secure

Title: Current injection and voltage insertion attacks against the VMG-KLJN secure key exchanger. (arXiv:2210.05121v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2210.05121
• Code URL: null
• Copy Paste: [[2210.05121] Current injection and voltage insertion attacks against the VMG-KLJN secure key exchanger](http://arxiv.org/abs/2210.05121)
• Summary:

  In this paper, the vulnerability of the Vadai, Mingesz and Gingl (VMG)- Kirchhoff-Law-Johnson-Noise (KLJN) Key Exchanger (Nature, Science Report 5 (2015) 13653) against two active attacks is demonstrated. The security vulnerability arises from the fact that the effective driving impedances are different between the HL and LH cases for the VMG-KLJN scheme; whereas for the ideal KLJN scheme they are same. Two defense schemes are shown against these attacks but each of them can protect against only one of the attack types; but not against the two attacks simultaneously. The theoretical results are confirmed by computer simulations.

security

Title: Abstract interpretation of Michelson smart-contracts. (arXiv:2210.05217v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2210.05217
• Code URL: null
• Copy Paste: [[2210.05217] Abstract interpretation of Michelson smart-contracts](http://arxiv.org/abs/2210.05217)
• Summary:

  Static analysis of smart-contracts is becoming more widespread on blockchain platforms. Analyzers rely on techniques like symbolic execution or model checking, but few of them can provide strong soundness properties and guarantee the analysis termination at the same time. As smart-contracts often manipulate economic assets, proving numerical properties beyond the absence of runtime errors is also desirable. Smart-contract execution models differ considerably from mainstream programming languages and vary from one blockchain to another, making state-of-the-art analyses hard to adapt. For instance, smart-contract calls may modify a persistent storage impacting subsequent calls. This makes it difficult for tools to infer invariants required to formally ensure the absence of exploitable vulnerabilities. The Michelson smart-contract language, used in the Tezos blockchain, is strongly typed, stack-based, and has a strict execution model leaving few opportunities for implicit runtime errors. We present a work in progress static analyzer for Michelson based on Abstract Interpretation and implemented within MOPSA, a modular static analyzer. Our tool supports the Michelson semantic features, including inner calls to external contracts. It can prove the absence of runtime errors and infer invariants on the persistent storage over an unbounded number of calls. It is also being extended to prove high-level numerical and security properties. CCS Concepts: $\bullet$ Security and privacy $\rightarrow$ Logic and verification; $\bullet$ Software and its engineering $\rightarrow$ Automated static analysis.

Title: Comparison of encrypted control approaches and tutorial on dynamic systems using LWE-based homomorphic encryption. (arXiv:2210.05560v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2210.05560
• Code URL: null
• Copy Paste: [[2210.05560] Comparison of encrypted control approaches and tutorial on dynamic systems using LWE-based homomorphic encryption](http://arxiv.org/abs/2210.05560)
• Summary:

  Encrypted control has been introduced to protect controller data by encryption at the stage of computation and communication, by performing the computation directly on encrypted data. In this article, we first review and categorize recent relevant studies on encrypted control. Approaches based on homomorphic encryption, multi-party computation, and secret sharing are introduced, compared, and then discussed with respect to computational complexity, communication load, enabled operations, security, and research directions. We proceed to discuss a current challenge in the application of homomorphic encryption to dynamic systems, where arithmetic operations other than integer addition and multiplication are limited. We also introduce a homomorphic cryptosystem called ``GSW-LWE'' and discuss its benefits that allow for recursive multiplication of encrypted dynamic systems, without use of computationally expensive bootstrapping techniques.

privacy

Title: On the Feasibility of Profiling Electric Vehicles through Charging Data. (arXiv:2210.05433v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2210.05433
• Code URL: null
• Copy Paste: [[2210.05433] On the Feasibility of Profiling Electric Vehicles through Charging Data](http://arxiv.org/abs/2210.05433)
• Summary:

  Electric vehicles (EVs) represent the long-term green substitute for traditional fuel-based vehicles. To encourage EV adoption, the trust of the end-users must be assured. In this work, we focus on a recently emerging privacy threat of profiling and identifying EVs via the analog electrical data exchanged during the EV charging process. The core focus of our work is to investigate the feasibility of such a threat at scale. To this end, we first propose an improved EV profiling approach that outperforms the state-of-the-art EV profiling techniques. Next, we exhaustively evaluate the performance of our improved approach to profile EVs in real-world settings. In our evaluations, we conduct a series of experiments including 25032 charging sessions from 530 real EVs, sub-sampled datasets with different data distributions, etc. Our results show that even with our improved approach, profiling and individually identifying the growing number of EVs is not viable in practice; at least with the analog charging data utilized throughout the literature. We believe that our findings from this work will further foster the trust of potential users in the EV ecosystem, and consequently, encourage EV adoption.

Title: Medha: Microcoded Hardware Accelerator for computing on Encrypted Data. (arXiv:2210.05476v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2210.05476
• Code URL: null
• Copy Paste: [[2210.05476] Medha: Microcoded Hardware Accelerator for computing on Encrypted Data](http://arxiv.org/abs/2210.05476)
• Summary:

  Homomorphic encryption (HE) enables computation on encrypted data, and hence it has a great potential in privacy-preserving outsourcing of computations to the cloud. Hardware acceleration of HE is crucial as software implementations are very slow. In this paper, we present design methodologies for building a programmable hardware accelerator for speeding up the cloud-side homomorphic evaluations on encrypted data. First, we propose a divide-and-conquer technique that enables homomorphic evaluations in a large polynomial ring $R_{Q,2N}$ to use a hardware accelerator that has been built for the smaller ring $R_{Q,N}$. The technique makes it possible to use a single hardware accelerator flexibly for supporting several HE parameter sets. Next, we present several architectural design methods that we use to realize the flexible and instruction-set accelerator architecture, which we call `Medha'. At every level of the implementation hierarchy, we explore possibilities for parallel processing. Starting from hardware-friendly parallel algorithms for the basic building blocks, we gradually build heavily parallel RNS polynomial arithmetic units. Next, many of these parallel units are interconnected elegantly so that their interconnections require the minimum number of nets, therefore making the overall architecture placement-friendly on the platform. For Medha, we take a memory-conservative design approach and get rid of any off-chip memory access during homomorphic evaluations. Finally, we implement Medha in a Xilinx Alveo U250 FPGA and measure timing performances of the microcoded homomorphic addition, multiplication, key-switching, and rescaling for the leveled HE scheme RNS-HEAAN at 200 MHz clock frequency. For two large parameter sets, Medha achieves accelerations by up to 68x and 78x times respectively compared to a highly optimized software implementation Microsoft SEAL running at 2.3 GHz.

protect

Title: Printing variability of copy detection patterns. (arXiv:2210.05343v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2210.05343
• Code URL: null
• Copy Paste: [[2210.05343] Printing variability of copy detection patterns](http://arxiv.org/abs/2210.05343)
• Summary:

  Copy detection pattern (CDP) is a novel solution for products' protection against counterfeiting, which gains its popularity in recent years. CDP attracts the anti-counterfeiting industry due to its numerous benefits in comparison to alternative protection techniques. Besides its attractiveness, there is an essential gap in the fundamental analysis of CDP authentication performance in large-scale industrial applications. It concerns variability of CDP parameters under different production conditions that include a type of printer, substrate, printing resolution, etc. Since digital off-set printing represents great flexibility in terms of product personalized in comparison with traditional off-set printing, it looks very interesting to address the above concerns for digital off-set printers that are used by several companies for the CDP protection of physical objects. In this paper, we thoroughly investigate certain factors impacting CDP. The experimental results obtained during our study reveal some previously unknown results and raise new and even more challenging questions. The results prove that it is a matter of great importance to choose carefully the substrate or printer for CDP production. This paper presents a new dataset produced by two industrial HP Indigo printers. The similarity between printed CDP and the digital templates, from which they have been produced, is chosen as a simple measure in our study. We found several particularities that might be of interest for large-scale industrial applications.

defense

Title: Stable and Efficient Adversarial Training through Local Linearization. (arXiv:2210.05373v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2210.05373
• Code URL: null
• Copy Paste: [[2210.05373] Stable and Efficient Adversarial Training through Local Linearization](http://arxiv.org/abs/2210.05373)
• Summary:

  There has been a recent surge in single-step adversarial training as it shows robustness and efficiency. However, a phenomenon referred to as ``catastrophic overfitting" has been observed, which is prevalent in single-step defenses and may frustrate attempts to use FGSM adversarial training. To address this issue, we propose a novel method, Stable and Efficient Adversarial Training (SEAT), which mitigates catastrophic overfitting by harnessing on local properties that distinguish a robust model from that of a catastrophic overfitted model. The proposed SEAT has strong theoretical justifications, in that minimizing the SEAT loss can be shown to favour smooth empirical risk, thereby leading to robustness. Experimental results demonstrate that the proposed method successfully mitigates catastrophic overfitting, yielding superior performance amongst efficient defenses. Our single-step method can reach 51% robust accuracy for CIFAR-10 with $l_\infty$ perturbations of radius $8/255$ under a strong PGD-50 attack, matching the performance of a 10-step iterative adversarial training at merely 3% computational cost.

attack

Title: Race Bias Analysis of Bona Fide Errors in face anti-spoofing. (arXiv:2210.05366v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2210.05366
• Code URL: null
• Copy Paste: [[2210.05366] Race Bias Analysis of Bona Fide Errors in face anti-spoofing](http://arxiv.org/abs/2210.05366)
• Summary:

  The study of bias in Machine Learning is receiving a lot of attention in recent years, however, few only papers deal explicitly with the problem of race bias in face anti-spoofing. In this paper, we present a systematic study of race bias in face anti-spoofing with three key characteristics: the focus is on analysing potential bias in the bona fide errors, where significant ethical and legal issues lie; the analysis is not restricted to the final binary outcomes of the classifier, but also covers the classifier's scalar responses and its latent space; the threshold determining the operating point of the classifier is considered a variable. We demonstrate the proposed bias analysis process on a VQ-VAE based face anti-spoofing algorithm, trained on the Replay Attack and the Spoof in the Wild (SiW) databases, and analysed for bias on the SiW and Racial Faces in the Wild (RFW), databases. The results demonstrate that race bias is not necessarily the result of different mean response values among the various populations. Instead, it can be better understood as the combined effect of several possible characteristics of the response distributions: different means; different variances; bimodal behaviour; existence of outliers.

Title: Detecting Hidden Attackers in Photovoltaic Systems Using Machine Learning. (arXiv:2210.05226v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2210.05226
• Code URL: null
• Copy Paste: [[2210.05226] Detecting Hidden Attackers in Photovoltaic Systems Using Machine Learning](http://arxiv.org/abs/2210.05226)
• Summary:

  In modern smart grids, the proliferation of communication-enabled distributed energy resource (DER) systems has increased the surface of possible cyber-physical attacks. Attacks originating from the distributed edge devices of DER system, such as photovoltaic (PV) system, is often difficult to detect. An attacker may change the control configurations or various setpoints of the PV inverters to destabilize the power grid, damage devices, or for the purpose of economic gain. A more powerful attacker may even manipulate the PV system metering data transmitted for remote monitoring, so that (s)he can remain hidden. In this paper, we consider a case where PV systems operating in different control modes can be simultaneously attacked and the attacker has the ability to manipulate individual PV bus measurements to avoid detection. We show that even in such a scenario, with just the aggregated measurements (that the attacker cannot manipulate), machine learning (ML) techniques are able to detect the attack in a fast and accurate manner. We use a standard radial distribution network, together with real smart home electricity consumption data and solar power data in our experimental setup. We test the performance of several ML algorithms to detect attacks on the PV system. Our detailed evaluations show that the proposed intrusion detection system (IDS) is highly effective and efficient in detecting attacks on PV inverter control modes.

Title: Zeroth-Order Hard-Thresholding: Gradient Error vs. Expansivity. (arXiv:2210.05279v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2210.05279
• Code URL: null
• Copy Paste: [[2210.05279] Zeroth-Order Hard-Thresholding: Gradient Error vs](http://arxiv.org/abs/2210.05279)
• Summary:

  $\ell_0$ constrained optimization is prevalent in machine learning, particularly for high-dimensional problems, because it is a fundamental approach to achieve sparse learning. Hard-thresholding gradient descent is a dominant technique to solve this problem. However, first-order gradients of the objective function may be either unavailable or expensive to calculate in a lot of real-world problems, where zeroth-order (ZO) gradients could be a good surrogate. Unfortunately, whether ZO gradients can work with the hard-thresholding operator is still an unsolved problem. To solve this puzzle, in this paper, we focus on the $\ell_0$ constrained black-box stochastic optimization problems, and propose a new stochastic zeroth-order gradient hard-thresholding (SZOHT) algorithm with a general ZO gradient estimator powered by a novel random support sampling. We provide the convergence analysis of SZOHT under standard assumptions. Importantly, we reveal a conflict between the deviation of ZO estimators and the expansivity of the hard-thresholding operator, and provide a theoretical minimal value of the number of random directions in ZO gradients. In addition, we find that the query complexity of SZOHT is independent or weakly dependent on the dimensionality under different settings. Finally, we illustrate the utility of our method on a portfolio optimization problem as well as black-box adversarial attacks.

robust

Title: Boosting Adversarial Robustness From The Perspective of Effective Margin Regularization. (arXiv:2210.05118v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2210.05118
• Code URL: null
• Copy Paste: [[2210.05118] Boosting Adversarial Robustness From The Perspective of Effective Margin Regularization](http://arxiv.org/abs/2210.05118)
• Summary:

  The adversarial vulnerability of deep neural networks (DNNs) has been actively investigated in the past several years. This paper investigates the scale-variant property of cross-entropy loss, which is the most commonly used loss function in classification tasks, and its impact on the effective margin and adversarial robustness of deep neural networks. Since the loss function is not invariant to logit scaling, increasing the effective weight norm will make the loss approach zero and its gradient vanish while the effective margin is not adequately maximized. On typical DNNs, we demonstrate that, if not properly regularized, the standard training does not learn large effective margins and leads to adversarial vulnerability. To maximize the effective margins and learn a robust DNN, we propose to regularize the effective weight norm during training. Our empirical study on feedforward DNNs demonstrates that the proposed effective margin regularization (EMR) learns large effective margins and boosts the adversarial robustness in both standard and adversarial training. On large-scale models, we show that EMR outperforms basic adversarial training, TRADES and two regularization baselines with substantial improvement. Moreover, when combined with several strong adversarial defense methods (MART and MAIL), our EMR further boosts the robustness.

Title: Tackling Instance-Dependent Label Noise with Dynamic Distribution Calibration. (arXiv:2210.05126v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2210.05126
• Code URL: null
• Copy Paste: [[2210.05126] Tackling Instance-Dependent Label Noise with Dynamic Distribution Calibration](http://arxiv.org/abs/2210.05126)
• Summary:

  Instance-dependent label noise is realistic but rather challenging, where the label-corruption process depends on instances directly. It causes a severe distribution shift between the distributions of training and test data, which impairs the generalization of trained models. Prior works put great effort into tackling the issue. Unfortunately, these works always highly rely on strong assumptions or remain heuristic without theoretical guarantees. In this paper, to address the distribution shift in learning with instance-dependent label noise, a dynamic distribution-calibration strategy is adopted. Specifically, we hypothesize that, before training data are corrupted by label noise, each class conforms to a multivariate Gaussian distribution at the feature level. Label noise produces outliers to shift the Gaussian distribution. During training, to calibrate the shifted distribution, we propose two methods based on the mean and covariance of multivariate Gaussian distribution respectively. The mean-based method works in a recursive dimension-reduction manner for robust mean estimation, which is theoretically guaranteed to train a high-quality model against label noise. The covariance-based method works in a distribution disturbance manner, which is experimentally verified to improve the model robustness. We demonstrate the utility and effectiveness of our methods on datasets with synthetic label noise and real-world unknown noise.

Title: UGformer for Robust Left Atrium and Scar Segmentation Across Scanners. (arXiv:2210.05151v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2210.05151
• Code URL: null
• Copy Paste: [[2210.05151] UGformer for Robust Left Atrium and Scar Segmentation Across Scanners](http://arxiv.org/abs/2210.05151)
• Summary:

  Thanks to the capacity for long-range dependencies and robustness to irregular shapes, vision transformers and deformable convolutions are emerging as powerful vision techniques of segmentation.Meanwhile, Graph Convolution Networks (GCN) optimize local features based on global topological relationship modeling. Particularly, they have been proved to be effective in addressing issues in medical imaging segmentation tasks including multi-domain generalization for low-quality images. In this paper, we present a novel, effective, and robust framework for medical image segmentation, namely, UGformer. It unifies novel transformer blocks, GCN bridges, and convolution decoders originating from U-Net to predict left atriums (LAs) and LA scars. We have identified two appealing findings of the proposed UGformer: 1). an enhanced transformer module with deformable convolutions to improve the blending of the transformer information with convolutional information and help predict irregular LAs and scar shapes. 2). Using a bridge incorporating GCN to further overcome the difficulty of capturing condition inconsistency across different Magnetic Resonance Images scanners with various inconsistent domain information. The proposed UGformer model exhibits outstanding ability to segment the left atrium and scar on the LAScarQS 2022 dataset, outperforming several recent state-of-the-arts.

Title: Variability Matters : Evaluating inter-rater variability in histopathology for robust cell detection. (arXiv:2210.05175v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2210.05175
• Code URL: null
• Copy Paste: [[2210.05175] Variability Matters : Evaluating inter-rater variability in histopathology for robust cell detection](http://arxiv.org/abs/2210.05175)
• Summary:

  Large annotated datasets have been a key component in the success of deep learning. However, annotating medical images is challenging as it requires expertise and a large budget. In particular, annotating different types of cells in histopathology suffer from high inter- and intra-rater variability due to the ambiguity of the task. Under this setting, the relation between annotators' variability and model performance has received little attention. We present a large-scale study on the variability of cell annotations among 120 board-certified pathologists and how it affects the performance of a deep learning model. We propose a method to measure such variability, and by excluding those annotators with low variability, we verify the trade-off between the amount of data and its quality. We found that naively increasing the data size at the expense of inter-rater variability does not necessarily lead to better-performing models in cell detection. Instead, decreasing the inter-rater variability with the expense of decreasing dataset size increased the model performance. Furthermore, models trained from data annotated with lower inter-labeler variability outperform those from higher inter-labeler variability. These findings suggest that the evaluation of the annotators may help tackle the fundamental budget issues in the histopathology domain

Title: Robust Human Matting via Semantic Guidance. (arXiv:2210.05210v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2210.05210
• Code URL: https://github.com/cxgincsu/semanticguidedhumanmatting
• Copy Paste: [[2210.05210] Robust Human Matting via Semantic Guidance](http://arxiv.org/abs/2210.05210)
• Summary:

  Automatic human matting is highly desired for many real applications. We investigate recent human matting methods and show that common bad cases happen when semantic human segmentation fails. This indicates that semantic understanding is crucial for robust human matting. From this, we develop a fast yet accurate human matting framework, named Semantic Guided Human Matting (SGHM). It builds on a semantic human segmentation network and introduces a light-weight matting module with only marginal computational cost. Unlike previous works, our framework is data efficient, which requires a small amount of matting ground-truth to learn to estimate high quality object mattes. Our experiments show that trained with merely 200 matting images, our method can generalize well to real-world datasets, and outperform recent methods on multiple benchmarks, while remaining efficient. Considering the unbearable labeling cost of matting data and widely available segmentation data, our method becomes a practical and effective solution for the task of human matting. Source code is available at https://github.com/cxgincsu/SemanticGuidedHumanMatting.

Title: Cluster-level pseudo-labelling for source-free cross-domain facial expression recognition. (arXiv:2210.05246v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2210.05246
• Code URL: https://github.com/altndrr/clup
• Copy Paste: [[2210.05246] Cluster-level pseudo-labelling for source-free cross-domain facial expression recognition](http://arxiv.org/abs/2210.05246)
• Summary:

  Automatically understanding emotions from visual data is a fundamental task for human behaviour understanding. While models devised for Facial Expression Recognition (FER) have demonstrated excellent performances on many datasets, they often suffer from severe performance degradation when trained and tested on different datasets due to domain shift. In addition, as face images are considered highly sensitive data, the accessibility to large-scale datasets for model training is often denied. In this work, we tackle the above-mentioned problems by proposing the first Source-Free Unsupervised Domain Adaptation (SFUDA) method for FER. Our method exploits self-supervised pretraining to learn good feature representations from the target data and proposes a novel and robust cluster-level pseudo-labelling strategy that accounts for in-cluster statistics. We validate the effectiveness of our method in four adaptation setups, proving that it consistently outperforms existing SFUDA methods when applied to FER, and is on par with methods addressing FER in the UDA setting.

Title: Uncertainty-Aware Unsupervised Image Deblurring with Deep Priors Guided by Domain Knowledge. (arXiv:2210.05361v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2210.05361
• Code URL: null
• Copy Paste: [[2210.05361] Uncertainty-Aware Unsupervised Image Deblurring with Deep Priors Guided by Domain Knowledge](http://arxiv.org/abs/2210.05361)
• Summary:

  Non-blind deblurring methods achieve decent performance under the accurate blur kernel assumption. Since the kernel error is inevitable in practice, ringing artifacts are often introduced by non-blind deblurring. Recently, semi-blind deblurring methods can handle kernel uncertainty by introducing the prior of the kernel (or induced) error. However, how to design a suitable prior for the kernel (or induced) error remains challenging. Hand-crafted prior, incorporating domain knowledge, generally performs well but may lead to poor performance when kernel (or induced) error is complex. Data-driven prior, which excessively depends on the diversity and abundance of training data, is vulnerable to out-of-distribution blurs and images. To address this challenge, we suggest a data-free deep prior for the kernel induced error (termed as residual) expressed by a customized untrained deep neural network, which allows us to flexibly adapt to different blurs and images in real scenarios. By organically integrating the respective strengths of deep priors and hand-crafted priors, we propose an unsupervised semi-blind deblurring model which recovers the latent image from the blurry image and inaccurate blur kernel. To tackle the formulated model, an efficient alternating minimization algorithm is developed. Extensive experiments demonstrate the superiority of the proposed method to both data-driven prior and hand-crafted prior based methods in terms of the image quality and the robustness to the kernel error.

Title: Parallel Augmentation and Dual Enhancement for Occluded Person Re-identification. (arXiv:2210.05438v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2210.05438
• Code URL: null
• Copy Paste: [[2210.05438] Parallel Augmentation and Dual Enhancement for Occluded Person Re-identification](http://arxiv.org/abs/2210.05438)
• Summary:

  Occluded person re-identification (Re-ID), the task of searching for the same person's images in occluded environments, has attracted lots of attention in the past decades. Recent approaches concentrate on improving performance on occluded data by data/feature augmentation or using extra models to predict occlusions. However, they ignore the imbalance problem in the test set and not fully utilize the information from the training data. To alleviate the above problems, we propose a simple but effective method with Parallel Augmentation and Dual Enhancement (PADE) that is robust on both occluded and non-occluded data, and does not require any auxiliary clues. First, we design a parallel augmentation mechanism (PAM) for occluded Re-ID to generate more suitable occluded data to mitigate the negative effects of unbalanced data. Second, we propose the dual enhancement strategy (DES)for global and local features to promote the context information and details. Experimental results on widely used occluded datasets (OccludedDuke, Partial-REID, and Occluded-ReID) and non-occluded datasets (Market-1501 and DukeMTMC-reID) validate the effectiveness of our method. The code will be available soon.

Title: Aggregating Layers for Deepfake Detection. (arXiv:2210.05478v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2210.05478
• Code URL: https://github.com/ajev-research/agg-layers-deepfake-detection
• Copy Paste: [[2210.05478] Aggregating Layers for Deepfake Detection](http://arxiv.org/abs/2210.05478)
• Summary:

  The increasing popularity of facial manipulation (Deepfakes) and synthetic face creation raises the need to develop robust forgery detection solutions. Crucially, most work in this domain assume that the Deepfakes in the test set come from the same Deepfake algorithms that were used for training the network. This is not how things work in practice. Instead, we consider the case where the network is trained on one Deepfake algorithm, and tested on Deepfakes generated by another algorithm. Typically, supervised techniques follow a pipeline of visual feature extraction from a deep backbone, followed by a binary classification head. Instead, our algorithm aggregates features extracted across all layers of one backbone network to detect a fake. We evaluate our approach on two domains of interest - Deepfake detection and Synthetic image detection, and find that we achieve SOTA results.

Title: Frequency-Aware Self-Supervised Monocular Depth Estimation. (arXiv:2210.05479v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2210.05479
• Code URL: https://github.com/xingyuuchen/freq-aware-depth
• Copy Paste: [[2210.05479] Frequency-Aware Self-Supervised Monocular Depth Estimation](http://arxiv.org/abs/2210.05479)
• Summary:

  We present two versatile methods to generally enhance self-supervised monocular depth estimation (MDE) models. The high generalizability of our methods is achieved by solving the fundamental and ubiquitous problems in photometric loss function. In particular, from the perspective of spatial frequency, we first propose Ambiguity-Masking to suppress the incorrect supervision under photometric loss at specific object boundaries, the cause of which could be traced to pixel-level ambiguity. Second, we present a novel frequency-adaptive Gaussian low-pass filter, designed to robustify the photometric loss in high-frequency regions. We are the first to propose blurring images to improve depth estimators with an interpretable analysis. Both modules are lightweight, adding no parameters and no need to manually change the network structures. Experiments show that our methods provide performance boosts to a large number of existing models, including those who claimed state-of-the-art, while introducing no extra inference computation at all.

Title: Finding the global semantic representation in GAN through Frechet Mean. (arXiv:2210.05509v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2210.05509
• Code URL: null
• Copy Paste: [[2210.05509] Finding the global semantic representation in GAN through Frechet Mean](http://arxiv.org/abs/2210.05509)
• Summary:

  The ideally disentangled latent space in GAN involves the global representation of latent space using semantic attribute coordinates. In other words, in this disentangled space, there exists the global semantic basis as a vector space where each basis component describes one attribute of generated images. In this paper, we propose an unsupervised method for finding this global semantic basis in the intermediate latent space in GANs. This semantic basis represents sample-independent meaningful perturbations that change the same semantic attribute of an image on the entire latent space. The proposed global basis, called Fr\'echet basis, is derived by introducing Fr\'echet mean to the local semantic perturbations in a latent space. Fr\'echet basis is discovered in two stages. First, the global semantic subspace is discovered by the Fr\'echet mean in the Grassmannian manifold of the local semantic subspaces. Second, Fr\'echet basis is found by optimizing a basis of the semantic subspace via the Fr\'echet mean in the Special Orthogonal Group. Experimental results demonstrate that Fr\'echet basis provides better semantic factorization and robustness compared to the previous methods. Moreover, we suggest the basis refinement scheme for the previous methods. The quantitative experiments show that the refined basis achieves better semantic factorization while generating the same semantic subspace as the previous method.

Title: DeepMLE: A Robust Deep Maximum Likelihood Estimator for Two-view Structure from Motion. (arXiv:2210.05517v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2210.05517
• Code URL: null
• Copy Paste: [[2210.05517] DeepMLE: A Robust Deep Maximum Likelihood Estimator for Two-view Structure from Motion](http://arxiv.org/abs/2210.05517)
• Summary:

  Two-view structure from motion (SfM) is the cornerstone of 3D reconstruction and visual SLAM (vSLAM). Many existing end-to-end learning-based methods usually formulate it as a brute regression problem. However, the inadequate utilization of traditional geometry model makes the model not robust in unseen environments. To improve the generalization capability and robustness of end-to-end two-view SfM network, we formulate the two-view SfM problem as a maximum likelihood estimation (MLE) and solve it with the proposed framework, denoted as DeepMLE. First, we propose to take the deep multi-scale correlation maps to depict the visual similarities of 2D image matches decided by ego-motion. In addition, in order to increase the robustness of our framework, we formulate the likelihood function of the correlations of 2D image matches as a Gaussian and Uniform mixture distribution which takes the uncertainty caused by illumination changes, image noise and moving objects into account. Meanwhile, an uncertainty prediction module is presented to predict the pixel-wise distribution parameters. Finally, we iteratively refine the depth and relative camera pose using the gradient-like information to maximize the likelihood function of the correlations. Extensive experimental results on several datasets prove that our method significantly outperforms the state-of-the-art end-to-end two-view SfM approaches in accuracy and generalization capability.

Title: What does a deep neural network confidently perceive? The effective dimension of high certainty class manifolds and their low confidence boundaries. (arXiv:2210.05546v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2210.05546
• Code URL: https://github.com/stanislavfort/slice-dice-optimize
• Copy Paste: [[2210.05546] What does a deep neural network confidently perceive? The effective dimension of high certainty class manifolds and their low confidence boundaries](http://arxiv.org/abs/2210.05546)
• Summary:

  Deep neural network classifiers partition input space into high confidence regions for each class. The geometry of these class manifolds (CMs) is widely studied and intimately related to model performance; for example, the margin depends on CM boundaries. We exploit the notions of Gaussian width and Gordon's escape theorem to tractably estimate the effective dimension of CMs and their boundaries through tomographic intersections with random affine subspaces of varying dimension. We show several connections between the dimension of CMs, generalization, and robustness. In particular we investigate how CM dimension depends on 1) the dataset, 2) architecture (including ResNet, WideResNet \& Vision Transformer), 3) initialization, 4) stage of training, 5) class, 6) network width, 7) ensemble size, 8) label randomization, 9) training set size, and 10) robustness to data corruption. Together a picture emerges that higher performing and more robust models have higher dimensional CMs. Moreover, we offer a new perspective on ensembling via intersections of CMs. Our code is at https://github.com/stanislavfort/slice-dice-optimize/

Title: Improving Robustness of Retrieval Augmented Translation via Shuffling of Suggestions. (arXiv:2210.05059v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2210.05059
• Code URL: null
• Copy Paste: [[2210.05059] Improving Robustness of Retrieval Augmented Translation via Shuffling of Suggestions](http://arxiv.org/abs/2210.05059)
• Summary:

  Several recent studies have reported dramatic performance improvements in neural machine translation (NMT) by augmenting translation at inference time with fuzzy-matches retrieved from a translation memory (TM). However, these studies all operate under the assumption that the TMs available at test time are highly relevant to the testset. We demonstrate that for existing retrieval augmented translation methods, using a TM with a domain mismatch to the test set can result in substantially worse performance compared to not using a TM at all. We propose a simple method to expose fuzzy-match NMT systems during training and show that it results in a system that is much more tolerant (regaining up to 5.8 BLEU) to inference with TMs with domain mismatch. Also, the model is still competitive to the baseline when fed with suggestions from relevant TMs.

Title: Checks and Strategies for Enabling Code-Switched Machine Translation. (arXiv:2210.05096v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2210.05096
• Code URL: null
• Copy Paste: [[2210.05096] Checks and Strategies for Enabling Code-Switched Machine Translation](http://arxiv.org/abs/2210.05096)
• Summary:

  Code-switching is a common phenomenon among multilingual speakers, where alternation between two or more languages occurs within the context of a single conversation. While multilingual humans can seamlessly switch back and forth between languages, multilingual neural machine translation (NMT) models are not robust to such sudden changes in input. This work explores multilingual NMT models' ability to handle code-switched text. First, we propose checks to measure switching capability. Second, we investigate simple and effective data augmentation methods that can enhance an NMT model's ability to support code-switching. Finally, by using a glass-box analysis of attention modules, we demonstrate the effectiveness of these methods in improving robustness.

Title: Task-Aware Specialization for Efficient and Robust Dense Retrieval for Open-Domain Question Answering. (arXiv:2210.05156v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2210.05156
• Code URL: null
• Copy Paste: [[2210.05156] Task-Aware Specialization for Efficient and Robust Dense Retrieval for Open-Domain Question Answering](http://arxiv.org/abs/2210.05156)
• Summary:

  Given its effectiveness on knowledge-intensive natural language processing tasks, dense retrieval models have become increasingly popular. Specifically, the de-facto architecture for open-domain question answering uses two isomorphic encoders that are initialized from the same pretrained model but separately parameterized for questions and passages. This bi-encoder architecture is parameter-inefficient in that there is no parameter sharing between encoders. Further, recent studies show that such dense retrievers underperform BM25 in various settings. We thus propose a new architecture, Task-aware Specialization for dense Retrieval (TASER), which enables parameter sharing by interleaving shared and specialized blocks in a single encoder. Our experiments on five question answering datasets show that \ourmodel\ can achieve superior accuracy, surpassing BM25, while using about 60% of the parameters as bi-encoder dense retrievers. In out-of-domain evaluations, TASER is also empirically more robust than bi-encoder dense retrievers.

Title: How Well Do Multi-hop Reading Comprehension Models Understand Date Information?. (arXiv:2210.05208v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2210.05208
• Code URL: https://github.com/alab-nii/hieradate
• Copy Paste: [[2210.05208] How Well Do Multi-hop Reading Comprehension Models Understand Date Information?](http://arxiv.org/abs/2210.05208)
• Summary:

  Several multi-hop reading comprehension datasets have been proposed to resolve the issue of reasoning shortcuts by which questions can be answered without performing multi-hop reasoning. However, the ability of multi-hop models to perform step-by-step reasoning when finding an answer to a comparison question remains unclear. It is also unclear how questions about the internal reasoning process are useful for training and evaluating question-answering (QA) systems. To evaluate the model precisely in a hierarchical manner, we first propose a dataset, \textit{HieraDate}, with three probing tasks in addition to the main question: extraction, reasoning, and robustness. Our dataset is created by enhancing two previous multi-hop datasets, HotpotQA and 2WikiMultiHopQA, focusing on multi-hop questions on date information that involve both comparison and numerical reasoning. We then evaluate the ability of existing models to understand date information. Our experimental results reveal that the multi-hop models do not have the ability to subtract two dates even when they perform well in date comparison and number subtraction tasks. Other results reveal that our probing questions can help to improve the performance of the models (e.g., by +10.3 F1) on the main QA task and our dataset can be used for data augmentation to improve the robustness of the models.

Title: A Win-win Deal: Towards Sparse and Robust Pre-trained Language Models. (arXiv:2210.05211v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2210.05211
• Code URL: https://github.com/llyx97/sparse-and-robust-plm
• Copy Paste: [[2210.05211] A Win-win Deal: Towards Sparse and Robust Pre-trained Language Models](http://arxiv.org/abs/2210.05211)
• Summary:

  Despite the remarkable success of pre-trained language models (PLMs), they still face two challenges: First, large-scale PLMs are inefficient in terms of memory footprint and computation. Second, on the downstream tasks, PLMs tend to rely on the dataset bias and struggle to generalize to out-of-distribution (OOD) data. In response to the efficiency problem, recent studies show that dense PLMs can be replaced with sparse subnetworks without hurting the performance. Such subnetworks can be found in three scenarios: 1) the fine-tuned PLMs, 2) the raw PLMs and then fine-tuned in isolation, and even inside 3) PLMs without any parameter fine-tuning. However, these results are only obtained in the in-distribution (ID) setting. In this paper, we extend the study on PLMs subnetworks to the OOD setting, investigating whether sparsity and robustness to dataset bias can be achieved simultaneously. To this end, we conduct extensive experiments with the pre-trained BERT model on three natural language understanding (NLU) tasks. Our results demonstrate that \textbf{sparse and robust subnetworks (SRNets) can consistently be found in BERT}, across the aforementioned three scenarios, using different training and compression methods. Furthermore, we explore the upper bound of SRNets using the OOD information and show that \textbf{there exist sparse and almost unbiased BERT subnetworks}. Finally, we present 1) an analytical study that provides insights on how to promote the efficiency of SRNets searching process and 2) a solution to improve subnetworks' performance at high sparsity. The code is available at https://github.com/llyx97/sparse-and-robust-PLM.

Title: Rethinking the Event Coding Pipeline with Prompt Entailment. (arXiv:2210.05257v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2210.05257
• Code URL: https://github.com/clement-lef/pr-ent
• Copy Paste: [[2210.05257] Rethinking the Event Coding Pipeline with Prompt Entailment](http://arxiv.org/abs/2210.05257)
• Summary:

  For monitoring crises, political events are extracted from the news. The large amount of unstructured full-text event descriptions makes a case-by-case analysis unmanageable, particularly for low-resource humanitarian aid organizations. This creates a demand to classify events into event types, a task referred to as event coding. Typically, domain experts craft an event type ontology, annotators label a large dataset and technical experts develop a supervised coding system. In this work, we propose PR-ENT, a new event coding approach that is more flexible and resource-efficient, while maintaining competitive accuracy: first, we extend an event description such as "Military injured two civilians'' by a template, e.g. "People were [Z]" and prompt a pre-trained (cloze) language model to fill the slot Z. Second, we select answer candidates Z* = {"injured'', "hurt"...} by treating the event description as premise and the filled templates as hypothesis in a textual entailment task. This allows domain experts to draft the codebook directly as labeled prompts and interpretable answer candidates. This human-in-the-loop process is guided by our interactive codebook design tool. We evaluate PR-ENT in several robustness checks: perturbing the event description and prompt template, restricting the vocabulary and removing contextual information.

Title: Mind's Eye: Grounded Language Model Reasoning through Simulation. (arXiv:2210.05359v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2210.05359
• Code URL: null
• Copy Paste: [[2210.05359] Mind's Eye: Grounded Language Model Reasoning through Simulation](http://arxiv.org/abs/2210.05359)
• Summary:

  Successful and effective communication between humans and AI relies on a shared experience of the world. By training solely on written text, current language models (LMs) miss the grounded experience of humans in the real-world -- their failure to relate language to the physical world causes knowledge to be misrepresented and obvious mistakes in their reasoning. We present Mind's Eye, a paradigm to ground language model reasoning in the physical world. Given a physical reasoning question, we use a computational physics engine (DeepMind's MuJoCo) to simulate the possible outcomes, and then use the simulation results as part of the input, which enables language models to perform reasoning. Experiments on 39 tasks in a physics alignment benchmark demonstrate that Mind's Eye can improve reasoning ability by a large margin (27.9% zero-shot, and 46.0% few-shot absolute accuracy improvement on average). Smaller language models armed with Mind's Eye can obtain similar performance to models that are 100x larger. Finally, we confirm the robustness of Mind's Eye through ablation studies.

Title: Instance Regularization for Discriminative Language Model Pre-training. (arXiv:2210.05471v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2210.05471
• Code URL: https://github.com/cooelf/instancereg
• Copy Paste: [[2210.05471] Instance Regularization for Discriminative Language Model Pre-training](http://arxiv.org/abs/2210.05471)
• Summary:

  Discriminative pre-trained language models (PrLMs) can be generalized as denoising auto-encoders that work with two procedures, ennoising and denoising. First, an ennoising process corrupts texts with arbitrary noising functions to construct training instances. Then, a denoising language model is trained to restore the corrupted tokens. Existing studies have made progress by optimizing independent strategies of either ennoising or denosing. They treat training instances equally throughout the training process, with little attention on the individual contribution of those instances. To model explicit signals of instance contribution, this work proposes to estimate the complexity of restoring the original sentences from corrupted ones in language model pre-training. The estimations involve the corruption degree in the ennoising data construction process and the prediction confidence in the denoising counterpart. Experimental results on natural language understanding and reading comprehension benchmarks show that our approach improves pre-training efficiency, effectiveness, and robustness. Code is publicly available at https://github.com/cooelf/InstanceReg

Title: What Can the Neural Tangent Kernel Tell Us About Adversarial Robustness?. (arXiv:2210.05577v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2210.05577
• Code URL: null
• Copy Paste: [[2210.05577] What Can the Neural Tangent Kernel Tell Us About Adversarial Robustness?](http://arxiv.org/abs/2210.05577)
• Summary:

  The adversarial vulnerability of neural nets, and subsequent techniques to create robust models have attracted significant attention; yet we still lack a full understanding of this phenomenon. Here, we study adversarial examples of trained neural networks through analytical tools afforded by recent theory advances connecting neural networks and kernel methods, namely the Neural Tangent Kernel (NTK), following a growing body of work that leverages the NTK approximation to successfully analyze important deep learning phenomena and design algorithms for new applications. We show how NTKs allow to generate adversarial examples in a training-free'' fashion, and demonstrate that they transfer to fool their finite-width neural net counterparts in thelazy'' regime. We leverage this connection to provide an alternative view on robust and non-robust features, which have been suggested to underlie the adversarial brittleness of neural nets. Specifically, we define and study features induced by the eigendecomposition of the kernel to better understand the role of robust and non-robust features, the reliance on both for standard classification and the robustness-accuracy trade-off. We find that such features are surprisingly consistent across architectures, and that robust features tend to correspond to the largest eigenvalues of the model, and thus are learned early during training. Our framework allows us to identify and visualize non-robust yet useful features. Finally, we shed light on the robustness mechanism underlying adversarial training of neural nets used in practice: quantifying the evolution of the associated empirical NTK, we demonstrate that its dynamics falls much earlier into the ``lazy'' regime and manifests a much stronger form of the well known bias to prioritize learning features within the top eigenspaces of the kernel, compared to standard training.

Title: RoHNAS: A Neural Architecture Search Framework with Conjoint Optimization for Adversarial Robustness and Hardware Efficiency of Convolutional and Capsule Networks. (arXiv:2210.05276v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2210.05276
• Code URL: https://github.com/ehw-fit/rohnas
• Copy Paste: [[2210.05276] RoHNAS: A Neural Architecture Search Framework with Conjoint Optimization for Adversarial Robustness and Hardware Efficiency of Convolutional and Capsule Networks](http://arxiv.org/abs/2210.05276)
• Summary:

  Neural Architecture Search (NAS) algorithms aim at finding efficient Deep Neural Network (DNN) architectures for a given application under given system constraints. DNNs are computationally-complex as well as vulnerable to adversarial attacks. In order to address multiple design objectives, we propose RoHNAS, a novel NAS framework that jointly optimizes for adversarial-robustness and hardware-efficiency of DNNs executed on specialized hardware accelerators. Besides the traditional convolutional DNNs, RoHNAS additionally accounts for complex types of DNNs such as Capsule Networks. For reducing the exploration time, RoHNAS analyzes and selects appropriate values of adversarial perturbation for each dataset to employ in the NAS flow. Extensive evaluations on multi - Graphics Processing Unit (GPU) - High Performance Computing (HPC) nodes provide a set of Pareto-optimal solutions, leveraging the tradeoff between the above-discussed design objectives. For example, a Pareto-optimal DNN for the CIFAR-10 dataset exhibits 86.07% accuracy, while having an energy of 38.63 mJ, a memory footprint of 11.85 MiB, and a latency of 4.47 ms.

Title: Label Noise-Robust Learning using a Confidence-Based Sieving Strategy. (arXiv:2210.05330v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2210.05330
• Code URL: null
• Copy Paste: [[2210.05330] Label Noise-Robust Learning using a Confidence-Based Sieving Strategy](http://arxiv.org/abs/2210.05330)
• Summary:

  In learning tasks with label noise, boosting model robustness against overfitting is a pivotal challenge because the model eventually memorizes labels including the noisy ones. Identifying the samples with corrupted labels and preventing the model from learning them is a promising approach to address this challenge. Per-sample training loss is a previously studied metric that considers samples with small loss as clean samples on which the model should be trained. In this work, we first demonstrate the ineffectiveness of this small-loss trick. Then, we propose a novel discriminator metric called confidence error and a sieving strategy called CONFES to effectively differentiate between the clean and noisy samples. We experimentally illustrate the superior performance of our proposed approach compared to recent studies on various settings such as synthetic and real-world label noise.

Title: Unlabelled Sample Compression Schemes for Intersection-Closed Classes and Extremal Classes. (arXiv:2210.05455v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2210.05455
• Code URL: null
• Copy Paste: [[2210.05455] Unlabelled Sample Compression Schemes for Intersection-Closed Classes and Extremal Classes](http://arxiv.org/abs/2210.05455)
• Summary:

  The sample compressibility of concept classes plays an important role in learning theory, as a sufficient condition for PAC learnability, and more recently as an avenue for robust generalisation in adaptive data analysis. Whether compression schemes of size $O(d)$ must necessarily exist for all classes of VC dimension $d$ is unknown, but conjectured to be true by Warmuth. Recently Chalopin, Chepoi, Moran, and Warmuth (2018) gave a beautiful unlabelled sample compression scheme of size VC dimension for all maximum classes: classes that meet the Sauer-Shelah-Perles Lemma with equality. They also offered a counterexample to compression schemes based on a promising approach known as corner peeling. In this paper we simplify and extend their proof technique to deal with so-called extremal classes of VC dimension $d$ which contain maximum classes of VC dimension $d-1$. A criterion is given which would imply that all extremal classes admit unlabelled compression schemes of size $d$. We also prove that all intersection-closed classes with VC dimension $d$ admit unlabelled compression schemes of size at most $11d$.

Title: Robust and Controllable Object-Centric Learning through Energy-based Models. (arXiv:2210.05519v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2210.05519
• Code URL: null
• Copy Paste: [[2210.05519] Robust and Controllable Object-Centric Learning through Energy-based Models](http://arxiv.org/abs/2210.05519)
• Summary:

  Humans are remarkably good at understanding and reasoning about complex visual scenes. The capability to decompose low-level observations into discrete objects allows us to build a grounded abstract representation and identify the compositional structure of the world. Accordingly, it is a crucial step for machine learning models to be capable of inferring objects and their properties from visual scenes without explicit supervision. However, existing works on object-centric representation learning either rely on tailor-made neural network modules or strong probabilistic assumptions in the underlying generative and inference processes. In this work, we present \ours, a conceptually simple and general approach to learning object-centric representations through an energy-based model. By forming a permutation-invariant energy function using vanilla attention blocks readily available in Transformers, we can infer object-centric latent variables via gradient-based MCMC methods where permutation equivariance is automatically guaranteed. We show that \ours can be easily integrated into existing architectures and can effectively extract high-quality object-centric representations, leading to better segmentation accuracy and competitive downstream task performance. Further, empirical evaluations show that \ours's learned representations are robust against distribution shift. Finally, we demonstrate the effectiveness of \ours in systematic compositional generalization, by re-composing learned energy functions for novel scene generation and manipulation.

Title: Schedule-Robust Online Continual Learning. (arXiv:2210.05561v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2210.05561
• Code URL: null
• Copy Paste: [[2210.05561] Schedule-Robust Online Continual Learning](http://arxiv.org/abs/2210.05561)
• Summary:

  A continual learning (CL) algorithm learns from a non-stationary data stream. The non-stationarity is modeled by some schedule that determines how data is presented over time. Most current methods make strong assumptions on the schedule and have unpredictable performance when such requirements are not met. A key challenge in CL is thus to design methods robust against arbitrary schedules over the same underlying data, since in real-world scenarios schedules are often unknown and dynamic. In this work, we introduce the notion of schedule-robustness for CL and a novel approach satisfying this desirable property in the challenging online class-incremental setting. We also present a new perspective on CL, as the process of learning a schedule-robust predictor, followed by adapting the predictor using only replay data. Empirically, we demonstrate that our approach outperforms existing methods on CL benchmarks for image classification by a large margin.

biometric

steal

extraction

Title: AVE-CLIP: AudioCLIP-based Multi-window Temporal Transformer for Audio Visual Event Localization. (arXiv:2210.05060v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2210.05060
• Code URL: null
• Copy Paste: [[2210.05060] AVE-CLIP: AudioCLIP-based Multi-window Temporal Transformer for Audio Visual Event Localization](http://arxiv.org/abs/2210.05060)
• Summary:

  An audio-visual event (AVE) is denoted by the correspondence of the visual and auditory signals in a video segment. Precise localization of the AVEs is very challenging since it demands effective multi-modal feature correspondence to ground the short and long range temporal interactions. Existing approaches struggle in capturing the different scales of multi-modal interaction due to ineffective multi-modal training strategies. To overcome this limitation, we introduce AVE-CLIP, a novel framework that integrates the AudioCLIP pre-trained on large-scale audio-visual data with a multi-window temporal transformer to effectively operate on different temporal scales of video frames. Our contributions are three-fold: (1) We introduce a multi-stage training framework to incorporate AudioCLIP pre-trained with audio-image pairs into the AVE localization task on video frames through contrastive fine-tuning, effective mean video feature extraction, and multi-scale training phases. (2) We propose a multi-domain attention mechanism that operates on both temporal and feature domains over varying timescales to fuse the local and global feature variations. (3) We introduce a temporal refining scheme with event-guided attention followed by a simple-yet-effective post processing step to handle significant variations of the background over diverse events. Our method achieves state-of-the-art performance on the publicly available AVE dataset with 5.9% mean accuracy improvement which proves its superiority over existing approaches.

Title: TriangleNet: Edge Prior Augmented Network for Semantic Segmentation through Cross-Task Consistency. (arXiv:2210.05152v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2210.05152
• Code URL: null
• Copy Paste: [[2210.05152] TriangleNet: Edge Prior Augmented Network for Semantic Segmentation through Cross-Task Consistency](http://arxiv.org/abs/2210.05152)
• Summary:

  Semantic segmentation is a classic computer vision problem dedicated to labeling each pixel with its corresponding category. As a basic task for advanced tasks such as industrial quality inspection, remote sensing information extraction, medical diagnostic aid, and autonomous driving, semantic segmentation has been developed for a long time in combination with deep learning, and a lot of work has been accumulated. However, neither the classic FCN-based works nor the popular Transformer-based works have attained fine-grained localization of pixel labels, which remains the main challenge in this field. Recently, with the popularity of autonomous driving, the segmentation of road scenes has received more and more attention. Based on the cross-task consistency theory, we incorporate edge priors into semantic segmentation tasks to obtain better results. The main contribution is that we provide a model-agnostic method that improves the accuracy of semantic segmentation models with zero extra inference runtime overhead, verified on the datasets of road and non-road scenes. From our experimental results, our method can effectively improve semantic segmentation accuracy.

Title: It Takes Two: Masked Appearance-Motion Modeling for Self-supervised Video Transformer Pre-training. (arXiv:2210.05234v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2210.05234
• Code URL: null
• Copy Paste: [[2210.05234] It Takes Two: Masked Appearance-Motion Modeling for Self-supervised Video Transformer Pre-training](http://arxiv.org/abs/2210.05234)
• Summary:

  Self-supervised video transformer pre-training has recently benefited from the mask-and-predict pipeline. They have demonstrated outstanding effectiveness on downstream video tasks and superior data efficiency on small datasets. However, temporal relation is not fully exploited by these methods. In this work, we explicitly investigate motion cues in videos as extra prediction target and propose our Masked Appearance-Motion Modeling (MAM2) framework. Specifically, we design an encoder-regressor-decoder pipeline for this task. The regressor separates feature encoding and pretext tasks completion, such that the feature extraction process is completed adequately by the encoder. In order to guide the encoder to fully excavate spatial-temporal features, two separate decoders are used for two pretext tasks of disentangled appearance and motion prediction. We explore various motion prediction targets and figure out RGB-difference is simple yet effective. As for appearance prediction, VQGAN codes are leveraged as prediction target. With our pre-training pipeline, convergence can be remarkably speed up, e.g., we only require half of epochs than state-of-the-art VideoMAE (400 v.s. 800) to achieve the competitive performance. Extensive experimental results prove that our method learns generalized video representations. Notably, our MAM2 with ViT-B achieves 82.3% on Kinects-400, 71.3% on Something-Something V2, 91.5% on UCF101, and 62.5% on HMDB51.

Title: PP-StructureV2: A Stronger Document Analysis System. (arXiv:2210.05391v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2210.05391
• Code URL: https://github.com/PaddlePaddle/PaddleOCR
• Copy Paste: [[2210.05391] PP-StructureV2: A Stronger Document Analysis System](http://arxiv.org/abs/2210.05391)
• Summary:

  A large amount of document data exists in unstructured form such as raw images without any text information. Designing a practical document image analysis system is a meaningful but challenging task. In previous work, we proposed an intelligent document analysis system PP-Structure. In order to further upgrade the function and performance of PP-Structure, we propose PP-StructureV2 in this work, which contains two subsystems: Layout Information Extraction and Key Information Extraction. Firstly, we integrate Image Direction Correction module and Layout Restoration module to enhance the functionality of the system. Secondly, 8 practical strategies are utilized in PP-StructureV2 for better performance. For Layout Analysis model, we introduce ultra light-weight detector PP-PicoDet and knowledge distillation algorithm FGD for model lightweighting, which increased the inference speed by 11 times with comparable mAP. For Table Recognition model, we utilize PP-LCNet, CSP-PAN and SLAHead to optimize the backbone module, feature fusion module and decoding module, respectively, which improved the table structure accuracy by 6\% with comparable inference speed. For Key Information Extraction model, we introduce VI-LayoutXLM which is a visual-feature independent LayoutXLM architecture, TB-YX sorting algorithm and U-DML knowledge distillation algorithm, which brought 2.8\% and 9.1\% improvement respectively on the Hmean of Semantic Entity Recognition and Relation Extraction tasks. All the above mentioned models and code are open-sourced in the GitHub repository PaddleOCR.

Title: Large-to-small Image Resolution Asymmetry in Deep Metric Learning. (arXiv:2210.05463v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2210.05463
• Code URL: null
• Copy Paste: [[2210.05463] Large-to-small Image Resolution Asymmetry in Deep Metric Learning](http://arxiv.org/abs/2210.05463)
• Summary:

  Deep metric learning for vision is trained by optimizing a representation network to map (non-)matching image pairs to (non-)similar representations. During testing, which typically corresponds to image retrieval, both database and query examples are processed by the same network to obtain the representation used for similarity estimation and ranking. In this work, we explore an asymmetric setup by light-weight processing of the query at a small image resolution to enable fast representation extraction. The goal is to obtain a network for database examples that is trained to operate on large resolution images and benefits from fine-grained image details, and a second network for query examples that operates on small resolution images but preserves a representation space aligned with that of the database network. We achieve this with a distillation approach that transfers knowledge from a fixed teacher network to a student via a loss that operates per image and solely relies on coupled augmentations without the use of any labels. In contrast to prior work that explores such asymmetry from the point of view of different network architectures, this work uses the same architecture but modifies the image resolution. We conclude that resolution asymmetry is a better way to optimize the performance/efficiency trade-off than architecture asymmetry. Evaluation is performed on three standard deep metric learning benchmarks, namely CUB200, Cars196, and SOP. Code: https://github.com/pavelsuma/raml

Title: Extracting or Guessing? Improving Faithfulness of Event Temporal Relation Extraction. (arXiv:2210.04992v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2210.04992
• Code URL: null
• Copy Paste: [[2210.04992] Extracting or Guessing? Improving Faithfulness of Event Temporal Relation Extraction](http://arxiv.org/abs/2210.04992)
• Summary:

  In this paper, we seek to improve the faithfulness of \temprel extraction models from two perspectives. The first perspective is to extract genuinely based on contextual description. To achieve this, we propose to conduct counterfactual analysis to attenuate the effects of two significant types of training biases: the event trigger bias and the frequent label bias. We also add tense information into event representations to explicitly place an emphasis on the contextual description. The second perspective is to provide proper uncertainty estimation and abstain from extraction when no relation is described in the text. By parameterization of Dirichlet Prior over the model-predicted categorical distribution, we improve the model estimates of the correctness likelihood and make TempRel predictions more selective. We also employ temperature scaling to recalibrate the model confidence measure after bias mitigation. Through experimental analysis on MATRES, MATRES-DS, and TDDiscourse, we demonstrate that our model extracts TempRel and timelines more faithfully compared to SOTA methods, especially under distribution shifts.

Title: PatternRank: Leveraging Pretrained Language Models and Part of Speech for Unsupervised Keyphrase Extraction. (arXiv:2210.05245v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2210.05245
• Code URL: https://github.com/timschopf/keyphrasevectorizers
• Copy Paste: [[2210.05245] PatternRank: Leveraging Pretrained Language Models and Part of Speech for Unsupervised Keyphrase Extraction](http://arxiv.org/abs/2210.05245)
• Summary:

  Keyphrase extraction is the process of automatically selecting a small set of most relevant phrases from a given text. Supervised keyphrase extraction approaches need large amounts of labeled training data and perform poorly outside the domain of the training data (Bennani-Smires et al., 2018). In this paper, we present PatternRank, which leverages pretrained language models and part-of-speech for unsupervised keyphrase extraction from single documents. Our experiments show PatternRank achieves higher precision, recall and F1 -scores than previous state-of-the-art approaches. In addition, we present the KeyphraseVectorizers package, which allows easy modification of part-of-speech patterns for candidate keyphrase selection, and hence adaptation of our approach to any domain.

Title: Planning Assembly Sequence with Graph Transformer. (arXiv:2210.05236v1 [cs.AI])

• Paper URL: http://arxiv.org/abs/2210.05236
• Code URL: https://github.com/AIR-DISCOVER/ICRA_ASP
• Copy Paste: [[2210.05236] Planning Assembly Sequence with Graph Transformer](http://arxiv.org/abs/2210.05236)
• Summary:

  Assembly sequence planning (ASP) is the essential process for modern manufacturing, proven to be NP-complete thus its effective and efficient solution has been a challenge for researchers in the field. In this paper, we present a graph-transformer based framework for the ASP problem which is trained and demonstrated on a self-collected ASP database. The ASP database contains a self-collected set of LEGO models. The LEGO model is abstracted to a heterogeneous graph structure after a thorough analysis of the original structure and feature extraction. The ground truth assembly sequence is first generated by brute-force search and then adjusted manually to in line with human rational habits. Based on this self-collected ASP dataset, we propose a heterogeneous graph-transformer framework to learn the latent rules for assembly planning. We evaluated the proposed framework in a series of experiment. The results show that the similarity of the predicted and ground truth sequences can reach 0.44, a medium correlation measured by Kendall's $\tau$. Meanwhile, we compared the different effects of node features and edge features and generated a feasible and reasonable assembly sequence as a benchmark for further research. Our data set and code is available on https://github.com/AIR-DISCOVER/ICRA_ASP.

membership infer

federate

fair

Title: EarthNets: Empowering AI in Earth Observation. (arXiv:2210.04936v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2210.04936
• Code URL: null
• Copy Paste: [[2210.04936] EarthNets: Empowering AI in Earth Observation](http://arxiv.org/abs/2210.04936)
• Summary:

  Earth observation, aiming at monitoring the state of planet Earth using remote sensing data, is critical for improving our daily lives and living environment. With an increasing number of satellites in orbit, more and more datasets with diverse sensors and research domains are published to facilitate the research of the remote sensing community. In this paper, for the first time, we present a comprehensive review of more than 400 publicly published datasets, including applications like, land use/cover, change/disaster monitoring, scene understanding, agriculture, climate change and weather forecasting. We systemically analyze these Earth observation datasets from five aspects, including the volume, bibliometric analysis, research domains and the correlation between datasets. Based on the dataset attributes, we propose to measure, rank and select datasets to build a new benchmark for model evaluation. Furthermore, a new platform for Earth observation, termed EarthNets, is released towards a fair and consistent evaluation of deep learning methods on remote sensing data. EarthNets supports standard dataset libraries and cutting-edge deep learning models to bridge the gap between remote sensing and the machine learning community. Based on the EarthNets platform, extensive deep learning methods are evaluated on the new benchmark. The insightful results are beneficial to future research. The platform, dataset collections are publicly available at https://earthnets.nicepage.io.

Title: LidarNAS: Unifying and Searching Neural Architectures for 3D Point Clouds. (arXiv:2210.05018v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2210.05018
• Code URL: null
• Copy Paste: [[2210.05018] LidarNAS: Unifying and Searching Neural Architectures for 3D Point Clouds](http://arxiv.org/abs/2210.05018)
• Summary:

  Developing neural models that accurately understand objects in 3D point clouds is essential for the success of robotics and autonomous driving. However, arguably due to the higher-dimensional nature of the data (as compared to images), existing neural architectures exhibit a large variety in their designs, including but not limited to the views considered, the format of the neural features, and the neural operations used. Lack of a unified framework and interpretation makes it hard to put these designs in perspective, as well as systematically explore new ones. In this paper, we begin by proposing a unified framework of such, with the key idea being factorizing the neural networks into a series of view transforms and neural layers. We demonstrate that this modular framework can reproduce a variety of existing works while allowing a fair comparison of backbone designs. Then, we show how this framework can easily materialize into a concrete neural architecture search (NAS) space, allowing a principled NAS-for-3D exploration. In performing evolutionary NAS on the 3D object detection task on the Waymo Open Dataset, not only do we outperform the state-of-the-art models, but also report the interesting finding that NAS tends to discover the same macro-level architecture concept for both the vehicle and pedestrian classes.

Title: Are Pretrained Multilingual Models Equally Fair Across Languages?. (arXiv:2210.05457v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2210.05457
• Code URL: https://github.com/coastalcph/mozart
• Copy Paste: [[2210.05457] Are Pretrained Multilingual Models Equally Fair Across Languages?](http://arxiv.org/abs/2210.05457)
• Summary:

  Pretrained multilingual language models can help bridge the digital language divide, enabling high-quality NLP models for lower resourced languages. Studies of multilingual models have so far focused on performance, consistency, and cross-lingual generalisation. However, with their wide-spread application in the wild and downstream societal impact, it is important to put multilingual models under the same scrutiny as monolingual models. This work investigates the group fairness of multilingual models, asking whether these models are equally fair across languages. To this end, we create a new four-way multilingual dataset of parallel cloze test examples (MozArt), equipped with demographic information (balanced with regard to gender and native tongue) about the test participants. We evaluate three multilingual models on MozArt -- mBERT, XLM-R, and mT5 -- and show that across the four target languages, the three models exhibit different levels of group disparity, e.g., exhibiting near-equal risk for Spanish, but high levels of disparity for German.

Title: FEAMOE: Fair, Explainable and Adaptive Mixture of Experts. (arXiv:2210.04995v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2210.04995
• Code URL: null
• Copy Paste: [[2210.04995] FEAMOE: Fair, Explainable and Adaptive Mixture of Experts](http://arxiv.org/abs/2210.04995)
• Summary:

  Three key properties that are desired of trustworthy machine learning models deployed in high-stakes environments are fairness, explainability, and an ability to account for various kinds of "drift". While drifts in model accuracy, for example due to covariate shift, have been widely investigated, drifts in fairness metrics over time remain largely unexplored. In this paper, we propose FEAMOE, a novel "mixture-of-experts" inspired framework aimed at learning fairer, more explainable/interpretable models that can also rapidly adjust to drifts in both the accuracy and the fairness of a classifier. We illustrate our framework for three popular fairness measures and demonstrate how drift can be handled with respect to these fairness constraints. Experiments on multiple datasets show that our framework as applied to a mixture of linear experts is able to perform comparably to neural networks in terms of accuracy while producing fairer models. We then use the large-scale HMDA dataset and show that while various models trained on HMDA demonstrate drift with respect to both accuracy and fairness, FEAMOE can ably handle these drifts with respect to all the considered fairness measures and maintain model accuracy as well. We also prove that the proposed framework allows for producing fast Shapley value explanations, which makes computationally efficient feature attribution based explanations of model decisions readily available via FEAMOE.

interpretability

Title: Multi-site Diagnostic Classification Of Schizophrenia Using 3D CNN On Aggregated Task-based fMRI Data. (arXiv:2210.05240v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2210.05240
• Code URL: https://github.com/s-vigneshwaran/Schizophrenia-Classification-from-multi-site-fMRI-data
• Copy Paste: [[2210.05240] Multi-site Diagnostic Classification Of Schizophrenia Using 3D CNN On Aggregated Task-based fMRI Data](http://arxiv.org/abs/2210.05240)
• Summary:

  In spite of years of research, the mechanisms that underlie the development of schizophrenia, as well as its relapse, symptomatology, and treatment, continue to be a mystery. The absence of appropriate analytic tools to deal with the variable and complicated nature of schizophrenia may be one of the factors that contribute to the development of this disorder. Deep learning is a subfield of artificial intelligence that was inspired by the nervous system. In recent years, deep learning has made it easier to model and analyse complicated, high-dimensional, and nonlinear systems. Research on schizophrenia is one of the many areas of study that has been revolutionised as a result of the outstanding accuracy that deep learning algorithms have demonstrated in classification and prediction tasks. Deep learning has the potential to become a powerful tool for understanding the mechanisms that are at the root of schizophrenia. In addition, a growing variety of techniques aimed at improving model interpretability and causal reasoning are contributing to this trend. Using multi-site fMRI data and a variety of deep learning approaches, this study seeks to identify different types of schizophrenia. Our proposed method of temporal aggregation of the 4D fMRI data outperforms existing work. In addition, this study aims to shed light on the strength of connections between various brain areas in schizophrenia individuals.

Title: Mixture of Attention Heads: Selecting Attention Heads Per Token. (arXiv:2210.05144v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2210.05144
• Code URL: https://github.com/yikangshen/moa
• Copy Paste: [[2210.05144] Mixture of Attention Heads: Selecting Attention Heads Per Token](http://arxiv.org/abs/2210.05144)
• Summary:

  Mixture-of-Experts (MoE) networks have been proposed as an efficient way to scale up model capacity and implement conditional computing. However, the study of MoE components mostly focused on the feedforward layer in Transformer architecture. This paper proposes the Mixture of Attention Heads (MoA), a new architecture that combines multi-head attention with the MoE mechanism. MoA includes a set of attention heads that each has its own set of parameters. Given an input, a router dynamically selects a subset of $k$ attention heads per token. This conditional computation schema allows MoA to achieve stronger performance than the standard multi-head attention layer. Furthermore, the sparsely gated MoA can easily scale up the number of attention heads and the number of parameters while preserving computational efficiency. In addition to the performance improvements, MoA also automatically differentiates heads' utilities, providing a new perspective to discuss the model's interpretability. We conducted experiments on several important tasks, including Machine Translation and Masked Language Modeling. Experiments have shown promising results on several tasks against strong baselines that involve large and very deep models.

Title: Towards Structure-aware Paraphrase Identification with Phrase Alignment Using Sentence Encoders. (arXiv:2210.05302v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2210.05302
• Code URL: null
• Copy Paste: [[2210.05302] Towards Structure-aware Paraphrase Identification with Phrase Alignment Using Sentence Encoders](http://arxiv.org/abs/2210.05302)
• Summary:

  Previous works have demonstrated the effectiveness of utilising pre-trained sentence encoders based on their sentence representations for meaning comparison tasks. Though such representations are shown to capture hidden syntax structures, the direct similarity comparison between them exhibits weak sensitivity to word order and structural differences in given sentences. A single similarity score further makes the comparison process hard to interpret. Therefore, we here propose to combine sentence encoders with an alignment component by representing each sentence as a list of predicate-argument spans (where their span representations are derived from sentence encoders), and decomposing the sentence-level meaning comparison into the alignment between their spans for paraphrase identification tasks. Empirical results show that the alignment component brings in both improved performance and interpretability for various sentence encoders. After closer investigation, the proposed approach indicates increased sensitivity to structural difference and enhanced ability to distinguish non-paraphrases with high lexical overlap.

Title: Neural Networks are Decision Trees. (arXiv:2210.05189v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2210.05189
• Code URL: null
• Copy Paste: [[2210.05189] Neural Networks are Decision Trees](http://arxiv.org/abs/2210.05189)
• Summary:

  In this manuscript, we show that any neural network having piece-wise linear activation functions can be represented as a decision tree. The representation is equivalence and not an approximation, thus keeping the accuracy of the neural network exactly as is. This equivalence shows that neural networks are indeed interpretable by design and makes the \textit{black-box} understanding obsolete. We share equivalent trees of some neural networks and show that besides providing interpretability, tree representation can also achieve some computational advantages. The analysis holds both for fully connected and convolutional networks, which may or may not also include skip connections and/or normalizations.

exlainability

watermark