secure

security

Title: A New Deep Boosted CNN and Ensemble Learning based IoT Malware Detection. (arXiv:2212.08008v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.08008
• Code URL: null
• Copy Paste: [[2212.08008] A New Deep Boosted CNN and Ensemble Learning based IoT Malware Detection](http://arxiv.org/abs/2212.08008) #security
• Summary:

  Security issues are threatened in various types of networks, especially in the Internet of Things (IoT) environment that requires early detection. IoT is the network of real-time devices like home automation systems and can be controlled by open-source android devices, which can be an open ground for attackers. Attackers can access the network, initiate a different kind of security breach, and compromises network control. Therefore, timely detecting the increasing number of sophisticated malware attacks is the challenge to ensure the credibility of network protection. In this regard, we have developed a new malware detection framework, Deep Squeezed-Boosted and Ensemble Learning (DSBEL), comprised of novel Squeezed-Boosted Boundary-Region Split-Transform-Merge (SB-BR-STM) CNN and ensemble learning. The proposed S.T.M. block employs multi-path dilated convolutional, Boundary, and regional operations to capture the homogenous and heterogeneous global malicious patterns. Moreover, diverse feature maps are achieved using transfer learning and multi-path-based squeezing and boosting at initial and final levels to learn minute pattern variations. Finally, the boosted discriminative features are extracted from the developed deep SB-BR-STM CNN and provided to the ensemble classifiers (SVM, M.L.P., and AdaboostM1) to improve the hybrid learning generalization. The performance analysis of the proposed DSBEL framework and SB-BR-STM CNN against the existing techniques have been evaluated by the IOT_Malware dataset on standard performance measures. Evaluation results show progressive performance as 98.50% accuracy, 97.12% F1-Score, 91.91% MCC, 95.97 % Recall, and 98.42 % Precision. The proposed malware analysis framework is helpful for the timely detection of malicious activity and suggests future strategies.

Title: DOC-NAD: A Hybrid Deep One-class Classifier for Network Anomaly Detection. (arXiv:2212.07558v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2212.07558
• Code URL: null
• Copy Paste: [[2212.07558] DOC-NAD: A Hybrid Deep One-class Classifier for Network Anomaly Detection](http://arxiv.org/abs/2212.07558) #security
• Summary:

  Machine Learning (ML) approaches have been used to enhance the detection capabilities of Network Intrusion Detection Systems (NIDSs). Recent work has achieved near-perfect performance by following binary- and multi-class network anomaly detection tasks. Such systems depend on the availability of both (benign and malicious) network data classes during the training phase. However, attack data samples are often challenging to collect in most organisations due to security controls preventing the penetration of known malicious traffic to their networks. Therefore, this paper proposes a Deep One-Class (DOC) classifier for network intrusion detection by only training on benign network data samples. The novel one-class classification architecture consists of a histogram-based deep feed-forward classifier to extract useful network data features and use efficient outlier detection. The DOC classifier has been extensively evaluated using two benchmark NIDS datasets. The results demonstrate its superiority over current state-of-the-art one-class classifiers in terms of detection and false positive rates.

Title: On (the Lack of) Code Confidentiality in Trusted Execution Environments. (arXiv:2212.07899v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2212.07899
• Code URL: null
• Copy Paste: [[2212.07899] On (the Lack of) Code Confidentiality in Trusted Execution Environments](http://arxiv.org/abs/2212.07899) #security
• Summary:

  Trusted Execution Environments (TEEs) have been proposed as a solution to protect code confidentiality in scenarios where computation is outsourced to an untrusted operator. We study the resilience of such solutions to side-channel attacks in two commonly deployed scenarios: when a confidential code is a native binary that is shipped and executed within a TEE and when the confidential code is an intermediate representation (IR) executed on top of a runtime within a TEE. We show that executing IR code such as WASM bytecode on a runtime executing in a TEE leaks most IR instructions with high accuracy and therefore reveals the confidential code. Contrary to IR execution, native execution is much less susceptible to leakage and largely resists even the most powerful side-channel attacks. We evaluate native execution leakage in Intel SGX and AMD SEV and experimentally demonstrate end-to-end instruction extraction on Intel SGX, with WASM bytecode as IR executed within WAMR, a hybrid between a JIT compiler and interpreter developed by Intel. Our experiments show that IR code leakage from such systems is practical and therefore question the security claims of several commercial solutions which rely on TEEs+WASM for code confidentiality.

privacy

Title: Co-Learning with Pre-Trained Networks Improves Source-Free Domain Adaptation. (arXiv:2212.07585v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.07585
• Code URL: null
• Copy Paste: [[2212.07585] Co-Learning with Pre-Trained Networks Improves Source-Free Domain Adaptation](http://arxiv.org/abs/2212.07585) #privacy
• Summary:

  Source-free domain adaptation aims to adapt a source model trained on fully-labeled source domain data to a target domain with unlabeled target domain data. Source data is assumed inaccessible due to proprietary or privacy reasons. Existing works use the source model to pseudolabel target data, but the pseudolabels are unreliable due to data distribution shift between source and target domain. In this work, we propose to leverage an ImageNet pre-trained feature extractor in a new co-learning framework to improve target pseudolabel quality for finetuning the source model. Benefits of the ImageNet feature extractor include that it is not source-biased and it provides an alternate view of features and classification decisions different from the source model. Such pre-trained feature extractors are also publicly available, which allows us to readily leverage modern network architectures that have strong representation learning ability. After co-learning, we sharpen predictions of non-pseudolabeled samples by entropy minimization. Evaluation on 3 benchmark datasets show that our proposed method can outperform existing source-free domain adaptation methods, as well as unsupervised domain adaptation methods which assume joint access to source and target data.

Title: Tensions Between the Proxies of Human Values in AI. (arXiv:2212.07508v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.07508
• Code URL: null
• Copy Paste: [[2212.07508] Tensions Between the Proxies of Human Values in AI](http://arxiv.org/abs/2212.07508) #privacy
• Summary:

  Motivated by mitigating potentially harmful impacts of technologies, the AI community has formulated and accepted mathematical definitions for certain pillars of accountability: e.g. privacy, fairness, and model transparency. Yet, we argue this is fundamentally misguided because these definitions are imperfect, siloed constructions of the human values they hope to proxy, while giving the guise that those values are sufficiently embedded in our technologies. Under popularized methods, tensions arise when practitioners attempt to achieve each pillar of fairness, privacy, and transparency in isolation or simultaneously. In this position paper, we push for redirection. We argue that the AI community needs to consider all the consequences of choosing certain formulations of these pillars -- not just the technical incompatibilities, but also the effects within the context of deployment. We point towards sociotechnical research for frameworks for the latter, but push for broader efforts into implementing these in practice.

protect

Title: The Data Protection Officer, an ubiquitous role nobody really knows. (arXiv:2212.07712v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2212.07712
• Code URL: null
• Copy Paste: [[2212.07712] The Data Protection Officer, an ubiquitous role nobody really knows](http://arxiv.org/abs/2212.07712) #protect
• Summary:

  Among all cybersecurity and privacy workers, the Data Protection Officer (DPO) stands between those auditing a company's compliance and those acting as management advisors. A person that must be somehow versed in legal, management, and cybersecurity technical skills. We describe how this role tackles socio-technical risks in everyday scenarios.

Title: Counterfactual Explanations for Support Vector Machine Models. (arXiv:2212.07432v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.07432
• Code URL: null
• Copy Paste: [[2212.07432] Counterfactual Explanations for Support Vector Machine Models](http://arxiv.org/abs/2212.07432) #protect
• Summary:

  We tackle the problem of computing counterfactual explanations -- minimal changes to the features that flip an undesirable model prediction. We propose a solution to this question for linear Support Vector Machine (SVMs) models. Moreover, we introduce a way to account for weighted actions that allow for more changes in certain features than others. In particular, we show how to find counterfactual explanations with the purpose of increasing model interpretability. These explanations are valid, change only actionable features, are close to the data distribution, sparse, and take into account correlations between features. We cast this as a mixed integer programming optimization problem. Additionally, we introduce two novel scale-invariant cost functions for assessing the quality of counterfactual explanations and use them to evaluate the quality of our approach with a real medical dataset. Finally, we build a support vector machine model to predict whether law students will pass the Bar exam using protected features, and used our algorithms to uncover the inherent biases of the SVM.

defense

Title: Dissecting Distribution Inference. (arXiv:2212.07591v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.07591
• Code URL: https://github.com/iamgroot42/dissecting_distribution_inference
• Copy Paste: [[2212.07591] Dissecting Distribution Inference](http://arxiv.org/abs/2212.07591) #defense
• Summary:

  A distribution inference attack aims to infer statistical properties of data used to train machine learning models. These attacks are sometimes surprisingly potent, but the factors that impact distribution inference risk are not well understood and demonstrated attacks often rely on strong and unrealistic assumptions such as full knowledge of training environments even in supposedly black-box threat scenarios. To improve understanding of distribution inference risks, we develop a new black-box attack that even outperforms the best known white-box attack in most settings. Using this new attack, we evaluate distribution inference risk while relaxing a variety of assumptions about the adversary's knowledge under black-box access, like known model architectures and label-only access. Finally, we evaluate the effectiveness of previously proposed defenses and introduce new defenses. We find that although noise-based defenses appear to be ineffective, a simple re-sampling defense can be highly effective. Code is available at https://github.com/iamgroot42/dissecting_distribution_inference

attack

Title: SAIF: Sparse Adversarial and Interpretable Attack Framework. (arXiv:2212.07495v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.07495
• Code URL: null
• Copy Paste: [[2212.07495] SAIF: Sparse Adversarial and Interpretable Attack Framework](http://arxiv.org/abs/2212.07495) #attack
• Summary:

  Adversarial attacks hamper the decision-making ability of neural networks by perturbing the input signal. The addition of calculated small distortion to images, for instance, can deceive a well-trained image classification network. In this work, we propose a novel attack technique called Sparse Adversarial and Interpretable Attack Framework (SAIF). Specifically, we design imperceptible attacks that contain low-magnitude perturbations at a small number of pixels and leverage these sparse attacks to reveal the vulnerability of classifiers. We use the Frank-Wolfe (conditional gradient) algorithm to simultaneously optimize the attack perturbations for bounded magnitude and sparsity with $O(1/\sqrt{T})$ convergence. Empirical results show that SAIF computes highly imperceptible and interpretable adversarial examples, and outperforms state-of-the-art sparse attack methods on the ImageNet dataset.

Title: AirfRANS: High Fidelity Computational Fluid Dynamics Dataset for Approximating Reynolds-Averaged Navier-Stokes Solutions. (arXiv:2212.07564v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.07564
• Code URL: null
• Copy Paste: [[2212.07564] AirfRANS: High Fidelity Computational Fluid Dynamics Dataset for Approximating Reynolds-Averaged Navier-Stokes Solutions](http://arxiv.org/abs/2212.07564) #attack
• Summary:

  Surrogate models are necessary to optimize meaningful quantities in physical dynamics as their recursive numerical resolutions are often prohibitively expensive. It is mainly the case for fluid dynamics and the resolution of Navier-Stokes equations. However, despite the fast-growing field of data-driven models for physical systems, reference datasets representing real-world phenomena are lacking. In this work, we develop AirfRANS, a dataset for studying the two-dimensional incompressible steady-state Reynolds-Averaged Navier-Stokes equations over airfoils at a subsonic regime and for different angles of attacks. We also introduce metrics on the stress forces at the surface of geometries and visualization of boundary layers to assess the capabilities of models to accurately predict the meaningful information of the problem. Finally, we propose deep learning baselines on four machine learning tasks to study AirfRANS under different constraints for generalization considerations: big and scarce data regime, Reynolds number, and angle of attack extrapolation.

Title: Evaluation of direct attacks to fingerprint verification systems. (arXiv:2212.07575v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.07575
• Code URL: null
• Copy Paste: [[2212.07575] Evaluation of direct attacks to fingerprint verification systems](http://arxiv.org/abs/2212.07575) #attack
• Summary:

  The vulnerabilities of fingerprint-based recognition systems to direct attacks with and without the cooperation of the user are studied. Two different systems, one minutiae-based and one ridge feature-based, are evaluated on a database of real and fake fingerprints. Based on the fingerprint images quality and on the results achieved on different operational scenarios, we obtain a number of statistically significant observations regarding the robustness of the systems.

Title: Alternating Objectives Generates Stronger PGD-Based Adversarial Attacks. (arXiv:2212.07992v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.07992
• Code URL: null
• Copy Paste: [[2212.07992] Alternating Objectives Generates Stronger PGD-Based Adversarial Attacks](http://arxiv.org/abs/2212.07992) #attack
• Summary:

  Designing powerful adversarial attacks is of paramount importance for the evaluation of $\ell_p$-bounded adversarial defenses. Projected Gradient Descent (PGD) is one of the most effective and conceptually simple algorithms to generate such adversaries. The search space of PGD is dictated by the steepest ascent directions of an objective. Despite the plethora of objective function choices, there is no universally superior option and robustness overestimation may arise from ill-suited objective selection. Driven by this observation, we postulate that the combination of different objectives through a simple loss alternating scheme renders PGD more robust towards design choices. We experimentally verify this assertion on a synthetic-data example and by evaluating our proposed method across 25 different $\ell_{\infty}$-robust models and 3 datasets. The performance improvement is consistent, when compared to the single loss counterparts. In the CIFAR-10 dataset, our strongest adversarial attack outperforms all of the white-box components of AutoAttack (AA) ensemble, as well as the most powerful attacks existing on the literature, achieving state-of-the-art results in the computational budget of our study ($T=100$, no restarts).

robust

Title: Solve the Puzzle of Instance Segmentation in Videos: A Weakly Supervised Framework with Spatio-Temporal Collaboration. (arXiv:2212.07592v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.07592
• Code URL: null
• Copy Paste: [[2212.07592] Solve the Puzzle of Instance Segmentation in Videos: A Weakly Supervised Framework with Spatio-Temporal Collaboration](http://arxiv.org/abs/2212.07592) #robust
• Summary:

  Instance segmentation in videos, which aims to segment and track multiple objects in video frames, has garnered a flurry of research attention in recent years. In this paper, we present a novel weakly supervised framework with \textbf{S}patio-\textbf{T}emporal \textbf{C}ollaboration for instance \textbf{Seg}mentation in videos, namely \textbf{STC-Seg}. Concretely, STC-Seg demonstrates four contributions. First, we leverage the complementary representations from unsupervised depth estimation and optical flow to produce effective pseudo-labels for training deep networks and predicting high-quality instance masks. Second, to enhance the mask generation, we devise a puzzle loss, which enables end-to-end training using box-level annotations. Third, our tracking module jointly utilizes bounding-box diagonal points with spatio-temporal discrepancy to model movements, which largely improves the robustness to different object appearances. Finally, our framework is flexible and enables image-level instance segmentation methods to operate the video-level task. We conduct an extensive set of experiments on the KITTI MOTS and YT-VIS datasets. Experimental results demonstrate that our method achieves strong performance and even outperforms fully supervised TrackR-CNN and MaskTrack R-CNN. We believe that STC-Seg can be a valuable addition to the community, as it reflects the tip of an iceberg about the innovative opportunities in the weakly supervised paradigm for instance segmentation in videos.

Title: Event-based Visual Tracking in Dynamic Environments. (arXiv:2212.07754v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.07754
• Code URL: null
• Copy Paste: [[2212.07754] Event-based Visual Tracking in Dynamic Environments](http://arxiv.org/abs/2212.07754) #robust
• Summary:

  Visual object tracking under challenging conditions of motion and light can be hindered by the capabilities of conventional cameras, prone to producing images with motion blur. Event cameras are novel sensors suited to robustly perform vision tasks under these conditions. However, due to the nature of their output, applying them to object detection and tracking is non-trivial. In this work, we propose a framework to take advantage of both event cameras and off-the-shelf deep learning for object tracking. We show that reconstructing event data into intensity frames improves the tracking performance in conditions under which conventional cameras fail to provide acceptable results.

Title: DeepLSD: Line Segment Detection and Refinement with Deep Image Gradients. (arXiv:2212.07766v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.07766
• Code URL: null
• Copy Paste: [[2212.07766] DeepLSD: Line Segment Detection and Refinement with Deep Image Gradients](http://arxiv.org/abs/2212.07766) #robust
• Summary:

  Line segments are ubiquitous in our human-made world and are increasingly used in vision tasks. They are complementary to feature points thanks to their spatial extent and the structural information they provide. Traditional line detectors based on the image gradient are extremely fast and accurate, but lack robustness in noisy images and challenging conditions. Their learned counterparts are more repeatable and can handle challenging images, but at the cost of a lower accuracy and a bias towards wireframe lines. We propose to combine traditional and learned approaches to get the best of both worlds: an accurate and robust line detector that can be trained in the wild without ground truth lines. Our new line segment detector, DeepLSD, processes images with a deep network to generate a line attraction field, before converting it to a surrogate image gradient magnitude and angle, which is then fed to any existing handcrafted line detector. Additionally, we propose a new optimization tool to refine line segments based on the attraction field and vanishing points. This refinement improves the accuracy of current deep detectors by a large margin. We demonstrate the performance of our method on low-level line detection metrics, as well as on several downstream tasks using multiple challenging datasets. The source code and models are available at https://github.com/cvg/DeepLSD.

Title: Adversarially Robust Video Perception by Seeing Motion. (arXiv:2212.07815v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.07815
• Code URL: null
• Copy Paste: [[2212.07815] Adversarially Robust Video Perception by Seeing Motion](http://arxiv.org/abs/2212.07815) #robust
• Summary:

  Despite their excellent performance, state-of-the-art computer vision models often fail when they encounter adversarial examples. Video perception models tend to be more fragile under attacks, because the adversary has more places to manipulate in high-dimensional data. In this paper, we find one reason for video models' vulnerability is that they fail to perceive the correct motion under adversarial perturbations. Inspired by the extensive evidence that motion is a key factor for the human visual system, we propose to correct what the model sees by restoring the perceived motion information. Since motion information is an intrinsic structure of the video data, recovering motion signals can be done at inference time without any human annotation, which allows the model to adapt to unforeseen, worst-case inputs. Visualizations and empirical experiments on UCF-101 and HMDB-51 datasets show that restoring motion information in deep vision models improves adversarial robustness. Even under adaptive attacks where the adversary knows our defense, our algorithm is still effective. Our work provides new insight into robust video perception algorithms by using intrinsic structures from the data. Our webpage is available at https://motion4robust.cs.columbia.edu.

Title: DETR4D: Direct Multi-View 3D Object Detection with Sparse Attention. (arXiv:2212.07849v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.07849
• Code URL: null
• Copy Paste: [[2212.07849] DETR4D: Direct Multi-View 3D Object Detection with Sparse Attention](http://arxiv.org/abs/2212.07849) #robust
• Summary:

  3D object detection with surround-view images is an essential task for autonomous driving. In this work, we propose DETR4D, a Transformer-based framework that explores sparse attention and direct feature query for 3D object detection in multi-view images. We design a novel projective cross-attention mechanism for query-image interaction to address the limitations of existing methods in terms of geometric cue exploitation and information loss for cross-view objects. In addition, we introduce a heatmap generation technique that bridges 3D and 2D spaces efficiently via query initialization. Furthermore, unlike the common practice of fusing intermediate spatial features for temporal aggregation, we provide a new perspective by introducing a novel hybrid approach that performs cross-frame fusion over past object queries and image features, enabling efficient and robust modeling of temporal information. Extensive experiments on the nuScenes dataset demonstrate the effectiveness and efficiency of the proposed DETR4D.

Title: The Effects of Character-Level Data Augmentation on Style-Based Dating of Historical Manuscripts. (arXiv:2212.07923v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.07923
• Code URL: null
• Copy Paste: [[2212.07923] The Effects of Character-Level Data Augmentation on Style-Based Dating of Historical Manuscripts](http://arxiv.org/abs/2212.07923) #robust
• Summary:

  Identifying the production dates of historical manuscripts is one of the main goals for paleographers when studying ancient documents. Automatized methods can provide paleographers with objective tools to estimate dates more accurately. Previously, statistical features have been used to date digitized historical manuscripts based on the hypothesis that handwriting styles change over periods. However, the sparse availability of such documents poses a challenge in obtaining robust systems. Hence, the research of this article explores the influence of data augmentation on the dating of historical manuscripts. Linear Support Vector Machines were trained with k-fold cross-validation on textural and grapheme-based features extracted from historical manuscripts of different collections, including the Medieval Paleographical Scale, early Aramaic manuscripts, and the Dead Sea Scrolls. Results show that training models with augmented data improve the performance of historical manuscripts dating by 1% - 3% in cumulative scores. Additionally, this indicates further enhancement possibilities by considering models specific to the features and the documents' scripts.

Title: Are Multimodal Models Robust to Image and Text Perturbations?. (arXiv:2212.08044v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.08044
• Code URL: null
• Copy Paste: [[2212.08044] Are Multimodal Models Robust to Image and Text Perturbations?](http://arxiv.org/abs/2212.08044) #robust
• Summary:

  Multimodal image-text models have shown remarkable performance in the past few years. However, evaluating their robustness against distribution shifts is crucial before adopting them in real-world applications. In this paper, we investigate the robustness of 9 popular open-sourced image-text models under common perturbations on five tasks (image-text retrieval, visual reasoning, visual entailment, image captioning, and text-to-image generation). In particular, we propose several new multimodal robustness benchmarks by applying 17 image perturbation and 16 text perturbation techniques on top of existing datasets. We observe that multimodal models are not robust to image and text perturbations, especially to image perturbations. Among the tested perturbation methods, character-level perturbations constitute the most severe distribution shift for text, and zoom blur is the most severe shift for image data. We also introduce two new robustness metrics (MMI and MOR) for proper evaluations of multimodal models. We hope our extensive study sheds light on new directions for the development of robust multimodal models.

Title: Objaverse: A Universe of Annotated 3D Objects. (arXiv:2212.08051v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.08051
• Code URL: null
• Copy Paste: [[2212.08051] Objaverse: A Universe of Annotated 3D Objects](http://arxiv.org/abs/2212.08051) #robust
• Summary:

  Massive data corpora like WebText, Wikipedia, Conceptual Captions, WebImageText, and LAION have propelled recent dramatic progress in AI. Large neural models trained on such datasets produce impressive results and top many of today's benchmarks. A notable omission within this family of large-scale datasets is 3D data. Despite considerable interest and potential applications in 3D vision, datasets of high-fidelity 3D models continue to be mid-sized with limited diversity of object categories. Addressing this gap, we present Objaverse 1.0, a large dataset of objects with 800K+ (and growing) 3D models with descriptive captions, tags, and animations. Objaverse improves upon present day 3D repositories in terms of scale, number of categories, and in the visual diversity of instances within a category. We demonstrate the large potential of Objaverse via four diverse applications: training generative 3D models, improving tail category segmentation on the LVIS benchmark, training open-vocabulary object-navigation models for Embodied AI, and creating a new benchmark for robustness analysis of vision models. Objaverse can open new directions for research and enable new applications across the field of AI.

Title: NeRF-Art: Text-Driven Neural Radiance Fields Stylization. (arXiv:2212.08070v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.08070
• Code URL: https://github.com/cassiePython/NeRF-Art
• Copy Paste: [[2212.08070] NeRF-Art: Text-Driven Neural Radiance Fields Stylization](http://arxiv.org/abs/2212.08070) #robust
• Summary:

  As a powerful representation of 3D scenes, the neural radiance field (NeRF) enables high-quality novel view synthesis from multi-view images. Stylizing NeRF, however, remains challenging, especially on simulating a text-guided style with both the appearance and the geometry altered simultaneously. In this paper, we present NeRF-Art, a text-guided NeRF stylization approach that manipulates the style of a pre-trained NeRF model with a simple text prompt. Unlike previous approaches that either lack sufficient geometry deformations and texture details or require meshes to guide the stylization, our method can shift a 3D scene to the target style characterized by desired geometry and appearance variations without any mesh guidance. This is achieved by introducing a novel global-local contrastive learning strategy, combined with the directional constraint to simultaneously control both the trajectory and the strength of the target style. Moreover, we adopt a weight regularization method to effectively suppress cloudy artifacts and geometry noises which arise easily when the density field is transformed during geometry stylization. Through extensive experiments on various styles, we demonstrate that our method is effective and robust regarding both single-view stylization quality and cross-view consistency. The code and more results can be found in our project page: https://cassiepython.github.io/nerfart/.

Title: Robust and Explainable Identification of Logical Fallacies in Natural Language Arguments. (arXiv:2212.07425v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2212.07425
• Code URL: null
• Copy Paste: [[2212.07425] Robust and Explainable Identification of Logical Fallacies in Natural Language Arguments](http://arxiv.org/abs/2212.07425) #robust
• Summary:

  The spread of misinformation, propaganda, and flawed argumentation has been amplified in the Internet era. Given the volume of data and the subtlety of identifying violations of argumentation norms, supporting information analytics tasks, like content moderation, with trustworthy methods that can identify logical fallacies is essential. In this paper, we formalize prior theoretical work on logical fallacies into a comprehensive three-stage evaluation framework of detection, coarse-grained, and fine-grained classification. We adapt existing evaluation datasets for each stage of the evaluation. We devise three families of robust and explainable methods based on prototype reasoning, instance-based reasoning, and knowledge injection. The methods are designed to combine language models with background knowledge and explainable mechanisms. Moreover, we address data sparsity with strategies for data augmentation and curriculum learning. Our three-stage framework natively consolidates prior datasets and methods from existing tasks, like propaganda detection, serving as an overarching evaluation testbed. We extensively evaluate these methods on our datasets, focusing on their robustness and explainability. Our results provide insight into the strengths and weaknesses of the methods on different components and fallacy classes, indicating that fallacy identification is a challenging task that may require specialized forms of reasoning to capture various classes. We share our open-source code and data on GitHub to support further work on logical fallacy identification.

Title: Utilizing Background Knowledge for Robust Reasoning over Traffic Situations. (arXiv:2212.07798v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2212.07798
• Code URL: null
• Copy Paste: [[2212.07798] Utilizing Background Knowledge for Robust Reasoning over Traffic Situations](http://arxiv.org/abs/2212.07798) #robust
• Summary:

  Understanding novel situations in the traffic domain requires an intricate combination of domain-specific and causal commonsense knowledge. Prior work has provided sufficient perception-based modalities for traffic monitoring, in this paper, we focus on a complementary research aspect of Intelligent Transportation: traffic understanding. We scope our study to text-based methods and datasets given the abundant commonsense knowledge that can be extracted using language models from large corpus and knowledge graphs. We adopt three knowledge-driven approaches for zero-shot QA over traffic situations, based on prior natural language inference methods, commonsense models with knowledge graph self-supervision, and dense retriever-based models. We constructed two text-based multiple-choice question answering sets: BDD-QA for evaluating causal reasoning in the traffic domain and HDT-QA for measuring the possession of domain knowledge akin to human driving license tests. Among the methods, Unified-QA reaches the best performance on the BDD-QA dataset with the adaptation of multiple formats of question answers. Language models trained with inference information and commonsense knowledge are also good at predicting the cause and effect in the traffic domain but perform badly at answering human-driving QA sets. For such sets, DPR+Unified-QA performs the best due to its efficient knowledge extraction.

Title: Revisiting the Gold Standard: Grounding Summarization Evaluation with Robust Human Evaluation. (arXiv:2212.07981v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2212.07981
• Code URL: https://github.com/yale-lily/rose
• Copy Paste: [[2212.07981] Revisiting the Gold Standard: Grounding Summarization Evaluation with Robust Human Evaluation](http://arxiv.org/abs/2212.07981) #robust
• Summary:

  Human evaluation is the foundation upon which the evaluation of both summarization systems and automatic metrics rests. However, existing human evaluation protocols and benchmarks for summarization either exhibit low inter-annotator agreement or lack the scale needed to draw statistically significant conclusions, and an in-depth analysis of human evaluation is lacking. In this work, we address the shortcomings of existing summarization evaluation along the following axes: 1) We propose a modified summarization salience protocol, Atomic Content Units (ACUs), which relies on fine-grained semantic units and allows for high inter-annotator agreement. 2) We curate the Robust Summarization Evaluation (RoSE) benchmark, a large human evaluation dataset consisting of over 22k summary-level annotations over state-of-the-art systems on three datasets. 3) We compare our ACU protocol with three other human evaluation protocols, underscoring potential confounding factors in evaluation setups. 4) We evaluate existing automatic metrics using the collected human annotations across evaluation protocols and demonstrate how our benchmark leads to more statistically stable and significant results. Furthermore, our findings have important implications for evaluating large language models (LLMs), as we show that LLMs adjusted by human feedback (e.g., GPT-3.5) may overfit unconstrained human evaluation, which is affected by the annotators' prior, input-agnostic preferences, calling for more robust, targeted evaluation methods.

Title: Multi-VALUE: A Framework for Cross-Dialectal English NLP. (arXiv:2212.08011v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2212.08011
• Code URL: null
• Copy Paste: [[2212.08011] Multi-VALUE: A Framework for Cross-Dialectal English NLP](http://arxiv.org/abs/2212.08011) #robust
• Summary:

  Dialect differences caused by regional, social, and economic barriers cause performance discrepancies for many groups of users of language technology. Fair, inclusive, and equitable language technology must critically be dialect invariant, meaning that performance remains constant over dialectal shifts. Current English systems often fall significantly short of this ideal since they are designed and tested on a single dialect: Standard American English. We introduce Multi-VALUE -- a suite of resources for evaluating and achieving English dialect invariance. We build a controllable rule-based translation system spanning 50 English dialects and a total of 189 unique linguistic features. Our translation maps Standard American English text to synthetic form of each dialect, which uses an upper-bound on the natural density of features in that dialect. First, we use this system to build stress tests for question answering, machine translation, and semantic parsing tasks. Stress tests reveal significant performance disparities for leading models on non-standard dialects. Second, we use this system as a data augmentation technique to improve the dialect robustness of existing systems. Finally, we partner with native speakers of Chicano and Indian English to release new gold-standard variants of the popular CoQA task.

Title: Hamming Distributions of Popular Perceptual Hashing Techniques. (arXiv:2212.08035v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2212.08035
• Code URL: null
• Copy Paste: [[2212.08035] Hamming Distributions of Popular Perceptual Hashing Techniques](http://arxiv.org/abs/2212.08035) #robust
• Summary:

  Content-based file matching has been widely deployed for decades, largely for the detection of sources of copyright infringement, extremist materials, and abusive sexual media. Perceptual hashes, such as Microsoft's PhotoDNA, are one automated mechanism for facilitating detection, allowing for machines to approximately match visual features of an image or video in a robust manner. However, there does not appear to be much public evaluation of such approaches, particularly when it comes to how effective they are against content-preserving modifications to media files. In this paper, we present a million-image scale evaluation of several perceptual hashing archetypes for popular algorithms (including Facebook's PDQ, Apple's Neuralhash, and the popular pHash library) against seven image variants. The focal point is the distribution of Hamming distance scores between both unrelated images and image variants to better understand the problems faced by each approach.

Title: Scaling Marginalized Importance Sampling to High-Dimensional State-Spaces via State Abstraction. (arXiv:2212.07486v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.07486
• Code URL: null
• Copy Paste: [[2212.07486] Scaling Marginalized Importance Sampling to High-Dimensional State-Spaces via State Abstraction](http://arxiv.org/abs/2212.07486) #robust
• Summary:

  We consider the problem of off-policy evaluation (OPE) in reinforcement learning (RL), where the goal is to estimate the performance of an evaluation policy, $\pi_e$, using a fixed dataset, $\mathcal{D}$, collected by one or more policies that may be different from $\pi_e$. Current OPE algorithms may produce poor OPE estimates under policy distribution shift i.e., when the probability of a particular state-action pair occurring under $\pi_e$ is very different from the probability of that same pair occurring in $\mathcal{D}$ (Voloshin et al. 2021, Fu et al. 2021). In this work, we propose to improve the accuracy of OPE estimators by projecting the high-dimensional state-space into a low-dimensional state-space using concepts from the state abstraction literature. Specifically, we consider marginalized importance sampling (MIS) OPE algorithms which compute state-action distribution correction ratios to produce their OPE estimate. In the original ground state-space, these ratios may have high variance which may lead to high variance OPE. However, we prove that in the lower-dimensional abstract state-space the ratios can have lower variance resulting in lower variance OPE. We then highlight the challenges that arise when estimating the abstract ratios from data, identify sufficient conditions to overcome these issues, and present a minimax optimization problem whose solution yields these abstract ratios. Finally, our empirical evaluation on difficult, high-dimensional state-space OPE tasks shows that the abstract ratios can make MIS OPE estimators achieve lower mean-squared error and more robust to hyperparameter tuning than the ground ratios.

Title: Robust Policy Optimization in Deep Reinforcement Learning. (arXiv:2212.07536v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.07536
• Code URL: null
• Copy Paste: [[2212.07536] Robust Policy Optimization in Deep Reinforcement Learning](http://arxiv.org/abs/2212.07536) #robust
• Summary:

  The policy gradient method enjoys the simplicity of the objective where the agent optimizes the cumulative reward directly. Moreover, in the continuous action domain, parameterized distribution of action distribution allows easy control of exploration, resulting from the variance of the representing distribution. Entropy can play an essential role in policy optimization by selecting the stochastic policy, which eventually helps better explore the environment in reinforcement learning (RL). However, the stochasticity often reduces as the training progresses; thus, the policy becomes less exploratory. Additionally, certain parametric distributions might only work for some environments and require extensive hyperparameter tuning. This paper aims to mitigate these issues. In particular, we propose an algorithm called Robust Policy Optimization (RPO), which leverages a perturbed distribution. We hypothesize that our method encourages high-entropy actions and provides a way to represent the action space better. We further provide empirical evidence to verify our hypothesis. We evaluated our methods on various continuous control tasks from DeepMind Control, OpenAI Gym, Pybullet, and IsaacGym. We observed that in many settings, RPO increases the policy entropy early in training and then maintains a certain level of entropy throughout the training period. Eventually, our agent RPO shows consistently improved performance compared to PPO and other techniques: entropy regularization, different distributions, and data augmentation. Furthermore, in several settings, our method stays robust in performance, while other baseline mechanisms fail to improve and even worsen the performance.

Title: Robustness Evaluation of Regression Tasks with Skewed Domain Preferences. (arXiv:2212.07562v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.07562
• Code URL: null
• Copy Paste: [[2212.07562] Robustness Evaluation of Regression Tasks with Skewed Domain Preferences](http://arxiv.org/abs/2212.07562) #robust
• Summary:

  In natural phenomena, data distributions often deviate from normality. One can think of cataclysms as a self-explanatory example: events that occur almost never, and at the same time are many standard deviations away from the common outcome. In many scientific contexts it is exactly these tail events that researchers are most interested in anticipating, so that adequate measures can be taken to prevent or attenuate a major impact on society. Despite such efforts, we have yet to provide definite answers to crucial issues in evaluating predictive solutions in domains such as weather, pollution, health. In this paper, we deal with two encapsulated problems simultaneously. First, assessing the performance of regression models when non-uniform preferences apply - not all values are equally relevant concerning the accuracy of their prediction, and there's a particular interest in the most extreme values. Second, assessing the robustness of models when dealing with uncertainty regarding the actual underlying distribution of values relevant for such problems. We show how different levels of relevance associated with target values may impact experimental conclusions, and demonstrate the practical utility of the proposed methods.

Title: Physics-Informed Neural Networks for Material Model Calibration from Full-Field Displacement Data. (arXiv:2212.07723v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.07723
• Code URL: null
• Copy Paste: [[2212.07723] Physics-Informed Neural Networks for Material Model Calibration from Full-Field Displacement Data](http://arxiv.org/abs/2212.07723) #robust
• Summary:

  The identification of material parameters occurring in constitutive models has a wide range of applications in practice. One of these applications is the monitoring and assessment of the actual condition of infrastructure buildings, as the material parameters directly reflect the resistance of the structures to external impacts. Physics-informed neural networks (PINNs) have recently emerged as a suitable method for solving inverse problems. The advantages of this method are a straightforward inclusion of observation data. Unlike grid-based methods, such as the finite element method updating (FEMU) approach, no computational grid and no interpolation of the data is required. In the current work, we aim to further develop PINNs towards the calibration of the linear-elastic constitutive model from full-field displacement and global force data in a realistic regime. We show that normalization and conditioning of the optimization problem play a crucial role in this process. Therefore, among others, we identify the material parameters for initial estimates and balance the individual terms in the loss function. In order to reduce the dependence of the identified material parameters on local errors in the displacement approximation, we base the identification not on the stress boundary conditions but instead on the global balance of internal and external work. In addition, we found that we get a better posed inverse problem if we reformulate it in terms of bulk and shear modulus instead of Young's modulus and Poisson's ratio. We demonstrate that the enhanced PINNs are capable of identifying material parameters from both experimental one-dimensional data and synthetic full-field displacement data in a realistic regime. Since displacement data measured by, e.g., a digital image correlation (DIC) system is noisy, we additionally investigate the robustness of the method to different levels of noise.

Title: Variable Clustering via Distributionally Robust Nodewise Regression. (arXiv:2212.07944v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.07944
• Code URL: null
• Copy Paste: [[2212.07944] Variable Clustering via Distributionally Robust Nodewise Regression](http://arxiv.org/abs/2212.07944) #robust
• Summary:

  We study a multi-factor block model for variable clustering and connect it to the regularized subspace clustering by formulating a distributionally robust version of the nodewise regression. To solve the latter problem, we derive a convex relaxation, provide guidance on selecting the size of the robust region, and hence the regularization weighting parameter, based on the data, and propose an ADMM algorithm for implementation. We validate our method in an extensive simulation study. Finally, we propose and apply a variant of our method to stock return data, obtain interpretable clusters that facilitate portfolio selection and compare its out-of-sample performance with other clustering methods in an empirical study.

biometric

steal

extraction

Title: Leveraging Natural Language Processing to Augment Structured Social Determinants of Health Data in the Electronic Health Record. (arXiv:2212.07538v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2212.07538
• Code URL: null
• Copy Paste: [[2212.07538] Leveraging Natural Language Processing to Augment Structured Social Determinants of Health Data in the Electronic Health Record](http://arxiv.org/abs/2212.07538) #extraction
• Summary:

  Objective: Social Determinants of Health (SDOH) influence personal health outcomes and health systems interactions. Health systems capture SDOH information through structured data and unstructured clinical notes; however, clinical notes often contain a more comprehensive representation of several key SDOH. The objective of this work is to assess the SDOH information gain achievable by extracting structured semantic representations of SDOH from the clinical narrative and combining these extracted representations with available structured data.

Materials and Methods: We developed a natural language processing (NLP) information extraction model for SDOH that utilizes a deep learning entity and relation extraction architecture. In an electronic health record (EHR) case study, we applied the SDOH extractor to a large existing clinical data set with over 200,000 patients and 400,000 notes and compared the extracted information with available structured data.

Results: The SDOH extractor achieved 0.86 F1 on a withheld test set. In the EHR case study, we found 19\% of current tobacco users, 10\% of drug users, and 32\% of homeless patients only include documentation of these risk factors in the clinical narrative.

Conclusions: Patients who are at-risk for negative health outcomes due to SDOH may be better served if health systems are able to identify SDOH risk factors and associated social needs. Structured semantic representations of text-encoded SDOH information can augment existing structured, and this more comprehensive SDOH representation can assist health systems in identifying and addressing social needs.

Title: Spatially-resolved Thermometry from Line-of-Sight Emission Spectroscopy via Machine Learning. (arXiv:2212.07836v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.07836
• Code URL: null
• Copy Paste: [[2212.07836] Spatially-resolved Thermometry from Line-of-Sight Emission Spectroscopy via Machine Learning](http://arxiv.org/abs/2212.07836) #extraction
• Summary:

  A methodology is proposed, which addresses the caveat that line-of-sight emission spectroscopy presents in that it cannot provide spatially resolved temperature measurements in nonhomogeneous temperature fields. The aim of this research is to explore the use of data-driven models in measuring temperature distributions in a spatially resolved manner using emission spectroscopy data. Two categories of data-driven methods are analyzed: (i) Feature engineering and classical machine learning algorithms, and (ii) end-to-end convolutional neural networks (CNN). In total, combinations of fifteen feature groups and fifteen classical machine learning models, and eleven CNN models are considered and their performances explored. The results indicate that the combination of feature engineering and machine learning provides better performance than the direct use of CNN. Notably, feature engineering which is comprised of physics-guided transformation, signal representation-based feature extraction and Principal Component Analysis is found to be the most effective. Moreover, it is shown that when using the extracted features, the ensemble-based, light blender learning model offers the best performance with RMSE, RE, RRMSE and R values of 64.3, 0.017, 0.025 and 0.994, respectively. The proposed method, based on feature engineering and the light blender model, is capable of measuring nonuniform temperature distributions from low-resolution spectra, even when the species concentration distribution in the gas mixtures is unknown.

membership infer

federate

fair

interpretability

Title: ROSCOE: A Suite of Metrics for Scoring Step-by-Step Reasoning. (arXiv:2212.07919v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2212.07919
• Code URL: null
• Copy Paste: [[2212.07919] ROSCOE: A Suite of Metrics for Scoring Step-by-Step Reasoning](http://arxiv.org/abs/2212.07919) #interpretability
• Summary:

  Large language models show improved downstream task performance when prompted to generate step-by-step reasoning to justify their final answers. These reasoning steps greatly improve model interpretability and verification, but objectively studying their correctness (independent of the final answer) is difficult without reliable methods for automatic evaluation. We simply do not know how often the stated reasoning steps actually support the final end task predictions. In this work, we present ROSCOE, a suite of interpretable, unsupervised automatic scores that improve and extend previous text generation evaluation metrics. To evaluate ROSCOE against baseline metrics, we design a typology of reasoning errors and collect synthetic and human evaluation scores on commonly used reasoning datasets. In contrast with existing metrics, ROSCOE can measure semantic consistency, logicality, informativeness, fluency, and factuality - among other traits - by leveraging properties of step-by-step rationales. We empirically verify the strength of our metrics on five human annotated and six programmatically perturbed diagnostics datasets - covering a diverse set of tasks that require reasoning skills and show that ROSCOE can consistently outperform baseline metrics.

Title: MABSplit: Faster Forest Training Using Multi-Armed Bandits. (arXiv:2212.07473v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.07473
• Code URL: https://github.com/thrungroup/fastforest
• Copy Paste: [[2212.07473] MABSplit: Faster Forest Training Using Multi-Armed Bandits](http://arxiv.org/abs/2212.07473) #interpretability
• Summary:

  Random forests are some of the most widely used machine learning models today, especially in domains that necessitate interpretability. We present an algorithm that accelerates the training of random forests and other popular tree-based learning methods. At the core of our algorithm is a novel node-splitting subroutine, dubbed MABSplit, used to efficiently find split points when constructing decision trees. Our algorithm borrows techniques from the multi-armed bandit literature to judiciously determine how to allocate samples and computational power across candidate split points. We provide theoretical guarantees that MABSplit improves the sample complexity of each node split from linear to logarithmic in the number of data points. In some settings, MABSplit leads to 100x faster training (an 99% reduction in training time) without any decrease in generalization performance. We demonstrate similar speedups when MABSplit is used across a variety of forest-based variants, such as Extremely Random Forests and Random Patches. We also show our algorithm can be used in both classification and regression tasks. Finally, we show that MABSplit outperforms existing methods in generalization performance and feature importance calculations under a fixed computational budget. All of our experimental results are reproducible via a one-line script at https://github.com/ThrunGroup/FastForest.

explainability

Title: Retrieval-based Disentanglement with Distant Supervision. (arXiv:2212.07699v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2212.07699
• Code URL: null
• Copy Paste: [[2212.07699] Retrieval-based Disentanglement with Distant Supervision](http://arxiv.org/abs/2212.07699) #explainability
• Summary:

  Disentangled representation learning remains challenging as ground truth factors of variation do not naturally exist. To address this, we present Vocabulary Disentanglement Retrieval~(VDR), a simple yet effective retrieval-based disentanglement framework that leverages nature language as distant supervision. Our approach is built upon the widely-used bi-encoder architecture with disentanglement heads and is trained on data-text pairs that are readily available on the web or in existing datasets. This makes our approach task- and modality-agnostic with potential for a wide range of downstream applications. We conduct experiments on 16 datasets in both text-to-text and cross-modal scenarios and evaluate VDR in a zero-shot setting. With the incorporation of disentanglement heads and a minor increase in parameters, VDR achieves significant improvements over the base retriever it is built upon, with a 9% higher on NDCG@10 scores in zero-shot text-to-text retrieval and an average of 13% higher recall in cross-modal retrieval. In comparison to other baselines, VDR outperforms them in most tasks, while also improving explainability and efficiency.

watermark

diffusion

Title: TeTIm-Eval: a novel curated evaluation data set for comparing text-to-image models. (arXiv:2212.07839v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.07839
• Code URL: null
• Copy Paste: [[2212.07839] TeTIm-Eval: a novel curated evaluation data set for comparing text-to-image models](http://arxiv.org/abs/2212.07839) #diffusion
• Summary:

  Evaluating and comparing text-to-image models is a challenging problem. Significant advances in the field have recently been made, piquing interest of various industrial sectors. As a consequence, a gold standard in the field should cover a variety of tasks and application contexts. In this paper a novel evaluation approach is experimented, on the basis of: (i) a curated data set, made by high-quality royalty-free image-text pairs, divided into ten categories; (ii) a quantitative metric, the CLIP-score, (iii) a human evaluation task to distinguish, for a given text, the real and the generated images. The proposed method has been applied to the most recent models, i.e., DALLE2, Latent Diffusion, Stable Diffusion, GLIDE and Craiyon. Early experimental results show that the accuracy of the human judgement is fully coherent with the CLIP-score. The dataset has been made available to the public.