secure

Title: Combining multiple matchers for fingerprint verification: A case study in biosecure network of excellence. (arXiv:2212.01906v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.01906
• Code URL: null
• Copy Paste: [[2212.01906] Combining multiple matchers for fingerprint verification: A case study in biosecure network of excellence](http://arxiv.org/abs/2212.01906) #secure
• Summary:

  We report on experiments for the fingerprint modality conducted during the First BioSecure Residential Workshop. Two reference systems for fingerprint verification have been tested together with two additional non-reference systems. These systems follow different approaches of fingerprint processing and are discussed in detail. Fusion experiments I volving different combinations of the available systems are presented. The experimental results show that the best recognition strategy involves both minutiae-based and correlation-based measurements. Regarding the fusion experiments, the best relative improvement is obtained when fusing systems that are based on heterogeneous strategies for feature extraction and/or matching. The best combinations of two/three/four systems always include the best individual systems whereas the best verification performance is obtained when combining all the available systems.

Title: Efficiency Boosting of Secure Cross-platform Recommender Systems over Sparse Data. (arXiv:2212.01537v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2212.01537
• Code URL: null
• Copy Paste: [[2212.01537] Efficiency Boosting of Secure Cross-platform Recommender Systems over Sparse Data](http://arxiv.org/abs/2212.01537) #secure
• Summary:

  Fueled by its successful commercialization, the recommender system (RS) has gained widespread attention. However, as the training data fed into the RS models are often highly sensitive, it ultimately leads to severe privacy concerns, especially when data are shared among different platforms. In this paper, we follow the tune of existing works to investigate the problem of secure sparse matrix multiplication for cross-platform RSs. Two fundamental while critical issues are addressed: preserving the training data privacy and breaking the data silo problem. Specifically, we propose two concrete constructions with significantly boosted efficiency. They are designed for the sparse location insensitive case and location sensitive case, respectively. State-of-the-art cryptography building blocks including homomorphic encryption (HE) and private information retrieval (PIR) are fused into our protocols with non-trivial optimizations. As a result, our schemes can enjoy the HE acceleration technique without privacy trade-offs. We give formal security proofs for the proposed schemes and conduct extensive experiments on both real and large-scale simulated datasets. Compared with state-of-the-art works, our two schemes compress the running time roughly by 10 and 2.8. They also attain up to 15 and 2.3 communication reduction without accuracy loss.

security

Title: Unauthorized Drone Detection: Experiments and Prototypes. (arXiv:2212.01436v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.01436
• Code URL: null
• Copy Paste: [[2212.01436] Unauthorized Drone Detection: Experiments and Prototypes](http://arxiv.org/abs/2212.01436) #security
• Summary:

  The increase in the number of unmanned aerial vehicles a.k.a. drones pose several threats to public privacy, critical infrastructure and cyber security. Hence, detecting unauthorized drones is a significant problem which received attention in the last few years. In this paper, we present our experimental work on three drone detection methods (i.e., acoustic detection, radio frequency (RF) detection, and visual detection) to evaluate their efficacy in both indoor and outdoor environments. Owing to the limitations of these schemes, we present a novel encryption-based drone detection scheme that uses a two-stage verification of the drone's received signal strength indicator (RSSI) and the encryption key generated from the drone's position coordinates to reliably detect an unauthorized drone in the presence of authorized drones.

Title: Open RAN Security: Challenges and Opportunities. (arXiv:2212.01510v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2212.01510
• Code URL: null
• Copy Paste: [[2212.01510] Open RAN Security: Challenges and Opportunities](http://arxiv.org/abs/2212.01510) #security
• Summary:

  Open RAN (ORAN, O-RAN) represents a novel industry-level standard for RAN (Radio Access Network), which defines interfaces that support inter-operation between vendors' equipment and offer network flexibility at a lower cost. Open RAN integrates the benefits and advancements of network softwarization and Artificial Intelligence to enhance the operation of RAN devices and operations. Open RAN offers new possibilities so that different stakeholders can develop the RAN solution in this open ecosystem. However, the benefits of Open RAN bring new security and privacy challenges. As Open RAN offers an entirely different RAN configuration than what exists today, it could lead to severe security and privacy issues if mismanaged, and stakeholders are understandably taking a cautious approach towards the security of Open RAN deployment. In particular, this paper provides a deep analysis of the security and privacy risks and challenges associated with Open RAN architecture. Then, it discusses possible security and privacy solutions to secure Open RAN architecture and presents relevant security standardization efforts relevant to Open RAN security. Finally, we discuss how Open RAN can be used to deploy more advanced security and privacy solutions in 5G and beyond RAN.

Title: It Is Not Where You Are, It Is Where You Are Registered: IoT Location Impact. (arXiv:2212.01598v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2212.01598
• Code URL: null
• Copy Paste: [[2212.01598] It Is Not Where You Are, It Is Where You Are Registered: IoT Location Impact](http://arxiv.org/abs/2212.01598) #security
• Summary:

  This paper investigates how and with whom IoT devices communicate and how their location affects their communication patterns. Specifically, the endpoints an IoT device communicates with can be defined as a small set of domains. To study how the location of the device affects its domain set, we distinguish between the location based on its IP address and the location defined by the user when registering the device. We show, unlike common wisdom, that IP-based location has little to no effect on the set of domains, while the user-defined location changes the set significantly. Unlike common approaches to resolving domains to IP addresses at close-by geo-locations (such as anycast), we present a distinctive way to use the ECS field of EDNS to achieve the same differentiation between user-defined locations. Our solution streamlines the network design of IoT manufacturers and makes it easier for security appliances to monitor IoT traffic. Finally, we show that with one domain for all locations, one can achieve succinct descriptions of the traffic of the IoT device across the globe. We will discuss the implications of such description on security appliances and specifically, on the ones using the Manufacturer Usage Description (MUD) framework.

Title: Security Analysis of SplitFed Learning. (arXiv:2212.01716v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.01716
• Code URL: null
• Copy Paste: [[2212.01716] Security Analysis of SplitFed Learning](http://arxiv.org/abs/2212.01716) #security
• Summary:

  Split Learning (SL) and Federated Learning (FL) are two prominent distributed collaborative learning techniques that maintain data privacy by allowing clients to never share their private data with other clients and servers, and fined extensive IoT applications in smart healthcare, smart cities, and smart industry. Prior work has extensively explored the security vulnerabilities of FL in the form of poisoning attacks. To mitigate the effect of these attacks, several defenses have also been proposed. Recently, a hybrid of both learning techniques has emerged (commonly known as SplitFed) that capitalizes on their advantages (fast training) and eliminates their intrinsic disadvantages (centralized model updates). In this paper, we perform the first ever empirical analysis of SplitFed's robustness to strong model poisoning attacks. We observe that the model updates in SplitFed have significantly smaller dimensionality as compared to FL that is known to have the curse of dimensionality. We show that large models that have higher dimensionality are more susceptible to privacy and security attacks, whereas the clients in SplitFed do not have the complete model and have lower dimensionality, making them more robust to existing model poisoning attacks. Our results show that the accuracy reduction due to the model poisoning attack is 5x lower for SplitFed compared to FL.

Title: Pairing-Friendly Elliptic Curves: Revisited Taxonomy, Attacks and Security Concern. (arXiv:2212.01855v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2212.01855
• Code URL: null
• Copy Paste: [[2212.01855] Pairing-Friendly Elliptic Curves: Revisited Taxonomy, Attacks and Security Concern](http://arxiv.org/abs/2212.01855) #security
• Summary:

  Major families of pairing-friendly elliptic curves, including BN, BLS12, BLS24, KSS16, and KSS18 have recently been vulnerable to number field sieve (NFS) attacks. Due to the recent attacks on discrete logs in F_(q^k ), selecting such curves became relevant again. This paper revisited the topic of selecting pairing-friendly curves at different security levels. First, we expanded the classification given by Freeman et al. [1] by identifying new families that were not previously mentioned, such as a complete family with variable differentiation and new sparse families of curves. We discussed individual curves and a comprehensive framework for constructing parametric families. We estimated the security and assessed families of the pairing-friendly curve to discover families of curves better than BN, KSS, and BLS in terms of the required key size. We also evaluated the complexity of the optimal ate pairing that has never been discussed before, except by Barbulescu et al. [2]. We demonstrated that the recent attack (TNFS) on pairing needs to increase the key size. We compared families of curves in the context of key size and selected a suitable alternative to an elliptic curve.

Title: "Tell me, how do you know it's me?" Expectations of security and personalization measures for smart speaker applications. (arXiv:2212.01905v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2212.01905
• Code URL: null
• Copy Paste: [[2212.01905] "Tell me, how do you know it's me?" Expectations of security and personalization measures for smart speaker applications](http://arxiv.org/abs/2212.01905) #security
• Summary:

  Voice-controlled smart speaker devices have gained a foothold in many modern households. Their prevalence combined with their intrusion into core private spheres of life has motivated research on security and privacy intrusions, especially those performed by third-party applications used on such devices. In this work, we take a closer look at such third-party applications from a less pessimistic angle: we consider their potential to provide personalized and secure capabilities and investigate measures to authenticate users (PIN'',Voice authentication'', Notification'', and presence ofNearby devices''). To this end, we asked 100 participants to evaluate 15 application categories and 51 apps with a wide range of functions. The central questions we explored focused on: users' preferences for security and personalization for different categories of apps; the preferred security and personalization measures for different apps; and the preferred frequency of the respective measure.

After an initial pilot study, we focused primarily on 7 categories of apps for which security and personalization are reported to be important; those include the three crucial categories finance, bills, and shopping. We found that ``Voice authentication'', while not currently employed by the apps we studied, is a highly popular measure to achieve security and personalization. Many participants were open to exploring combinations of security measures to increase the protection of highly relevant apps. Here, the combination of ``PIN'' and ``Voice authentication'' was clearly the most desired one. This finding indicates systems that seamlessly combine ``Voice authentication'' with other measures might be a good candidate for future work.

privacy

Title: ConfounderGAN: Protecting Image Data Privacy with Causal Confounder. (arXiv:2212.01767v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.01767
• Code URL: null
• Copy Paste: [[2212.01767] ConfounderGAN: Protecting Image Data Privacy with Causal Confounder](http://arxiv.org/abs/2212.01767) #privacy
• Summary:

  The success of deep learning is partly attributed to the availability of massive data downloaded freely from the Internet. However, it also means that users' private data may be collected by commercial organizations without consent and used to train their models. Therefore, it's important and necessary to develop a method or tool to prevent unauthorized data exploitation. In this paper, we propose ConfounderGAN, a generative adversarial network (GAN) that can make personal image data unlearnable to protect the data privacy of its owners. Specifically, the noise produced by the generator for each image has the confounder property. It can build spurious correlations between images and labels, so that the model cannot learn the correct mapping from images to labels in this noise-added dataset. Meanwhile, the discriminator is used to ensure that the generated noise is small and imperceptible, thereby remaining the normal utility of the encrypted image for humans. The experiments are conducted in six image classification datasets, consisting of three natural object datasets and three medical datasets. The results demonstrate that our method not only outperforms state-of-the-art methods in standard settings, but can also be applied to fast encryption scenarios. Moreover, we show a series of transferability and stability experiments to further illustrate the effectiveness and superiority of our method.

Title: Castell: Scalable Joint Probability Estimation of Multi-dimensional Data Randomized with Local Differential Privacy. (arXiv:2212.01627v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2212.01627
• Code URL: null
• Copy Paste: [[2212.01627] Castell: Scalable Joint Probability Estimation of Multi-dimensional Data Randomized with Local Differential Privacy](http://arxiv.org/abs/2212.01627) #privacy
• Summary:

  Performing randomized response (RR) over multi-dimensional data is subject to the curse of dimensionality. As the number of attributes increases, the exponential growth in the number of attribute-value combinations greatly impacts the computational cost and the accuracy of the RR estimates. In this paper, we propose a new multi-dimensional RR scheme that randomizes all attributes independently, and then aggregates these randomization matrices into a single aggregated matrix. The multi-dimensional joint probability distributions are then estimated. The inverse matrix of the aggregated randomization matrix can be computed efficiently at a lightweight computation cost (i.e., linear with respect to dimensionality) and with manageable storage requirements.

To overcome the limitation of accuracy, we propose two extensions to the baseline protocol, called {\em hybrid} and {\em truncated} schemes. Finally, we have conducted experiments using synthetic and major open-source datasets for various numbers of attributes, domain sizes, and numbers of respondents. The results using UCI Adult dataset give average distances between the estimated and the real (2 through 6-way) joint probability are $0.0099$ for {\em truncated} and $0.0155$ for {\em hybrid} schemes, whereas they are $0.03$ and $0.04$ for LoPub, which is the state-of-the-art multi-dimensional LDP scheme.

Title: SoK: Fully Homomorphic Encryption Accelerators. (arXiv:2212.01713v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2212.01713
• Code URL: null
• Copy Paste: [[2212.01713] SoK: Fully Homomorphic Encryption Accelerators](http://arxiv.org/abs/2212.01713) #privacy
• Summary:

  Fully Homomorphic Encryption (FHE) is a key technology enabling privacy-preserving computing. However, the fundamental challenge of FHE is its inefficiency, due primarily to the underlying polynomial computations with high computation complexity and extremely time-consuming ciphertext maintenance operations. To tackle this challenge, various FHE accelerators have recently been proposed by both research and industrial communities. This paper takes the first initiative to conduct a systematic study on the 11 FHE accelerators -- cuHE/cuFHE, nuFHE, HEAT, HEAX, HEXL, HEXL-FPGA, 100$\times$, F1, CraterLake, BTS, and ARK. We first make our observations on the evolution trajectory of these existing FHE accelerators to establish a qualitative connection between them. Then, we perform testbed evaluations of representative open-source FHE accelerators to provide a quantitative comparison on them. Finally, with the insights learned from both qualitative and quantitative studies, we discuss potential directions to inform the future design and implementation for FHE accelerators.

Title: Exploring the Limits of Differentially Private Deep Learning with Group-wise Clipping. (arXiv:2212.01539v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.01539
• Code URL: null
• Copy Paste: [[2212.01539] Exploring the Limits of Differentially Private Deep Learning with Group-wise Clipping](http://arxiv.org/abs/2212.01539) #privacy
• Summary:

  Differentially private deep learning has recently witnessed advances in computational efficiency and privacy-utility trade-off. We explore whether further improvements along the two axes are possible and provide affirmative answers leveraging two instantiations of \emph{group-wise clipping}. To reduce the compute time overhead of private learning, we show that \emph{per-layer clipping}, where the gradient of each neural network layer is clipped separately, allows clipping to be performed in conjunction with backpropagation in differentially private optimization. This results in private learning that is as memory-efficient and almost as fast per training update as non-private learning for many workflows of interest. While per-layer clipping with constant thresholds tends to underperform standard flat clipping, per-layer clipping with adaptive thresholds matches or outperforms flat clipping under given training epoch constraints, hence attaining similar or better task performance within less wall time. To explore the limits of scaling (pretrained) models in differentially private deep learning, we privately fine-tune the 175 billion-parameter GPT-3. We bypass scaling challenges associated with clipping gradients that are distributed across multiple devices with \emph{per-device clipping} that clips the gradient of each model piece separately on its host device. Privately fine-tuning GPT-3 with per-device clipping achieves a task performance at $\epsilon=1$ better than what is attainable by non-privately fine-tuning the largest GPT-2 on a summarization task.

protect

defense

Title: LDL: A Defense for Label-Based Membership Inference Attacks. (arXiv:2212.01688v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.01688
• Code URL: null
• Copy Paste: [[2212.01688] LDL: A Defense for Label-Based Membership Inference Attacks](http://arxiv.org/abs/2212.01688) #defense
• Summary:

  The data used to train deep neural network (DNN) models in applications such as healthcare and finance typically contain sensitive information. A DNN model may suffer from overfitting. Overfitted models have been shown to be susceptible to query-based attacks such as membership inference attacks (MIAs). MIAs aim to determine whether a sample belongs to the dataset used to train a classifier (members) or not (nonmembers). Recently, a new class of label based MIAs (LAB MIAs) was proposed, where an adversary was only required to have knowledge of predicted labels of samples. Developing a defense against an adversary carrying out a LAB MIA on DNN models that cannot be retrained remains an open problem.

We present LDL, a light weight defense against LAB MIAs. LDL works by constructing a high-dimensional sphere around queried samples such that the model decision is unchanged for (noisy) variants of the sample within the sphere. This sphere of label-invariance creates ambiguity and prevents a querying adversary from correctly determining whether a sample is a member or a nonmember. We analytically characterize the success rate of an adversary carrying out a LAB MIA when LDL is deployed, and show that the formulation is consistent with experimental observations. We evaluate LDL on seven datasets -- CIFAR-10, CIFAR-100, GTSRB, Face, Purchase, Location, and Texas -- with varying sizes of training data. All of these datasets have been used by SOTA LAB MIAs. Our experiments demonstrate that LDL reduces the success rate of an adversary carrying out a LAB MIA in each case. We empirically compare LDL with defenses against LAB MIAs that require retraining of DNN models, and show that LDL performs favorably despite not needing to retrain the DNNs.

attack

robust

Title: Crowd Density Estimation using Imperfect Labels. (arXiv:2212.01450v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.01450
• Code URL: null
• Copy Paste: [[2212.01450] Crowd Density Estimation using Imperfect Labels](http://arxiv.org/abs/2212.01450) #robust
• Summary:

  Density estimation is one of the most widely used methods for crowd counting in which a deep learning model learns from head-annotated crowd images to estimate crowd density in unseen images. Typically, the learning performance of the model is highly impacted by the accuracy of the annotations and inaccurate annotations may lead to localization and counting errors during prediction. A significant amount of works exist on crowd counting using perfectly labelled datasets but none of these explore the impact of annotation errors on the model accuracy. In this paper, we investigate the impact of imperfect labels (both noisy and missing labels) on crowd counting accuracy. We propose a system that automatically generates imperfect labels using a deep learning model (called annotator) which are then used to train a new crowd counting model (target model). Our analysis on two crowd counting models and two benchmark datasets shows that the proposed scheme achieves accuracy closer to that of the model trained with perfect labels showing the robustness of crowd models to annotation errors.

Title: Learning Disentangled Label Representations for Multi-label Classification. (arXiv:2212.01461v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.01461
• Code URL: null
• Copy Paste: [[2212.01461] Learning Disentangled Label Representations for Multi-label Classification](http://arxiv.org/abs/2212.01461) #robust
• Summary:

  Although various methods have been proposed for multi-label classification, most approaches still follow the feature learning mechanism of the single-label (multi-class) classification, namely, learning a shared image feature to classify multiple labels. However, we find this One-shared-Feature-for-Multiple-Labels (OFML) mechanism is not conducive to learning discriminative label features and makes the model non-robustness. For the first time, we mathematically prove that the inferiority of the OFML mechanism is that the optimal learned image feature cannot maintain high similarities with multiple classifiers simultaneously in the context of minimizing cross-entropy loss. To address the limitations of the OFML mechanism, we introduce the One-specific-Feature-for-One-Label (OFOL) mechanism and propose a novel disentangled label feature learning (DLFL) framework to learn a disentangled representation for each label. The specificity of the framework lies in a feature disentangle module, which contains learnable semantic queries and a Semantic Spatial Cross-Attention (SSCA) module. Specifically, learnable semantic queries maintain semantic consistency between different images of the same label. The SSCA module localizes the label-related spatial regions and aggregates located region features into the corresponding label feature to achieve feature disentanglement. We achieve state-of-the-art performance on eight datasets of three tasks, \ie, multi-label classification, pedestrian attribute recognition, and continual multi-label learning.

Title: Understanding the Robustness of Multi-Exit Models under Common Corruptions. (arXiv:2212.01562v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.01562
• Code URL: null
• Copy Paste: [[2212.01562] Understanding the Robustness of Multi-Exit Models under Common Corruptions](http://arxiv.org/abs/2212.01562) #robust
• Summary:

  Multi-Exit models (MEMs) use an early-exit strategy to improve the accuracy and efficiency of deep neural networks (DNNs) by allowing samples to exit the network before the last layer. However, the effectiveness of MEMs in the presence of distribution shifts remains largely unexplored. Our work examines how distribution shifts generated by common image corruptions affect the accuracy/efficiency of MEMs. We find that under common corruptions, early-exiting at the first correct exit reduces the inference cost and provides a significant boost in accuracy ( 10%) over exiting at the last layer. However, with realistic early-exit strategies, which do not assume knowledge about the correct exits, MEMs still reduce inference cost but provide a marginal improvement in accuracy (1%) compared to exiting at the last layer. Moreover, the presence of distribution shift widens the gap between an MEM's maximum classification accuracy and realistic early-exit strategies by 5% on average compared with the gap on in-distribution data. Our empirical analysis shows that the lack of calibration due to a distribution shift increases the susceptibility of such early-exit strategies to exit early and increases misclassification rates. Furthermore, the lack of calibration increases the inconsistency in the predictions of the model across exits, leading to both inefficient inference and more misclassifications compared with evaluation on in-distribution data. Finally, we propose two metrics, underthinking and overthinking, that quantify the different behavior of practical early-exit strategy under distribution shifts, and provide insights into improving the practical utility of MEMs.

Title: Make RepVGG Greater Again: A Quantization-aware Approach. (arXiv:2212.01593v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.01593
• Code URL: null
• Copy Paste: [[2212.01593] Make RepVGG Greater Again: A Quantization-aware Approach](http://arxiv.org/abs/2212.01593) #robust
• Summary:

  The tradeoff between performance and inference speed is critical for practical applications. Architecture reparameterization obtains better tradeoffs and it is becoming an increasingly popular ingredient in modern convolutional neural networks. Nonetheless, its quantization performance is usually too poor to deploy (e.g. more than 20% top-1 accuracy drop on ImageNet) when INT8 inference is desired. In this paper, we dive into the underlying mechanism of this failure, where the original design inevitably enlarges quantization error. We propose a simple, robust, and effective remedy to have a quantization-friendly structure that also enjoys reparameterization benefits. Our method greatly bridges the gap between INT8 and FP32 accuracy for RepVGG. Without bells and whistles, the top-1 accuracy drop on ImageNet is reduced within 2\% by standard post-training quantization.

Title: Exploring Stochastic Autoregressive Image Modeling for Visual Representation. (arXiv:2212.01610v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.01610
• Code URL: https://github.com/qiy20/saim
• Copy Paste: [[2212.01610] Exploring Stochastic Autoregressive Image Modeling for Visual Representation](http://arxiv.org/abs/2212.01610) #robust
• Summary:

  Autoregressive language modeling (ALM) have been successfully used in self-supervised pre-training in Natural language processing (NLP). However, this paradigm has not achieved comparable results with other self-supervised approach in computer vision (e.g., contrastive learning, mask image modeling). In this paper, we try to find the reason why autoregressive modeling does not work well on vision tasks. To tackle this problem, we fully analyze the limitation of visual autoregressive methods and proposed a novel stochastic autoregressive image modeling (named SAIM) by the two simple designs. First, we employ stochastic permutation strategy to generate effective and robust image context which is critical for vision tasks. Second, we create a parallel encoder-decoder training process in which the encoder serves a similar role to the standard vision transformer focus on learning the whole contextual information, and meanwhile the decoder predicts the content of the current position, so that the encoder and decoder can reinforce each other. By introducing stochastic prediction and the parallel encoder-decoder, SAIM significantly improve the performance of autoregressive image modeling. Our method achieves the best accuracy (83.9%) on the vanilla ViT-Base model among methods using only ImageNet-1K data. Transfer performance in downstream tasks also show that our model achieves competitive performance.

Title: CrossSplit: Mitigating Label Noise Memorization through Data Splitting. (arXiv:2212.01674v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.01674
• Code URL: null
• Copy Paste: [[2212.01674] CrossSplit: Mitigating Label Noise Memorization through Data Splitting](http://arxiv.org/abs/2212.01674) #robust
• Summary:

  We approach the problem of improving robustness of deep learning algorithms in the presence of label noise. Building upon existing label correction and co-teaching methods, we propose a novel training procedure to mitigate the memorization of noisy labels, called CrossSplit, which uses a pair of neural networks trained on two disjoint parts of the dataset. CrossSplit combines two main ingredients: (i) Cross-split label correction. The idea is that, since the model trained on one part of the data cannot memorize example-label pairs from the other part, the training labels presented to each network can be smoothly adjusted by using the predictions of its peer network; (ii) Cross-split semi-supervised training. A network trained on one part of the data also uses the unlabeled inputs of the other part. Extensive experiments on CIFAR-10, CIFAR-100, Tiny-ImageNet and mini-WebVision datasets demonstrate that our method can outperform the current state-of-the-art up to 90% noise ratio.

Title: Improving Zero-shot Generalization and Robustness of Multi-modal Models. (arXiv:2212.01758v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.01758
• Code URL: null
• Copy Paste: [[2212.01758] Improving Zero-shot Generalization and Robustness of Multi-modal Models](http://arxiv.org/abs/2212.01758) #robust
• Summary:

  Multi-modal image-text models such as CLIP and LiT have demonstrated impressive performance on image classification benchmarks and their zero-shot generalization ability is particularly exciting. While the top-5 zero-shot accuracies of these models are very high, the top-1 accuracies are much lower (over 25% gap in some cases). We investigate the reasons for this performance gap and find that many of the failure cases are caused by ambiguity in the text prompts. First, we develop a simple and efficient zero-shot post-hoc method to identify images whose top-1 prediction is likely to be incorrect, by measuring consistency of the predictions w.r.t. multiple prompts and image transformations. We show that our procedure better predicts mistakes, outperforming the popular max logit baseline on selective prediction tasks. Next, we propose a simple and efficient way to improve accuracy on such uncertain images by making use of the WordNet hierarchy; specifically we augment the original class by incorporating its parent and children from the semantic label hierarchy, and plug the augmentation into text promts. We conduct experiments on both CLIP and LiT models with five different ImageNet-based datasets. For CLIP, our method improves the top-1 accuracy by 17.13% on the uncertain subset and 3.6% on the entire ImageNet validation set. We also show that our method improves across ImageNet shifted datasets and other model architectures such as LiT. Our proposed method is hyperparameter-free, requires no additional model training and can be easily scaled to other large multi-modal architectures.

Title: Recognizing Object by Components with Human Prior Knowledge Enhances Adversarial Robustness of Deep Neural Networks. (arXiv:2212.01806v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.01806
• Code URL: null
• Copy Paste: [[2212.01806] Recognizing Object by Components with Human Prior Knowledge Enhances Adversarial Robustness of Deep Neural Networks](http://arxiv.org/abs/2212.01806) #robust
• Summary:

  Adversarial attacks can easily fool object recognition systems based on deep neural networks (DNNs). Although many defense methods have been proposed in recent years, most of them can still be adaptively evaded. One reason for the weak adversarial robustness may be that DNNs are only supervised by category labels and do not have part-based inductive bias like the recognition process of humans. Inspired by a well-known theory in cognitive psychology -- recognition-by-components, we propose a novel object recognition model ROCK (Recognizing Object by Components with human prior Knowledge). It first segments parts of objects from images, then scores part segmentation results with predefined human prior knowledge, and finally outputs prediction based on the scores. The first stage of ROCK corresponds to the process of decomposing objects into parts in human vision. The second stage corresponds to the decision process of the human brain. ROCK shows better robustness than classical recognition models across various attack settings. These results encourage researchers to rethink the rationality of currently widely-used DNN-based object recognition models and explore the potential of part-based models, once important but recently ignored, for improving robustness.

Title: Fast and Lightweight Scene Regressor for Camera Relocalization. (arXiv:2212.01830v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.01830
• Code URL: https://github.com/ais-lab/feat2map
• Copy Paste: [[2212.01830] Fast and Lightweight Scene Regressor for Camera Relocalization](http://arxiv.org/abs/2212.01830) #robust
• Summary:

  Camera relocalization involving a prior 3D reconstruction plays a crucial role in many mixed reality and robotics applications. Estimating the camera pose directly with respect to pre-built 3D models can be prohibitively expensive for several applications with limited storage and/or communication bandwidth. Although recent scene and absolute pose regression methods have become popular for efficient camera localization, most of them are computation-resource intensive and difficult to obtain a real-time inference with high accuracy constraints. This study proposes a simple scene regression method that requires only a multi-layer perceptron network for mapping scene coordinates to achieve accurate camera pose estimations. The proposed approach uses sparse descriptors to regress the scene coordinates, instead of a dense RGB image. The use of sparse features provides several advantages. First, the proposed regressor network is substantially smaller than those reported in previous studies. This makes our system highly efficient and scalable. Second, the pre-built 3D models provide the most reliable and robust 2D-3D matches. Therefore, learning from them can lead to an awareness of equivalent features and substantially improve the generalization performance. A detailed analysis of our approach and extensive evaluations using existing datasets are provided to support the proposed method. The implementation detail is available at https://github.com/aislab/feat2map

Title: Topic Modeling on Clinical Social Work Notes for Exploring Social Determinants of Health Factors. (arXiv:2212.01462v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2212.01462
• Code URL: null
• Copy Paste: [[2212.01462] Topic Modeling on Clinical Social Work Notes for Exploring Social Determinants of Health Factors](http://arxiv.org/abs/2212.01462) #robust
• Summary:

  Most research studying social determinants of health (SDoH) has focused on physician notes or structured elements of the electronic medical record (EMR). We hypothesize that clinical notes from social workers, whose role is to ameliorate social and economic factors, might provide a richer source of data on SDoH. We sought to perform topic modeling to identify robust topics of discussion within a large cohort of social work notes. We retrieved a diverse, deidentified corpus of 0.95 million clinical social work notes from 181,644 patients at the University of California, San Francisco. We used word frequency analysis and Latent Dirichlet Allocation (LDA) topic modeling analysis to characterize this corpus and identify potential topics of discussion. Word frequency analysis identified both medical and non-medical terms associated with specific ICD10 chapters. The LDA topic modeling analysis extracted 11 topics related to social determinants of health risk factors including financial status, abuse history, social support, risk of death, and mental health. In addition, the topic modeling approach captured the variation between different types of social work notes and across patients with different types of diseases or conditions. We demonstrated that social work notes contain rich, unique, and otherwise unobtainable information on an individual's SDoH.

Title: Event knowledge in large language models: the gap between the impossible and the unlikely. (arXiv:2212.01488v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2212.01488
• Code URL: null
• Copy Paste: [[2212.01488] Event knowledge in large language models: the gap between the impossible and the unlikely](http://arxiv.org/abs/2212.01488) #robust
• Summary:

  People constantly use language to learn about the world. Computational linguists have capitalized on this fact to build large language models (LLMs) that acquire co-occurrence-based knowledge from language corpora. LLMs achieve impressive performance on many tasks, but the robustness of their world knowledge has been questioned. Here, we ask: do LLMs acquire generalized knowledge about real-world events? Using curated sets of minimal sentence pairs (n=1215), we tested whether LLMs are more likely to generate plausible event descriptions compared to their implausible counterparts. We found that LLMs systematically distinguish possible and impossible events (The teacher bought the laptop vs. The laptop bought the teacher) but fall short of human performance when distinguishing likely and unlikely events (The nanny tutored the boy vs. The boy tutored the nanny). In follow-up analyses, we show that (i) LLM scores are driven by both plausibility and surface-level sentence features, (ii) LLMs generalize well across syntactic sentence variants (active vs passive) but less well across semantic sentence variants (synonymous sentences), (iii) some, but not all LLM deviations from ground-truth labels align with crowdsourced human judgments, and (iv) explicit event plausibility information emerges in middle LLM layers and remains high thereafter. Overall, our analyses reveal a gap in LLMs' event knowledge, highlighting their limitations as generalized knowledge bases. We conclude by speculating that the differential performance on impossible vs. unlikely events is not a temporary setback but an inherent property of LLMs, reflecting a fundamental difference between linguistic knowledge and world knowledge in intelligent systems.

Title: Meta Learning for Few-Shot Medical Text Classification. (arXiv:2212.01552v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2212.01552
• Code URL: null
• Copy Paste: [[2212.01552] Meta Learning for Few-Shot Medical Text Classification](http://arxiv.org/abs/2212.01552) #robust
• Summary:

  Medical professionals frequently work in a data constrained setting to provide insights across a unique demographic. A few medical observations, for instance, informs the diagnosis and treatment of a patient. This suggests a unique setting for meta-learning, a method to learn models quickly on new tasks, to provide insights unattainable by other methods. We investigate the use of meta-learning and robustness techniques on a broad corpus of benchmark text and medical data. To do this, we developed new data pipelines, combined language models with meta-learning approaches, and extended existing meta-learning algorithms to minimize worst case loss. We find that meta-learning on text is a suitable framework for text-based data, providing better data efficiency and comparable performance to few-shot language models and can be successfully applied to medical note data. Furthermore, meta-learning models coupled with DRO can improve worst case loss across disease codes.

Title: Language Models as Agent Models. (arXiv:2212.01681v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2212.01681
• Code URL: null
• Copy Paste: [[2212.01681] Language Models as Agent Models](http://arxiv.org/abs/2212.01681) #robust
• Summary:

  Language models (LMs) are trained on collections of documents, written by individual human agents to achieve specific goals in an outside world. During training, LMs have access only to text of these documents, with no direct evidence of the internal states of the agents that produced them -- a fact often used to argue that LMs are incapable of modeling goal-directed aspects of human language production and comprehension. Can LMs trained on text learn anything at all about the relationship between language and use? I argue that LMs are models of intentional communication in a specific, narrow sense. When performing next word prediction given a textual context, an LM can infer and represent properties of an agent likely to have produced that context. These representations can in turn influence subsequent LM generation in the same way that agents' communicative intentions influence their language. I survey findings from the recent literature showing that -- even in today's non-robust and error-prone models -- LMs infer and use representations of fine-grained communicative intentions and more abstract beliefs and goals. Despite the limited nature of their training data, they can thus serve as building blocks for systems that communicate and act intentionally.

Title: Towards Robust NLG Bias Evaluation with Syntactically-diverse Prompts. (arXiv:2212.01700v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2212.01700
• Code URL: https://github.com/arshiyaaggarwal/robust-nlg-bias-eval
• Copy Paste: [[2212.01700] Towards Robust NLG Bias Evaluation with Syntactically-diverse Prompts](http://arxiv.org/abs/2212.01700) #robust
• Summary:

  We present a robust methodology for evaluating biases in natural language generation(NLG) systems. Previous works use fixed hand-crafted prefix templates with mentions of various demographic groups to prompt models to generate continuations for bias analysis. These fixed prefix templates could themselves be specific in terms of styles or linguistic structures, which may lead to unreliable fairness conclusions that are not representative of the general trends from tone varying prompts. To study this problem, we paraphrase the prompts with different syntactic structures and use these to evaluate demographic bias in NLG systems. Our results suggest similar overall bias trends but some syntactic structures lead to contradictory conclusions compared to past works. We show that our methodology is more robust and that some syntactic structures prompt more toxic content while others could prompt less biased generation. This suggests the importance of not relying on a fixed syntactic structure and using tone-invariant prompts. Introducing syntactically-diverse prompts can achieve more robust NLG (bias) evaluation.

Title: Operator inference with roll outs for learning reduced models from scarce and low-quality data. (arXiv:2212.01418v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.01418
• Code URL: null
• Copy Paste: [[2212.01418] Operator inference with roll outs for learning reduced models from scarce and low-quality data](http://arxiv.org/abs/2212.01418) #robust
• Summary:

  Data-driven modeling has become a key building block in computational science and engineering. However, data that are available in science and engineering are typically scarce, often polluted with noise and affected by measurement errors and other perturbations, which makes learning the dynamics of systems challenging. In this work, we propose to combine data-driven modeling via operator inference with the dynamic training via roll outs of neural ordinary differential equations. Operator inference with roll outs inherits interpretability, scalability, and structure preservation of traditional operator inference while leveraging the dynamic training via roll outs over multiple time steps to increase stability and robustness for learning from low-quality and noisy data. Numerical experiments with data describing shallow water waves and surface quasi-geostrophic dynamics demonstrate that operator inference with roll outs provides predictive models from training trajectories even if data are sampled sparsely in time and polluted with noise of up to 10%.

Title: Smoothing Policy Iteration for Zero-sum Markov Games. (arXiv:2212.01623v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.01623
• Code URL: null
• Copy Paste: [[2212.01623] Smoothing Policy Iteration for Zero-sum Markov Games](http://arxiv.org/abs/2212.01623) #robust
• Summary:

  Zero-sum Markov Games (MGs) has been an efficient framework for multi-agent systems and robust control, wherein a minimax problem is constructed to solve the equilibrium policies. At present, this formulation is well studied under tabular settings wherein the maximum operator is primarily and exactly solved to calculate the worst-case value function. However, it is non-trivial to extend such methods to handle complex tasks, as finding the maximum over large-scale action spaces is usually cumbersome. In this paper, we propose the smoothing policy iteration (SPI) algorithm to solve the zero-sum MGs approximately, where the maximum operator is replaced by the weighted LogSumExp (WLSE) function to obtain the nearly optimal equilibrium policies. Specially, the adversarial policy is served as the weight function to enable an efficient sampling over action spaces.We also prove the convergence of SPI and analyze its approximation error in $\infty -$norm based on the contraction mapping theorem. Besides, we propose a model-based algorithm called Smooth adversarial Actor-critic (SaAC) by extending SPI with the function approximations. The target value related to WLSE function is evaluated by the sampled trajectories and then mean square error is constructed to optimize the value function, and the gradient-ascent-descent methods are adopted to optimize the protagonist and adversarial policies jointly. In addition, we incorporate the reparameterization technique in model-based gradient back-propagation to prevent the gradient vanishing due to sampling from the stochastic policies. We verify our algorithm in both tabular and function approximation settings. Results show that SPI can approximate the worst-case value function with a high accuracy and SaAC can stabilize the training process and improve the adversarial robustness in a large margin.

Title: Statistical Physics of Deep Neural Networks: Initialization toward Optimal Channels. (arXiv:2212.01744v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.01744
• Code URL: null
• Copy Paste: [[2212.01744] Statistical Physics of Deep Neural Networks: Initialization toward Optimal Channels](http://arxiv.org/abs/2212.01744) #robust
• Summary:

  In deep learning, neural networks serve as noisy channels between input data and its representation. This perspective naturally relates deep learning with the pursuit of constructing channels with optimal performance in information transmission and representation. While considerable efforts are concentrated on realizing optimal channel properties during network optimization, we study a frequently overlooked possibility that neural networks can be initialized toward optimal channels. Our theory, consistent with experimental validation, identifies primary mechanics underlying this unknown possibility and suggests intrinsic connections between statistical physics and deep learning. Unlike the conventional theories that characterize neural networks applying the classic mean-filed approximation, we offer analytic proof that this extensively applied simplification scheme is not valid in studying neural networks as information channels. To fill this gap, we develop a corrected mean-field framework applicable for characterizing the limiting behaviors of information propagation in neural networks without strong assumptions on inputs. Based on it, we propose an analytic theory to prove that mutual information maximization is realized between inputs and propagated signals when neural networks are initialized at dynamic isometry, a case where information transmits via norm-preserving mappings. These theoretical predictions are validated by experiments on real neural networks, suggesting the robustness of our theory against finite-size effects. Finally, we analyze our findings with information bottleneck theory to confirm the precise relations among dynamic isometry, mutual information maximization, and optimal channel properties in deep learning.

Title: Semantic Graph Neural Network with Multi-measure Learning for Semi-supervised Classification. (arXiv:2212.01749v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.01749
• Code URL: null
• Copy Paste: [[2212.01749] Semantic Graph Neural Network with Multi-measure Learning for Semi-supervised Classification](http://arxiv.org/abs/2212.01749) #robust
• Summary:

  Graph Neural Networks (GNNs) have attracted increasing attention in recent years and have achieved excellent performance in semi-supervised node classification tasks. The success of most GNNs relies on one fundamental assumption, i.e., the original graph structure data is available. However, recent studies have shown that GNNs are vulnerable to the complex underlying structure of the graph, making it necessary to learn comprehensive and robust graph structures for downstream tasks, rather than relying only on the raw graph structure. In light of this, we seek to learn optimal graph structures for downstream tasks and propose a novel framework for semi-supervised classification. Specifically, based on the structural context information of graph and node representations, we encode the complex interactions in semantics and generate semantic graphs to preserve the global structure. Moreover, we develop a novel multi-measure attention layer to optimize the similarity rather than prescribing it a priori, so that the similarity can be adaptively evaluated by integrating measures. These graphs are fused and optimized together with GNN towards semi-supervised classification objective. Extensive experiments and ablation studies on six real-world datasets clearly demonstrate the effectiveness of our proposed model and the contribution of each component.

biometric

steal

extraction

Title: FedRolex: Model-Heterogeneous Federated Learning with Rolling Sub-Model Extraction. (arXiv:2212.01548v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.01548
• Code URL: https://github.com/msu-mlsys-lab/fedrolex
• Copy Paste: [[2212.01548] FedRolex: Model-Heterogeneous Federated Learning with Rolling Sub-Model Extraction](http://arxiv.org/abs/2212.01548) #extraction
• Summary:

  Most cross-device federated learning (FL) studies focus on the model-homogeneous setting where the global server model and local client models are identical. However, such constraint not only excludes low-end clients who would otherwise make unique contributions to model training but also restrains clients from training large models due to on-device resource bottlenecks. In this work, we propose FedRolex, a partial training (PT)-based approach that enables model-heterogeneous FL and can train a global server model larger than the largest client model. At its core, FedRolex employs a rolling sub-model extraction scheme that allows different parts of the global server model to be evenly trained, which mitigates the client drift induced by the inconsistency between individual client models and server model architectures. We show that FedRolex outperforms state-of-the-art PT-based model-heterogeneous FL methods (e.g. Federated Dropout) and reduces the gap between model-heterogeneous and model-homogeneous FL, especially under the large-model large-dataset regime. In addition, we provide theoretical statistical analysis on its advantage over Federated Dropout and evaluate FedRolex on an emulated real-world device distribution to show that FedRolex can enhance the inclusiveness of FL and boost the performance of low-end devices that would otherwise not benefit from FL. Our code is available at https://github.com/MSU-MLSys-Lab/FedRolex.

Title: StegaNeRF: Embedding Invisible Information within Neural Radiance Fields. (arXiv:2212.01602v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.01602
• Code URL: null
• Copy Paste: [[2212.01602] StegaNeRF: Embedding Invisible Information within Neural Radiance Fields](http://arxiv.org/abs/2212.01602) #extraction
• Summary:

  Recent advances in neural rendering imply a future of widespread visual data distributions through sharing NeRF model weights. However, while common visual data (images and videos) have standard approaches to embed ownership or copyright information explicitly or subtly, the problem remains unexplored for the emerging NeRF format. We present StegaNeRF, a method for steganographic information embedding in NeRF renderings. We design an optimization framework allowing accurate hidden information extractions from images rendered by NeRF, while preserving its original visual quality. We perform experimental evaluations of our method under several potential deployment scenarios, and we further discuss the insights discovered through our analysis. StegaNeRF signifies an initial exploration into the novel problem of instilling customizable, imperceptible, and recoverable information to NeRF renderings, with minimal impact to rendered images. Project page: https://xggnet.github.io/StegaNeRF/.

Title: Named Entity and Relation Extraction with Multi-Modal Retrieval. (arXiv:2212.01612v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2212.01612
• Code URL: https://github.com/modelscope/adaseq
• Copy Paste: [[2212.01612] Named Entity and Relation Extraction with Multi-Modal Retrieval](http://arxiv.org/abs/2212.01612) #extraction
• Summary:

  Multi-modal named entity recognition (NER) and relation extraction (RE) aim to leverage relevant image information to improve the performance of NER and RE. Most existing efforts largely focused on directly extracting potentially useful information from images (such as pixel-level features, identified objects, and associated captions). However, such extraction processes may not be knowledge aware, resulting in information that may not be highly relevant. In this paper, we propose a novel Multi-modal Retrieval based framework (MoRe). MoRe contains a text retrieval module and an image-based retrieval module, which retrieve related knowledge of the input text and image in the knowledge corpus respectively. Next, the retrieval results are sent to the textual and visual models respectively for predictions. Finally, a Mixture of Experts (MoE) module combines the predictions from the two models to make the final decision. Our experiments show that both our textual model and visual model can achieve state-of-the-art performance on four multi-modal NER datasets and one multi-modal RE dataset. With MoE, the model performance can be further improved and our analysis demonstrates the benefits of integrating both textual and visual cues for such tasks.

Title: Constructing Highly Inductive Contexts for Dialogue Safety through Controllable Reverse Generation. (arXiv:2212.01810v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2212.01810
• Code URL: https://github.com/thu-coai/reverse_generation
• Copy Paste: [[2212.01810] Constructing Highly Inductive Contexts for Dialogue Safety through Controllable Reverse Generation](http://arxiv.org/abs/2212.01810) #extraction
• Summary:

  Large pretrained language models can easily produce toxic or biased content, which is prohibitive for practical use. In order to detect such toxic generations, existing methods rely on templates, real-world data extraction, crowdsourcing workers, or automatic generation to construct adversarial contexts that are likely to induce toxic generations. However, what type of context is more likely to induce unsafe responses is still under-explored. In this paper, we identify that context toxicity and context category (e.g., \textit{profanity}, \textit{insult}, \textit{drugs}, etc.) are two important factors to cause safety issues in response generation. Hence, we propose a method called \emph{reverse generation} to construct adversarial contexts conditioned on a given response, with the flexibility to control category, toxicity level, and inductivity of the generated contexts. Via reverse generation, we augment the existing BAD dataset and construct a new dataset BAD+ which contains more than 120K diverse and highly inductive contexts in 12 categories. We test three popular pretrained dialogue models (Blender, DialoGPT, and Plato2) and find that BAD+ can largely expose their safety problems. Furthermore, we show that BAD+ can greatly enhance the safety of generation and reveal the key factors of safety improvement. Our code and dataset is available at \url{https://github.com/thu-coai/Reverse_Generation}.

Title: Pair-Based Joint Encoding with Relational Graph Convolutional Networks for Emotion-Cause Pair Extraction. (arXiv:2212.01844v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2212.01844
• Code URL: https://github.com/tutudoki/pbje-ecpe
• Copy Paste: [[2212.01844] Pair-Based Joint Encoding with Relational Graph Convolutional Networks for Emotion-Cause Pair Extraction](http://arxiv.org/abs/2212.01844) #extraction
• Summary:

  Emotion-cause pair extraction (ECPE) aims to extract emotion clauses and corresponding cause clauses, which have recently received growing attention. Previous methods sequentially encode features with a specified order. They first encode the emotion and cause features for clause extraction and then combine them for pair extraction. This lead to an imbalance in inter-task feature interaction where features extracted later have no direct contact with the former. To address this issue, we propose a novel Pair-Based Joint Encoding (PBJE) network, which generates pairs and clauses features simultaneously in a joint feature encoding manner to model the causal relationship in clauses. PBJE can balance the information flow among emotion clauses, cause clauses and pairs. From a multi-relational perspective, we construct a heterogeneous undirected graph and apply the Relational Graph Convolutional Network (RGCN) to capture the various relationship between clauses and the relationship between pairs and clauses. Experimental results show that PBJE achieves state-of-the-art performance on the Chinese benchmark corpus.

membership infer

federate

Title: PGFed: Personalize Each Client's Global Objective for Federated Learning. (arXiv:2212.01448v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.01448
• Code URL: null
• Copy Paste: [[2212.01448] PGFed: Personalize Each Client's Global Objective for Federated Learning](http://arxiv.org/abs/2212.01448) #federate
• Summary:

  The mediocre performance of conventional federated learning (FL) over heterogeneous data has been facilitating personalized FL solutions, where, unlike conventional FL which trains a single global consensus model, different models are allowed for different clients. However, in most existing personalized FL algorithms, the collaborative knowledge across the federation was only implicitly passed to the clients in ways such as model aggregation or regularization. We observed that this implicit knowledge transfer fails to maximize the potential value of each client's empirical risk toward other clients. Based on our observation, in this work, we propose Personalized Global Federated Learning (PGFed), a novel personalized FL framework that enables each client to personalize its own global objective by explicitly and adaptively aggregating the empirical risks of itself and other clients. To avoid massive ($O(N^2)$) communication overhead and potential privacy leakage, each client's risk is estimated through a first-order approximation for other clients' adaptive risk aggregation. On top of PGFed, we develop a momentum upgrade, dubbed PGFedMo, to more efficiently utilize clients' empirical risks. Our extensive experiments under different federated settings with benchmark datasets show consistent improvements of PGFed over the compared state-of-the-art alternatives.

Title: Beyond ADMM: A Unified Client-variance-reduced Adaptive Federated Learning Framework. (arXiv:2212.01519v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.01519
• Code URL: null
• Copy Paste: [[2212.01519] Beyond ADMM: A Unified Client-variance-reduced Adaptive Federated Learning Framework](http://arxiv.org/abs/2212.01519) #federate
• Summary:

  As a novel distributed learning paradigm, federated learning (FL) faces serious challenges in dealing with massive clients with heterogeneous data distribution and computation and communication resources. Various client-variance-reduction schemes and client sampling strategies have been respectively introduced to improve the robustness of FL. Among others, primal-dual algorithms such as the alternating direction of method multipliers (ADMM) have been found being resilient to data distribution and outperform most of the primal-only FL algorithms. However, the reason behind remains a mystery still. In this paper, we firstly reveal the fact that the federated ADMM is essentially a client-variance-reduced algorithm. While this explains the inherent robustness of federated ADMM, the vanilla version of it lacks the ability to be adaptive to the degree of client heterogeneity. Besides, the global model at the server under client sampling is biased which slows down the practical convergence. To go beyond ADMM, we propose a novel primal-dual FL algorithm, termed FedVRA, that allows one to adaptively control the variance-reduction level and biasness of the global model. In addition, FedVRA unifies several representative FL algorithms in the sense that they are either special instances of FedVRA or are close to it. Extensions of FedVRA to semi/un-supervised learning are also presented. Experiments based on (semi-)supervised image classification tasks demonstrate superiority of FedVRA over the existing schemes in learning scenarios with massive heterogeneous clients and client sampling.

Title: GlueFL: Reconciling Client Sampling and Model Masking for Bandwidth Efficient Federated Learning. (arXiv:2212.01523v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.01523
• Code URL: null
• Copy Paste: [[2212.01523] GlueFL: Reconciling Client Sampling and Model Masking for Bandwidth Efficient Federated Learning](http://arxiv.org/abs/2212.01523) #federate
• Summary:

  Federated learning (FL) is an effective technique to directly involve edge devices in machine learning training while preserving client privacy. However, the substantial communication overhead of FL makes training challenging when edge devices have limited network bandwidth. Existing work to optimize FL bandwidth overlooks downstream transmission and does not account for FL client sampling.

In this paper we propose GlueFL, a framework that incorporates new client sampling and model compression algorithms to mitigate low download bandwidths of FL clients. GlueFL prioritizes recently used clients and bounds the number of changed positions in compression masks in each round. Across three popular FL datasets and three state-of-the-art strategies, GlueFL reduces downstream client bandwidth by 27% on average and reduces training time by 29% on average.

Title: FedKNOW: Federated Continual Learning with Signature Task Knowledge Integration at Edge. (arXiv:2212.01738v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.01738
• Code URL: null
• Copy Paste: [[2212.01738] FedKNOW: Federated Continual Learning with Signature Task Knowledge Integration at Edge](http://arxiv.org/abs/2212.01738) #federate
• Summary:

  Deep Neural Networks (DNNs) have been ubiquitously adopted in internet of things and are becoming an integral of our daily life. When tackling the evolving learning tasks in real world, such as classifying different types of objects, DNNs face the challenge to continually retrain themselves according to the tasks on different edge devices. Federated continual learning is a promising technique that offers partial solutions but yet to overcome the following difficulties: the significant accuracy loss due to the limited on-device processing, the negative knowledge transfer caused by the limited communication of non-IID data, and the limited scalability on the tasks and edge devices. In this paper, we propose FedKNOW, an accurate and scalable federated continual learning framework, via a novel concept of signature task knowledge. FedKNOW is a client side solution that continuously extracts and integrates the knowledge of signature tasks which are highly influenced by the current task. Each client of FedKNOW is composed of a knowledge extractor, a gradient restorer and, most importantly, a gradient integrator. Upon training for a new task, the gradient integrator ensures the prevention of catastrophic forgetting and mitigation of negative knowledge transfer by effectively combining signature tasks identified from the past local tasks and other clients' current tasks through the global model. We implement FedKNOW in PyTorch and extensively evaluate it against state-of-the-art techniques using popular federated continual learning benchmarks. Extensive evaluation results on heterogeneous edge devices show that FedKNOW improves model accuracy by 63.24% without increasing model training time, reduces communication cost by 34.28%, and achieves more improvements under difficult scenarios such as large numbers of tasks or clients, and training different complex networks.

fair

interpretability

Title: RLogist: Fast Observation Strategy on Whole-slide Images with Deep Reinforcement Learning. (arXiv:2212.01737v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.01737
• Code URL: https://github.com/tencent-ailab/rlogist
• Copy Paste: [[2212.01737] RLogist: Fast Observation Strategy on Whole-slide Images with Deep Reinforcement Learning](http://arxiv.org/abs/2212.01737) #interpretability
• Summary:

  Whole-slide images (WSI) in computational pathology have high resolution with gigapixel size, but are generally with sparse regions of interest, which leads to weak diagnostic relevance and data inefficiency for each area in the slide. Most of the existing methods rely on a multiple instance learning framework that requires densely sampling local patches at high magnification. The limitation is evident in the application stage as the heavy computation for extracting patch-level features is inevitable. In this paper, we develop RLogist, a benchmarking deep reinforcement learning (DRL) method for fast observation strategy on WSIs. Imitating the diagnostic logic of human pathologists, our RL agent learns how to find regions of observation value and obtain representative features across multiple resolution levels, without having to analyze each part of the WSI at the high magnification. We benchmark our method on two whole-slide level classification tasks, including detection of metastases in WSIs of lymph node sections, and subtyping of lung cancer. Experimental results demonstrate that RLogist achieves competitive classification performance compared to typical multiple instance learning algorithms, while having a significantly short observation path. In addition, the observation path given by RLogist provides good decision-making interpretability, and its ability of reading path navigation can potentially be used by pathologists for educational/assistive purposes. Our code is available at: \url{https://github.com/tencent-ailab/RLogist}.

Title: Intermediate Entity-based Sparse Interpretable Representation Learning. (arXiv:2212.01641v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2212.01641
• Code URL: https://github.com/diegoolano/itsirl
• Copy Paste: [[2212.01641] Intermediate Entity-based Sparse Interpretable Representation Learning](http://arxiv.org/abs/2212.01641) #interpretability
• Summary:

  Interpretable entity representations (IERs) are sparse embeddings that are "human-readable" in that dimensions correspond to fine-grained entity types and values are predicted probabilities that a given entity is of the corresponding type. These methods perform well in zero-shot and low supervision settings. Compared to standard dense neural embeddings, such interpretable representations may permit analysis and debugging. However, while fine-tuning sparse, interpretable representations improves accuracy on downstream tasks, it destroys the semantics of the dimensions which were enforced in pre-training. Can we maintain the interpretable semantics afforded by IERs while improving predictive performance on downstream tasks? Toward this end, we propose Intermediate enTity-based Sparse Interpretable Representation Learning (ItsIRL). ItsIRL realizes improved performance over prior IERs on biomedical tasks, while maintaining "interpretability" generally and their ability to support model debugging specifically. The latter is enabled in part by the ability to perform "counterfactual" fine-grained entity type manipulation, which we explore in this work. Finally, we propose a method to construct entity type based class prototypes for revealing global semantic properties of classes learned by our model.

explainability

watermark

diffusion

Title: Fast Point Cloud Generation with Straight Flows. (arXiv:2212.01747v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.01747
• Code URL: null
• Copy Paste: [[2212.01747] Fast Point Cloud Generation with Straight Flows](http://arxiv.org/abs/2212.01747) #diffusion
• Summary:

  Diffusion models have emerged as a powerful tool for point cloud generation. A key component that drives the impressive performance for generating high-quality samples from noise is iteratively denoise for thousands of steps. While beneficial, the complexity of learning steps has limited its applications to many 3D real-world. To address this limitation, we propose Point Straight Flow (PSF), a model that exhibits impressive performance using one step. Our idea is based on the reformulation of the standard diffusion model, which optimizes the curvy learning trajectory into a straight path. Further, we develop a distillation strategy to shorten the straight path into one step without a performance loss, enabling applications to 3D real-world with latency constraints. We perform evaluations on multiple 3D tasks and find that our PSF performs comparably to the standard diffusion model, outperforming other efficient 3D point cloud generation methods. On real-world applications such as point cloud completion and training-free text-guided generation in a low-latency setup, PSF performs favorably.

Title: Image Deblurring with Domain Generalizable Diffusion Models. (arXiv:2212.01789v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.01789
• Code URL: null
• Copy Paste: [[2212.01789] Image Deblurring with Domain Generalizable Diffusion Models](http://arxiv.org/abs/2212.01789) #diffusion
• Summary:

  Diffusion Probabilistic Models (DPMs) have recently been employed for image deblurring. DPMs are trained via a stochastic denoising process that maps Gaussian noise to the high-quality image, conditioned on the concatenated blurry input. Despite their high-quality generated samples, image-conditioned Diffusion Probabilistic Models (icDPM) rely on synthetic pairwise training data (in-domain), with potentially unclear robustness towards real-world unseen images (out-of-domain). In this work, we investigate the generalization ability of icDPMs in deblurring, and propose a simple but effective guidance to significantly alleviate artifacts, and improve the out-of-distribution performance. Particularly, we propose to first extract a multiscale domain-generalizable representation from the input image that removes domain-specific information while preserving the underlying image structure. The representation is then added into the feature maps of the conditional diffusion model as an extra guidance that helps improving the generalization. To benchmark, we focus on out-of-distribution performance by applying a single-dataset trained model to three external and diverse test sets. The effectiveness of the proposed formulation is demonstrated by improvements over the standard icDPM, as well as state-of-the-art performance on perceptual quality and competitive distortion metrics compared to existing methods.

Title: GraphGDP: Generative Diffusion Processes for Permutation Invariant Graph Generation. (arXiv:2212.01842v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.01842
• Code URL: https://github.com/graph-0/graphgdp
• Copy Paste: [[2212.01842] GraphGDP: Generative Diffusion Processes for Permutation Invariant Graph Generation](http://arxiv.org/abs/2212.01842) #diffusion
• Summary:

  Graph generative models have broad applications in biology, chemistry and social science. However, modelling and understanding the generative process of graphs is challenging due to the discrete and high-dimensional nature of graphs, as well as permutation invariance to node orderings in underlying graph distributions. Current leading autoregressive models fail to capture the permutation invariance nature of graphs for the reliance on generation ordering and have high time complexity. Here, we propose a continuous-time generative diffusion process for permutation invariant graph generation to mitigate these issues. Specifically, we first construct a forward diffusion process defined by a stochastic differential equation (SDE), which smoothly converts graphs within the complex distribution to random graphs that follow a known edge probability. Solving the corresponding reverse-time SDE, graphs can be generated from newly sampled random graphs. To facilitate the reverse-time SDE, we newly design a position-enhanced graph score network, capturing the evolving structure and position information from perturbed graphs for permutation equivariant score estimation. Under the evaluation of comprehensive metrics, our proposed generative diffusion process achieves competitive performance in graph distribution learning. Experimental results also show that GraphGDP can generate high-quality graphs in only 24 function evaluations, much faster than previous autoregressive models.