secure

Title: Secure and Privacy-Preserving Automated End-to-End Integrated IoT-Edge-Artificial Intelligence-Blockchain Monitoring System for Diabetes Mellitus Prediction. (arXiv:2211.07643v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.07643
Code URL: null
Copy Paste: [[2211.07643] Secure and Privacy-Preserving Automated End-to-End Integrated IoT-Edge-Artificial Intelligence-Blockchain Monitoring System for Diabetes Mellitus Prediction](http://arxiv.org/abs/2211.07643)
Summary:
Diabetes Mellitus, one of the leading causes of death worldwide, has no cure till date and can lead to severe health complications, such as retinopathy, limb amputation, cardiovascular diseases, and neuronal disease, if left untreated.

Consequently, it becomes crucial to take precautionary measures to avoid/predict the occurrence of diabetes. Machine learning approaches have been proposed and evaluated in the literature for diabetes prediction. This paper proposes an IoT-edge-Artificial Intelligence (AI)-blockchain system for diabetes prediction based on risk factors. The proposed system is underpinned by the blockchain to obtain a cohesive view of the risk factors data from patients across different hospitals and to ensure security and privacy of the user data. Furthermore, we provide a comparative analysis of different medical sensors, devices, and methods to measure and collect the risk factors values in the system. Numerical experiments and comparative analysis were carried out between our proposed system, using the most accurate random forest (RF) model, and the two most used state-of-the-art machine learning approaches, Logistic Regression (LR) and Support Vector Machine (SVM), using three real-life diabetes datasets. The results show that the proposed system using RF predicts diabetes with 4.57% more accuracy on average compared to LR and SVM, with 2.87 times more execution time. Data balancing without feature selection does not show significant improvement. The performance is improved by 1.14% and 0.02% after feature selection for PIMA Indian and Sylhet datasets respectively, while it reduces by 0.89% for MIMIC III.

security

Title: A Probabilistic Proof of the nCPA to CCA Bound. (arXiv:2211.07896v1 [cs.CR])

Paper URL: http://arxiv.org/abs/2211.07896
Code URL: null
Copy Paste: [[2211.07896] A Probabilistic Proof of the nCPA to CCA Bound](http://arxiv.org/abs/2211.07896)
Summary:
We provide a new proof of Maurer, Renard, and Pietzak's bound of the CCA advantage of $P^{-1} \circ Q$ by the nCPA advantages of $P$ and $Q$. Our proof uses probability directly, as opposed to information theory, and has the advantage of providing an alternate sufficient condition of low CCA advantage. Namely, the CCA advantage of a random permutation can be bounded by its separation distance from the uniform distribution. We use this alternate condition to improve the best known bound on the security of the Swap or Not shuffle in the special case of having fewer queries than the square root of the number of cards.

Title: Security Closure of IC Layouts Against Hardware Trojans. (arXiv:2211.07997v1 [cs.CR])

Paper URL: http://arxiv.org/abs/2211.07997
Code URL: null
Copy Paste: [[2211.07997] Security Closure of IC Layouts Against Hardware Trojans](http://arxiv.org/abs/2211.07997)
Summary:
Due to cost benefits, supply chains of integrated circuits (ICs) are largely outsourced nowadays. However, passing ICs through various third-party providers gives rise to many threats, like piracy of IC intellectual property or insertion of hardware Trojans, i.e., malicious circuit modifications.

In this work, we proactively and systematically harden the physical layouts of ICs against post-design insertion of Trojans. Toward that end, we propose a multiplexer-based logic-locking scheme that is (i) devised for layout-level Trojan prevention, (ii) resilient against state-of-the-art, oracle-less machine learning attacks, and (iii) fully integrated into a tailored, yet generic, commercial-grade design flow. Our work provides in-depth security and layout analysis on a challenging benchmark suite. We show that ours can render layouts resilient, with reasonable overheads, against Trojan insertion in general and also against second-order attacks (i.e., adversaries seeking to bypass the locking defense in an oracle-less setting).

We release our layout artifacts for independent verification [29] and we will release our methodology's source code.

Title: Detecting Malicious Domains Using Statistical Internationalized Domain Name Features in Top Level Domains. (arXiv:2211.08020v1 [cs.CR])

Paper URL: http://arxiv.org/abs/2211.08020
Code URL: null
Copy Paste: [[2211.08020] Detecting Malicious Domains Using Statistical Internationalized Domain Name Features in Top Level Domains](http://arxiv.org/abs/2211.08020)
Summary:
The Domain Name System (DNS) is a core Internet service that translates domain names into IP addresses. It is a distributed database and protocol with many known weaknesses that subject to countless attacks including spoofing attacks, botnets, and domain name registrations. Still, the debate between security and privacy is continuing, that is DNS over TLS or HTTP, and the lack of adoption of DNS security extensions, put users at risk. Consequently, the security of domain names and characterizing malicious websites is becoming a priority. This paper analyzes the difference between the malicious and the normal domain names and uses Python to extract various malicious DNS identifying characteristics. In addition, the paper contributes two categories of features that suppers Internationalized Domain Names and scans domain system using five tools to give it a rating. The overall accuracy of the Random Forest Classifier was 95.6%.

Title: Faster Verifiable Delay Function For Shorter Delay Parameter. (arXiv:2211.08162v1 [cs.CR])

Paper URL: http://arxiv.org/abs/2211.08162
Code URL: null
Copy Paste: [[2211.08162] Faster Verifiable Delay Function For Shorter Delay Parameter](http://arxiv.org/abs/2211.08162)
Summary:
A Verifiable Delay Function (VDF) is a function that takes a specified sequential time $T$ to be evaluated, but can be verified in $O(\log T)$-time. For meaningful security, $T$ can be at most subexponential in the security parameter $\lambda$ but has no lower bound. VDFs are useful in several applications ranging from randomness beacons to sustainable blockchains but are really rare in practice. To the best of our knowledge, the sequential effort required for verification in all the VDFs [7,9,4] known to date, is in $\Omega(\log T)$.

This paper proposes a verifiable delay function that requires only two sequential squaring to verify when the delay parameter is polynomially-bounded i.e., $T\le \mathtt{poly}(\lambda)$. Thus in our VDF, the sequential effort required for verification is fixed and independent of the security parameter.

Title: Anomaly Detection in Multiplex Dynamic Networks: from Blockchain Security to Brain Disease Prediction. (arXiv:2211.08378v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.08378
Code URL: https://github.com/ubc-systopia/anomuly
Copy Paste: [[2211.08378] Anomaly Detection in Multiplex Dynamic Networks: from Blockchain Security to Brain Disease Prediction](http://arxiv.org/abs/2211.08378)
Summary:
The problem of identifying anomalies in dynamic networks is a fundamental task with a wide range of applications. However, it raises critical challenges due to the complex nature of anomalies, lack of ground truth knowledge, and complex and dynamic interactions in the network. Most existing approaches usually study networks with a single type of connection between vertices, while in many applications interactions between objects vary, yielding multiplex networks. We propose ANOMULY, a general, unsupervised edge anomaly detection framework for multiplex dynamic networks. In each relation type, ANOMULY sees node embeddings at different GNN layers as hierarchical node states and employs a GRU cell to capture temporal properties of the network and update node embeddings over time. We then add an attention mechanism that incorporates information across different types of relations. Our case study on brain networks shows how this approach could be employed as a new tool to understand abnormal brain activity that might reveal a brain disease or disorder. Extensive experiments on nine real-world datasets demonstrate that ANOMULY achieves state-of-the-art performance.

Title: Premonition Net, A Multi-Timeline Transformer Network Architecture Towards Strawberry Tabletop Yield Forecasting. (arXiv:2211.08177v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.08177
Code URL: null
Copy Paste: [[2211.08177] Premonition Net, A Multi-Timeline Transformer Network Architecture Towards Strawberry Tabletop Yield Forecasting](http://arxiv.org/abs/2211.08177)
Summary:
Yield forecasting is a critical first step necessary for yield optimisation, with important consequences for the broader food supply chain, procurement, price-negotiation, logistics, and supply. However yield forecasting is notoriously difficult, and oft-inaccurate. Premonition Net is a multi-timeline, time sequence ingesting approach towards processing the past, the present, and premonitions of the future. We show how this structure combined with transformers attains critical yield forecasting proficiency towards improving food security, lowering prices, and reducing waste. We find data availability to be a continued difficulty however using our premonition network and our own collected data we attain yield forecasts 3 weeks ahead with a a testing set RMSE loss of ~0.08 across our latest season.

privacy

Title: Differentially-Private Dynamic Average Consensus. (arXiv:2211.07791v1 [cs.CR])

Paper URL: http://arxiv.org/abs/2211.07791
Code URL: null
Copy Paste: [[2211.07791] Differentially-Private Dynamic Average Consensus](http://arxiv.org/abs/2211.07791)
Summary:
We address differential privacy for dynamic average consensus. Not only is dynamic average consensus widely used in cooperative control and distributed tracking, it is also a fundamental building block in numerous distributed computation algorithms such as multi-agent optimization and distributed Nash equilibrium seeking. By co-designing the dynamic average consensus mechanism and the differential-privacy noise injection mechanism, we propose the first dynamic average consensus algorithm that can ensure both provable convergence to the exact average reference signal and rigorous $\epsilon$-differential privacy, even when the number of iterations tends to infinity. Given that dynamic average consensus includes the static average consensus as a special case, the approach can also be used to ensure rigorous $\epsilon$-differential privacy in static average consensus while maintaining accurate consensus result. To our knowledge, ensuring both provable convergence and rigorous $\epsilon$-differential privacy (even for infinite number of iterations) has not been achieved before in average consensus algorithms. Numerical simulation results confirm the effectiveness of the proposed approach.

Title: Differentially Private Sampling from Distributions. (arXiv:2211.08193v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.08193
Code URL: null
Copy Paste: [[2211.08193] Differentially Private Sampling from Distributions](http://arxiv.org/abs/2211.08193)
Summary:
We initiate an investigation of private sampling from distributions. Given a dataset with $n$ independent observations from an unknown distribution $P$, a sampling algorithm must output a single observation from a distribution that is close in total variation distance to $P$ while satisfying differential privacy. Sampling abstracts the goal of generating small amounts of realistic-looking data. We provide tight upper and lower bounds for the dataset size needed for this task for three natural families of distributions: arbitrary distributions on ${1,\ldots ,k}$, arbitrary product distributions on ${0,1}^d$, and product distributions on ${0,1}^d$ with bias in each coordinate bounded away from 0 and 1. We demonstrate that, in some parameter regimes, private sampling requires asymptotically fewer observations than learning a description of $P$ nonprivately; in other regimes, however, private sampling proves to be as difficult as private learning. Notably, for some classes of distributions, the overhead in the number of observations needed for private learning compared to non-private learning is completely captured by the number of observations needed for private sampling.

protect

Title: FolkScope: Intention Knowledge Graph Construction for Discovering E-commerce Commonsense. (arXiv:2211.08316v1 [cs.CL])

Paper URL: http://arxiv.org/abs/2211.08316
Code URL: null
Copy Paste: [[2211.08316] FolkScope: Intention Knowledge Graph Construction for Discovering E-commerce Commonsense](http://arxiv.org/abs/2211.08316)
Summary:
As stated by Oren Etzioni, commonsense is the dark matter of artificial intelligence''. In e-commerce, understanding users' needs or intentions requires substantial commonsense knowledge, e.g.,A user bought an iPhone and a compatible case because the user wanted the phone to be protected''. In this paper, we present FolkScope, an intention knowledge graph construction framework, to reveal the structure of humans' minds about purchasing items on e-commerce platforms such as Amazon. As commonsense knowledge is usually ineffable and not expressed explicitly, it is challenging to perform any kind of information extraction. Thus, we propose a new approach that leverages the generation power of large-scale language models and human-in-the-loop annotations to semi-automatically construct the knowledge graph. We annotate a large amount of assertions for both plausibility and typicality of an intention that can explain a purchasing or co-purchasing behavior, where the intention can be an open reason or a predicate falling into one of 18 categories aligning with ConceptNet, e.g., IsA, MadeOf, UsedFor, etc. Then we populate the annotated information to all automatically generated ones, and further structurize the assertions using pattern mining and conceptualization to form more condensed and abstractive knowledge. We evaluate our knowledge graph using both intrinsic quality measures and a downstream application, i.e., recommendation. The comprehensive study shows that our knowledge graph can well model e-commerce commonsense knowledge and can have many potential applications.

defense

attack

Title: MORA: Improving Ensemble Robustness Evaluation with Model-Reweighing Attack. (arXiv:2211.08008v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.08008
Code URL: null
Copy Paste: [[2211.08008] MORA: Improving Ensemble Robustness Evaluation with Model-Reweighing Attack](http://arxiv.org/abs/2211.08008)
Summary:
Adversarial attacks can deceive neural networks by adding tiny perturbations to their input data. Ensemble defenses, which are trained to minimize attack transferability among sub-models, offer a promising research direction to improve robustness against such attacks while maintaining a high accuracy on natural inputs. We discover, however, that recent state-of-the-art (SOTA) adversarial attack strategies cannot reliably evaluate ensemble defenses, sizeably overestimating their robustness. This paper identifies the two factors that contribute to this behavior. First, these defenses form ensembles that are notably difficult for existing gradient-based method to attack, due to gradient obfuscation. Second, ensemble defenses diversify sub-model gradients, presenting a challenge to defeat all sub-models simultaneously, simply summing their contributions may counteract the overall attack objective; yet, we observe that ensemble may still be fooled despite most sub-models being correct. We therefore introduce MORA, a model-reweighing attack to steer adversarial example synthesis by reweighing the importance of sub-model gradients. MORA finds that recent ensemble defenses all exhibit varying degrees of overestimated robustness. Comparing it against recent SOTA white-box attacks, it can converge orders of magnitude faster while achieving higher attack success rates across all ensemble models examined with three different ensemble modes (i.e., ensembling by either softmax, voting or logits). In particular, most ensemble defenses exhibit near or exactly 0% robustness against MORA with $\ell^\infty$ perturbation within 0.02 on CIFAR-10, and 0.01 on CIFAR-100. We make MORA open source with reproducible results and pre-trained models; and provide a leaderboard of ensemble defenses under various attack strategies.

Title: Backdoor Attacks for Remote Sensing Data with Wavelet Transform. (arXiv:2211.08044v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2211.08044
Code URL: null
Copy Paste: [[2211.08044] Backdoor Attacks for Remote Sensing Data with Wavelet Transform](http://arxiv.org/abs/2211.08044)
Summary:
Recent years have witnessed the great success of deep learning algorithms in the geoscience and remote sensing realm. Nevertheless, the security and robustness of deep learning models deserve special attention when addressing safety-critical remote sensing tasks. In this paper, we provide a systematic analysis of backdoor attacks for remote sensing data, where both scene classification and semantic segmentation tasks are considered. While most of the existing backdoor attack algorithms rely on visible triggers like squared patches with well-designed patterns, we propose a novel wavelet transform-based attack (WABA) method, which can achieve invisible attacks by injecting the trigger image into the poisoned image in the low-frequency domain. In this way, the high-frequency information in the trigger image can be filtered out in the attack, resulting in stealthy data poisoning. Despite its simplicity, the proposed method can significantly cheat the current state-of-the-art deep learning models with a high attack success rate. We further analyze how different trigger images and the hyper-parameters in the wavelet transform would influence the performance of the proposed method. Extensive experiments on four benchmark remote sensing datasets demonstrate the effectiveness of the proposed method for both scene classification and semantic segmentation tasks and thus highlight the importance of designing advanced backdoor defense algorithms to address this threat in remote sensing scenarios. The code will be available online at \url{https://github.com/ndraeger/waba}.

Title: CorruptEncoder: Data Poisoning based Backdoor Attacks to Contrastive Learning. (arXiv:2211.08229v1 [cs.CR])

Paper URL: http://arxiv.org/abs/2211.08229
Code URL: null
Copy Paste: [[2211.08229] CorruptEncoder: Data Poisoning based Backdoor Attacks to Contrastive Learning](http://arxiv.org/abs/2211.08229)
Summary:
Contrastive learning (CL) pre-trains general-purpose encoders using an unlabeled pre-training dataset, which consists of images (called single-modal CL) or image-text pairs (called multi-modal CL). CL is vulnerable to data poisoning based backdoor attacks (DPBAs), in which an attacker injects poisoned inputs into the pre-training dataset so the encoder is backdoored. However, existing DPBAs achieve limited effectiveness. In this work, we propose new DPBAs called CorruptEncoder to CL. Our experiments show that CorruptEncoder substantially outperforms existing DPBAs for both single-modal and multi-modal CL. CorruptEncoder is the first DPBA that achieves more than 90% attack success rates on single-modal CL with only a few (3) reference images and a small poisoning ratio (0.5%). Moreover, we also propose a defense, called localized cropping, to defend single-modal CL against DPBAs. Our results show that our defense can reduce the effectiveness of DPBAs, but it sacrifices the utility of the encoder, highlighting the needs of new defenses.

Title: Backdoor Attacks on Time Series: A Generative Approach. (arXiv:2211.07915v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.07915
Code URL: null
Copy Paste: [[2211.07915] Backdoor Attacks on Time Series: A Generative Approach](http://arxiv.org/abs/2211.07915)
Summary:
Backdoor attacks have emerged as one of the major security threats to deep learning models as they can easily control the model's test-time predictions by pre-injecting a backdoor trigger into the model at training time. While backdoor attacks have been extensively studied on images, few works have investigated the threat of backdoor attacks on time series data. To fill this gap, in this paper we present a novel generative approach for time series backdoor attacks against deep learning based time series classifiers. Backdoor attacks have two main goals: high stealthiness and high attack success rate. We find that, compared to images, it can be more challenging to achieve the two goals on time series. This is because time series have fewer input dimensions and lower degrees of freedom, making it hard to achieve a high attack success rate without compromising stealthiness. Our generative approach addresses this challenge by generating trigger patterns that are as realistic as real-time series patterns while achieving a high attack success rate without causing a significant drop in clean accuracy. We also show that our proposed attack is resistant to potential backdoor defenses. Furthermore, we propose a novel universal generator that can poison any type of time series with a single generator that allows universal attacks without the need to fine-tune the generative model for new time series datasets.

Title: X-Volt: Joint Tuning of Driver Strengths and Supply Voltages Against Power Side-Channel Attacks. (arXiv:2211.08046v1 [cs.CR])

Paper URL: http://arxiv.org/abs/2211.08046
Code URL: null
Copy Paste: [[2211.08046] X-Volt: Joint Tuning of Driver Strengths and Supply Voltages Against Power Side-Channel Attacks](http://arxiv.org/abs/2211.08046)
Summary:
Power side-channel (PSC) attacks are well-known threats to sensitive hardware like advanced encryption standard (AES) crypto cores. Given the significant impact of supply voltages (VCCs) on power profiles, various countermeasures based on VCC tuning have been proposed, among other defense strategies. Driver strengths of cells, however, have been largely overlooked, despite having direct and significant impact on power profiles as well.

For the first time, we thoroughly explore the prospects of jointly tuning driver strengths and VCCs as novel working principle for PSC-attack countermeasures. Toward this end, we take the following steps: 1) we develop a simple circuit-level scheme for tuning; 2) we implement a CAD flow for design-time evaluation of ASICs, enabling security assessment of ICs before tape-out; 3) we implement a correlation power analysis (CPA) framework for thorough and comparative security analysis; 4) we conduct an extensive experimental study of a regular AES design, implemented in ASIC as well as FPGA fabrics, under various tuning scenarios; 5) we summarize design guidelines for secure and efficient joint tuning.

In our experiments, we observe that runtime tuning is more effective than static tuning, for both ASIC and FPGA implementations. For the latter, the AES core is rendered >11.8x (i.e., at least 11.8 times) as resilient as the untuned baseline design. Layout overheads can be considered acceptable, with, e.g., around +10% critical-path delay for the most resilient tuning scenario in FPGA.

We will release source codes for our methodology, as well as artifacts from the experimental study, post peer-review.

Title: Universal Distributional Decision-based Black-box Adversarial Attack with Reinforcement Learning. (arXiv:2211.08384v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.08384
Code URL: null
Copy Paste: [[2211.08384] Universal Distributional Decision-based Black-box Adversarial Attack with Reinforcement Learning](http://arxiv.org/abs/2211.08384)
Summary:
The vulnerability of the high-performance machine learning models implies a security risk in applications with real-world consequences. Research on adversarial attacks is beneficial in guiding the development of machine learning models on the one hand and finding targeted defenses on the other. However, most of the adversarial attacks today leverage the gradient or logit information from the models to generate adversarial perturbation. Works in the more realistic domain: decision-based attacks, which generate adversarial perturbation solely based on observing the output label of the targeted model, are still relatively rare and mostly use gradient-estimation strategies. In this work, we propose a pixel-wise decision-based attack algorithm that finds a distribution of adversarial perturbation through a reinforcement learning algorithm. We call this method Decision-based Black-box Attack with Reinforcement learning (DBAR). Experiments show that the proposed approach outperforms state-of-the-art decision-based attacks with a higher attack success rate and greater transferability.

Title: Resisting Graph Adversarial Attack via Cooperative Homophilous Augmentation. (arXiv:2211.08068v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.08068
Code URL: null
Copy Paste: [[2211.08068] Resisting Graph Adversarial Attack via Cooperative Homophilous Augmentation](http://arxiv.org/abs/2211.08068)
Summary:
Recent studies show that Graph Neural Networks(GNNs) are vulnerable and easily fooled by small perturbations, which has raised considerable concerns for adapting GNNs in various safety-critical applications. In this work, we focus on the emerging but critical attack, namely, Graph Injection Attack(GIA), in which the adversary poisons the graph by injecting fake nodes instead of modifying existing structures or node attributes. Inspired by findings that the adversarial attacks are related to the increased heterophily on perturbed graphs (the adversary tends to connect dissimilar nodes), we propose a general defense framework CHAGNN against GIA through cooperative homophilous augmentation of graph data and model. Specifically, the model generates pseudo-labels for unlabeled nodes in each round of training to reduce heterophilous edges of nodes with distinct labels. The cleaner graph is fed back to the model, producing more informative pseudo-labels. In such an iterative manner, model robustness is then promisingly enhanced. We present the theoretical analysis of the effect of homophilous augmentation and provide the guarantee of the proposal's validity. Experimental results empirically demonstrate the effectiveness of CHAGNN in comparison with recent state-of-the-art defense methods on diverse real-world datasets.

robust

Title: Arbitrary Style Guidance for Enhanced Diffusion-Based Text-to-Image Generation. (arXiv:2211.07751v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2211.07751
Code URL: null
Copy Paste: [[2211.07751] Arbitrary Style Guidance for Enhanced Diffusion-Based Text-to-Image Generation](http://arxiv.org/abs/2211.07751)
Summary:
Diffusion-based text-to-image generation models like GLIDE and DALLE-2 have gained wide success recently for their superior performance in turning complex text inputs into images of high quality and wide diversity. In particular, they are proven to be very powerful in creating graphic arts of various formats and styles. Although current models supported specifying style formats like oil painting or pencil drawing, fine-grained style features like color distributions and brush strokes are hard to specify as they are randomly picked from a conditional distribution based on the given text input. Here we propose a novel style guidance method to support generating images using arbitrary style guided by a reference image. The generation method does not require a separate style transfer model to generate desired styles while maintaining image quality in generated content as controlled by the text input. Additionally, the guidance method can be applied without a style reference, denoted as self style guidance, to generate images of more diverse styles. Comprehensive experiments prove that the proposed method remains robust and effective in a wide range of conditions, including diverse graphic art forms, image content types and diffusion models.

Title: Robust Deep Learning for Autonomous Driving. (arXiv:2211.07772v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2211.07772
Code URL: null
Copy Paste: [[2211.07772] Robust Deep Learning for Autonomous Driving](http://arxiv.org/abs/2211.07772)
Summary:
The last decade's research in artificial intelligence had a significant impact on the advance of autonomous driving. Yet, safety remains a major concern when it comes to deploying such systems in high-risk environments. The objective of this thesis is to develop methodological tools which provide reliable uncertainty estimates for deep neural networks. First, we introduce a new criterion to reliably estimate model confidence: the true class probability (TCP). We show that TCP offers better properties for failure prediction than current uncertainty measures. Since the true class is by essence unknown at test time, we propose to learn TCP criterion from data with an auxiliary model, introducing a specific learning scheme adapted to this context. The relevance of the proposed approach is validated on image classification and semantic segmentation datasets. Then, we extend our learned confidence approach to the task of domain adaptation where it improves the selection of pseudo-labels in self-training methods. Finally, we tackle the challenge of jointly detecting misclassification and out-of-distributions samples by introducing a new uncertainty measure based on evidential models and defined on the simplex.

Title: Interpreting Bias in the Neural Networks: A Peek Into Representational Similarity. (arXiv:2211.07774v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.07774
Code URL: null
Copy Paste: [[2211.07774] Interpreting Bias in the Neural Networks: A Peek Into Representational Similarity](http://arxiv.org/abs/2211.07774)
Summary:
Neural networks trained on standard image classification data sets are shown to be less resistant to data set bias. It is necessary to comprehend the behavior objective function that might correspond to superior performance for data with biases. However, there is little research on the selection of the objective function and its representational structure when trained on data set with biases.

In this paper, we investigate the performance and internal representational structure of convolution-based neural networks (e.g., ResNets) trained on biased data using various objective functions. We specifically study similarities in representations, using Centered Kernel Alignment (CKA), for different objective functions (probabilistic and margin-based) and offer a comprehensive analysis of the chosen ones.

According to our findings, ResNets representations obtained with Negative Log Likelihood $(\mathcal{L}_{NLL})$ and Softmax Cross-Entropy ($\mathcal{L}_{SCE}$) as loss functions are equally capable of producing better performance and fine representations on biased data. We note that without progressive representational similarities among the layers of a neural network, the performance is less likely to be robust.

Title: Cross-Reality Re-Rendering: Manipulating between Digital and Physical Realities. (arXiv:2211.08005v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2211.08005
Code URL: null
Copy Paste: [[2211.08005] Cross-Reality Re-Rendering: Manipulating between Digital and Physical Realities](http://arxiv.org/abs/2211.08005)
Summary:
The advent of personalized reality has arrived. Rapid development in AR/MR/VR enables users to augment or diminish their perception of the physical world. Robust tooling for digital interface modification enables users to change how their software operates. As digital realities become an increasingly-impactful aspect of human lives, we investigate the design of a system that enables users to manipulate the perception of both their physical realities and digital realities. Users can inspect their view history from either reality, and generate interventions that can be interoperably rendered cross-reality in real-time. Personalized interventions can be generated with mask, text, and model hooks. Collaboration between users scales the availability of interventions. We verify our implementation against our design requirements with cognitive walkthroughs, personas, and scalability tests.

Title: Uncertainty-aware Gait Recognition via Learning from Dirichlet Distribution-based Evidence. (arXiv:2211.08007v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2211.08007
Code URL: null
Copy Paste: [[2211.08007] Uncertainty-aware Gait Recognition via Learning from Dirichlet Distribution-based Evidence](http://arxiv.org/abs/2211.08007)
Summary:
Existing gait recognition frameworks retrieve an identity in the gallery based on the distance between a probe sample and the identities in the gallery. However, existing methods often neglect that the gallery may not contain identities corresponding to the probes, leading to recognition errors rather than raising an alarm. In this paper, we introduce a novel uncertainty-aware gait recognition method that models the uncertainty of identification based on learned evidence. Specifically, we treat our recognition model as an evidence collector to gather evidence from input samples and parameterize a Dirichlet distribution over the evidence. The Dirichlet distribution essentially represents the density of the probability assigned to the input samples. We utilize the distribution to evaluate the resultant uncertainty of each probe sample and then determine whether a probe has a counterpart in the gallery or not. To the best of our knowledge, our method is the first attempt to tackle gait recognition with uncertainty modelling. Moreover, our uncertain modeling significantly improves the robustness against out-of-distribution (OOD) queries. Extensive experiments demonstrate that our method achieves state-of-the-art performance on datasets with OOD queries, and can also generalize well to other identity-retrieval tasks. Importantly, our method outperforms the state-of-the-art by a large margin of 44.19% when the OOD query rate is around 50% on OUMVLP.

Title: ShadowDiffusion: Diffusion-based Shadow Removal using Classifier-driven Attention and Structure Preservation. (arXiv:2211.08089v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2211.08089
Code URL: null
Copy Paste: [[2211.08089] ShadowDiffusion: Diffusion-based Shadow Removal using Classifier-driven Attention and Structure Preservation](http://arxiv.org/abs/2211.08089)
Summary:
Shadow removal from a single image is challenging, particularly with the presence of soft and self shadows. Unlike hard shadows, soft shadows do not show any clear boundaries, while self shadows are shadows that cast on the object itself. Most existing methods require the detection/annotation of binary shadow masks, without taking into account the ambiguous boundaries of soft and self shadows. Most deep learning shadow removal methods are GAN-based and require statistical similarity between shadow and shadow-free domains. In contrast to these methods, in this paper, we present ShadowDiffusion, the first diffusion-based shadow removal method. ShadowDiffusion focuses on single-image shadow removal, even in the presence of soft and self shadows. To guide the diffusion process to recover semantically meaningful structures during the reverse diffusion, we introduce a structure preservation loss, where we extract features from the pre-trained Vision Transformer (DINO-ViT). Moreover, to focus on the recovery of shadow regions, we inject classifier-driven attention into the architecture of the diffusion model. To maintain the consistent colors of the regions where the shadows have been removed, we introduce a chromaticity consistency loss. Our ShadowDiffusion outperforms state-of-the-art methods on the SRD, AISTD, LRSS, USR and UIUC datasets, removing hard, soft, and self shadows robustly. Our method outperforms the SOTA method by 20% of the RMSE of the whole image on the SRD dataset.

Title: SPE-Net: Boosting Point Cloud Analysis via Rotation Robustness Enhancement. (arXiv:2211.08250v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2211.08250
Code URL: https://github.com/zhaofanqiu/spe-net
Copy Paste: [[2211.08250] SPE-Net: Boosting Point Cloud Analysis via Rotation Robustness Enhancement](http://arxiv.org/abs/2211.08250)
Summary:
In this paper, we propose a novel deep architecture tailored for 3D point cloud applications, named as SPE-Net. The embedded ``Selective Position Encoding (SPE)'' procedure relies on an attention mechanism that can effectively attend to the underlying rotation condition of the input. Such encoded rotation condition then determines which part of the network parameters to be focused on, and is shown to efficiently help reduce the degree of freedom of the optimization during training. This mechanism henceforth can better leverage the rotation augmentations through reduced training difficulties, making SPE-Net robust against rotated data both during training and testing. The new findings in our paper also urge us to rethink the relationship between the extracted rotation information and the actual test accuracy. Intriguingly, we reveal evidences that by locally encoding the rotation information through SPE-Net, the rotation-invariant features are still of critical importance in benefiting the test samples without any actual global rotation. We empirically demonstrate the merits of the SPE-Net and the associated hypothesis on four benchmarks, showing evident improvements on both rotated and unrotated test data over SOTA methods. Source code is available at https://github.com/ZhaofanQiu/SPE-Net.

Title: Zero-Shot Text Matching for Automated Auditing using Sentence Transformers. (arXiv:2211.07716v1 [cs.CL])

Paper URL: http://arxiv.org/abs/2211.07716
Code URL: null
Copy Paste: [[2211.07716] Zero-Shot Text Matching for Automated Auditing using Sentence Transformers](http://arxiv.org/abs/2211.07716)
Summary:
Natural language processing methods have several applications in automated auditing, including document or passage classification, information retrieval, and question answering. However, training such models requires a large amount of annotated data which is scarce in industrial settings. At the same time, techniques like zero-shot and unsupervised learning allow for application of models pre-trained using general domain data to unseen domains.

In this work, we study the efficiency of unsupervised text matching using Sentence-Bert, a transformer-based model, by applying it to the semantic similarity of financial passages. Experimental results show that this model is robust to documents from in- and out-of-domain data.

Title: Prompting Language Models for Linguistic Structure. (arXiv:2211.07830v1 [cs.CL])

Paper URL: http://arxiv.org/abs/2211.07830
Code URL: null
Copy Paste: [[2211.07830] Prompting Language Models for Linguistic Structure](http://arxiv.org/abs/2211.07830)
Summary:
Although pretrained language models (PLMs) can be prompted to perform a wide range of language tasks, it remains an open question how much this ability comes from generalizable linguistic representations versus more surface-level lexical patterns. To test this, we present a structured prompting approach that can be used to prompt for linguistic structure prediction tasks, allowing us to perform zero- and few-shot sequence tagging with autoregressive PLMs. We evaluate this approach on part-of-speech tagging, named entity recognition, and sentence chunking and demonstrate strong few-shot performance in all cases. We also find that, though the surface forms of the tags provide some signal, structured prompting can retrieve linguistic structure even with arbitrary labels, indicating that PLMs contain this knowledge in a general manner robust to label choice.

Title: GLUE-X: Evaluating Natural Language Understanding Models from an Out-of-distribution Generalization Perspective. (arXiv:2211.08073v1 [cs.CL])

Paper URL: http://arxiv.org/abs/2211.08073
Code URL: null
Copy Paste: [[2211.08073] GLUE-X: Evaluating Natural Language Understanding Models from an Out-of-distribution Generalization Perspective](http://arxiv.org/abs/2211.08073)
Summary:
Pre-trained language models (PLMs) improve the model generalization by leveraging massive data as the training corpus in the pre-training phase. However, currently, the out-of-distribution (OOD) generalization becomes a generally ill-posed problem, even for the large-scale PLMs in natural language understanding tasks, which prevents the deployment of NLP methods in the real world. To facilitate the research in this direction, this paper makes the first attempt to establish a unified benchmark named GLUE-X, highlighting the importance of OOD robustness and providing insights on how to measure the robustness of a model and how to improve it. To this end, we collect 13 publicly available datasets as OOD test data, and conduct evaluations on 8 classic NLP tasks over \emph{18} popularly used models. Our findings confirm that the OOD accuracy in NLP tasks needs to be paid more attention to since the significant performance decay compared to ID accuracy has been found in all settings.

Title: A Universal Discriminator for Zero-Shot Generalization. (arXiv:2211.08099v1 [cs.CL])

Paper URL: http://arxiv.org/abs/2211.08099
Code URL: null
Copy Paste: [[2211.08099] A Universal Discriminator for Zero-Shot Generalization](http://arxiv.org/abs/2211.08099)
Summary:
Generative modeling has been the dominant approach for large-scale pretraining and zero-shot generalization. In this work, we challenge this convention by showing that discriminative approaches perform substantially better than generative ones on a large number of NLP tasks. Technically, we train a single discriminator to predict whether a text sample comes from the true data distribution, similar to GANs. Since many NLP tasks can be formulated as selecting from a few options, we use this discriminator to predict the option with the highest probability. This simple formulation achieves state-of-the-art zero-shot results on the T0 benchmark, outperforming T0 by 16.0\%, 7.8\%, and 11.5\% respectively on different scales. In the finetuning setting, our approach also achieves new state-of-the-art results on a wide range of NLP tasks, with only 1/4 parameters of previous methods. Meanwhile, our approach requires minimal prompting efforts, which largely improves robustness and is essential for real-world applications. Furthermore, we also jointly train a generalized UD in combination with generative tasks, which maintains its advantage on discriminative tasks and simultaneously works on generative tasks.

Title: Hierarchical Pronunciation Assessment with Multi-Aspect Attention. (arXiv:2211.08102v1 [cs.CL])

Paper URL: http://arxiv.org/abs/2211.08102
Code URL: null
Copy Paste: [[2211.08102] Hierarchical Pronunciation Assessment with Multi-Aspect Attention](http://arxiv.org/abs/2211.08102)
Summary:
Automatic pronunciation assessment is a major component of a computer-assisted pronunciation training system. To provide in-depth feedback, scoring pronunciation at various levels of granularity such as phoneme, word, and utterance, with diverse aspects such as accuracy, fluency, and completeness, is essential. However, existing multi-aspect multi-granularity methods simultaneously predict all aspects at all granularity levels; therefore, they have difficulty in capturing the linguistic hierarchy of phoneme, word, and utterance. This limitation further leads to neglecting intimate cross-aspect relations at the same linguistic unit. In this paper, we propose a Hierarchical Pronunciation Assessment with Multi-aspect Attention (HiPAMA) model, which hierarchically represents the granularity levels to directly capture their linguistic structures and introduces multi-aspect attention that reflects associations across aspects at the same level to create more connotative representations. By obtaining relational information from both the granularity- and aspect-side, HiPAMA can take full advantage of multi-task learning. Remarkable improvements in the experimental results on the speachocean762 datasets demonstrate the robustness of HiPAMA, particularly in the difficult-to-assess aspects.

Title: W-Trace: Robust and Effective Watermarking for GPS Trajectories. (arXiv:2211.08116v1 [cs.CR])

Paper URL: http://arxiv.org/abs/2211.08116
Code URL: null
Copy Paste: [[2211.08116] W-Trace: Robust and Effective Watermarking for GPS Trajectories](http://arxiv.org/abs/2211.08116)
Summary:
With the rise of data-driven methods for traffic forecasting, accident prediction, and profiling driving behavior, personal GPS trajectory data has become an essential asset for businesses and emerging data markets. However, as personal data, GPS trajectories require protection. Especially by data breaches, verification of GPS data ownership is a challenging problem. Watermarking facilitates data ownership verification by encoding provenance information into the data. GPS trajectory watermarking is particularly challenging due to the spatio-temporal data properties and easiness of data modification; as a result, existing methods embed only minimal provenance information and lack robustness. In this paper, we propose W-Trace - a novel GPS trajectory watermarking method based on Fourier transformation. We demonstrate the effectiveness and robustness of W-Trace on two real-world GPS trajectory datasets.

Title: Multi-Player Bandits Robust to Adversarial Collisions. (arXiv:2211.07817v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.07817
Code URL: null
Copy Paste: [[2211.07817] Multi-Player Bandits Robust to Adversarial Collisions](http://arxiv.org/abs/2211.07817)
Summary:
Motivated by cognitive radios, stochastic Multi-Player Multi-Armed Bandits has been extensively studied in recent years. In this setting, each player pulls an arm, and receives a reward corresponding to the arm if there is no collision, namely the arm was selected by one single player. Otherwise, the player receives no reward if collision occurs. In this paper, we consider the presence of malicious players (or attackers) who obstruct the cooperative players (or defenders) from maximizing their rewards, by deliberately colliding with them. We provide the first decentralized and robust algorithm RESYNC for defenders whose performance deteriorates gracefully as $\tilde{O}(C)$ as the number of collisions $C$ from the attackers increases. We show that this algorithm is order-optimal by proving a lower bound which scales as $\Omega(C)$. This algorithm is agnostic to the algorithm used by the attackers and agnostic to the number of collisions $C$ faced from attackers.

Title: Byzantine Spectral Ranking. (arXiv:2211.07902v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.07902
Code URL: null
Copy Paste: [[2211.07902] Byzantine Spectral Ranking](http://arxiv.org/abs/2211.07902)
Summary:
We study the problem of rank aggregation where the goal is to obtain a global ranking by aggregating pair-wise comparisons of voters over a set of items. We consider an adversarial setting where the voters are partitioned into two sets. The first set votes in a stochastic manner according to the popular score-based Bradley-Terry-Luce (BTL) model for pairwise comparisons. The second set comprises malicious Byzantine voters trying to deteriorate the ranking. We consider a strongly-adversarial scenario where the Byzantine voters know the BTL scores, the votes of the good voters, the algorithm, and can collude with each other. We first show that the popular spectral ranking based Rank-Centrality algorithm, though optimal for the BTL model, does not perform well even when a small constant fraction of the voters are Byzantine. We introduce the Byzantine Spectral Ranking Algorithm (and a faster variant of it), which produces a reliable ranking when the number of good voters exceeds the number of Byzantine voters. We show that no algorithm can produce a satisfactory ranking with probability > 1/2 for all BTL weights when there are more Byzantine voters than good voters, showing that our algorithm works for all possible population fractions. We support our theoretical results with experimental results on synthetic and real datasets to demonstrate the failure of the Rank-Centrality algorithm under several adversarial scenarios and how the proposed Byzantine Spectral Ranking algorithm is robust in obtaining good rankings.

Title: Air Pollution Hotspot Detection and Source Feature Analysis using Cross-domain Urban Data. (arXiv:2211.08400v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.08400
Code URL: null
Copy Paste: [[2211.08400] Air Pollution Hotspot Detection and Source Feature Analysis using Cross-domain Urban Data](http://arxiv.org/abs/2211.08400)
Summary:
Air pollution is a major global environmental health threat, in particular for people who live or work near pollution sources. Areas adjacent to pollution sources often have high ambient pollution concentrations, and those areas are commonly referred to as air pollution hotspots. Detecting and characterizing pollution hotspots are of great importance for air quality management, but are challenging due to the high spatial and temporal variability of air pollutants. In this work, we explore the use of mobile sensing data (i.e., air quality sensors installed on vehicles) to detect pollution hotspots. One major challenge with mobile sensing data is uneven sampling, i.e., data collection can vary by both space and time. To address this challenge, we propose a two-step approach to detect hotspots from mobile sensing data, which includes local spike detection and sample-weighted clustering. Essentially, this approach tackles the uneven sampling issue by weighting samples based on their spatial frequency and temporal hit rate, so as to identify robust and persistent hotspots. To contextualize the hotspots and discover potential pollution source characteristics, we explore a variety of cross-domain urban data and extract features from them. As a soft-validation of the extracted features, we build hotspot inference models for cities with and without mobile sensing data. Evaluation results using real-world mobile sensing air quality data as well as cross-domain urban data demonstrate the effectiveness of our approach in detecting and inferring pollution hotspots. Furthermore, the empirical analysis of hotspots and source features yields useful insights regarding neighborhood pollution sources.

biometric

steal

extraction

Title: A Low-Shot Object Counting Network With Iterative Prototype Adaptation. (arXiv:2211.08217v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2211.08217
Code URL: null
Copy Paste: [[2211.08217] A Low-Shot Object Counting Network With Iterative Prototype Adaptation](http://arxiv.org/abs/2211.08217)
Summary:
We consider low-shot counting of arbitrary semantic categories in the image using only few annotated exemplars (few-shot) or no exemplars (no-shot). The standard few-shot pipeline follows extraction of appearance queries from exemplars and matching them with image features to infer the object counts. Existing methods extract queries by feature pooling, but neglect the shape information (e.g., size and aspect), which leads to a reduced object localization accuracy and count estimates. We propose a Low-shot Object Counting network with iterative prototype Adaptation (LOCA). Our main contribution is the new object prototype extraction module, which iteratively fuses the exemplar shape and appearance queries with image features. The module is easily adapted to zero-shot scenario, enabling LOCA to cover the entire spectrum of low-shot counting problems. LOCA outperforms all recent state-of-the-art methods on FSC147 benchmark by 20-30% in RMSE on one-shot and few-shot and achieves state-of-the-art on zero-shot scenarios, while demonstrating better generalization capabilities.

Title: QueryForm: A Simple Zero-shot Form Entity Query Framework. (arXiv:2211.07730v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.07730
Code URL: null
Copy Paste: [[2211.07730] QueryForm: A Simple Zero-shot Form Entity Query Framework](http://arxiv.org/abs/2211.07730)
Summary:
Zero-shot transfer learning for document understanding is a crucial yet under-investigated scenario to help reduce the high cost involved in annotating document entities. We present a novel query-based framework, QueryForm, that extracts entity values from form-like documents in a zero-shot fashion. QueryForm contains a dual prompting mechanism that composes both the document schema and a specific entity type into a query, which is used to prompt a Transformer model to perform a single entity extraction task. Furthermore, we propose to leverage large-scale query-entity pairs generated from form-like webpages with weak HTML annotations to pre-train QueryForm. By unifying pre-training and fine-tuning into the same query-based framework, QueryForm enables models to learn from structured documents containing various entities and layouts, leading to better generalization to target document types without the need for target-specific training data. QueryForm sets new state-of-the-art average F1 score on both the XFUND (+4.6%~10.1%) and the Payment (+3.2%~9.5%) zero-shot benchmark, with a smaller model size and no additional image input.

Title: Generative Aspect-Based Sentiment Analysis with Contrastive Learning and Expressive Structure. (arXiv:2211.07743v1 [cs.CL])

Paper URL: http://arxiv.org/abs/2211.07743
Code URL: null
Copy Paste: [[2211.07743] Generative Aspect-Based Sentiment Analysis with Contrastive Learning and Expressive Structure](http://arxiv.org/abs/2211.07743)
Summary:
Generative models have demonstrated impressive results on Aspect-based Sentiment Analysis (ABSA) tasks, particularly for the emerging task of extracting Aspect-Category-Opinion-Sentiment (ACOS) quadruples. However, these models struggle with implicit sentiment expressions, which are commonly observed in opinionated content such as online reviews. In this work, we introduce GEN-SCL-NAT, which consists of two techniques for improved structured generation for ACOS quadruple extraction. First, we propose GEN-SCL, a supervised contrastive learning objective that aids quadruple prediction by encouraging the model to produce input representations that are discriminable across key input attributes, such as sentiment polarity and the existence of implicit opinions and aspects. Second, we introduce GEN-NAT, a new structured generation format that better adapts autoregressive encoder-decoder models to extract quadruples in a generative fashion. Experimental results show that GEN-SCL-NAT achieves top performance across three ACOS datasets, averaging 1.48% F1 improvement, with a maximum 1.73% increase on the LAPTOP-L1 dataset. Additionally, we see significant gains on implicit aspect and opinion splits that have been shown as challenging for existing ACOS approaches.

Title: When to Use What: An In-Depth Comparative Empirical Analysis of OpenIE Systems for Downstream Applications. (arXiv:2211.08228v1 [cs.CL])

Paper URL: http://arxiv.org/abs/2211.08228
Code URL: null
Copy Paste: [[2211.08228] When to Use What: An In-Depth Comparative Empirical Analysis of OpenIE Systems for Downstream Applications](http://arxiv.org/abs/2211.08228)
Summary:
Open Information Extraction (OpenIE) has been used in the pipelines of various NLP tasks. Unfortunately, there is no clear consensus on which models to use in which tasks. Muddying things further is the lack of comparisons that take differing training sets into account. In this paper, we present an application-focused empirical survey of neural OpenIE models, training sets, and benchmarks in an effort to help users choose the most suitable OpenIE systems for their applications. We find that the different assumptions made by different models and datasets have a statistically significant effect on performance, making it important to choose the most appropriate model for one's applications. We demonstrate the applicability of our recommendations on a downstream Complex QA application.

Title: Classifying text using machine learning models and determining conversation drift. (arXiv:2211.08365v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.08365
Code URL: null
Copy Paste: [[2211.08365] Classifying text using machine learning models and determining conversation drift](http://arxiv.org/abs/2211.08365)
Summary:
Text classification helps analyse texts for semantic meaning and relevance, by mapping the words against this hierarchy. An analysis of various types of texts is invaluable to understanding both their semantic meaning, as well as their relevance. Text classification is a method of categorising documents. It combines computer text classification and natural language processing to analyse text in aggregate. This method provides a descriptive categorization of the text, with features like content type, object field, lexical characteristics, and style traits. In this research, the authors aim to use natural language feature extraction methods in machine learning which are then used to train some of the basic machine learning models like Naive Bayes, Logistic Regression, and Support Vector Machine. These models are used to detect when a teacher must get involved in a discussion when the lines go off-topic.

Title: Explainer Divergence Scores (EDS): Some Post-Hoc Explanations May be Effective for Detecting Unknown Spurious Correlations. (arXiv:2211.07650v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.07650
Code URL: null
Copy Paste: [[2211.07650] Explainer Divergence Scores (EDS): Some Post-Hoc Explanations May be Effective for Detecting Unknown Spurious Correlations](http://arxiv.org/abs/2211.07650)
Summary:
Recent work has suggested post-hoc explainers might be ineffective for detecting spurious correlations in Deep Neural Networks (DNNs). However, we show there are serious weaknesses with the existing evaluation frameworks for this setting. Previously proposed metrics are extremely difficult to interpret and are not directly comparable between explainer methods. To alleviate these constraints, we propose a new evaluation methodology, Explainer Divergence Scores (EDS), grounded in an information theory approach to evaluate explainers. EDS is easy to interpret and naturally comparable across explainers. We use our methodology to compare the detection performance of three different explainers - feature attribution methods, influential examples and concept extraction, on two different image datasets. We discover post-hoc explainers often contain substantial information about a DNN's dependence on spurious artifacts, but in ways often imperceptible to human users. This suggests the need for new techniques that can use this information to better detect a DNN's reliance on spurious correlations.

membership infer

federate

Title: Cross-domain Federated Adaptive Prompt Tuning for CLIP. (arXiv:2211.07864v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.07864
Code URL: null
Copy Paste: [[2211.07864] Cross-domain Federated Adaptive Prompt Tuning for CLIP](http://arxiv.org/abs/2211.07864)
Summary:
Federated learning (FL) allows multiple parties to collaboratively train a global model without disclosing their data. Existing research often requires all model parameters to participate in the training procedure. However, with the advent of powerful pre-trained models, it becomes possible to achieve higher performance with fewer learnable parameters in FL. In this paper, we propose a federated adaptive prompt tuning algorithm, FedAPT, for cross-domain federated image classification scenarios with the vision-language pre-trained model, CLIP, which gives play to the strong representation ability in FL. Compared with direct federated prompt tuning, our core idea is to adaptively unlock specific domain knowledge for each test sample in order to provide them with personalized prompts. To implement this idea, we design an adaptive prompt tuning module, which consists of a global prompt, an adaptive network, and some keys. The server randomly generates a set of keys and assigns a unique key to each client. Then all clients cooperatively train the global adaptive network and global prompt with the local datasets and the frozen keys. Ultimately, the global aggregation model can assign a personalized prompt to CLIP based on the domain features of each test sample. We perform extensive experiments on two multi-domain image classification datasets. The results show that FedAPT can achieve better performance with less than 10\% of the number of parameters of the fully trained model, and the global model can perform well in different client domains simultaneously.

Title: FedTune: A Deep Dive into Efficient Federated Fine-Tuning with Pre-trained Transformers. (arXiv:2211.08025v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.08025
Code URL: null
Copy Paste: [[2211.08025] FedTune: A Deep Dive into Efficient Federated Fine-Tuning with Pre-trained Transformers](http://arxiv.org/abs/2211.08025)
Summary:
Federated Learning (FL) is an emerging paradigm that enables distributed users to collaboratively and iteratively train machine learning models without sharing their private data. Motivated by the effectiveness and robustness of self-attention-based architectures, researchers are turning to using pre-trained Transformers (i.e., foundation models) instead of traditional convolutional neural networks in FL to leverage their excellent transfer learning capabilities. Despite recent progress, how pre-trained Transformer models play a role in FL remains obscure, that is, how to efficiently fine-tune these pre-trained models in FL and how FL users could benefit from this new paradigm. In this paper, we explore this issue and demonstrate that the fine-tuned Transformers achieve extraordinary performance on FL, and that the lightweight fine-tuning method facilitates a fast convergence rate and low communication costs. Concretely, we conduct a rigorous empirical study of three tuning methods (i.e., modifying the input, adding extra modules, and adjusting the backbone) using two types of pre-trained models (i.e., vision-language models and vision models) for FL. Our experiments show that 1) Fine-tuning the bias term of the backbone performs best when relying on a strong pre-trained model; 2) The vision-language model (e.g., CLIP) outperforms the pure vision model (e.g., ViT) and is more robust to the few-shot settings; 3) Compared to pure local training, FL with pre-trained models has a higher accuracy because it alleviates the problem of over-fitting. We will release our code and encourage further exploration of pre-trained Transformers and FL.

Title: Federated Learning for Healthcare Domain -- Pipeline, Applications and Challenges. (arXiv:2211.07893v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.07893
Code URL: null
Copy Paste: [[2211.07893] Federated Learning for Healthcare Domain -- Pipeline, Applications and Challenges](http://arxiv.org/abs/2211.07893)
Summary:
Federated learning is the process of developing machine learning models over datasets distributed across data centers such as hospitals, clinical research labs, and mobile devices while preventing data leakage. This survey examines previous research and studies on federated learning in the healthcare sector across a range of use cases and applications. Our survey shows what challenges, methods, and applications a practitioner should be aware of in the topic of federated learning. This paper aims to lay out existing research and list the possibilities of federated learning for healthcare industries.

Title: Decentralized Federated Learning: Fundamentals, State-of-the-art, Frameworks, Trends, and Challenges. (arXiv:2211.08413v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.08413
Code URL: null
Copy Paste: [[2211.08413] Decentralized Federated Learning: Fundamentals, State-of-the-art, Frameworks, Trends, and Challenges](http://arxiv.org/abs/2211.08413)
Summary:
In the last decade, Federated Learning (FL) has gained relevance in training collaborative models without sharing sensitive data. Since its birth, Centralized FL (CFL) has been the most common approach in the literature, where a unique entity creates global models. However, using a centralized approach has the disadvantages of bottleneck at the server node, single point of failure, and trust needs. Decentralized Federated Learning (DFL) arose to solve these aspects by embracing the principles of data sharing minimization and decentralized model aggregation without relying on centralized architectures. However, despite the work done in DFL, the literature has not (i) studied the main fundamentals differentiating DFL and CFL; (ii) reviewed application scenarios and solutions using DFL; and (iii) analyzed DFL frameworks to create and evaluate new solutions. To this end, this article identifies and analyzes the main fundamentals of DFL in terms of federation architectures, topologies, communication mechanisms, security approaches, and key performance indicators. Additionally, the paper at hand explores existing mechanisms to optimize critical DFL fundamentals. Then, this work analyzes and compares the most used DFL application scenarios and solutions according to the fundamentals previously defined. After that, the most relevant features of the current DFL frameworks are reviewed and compared. Finally, the evolution of existing DFL solutions is analyzed to provide a list of trends, lessons learned, and open challenges.

Title: Quantifying the Impact of Label Noise on Federated Learning. (arXiv:2211.07816v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.07816
Code URL: null
Copy Paste: [[2211.07816] Quantifying the Impact of Label Noise on Federated Learning](http://arxiv.org/abs/2211.07816)
Summary:
Federated Learning (FL) is a distributed machine learning paradigm where clients collaboratively train a model using their local (human-generated) datasets while preserving privacy. While existing studies focus on FL algorithm development to tackle data heterogeneity across clients, the important issue of data quality (e.g., label noise) in FL is overlooked. This paper aims to fill this gap by providing a quantitative study on the impact of label noise on FL. Theoretically speaking, we derive an upper bound for the generalization error that is linear in the clients' label noise level. Empirically speaking, we conduct experiments on MNIST and CIFAR-10 datasets using various FL algorithms. We show that the global model accuracy linearly decreases as the noise level increases, which is consistent with our theoretical analysis. We further find that label noise slows down the convergence of FL training, and the global model tends to overfit when the noise level is high.

Title: Personalized Federated Learning with Multi-branch Architecture. (arXiv:2211.07931v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.07931
Code URL: null
Copy Paste: [[2211.07931] Personalized Federated Learning with Multi-branch Architecture](http://arxiv.org/abs/2211.07931)
Summary:
Federated learning (FL) is a decentralized machine learning technique that enables multiple clients to collaboratively train models without revealing the raw data to each other. Although the traditional FL trains a single global model with average performance among clients, the statistical data heterogeneity across clients motivates personalized FL (PFL) which learns personalized models with good performance on each client's data. A key challenge in PFL is how to promote clients with similar data to collaborate more in a situation where each client has data from complex distribution and does not know each other's distribution. In this paper, we propose a new PFL method, personalized federated learning with multi-branch architecture (pFedMB), which achieves personalization by splitting each layer of neural networks into multiple branches and assigning client-specific weights to each branch. pFedMB is simple but effective to facilitate each client to share the knowledge with similar clients by adjusting the weights assigned to each branch. We experimentally show that pFedMB performs better than the state-of-the-art PFL methods using CIFAR10 dataset.

Title: Bayesian Federated Neural Matching that Completes Full Information. (arXiv:2211.08010v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.08010
Code URL: null
Copy Paste: [[2211.08010] Bayesian Federated Neural Matching that Completes Full Information](http://arxiv.org/abs/2211.08010)
Summary:
Federated learning is a contemporary machine learning paradigm where locally trained models are distilled into a global model. Due to the intrinsic permutation invariance of neural networks, Probabilistic Federated Neural Matching (PFNM) employs a Bayesian nonparametric framework in the generation process of local neurons, and then creates a linear sum assignment formulation in each alternative optimization iteration. But according to our theoretical analysis, the optimization iteration in PFNM omits global information from existing. In this study, we propose a novel approach that overcomes this flaw by introducing a Kullback-Leibler divergence penalty at each iteration. The effectiveness of our approach is demonstrated by experiments on both image classification and semantic segmentation tasks.

fair

Title: HMOE: Hypernetwork-based Mixture of Experts for Domain Generalization. (arXiv:2211.08253v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.08253
Code URL: null
Copy Paste: [[2211.08253] HMOE: Hypernetwork-based Mixture of Experts for Domain Generalization](http://arxiv.org/abs/2211.08253)
Summary:
Due to the domain shift, machine learning systems typically fail to generalize well to domains different from those of training data, which is the problem that domain generalization (DG) aims to address. However, most mainstream DG algorithms lack interpretability and require domain labels, which are not available in many real-world scenarios. In this work, we propose a novel DG method, HMOE: Hypernetwork-based Mixture of Experts (MoE), that does not require domain labels and is more interpretable. We use hypernetworks to generate the weights of experts, allowing experts to share some useful meta-knowledge. MoE has proven adept at detecting and identifying heterogeneous patterns in data. For DG, heterogeneity exactly arises from the domain shift. We compare HMOE with other DG algorithms under a fair and unified benchmark-DomainBed. Extensive experiments show that HMOE can perform latent domain discovery from data of mixed domains and divide it into distinct clusters that are surprisingly more consistent with human intuition than original domain labels. Compared to other DG methods, HMOE shows competitive performance and achieves SOTA results in some cases without using domain labels.

interpretability

Title: Easy to Decide, Hard to Agree: Reducing Disagreements Between Saliency Methods. (arXiv:2211.08369v1 [cs.CL])

Paper URL: http://arxiv.org/abs/2211.08369
Code URL: null
Copy Paste: [[2211.08369] Easy to Decide, Hard to Agree: Reducing Disagreements Between Saliency Methods](http://arxiv.org/abs/2211.08369)
Summary:
A popular approach to unveiling the black box of neural NLP models is to leverage saliency methods, which assign scalar importance scores to each input component. A common practice for evaluating whether an interpretability method is \textit{faithful} and \textit{plausible} has been to use evaluation-by-agreement -- multiple methods agreeing on an explanation increases its credibility. However, recent work has found that even saliency methods have weak rank correlations and advocated for the use of alternative diagnostic methods. In our work, we demonstrate that rank correlation is not a good fit for evaluating agreement and argue that Pearson-$r$ is a better suited alternative. We show that regularization techniques that increase faithfulness of attention explanations also increase agreement between saliency methods. Through connecting our findings to instance categories based on training dynamics we show that, surprisingly, easy-to-learn instances exhibit low agreement in saliency method explanations.

Title: An Interpretable Neuron Embedding for Static Knowledge Distillation. (arXiv:2211.07647v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2211.07647
Code URL: null
Copy Paste: [[2211.07647] An Interpretable Neuron Embedding for Static Knowledge Distillation](http://arxiv.org/abs/2211.07647)
Summary:
Although deep neural networks have shown well-performance in various tasks, the poor interpretability of the models is always criticized. In the paper, we propose a new interpretable neural network method, by embedding neurons into the semantic space to extract their intrinsic global semantics. In contrast to previous methods that probe latent knowledge inside the model, the proposed semantic vector externalizes the latent knowledge to static knowledge, which is easy to exploit. Specifically, we assume that neurons with similar activation are of similar semantic information. Afterwards, semantic vectors are optimized by continuously aligning activation similarity and semantic vector similarity during the training of the neural network. The visualization of semantic vectors allows for a qualitative explanation of the neural network. Moreover, we assess the static knowledge quantitatively by knowledge distillation tasks. Empirical experiments of visualization show that semantic vectors describe neuron activation semantics well. Without the sample-by-sample guidance from the teacher model, static knowledge distillation exhibit comparable or even superior performance with existing relation-based knowledge distillation methods.