secure

Title: A Secure Federated Learning Framework for Residential Short Term Load Forecasting. (arXiv:2209.14547v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.14547
• Code URL: null
• Copy Paste: [[2209.14547] A Secure Federated Learning Framework for Residential Short Term Load Forecasting](http://arxiv.org/abs/2209.14547)
• Summary:

  Smart meter measurements, though critical for accurate demand forecasting, face several drawbacks including consumers' privacy, data breach issues, to name a few. Recent literature has explored Federated Learning (FL) as a promising privacy-preserving machine learning alternative which enables collaborative learning of a model without exposing private raw data for short term load forecasting. Despite its virtue, standard FL is still vulnerable to an intractable cyber threat known as Byzantine attack carried out by faulty and/or malicious clients. Therefore, to improve the robustness of federated short-term load forecasting against Byzantine threats, we develop a state-of-the-art differentially private secured FL-based framework that ensures the privacy of the individual smart meter's data while protect the security of FL models and architecture. Our proposed framework leverages the idea of gradient quantization through the Sign Stochastic Gradient Descent (SignSGD) algorithm, where the clients only transmit the `sign' of the gradient to the control centre after local model training. As we highlight through our experiments involving benchmark neural networks with a set of Byzantine attack models, our proposed approach mitigates such threats quite effectively and thus outperforms conventional Fed-SGD models.

Title: OpenDSU: Digital Sovereignty in PharmaLedger. (arXiv:2209.14879v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.14879
• Code URL: null
• Copy Paste: [[2209.14879] OpenDSU: Digital Sovereignty in PharmaLedger](http://arxiv.org/abs/2209.14879)
• Summary:

  Distributed ledger networks, chiefly those based on blockchain technologies, currently are heralding a next generation of computer systems that aims to suit modern users' demands. Over the recent years, several technologies for blockchains, off-chaining strategies, as well as decentralised and respectively self-sovereign identity systems have shot up so fast that standardisation of the protocols is lagging behind, severely hampering the interoperability of different approaches. Moreover, most of the currently available solutions for distributed ledgers focus on either home users or enterprise use case scenarios, failing to provide integrative solutions addressing the needs of both.

Herein we introduce the OpenDSU platform that allows to interoperate generic blockchain technologies, organised - and possibly cascaded in a hierarchical fashion - in domains. To achieve this flexibility, we seamlessly integrated a set of well conceived OpenDSU components to orchestrate off-chain data with granularly resolved and cryptographically secure access levels that are nested with sovereign identities across the different domains.

Employing our platform to PharmaLedger, an inter-European network for the standardisation of data handling in the pharmaceutical industry and in healthcare, we demonstrate that OpenDSU can cope with generic demands of heterogeneous use cases in both, performance and handling substantially different business policies. Importantly, whereas available solutions commonly require a pre-defined and fixed set of components, no such vendor lock-in restrictions on the blockchain technology or identity system exist in OpenDSU, making systems built on it flexibly adaptable to new standards evolving in the future.

security

Title: Compressed Gastric Image Generation Based on Soft-Label Dataset Distillation for Medical Data Sharing. (arXiv:2209.14635v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.14635
• Code URL: https://github.com/Guang000/Awesome-Dataset-Distillation
• Copy Paste: [[2209.14635] Compressed Gastric Image Generation Based on Soft-Label Dataset Distillation for Medical Data Sharing](http://arxiv.org/abs/2209.14635)
• Summary:

  Background and objective: Sharing of medical data is required to enable the cross-agency flow of healthcare information and construct high-accuracy computer-aided diagnosis systems. However, the large sizes of medical datasets, the massive amount of memory of saved deep convolutional neural network (DCNN) models, and patients' privacy protection are problems that can lead to inefficient medical data sharing. Therefore, this study proposes a novel soft-label dataset distillation method for medical data sharing. Methods: The proposed method distills valid information of medical image data and generates several compressed images with different data distributions for anonymous medical data sharing. Furthermore, our method can extract essential weights of DCNN models to reduce the memory required to save trained models for efficient medical data sharing. Results: The proposed method can compress tens of thousands of images into several soft-label images and reduce the size of a trained model to a few hundredths of its original size. The compressed images obtained after distillation have been visually anonymized; therefore, they do not contain the private information of the patients. Furthermore, we can realize high-detection performance with a small number of compressed images. Conclusions: The experimental results show that the proposed method can improve the efficiency and security of medical data sharing.

Title: FastPacket: Towards Pre-trained Packets Embedding based on FastText for next-generation NIDS. (arXiv:2209.14727v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.14727
• Code URL: null
• Copy Paste: [[2209.14727] FastPacket: Towards Pre-trained Packets Embedding based on FastText for next-generation NIDS](http://arxiv.org/abs/2209.14727)
• Summary:

  New Attacks are increasingly used by attackers everyday but many of them are not detected by Intrusion Detection Systems as most IDS ignore raw packet information and only care about some basic statistical information extracted from PCAP files. Using networking programs to extract fixed statistical features from packets is good, but may not enough to detect nowadays challenges. We think that it is time to utilize big data and deep learning for automatic dynamic feature extraction from packets. It is time to get inspired by deep learning pre-trained models in computer vision and natural language processing, so security deep learning solutions will have its pre-trained models on big datasets to be used in future researches. In this paper, we proposed a new approach for embedding packets based on character-level embeddings, inspired by FastText success on text data. We called this approach FastPacket. Results are measured on subsets of CIC-IDS-2017 dataset, but we expect promising results on big data pre-trained models. We suggest building pre-trained FastPacket on MAWI big dataset and make it available to community, similar to FastText. To be able to outperform currently used NIDS, to start a new era of packet-level NIDS that can better detect complex attacks.

Title: ThreatPro: Multi-Layer Threat Analysis in the Cloud. (arXiv:2209.14795v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.14795
• Code URL: null
• Copy Paste: [[2209.14795] ThreatPro: Multi-Layer Threat Analysis in the Cloud](http://arxiv.org/abs/2209.14795)
• Summary:

  Many effective Threat Analysis (TA) techniques exist that focus on analyzing threats to targeted assets (e.g., components, services). These techniques consider static interconnections among the assets. However, in dynamic environments, such as the Cloud, resources can instantiate, migrate across physical hosts, or decommission to provide rapid resource elasticity to the users. It is evident that existing TA techniques cannot address all these requirements. In addition, there is an increasing number of complex multi-layer/multi-asset attacks on Cloud systems, such as the Equifax data breach. Hence, there is a need for threat analysis approaches that are designed to analyze threats in complex, dynamic, and multi-layer Cloud environments. In this paper, we propose ThreatPro that addresses the analysis of multi-layer attacks and supports dynamic interconnections in the Cloud. ThreatPro facilitates threat analysis by developing a technology-agnostic information flow model, which represents the Cloud's functionality through a set of conditional transitions. The model establishes the basis to capture the multi-layer and dynamic interconnections during the life-cycle of a Virtual Machine (VM). Specifically, ThreatPro contributes in (a) enabling the exploration of a threat's behavior and its propagation across the Cloud, and (b) assessing the security of the Cloud by analyzing the impact of multiple threats across various operational layers/assets. Using public information on threats from the National Vulnerability Database (NVD), we validate ThreatPro's capabilities, i.e., (a) identify and trace actual Cloud attacks and (b) speculatively postulate alternate potential attack paths.

Title: IvySyn: Automated Vulnerability Discovery for Deep Learning Frameworks. (arXiv:2209.14921v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.14921
• Code URL: null
• Copy Paste: [[2209.14921] IvySyn: Automated Vulnerability Discovery for Deep Learning Frameworks](http://arxiv.org/abs/2209.14921)
• Summary:

  We present IvySyn: the first fully-automated framework for vulnerability discovery in Deep Learning (DL) frameworks. IvySyn leverages the statically-typed nature of native APIs in order to automatically perform type-aware mutation-based fuzzing on low-level kernel APIs. Given a set of offending inputs that trigger memory safety and fatal runtime errors in low-level, native DL (C/C++) code, IvySyn automatically synthesizes code snippets in high-level languages (e.g., in Python), which propagate offending inputs via high(er)-level APIs. Such code snippets essentially act as Proof of Vulnerability, as they demonstrate the existence of bugs in native code that attackers can target through various high-level APIs. Our experimental evaluation shows that IvySyn significantly outperforms past approaches, both in terms of efficiency and effectiveness, in finding real vulnerabilities in popular DL frameworks. Specifically, we used IvySyn to test TensorFlow and PyTorch: although still an early research prototype, IvySyn has already helped the corresponding TensorFlow and PyTorch framework developers to identify and fix 58 previously-unknown security vulnerabilities, and assign 36 unique CVEs.

privacy

Title: Dataset Distillation for Medical Dataset Sharing. (arXiv:2209.14603v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.14603
• Code URL: null
• Copy Paste: [[2209.14603] Dataset Distillation for Medical Dataset Sharing](http://arxiv.org/abs/2209.14603)
• Summary:

  Sharing medical datasets between hospitals is challenging because of the privacy-protection problem and the massive cost of transmitting and storing many high-resolution medical images. However, dataset distillation can synthesize a small dataset such that models trained on it achieve comparable performance with the original large dataset, which shows potential for solving the existing medical sharing problems. Hence, this paper proposes a novel dataset distillation-based method for medical dataset sharing. Experimental results on a COVID-19 chest X-ray image dataset show that our method can achieve high detection performance even using scarce anonymized chest X-ray images.

Title: CacheQL: Quantifying and Localizing Cache Side-Channel Vulnerabilities in Production Software. (arXiv:2209.14952v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.14952
• Code URL: null
• Copy Paste: [[2209.14952] CacheQL: Quantifying and Localizing Cache Side-Channel Vulnerabilities in Production Software](http://arxiv.org/abs/2209.14952)
• Summary:

  Cache side-channel attacks extract secrets by examining how victim software accesses cache. To date, practical attacks on cryptosystems and media libraries are demonstrated under different scenarios, inferring secret keys and reconstructing private media data such as images.

This work first presents eight criteria for designing a full-fledged detector for cache side-channel vulnerabilities. Then, we propose CacheQL, a novel detector that meets all of these criteria. CacheQL precisely quantifies information leaks of binary code, by characterizing the distinguishability of logged side channel traces. Moreover, CacheQL models leakage as a cooperative game, allowing information leakage to be precisely distributed to program points vulnerable to cache side channels. CacheQL is meticulously optimized to analyze whole side channel traces logged from production software (where each trace can have millions of records), and it alleviates randomness introduced by cryptographic blinding, ORAM, or real-world noises.

Our evaluation quantifies side-channel leaks of production cryptographic and media software. We further localize vulnerabilities reported by previous detectors and also identify a few hundred new leakage sites in recent OpenSSL (ver. 3.0.0), MbedTLS (ver. 3.0.0), Libgcrypt (ver. 1.9.4). Many of our localized program points are within the pre-processing modules of cryptosystems, which are not analyzed by existing works due to scalability. We also localize vulnerabilities in Libjpeg (ver. 2.1.2) that leak privacy about input images.

Title: No Free Lunch in "Privacy for Free: How does Dataset Condensation Help Privacy". (arXiv:2209.14987v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.14987
• Code URL: null
• Copy Paste: [[2209.14987] No Free Lunch in "Privacy for Free: How does Dataset Condensation Help Privacy"](http://arxiv.org/abs/2209.14987)
• Summary:

  New methods designed to preserve data privacy require careful scrutiny. Failure to preserve privacy is hard to detect, and yet can lead to catastrophic results when a system implementing a ``privacy-preserving'' method is attacked. A recent work selected for an Outstanding Paper Award at ICML 2022 (Dong et al., 2022) claims that dataset condensation (DC) significantly improves data privacy when training machine learning models. This claim is supported by theoretical analysis of a specific dataset condensation technique and an empirical evaluation of resistance to some existing membership inference attacks.

In this note we examine the claims in the work of Dong et al. (2022) and describe major flaws in the empirical evaluation of the method and its theoretical analysis. These flaws imply that their work does not provide statistically significant evidence that DC improves the privacy of training ML models over a naive baseline. Moreover, previously published results show that DP-SGD, the standard approach to privacy preserving ML, simultaneously gives better accuracy and achieves a (provably) lower membership attack success rate.

protect

Title: Access Control with Encrypted Feature Maps for Object Detection Models. (arXiv:2209.14831v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.14831
• Code URL: null
• Copy Paste: [[2209.14831] Access Control with Encrypted Feature Maps for Object Detection Models](http://arxiv.org/abs/2209.14831)
• Summary:

  In this paper, we propose an access control method with a secret key for object detection models for the first time so that unauthorized users without a secret key cannot benefit from the performance of trained models. The method enables us not only to provide a high detection performance to authorized users but to also degrade the performance for unauthorized users. The use of transformed images was proposed for the access control of image classification models, but these images cannot be used for object detection models due to performance degradation. Accordingly, in this paper, selected feature maps are encrypted with a secret key for training and testing models, instead of input images. In an experiment, the protected models allowed authorized users to obtain almost the same performance as that of non-protected models but also with robustness against unauthorized access without a key.

defense

attack

Title: Digital and Physical Face Attacks: Reviewing and One Step Further. (arXiv:2209.14692v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.14692
• Code URL: null
• Copy Paste: [[2209.14692] Digital and Physical Face Attacks: Reviewing and One Step Further](http://arxiv.org/abs/2209.14692)
• Summary:

  With the rapid progress over the past five years, face authentication has become the most pervasive biometric recognition method. Thanks to the high-accuracy recognition performance and user-friendly usage, automatic face recognition (AFR) has exploded into a plethora of practical applications over device unlocking, checking-in, and financial payment. In spite of the tremendous success of face authentication, a variety of face presentation attacks (FPA), such as print attacks, replay attacks, and 3D mask attacks, have raised pressing mistrust concerns. Besides physical face attacks, face videos/images are vulnerable to a wide variety of digital attack techniques launched by malicious hackers, causing potential menace to the public at large. Due to the unrestricted access to enormous digital face images/videos and disclosed easy-to-use face manipulation tools circulating on the internet, non-expert attackers without any prior professional skills are able to readily create sophisticated fake faces, leading to numerous dangerous applications such as financial fraud, impersonation, and identity theft. This survey aims to build the integrity of face forensics by providing thorough analyses of existing literature and highlighting the issues requiring further attention. In this paper, we first comprehensively survey both physical and digital face attack types and datasets. Then, we review the latest and most advanced progress on existing counter-attack methodologies and highlight their current limits. Moreover, we outline possible future research directions for existing and upcoming challenges in the face forensics community. Finally, the necessity of joint physical and digital face attack detection has been discussed, which has never been studied in previous surveys.

Title: Chameleon Cache: Approximating Fully Associative Caches with Random Replacement to Prevent Contention-Based Cache Attacks. (arXiv:2209.14673v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2209.14673
• Code URL: null
• Copy Paste: [[2209.14673] Chameleon Cache: Approximating Fully Associative Caches with Random Replacement to Prevent Contention-Based Cache Attacks](http://arxiv.org/abs/2209.14673)
• Summary:

  Randomized, skewed caches (RSCs) such as CEASER-S have recently received much attention to defend against contention-based cache side channels. By randomizing and regularly changing the mapping(s) of addresses to cache sets, these techniques are designed to obfuscate the leakage of memory access patterns. However, new attack techniques, e.g., Prime+Prune+Probe, soon demonstrated the limits of RSCs as they allow attackers to more quickly learn which addresses contend in the cache and use this information to circumvent the randomization. To yet maintain side-channel resilience, RSCs must change the random mapping(s) more frequently with adverse effects on performance and implementation complexity. This work aims to make randomization-based approaches more robust to allow for reduced re-keying rates and presents Chameleon Cache. Chameleon Cache extends RSCs with a victim cache (VC) to decouple contention in the RSC from evictions observed by the user. The VC allows Chameleon Cache to make additional use of the multiple mappings RSCs provide to translate addresses to cache set indices: when a cache line is evicted from the RSC to the VC under one of its mappings, the VC automatically reinserts this evicted line back into the RSC by using a different mapping. As a result, the effects of previous RSC set contention are hidden and Chameleon Cache exhibits side-channel resistance and eviction patterns similar to fully associative caches with random replacement. We show that Chameleon Cache has performance overheads of < 1% and stress that VCs are more generically helpful to increase side-channel resistance and re-keying intervals of randomized caches.

Title: Towards Lightweight Black-Box Attacks against Deep Neural Networks. (arXiv:2209.14826v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.14826
• Code URL: null
• Copy Paste: [[2209.14826] Towards Lightweight Black-Box Attacks against Deep Neural Networks](http://arxiv.org/abs/2209.14826)
• Summary:

  Black-box attacks can generate adversarial examples without accessing the parameters of target model, largely exacerbating the threats of deployed deep neural networks (DNNs). However, previous works state that black-box attacks fail to mislead target models when their training data and outputs are inaccessible. In this work, we argue that black-box attacks can pose practical attacks in this extremely restrictive scenario where only several test samples are available. Specifically, we find that attacking the shallow layers of DNNs trained on a few test samples can generate powerful adversarial examples. As only a few samples are required, we refer to these attacks as lightweight black-box attacks. The main challenge to promoting lightweight attacks is to mitigate the adverse impact caused by the approximation error of shallow layers. As it is hard to mitigate the approximation error with few available samples, we propose Error TransFormer (ETF) for lightweight attacks. Namely, ETF transforms the approximation error in the parameter space into a perturbation in the feature space and alleviates the error by disturbing features. In experiments, lightweight black-box attacks with the proposed ETF achieve surprising results. For example, even if only 1 sample per category available, the attack success rate in lightweight black-box attacks is only about 3% lower than that of the black-box attacks with complete training data.

robust

Title: UNesT: Local Spatial Representation Learning with Hierarchical Transformer for Efficient Medical Segmentation. (arXiv:2209.14378v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.14378
• Code URL: https://github.com/project-monai/model-zoo
• Copy Paste: [[2209.14378] UNesT: Local Spatial Representation Learning with Hierarchical Transformer for Efficient Medical Segmentation](http://arxiv.org/abs/2209.14378)
• Summary:

  Transformer-based models, capable of learning better global dependencies, have recently demonstrated exceptional representation learning capabilities in computer vision and medical image analysis. Transformer reformats the image into separate patches and realize global communication via the self-attention mechanism. However, positional information between patches is hard to preserve in such 1D sequences, and loss of it can lead to sub-optimal performance when dealing with large amounts of heterogeneous tissues of various sizes in 3D medical image segmentation. Additionally, current methods are not robust and efficient for heavy-duty medical segmentation tasks such as predicting a large number of tissue classes or modeling globally inter-connected tissues structures. Inspired by the nested hierarchical structures in vision transformer, we proposed a novel 3D medical image segmentation method (UNesT), employing a simplified and faster-converging transformer encoder design that achieves local communication among spatially adjacent patch sequences by aggregating them hierarchically. We extensively validate our method on multiple challenging datasets, consisting anatomies of 133 structures in brain, 14 organs in abdomen, 4 hierarchical components in kidney, and inter-connected kidney tumors). We show that UNesT consistently achieves state-of-the-art performance and evaluate its generalizability and data efficiency. Particularly, the model achieves whole brain segmentation task complete ROI with 133 tissue classes in single network, outperforms prior state-of-the-art method SLANT27 ensembled with 27 network tiles, our model performance increases the mean DSC score of the publicly available Colin and CANDI dataset from 0.7264 to 0.7444 and from 0.6968 to 0.7025, respectively.

Title: Semantics-Guided Object Removal for Facial Images: with Broad Applicability and Robust Style Preservation. (arXiv:2209.14479v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.14479
• Code URL: null
• Copy Paste: [[2209.14479] Semantics-Guided Object Removal for Facial Images: with Broad Applicability and Robust Style Preservation](http://arxiv.org/abs/2209.14479)
• Summary:

  Object removal and image inpainting in facial images is a task in which objects that occlude a facial image are specifically targeted, removed, and replaced by a properly reconstructed facial image. Two different approaches utilizing U-net and modulated generator respectively have been widely endorsed for this task for their unique advantages but notwithstanding each method's innate disadvantages. U-net, a conventional approach for conditional GANs, retains fine details of unmasked regions but the style of the reconstructed image is inconsistent with the rest of the original image and only works robustly when the size of the occluding object is small enough. In contrast, the modulated generative approach can deal with a larger occluded area in an image and provides {a} more consistent style, yet it usually misses out on most of the detailed features. This trade-off between these two models necessitates an invention of a model that can be applied to any size of mask while maintaining a consistent style and preserving minute details of facial features. Here, we propose Semantics-Guided Inpainting Network (SGIN) which itself is a modification of the modulated generator, aiming to take advantage of its advanced generative capability and preserve the high-fidelity details of the original image. By using the guidance of a semantic map, our model is capable of manipulating facial features which grants direction to the one-to-many problem for further practicability.

Title: Dataset Distillation using Parameter Pruning. (arXiv:2209.14609v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.14609
• Code URL: null
• Copy Paste: [[2209.14609] Dataset Distillation using Parameter Pruning](http://arxiv.org/abs/2209.14609)
• Summary:

  The acquisition of advanced models relies on large datasets in many fields, which makes storing datasets and training models expensive. As a solution, dataset distillation can synthesize a small dataset such that models trained on it achieve high performance on par with the original large dataset. The recently proposed dataset distillation method by matching network parameters has been proved effective for several datasets. However, a few parameters in the distillation process are difficult to match, which harms the distillation performance. Based on this observation, this paper proposes a new method to solve the problem using parameter pruning. The proposed method can synthesize more robust distilled datasets and improve the distillation performance by pruning difficult-to-match parameters in the distillation process. Experimental results on three datasets show that the proposed method outperformed other SOTA dataset distillation methods.

Title: Prompt-guided Scene Generation for 3D Zero-Shot Learning. (arXiv:2209.14690v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.14690
• Code URL: null
• Copy Paste: [[2209.14690] Prompt-guided Scene Generation for 3D Zero-Shot Learning](http://arxiv.org/abs/2209.14690)
• Summary:

  Zero-shot learning on 3D point cloud data is a related underexplored problem compared to its 2D image counterpart. 3D data brings new challenges for ZSL due to the unavailability of robust pre-trained feature extraction models. To address this problem, we propose a prompt-guided 3D scene generation and supervision method that augments 3D data to learn the network better, exploring the complex interplay of seen and unseen objects. First, we merge point clouds of two 3D models in certain ways described by a prompt. The prompt acts like the annotation describing each 3D scene. Later, we perform contrastive learning to train our proposed architecture in an end-to-end manner. We argue that 3D scenes can relate objects more efficiently than single objects because popular language models (like BERT) can achieve high performance when objects appear in a context. Our proposed prompt-guided scene generation method encapsulates data augmentation and prompt-based annotation/captioning to improve 3D ZSL performance. We have achieved state-of-the-art ZSL and generalized ZSL performance on synthetic (ModelNet40, ModelNet10) and real-scanned (ScanOjbectNN) 3D object datasets.

Title: Greybox XAI: a Neural-Symbolic learning framework to produce interpretable predictions for image classification. (arXiv:2209.14974v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.14974
• Code URL: null
• Copy Paste: [[2209.14974] Greybox XAI: a Neural-Symbolic learning framework to produce interpretable predictions for image classification](http://arxiv.org/abs/2209.14974)
• Summary:

  Although Deep Neural Networks (DNNs) have great generalization and prediction capabilities, their functioning does not allow a detailed explanation of their behavior. Opaque deep learning models are increasingly used to make important predictions in critical environments, and the danger is that they make and use predictions that cannot be justified or legitimized. Several eXplainable Artificial Intelligence (XAI) methods that separate explanations from machine learning models have emerged, but have shortcomings in faithfulness to the model actual functioning and robustness. As a result, there is a widespread agreement on the importance of endowing Deep Learning models with explanatory capabilities so that they can themselves provide an answer to why a particular prediction was made. First, we address the problem of the lack of universal criteria for XAI by formalizing what an explanation is. We also introduced a set of axioms and definitions to clarify XAI from a mathematical perspective. Finally, we present the Greybox XAI, a framework that composes a DNN and a transparent model thanks to the use of a symbolic Knowledge Base (KB). We extract a KB from the dataset and use it to train a transparent model (i.e., a logistic regression). An encoder-decoder architecture is trained on RGB images to produce an output similar to the KB used by the transparent model. Once the two models are trained independently, they are used compositionally to form an explainable predictive model. We show how this new architecture is accurate and explainable in several datasets.

Title: Neural Media Bias Detection Using Distant Supervision With BABE -- Bias Annotations By Experts. (arXiv:2209.14557v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2209.14557
• Code URL: https://github.com/media-bias-analysis-group/neural-media-bias-detection-using-distant-supervision-with-babe
• Copy Paste: [[2209.14557] Neural Media Bias Detection Using Distant Supervision With BABE -- Bias Annotations By Experts](http://arxiv.org/abs/2209.14557)
• Summary:

  Media coverage has a substantial effect on the public perception of events. Nevertheless, media outlets are often biased. One way to bias news articles is by altering the word choice. The automatic identification of bias by word choice is challenging, primarily due to the lack of a gold standard data set and high context dependencies. This paper presents BABE, a robust and diverse data set created by trained experts, for media bias research. We also analyze why expert labeling is essential within this domain. Our data set offers better annotation quality and higher inter-annotator agreement than existing work. It consists of 3,700 sentences balanced among topics and outlets, containing media bias labels on the word and sentence level. Based on our data, we also introduce a way to detect bias-inducing sentences in news articles automatically. Our best performing BERT-based model is pre-trained on a larger corpus consisting of distant labels. Fine-tuning and evaluating the model on our proposed supervised data set, we achieve a macro F1-score of 0.804, outperforming existing methods.

Title: Perturbations and Subpopulations for Testing Robustness in Token-Based Argument Unit Recognition. (arXiv:2209.14780v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2209.14780
• Code URL: https://github.com/jbkamp/repo-rob-token-aur
• Copy Paste: [[2209.14780] Perturbations and Subpopulations for Testing Robustness in Token-Based Argument Unit Recognition](http://arxiv.org/abs/2209.14780)
• Summary:

  Argument Unit Recognition and Classification aims at identifying argument units from text and classifying them as pro or against. One of the design choices that need to be made when developing systems for this task is what the unit of classification should be: segments of tokens or full sentences. Previous research suggests that fine-tuning language models on the token-level yields more robust results for classifying sentences compared to training on sentences directly. We reproduce the study that originally made this claim and further investigate what exactly token-based systems learned better compared to sentence-based ones. We develop systematic tests for analysing the behavioural differences between the token-based and the sentence-based system. Our results show that token-based models are generally more robust than sentence-based models both on manually perturbed examples and on specific subpopulations of the data.

Title: How Powerful is Implicit Denoising in Graph Neural Networks. (arXiv:2209.14514v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.14514
• Code URL: null
• Copy Paste: [[2209.14514] How Powerful is Implicit Denoising in Graph Neural Networks](http://arxiv.org/abs/2209.14514)
• Summary:

  Graph Neural Networks (GNNs), which aggregate features from neighbors, are widely used for graph-structured data processing due to their powerful representation learning capabilities. It is generally believed that GNNs can implicitly remove the non-predictive noises. However, the analysis of implicit denoising effect in graph neural networks remains open. In this work, we conduct a comprehensive theoretical study and analyze when and why the implicit denoising happens in GNNs. Specifically, we study the convergence properties of noise matrix. Our theoretical analysis suggests that the implicit denoising largely depends on the connectivity, the graph size, and GNN architectures. Moreover, we formally define and propose the adversarial graph signal denoising (AGSD) problem by extending graph signal denoising problem. By solving such a problem, we derive a robust graph convolution, where the smoothness of the node representations and the implicit denoising effect can be enhanced. Extensive empirical evaluations verify our theoretical analyses and the effectiveness of our proposed model.

Title: Transformer Meets Boundary Value Inverse Problems. (arXiv:2209.14977v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.14977
• Code URL: null
• Copy Paste: [[2209.14977] Transformer Meets Boundary Value Inverse Problems](http://arxiv.org/abs/2209.14977)
• Summary:

  A Transformer-based deep direct sampling method is proposed for solving a class of boundary value inverse problem. A real-time reconstruction is achieved by evaluating the learned inverse operator between carefully designed data and the reconstructed images. An effort is made to give a case study for a fundamental and critical question: whether and how one can benefit from the theoretical structure of a mathematical problem to develop task-oriented and structure-conforming deep neural network? Inspired by direct sampling methods for inverse problems, the 1D boundary data are preprocessed by a partial differential equation-based feature map to yield 2D harmonic extensions in different frequency input channels. Then, by introducing learnable non-local kernel, the approximation of direct sampling is recast to a modified attention mechanism. The proposed method is then applied to electrical impedance tomography, a well-known severely ill-posed nonlinear inverse problem. The new method achieves superior accuracy over its predecessors and contemporary operator learners, as well as shows robustness with respect to noise. This research shall strengthen the insights that the attention mechanism, despite being invented for natural language processing tasks, offers great flexibility to be modified in conformity with the a priori mathematical knowledge, which ultimately leads to the design of more physics-compatible neural architectures.

biometric

steal

extraction

Title: Efficient Medical Image Assessment via Self-supervised Learning. (arXiv:2209.14434v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.14434
• Code URL: null
• Copy Paste: [[2209.14434] Efficient Medical Image Assessment via Self-supervised Learning](http://arxiv.org/abs/2209.14434)
• Summary:

  High-performance deep learning methods typically rely on large annotated training datasets, which are difficult to obtain in many clinical applications due to the high cost of medical image labeling. Existing data assessment methods commonly require knowing the labels in advance, which are not feasible to achieve our goal of 'knowing which data to label.' To this end, we formulate and propose a novel and efficient data assessment strategy, EXponentiAl Marginal sINgular valuE (EXAMINE) score, to rank the quality of unlabeled medical image data based on their useful latent representations extracted via Self-supervised Learning (SSL) networks. Motivated by theoretical implication of SSL embedding space, we leverage a Masked Autoencoder for feature extraction. Furthermore, we evaluate data quality based on the marginal change of the largest singular value after excluding the data point in the dataset. We conduct extensive experiments on a pathology dataset. Our results indicate the effectiveness and efficiency of our proposed methods for selecting the most valuable data to label.

Title: Out-of-Distribution Detection for LiDAR-based 3D Object Detection. (arXiv:2209.14435v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.14435
• Code URL: null
• Copy Paste: [[2209.14435] Out-of-Distribution Detection for LiDAR-based 3D Object Detection](http://arxiv.org/abs/2209.14435)
• Summary:

  3D object detection is an essential part of automated driving, and deep neural networks (DNNs) have achieved state-of-the-art performance for this task. However, deep models are notorious for assigning high confidence scores to out-of-distribution (OOD) inputs, that is, inputs that are not drawn from the training distribution. Detecting OOD inputs is challenging and essential for the safe deployment of models. OOD detection has been studied extensively for the classification task, but it has not received enough attention for the object detection task, specifically LiDAR-based 3D object detection. In this paper, we focus on the detection of OOD inputs for LiDAR-based 3D object detection. We formulate what OOD inputs mean for object detection and propose to adapt several OOD detection methods for object detection. We accomplish this by our proposed feature extraction method. To evaluate OOD detection methods, we develop a simple but effective technique of generating OOD objects for a given object detection model. Our evaluation based on the KITTI dataset shows that different OOD detection methods have biases toward detecting specific OOD objects. It emphasizes the importance of combined OOD detection methods and more research in this direction.

Title: Mask-Guided Image Person Removal with Data Synthesis. (arXiv:2209.14890v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2209.14890
• Code URL: null
• Copy Paste: [[2209.14890] Mask-Guided Image Person Removal with Data Synthesis](http://arxiv.org/abs/2209.14890)
• Summary:

  As a special case of common object removal, image person removal is playing an increasingly important role in social media and criminal investigation domains. Due to the integrity of person area and the complexity of human posture, person removal has its own dilemmas. In this paper, we propose a novel idea to tackle these problems from the perspective of data synthesis. Concerning the lack of dedicated dataset for image person removal, two dataset production methods are proposed to automatically generate images, masks and ground truths respectively. Then, a learning framework similar to local image degradation is proposed so that the masks can be used to guide the feature extraction process and more texture information can be gathered for final prediction. A coarse-to-fine training strategy is further applied to refine the details. The data synthesis and learning framework combine well with each other. Experimental results verify the effectiveness of our method quantitatively and qualitatively, and the trained network proves to have good generalization ability either on real or synthetic images.

Title: TERMinator: A system for scientific texts processing. (arXiv:2209.14854v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2209.14854
• Code URL: https://github.com/iis-research-team/terminator
• Copy Paste: [[2209.14854] TERMinator: A system for scientific texts processing](http://arxiv.org/abs/2209.14854)
• Summary:

  This paper is devoted to the extraction of entities and semantic relations between them from scientific texts, where we consider scientific terms as entities. In this paper, we present a dataset that includes annotations for two tasks and develop a system called TERMinator for the study of the influence of language models on term recognition and comparison of different approaches for relation extraction. Experiments show that language models pre-trained on the target language are not always show the best performance. Also adding some heuristic approaches may improve the overall quality of the particular task. The developed tool and the annotated corpus are publicly available at https://github.com/iis-research-team/terminator and may be useful for other researchers.

Title: DR.BENCH: Diagnostic Reasoning Benchmark for Clinical Natural Language Processing. (arXiv:2209.14901v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2209.14901
• Code URL: null
• Copy Paste: [[2209.14901] DR](http://arxiv.org/abs/2209.14901)
• Summary:

  The meaningful use of electronic health records (EHR) continues to progress in the digital era with clinical decision support systems augmented by artificial intelligence. A priority in improving provider experience is to overcome information overload and reduce the cognitive burden so fewer medical errors and cognitive biases are introduced during patient care. One major type of medical error is diagnostic error due to systematic or predictable errors in judgment that rely on heuristics. The potential for clinical natural language processing (cNLP) to model diagnostic reasoning in humans with forward reasoning from data to diagnosis and potentially reduce the cognitive burden and medical error has not been investigated. Existing tasks to advance the science in cNLP have largely focused on information extraction and named entity recognition through classification tasks. We introduce a novel suite of tasks coined as Diagnostic Reasoning Benchmarks, DR.BENCH, as a new benchmark for developing and evaluating cNLP models with clinical diagnostic reasoning ability. The suite includes six tasks from ten publicly available datasets addressing clinical text understanding, medical knowledge reasoning, and diagnosis generation. DR.BENCH is the first clinical suite of tasks designed to be a natural language generation framework to evaluate pre-trained language models. Experiments with state-of-the-art pre-trained generative language models using large general domain models and models that were continually trained on a medical corpus demonstrate opportunities for improvement when evaluated in DR. BENCH. We share DR. BENCH as a publicly available GitLab repository with a systematic approach to load and evaluate models for the cNLP community.

membership infer

federate

Title: Meta Knowledge Condensation for Federated Learning. (arXiv:2209.14851v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.14851
• Code URL: null
• Copy Paste: [[2209.14851] Meta Knowledge Condensation for Federated Learning](http://arxiv.org/abs/2209.14851)
• Summary:

  Existing federated learning paradigms usually extensively exchange distributed models at a central solver to achieve a more powerful model. However, this would incur severe communication burden between a server and multiple clients especially when data distributions are heterogeneous. As a result, current federated learning methods often require a large number of communication rounds in training. Unlike existing paradigms, we introduce an alternative perspective to significantly decrease the communication cost in federate learning. In this work, we first introduce a meta knowledge representation method that extracts meta knowledge from distributed clients. The extracted meta knowledge encodes essential information that can be used to improve the current model. As the training progresses, the contributions of training samples to a federated model also vary. Thus, we introduce a dynamic weight assignment mechanism that enables samples to contribute adaptively to the current model update. Then, informative meta knowledge from all active clients is sent to the server for model update. Training a model on the combined meta knowledge without exposing original data among different clients can significantly mitigate the heterogeneity issues. Moreover, to further ameliorate data heterogeneity, we also exchange meta knowledge among clients as conditional initialization for local meta knowledge extraction. Extensive experiments demonstrate the effectiveness and efficiency of our proposed method. Remarkably, our method outperforms the state-of-the-art by a large margin (from $74.07\%$ to $92.95\%$) on MNIST with a restricted communication budget (i.e. 10 rounds).

Title: Label driven Knowledge Distillation for Federated Learning with non-IID Data. (arXiv:2209.14520v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.14520
• Code URL: null
• Copy Paste: [[2209.14520] Label driven Knowledge Distillation for Federated Learning with non-IID Data](http://arxiv.org/abs/2209.14520)
• Summary:

  In real-world applications, Federated Learning (FL) meets two challenges: (1) scalability, especially when applied to massive IoT networks; and (2) how to be robust against an environment with heterogeneous data. Realizing the first problem, we aim to design a novel FL framework named Full-stack FL (F2L). More specifically, F2L utilizes a hierarchical network architecture, making extending the FL network accessible without reconstructing the whole network system. Moreover, leveraging the advantages of hierarchical network design, we propose a new label-driven knowledge distillation (LKD) technique at the global server to address the second problem. As opposed to current knowledge distillation techniques, LKD is capable of training a student model, which consists of good knowledge from all teachers' models. Therefore, our proposed algorithm can effectively extract the knowledge of the regions' data distribution (i.e., the regional aggregated models) to reduce the divergence between clients' models when operating under the FL system with non-independent identically distributed data. Extensive experiment results reveal that: (i) our F2L method can significantly improve the overall FL efficiency in all global distillations, and (ii) F2L rapidly achieves convergence as global distillation stages occur instead of increasing on each communication cycle.

Title: Joint Optimization of Energy Consumption and Completion Time in Federated Learning. (arXiv:2209.14900v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.14900
• Code URL: null
• Copy Paste: [[2209.14900] Joint Optimization of Energy Consumption and Completion Time in Federated Learning](http://arxiv.org/abs/2209.14900)
• Summary:

  Federated Learning (FL) is an intriguing distributed machine learning approach due to its privacy-preserving characteristics. To balance the trade-off between energy and execution latency, and thus accommodate different demands and application scenarios, we formulate an optimization problem to minimize a weighted sum of total energy consumption and completion time through two weight parameters. The optimization variables include bandwidth, transmission power and CPU frequency of each device in the FL system, where all devices are linked to a base station and train a global model collaboratively. Through decomposing the non-convex optimization problem into two subproblems, we devise a resource allocation algorithm to determine the bandwidth allocation, transmission power, and CPU frequency for each participating device. We further present the convergence analysis and computational complexity of the proposed algorithm. Numerical results show that our proposed algorithm not only has better performance at different weight parameters (i.e., different demands) but also outperforms the state of the art.

fair

Title: Towards Equalised Odds as Fairness Metric in Academic Performance Prediction. (arXiv:2209.14670v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.14670
• Code URL: null
• Copy Paste: [[2209.14670] Towards Equalised Odds as Fairness Metric in Academic Performance Prediction](http://arxiv.org/abs/2209.14670)
• Summary:

  The literature for fairness-aware machine learning knows a plethora of different fairness notions. It is however wellknown, that it is impossible to satisfy all of them, as certain notions contradict each other. In this paper, we take a closer look at academic performance prediction (APP) systems and try to distil which fairness notions suit this task most. For this, we scan recent literature proposing guidelines as to which fairness notion to use and apply these guidelines onto APP. Our findings suggest equalised odds as most suitable notion for APP, based on APP's WYSIWYG worldview as well as potential long-term improvements for the population.

Title: Proportional Multicalibration. (arXiv:2209.14613v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.14613
• Code URL: https://github.com/by1ttz4isqkao80f/pmc
• Copy Paste: [[2209.14613] Proportional Multicalibration](http://arxiv.org/abs/2209.14613)
• Summary:

  Multicalibration is a desirable fairness criteria that constrains calibration error among flexibly-defined groups in the data while maintaining overall calibration. However, when outcome probabilities are correlated with group membership, multicalibrated models can exhibit a higher percent calibration error among groups with lower base rates than groups with higher base rates. As a result, it remains possible for a decision-maker to learn to trust or distrust model predictions for specific groups. To alleviate this, we propose proportional multicalibration, a criteria that constrains the percent calibration error among groups and within prediction bins. We prove that satisfying proportional multicalibration bounds a model's multicalibration as well its differential calibration, a stronger fairness criteria inspired by the fairness notion of sufficiency. We provide an efficient algorithm for post-processing risk prediction models for proportional multicalibration and evaluate it empirically. We conduct simulation studies and investigate a real-world application of PMC-postprocessing to prediction of emergency department patient admissions. We observe that proportional multicalibration is a promising criteria for controlling simultenous measures of calibration fairness of a model over intersectional groups with virtually no cost in terms of classification performance.

interpretability

Title: Causal Inference via Nonlinear Variable Decorrelation for Healthcare Applications. (arXiv:2209.14975v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2209.14975
• Code URL: null
• Copy Paste: [[2209.14975] Causal Inference via Nonlinear Variable Decorrelation for Healthcare Applications](http://arxiv.org/abs/2209.14975)
• Summary:

  Causal inference and model interpretability research are gaining increasing attention, especially in the domains of healthcare and bioinformatics. Despite recent successes in this field, decorrelating features under nonlinear environments with human interpretable representations has not been adequately investigated. To address this issue, we introduce a novel method with a variable decorrelation regularizer to handle both linear and nonlinear confounding. Moreover, we employ association rules as new representations using association rule mining based on the original features to further proximate human decision patterns to increase model interpretability. Extensive experiments are conducted on four healthcare datasets (one synthetically generated and three real-world collections on different diseases). Quantitative results in comparison to baseline approaches on parameter estimation and causality computation indicate the model's superior performance. Furthermore, expert evaluation given by healthcare professionals validates the effectiveness and interpretability of the proposed model.

exlainability

watermark