, which combines preference-based argumentation with existing approaches to reinforcement learning from human feedback. Our method improves prior work by generalising human preferences, reducing the burden on the user and increasing the robustness of the reward model. We demonstrate this with a number of experiments.

Title: Conformal Prediction is Robust to Label Noise. (arXiv:2209.14295v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.14295
• Code URL: null
• Copy Paste: [[2209.14295] Conformal Prediction is Robust to Label Noise](http://arxiv.org/abs/2209.14295)
• Summary:

  We study the robustness of conformal prediction, a powerful tool for uncertainty quantification, to label noise. Our analysis tackles both regression and classification problems, characterizing when and how it is possible to construct uncertainty sets that correctly cover the unobserved noiseless ground truth labels. Through stylized theoretical examples and practical experiments, we argue that naive conformal prediction covers the noiseless ground truth label unless the noise distribution is adversarially designed. This leads us to believe that correcting for label noise is unnecessary except for pathological data distributions or noise sources. In such cases, we can also correct for noise of bounded size in the conformal prediction algorithm in order to ensure correct coverage of the ground truth labels without score or data regularity.

Title: Falsification before Extrapolation in Causal Effect Estimation. (arXiv:2209.13708v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.13708
• Code URL: https://github.com/clinicalml/rct-obs-extrapolation
• Copy Paste: [[2209.13708] Falsification before Extrapolation in Causal Effect Estimation](http://arxiv.org/abs/2209.13708)
• Summary:

  Randomized Controlled Trials (RCTs) represent a gold standard when developing policy guidelines. However, RCTs are often narrow, and lack data on broader populations of interest. Causal effects in these populations are often estimated using observational datasets, which may suffer from unobserved confounding and selection bias. Given a set of observational estimates (e.g. from multiple studies), we propose a meta-algorithm that attempts to reject observational estimates that are biased. We do so using validation effects, causal effects that can be inferred from both RCT and observational data. After rejecting estimators that do not pass this test, we generate conservative confidence intervals on the extrapolated causal effects for subgroups not observed in the RCT. Under the assumption that at least one observational estimator is asymptotically normal and consistent for both the validation and extrapolated effects, we provide guarantees on the coverage probability of the intervals output by our algorithm. To facilitate hypothesis testing in settings where causal effect transportation across datasets is necessary, we give conditions under which a doubly-robust estimator of group average treatment effects is asymptotically normal, even when flexible machine learning methods are used for estimation of nuisance parameters. We illustrate the properties of our approach on semi-synthetic and real world datasets, and show that it compares favorably to standard meta-analysis techniques.

Title: A Parameter-free Nonconvex Low-rank Tensor Completion Model for Spatiotemporal Traffic Data Recovery. (arXiv:2209.13786v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.13786
• Code URL: https://github.com/YoungHe49/T-ITS-PFNC
• Copy Paste: [[2209.13786] A Parameter-free Nonconvex Low-rank Tensor Completion Model for Spatiotemporal Traffic Data Recovery](http://arxiv.org/abs/2209.13786)
• Summary:

  Traffic data chronically suffer from missing and corruption, leading to accuracy and utility reduction in subsequent Intelligent Transportation System (ITS) applications. Noticing the inherent low-rank property of traffic data, numerous studies formulated missing traffic data recovery as a low-rank tensor completion (LRTC) problem. Due to the non-convexity and discreteness of the rank minimization in LRTC, existing methods either replaced rank with convex surrogates that are quite far away from the rank function or approximated rank with nonconvex surrogates involving many parameters. In this study, we proposed a Parameter-Free Non-Convex Tensor Completion model (TC-PFNC) for traffic data recovery, in which a log-based relaxation term was designed to approximate tensor algebraic rank. Moreover, previous studies usually assumed the observations are reliable without any outliers. Therefore, we extended the TC-PFNC to a robust version (RTC-PFNC) by modeling potential traffic data outliers, which can recover the missing value from partial and corrupted observations and remove the anomalies in observations. The numerical solutions of TC-PFNC and RTC-PFNC were elaborated based on the alternating direction multiplier method (ADMM). The extensive experimental results conducted on four real-world traffic data sets demonstrated that the proposed methods outperform other state-of-the-art methods in both missing and corrupted data recovery. The code used in this paper is available at: https://github.com/YoungHe49/T-ITSPFNC.

Title: Online Policy Optimization for Robust MDP. (arXiv:2209.13841v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.13841
• Code URL: null
• Copy Paste: [[2209.13841] Online Policy Optimization for Robust MDP](http://arxiv.org/abs/2209.13841)
• Summary:

  Reinforcement learning (RL) has exceeded human performance in many synthetic settings such as video games and Go. However, real-world deployment of end-to-end RL models is less common, as RL models can be very sensitive to slight perturbation of the environment. The robust Markov decision process (MDP) framework -- in which the transition probabilities belong to an uncertainty set around a nominal model -- provides one way to develop robust models. While previous analysis shows RL algorithms are effective assuming access to a generative model, it remains unclear whether RL can be efficient under a more realistic online setting, which requires a careful balance between exploration and exploitation. In this work, we consider online robust MDP by interacting with an unknown nominal system. We propose a robust optimistic policy optimization algorithm that is provably efficient. To address the additional uncertainty caused by an adversarial environment, our model features a new optimistic update rule derived via Fenchel conjugates. Our analysis establishes the first regret bound for online robust MDPs.

Title: Shape-constrained Symbolic Regression with NSGA-III. (arXiv:2209.13851v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.13851
• Code URL: null
• Copy Paste: [[2209.13851] Shape-constrained Symbolic Regression with NSGA-III](http://arxiv.org/abs/2209.13851)
• Summary:

  Shape-constrained symbolic regression (SCSR) allows to include prior knowledge into data-based modeling. This inclusion allows to ensure that certain expected behavior is better reflected by the resulting models. The expected behavior is defined via constraints, which refer to the function form e.g. monotonicity, concavity, convexity or the models image boundaries. In addition to the advantage of obtaining more robust and reliable models due to defining constraints over the functions shape, the use of SCSR allows to find models which are more robust to noise and have a better extrapolation behavior. This paper presents a mutlicriterial approach to minimize the approximation error as well as the constraint violations. Explicitly the two algorithms NSGA-II and NSGA-III are implemented and compared against each other in terms of model quality and runtime. Both algorithms are capable of dealing with multiple objectives, whereas NSGA-II is a well established multi-objective approach performing well on instances with up-to 3 objectives. NSGA-III is an extension of the NSGA-II algorithm and was developed to handle problems with "many" objectives (more than 3 objectives). Both algorithms are executed on a selected set of benchmark instances from physics textbooks. The results indicate that both algorithms are able to find largely feasible solutions and NSGA-III provides slight improvements in terms of model quality. Moreover, an improvement in runtime can be observed using the many-objective approach.

Title: Identifying Differential Equations to predict Blood Glucose using Sparse Identification of Nonlinear Systems. (arXiv:2209.13852v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.13852
• Code URL: null
• Copy Paste: [[2209.13852] Identifying Differential Equations to predict Blood Glucose using Sparse Identification of Nonlinear Systems](http://arxiv.org/abs/2209.13852)
• Summary:

  Describing dynamic medical systems using machine learning is a challenging topic with a wide range of applications. In this work, the possibility of modeling the blood glucose level of diabetic patients purely on the basis of measured data is described. A combination of the influencing variables insulin and calories are used to find an interpretable model. The absorption speed of external substances in the human body depends strongly on external influences, which is why time-shifts are added for the influencing variables. The focus is put on identifying the best timeshifts that provide robust models with good prediction accuracy that are independent of other unknown external influences. The modeling is based purely on the measured data using Sparse Identification of Nonlinear Dynamics. A differential equation is determined which, starting from an initial value, simulates blood glucose dynamics. By applying the best model to test data, we can show that it is possible to simulate the long-term blood glucose dynamics using differential equations and few, influencing variables.

Title: On the Robustness of Ensemble-Based Machine Learning Against Data Poisoning. (arXiv:2209.14013v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.14013
• Code URL: null
• Copy Paste: [[2209.14013] On the Robustness of Ensemble-Based Machine Learning Against Data Poisoning](http://arxiv.org/abs/2209.14013)
• Summary:

  Machine learning is becoming ubiquitous. From financial to medicine, machine learning models are boosting decision-making processes and even outperforming humans in some tasks. This huge progress in terms of prediction quality does not however find a counterpart in the security of such models and corresponding predictions, where perturbations of fractions of the training set (poisoning) can seriously undermine the model accuracy. Research on poisoning attacks and defenses even predates the introduction of deep neural networks, leading to several promising solutions. Among them, ensemble-based defenses, where different models are trained on portions of the training set and their predictions are then aggregated, are getting significant attention, due to their relative simplicity and theoretical and practical guarantees. The work in this paper designs and implements a hash-based ensemble approach for ML robustness and evaluates its applicability and performance on random forests, a machine learning model proved to be more resistant to poisoning attempts on tabular datasets. An extensive experimental evaluation is carried out to evaluate the robustness of our approach against a variety of attacks, and compare it with a traditional monolithic model based on random forests.

Title: Global Weighted Tensor Nuclear Norm for Tensor Robust Principal Component Analysis. (arXiv:2209.14084v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.14084
• Code URL: null
• Copy Paste: [[2209.14084] Global Weighted Tensor Nuclear Norm for Tensor Robust Principal Component Analysis](http://arxiv.org/abs/2209.14084)
• Summary:

  Tensor Robust Principal Component Analysis (TRPCA), which aims to recover a low-rank tensor corrupted by sparse noise, has attracted much attention in many real applications. This paper develops a new Global Weighted TRPCA method (GWTRPCA), which is the first approach simultaneously considers the significance of intra-frontal slice and inter-frontal slice singular values in the Fourier domain. Exploiting this global information, GWTRPCA penalizes the larger singular values less and assigns smaller weights to them. Hence, our method can recover the low-tubal-rank components more exactly. Moreover, we propose an effective adaptive weight learning strategy by a Modified Cauchy Estimator (MCE) since the weight setting plays a crucial role in the success of GWTRPCA. To implement the GWTRPCA method, we devise an optimization algorithm using an Alternating Direction Method of Multipliers (ADMM) method. Experiments on real-world datasets validate the effectiveness of our proposed method.

Title: Exploring the Relationship between Architecture and Adversarially Robust Generalization. (arXiv:2209.14105v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.14105
• Code URL: null
• Copy Paste: [[2209.14105] Exploring the Relationship between Architecture and Adversarially Robust Generalization](http://arxiv.org/abs/2209.14105)
• Summary:

  Adversarial training has been demonstrated to be one of the most effective remedies for defending adversarial examples, yet it often suffers from the huge robustness generalization gap on unseen testing adversaries, deemed as the \emph{adversarially robust generalization problem}. Despite the preliminary understandings devoted on adversarially robust generalization, little is known from the architectural perspective. Thus, this paper tries to bridge the gap by systematically examining the most representative architectures (e.g., Vision Transformers and CNNs). In particular, we first comprehensively evaluated \emph{20} adversarially trained architectures on ImageNette and CIFAR-10 datasets towards several adversaries (multiple $\ell_p$-norm adversarial attacks), and found that Vision Transformers (e.g., PVT, CoAtNet) often yield better adversarially robust generalization. To further understand what architectural ingredients favor adversarially robust generalization, we delve into several key building blocks and revealed the fact via the lens of Rademacher complexity that the higher weight sparsity contributes significantly towards the better adversarially robust generalization of Vision Transformers, which can be often achieved by attention layers. Our extensive studies discovered the close relationship between architectural design and adversarially robust generalization, and instantiated several important insights. We hope our findings could help to better understand the mechanism towards designing robust deep learning architectures.

Title: Active Transfer Prototypical Network: An Efficient Labeling Algorithm for Time-Series Data. (arXiv:2209.14199v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.14199
• Code URL: null
• Copy Paste: [[2209.14199] Active Transfer Prototypical Network: An Efficient Labeling Algorithm for Time-Series Data](http://arxiv.org/abs/2209.14199)
• Summary:

  The paucity of labeled data is a typical challenge in the automotive industry. Annotating time-series measurements requires solid domain knowledge and in-depth exploratory data analysis, which implies a high labeling effort. Conventional Active Learning (AL) addresses this issue by actively querying the most informative instances based on the estimated classification probability and retraining the model iteratively. However, the learning efficiency strongly relies on the initial model, resulting in the trade-off between the size of the initial dataset and the query number. This paper proposes a novel Few-Shot Learning (FSL)-based AL framework, which addresses the trade-off problem by incorporating a Prototypical Network (ProtoNet) in the AL iterations. The results show an improvement, on the one hand, in the robustness to the initial model and, on the other hand, in the learning efficiency of the ProtoNet through the active selection of the support set in each iteration. This framework was validated on UCI HAR/HAPT dataset and a real-world braking maneuver dataset. The learning performance significantly surpasses traditional AL algorithms on both datasets, achieving 90% classification accuracy with 10% and 5% labeling effort, respectively.

Title: A Multi-scale Graph Signature for Persistence Diagrams based on Return Probabilities of Random Walks. (arXiv:2209.14264v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.14264
• Code URL: null
• Copy Paste: [[2209.14264] A Multi-scale Graph Signature for Persistence Diagrams based on Return Probabilities of Random Walks](http://arxiv.org/abs/2209.14264)
• Summary:

  Persistence diagrams (PDs), often characterized as sets of death and birth of homology class, have been known for providing a topological representation of a graph structure, which is often useful in machine learning tasks. Prior works rely on a single graph signature to construct PDs. In this paper, we explore the use of a family of multi-scale graph signatures to enhance the robustness of topological features. We propose a deep learning architecture to handle this set input. Experiments on benchmark graph classification datasets demonstrate that our proposed architecture outperforms other persistent homology-based methods and achieves competitive performance compared to state-of-the-art methods using graph neural networks. In addition, our approach can be easily applied to large size of input graphs as it does not suffer from limited scalability which can be an issue for graph kernel methods.

biometric

steal

extraction

Title: MTU-Net: Multi-level TransUNet for Space-based Infrared Tiny Ship Detection. (arXiv:2209.13756v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.13756
• Code URL: https://github.com/tianhaowu16/multi-level-transunet-for-space-based-infrared-tiny-ship-detection
• Copy Paste: [[2209.13756] MTU-Net: Multi-level TransUNet for Space-based Infrared Tiny Ship Detection](http://arxiv.org/abs/2209.13756)
• Summary:

  Space-based infrared tiny ship detection aims at separating tiny ships from the images captured by earth orbiting satellites. Due to the extremely large image coverage area (e.g., thousands square kilometers), candidate targets in these images are much smaller, dimer, more changeable than those targets observed by aerial-based and land-based imaging devices. Existing short imaging distance-based infrared datasets and target detection methods cannot be well adopted to the space-based surveillance task. To address these problems, we develop a space-based infrared tiny ship detection dataset (namely, NUDT-SIRST-Sea) with 48 space-based infrared images and 17598 pixel-level tiny ship annotations. Each image covers about 10000 square kilometers of area with 10000X10000 pixels. Considering the extreme characteristics (e.g., small, dim, changeable) of those tiny ships in such challenging scenes, we propose a multi-level TransUNet (MTU-Net) in this paper. Specifically, we design a Vision Transformer (ViT) Convolutional Neural Network (CNN) hybrid encoder to extract multi-level features. Local feature maps are first extracted by several convolution layers and then fed into the multi-level feature extraction module (MVTM) to capture long-distance dependency. We further propose a copy-rotate-resize-paste (CRRP) data augmentation approach to accelerate the training phase, which effectively alleviates the issue of sample imbalance between targets and background. Besides, we design a FocalIoU loss to achieve both target localization and shape description. Experimental results on the NUDT-SIRST-Sea dataset show that our MTU-Net outperforms traditional and existing deep learning based SIRST methods in terms of probability of detection, false alarm rate and intersection over union.

Title: CSSAM: U-net Network for Application and Segmentation of Welding Engineering Drawings. (arXiv:2209.14102v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.14102
• Code URL: null
• Copy Paste: [[2209.14102] CSSAM: U-net Network for Application and Segmentation of Welding Engineering Drawings](http://arxiv.org/abs/2209.14102)
• Summary:

  Heavy equipment manufacturing splits specific contours in drawings and cuts sheet metal to scale for welding. Currently, most of the segmentation and extraction of weld map contours is achieved manually. Its efficiency is greatly reduced. Therefore, we propose a U-net-based contour segmentation and extraction method for welding engineering drawings. The contours of the parts required for engineering drawings can be automatically divided and blanked, which significantly improves manufacturing efficiency. U-net includes an encoder-decoder, which implements end-to-end mapping through semantic differences and spatial location feature information between the encoder and decoder. While U-net excels at segmenting medical images, our extensive experiments on the Welding Structural Diagram dataset show that the classic U-Net architecture falls short in segmenting welding engineering drawings. Therefore, we design a novel Channel Spatial Sequence Attention Module (CSSAM) and improve on the classic U-net. At the same time, vertical max pooling and average horizontal pooling are proposed. Pass the pooling operation through two equal convolutions into the CSSAM module. The output and the features before pooling are fused by semantic clustering, which replaces the traditional jump structure and effectively narrows the semantic gap between the encoder and the decoder, thereby improving the segmentation performance of welding engineering drawings. We use vgg16 as the backbone network. Compared with the classic U-net, our network has good performance in engineering drawing dataset segmentation.

Title: Keyword Extraction from Short Texts with~a~Text-To-Text Transfer Transformer. (arXiv:2209.14008v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2209.14008
• Code URL: null
• Copy Paste: [[2209.14008] Keyword Extraction from Short Texts with~a~Text-To-Text Transfer Transformer](http://arxiv.org/abs/2209.14008)
• Summary:

  The paper explores the relevance of the Text-To-Text Transfer Transformer language model (T5) for Polish (plT5) to the task of intrinsic and extrinsic keyword extraction from short text passages. The evaluation is carried out on the new Polish Open Science Metadata Corpus (POSMAC), which is released with this paper: a collection of 216,214 abstracts of scientific publications compiled in the CURLICAT project. We compare the results obtained by four different methods, i.e. plT5kw, extremeText, TermoPL, KeyBERT and conclude that the plT5kw model yields particularly promising results for both frequent and sparsely represented keywords. Furthermore, a plT5kw keyword generation model trained on the POSMAC also seems to produce highly useful results in cross-domain text labelling scenarios. We discuss the performance of the model on news stories and phone-based dialog transcripts which represent text genres and domains extrinsic to the dataset of scientific abstracts. Finally, we also attempt to characterize the challenges of evaluating a text-to-text model on both intrinsic and extrinsic keyword extraction.

membership infer

federate

Title: FAIR-FATE: Fair Federated Learning with Momentum. (arXiv:2209.13678v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.13678
• Code URL: https://github.com/teresalazar13/fair-fate
• Copy Paste: [[2209.13678] FAIR-FATE: Fair Federated Learning with Momentum](http://arxiv.org/abs/2209.13678)
• Summary:

  While fairness-aware machine learning algorithms have been receiving increasing attention, the focus has been on centralized machine learning, leaving decentralized methods underexplored. Federated Learning is a decentralized form of machine learning where clients train local models with a server aggregating them to obtain a shared global model. Data heterogeneity amongst clients is a common characteristic of Federated Learning, which may induce or exacerbate discrimination of unprivileged groups defined by sensitive attributes such as race or gender. In this work we propose FAIR-FATE: a novel FAIR FederATEd Learning algorithm that aims to achieve group fairness while maintaining high utility via a fairness-aware aggregation method that computes the global model by taking into account the fairness of the clients. To achieve that, the global model update is computed by estimating a fair model update using a Momentum term that helps to overcome the oscillations of noisy non-fair gradients. To the best of our knowledge, this is the first approach in machine learning that aims to achieve fairness using a fair Momentum estimate. Experimental results on four real-world datasets demonstrate that FAIR-FATE significantly outperforms state-of-the-art fair Federated Learning algorithms under different levels of data heterogeneity.

Title: FedVeca: Federated Vectorized Averaging on Non-IID Data with Adaptive Bi-directional Global Objective. (arXiv:2209.13803v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.13803
• Code URL: null
• Copy Paste: [[2209.13803] FedVeca: Federated Vectorized Averaging on Non-IID Data with Adaptive Bi-directional Global Objective](http://arxiv.org/abs/2209.13803)
• Summary:

  Federated Learning (FL) is a distributed machine learning framework to alleviate the data silos, where decentralized clients collaboratively learn a global model without sharing their private data. However, the clients' Non-Independent and Identically Distributed (Non-IID) data negatively affect the trained model, and clients with different numbers of local updates may cause significant gaps to the local gradients in each communication round. In this paper, we propose a Federated Vectorized Averaging (FedVeca) method to address the above problem on Non-IID data. Specifically, we set a novel objective for the global model which is related to the local gradients. The local gradient is defined as a bi-directional vector with step size and direction, where the step size is the number of local updates and the direction is divided into positive and negative according to our definition. In FedVeca, the direction is influenced by the step size, thus we average the bi-directional vectors to reduce the effect of different step sizes. Then, we theoretically analyze the relationship between the step sizes and the global objective, and obtain upper bounds on the step sizes per communication round. Based on the upper bounds, we design an algorithm for the server and the client to adaptively adjusts the step sizes that make the objective close to the optimum. Finally, we conduct experiments on different datasets, models and scenarios by building a prototype system, and the experimental results demonstrate the effectiveness and efficiency of the FedVeca method.

fair

Title: A critical appraisal of equity in conversational AI: Evidence from auditing GPT-3's dialogues with different publics on climate change and Black Lives Matter. (arXiv:2209.13627v1 [cs.AI])

• Paper URL: http://arxiv.org/abs/2209.13627
• Code URL: null
• Copy Paste: [[2209.13627] A critical appraisal of equity in conversational AI: Evidence from auditing GPT-3's dialogues with different publics on climate change and Black Lives Matter](http://arxiv.org/abs/2209.13627)
• Summary:

  Autoregressive language models, which use deep learning to produce human-like texts, have become increasingly widespread. Such models are powering popular virtual assistants in areas like smart health, finance, and autonomous driving. While the parameters of these large language models are improving, concerns persist that these models might not work equally for all subgroups in society. Despite growing discussions of AI fairness across disciplines, there lacks systemic metrics to assess what equity means in dialogue systems and how to engage different populations in the assessment loop. Grounded in theories of deliberative democracy and science and technology studies, this paper proposes an analytical framework for unpacking the meaning of equity in human-AI dialogues. Using this framework, we conducted an auditing study to examine how GPT-3 responded to different sub-populations on crucial science and social topics: climate change and the Black Lives Matter (BLM) movement. Our corpus consists of over 20,000 rounds of dialogues between GPT-3 and 3290 individuals who vary in gender, race and ethnicity, education level, English as a first language, and opinions toward the issues. We found a substantively worse user experience with GPT-3 among the opinion and the education minority subpopulations; however, these two groups achieved the largest knowledge gain, changing attitudes toward supporting BLM and climate change efforts after the chat. We traced these user experience divides to conversational differences and found that GPT-3 used more negative expressions when it responded to the education and opinion minority groups, compared to its responses to the majority groups. We discuss the implications of our findings for a deliberative conversational AI system that centralizes diversity, equity, and inclusion.

interpretability

Title: TokenFlow: Rethinking Fine-grained Cross-modal Alignment in Vision-Language Retrieval. (arXiv:2209.13822v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.13822
• Code URL: null
• Copy Paste: [[2209.13822] TokenFlow: Rethinking Fine-grained Cross-modal Alignment in Vision-Language Retrieval](http://arxiv.org/abs/2209.13822)
• Summary:

  Most existing methods in vision-language retrieval match two modalities by either comparing their global feature vectors which misses sufficient information and lacks interpretability, detecting objects in images or videos and aligning the text with fine-grained features which relies on complicated model designs, or modeling fine-grained interaction via cross-attention upon visual and textual tokens which suffers from inferior efficiency. To address these limitations, some recent works simply aggregate the token-wise similarities to achieve fine-grained alignment, but they lack intuitive explanations as well as neglect the relationships between token-level features and global representations with high-level semantics. In this work, we rethink fine-grained cross-modal alignment and devise a new model-agnostic formulation for it. We additionally demystify the recent popular works and subsume them into our scheme. Furthermore, inspired by optimal transport theory, we introduce \emph{TokenFlow}, an instantiation of the proposed scheme. By modifying only the similarity function, the performance of our method is comparable to the SoTA algorithms with heavy model designs on major video-text retrieval benchmarks. The visualization further indicates that \emph{TokenFlow} successfully leverages the fine-grained information and achieves better interpretability.

Title: Recipro-CAM: Gradient-free reciprocal class activation map. (arXiv:2209.14074v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.14074
• Code URL: null
• Copy Paste: [[2209.14074] Recipro-CAM: Gradient-free reciprocal class activation map](http://arxiv.org/abs/2209.14074)
• Summary:

  Convolutional neural network (CNN) becomes one of the most popular and prominent deep learning architectures for computer vision, but its black box feature hides the internal prediction process. For this reason, AI practitioners have shed light on explainable AI to provide the interpretability of the model behavior. In particular, class activation map (CAM) and Grad-CAM based methods have shown promise results, but they have architectural limitation or gradient computing burden. To resolve these, Score-CAM has been suggested as a gradient-free method, however, it requires more execution time compared to CAM or Grad-CAM based methods. Therefore, we propose a lightweight architecture and gradient free Reciprocal CAM (Recipro-CAM) by spatially masking the extracted feature maps to exploit the correlation between activation maps and network outputs. With the proposed method, we achieved the gains of 1:78 - 3:72% in the ResNet family compared to Score-CAM in Average Drop- Coherence-Complexity (ADCC) metric, excluding the VGG-16 (1:39% drop). In addition, Recipro-CAM exhibits a saliency map generation rate similar to Grad-CAM and approximately 148 times faster than Score-CAM.

Title: An Automatic Evaluation of the WMT22 General Machine Translation Task. (arXiv:2209.14172v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2209.14172
• Code URL: null
• Copy Paste: [[2209.14172] An Automatic Evaluation of the WMT22 General Machine Translation Task](http://arxiv.org/abs/2209.14172)
• Summary:

  This report presents an automatic evaluation of the general machine translation task of the Seventh Conference on Machine Translation (WMT22). It evaluates a total of 185 systems for 21 translation directions including high-resource to low-resource language pairs and from closely related to distant languages. This large-scale automatic evaluation highlights some of the current limits of state-of-the-art machine translation systems. It also shows how automatic metrics, namely chrF, BLEU, and COMET, can complement themselves to mitigate their own limits in terms of interpretability and accuracy.

Title: Debiasing Graph Neural Networks via Learning Disentangled Causal Substructure. (arXiv:2209.14107v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.14107
• Code URL: https://github.com/googlebaba/disc
• Copy Paste: [[2209.14107] Debiasing Graph Neural Networks via Learning Disentangled Causal Substructure](http://arxiv.org/abs/2209.14107)
• Summary:

  Most Graph Neural Networks (GNNs) predict the labels of unseen graphs by learning the correlation between the input graphs and labels. However, by presenting a graph classification investigation on the training graphs with severe bias, surprisingly, we discover that GNNs always tend to explore the spurious correlations to make decision, even if the causal correlation always exists. This implies that existing GNNs trained on such biased datasets will suffer from poor generalization capability. By analyzing this problem in a causal view, we find that disentangling and decorrelating the causal and bias latent variables from the biased graphs are both crucial for debiasing. Inspiring by this, we propose a general disentangled GNN framework to learn the causal substructure and bias substructure, respectively. Particularly, we design a parameterized edge mask generator to explicitly split the input graph into causal and bias subgraphs. Then two GNN modules supervised by causal/bias-aware loss functions respectively are trained to encode causal and bias subgraphs into their corresponding representations. With the disentangled representations, we synthesize the counterfactual unbiased training samples to further decorrelate causal and bias variables. Moreover, to better benchmark the severe bias problem, we construct three new graph datasets, which have controllable bias degrees and are easier to visualize and explain. Experimental results well demonstrate that our approach achieves superior generalization performance over existing baselines. Furthermore, owing to the learned edge mask, the proposed model has appealing interpretability and transferability. Code and data are available at: https://github.com/googlebaba/DisC.

exlainability

watermark