secure

Title: It's TEEtime: Bringing User Sovereignty to Smartphones. (arXiv:2211.05206v1 [cs.CR])

Paper URL: http://arxiv.org/abs/2211.05206
Code URL: null
Copy Paste: [[2211.05206] It's TEEtime: Bringing User Sovereignty to Smartphones](http://arxiv.org/abs/2211.05206)
Summary:
The majority of smartphones either run iOS or Android operating systems. This has created two distinct ecosystems largely controlled by Apple and Google - they dictate which applications can run, how they run, and what kind of phone resources they can access. Barring some exceptions in Android where different phone manufacturers may have influence, users, developers, and governments are left with little control. Specifically, users need to entrust their security and privacy to OS vendors and accept the functionality constraints they impose. Given the wide use of Android and iOS, immediately leaving these ecosystems is not practical, except in niche application areas. In this work, we propose a new smartphone architecture that securely transfers the control over the smartphone back to the users while maintaining compatibility with the existing smartphone ecosystems. Our architecture, named TEEtime, is based on ARMv8 and implements novel, TEE-based, resource and interrupt isolation mechanisms which allow the users to flexibly choose which resources (including peripherals) to dedicate to different isolated domains, namely, to legacy OSs and to user's proprietary software. We show the feasibility of our design by implementing a prototype of TEEtime on an ARM emulator.

security

Title: Computer Vision on X-ray Data in Industrial Production and Security Applications: A survey. (arXiv:2211.05565v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2211.05565
Code URL: null
Copy Paste: [[2211.05565] Computer Vision on X-ray Data in Industrial Production and Security Applications: A survey](http://arxiv.org/abs/2211.05565)
Summary:
X-ray imaging technology has been used for decades in clinical tasks to reveal the internal condition of different organs, and in recent years, it has become more common in other areas such as industry, security, and geography. The recent development of computer vision and machine learning techniques has also made it easier to automatically process X-ray images and several machine learning-based object (anomaly) detection, classification, and segmentation methods have been recently employed in X-ray image analysis. Due to the high potential of deep learning in related image processing applications, it has been used in most of the studies. This survey reviews the recent research on using computer vision and machine learning for X-ray analysis in industrial production and security applications and covers the applications, techniques, evaluation metrics, datasets, and performance comparison of those techniques on publicly available datasets. We also highlight some drawbacks in the published research and give recommendations for future research in computer vision-based X-ray analysis.

Title: Haven't I Seen You Before? Assessing Identity Leakage in Synthetic Irises. (arXiv:2211.05629v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2211.05629
Code URL: null
Copy Paste: [[2211.05629] Haven't I Seen You Before? Assessing Identity Leakage in Synthetic Irises](http://arxiv.org/abs/2211.05629)
Summary:
Generative Adversarial Networks (GANs) have proven to be a preferred method of synthesizing fake images of objects, such as faces, animals, and automobiles. It is not surprising these models can also generate ISO-compliant, yet synthetic iris images, which can be used to augment training data for iris matchers and liveness detectors. In this work, we trained one of the most recent GAN models (StyleGAN3) to generate fake iris images with two primary goals: (i) to understand the GAN's ability to produce "never-before-seen" irises, and (ii) to investigate the phenomenon of identity leakage as a function of the GAN's training time. Previous work has shown that personal biometric data can inadvertently flow from training data into synthetic samples, raising a privacy concern for subjects who accidentally appear in the training dataset. This paper presents analysis for three different iris matchers at varying points in the GAN training process to diagnose where and when authentic training samples are in jeopardy of leaking through the generative process. Our results show that while most synthetic samples do not show signs of identity leakage, a handful of generated samples match authentic (training) samples nearly perfectly, with consensus across all matchers. In order to prioritize privacy, security, and trust in the machine learning model development process, the research community must strike a delicate balance between the benefits of using synthetic data and the corresponding threats against privacy from potential identity leakage.

Title: Network Security Roadmap. (arXiv:2211.05278v1 [cs.CR])

Paper URL: http://arxiv.org/abs/2211.05278
Code URL: null
Copy Paste: [[2211.05278] Network Security Roadmap](http://arxiv.org/abs/2211.05278)
Summary:
Users may already have some perception of provided security based on experience with earlier generations. To maintain the stability and coherent integration of 5G services, it is imperative that security and privacy features prevalent in earlier generations are also present in 5G. However, it is not sufficient just to provide the same security features as in the legacy systems due to the new threat model introduced by the integration of new technologies like SDN, virtualization and SBA. 5G systems are expected to be more service-oriented. This suggests there will be an additional emphasis on security and privacy requirements that spawn from the new dimension of service-oriented security architecture.

Title: UAV Traffic Management : A Survey On Communication Security. (arXiv:2211.05640v1 [cs.CR])

Paper URL: http://arxiv.org/abs/2211.05640
Code URL: null
Copy Paste: [[2211.05640] UAV Traffic Management : A Survey On Communication Security](http://arxiv.org/abs/2211.05640)
Summary:
Unmanned Aerial Systems (UAS) have a wide variety of applications, and their development in terms of capabilities is continuously evolving. Many missions performed by an Unmanned Aerial Vehicle (UAV) require flying in public airspace. This requires very high safety standards, similar to those mandatory in commercial civil aviation. A safe UAV Traffic Management (UTM) requires several communication links between aircraft, their pilots and UTM systems. The integrity of these communication links is critical for the safety of operations. Several security requirements also have to be met on each of these links. Unfortunately, current cryptographic standards used over the internet are most often not suitable to UAS due to their limited resources and dynamic nature. This survey discusses the security required for every communication link in order to enable a safe traffic management. Research works focusing on the security of communication links using cryptographic primitives are then presented and discussed. Authentication protocols developed for UAVs or other constrained systems are compared and evaluated as solutions for UAS security. Symmetrical alternatives to the AES algorithm are also presented. Works to secure current UTM protocols such as ADS-B and RemoteID are discussed. The analysis reveals a need for the development of a complete secure architecture able to provide authentication and integrity to external systems (other aircraft, UTM systems...).

Title: The Dark Side of The Internet of Vehicles: A Survey of the State of IoV and its Security Vulnerabilities. (arXiv:2211.05775v1 [cs.CR])

Paper URL: http://arxiv.org/abs/2211.05775
Code URL: null
Copy Paste: [[2211.05775] The Dark Side of The Internet of Vehicles: A Survey of the State of IoV and its Security Vulnerabilities](http://arxiv.org/abs/2211.05775)
Summary:
For the smart vehicular network, we studied two technologies to realize it. The first technology is the cooperative scheme which improves capacity by properly combining the V2V and V2I. The second technology is an online learning algorithm which can deal with the beam selection problem in mmWave system. Both are effective and can be used in autonomous driving systems. However, advancements in the field of IoV have elicited research in different areas related to the field. This highlights a critical need to address security and protection challenges as a result of the progression of vehicles and everything that is being transferred to the internet. In addition, to understand exactly where research is missing regarding IoV, we found that a survey of current research in the vulnerabilities and threats to general IoT applications. In addition to other attacks, we found that DDoS attacks in the form of botnets are significant threats to the IoT world. Upon researching which threats and vulnerabilities are leveraged in IoV research, the field was severely lacking in botnet and DDoS attack research. If developers neglect to address this issue before interconnected vehicles become a mainstream reality, this discovery can have severe ramifications for the safety of IoV consumers around the globe.

Title: Power Grid Congestion Management via Topology Optimization with AlphaZero. (arXiv:2211.05612v1 [cs.AI])

Paper URL: http://arxiv.org/abs/2211.05612
Code URL: null
Copy Paste: [[2211.05612] Power Grid Congestion Management via Topology Optimization with AlphaZero](http://arxiv.org/abs/2211.05612)
Summary:
The energy sector is facing rapid changes in the transition towards clean renewable sources. However, the growing share of volatile, fluctuating renewable generation such as wind or solar energy has already led to an increase in power grid congestion and network security concerns. Grid operators mitigate these by modifying either generation or demand (redispatching, curtailment, flexible loads). Unfortunately, redispatching of fossil generators leads to excessive grid operation costs and higher emissions, which is in direct opposition to the decarbonization of the energy sector. In this paper, we propose an AlphaZero-based grid topology optimization agent as a non-costly, carbon-free congestion management alternative. Our experimental evaluation confirms the potential of topology optimization for power grid operation, achieves a reduction of the average amount of required redispatching by 60%, and shows the interoperability with traditional congestion management methods. Our approach also ranked 1st in the WCCI 2022 Learning to Run a Power Network (L2RPN) competition. Based on our findings, we identify and discuss open research problems as well as technical challenges for a productive system on a real power grid.

privacy

Title: Deep Learning based Computer Vision Methods for Complex Traffic Environments Perception: A Review. (arXiv:2211.05120v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2211.05120
Code URL: null
Copy Paste: [[2211.05120] Deep Learning based Computer Vision Methods for Complex Traffic Environments Perception: A Review](http://arxiv.org/abs/2211.05120)
Summary:
Computer vision applications in intelligent transportation systems (ITS) and autonomous driving (AD) have gravitated towards deep neural network architectures in recent years. While performance seems to be improving on benchmark datasets, many real-world challenges are yet to be adequately considered in research. This paper conducted an extensive literature review on the applications of computer vision in ITS and AD, and discusses challenges related to data, models, and complex urban environments. The data challenges are associated with the collection and labeling of training data and its relevance to real world conditions, bias inherent in datasets, the high volume of data needed to be processed, and privacy concerns. Deep learning (DL) models are commonly too complex for real-time processing on embedded hardware, lack explainability and generalizability, and are hard to test in real-world settings. Complex urban traffic environments have irregular lighting and occlusions, and surveillance cameras can be mounted at a variety of angles, gather dirt, shake in the wind, while the traffic conditions are highly heterogeneous, with violation of rules and complex interactions in crowded scenarios. Some representative applications that suffer from these problems are traffic flow estimation, congestion detection, autonomous driving perception, vehicle interaction, and edge computing for practical deployment. The possible ways of dealing with the challenges are also explored while prioritizing practical deployment.

Title: On the Privacy Risks of Algorithmic Recourse. (arXiv:2211.05427v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.05427
Code URL: null
Copy Paste: [[2211.05427] On the Privacy Risks of Algorithmic Recourse](http://arxiv.org/abs/2211.05427)
Summary:
As predictive models are increasingly being employed to make consequential decisions, there is a growing emphasis on developing techniques that can provide algorithmic recourse to affected individuals. While such recourses can be immensely beneficial to affected individuals, potential adversaries could also exploit these recourses to compromise privacy. In this work, we make the first attempt at investigating if and how an adversary can leverage recourses to infer private information about the underlying model's training data. To this end, we propose a series of novel membership inference attacks which leverage algorithmic recourse. More specifically, we extend the prior literature on membership inference attacks to the recourse setting by leveraging the distances between data instances and their corresponding counterfactuals output by state-of-the-art recourse methods. Extensive experimentation with real world and synthetic datasets demonstrates significant privacy leakage through recourses. Our work establishes unintended privacy leakage as an important risk in the widespread adoption of recourse methods.

Title: Privacy-Preserving Machine Learning for Collaborative Data Sharing via Auto-encoder Latent Space Embeddings. (arXiv:2211.05717v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.05717
Code URL: null
Copy Paste: [[2211.05717] Privacy-Preserving Machine Learning for Collaborative Data Sharing via Auto-encoder Latent Space Embeddings](http://arxiv.org/abs/2211.05717)
Summary:
Privacy-preserving machine learning in data-sharing processes is an ever-critical task that enables collaborative training of Machine Learning (ML) models without the need to share the original data sources. It is especially relevant when an organization must assure that sensitive data remains private throughout the whole ML pipeline, i.e., training and inference phases. This paper presents an innovative framework that uses Representation Learning via autoencoders to generate privacy-preserving embedded data. Thus, organizations can share the data representation to increase machine learning models' performance in scenarios with more than one data source for a shared predictive downstream task.

Title: Heterogeneous Randomized Response for Differential Privacy in Graph Neural Networks. (arXiv:2211.05766v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.05766
Code URL: null
Copy Paste: [[2211.05766] Heterogeneous Randomized Response for Differential Privacy in Graph Neural Networks](http://arxiv.org/abs/2211.05766)
Summary:
Graph neural networks (GNNs) are susceptible to privacy inference attacks (PIAs), given their ability to learn joint representation from features and edges among nodes in graph data. To prevent privacy leakages in GNNs, we propose a novel heterogeneous randomized response (HeteroRR) mechanism to protect nodes' features and edges against PIAs under differential privacy (DP) guarantees without an undue cost of data and model utility in training GNNs. Our idea is to balance the importance and sensitivity of nodes' features and edges in redistributing the privacy budgets since some features and edges are more sensitive or important to the model utility than others. As a result, we derive significantly better randomization probabilities and tighter error bounds at both levels of nodes' features and edges departing from existing approaches, thus enabling us to maintain high data utility for training GNNs. An extensive theoretical and empirical analysis using benchmark datasets shows that HeteroRR significantly outperforms various baselines in terms of model utility under rigorous privacy protection for both nodes' features and edges. That enables us to defend PIAs in DP-preserving GNNs effectively.

protect

defense

Title: Backdoor Defense via Suppressing Model Shortcuts. (arXiv:2211.05631v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2211.05631
Code URL: null
Copy Paste: [[2211.05631] Backdoor Defense via Suppressing Model Shortcuts](http://arxiv.org/abs/2211.05631)
Summary:
Recent studies have demonstrated that deep neural networks (DNNs) are vulnerable to backdoor attacks during the training process. Specifically, the adversaries intend to embed hidden backdoors in DNNs so that malicious model predictions can be activated through pre-defined trigger patterns. In this paper, we explore the backdoor mechanism from the angle of the model structure. We select the skip connection for discussions, inspired by the understanding that it helps the learning of model `shortcuts' where backdoor triggers are usually easier to be learned. Specifically, we demonstrate that the attack success rate (ASR) decreases significantly when reducing the outputs of some key skip connections. Based on this observation, we design a simple yet effective backdoor removal method by suppressing the skip connections in critical layers selected by our method. We also implement fine-tuning on these layers to recover high benign accuracy and to further reduce ASR. Extensive experiments on benchmark datasets verify the effectiveness of our method.

Title: MSDT: Masked Language Model Scoring Defense in Text Domain. (arXiv:2211.05371v1 [cs.CL])

Paper URL: http://arxiv.org/abs/2211.05371
Code URL: https://github.com/jcroh0508/msdt
Copy Paste: [[2211.05371] MSDT: Masked Language Model Scoring Defense in Text Domain](http://arxiv.org/abs/2211.05371)
Summary:
Pre-trained language models allowed us to process downstream tasks with the help of fine-tuning, which aids the model to achieve fairly high accuracy in various Natural Language Processing (NLP) tasks. Such easily-downloaded language models from various websites empowered the public users as well as some major institutions to give a momentum to their real-life application. However, it was recently proven that models become extremely vulnerable when they are backdoor attacked with trigger-inserted poisoned datasets by malicious users. The attackers then redistribute the victim models to the public to attract other users to use them, where the models tend to misclassify when certain triggers are detected within the training sample. In this paper, we will introduce a novel improved textual backdoor defense method, named MSDT, that outperforms the current existing defensive algorithms in specific datasets. The experimental results illustrate that our method can be effective and constructive in terms of defending against backdoor attack in text domain. Code is available at https://github.com/jcroh0508/MSDT.

attack

Title: Plausibility Verification For 3D Object Detectors Using Energy-Based Optimization. (arXiv:2211.05233v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2211.05233
Code URL: null
Copy Paste: [[2211.05233] Plausibility Verification For 3D Object Detectors Using Energy-Based Optimization](http://arxiv.org/abs/2211.05233)
Summary:
Environmental perception obtained via object detectors have no predictable safety layer encoded into their model schema, which creates the question of trustworthiness about the system's prediction. As can be seen from recent adversarial attacks, most of the current object detection networks are vulnerable to input tampering, which in the real world could compromise the safety of autonomous vehicles. The problem would be amplified even more when uncertainty errors could not propagate into the submodules, if these are not a part of the end-to-end system design. To address these concerns, a parallel module which verifies the predictions of the object proposals coming out of Deep Neural Networks are required. This work aims to verify 3D object proposals from MonoRUn model by proposing a plausibility framework that leverages cross sensor streams to reduce false positives. The verification metric being proposed uses prior knowledge in the form of four different energy functions, each utilizing a certain prior to output an energy value leading to a plausibility justification for the hypothesis under consideration. We also employ a novel two-step schema to improve the optimization of the composite energy function representing the energy model.

Title: Untargeted Backdoor Attack against Object Detection. (arXiv:2211.05638v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2211.05638
Code URL: null
Copy Paste: [[2211.05638] Untargeted Backdoor Attack against Object Detection](http://arxiv.org/abs/2211.05638)
Summary:
Recent studies revealed that deep neural networks (DNNs) are exposed to backdoor threats when training with third-party resources (such as training samples or backbones). The backdoored model has promising performance in predicting benign samples, whereas its predictions can be maliciously manipulated by adversaries based on activating its backdoors with pre-defined trigger patterns. Currently, most of the existing backdoor attacks were conducted on the image classification under the targeted manner. In this paper, we reveal that these threats could also happen in object detection, posing threatening risks to many mission-critical applications ($e.g.$, pedestrian detection and intelligent surveillance systems). Specifically, we design a simple yet effective poison-only backdoor attack in an untargeted manner, based on task characteristics. We show that, once the backdoor is embedded into the target model by our attack, it can trick the model to lose detection of any object stamped with our trigger patterns. We conduct extensive experiments on the benchmark dataset, showing its effectiveness in both digital and physical-world settings and its resistance to potential defenses.

Title: Zebra: Deeply Integrating System-Level Provenance Search and Tracking for Efficient Attack Investigation. (arXiv:2211.05403v1 [cs.CR])

Paper URL: http://arxiv.org/abs/2211.05403
Code URL: null
Copy Paste: [[2211.05403] Zebra: Deeply Integrating System-Level Provenance Search and Tracking for Efficient Attack Investigation](http://arxiv.org/abs/2211.05403)
Summary:
System auditing has emerged as a key approach for monitoring system call events and investigating sophisticated attacks. Based on the collected audit logs, research has proposed to search for attack patterns or track the causal dependencies of system events to reveal the attack sequence. However, existing approaches either cannot reveal long-range attack sequences or suffer from the dependency explosion problem due to a lack of focus on attack-relevant parts, and thus are insufficient for investigating complex attacks.

To bridge the gap, we propose Zebra, a system that synergistically integrates attack pattern search and causal dependency tracking for efficient attack investigation. With Zebra, security analysts can alternate between search and tracking to reveal the entire attack sequence in a progressive, user-guided manner, while mitigating the dependency explosion problem by prioritizing the attack-relevant parts. To enable this, Zebra provides (1) an expressive and concise domain-specific language, Tstl, for performing various types of search and tracking analyses, and (2) an optimized language execution engine for efficient execution over a big amount of auditing data. Evaluations on a broad set of attack cases demonstrate the effectiveness of Zebra in facilitating a timely attack investigation.

Title: QuerySnout: Automating the Discovery of Attribute Inference Attacks against Query-Based Systems. (arXiv:2211.05249v1 [cs.CR])

Paper URL: http://arxiv.org/abs/2211.05249
Code URL: null
Copy Paste: [[2211.05249] QuerySnout: Automating the Discovery of Attribute Inference Attacks against Query-Based Systems](http://arxiv.org/abs/2211.05249)
Summary:
Although query-based systems (QBS) have become one of the main solutions to share data anonymously, building QBSes that robustly protect the privacy of individuals contributing to the dataset is a hard problem. Theoretical solutions relying on differential privacy guarantees are difficult to implement correctly with reasonable accuracy, while ad-hoc solutions might contain unknown vulnerabilities. Evaluating the privacy provided by QBSes must thus be done by evaluating the accuracy of a wide range of privacy attacks. However, existing attacks require time and expertise to develop, need to be manually tailored to the specific systems attacked, and are limited in scope. In this paper, we develop QuerySnout (QS), the first method to automatically discover vulnerabilities in QBSes. QS takes as input a target record and the QBS as a black box, analyzes its behavior on one or more datasets, and outputs a multiset of queries together with a rule to combine answers to them in order to reveal the sensitive attribute of the target record. QS uses evolutionary search techniques based on a novel mutation operator to find a multiset of queries susceptible to lead to an attack, and a machine learning classifier to infer the sensitive attribute from answers to the queries selected. We showcase the versatility of QS by applying it to two attack scenarios, three real-world datasets, and a variety of protection mechanisms. We show the attacks found by QS to consistently equate or outperform, sometimes by a large margin, the best attacks from the literature. We finally show how QS can be extended to QBSes that require a budget, and apply QS to a simple QBS based on the Laplace mechanism. Taken together, our results show how powerful and accurate attacks against QBSes can already be found by an automated system, allowing for highly complex QBSes to be automatically tested "at the pressing of a button".

robust

Title: An Empirical Study on Clustering Pretrained Embeddings: Is Deep Strictly Better?. (arXiv:2211.05183v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2211.05183
Code URL: null
Copy Paste: [[2211.05183] An Empirical Study on Clustering Pretrained Embeddings: Is Deep Strictly Better?](http://arxiv.org/abs/2211.05183)
Summary:
Recent research in clustering face embeddings has found that unsupervised, shallow, heuristic-based methods -- including $k$-means and hierarchical agglomerative clustering -- underperform supervised, deep, inductive methods. While the reported improvements are indeed impressive, experiments are mostly limited to face datasets, where the clustered embeddings are highly discriminative or well-separated by class (Recall@1 above 90% and often nearing ceiling), and the experimental methodology seemingly favors the deep methods. We conduct a large-scale empirical study of 17 clustering methods across three datasets and obtain several robust findings. Notably, deep methods are surprisingly fragile for embeddings with more uncertainty, where they match or even perform worse than shallow, heuristic-based methods. When embeddings are highly discriminative, deep methods do outperform the baselines, consistent with past results, but the margin between methods is much smaller than previously reported. We believe our benchmarks broaden the scope of supervised clustering methods beyond the face domain and can serve as a foundation on which these methods could be improved. To enable reproducibility, we include all necessary details in the appendices, and plan to release the code.

Title: MuMIC -- Multimodal Embedding for Multi-label Image Classification with Tempered Sigmoid. (arXiv:2211.05232v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2211.05232
Code URL: null
Copy Paste: [[2211.05232] MuMIC -- Multimodal Embedding for Multi-label Image Classification with Tempered Sigmoid](http://arxiv.org/abs/2211.05232)
Summary:
Multi-label image classification is a foundational topic in various domains. Multimodal learning approaches have recently achieved outstanding results in image representation and single-label image classification. For instance, Contrastive Language-Image Pretraining (CLIP) demonstrates impressive image-text representation learning abilities and is robust to natural distribution shifts. This success inspires us to leverage multimodal learning for multi-label classification tasks, and benefit from contrastively learnt pretrained models. We propose the Multimodal Multi-label Image Classification (MuMIC) framework, which utilizes a hardness-aware tempered sigmoid based Binary Cross Entropy loss function, thus enables the optimization on multi-label objectives and transfer learning on CLIP. MuMIC is capable of providing high classification performance, handling real-world noisy data, supporting zero-shot predictions, and producing domain-specific image embeddings. In this study, a total of 120 image classes are defined, and more than 140K positive annotations are collected on approximately 60K Booking.com images. The final MuMIC model is deployed on Booking.com Content Intelligence Platform, and it outperforms other state-of-the-art models with 85.6% GAP@10 and 83.8% GAP on all 120 classes, as well as a 90.1% macro mAP score across 32 majority classes. We summarize the modeling choices which are extensively tested through ablation studies. To the best of our knowledge, we are the first to adapt contrastively learnt multimodal pretraining for real-world multi-label image classification problems, and the innovation can be transferred to other domains.

Title: Okapi: Generalising Better by Making Statistical Matches Match. (arXiv:2211.05236v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2211.05236
Code URL: https://github.com/wearepal/okapi
Copy Paste: [[2211.05236] Okapi: Generalising Better by Making Statistical Matches Match](http://arxiv.org/abs/2211.05236)
Summary:
We propose Okapi, a simple, efficient, and general method for robust semi-supervised learning based on online statistical matching. Our method uses a nearest-neighbours-based matching procedure to generate cross-domain views for a consistency loss, while eliminating statistical outliers. In order to perform the online matching in a runtime- and memory-efficient way, we draw upon the self-supervised literature and combine a memory bank with a slow-moving momentum encoder. The consistency loss is applied within the feature space, rather than on the predictive distribution, making the method agnostic to both the modality and the task in question. We experiment on the WILDS 2.0 datasets Sagawa et al., which significantly expands the range of modalities, applications, and shifts available for studying and benchmarking real-world unsupervised adaptation. Contrary to Sagawa et al., we show that it is in fact possible to leverage additional unlabelled data to improve upon empirical risk minimisation (ERM) results with the right method. Our method outperforms the baseline methods in terms of out-of-distribution (OOD) generalisation on the iWildCam (a multi-class classification task) and PovertyMap (a regression task) image datasets as well as the CivilComments (a binary classification task) text dataset. Furthermore, from a qualitative perspective, we show the matches obtained from the learned encoder are strongly semantically related. Code for our paper is publicly available at https://github.com/wearepal/okapi/.

Title: Few-shot Classification with Hypersphere Modeling of Prototypes. (arXiv:2211.05319v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.05319
Code URL: null
Copy Paste: [[2211.05319] Few-shot Classification with Hypersphere Modeling of Prototypes](http://arxiv.org/abs/2211.05319)
Summary:
Metric-based meta-learning is one of the de facto standards in few-shot learning. It composes of representation learning and metrics calculation designs. Previous works construct class representations in different ways, varying from mean output embedding to covariance and distributions. However, using embeddings in space lacks expressivity and cannot capture class information robustly, while statistical complex modeling poses difficulty to metric designs. In this work, we use tensor fields (``areas'') to model classes from the geometrical perspective for few-shot learning. We present a simple and effective method, dubbed hypersphere prototypes (HyperProto), where class information is represented by hyperspheres with dynamic sizes with two sets of learnable parameters: the hypersphere's center and the radius. Extending from points to areas, hyperspheres are much more expressive than embeddings. Moreover, it is more convenient to perform metric-based classification with hypersphere prototypes than statistical modeling, as we only need to calculate the distance from a data point to the surface of the hypersphere. Following this idea, we also develop two variants of prototypes under other measurements. Extensive experiments and analysis on few-shot learning tasks across NLP and CV and comparison with 20+ competitive baselines demonstrate the effectiveness of our approach.

Title: MGiaD: Multigrid in all dimensions. Efficiency and robustness by coarsening in resolution and channel dimensions. (arXiv:2211.05525v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2211.05525
Code URL: null
Copy Paste: [[2211.05525] MGiaD: Multigrid in all dimensions](http://arxiv.org/abs/2211.05525)
Summary:
Current state-of-the-art deep neural networks for image classification are made up of 10 - 100 million learnable weights and are therefore inherently prone to overfitting. The complexity of the weight count can be seen as a function of the number of channels, the spatial extent of the input and the number of layers of the network. Due to the use of convolutional layers the scaling of weight complexity is usually linear with regards to the resolution dimensions, but remains quadratic with respect to the number of channels. Active research in recent years in terms of using multigrid inspired ideas in deep neural networks have shown that on one hand a significant number of weights can be saved by appropriate weight sharing and on the other that a hierarchical structure in the channel dimension can improve the weight complexity to linear. In this work, we combine these multigrid ideas to introduce a joint framework of multigrid inspired architectures, that exploit multigrid structures in all relevant dimensions to achieve linear weight complexity scaling and drastically reduced weight counts. Our experiments show that this structured reduction in weight count is able to reduce overfitting and thus shows improved performance over state-of-the-art ResNet architectures on typical image classification benchmarks at lower network complexity.

Title: SWTF: Sparse Weighted Temporal Fusion for Drone-Based Activity Recognition. (arXiv:2211.05531v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2211.05531
Code URL: null
Copy Paste: [[2211.05531] SWTF: Sparse Weighted Temporal Fusion for Drone-Based Activity Recognition](http://arxiv.org/abs/2211.05531)
Summary:
Drone-camera based human activity recognition (HAR) has received significant attention from the computer vision research community in the past few years. A robust and efficient HAR system has a pivotal role in fields like video surveillance, crowd behavior analysis, sports analysis, and human-computer interaction. What makes it challenging are the complex poses, understanding different viewpoints, and the environmental scenarios where the action is taking place. To address such complexities, in this paper, we propose a novel Sparse Weighted Temporal Fusion (SWTF) module to utilize sparsely sampled video frames for obtaining global weighted temporal fusion outcome. The proposed SWTF is divided into two components. First, a temporal segment network that sparsely samples a given set of frames. Second, weighted temporal fusion, that incorporates a fusion of feature maps derived from optical flow, with raw RGB images. This is followed by base-network, which comprises a convolutional neural network module along with fully connected layers that provide us with activity recognition. The SWTF network can be used as a plug-in module to the existing deep CNN architectures, for optimizing them to learn temporal information by eliminating the need for a separate temporal stream. It has been evaluated on three publicly available benchmark datasets, namely Okutama, MOD20, and Drone-Action. The proposed model has received an accuracy of 72.76%, 92.56%, and 78.86% on the respective datasets thereby surpassing the previous state-of-the-art performances by a significant margin.

Title: Near-infrared and visible-light periocular recognition with Gabor features using frequency-adaptive automatic eye detection. (arXiv:2211.05544v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2211.05544
Code URL: null
Copy Paste: [[2211.05544] Near-infrared and visible-light periocular recognition with Gabor features using frequency-adaptive automatic eye detection](http://arxiv.org/abs/2211.05544)
Summary:
Periocular recognition has gained attention recently due to demands of increased robustness of face or iris in less controlled scenarios. We present a new system for eye detection based on complex symmetry filters, which has the advantage of not needing training. Also, separability of the filters allows faster detection via one-dimensional convolutions. This system is used as input to a periocular algorithm based on retinotopic sampling grids and Gabor spectrum decomposition. The evaluation framework is composed of six databases acquired both with near-infrared and visible sensors. The experimental setup is complemented with four iris matchers, used for fusion experiments. The eye detection system presented shows very high accuracy with near-infrared data, and a reasonable good accuracy with one visible database. Regarding the periocular system, it exhibits great robustness to small errors in locating the eye centre, as well as to scale changes of the input image. The density of the sampling grid can also be reduced without sacrificing accuracy. Lastly, despite the poorer performance of the iris matchers with visible data, fusion with the periocular system can provide an improvement of more than 20%. The six databases used have been manually annotated, with the annotation made publicly available.

Title: Optimizing Server-side Aggregation For Robust Federated Learning via Subspace Training. (arXiv:2211.05554v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.05554
Code URL: null
Copy Paste: [[2211.05554] Optimizing Server-side Aggregation For Robust Federated Learning via Subspace Training](http://arxiv.org/abs/2211.05554)
Summary:
Non-IID data distribution across clients and poisoning attacks are two main challenges in real-world federated learning systems. While both of them have attracted great research interest with specific strategies developed, no known solution manages to address them in a unified framework. To jointly overcome both challenges, we propose SmartFL, a generic approach that optimizes the server-side aggregation process with a small clean server-collected proxy dataset (e.g., around one hundred samples, 0.2% of the dataset) via a subspace training technique. Specifically, the aggregation weight of each participating client at each round is optimized using the server-collected proxy data, which is essentially the optimization of the global model in the convex hull spanned by client models. Since at each round, the number of tunable parameters optimized on the server side equals the number of participating clients (thus independent of the model size), we are able to train a global model with massive parameters using only a small amount of proxy data. We provide theoretical analyses of the convergence and generalization capacity for SmartFL. Empirically, SmartFL achieves state-of-the-art performance on both federated learning with non-IID data distribution and federated learning with malicious clients. The source code will be released.

Title: Unbiased Supervised Contrastive Learning. (arXiv:2211.05568v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.05568
Code URL: null
Copy Paste: [[2211.05568] Unbiased Supervised Contrastive Learning](http://arxiv.org/abs/2211.05568)
Summary:
Many datasets are biased, namely they contain easy-to-learn features that are highly correlated with the target class only in the dataset but not in the true underlying distribution of the data. For this reason, learning unbiased models from biased data has become a very relevant research topic in the last years. In this work, we tackle the problem of learning representations that are robust to biases. We first present a margin-based theoretical framework that allows us to clarify why recent contrastive losses (InfoNCE, SupCon, etc.) can fail when dealing with biased data. Based on that, we derive a novel formulation of the supervised contrastive loss (epsilon-SupInfoNCE), providing more accurate control of the minimal distance between positive and negative samples. Furthermore, thanks to our theoretical framework, we also propose FairKL, a new debiasing regularization loss, that works well even with extremely biased data. We validate the proposed losses on standard vision datasets including CIFAR10, CIFAR100, and ImageNet, and we assess the debiasing capability of FairKL with epsilon-SupInfoNCE, reaching state-of-the-art performance on a number of biased datasets, including real instances of biases in the wild.

Title: Rare Wildlife Recognition with Self-Supervised Representation Learning. (arXiv:2211.05636v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2211.05636
Code URL: null
Copy Paste: [[2211.05636] Rare Wildlife Recognition with Self-Supervised Representation Learning](http://arxiv.org/abs/2211.05636)
Summary:
Automated animal censuses with aerial imagery are a vital ingredient towards wildlife conservation. Recent models are generally based on supervised learning and thus require vast amounts of training data. Due to their scarcity and minuscule size, annotating animals in aerial imagery is a highly tedious process. In this project, we present a methodology to reduce the amount of required training data by resorting to self-supervised pretraining. In detail, we examine a combination of recent contrastive learning methodologies like Momentum Contrast (MoCo) and Cross-Level Instance-Group Discrimination (CLD) to condition our model on the aerial images without the requirement for labels. We show that a combination of MoCo, CLD, and geometric augmentations outperforms conventional models pretrained on ImageNet by a large margin. Meanwhile, strategies for smoothing label or prediction distribution in supervised learning have been proven useful in preventing the model from overfitting. We combine the self-supervised contrastive models with image mixup strategies and find that it is useful for learning more robust visual representations. Crucially, our methods still yield favorable results even if we reduce the number of training animals to just 10%, at which point our best model scores double the recall of the baseline at similar precision. This effectively allows reducing the number of required annotations to a fraction while still being able to train high-accuracy models in such highly challenging settings.

Title: InternImage: Exploring Large-Scale Vision Foundation Models with Deformable Convolutions. (arXiv:2211.05778v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2211.05778
Code URL: https://github.com/opengvlab/internimage
Copy Paste: [[2211.05778] InternImage: Exploring Large-Scale Vision Foundation Models with Deformable Convolutions](http://arxiv.org/abs/2211.05778)
Summary:
Compared to the great progress of large-scale vision transformers (ViTs) in recent years, large-scale models based on convolutional neural networks (CNNs) are still in an early state. This work presents a new large-scale CNN-based foundation model, termed InternImage, which can obtain the gain from increasing parameters and training data like ViTs. Different from the recent CNNs that focus on large dense kernels, InternImage takes deformable convolution as the core operator, so that our model not only has the large effective receptive field required for downstream tasks such as detection and segmentation, but also has the adaptive spatial aggregation conditioned by input and task information. As a result, the proposed InternImage reduces the strict inductive bias of traditional CNNs and makes it possible to learn stronger and more robust patterns with large-scale parameters from massive data like ViTs. The effectiveness of our model is proven on challenging benchmarks including ImageNet, COCO, and ADE20K. It is worth mentioning that InternImage-H achieved the new record 65.4 mAP on COCO test-dev. The code will be released at https://github.com/OpenGVLab/InternImage.

Title: Impact of Adversarial Training on Robustness and Generalizability of Language Models. (arXiv:2211.05523v1 [cs.CL])

Paper URL: http://arxiv.org/abs/2211.05523
Code URL: null
Copy Paste: [[2211.05523] Impact of Adversarial Training on Robustness and Generalizability of Language Models](http://arxiv.org/abs/2211.05523)
Summary:
Adversarial training is widely acknowledged as the most effective defense against adversarial attacks. However, it is also well established that achieving both robustness and generalization in adversarially trained models involves a trade-off. The goal of this work is to provide an in depth comparison of different approaches for adversarial training in language models. Specifically, we study the effect of pre-training data augmentation as well as training time input perturbations vs. embedding space perturbations on the robustness and generalization of BERT-like language models. Our findings suggest that better robustness can be achieved by pre-training data augmentation or by training with input space perturbation. However, training with embedding space perturbation significantly improves generalization. A linguistic correlation analysis of neurons of the learned models reveal that the improved generalization is due to `more specialized' neurons. To the best of our knowledge, this is the first work to carry out a deep qualitative analysis of different methods of generating adversarial examples in adversarial training of language models.

Title: Exploring Robustness of Prefix Tuning in Noisy Data: A Case Study in Financial Sentiment Analysis. (arXiv:2211.05584v1 [cs.CL])

Paper URL: http://arxiv.org/abs/2211.05584
Code URL: null
Copy Paste: [[2211.05584] Exploring Robustness of Prefix Tuning in Noisy Data: A Case Study in Financial Sentiment Analysis](http://arxiv.org/abs/2211.05584)
Summary:
The invention of transformer-based models such as BERT, GPT, and RoBERTa has enabled researchers and financial companies to finetune these powerful models and use them in different downstream tasks to achieve state-of-the-art performance. Recently, a lightweight alternative (approximately 0.1% - 3% of the original model parameters) to fine-tuning, known as prefix tuning has been introduced. This method freezes the model parameters and only updates the prefix to achieve performance comparable to full fine-tuning. Prefix tuning enables researchers and financial practitioners to achieve similar results with much fewer parameters. In this paper, we explore the robustness of prefix tuning when facing noisy data. Our experiments demonstrate that fine-tuning is more robust to noise than prefix tuning -- the latter method faces a significant decrease in performance on most corrupted data sets with increasing noise levels. Furthermore, prefix tuning has high variances in the F1 scores compared to fine-tuning in many corruption methods. We strongly advocate that caution should be carefully taken when applying the state-of-the-art prefix tuning method to noisy data.

Title: DisentQA: Disentangling Parametric and Contextual Knowledge with Counterfactual Question Answering. (arXiv:2211.05655v1 [cs.CL])

Paper URL: http://arxiv.org/abs/2211.05655
Code URL: https://github.com/ellaneeman/disent_qa
Copy Paste: [[2211.05655] DisentQA: Disentangling Parametric and Contextual Knowledge with Counterfactual Question Answering](http://arxiv.org/abs/2211.05655)
Summary:
Question answering models commonly have access to two sources of "knowledge" during inference time: (1) parametric knowledge - the factual knowledge encoded in the model weights, and (2) contextual knowledge - external knowledge (e.g., a Wikipedia passage) given to the model to generate a grounded answer. Having these two sources of knowledge entangled together is a core issue for generative QA models as it is unclear whether the answer stems from the given non-parametric knowledge or not. This unclarity has implications on issues of trust, interpretability and factuality. In this work, we propose a new paradigm in which QA models are trained to disentangle the two sources of knowledge. Using counterfactual data augmentation, we introduce a model that predicts two answers for a given question: one based on given contextual knowledge and one based on parametric knowledge. Our experiments on the Natural Questions dataset show that this approach improves the performance of QA models by making them more robust to knowledge conflicts between the two knowledge sources, while generating useful disentangled answers.

Title: Reinforcement Learning in an Adaptable Chess Environment for Detecting Human-understandable Concepts. (arXiv:2211.05500v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.05500
Code URL: https://github.com/patrik-ha/explainable-minichess
Copy Paste: [[2211.05500] Reinforcement Learning in an Adaptable Chess Environment for Detecting Human-understandable Concepts](http://arxiv.org/abs/2211.05500)
Summary:
Self-trained autonomous agents developed using machine learning are showing great promise in a variety of control settings, perhaps most remarkably in applications involving autonomous vehicles. The main challenge associated with self-learned agents in the form of deep neural networks, is their black-box nature: it is impossible for humans to interpret deep neural networks. Therefore, humans cannot directly interpret the actions of deep neural network based agents, or foresee their robustness in different scenarios. In this work, we demonstrate a method for probing which concepts self-learning agents internalise in the course of their training. For demonstration, we use a chess playing agent in a fast and light environment developed specifically to be suitable for research groups without access to enormous computational resources or machine learning models.

Title: Causal Counterfactuals for Improving the Robustness of Reinforcement Learning. (arXiv:2211.05551v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.05551
Code URL: null
Copy Paste: [[2211.05551] Causal Counterfactuals for Improving the Robustness of Reinforcement Learning](http://arxiv.org/abs/2211.05551)
Summary:
Reinforcement learning (RL) is applied in a wide variety of fields. RL enables agents to learn tasks autonomously by interacting with the environment. The more critical the tasks are, the higher the demand for the robustness of the RL systems. Causal RL combines RL and causal inference to make RL more robust. Causal RL agents use a causal representation to capture the invariant causal mechanisms that can be transferred from one task to another. Currently, there is limited research in Causal RL, and existing solutions are usually not complete or feasible for real-world applications. In this work, we propose CausalCF, the first complete Causal RL solution incorporating ideas from Causal Curiosity and CoPhy. Causal Curiosity provides an approach for using interventions, and CoPhy is modified to enable the RL agent to perform counterfactuals. We apply CausalCF to complex robotic tasks and show that it improves the RL agent's robustness using a realistic simulation environment called CausalWorld.

Title: Improving the Robustness of Neural Multiplication Units with Reversible Stochasticity. (arXiv:2211.05624v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.05624
Code URL: null
Copy Paste: [[2211.05624] Improving the Robustness of Neural Multiplication Units with Reversible Stochasticity](http://arxiv.org/abs/2211.05624)
Summary:
Multilayer Perceptrons struggle to learn certain simple arithmetic tasks. Specialist neural modules for arithmetic can outperform classical architectures with gains in extrapolation, interpretability and convergence speeds, but are highly sensitive to the training range. In this paper, we show that Neural Multiplication Units (NMUs) are unable to reliably learn tasks as simple as multiplying two inputs when given different training ranges. Causes of failure are linked to inductive and input biases which encourage convergence to solutions in undesirable optima. A solution, the stochastic NMU (sNMU), is proposed to apply reversible stochasticity, encouraging avoidance of such optima whilst converging to the true solution. Empirically, we show that stochasticity provides improved robustness with the potential to improve learned representations of upstream networks for numerical and image tasks.

Title: Probabilistically Robust PAC Learning. (arXiv:2211.05656v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.05656
Code URL: null
Copy Paste: [[2211.05656] Probabilistically Robust PAC Learning](http://arxiv.org/abs/2211.05656)
Summary:
Recently, Robey et al. propose a notion of probabilistic robustness, which, at a high-level, requires a classifier to be robust to most but not all perturbations. They show that for certain hypothesis classes where proper learning under worst-case robustness is \textit{not} possible, proper learning under probabilistic robustness \textit{is} possible with sample complexity exponentially smaller than in the worst-case robustness setting. This motivates the question of whether proper learning under probabilistic robustness is always possible. In this paper, we show that this is \textit{not} the case. We exhibit examples of hypothesis classes $\mathcal{H}$ with finite VC dimension that are \textit{not} probabilistically robustly PAC learnable with \textit{any} proper learning rule. However, if we compare the output of the learner to the best hypothesis for a slightly \textit{stronger} level of probabilistic robustness, we show that not only is proper learning \textit{always} possible, but it is possible via empirical risk minimization.

biometric

Title: Experimental analysis regarding the influence of iris segmentation on the recognition rate. (arXiv:2211.05507v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2211.05507
Code URL: null
Copy Paste: [[2211.05507] Experimental analysis regarding the influence of iris segmentation on the recognition rate](http://arxiv.org/abs/2211.05507)
Summary:
In this study the authors will look at the detection and segmentation of the iris and its influence on the overall performance of the iris-biometric tool chain. The authors will examine whether the segmentation accuracy, based on conformance with a ground truth, can serve as a predictor for the overall performance of the iris-biometric tool chain. That is: If the segmentation accuracy is improved will this always improve the overall performance? Furthermore, the authors will systematically evaluate the influence of segmentation parameters, pupillary and limbic boundary and normalisation centre (based on Daugman's rubbersheet model), on the rest of the iris-biometric tool chain. The authors will investigate if accurately finding these parameters is important and how consistency, that is, extracting the same exact region of the iris during segmenting, influences the overall performance.

steal

extraction

Title: Efficient Zero-shot Event Extraction with Context-Definition Alignment. (arXiv:2211.05156v1 [cs.CL])

Paper URL: http://arxiv.org/abs/2211.05156
Code URL: null
Copy Paste: [[2211.05156] Efficient Zero-shot Event Extraction with Context-Definition Alignment](http://arxiv.org/abs/2211.05156)
Summary:
Event extraction (EE) is the task of identifying interested event mentions from text. Conventional efforts mainly focus on the supervised setting. However, these supervised models cannot generalize to event types out of the pre-defined ontology. To fill this gap, many efforts have been devoted to the zero-shot EE problem. This paper follows the trend of modeling event-type semantics but moves one step further. We argue that using the static embedding of the event type name might not be enough because a single word could be ambiguous, and we need a sentence to define the type semantics accurately. To model the definition semantics, we use two separate transformer models to project the contextualized event mentions and corresponding definitions into the same embedding space and then minimize their embedding distance via contrastive learning. On top of that, we also propose a warming phase to help the model learn the minor difference between similar definitions. We name our approach Zero-shot Event extraction with Definition (ZED). Experiments on the MAVEN dataset show that our model significantly outperforms all previous zero-shot EE methods with fast inference speed due to the disjoint design. Further experiments also show that ZED can be easily applied to the few-shot setting when the annotation is available and consistently outperforms baseline supervised methods.

Title: Not Just Plain Text! Fuel Document-Level Relation Extraction with Explicit Syntax Refinement and Subsentence Modeling. (arXiv:2211.05343v1 [cs.CL])

Paper URL: http://arxiv.org/abs/2211.05343
Code URL: null
Copy Paste: [[2211.05343] Not Just Plain Text! Fuel Document-Level Relation Extraction with Explicit Syntax Refinement and Subsentence Modeling](http://arxiv.org/abs/2211.05343)
Summary:
Document-level relation extraction (DocRE) aims to identify semantic labels among entities within a single document. One major challenge of DocRE is to dig decisive details regarding a specific entity pair from long text. However, in many cases, only a fraction of text carries required information, even in the manually labeled supporting evidence. To better capture and exploit instructive information, we propose a novel expLicit syntAx Refinement and Subsentence mOdeliNg based framework (LARSON). By introducing extra syntactic information, LARSON can model subsentences of arbitrary granularity and efficiently screen instructive ones. Moreover, we incorporate refined syntax into text representations which further improves the performance of LARSON. Experimental results on three benchmark datasets (DocRED, CDR, and GDA) demonstrate that LARSON significantly outperforms existing methods.

Title: DiaASQ: A Benchmark of Conversational Aspect-based Sentiment Quadruple Analysis. (arXiv:2211.05705v1 [cs.CL])

Paper URL: http://arxiv.org/abs/2211.05705
Code URL: null
Copy Paste: [[2211.05705] DiaASQ: A Benchmark of Conversational Aspect-based Sentiment Quadruple Analysis](http://arxiv.org/abs/2211.05705)
Summary:
The rapid development of aspect-based sentiment analysis (ABSA) within recent decades shows great potential for real-world society. The current ABSA works, however, are mostly limited to the scenario of a single text piece, leaving the study in dialogue contexts unexplored. In this work, we introduce a novel task of conversational aspect-based sentiment quadruple analysis, namely DiaASQ, aiming to detect the sentiment quadruple of target-aspect-opinion-sentiment in a dialogue. DiaASQ bridges the gap between fine-grained sentiment analysis and conversational opinion mining. We manually construct a large-scale, high-quality Chinese dataset and also obtain the English version dataset via manual translation. We deliberately propose a neural model to benchmark the task. It advances in effectively performing end-to-end quadruple prediction and manages to incorporate rich dialogue-specific and discourse feature representations for better cross-utterance quadruple extraction. We finally point out several potential future works to facilitate the follow-up research of this new task. The DiaASQ data is open at https://github.com/unikcc/DiaASQ

Title: A Practical Introduction to Side-Channel Extraction of Deep Neural Network Parameters. (arXiv:2211.05590v1 [cs.CR])

Paper URL: http://arxiv.org/abs/2211.05590
Code URL: null
Copy Paste: [[2211.05590] A Practical Introduction to Side-Channel Extraction of Deep Neural Network Parameters](http://arxiv.org/abs/2211.05590)
Summary:
Model extraction is a major threat for embedded deep neural network models that leverages an extended attack surface. Indeed, by physically accessing a device, an adversary may exploit side-channel leakages to extract critical information of a model (i.e., its architecture or internal parameters). Different adversarial objectives are possible including a fidelity-based scenario where the architecture and parameters are precisely extracted (model cloning). We focus this work on software implementation of deep neural networks embedded in a high-end 32-bit microcontroller (Cortex-M7) and expose several challenges related to fidelity-based parameters extraction through side-channel analysis, from the basic multiplication operation to the feed-forward connection through the layers. To precisely extract the value of parameters represented in the single-precision floating point IEEE-754 standard, we propose an iterative process that is evaluated with both simulations and traces from a Cortex-M7 target. To our knowledge, this work is the first to target such an high-end 32-bit platform. Importantly, we raise and discuss the remaining challenges for the complete extraction of a deep neural network model, more particularly the critical case of biases.

membership infer

federate

Title: Resource-Aware Heterogeneous Federated Learning using Neural Architecture Search. (arXiv:2211.05716v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.05716
Code URL: null
Copy Paste: [[2211.05716] Resource-Aware Heterogeneous Federated Learning using Neural Architecture Search](http://arxiv.org/abs/2211.05716)
Summary:
Federated Learning (FL) is extensively used to train AI/ML models in distributed and privacy-preserving settings. Participant edge devices in FL systems typically contain non-independent and identically distributed~(Non-IID) private data and unevenly distributed computational resources. Preserving user data privacy while optimizing AI/ML models in a heterogeneous federated network requires us to address data heterogeneity and system/resource heterogeneity. Hence, we propose \underline{R}esource-\underline{a}ware \underline{F}ederated \underline{L}earning~(RaFL) to address these challenges. RaFL allocates resource-aware models to edge devices using Neural Architecture Search~(NAS) and allows heterogeneous model architecture deployment by knowledge extraction and fusion. Integrating NAS into FL enables on-demand customized model deployment for resource-diverse edge devices. Furthermore, we propose a multi-model architecture fusion scheme allowing the aggregation of the distributed learning results. Results demonstrate RaFL's superior resource efficiency compared to SoTA.

Title: Stay Home Safe with Starving Federated Data. (arXiv:2211.05410v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.05410
Code URL: https://github.com/jcroh0508/flats
Copy Paste: [[2211.05410] Stay Home Safe with Starving Federated Data](http://arxiv.org/abs/2211.05410)
Summary:
Over the past few years, the field of adversarial attack received numerous attention from various researchers with the help of successful attack success rate against well-known deep neural networks that were acknowledged to achieve high classification ability in various tasks. However, majority of the experiments were completed under a single model, which we believe it may not be an ideal case in a real-life situation. In this paper, we introduce a novel federated adversarial training method for smart home face recognition, named FLATS, where we observed some interesting findings that may not be easily noticed in a traditional adversarial attack to federated learning experiments. By applying different variations to the hyperparameters, we have spotted that our method can make the global model to be robust given a starving federated environment. Our code can be found on https://github.com/jcroh0508/FLATS.

Title: Warmup and Transfer Knowledge-Based Federated Learning Approach for IoT Continuous Authentication. (arXiv:2211.05662v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.05662
Code URL: null
Copy Paste: [[2211.05662] Warmup and Transfer Knowledge-Based Federated Learning Approach for IoT Continuous Authentication](http://arxiv.org/abs/2211.05662)
Summary:
Continuous behavioural authentication methods add a unique layer of security by allowing individuals to verify their unique identity when accessing a device. Maintaining session authenticity is now feasible by monitoring users' behaviour while interacting with a mobile or Internet of Things (IoT) device, making credential theft and session hijacking ineffective. Such a technique is made possible by integrating the power of artificial intelligence and Machine Learning (ML). Most of the literature focuses on training machine learning for the user by transmitting their data to an external server, subject to private user data exposure to threats. In this paper, we propose a novel Federated Learning (FL) approach that protects the anonymity of user data and maintains the security of his data. We present a warmup approach that provides a significant accuracy increase. In addition, we leverage the transfer learning technique based on feature extraction to boost the models' performance. Our extensive experiments based on four datasets: MNIST, FEMNIST, CIFAR-10 and UMDAA-02-FD, show a significant increase in user authentication accuracy while maintaining user privacy and data security.

fair

Title: Zero-shot Visual Commonsense Immorality Prediction. (arXiv:2211.05521v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2211.05521
Code URL: https://github.com/ku-vai/zero-shot-visual-commonsense-immorality-prediction
Copy Paste: [[2211.05521] Zero-shot Visual Commonsense Immorality Prediction](http://arxiv.org/abs/2211.05521)
Summary:
Artificial intelligence is currently powering diverse real-world applications. These applications have shown promising performance, but raise complicated ethical issues, i.e. how to embed ethics to make AI applications behave morally. One way toward moral AI systems is by imitating human prosocial behavior and encouraging some form of good behavior in systems. However, learning such normative ethics (especially from images) is challenging mainly due to a lack of data and labeling complexity. Here, we propose a model that predicts visual commonsense immorality in a zero-shot manner. We train our model with an ETHICS dataset (a pair of text and morality annotation) via a CLIP-based image-text joint embedding. In a testing phase, the immorality of an unseen image is predicted. We evaluate our model with existing moral/immoral image datasets and show fair prediction performance consistent with human intuitions. Further, we create a visual commonsense immorality benchmark with more general and extensive immoral visual contents. Codes and dataset are available at https://github.com/ku-vai/Zero-shot-Visual-Commonsense-Immorality-Prediction. Note that this paper might contain images and descriptions that are offensive in nature.

Title: Debiasing Methods for Fairer Neural Models in Vision and Language Research: A Survey. (arXiv:2211.05617v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.05617
Code URL: null
Copy Paste: [[2211.05617] Debiasing Methods for Fairer Neural Models in Vision and Language Research: A Survey](http://arxiv.org/abs/2211.05617)
Summary:
Despite being responsible for state-of-the-art results in several computer vision and natural language processing tasks, neural networks have faced harsh criticism due to some of their current shortcomings. One of them is that neural networks are correlation machines prone to model biases within the data instead of focusing on actual useful causal relationships. This problem is particularly serious in application domains affected by aspects such as race, gender, and age. To prevent models from incurring on unfair decision-making, the AI community has concentrated efforts in correcting algorithmic biases, giving rise to the research area now widely known as fairness in AI. In this survey paper, we provide an in-depth overview of the main debiasing methods for fairness-aware neural networks in the context of vision and language research. We propose a novel taxonomy to better organize the literature on debiasing methods for fairness, and we discuss the current challenges, trends, and important future work directions for the interested researcher and practitioner.

Title: Demystify Transformers & Convolutions in Modern Image Deep Networks. (arXiv:2211.05781v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2211.05781
Code URL: https://github.com/opengvlab/stm-evaluation
Copy Paste: [[2211.05781] Demystify Transformers & Convolutions in Modern Image Deep Networks](http://arxiv.org/abs/2211.05781)
Summary:
Recent success of vision transformers has inspired a series of vision backbones with novel feature transformation paradigms, which report steady performance gain. Although the novel feature transformation designs are often claimed as the source of gain, some backbones may benefit from advanced engineering techniques, which makes it hard to identify the real gain from the key feature transformation operators. In this paper, we aim to identify real gain of popular convolution and attention operators and make an in-depth study of them. We observe that the main difference among these feature transformation modules, e.g., attention or convolution, lies in the way of spatial feature aggregation, or the so-called "spatial token mixer" (STM). Hence, we first elaborate a unified architecture to eliminate the unfair impact of different engineering techniques, and then fit STMs into this architecture for comparison. Based on various experiments on upstream/downstream tasks and the analysis of inductive bias, we find that the engineering techniques boost the performance significantly, but the performance gap still exists among different STMs. The detailed analysis also reveals some interesting findings of different STMs, such as effective receptive fields and invariance tests. The code and trained models will be publicly available at https://github.com/OpenGVLab/STM-Evaluation

Title: Nano: Nested Human-in-the-Loop Reward Learning for Few-shot Language Model Control. (arXiv:2211.05750v1 [cs.CL])

Paper URL: http://arxiv.org/abs/2211.05750
Code URL: https://github.com/sfanxiang/nano
Copy Paste: [[2211.05750] Nano: Nested Human-in-the-Loop Reward Learning for Few-shot Language Model Control](http://arxiv.org/abs/2211.05750)
Summary:
Pretrained language models have demonstrated extraordinary capabilities in language generation. However, real-world tasks often require controlling the distribution of generated text in order to mitigate bias, promote fairness, and achieve personalization. Existing techniques for controlling the distribution of generated text only work with quantified distributions, which require pre-defined categories, proportions of the distribution, or an existing corpus following the desired distributions. However, many important distributions, such as personal preferences, are unquantified. In this work, we tackle the problem of generating text following arbitrary distributions (quantified and unquantified) by proposing Nano, a few-shot human-in-the-loop training algorithm that continuously learns from human feedback. Nano achieves state-of-the-art results on single topic/attribute as well as quantified distribution control compared to previous works. We also show that Nano is able to learn unquantified distributions, achieves personalization, and captures differences between different individuals' personal preferences with high sample efficiency.

Title: Fairness and bias correction in machine learning for depression prediction: results from four different study populations. (arXiv:2211.05321v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.05321
Code URL: https://github.com/ngoc-vien-dang/fairml-depression
Copy Paste: [[2211.05321] Fairness and bias correction in machine learning for depression prediction: results from four different study populations](http://arxiv.org/abs/2211.05321)
Summary:
A significant level of stigma and inequality exists in mental healthcare, especially in under-served populations, which spreads through collected data. When not properly accounted for, machine learning (ML) models learned from data can reinforce the structural biases already present in society. Here, we present a systematic study of bias in ML models designed to predict depression in four different case studies covering different countries and populations. We find that standard ML approaches show regularly biased behaviors. However, we show that standard mitigation techniques, and our own post-hoc method, can be effective in reducing the level of unfair bias. We provide practical recommendations to develop ML models for depression risk prediction with increased fairness and trust in the real world. No single best ML model for depression prediction provides equality of outcomes. This emphasizes the importance of analyzing fairness during model selection and transparent reporting about the impact of debiasing interventions.

interpretability

Title: Mapping the Ictal-Interictal-Injury Continuum Using Interpretable Machine Learning. (arXiv:2211.05207v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2211.05207
Code URL: null
Copy Paste: [[2211.05207] Mapping the Ictal-Interictal-Injury Continuum Using Interpretable Machine Learning](http://arxiv.org/abs/2211.05207)
Summary:
IMPORTANCE: An interpretable machine learning model can provide faithful explanations of each prediction and yet maintain higher performance than its black box counterpart.

OBJECTIVE: To design an interpretable machine learning model which accurately predicts EEG protopatterns while providing an explanation of its predictions with assistance of a specialized GUI. To map the cEEG latent features to a 2D space in order to visualize the ictal-interictal-injury continuum and gain insight into its high-dimensional structure.

DESIGN, SETTING, AND PARTICIPANTS: 50,697 50-second cEEG samples from 2,711 ICU patients collected between July 2006 and March 2020 at Massachusetts General Hospital. Samples were labeled as one of 6 EEG activities by domain experts, with 124 different experts providing annotations.

MAIN OUTCOMES AND MEASURES: Our neural network is interpretable because it uses case-based reasoning: it compares a new EEG reading to a set of learned prototypical EEG samples from the training dataset. Interpretability was measured with task-specific neighborhood agreement statistics. Discriminatory performance was evaluated with AUROC and AUPRC.

RESULTS: The model achieves AUROCs of 0.87, 0.93, 0.96, 0.92, 0.93, 0.80 for classes Seizure, LPD, GPD, LRDA, GRDA, Other respectively. This performance is statistically significantly higher than that of the corresponding uninterpretable (black box) model with p<0.0001. Videos of the ictal-interictal-injury continuum are provided.

CONCLUSION AND RELEVANCE: Our interpretable model and GUI can act as a reference for practitioners who work with cEEG patterns. We can now better understand the relationships between different types of cEEG patterns. In the future, this system may allow for targeted intervention and training in clinical settings. It could also be used for re-confirming or providing additional information for diagnostics.

Title: Using contradictions to improve QA systems. (arXiv:2211.05598v1 [cs.CL])

Paper URL: http://arxiv.org/abs/2211.05598
Code URL: null
Copy Paste: [[2211.05598] Using contradictions to improve QA systems](http://arxiv.org/abs/2211.05598)
Summary:
Ensuring the safety of question answering (QA) systems is critical for deploying them in biomedical and scientific domains. One approach to improving these systems uses natural language inference (NLI) to determine whether answers are supported, or entailed, by some background context. However, these systems are vulnerable to supporting an answer with a source that is wrong or misleading. Our work proposes a critical approach by selecting answers based on whether they have been contradicted by some background context. We evaluate this system on multiple choice and extractive QA and find that while the contradiction-based systems are competitive with and often better than entailment-only systems, models that incorporate contradiction, entailment, and QA model confidence scores together are the best. Based on this result, we explore unique opportunities for leveraging contradiction-based approaches such for improving interpretability and selecting better answers.

Title: Does the explanation satisfy your needs?: A unified view of properties of explanations. (arXiv:2211.05667v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.05667
Code URL: null
Copy Paste: [[2211.05667] Does the explanation satisfy your needs?: A unified view of properties of explanations](http://arxiv.org/abs/2211.05667)
Summary:
Interpretability provides a means for humans to verify aspects of machine learning (ML) models and empower human+ML teaming in situations where the task cannot be fully automated. Different contexts require explanations with different properties. For example, the kind of explanation required to determine if an early cardiac arrest warning system is ready to be integrated into a care setting is very different from the type of explanation required for a loan applicant to help determine the actions they might need to take to make their application successful.

Unfortunately, there is a lack of standardization when it comes to properties of explanations: different papers may use the same term to mean different quantities, and different terms to mean the same quantity. This lack of a standardized terminology and categorization of the properties of ML explanations prevents us from both rigorously comparing interpretable machine learning methods and identifying what properties are needed in what contexts.

In this work, we survey properties defined in interpretable machine learning papers, synthesize them based on what they actually measure, and describe the trade-offs between different formulations of these properties. In doing so, we enable more informed selection of task-appropriate formulations of explanation properties as well as standardization for future work in interpretable machine learning.