secure

Title: A Survey on Anonymous Communication Systems with a Focus on Dining Cryptographers Networks. (arXiv:2212.08275v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2212.08275
• Code URL: null
• Copy Paste: [[2212.08275] A Survey on Anonymous Communication Systems with a Focus on Dining Cryptographers Networks](http://arxiv.org/abs/2212.08275) #secure
• Summary:

  Traffic analysis attacks can counteract end-to-end encryption and use the leaked communication metadata to reveal information about the communicating parties. With an ever-increasing amount of traffic by an ever-increasing amount of networked devices, this undermines communication privacy and goes against the uptrend of limiting personal data collection. Therefore, Anonymous Communication Systems (ACSs) are proposed to protect the users' privacy by hiding the relationship between transmitted messages and their senders and receivers, providing privacy properties known as anonymity, unlinkability and unobservability. This article aims to review the research in the ACSs field based on its applicability in real-world scenarios. First, we present an overview of the underlying principles of ACSs and different methods. Then, we focus on Dining Cryptographers Networks (DCNs) and the methods for anonymous communication that are based on them. We investigate the alignment of ACSs with the privacy terminologies. Most notably, the DCN-based methods are information-theoretically secure and thus provide unconditional unobservability guarantees. Their initial adoption for anonymous communications was hindered initially as their computational and communication overhead was deemed too significant at that time and scalability problems occurred. However, several more recent contributions such as the possibility to transmit arbitrary length messages, efficient handling of disruptors and improvements in overhead made the integration of modern DCN-based methods more realistic. Previous surveys on ACSs did not cover the most recent research advances in this area or did not focus on DCN-based methods. This comprehensive investigation of modern ACSs and DCN-based systems closes this gap.

security

Title: Resource-Interaction Graph: Efficient Graph Representation for Anomaly Detection. (arXiv:2212.08525v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2212.08525
• Code URL: null
• Copy Paste: [[2212.08525] Resource-Interaction Graph: Efficient Graph Representation for Anomaly Detection](http://arxiv.org/abs/2212.08525) #security
• Summary:

  Security research has concentrated on converting operating system audit logs into suitable graphs, such as provenance graphs, for analysis. However, provenance graphs can grow very large requiring significant computational resources beyond what is necessary for many security tasks and are not feasible for resource constrained environments, such as edge devices. To address this problem, we present the \textit{resource-interaction graph} that is built directly from the audit log. We show that the resource-interaction graph's storage requirements are significantly lower than provenance graphs using an open-source data set with two container escape attacks captured from an edge device. We use a graph autoencoder and graph clustering technique to evaluate the representation for an anomaly detection task. Both approaches are unsupervised and are thus suitable for detecting zero-day attacks. The approaches can achieve f1 scores typically over 80\% and in some cases over 90\% for the selected data set and attacks.

privacy

Title: Dual Moving Average Pseudo-Labeling for Source-Free Inductive Domain Adaptation. (arXiv:2212.08187v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.08187
• Code URL: null
• Copy Paste: [[2212.08187] Dual Moving Average Pseudo-Labeling for Source-Free Inductive Domain Adaptation](http://arxiv.org/abs/2212.08187) #privacy
• Summary:

  Unsupervised domain adaptation reduces the reliance on data annotation in deep learning by adapting knowledge from a source to a target domain. For privacy and efficiency concerns, source-free domain adaptation extends unsupervised domain adaptation by adapting a pre-trained source model to an unlabeled target domain without accessing the source data. However, most existing source-free domain adaptation methods to date focus on the transductive setting, where the target training set is also the testing set. In this paper, we address source-free domain adaptation in the more realistic inductive setting, where the target training and testing sets are mutually exclusive. We propose a new semi-supervised fine-tuning method named Dual Moving Average Pseudo-Labeling (DMAPL) for source-free inductive domain adaptation. We first split the unlabeled training set in the target domain into a pseudo-labeled confident subset and an unlabeled less-confident subset according to the prediction confidence scores from the pre-trained source model. Then we propose a soft-label moving-average updating strategy for the unlabeled subset based on a moving-average prototypical classifier, which gradually adapts the source model towards the target domain. Experiments show that our proposed method achieves state-of-the-art performance and outperforms previous methods by large margins.

Title: Planting and Mitigating Memorized Content in Predictive-Text Language Models. (arXiv:2212.08619v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2212.08619
• Code URL: null
• Copy Paste: [[2212.08619] Planting and Mitigating Memorized Content in Predictive-Text Language Models](http://arxiv.org/abs/2212.08619) #privacy
• Summary:

  Language models are widely deployed to provide automatic text completion services in user products. However, recent research has revealed that language models (especially large ones) bear considerable risk of memorizing private training data, which is then vulnerable to leakage and extraction by adversaries. In this study, we test the efficacy of a range of privacy-preserving techniques to mitigate unintended memorization of sensitive user text, while varying other factors such as model size and adversarial conditions. We test both "heuristic" mitigations (those without formal privacy guarantees) and Differentially Private training, which provides provable levels of privacy at the cost of some model performance. Our experiments show that (with the exception of L2 regularization), heuristic mitigations are largely ineffective in preventing memorization in our test suite, possibly because they make too strong of assumptions about the characteristics that define "sensitive" or "private" text. In contrast, Differential Privacy reliably prevents memorization in our experiments, despite its computational and model-performance costs.

Title: H-LPS: a hybrid approach for user's location privacy in location-based services. (arXiv:2212.08241v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2212.08241
• Code URL: null
• Copy Paste: [[2212.08241] H-LPS: a hybrid approach for user's location privacy in location-based services](http://arxiv.org/abs/2212.08241) #privacy
• Summary:

  Applications providing location-based services (LBS) have gained much attention and importance with the notion of the internet of things (IoT). Users are utilizing LBS by providing their location information to third-party service providers. However, location data is very sensitive that can reveal user's private life to adversaries. The passive and pervasive data collection in IoT upsurges serious issues of location privacy. Privacy-preserving location-based services are a hot research topic. Many anonymization and obfuscation techniques have been proposed to overcome location privacy issues. In this paper, we have proposed a hybrid location privacy scheme (H-LPS), a hybrid scheme mainly based on obfuscation and collaboration for protecting users' location privacy while using location-based services. Obfuscation naturally degrades the quality of service but provides more privacy as compared to anonymization. Our proposed scheme, H-LPS, provides a very high-level of privacy yet provides good accuracy for most of the users. The privacy level and service accuracy of H-LPS are compared with state-of-the-art location privacy schemes and it is shown that H-LPS could be a candidate solution for preserving user location privacy in location-based services.

Title: Swing Distillation: A Privacy-Preserving Knowledge Distillation Framework. (arXiv:2212.08349v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.08349
• Code URL: null
• Copy Paste: [[2212.08349] Swing Distillation: A Privacy-Preserving Knowledge Distillation Framework](http://arxiv.org/abs/2212.08349) #privacy
• Summary:

  Knowledge distillation (KD) has been widely used for model compression and knowledge transfer. Typically, a big teacher model trained on sufficient data transfers knowledge to a small student model. However, despite the success of KD, little effort has been made to study whether KD leaks the training data of the teacher model. In this paper, we experimentally reveal that KD suffers from the risk of privacy leakage. To alleviate this issue, we propose a novel knowledge distillation method, swing distillation, which can effectively protect the private information of the teacher model from flowing to the student model. In our framework, the temperature coefficient is dynamically and adaptively adjusted according to the degree of private information contained in the data, rather than a predefined constant hyperparameter. It assigns different temperatures to tokens according to the likelihood that a token in a position contains private information. In addition, we inject noise into soft targets provided to the student model, in order to avoid unshielded knowledge transfer. Experiments on multiple datasets and tasks demonstrate that the proposed swing distillation can significantly reduce (by over 80% in terms of canary exposure) the risk of privacy leakage in comparison to KD with competitive or better performance. Furthermore, swing distillation is robust against the increasing privacy budget.

protect

defense

Title: Adversarial Example Defense via Perturbation Grading Strategy. (arXiv:2212.08341v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.08341
• Code URL: null
• Copy Paste: [[2212.08341] Adversarial Example Defense via Perturbation Grading Strategy](http://arxiv.org/abs/2212.08341) #defense
• Summary:

  Deep Neural Networks have been widely used in many fields. However, studies have shown that DNNs are easily attacked by adversarial examples, which have tiny perturbations and greatly mislead the correct judgment of DNNs. Furthermore, even if malicious attackers cannot obtain all the underlying model parameters, they can use adversarial examples to attack various DNN-based task systems. Researchers have proposed various defense methods to protect DNNs, such as reducing the aggressiveness of adversarial examples by preprocessing or improving the robustness of the model by adding modules. However, some defense methods are only effective for small-scale examples or small perturbations but have limited defense effects for adversarial examples with large perturbations. This paper assigns different defense strategies to adversarial perturbations of different strengths by grading the perturbations on the input examples. Experimental results show that the proposed method effectively improves defense performance. In addition, the proposed method does not modify any task model, which can be used as a preprocessing module, which significantly reduces the deployment cost in practical applications.

attack

Title: Backdoor Attack Detection in Computer Vision by Applying Matrix Factorization on the Weights of Deep Networks. (arXiv:2212.08121v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.08121
• Code URL: null
• Copy Paste: [[2212.08121] Backdoor Attack Detection in Computer Vision by Applying Matrix Factorization on the Weights of Deep Networks](http://arxiv.org/abs/2212.08121) #attack
• Summary:

  The increasing importance of both deep neural networks (DNNs) and cloud services for training them means that bad actors have more incentive and opportunity to insert backdoors to alter the behavior of trained models. In this paper, we introduce a novel method for backdoor detection that extracts features from pre-trained DNN's weights using independent vector analysis (IVA) followed by a machine learning classifier. In comparison to other detection techniques, this has a number of benefits, such as not requiring any training data, being applicable across domains, operating with a wide range of network architectures, not assuming the nature of the triggers used to change network behavior, and being highly scalable. We discuss the detection pipeline, and then demonstrate the results on two computer vision datasets regarding image classification and object detection. Our method outperforms the competing algorithms in terms of efficiency and is more accurate, helping to ensure the safe application of deep learning and AI.

Title: How to disagree well: Investigating the dispute tactics used on Wikipedia. (arXiv:2212.08353v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2212.08353
• Code URL: https://github.com/christinedekock11/wikitactics
• Copy Paste: [[2212.08353] How to disagree well: Investigating the dispute tactics used on Wikipedia](http://arxiv.org/abs/2212.08353) #attack
• Summary:

  Disagreements are frequently studied from the perspective of either detecting toxicity or analysing argument structure. We propose a framework of dispute tactics that unifies these two perspectives, as well as other dialogue acts which play a role in resolving disputes, such as asking questions and providing clarification. This framework includes a preferential ordering among rebuttal-type tactics, ranging from ad hominem attacks to refuting the central argument. Using this framework, we annotate 213 disagreements (3,865 utterances) from Wikipedia Talk pages. This allows us to investigate research questions around the tactics used in disagreements; for instance, we provide empirical validation of the approach to disagreement recommended by Wikipedia. We develop models for multilabel prediction of dispute tactics in an utterance, achieving the best performance with a transformer-based label powerset model. Adding an auxiliary task to incorporate the ordering of rebuttal tactics further yields a statistically significant increase. Finally, we show that these annotations can be used to provide useful additional signals to improve performance on the task of predicting escalation.

Title: Conditional Generative Adversarial Network for keystroke presentation attack. (arXiv:2212.08445v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2212.08445
• Code URL: null
• Copy Paste: [[2212.08445] Conditional Generative Adversarial Network for keystroke presentation attack](http://arxiv.org/abs/2212.08445) #attack
• Summary:

  Cybersecurity is a crucial step in data protection to ensure user security and personal data privacy. In this sense, many companies have started to control and restrict access to their data using authentication systems. However, these traditional authentication methods, are not enough for ensuring data protection, and for this reason, behavioral biometrics have gained importance. Despite their promising results and the wide range of applications, biometric systems have shown to be vulnerable to malicious attacks, such as Presentation Attacks. For this reason, in this work, we propose to study a new approach aiming to deploy a presentation attack towards a keystroke authentication system. Our idea is to use Conditional Generative Adversarial Networks (cGAN) for generating synthetic keystroke data that can be used for impersonating an authorized user. These synthetic data are generated following two different real use cases, one in which the order of the typed words is known (ordered dynamic) and the other in which this order is unknown (no-ordered dynamic). Finally, both keystroke dynamics (ordered and no-ordered) are validated using an external keystroke authentication system. Results indicate that the cGAN can effectively generate keystroke dynamics patterns that can be used for deceiving keystroke authentication systems.

robust

Title: MM-SHAP: A Performance-agnostic Metric for Measuring Multimodal Contributions in Vision and Language Models & Tasks. (arXiv:2212.08158v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.08158
• Code URL: https://github.com/heidelberg-nlp/mm-shap
• Copy Paste: [[2212.08158] MM-SHAP: A Performance-agnostic Metric for Measuring Multimodal Contributions in Vision and Language Models & Tasks](http://arxiv.org/abs/2212.08158) #robust
• Summary:

  Vision and language models (VL) are known to exploit unrobust indicators in individual modalities (e.g., introduced by distributional biases), instead of focusing on relevant information in each modality. A small drop in accuracy obtained on a VL task with a unimodal model suggests that so-called unimodal collapse occurred. But how to quantify the amount of unimodal collapse reliably, at dataset and instance-level, to diagnose and combat unimodal collapse in a targeted way? We present MM-SHAP, a performance-agnostic multimodality score that quantifies the proportion by which a model uses individual modalities in multimodal tasks. MM-SHAP is based on Shapley values and will be applied in two ways: (1) to compare models for their degree of multimodality, and (2) to measure the contribution of individual modalities for a given task and dataset. Experiments with 6 VL models -- LXMERT, CLIP and four ALBEF variants -- on four VL tasks highlight that unimodal collapse can occur to different degrees and in different directions, contradicting the wide-spread assumption that unimodal collapse is one-sided. We recommend MM-SHAP for analysing multimodal tasks, to diagnose and guide progress towards multimodal integration. Code available at: https://github.com/Heidelberg-NLP/MM-SHAP

Title: Robust Saliency Guidance for Data-free Class Incremental Learning. (arXiv:2212.08251v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.08251
• Code URL: null
• Copy Paste: [[2212.08251] Robust Saliency Guidance for Data-free Class Incremental Learning](http://arxiv.org/abs/2212.08251) #robust
• Summary:

  Data-Free Class Incremental Learning (DFCIL) aims to sequentially learn tasks with access only to data from the current one. DFCIL is of interest because it mitigates concerns about privacy and long-term storage of data, while at the same time alleviating the problem of catastrophic forgetting in incremental learning. In this work, we introduce robust saliency guidance for DFCIL and propose a new framework, which we call RObust Saliency Supervision (ROSS), for mitigating the negative effect of saliency drift. Firstly, we use a teacher-student architecture leveraging low-level tasks to supervise the model with global saliency. We also apply boundary-guided saliency to protect it from drifting across object boundaries at intermediate layers. Finally, we introduce a module for injecting and recovering saliency noise to increase robustness of saliency preservation. Our experiments demonstrate that our method can retain better saliency maps across tasks and achieve state-of-the-art results on the CIFAR-100, Tiny-ImageNet and ImageNet-Subset DFCIL benchmarks. Code will be made publicly available.

Title: Robust Learning Protocol for Federated Tumor Segmentation Challenge. (arXiv:2212.08290v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.08290
• Code URL: null
• Copy Paste: [[2212.08290] Robust Learning Protocol for Federated Tumor Segmentation Challenge](http://arxiv.org/abs/2212.08290) #robust
• Summary:

  In this work, we devise robust and efficient learning protocols for orchestrating a Federated Learning (FL) process for the Federated Tumor Segmentation Challenge (FeTS 2022). Enabling FL for FeTS setup is challenging mainly due to data heterogeneity among collaborators and communication cost of training. To tackle these challenges, we propose Robust Learning Protocol (RoLePRO) which is a combination of server-side adaptive optimisation (e.g., server-side Adam) and judicious parameter (weights) aggregation schemes (e.g., adaptive weighted aggregation). RoLePRO takes a two-phase approach, where the first phase consists of vanilla Federated Averaging, while the second phase consists of a judicious aggregation scheme that uses a sophisticated reweighting, all in the presence of an adaptive optimisation algorithm at the server. We draw insights from extensive experimentation to tune learning rates for the two phases.

Title: Semi-Siamese Network for Robust Change Detection Across Different Domains with Applications to 3D Printing. (arXiv:2212.08583v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.08583
• Code URL: null
• Copy Paste: [[2212.08583] Semi-Siamese Network for Robust Change Detection Across Different Domains with Applications to 3D Printing](http://arxiv.org/abs/2212.08583) #robust
• Summary:

  Automatic defect detection for 3D printing processes, which shares many characteristics with change detection problems, is a vital step for quality control of 3D printed products. However, there are some critical challenges in the current state of practice. First, existing methods for computer vision-based process monitoring typically work well only under specific camera viewpoints and lighting situations, requiring expensive pre-processing, alignment, and camera setups. Second, many defect detection techniques are specific to pre-defined defect patterns and/or print schematics. In this work, we approach the automatic defect detection problem differently using a novel Semi-Siamese deep learning model that directly compares a reference schematic of the desired print and a camera image of the achieved print. The model then solves an image segmentation problem, identifying the locations of defects with respect to the reference frame. Unlike most change detection problems, our model is specially developed to handle images coming from different domains and is robust against perturbations in the imaging setup such as camera angle and illumination. Defect localization predictions were made in 2.75 seconds per layer using a standard MacBookPro, which is comparable to the typical tens of seconds or less for printing a single layer on an inkjet-based 3D printer, while achieving an F1-score of more than 0.9.

Title: On Human Visual Contrast Sensitivity and Machine Vision Robustness: A Comparative Study. (arXiv:2212.08650v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.08650
• Code URL: null
• Copy Paste: [[2212.08650] On Human Visual Contrast Sensitivity and Machine Vision Robustness: A Comparative Study](http://arxiv.org/abs/2212.08650) #robust
• Summary:

  It is well established in neuroscience that color vision plays an essential part in the human visual perception system. Meanwhile, many novel designs for computer vision inspired by human vision have achieved success in a wide range of tasks and applications. Nonetheless, how color differences affect machine vision has not been well explored. Our work tries to bridge this gap between the human color vision aspect of visual recognition and that of the machine. To achieve this, we curate two datasets: CIFAR10-F and CIFAR100-F, which are based on the foreground colors of the popular CIFAR datasets. Together with CIFAR10-B and CIFAR100-B, the existing counterpart datasets with information on the background colors of CIFAR test sets, we assign each image based on its color contrast level per its foreground and background color labels and use this as a proxy to study how color contrast affects machine vision. We first conduct a proof-of-concept study, showing the effect of color difference and validate our datasets. Furthermore, on a broader level, an important characteristic of human vision is its robustness against ambient changes; therefore, drawing inspirations from ophthalmology and the robustness literature, we analogize contrast sensitivity from the human visual aspect to machine vision and complement the current robustness study using corrupted images with our CIFAR-CoCo datasets. In summary, motivated by neuroscience and equipped with the datasets we curate, we devise a new framework in two dimensions to perform extensive analyses on the effect of color contrast and corrupted images: (1) model architecture, (2) model size, to measure the perception ability of machine vision beyond total accuracy. We also explore how task complexity and data augmentation play a role in this setup. Our results call attention to new evaluation approaches for human-like machine perception.

Title: Evaluation of Synthetic Datasets for Conversational Recommender Systems. (arXiv:2212.08167v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2212.08167
• Code URL: null
• Copy Paste: [[2212.08167] Evaluation of Synthetic Datasets for Conversational Recommender Systems](http://arxiv.org/abs/2212.08167) #robust
• Summary:

  For researchers leveraging Large-Language Models (LLMs) in the generation of training datasets, especially for conversational recommender systems - the absence of robust evaluation frameworks has been a long-standing problem. The efficiency brought about by LLMs in the data generation phase is impeded during the process of evaluation of the generated data, since it generally requires human-raters to ensure that the data generated is of high quality and has sufficient diversity. Since the quality of training data is critical for downstream applications, it is important to develop metrics that evaluate the quality holistically and identify biases. In this paper, we present a framework that takes a multi-faceted approach towards evaluating datasets produced by generative models and discuss the advantages and limitations of various evaluation methods.

Title: ALERT: Adapting Language Models to Reasoning Tasks. (arXiv:2212.08286v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2212.08286
• Code URL: null
• Copy Paste: [[2212.08286] ALERT: Adapting Language Models to Reasoning Tasks](http://arxiv.org/abs/2212.08286) #robust
• Summary:

  Current large language models can perform reasonably well on complex tasks that require step-by-step reasoning with few-shot learning. Are these models applying reasoning skills they have learnt during pre-training and reason outside of their training context, or are they simply memorizing their training corpus at finer granularity and have learnt to better understand their context? To tease apart these possibilities, we introduce ALERT, a benchmark and suite of analyses for assessing language models' reasoning ability comparing pre-trained and finetuned models on complex tasks that require reasoning skills to solve. ALERT provides a test bed to asses any language model on fine-grained reasoning skills, which spans over 20 datasets and covers 10 different reasoning skills. We leverage ALERT to further investigate the role of finetuning. With extensive empirical analysis we find that language models learn more reasoning skills such as textual entailment, abductive reasoning, and analogical reasoning during finetuning stage compared to pretraining state. We also find that when language models are finetuned they tend to overfit to the prompt template, which hurts the robustness of models causing generalization problems.

Title: Bridging the Gap Between Offline and Online Reinforcement Learning Evaluation Methodologies. (arXiv:2212.08131v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.08131
• Code URL: null
• Copy Paste: [[2212.08131] Bridging the Gap Between Offline and Online Reinforcement Learning Evaluation Methodologies](http://arxiv.org/abs/2212.08131) #robust
• Summary:

  Reinforcement learning (RL) has shown great promise with algorithms learning in environments with large state and action spaces purely from scalar reward signals. A crucial challenge for current deep RL algorithms is that they require a tremendous amount of environment interactions for learning. This can be infeasible in situations where such interactions are expensive; such as in robotics. Offline RL algorithms try to address this issue by bootstrapping the learning process from existing logged data without needing to interact with the environment from the very beginning. While online RL algorithms are typically evaluated as a function of the number of environment interactions, there exists no single established protocol for evaluating offline RL methods.In this paper, we propose a sequential approach to evaluate offline RL algorithms as a function of the training set size and thus by their data efficiency. Sequential evaluation provides valuable insights into the data efficiency of the learning process and the robustness of algorithms to distribution changes in the dataset while also harmonizing the visualization of the offline and online learning phases. Our approach is generally applicable and easy to implement. We compare several existing offline RL algorithms using this approach and present insights from a variety of tasks and offline datasets.

Title: Multi-Resolution Online Deterministic Annealing: A Hierarchical and Progressive Learning Architecture. (arXiv:2212.08189v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.08189
• Code URL: https://github.com/mavridischristos/onlinedeterministicannealing
• Copy Paste: [[2212.08189] Multi-Resolution Online Deterministic Annealing: A Hierarchical and Progressive Learning Architecture](http://arxiv.org/abs/2212.08189) #robust
• Summary:

  Hierarchical learning algorithms that gradually approximate a solution to a data-driven optimization problem are essential to decision-making systems, especially under limitations on time and computational resources. In this study, we introduce a general-purpose hierarchical learning architecture that is based on the progressive partitioning of a possibly multi-resolution data space. The optimal partition is gradually approximated by solving a sequence of optimization sub-problems that yield a sequence of partitions with increasing number of subsets. We show that the solution of each optimization problem can be estimated online using gradient-free stochastic approximation updates. As a consequence, a function approximation problem can be defined within each subset of the partition and solved using the theory of two-timescale stochastic approximation algorithms. This simulates an annealing process and defines a robust and interpretable heuristic method to gradually increase the complexity of the learning architecture in a task-agnostic manner, giving emphasis to regions of the data space that are considered more important according to a predefined criterion. Finally, by imposing a tree structure in the progression of the partitions, we provide a means to incorporate potential multi-resolution structure of the data space into this approach, significantly reducing its complexity, while introducing hierarchical feature extraction properties similar to certain classes of deep learning architectures. Asymptotic convergence analysis and experimental results are provided for clustering, classification, and regression problems.

Title: Shapley variable importance cloud for machine learning models. (arXiv:2212.08370v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.08370
• Code URL: null
• Copy Paste: [[2212.08370] Shapley variable importance cloud for machine learning models](http://arxiv.org/abs/2212.08370) #robust
• Summary:

  Current practice in interpretable machine learning often focuses on explaining the final model trained from data, e.g., by using the Shapley additive explanations (SHAP) method. The recently developed Shapley variable importance cloud (ShapleyVIC) extends the current practice to a group of "nearly optimal models" to provide comprehensive and robust variable importance assessments, with estimated uncertainty intervals for a more complete understanding of variable contributions to predictions. ShapleyVIC was initially developed for applications with traditional regression models, and the benefits of ShapleyVIC inference have been demonstrated in real-life prediction tasks using the logistic regression model. However, as a model-agnostic approach, ShapleyVIC application is not limited to such scenarios. In this work, we extend ShapleyVIC implementation for machine learning models to enable wider applications, and propose it as a useful complement to the current SHAP analysis to enable more trustworthy applications of these black-box models.

Title: Robust Explanation Constraints for Neural Networks. (arXiv:2212.08507v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.08507
• Code URL: https://github.com/matthewwicker/robustexplanationconstraintsforneuralnetworks
• Copy Paste: [[2212.08507] Robust Explanation Constraints for Neural Networks](http://arxiv.org/abs/2212.08507) #robust
• Summary:

  Post-hoc explanation methods are used with the intent of providing insights about neural networks and are sometimes said to help engender trust in their outputs. However, popular explanations methods have been found to be fragile to minor perturbations of input features or model parameters. Relying on constraint relaxation techniques from non-convex optimization, we develop a method that upper-bounds the largest change an adversary can make to a gradient-based explanation via bounded manipulation of either the input features or model parameters. By propagating a compact input or parameter set as symbolic intervals through the forwards and backwards computations of the neural network we can formally certify the robustness of gradient-based explanations. Our bounds are differentiable, hence we can incorporate provable explanation robustness into neural network training. Empirically, our method surpasses the robustness provided by previous heuristic approaches. We find that our training method is the only method able to learn neural networks with certificates of explanation robustness across all six datasets tested.

biometric

Title: A Survey on Biometrics Authentication. (arXiv:2212.08224v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2212.08224
• Code URL: null
• Copy Paste: [[2212.08224] A Survey on Biometrics Authentication](http://arxiv.org/abs/2212.08224) #biometric
• Summary:

  Nowadays, traditional authentication methods are vulnerable to face attacks that are often based on inherent security issues. Professional attackers leverage adversarial offenses on the security holes. Biometrics has intrinsic advantages to overcome the traditional authentication methods on security, success rates, efficiency, and accessibility. Biometrics has wide prospects to implement various applications in fields. Whether in authentication security or clinical medicine, biometrics is one of the mainstream studies. In this paper, we surveyed and reviewed some related studies of biometrics, which are outstanding and significant in driving the development and popularization of biometrics. Although they still have some inherent disadvantages to restrict popularization, these obstacles could not conceal the promising future of biometrics. Multi-factors continuous biometrics authentication has become the mainstream trend of development. We reflect the findings as well as the challenges of the studies in the survey paper.

steal

extraction

Title: Lightweight integration of 3D features to improve 2D image segmentation. (arXiv:2212.08334v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.08334
• Code URL: null
• Copy Paste: [[2212.08334] Lightweight integration of 3D features to improve 2D image segmentation](http://arxiv.org/abs/2212.08334) #extraction
• Summary:

  Scene understanding is a major challenge of today's computer vision. Center to this task is image segmentation, since scenes are often provided as a set of pictures. Nowadays, many such datasets also provide 3D geometry information given as a 3D point cloud acquired by a laser scanner or a depth camera. To exploit this geometric information, many current approaches rely on both a 2D loss and 3D loss, requiring not only 2D per pixel labels but also 3D per point labels. However obtaining a 3D groundtruth is challenging, time-consuming and error-prone. In this paper, we show that image segmentation can benefit from 3D geometric information without requiring any 3D groundtruth, by training the geometric feature extraction with a 2D segmentation loss in an end-to-end fashion. Our method starts by extracting a map of 3D features directly from the point cloud by using a lightweight and simple 3D encoder neural network. The 3D feature map is then used as an additional input to a classical image segmentation network. During training, the 3D features extraction is optimized for the segmentation task by back-propagation through the entire pipeline. Our method exhibits state-of-the-art performance with much lighter input dataset requirements, since no 3D groundtruth is required.

Title: LEDCNet: A Lightweight and Efficient Semantic Segmentation Algorithm Using Dual Context Module for Extracting Ground Objects from UAV Aerial Remote Sensing Images. (arXiv:2212.08490v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.08490
• Code URL: https://github.com/gtlinyer/ledcnet
• Copy Paste: [[2212.08490] LEDCNet: A Lightweight and Efficient Semantic Segmentation Algorithm Using Dual Context Module for Extracting Ground Objects from UAV Aerial Remote Sensing Images](http://arxiv.org/abs/2212.08490) #extraction
• Summary:

  Semantic segmentation of UAV aerial remote sensing images provides a more efficient and convenient surveying and mapping method for traditional surveying and mapping. In order to make the model lightweight and improve a certain accuracy, this research developed a new lightweight and efficient network for the extraction of ground features from UAV aerial remote sensing images, called LDMCNet. Meanwhile, this research develops a powerful lightweight backbone network for the proposed semantic segmentation model. It is called LDCNet, and it is hoped that it can become the backbone network of a new generation of lightweight semantic segmentation algorithms. The proposed model uses dual multi-scale context modules, namely the Atrous Space Pyramid Pooling module (ASPP) and the Object Context Representation module (OCR). In addition, this research constructs a private dataset for semantic segmentation of aerial remote sensing images from drones. This data set contains 2431 training sets, 945 validation sets, and 475 test sets. The proposed model performs well on this dataset, with only 1.4M parameters and 5.48G floating-point operations (FLOPs), achieving an average intersection-over-union ratio (mIoU) of 71.12%. 7.88% higher than the baseline model. In order to verify the effectiveness of the proposed model, training on the public datasets "LoveDA" and "CITY-OSM" also achieved excellent results, achieving mIoU of 65.27% and 74.39%, respectively.

Title: Atrous Space Bender U-Net (ASBU-Net/LogiNet). (arXiv:2212.08613v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.08613
• Code URL: null
• Copy Paste: [[2212.08613] Atrous Space Bender U-Net (ASBU-Net/LogiNet)](http://arxiv.org/abs/2212.08613) #extraction
• Summary:

  $ $With recent advances in CNNs, exceptional improvements have been made in semantic segmentation of high resolution images in terms of accuracy and latency. However, challenges still remain in detecting objects in crowded scenes, large scale variations, partial occlusion, and distortions, while still maintaining mobility and latency. We introduce a fast and efficient convolutional neural network, ASBU-Net, for semantic segmentation of high resolution images that addresses these problems and uses no novelty layers for ease of quantization and embedded hardware support. ASBU-Net is based on a new feature extraction module, atrous space bender layer (ASBL), which is efficient in terms of computation and memory. The ASB layers form a building block that is used to make ASBNet. Since this network does not use any special layers it can be easily implemented, quantized and deployed on FPGAs and other hardware with limited memory. We present experiments on resource and accuracy trade-offs and show strong performance compared to other popular models.

membership infer

federate

Title: FewFedWeight: Few-shot Federated Learning Framework across Multiple NLP Tasks. (arXiv:2212.08354v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2212.08354
• Code URL: null
• Copy Paste: [[2212.08354] FewFedWeight: Few-shot Federated Learning Framework across Multiple NLP Tasks](http://arxiv.org/abs/2212.08354) #federate
• Summary:

  Massively multi-task learning with large language models has recently made substantial progress on few-shot generalization. However, this is usually performed in a centralized learning fashion, ignoring the privacy sensitivity issue of (annotated) data used in multiple tasks. To mitigate this issue, we propose FewFedWeight, a few-shot federated learning framework across multiple tasks, to achieve the best of both worlds: privacy preservation and cross-task generalization. FewFedWeight trains client models in isolated devices without sharing data. It broadcasts the global model in the server to each client and produces pseudo data for clients so that knowledge from the global model can be explored to enhance few-shot learning of each client model. An energy-based algorithm is further proposed to weight pseudo samples in order to reduce the negative impact of noise from the generated pseudo data. Adaptive model weights of client models are also tuned according to their performance. We use these model weights to dynamically aggregate client models to update the global model. Experiments on 118 NLP tasks show that FewFedWeight can significantly improve the performance of client models on 61% tasks with an average performance improvement rate of 30.5% over the baseline and substantially outperform FedAvg and other decentralized learning methods.

Title: Mobile Augmented Reality with Federated Learning in the Metaverse. (arXiv:2212.08324v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.08324
• Code URL: null
• Copy Paste: [[2212.08324] Mobile Augmented Reality with Federated Learning in the Metaverse](http://arxiv.org/abs/2212.08324) #federate
• Summary:

  The Metaverse is deemed the next evolution of the Internet and has received much attention recently. Metaverse applications via mobile augmented reality (MAR) require rapid and accurate object detection to mix digital data with the real world. As mobile devices evolve, they become more potent in computing. Hence, their computational resources can be leveraged to train machine learning models. In light of the increasing concerns of user privacy and data security, federated learning (FL) has become a promising distributed learning framework for privacy-preserving analytics. In this article, FL and MAR are brought together in the Metaverse. We discuss the necessity and rationality of the combination of FL and MAR. The prospective technologies that power FL and MAR in the Metaverse are also identified. In addition, existing challenges that prevent the fulfilment of FL and MAR in the Metaverse and several application scenarios are presented. Finally, two case studies of Metaverse FL-MAR systems are demonstrated.

Title: SplitGP: Achieving Both Generalization and Personalization in Federated Learning. (arXiv:2212.08343v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.08343
• Code URL: null
• Copy Paste: [[2212.08343] SplitGP: Achieving Both Generalization and Personalization in Federated Learning](http://arxiv.org/abs/2212.08343) #federate
• Summary:

  A fundamental challenge to providing edge-AI services is the need for a machine learning (ML) model that achieves personalization (i.e., to individual clients) and generalization (i.e., to unseen data) properties concurrently. Existing techniques in federated learning (FL) have encountered a steep tradeoff between these objectives and impose large computational requirements on edge devices during training and inference. In this paper, we propose SplitGP, a new split learning solution that can simultaneously capture generalization and personalization capabilities for efficient inference across resource-constrained clients (e.g., mobile/IoT devices). Our key idea is to split the full ML model into client-side and server-side components, and impose different roles to them: the client-side model is trained to have strong personalization capability optimized to each client's main task, while the server-side model is trained to have strong generalization capability for handling all clients' out-of-distribution tasks. We analytically characterize the convergence behavior of SplitGP, revealing that all client models approach stationary points asymptotically. Further, we analyze the inference time in SplitGP and provide bounds for determining model split ratios. Experimental results show that SplitGP outperforms existing baselines by wide margins in inference time and test accuracy for varying amounts of out-of-distribution samples.

Title: Federated Learning with Flexible Control. (arXiv:2212.08496v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.08496
• Code URL: null
• Copy Paste: [[2212.08496] Federated Learning with Flexible Control](http://arxiv.org/abs/2212.08496) #federate
• Summary:

  Federated learning (FL) enables distributed model training from local data collected by users. In distributed systems with constrained resources and potentially high dynamics, e.g., mobile edge networks, the efficiency of FL is an important problem. Existing works have separately considered different configurations to make FL more efficient, such as infrequent transmission of model updates, client subsampling, and compression of update vectors. However, an important open problem is how to jointly apply and tune these control knobs in a single FL algorithm, to achieve the best performance by allowing a high degree of freedom in control decisions. In this paper, we address this problem and propose FlexFL - an FL algorithm with multiple options that can be adjusted flexibly. Our FlexFL algorithm allows both arbitrary rates of local computation at clients and arbitrary amounts of communication between clients and the server, making both the computation and communication resource consumption adjustable. We prove a convergence upper bound of this algorithm. Based on this result, we further propose a stochastic optimization formulation and algorithm to determine the control decisions that (approximately) minimize the convergence bound, while conforming to constraints related to resource consumption. The advantage of our approach is also verified using experiments.

fair

Title: Fake it till you make it: Learning(s) from a synthetic ImageNet clone. (arXiv:2212.08420v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.08420
• Code URL: null
• Copy Paste: [[2212.08420] Fake it till you make it: Learning(s) from a synthetic ImageNet clone](http://arxiv.org/abs/2212.08420) #fair
• Summary:

  Recent large-scale image generation models such as Stable Diffusion have exhibited an impressive ability to generate fairly realistic images starting from a very simple text prompt. Could such models render real images obsolete for training image prediction models? In this paper, we answer part of this provocative question by questioning the need for real images when training models for ImageNet classification. More precisely, provided only with the class names that have been used to build the dataset, we explore the ability of Stable Diffusion to generate synthetic clones of ImageNet and measure how useful they are for training classification models from scratch. We show that with minimal and class-agnostic prompt engineering those ImageNet clones we denote as ImageNet-SD are able to close a large part of the gap between models produced by synthetic images and models trained with real images for the several standard classification benchmarks that we consider in this study. More importantly, we show that models trained on synthetic images exhibit strong generalization properties and perform on par with models trained on real data.

Title: Detection-aware multi-object tracking evaluation. (arXiv:2212.08536v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.08536
• Code URL: null
• Copy Paste: [[2212.08536] Detection-aware multi-object tracking evaluation](http://arxiv.org/abs/2212.08536) #fair
• Summary:

  How would you fairly evaluate two multi-object tracking algorithms (i.e. trackers), each one employing a different object detector? Detectors keep improving, thus trackers can make less effort to estimate object states over time. Is it then fair to compare a new tracker employing a new detector with another tracker using an old detector? In this paper, we propose a novel performance measure, named Tracking Effort Measure (TEM), to evaluate trackers that use different detectors. TEM estimates the improvement that the tracker does with respect to its input data (i.e. detections) at frame level (intra-frame complexity) and sequence level (inter-frame complexity). We evaluate TEM over well-known datasets, four trackers and eight detection sets. Results show that, unlike conventional tracking evaluation measures, TEM can quantify the effort done by the tracker with a reduced correlation on the input detections. Its implementation is publicly available online at https://github.com/vpulab/MOT-evaluation.

Title: Better May Not Be Fairer: Can Data Augmentation Mitigate Subgroup Degradation?. (arXiv:2212.08649v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.08649
• Code URL: null
• Copy Paste: [[2212.08649] Better May Not Be Fairer: Can Data Augmentation Mitigate Subgroup Degradation?](http://arxiv.org/abs/2212.08649) #fair
• Summary:

  It is no secret that deep learning models exhibit undesirable behaviors such as learning spurious correlations instead of learning correct relationships between input/output pairs. Prior works on robustness study datasets that mix low-level features to quantify how spurious correlations affect predictions instead of considering natural semantic factors due to limitations in accessing realistic datasets for comprehensive evaluation. To bridge this gap, in this paper we first investigate how natural background colors play a role as spurious features in image classification tasks by manually splitting the test sets of CIFAR10 and CIFAR100 into subgroups based on the background color of each image. We name our datasets CIFAR10-B and CIFAR100-B. We find that while standard CNNs achieve human-level accuracy, the subgroup performances are not consistent, and the phenomenon remains even after data augmentation (DA). To alleviate this issue, we propose FlowAug, a semantic DA method that leverages the decoupled semantic representations captured by a pre-trained generative flow. Experimental results show that FlowAug achieves more consistent results across subgroups than other types of DA methods on CIFAR10 and CIFAR100. Additionally, it shows better generalization performance. Furthermore, we propose a generic metric for studying model robustness to spurious correlations, where we take a macro average on the weighted standard deviations across different classes. Per our metric, FlowAug demonstrates less reliance on spurious correlations. Although this metric is proposed to study our curated datasets, it applies to all datasets that have subgroups or subclasses. Lastly, aside from less dependence on spurious correlations and better generalization on in-distribution test sets, we also show superior out-of-distribution results on CIFAR10.1 and competitive performances on CIFAR10-C and CIFAR100-C.

Title: Provable Fairness for Neural Network Models using Formal Verification. (arXiv:2212.08578v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.08578
• Code URL: null
• Copy Paste: [[2212.08578] Provable Fairness for Neural Network Models using Formal Verification](http://arxiv.org/abs/2212.08578) #fair
• Summary:

  Machine learning models are increasingly deployed for critical decision-making tasks, making it important to verify that they do not contain gender or racial biases picked up from training data. Typical approaches to achieve fairness revolve around efforts to clean or curate training data, with post-hoc statistical evaluation of the fairness of the model on evaluation data. In contrast, we propose techniques to \emph{prove} fairness using recently developed formal methods that verify properties of neural network models.Beyond the strength of guarantee implied by a formal proof, our methods have the advantage that we do not need explicit training or evaluation data (which is often proprietary) in order to analyze a given trained model. In experiments on two familiar datasets in the fairness literature (COMPAS and ADULTS), we show that through proper training, we can reduce unfairness by an average of 65.4\% at a cost of less than 1\% in AUC score.

Title: Efficient Conditionally Invariant Representation Learning. (arXiv:2212.08645v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.08645
• Code URL: https://github.com/namratadeka/circe
• Copy Paste: [[2212.08645] Efficient Conditionally Invariant Representation Learning](http://arxiv.org/abs/2212.08645) #fair
• Summary:

  We introduce the Conditional Independence Regression CovariancE (CIRCE), a measure of conditional independence for multivariate continuous-valued variables. CIRCE applies as a regularizer in settings where we wish to learn neural features $\varphi(X)$ of data $X$ to estimate a target $Y$, while being conditionally independent of a distractor $Z$ given $Y$. Both $Z$ and $Y$ are assumed to be continuous-valued but relatively low dimensional, whereas $X$ and its features may be complex and high dimensional. Relevant settings include domain-invariant learning, fairness, and causal learning. The procedure requires just a single ridge regression from $Y$ to kernelized features of $Z$, which can be done in advance. It is then only necessary to enforce independence of $\varphi(X)$ from residuals of this regression, which is possible with attractive estimation properties and consistency guarantees. By contrast, earlier measures of conditional feature dependence require multiple regressions for each step of feature learning, resulting in more severe bias and variance, and greater computational cost. When sufficiently rich features are used, we establish that CIRCE is zero if and only if $\varphi(X) \perp !!! \perp Z \mid Y$. In experiments, we show superior performance to previous methods on challenging benchmarks, including learning conditionally invariant image features.

interpretability

explainability

watermark

diffusion

Title: SADM: Sequence-Aware Diffusion Model for Longitudinal Medical Image Generation. (arXiv:2212.08228v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.08228
• Code URL: null
• Copy Paste: [[2212.08228] SADM: Sequence-Aware Diffusion Model for Longitudinal Medical Image Generation](http://arxiv.org/abs/2212.08228) #diffusion
• Summary:

  Human organs constantly undergo anatomical changes due to a complex mix of short-term (e.g., heartbeat) and long-term (e.g., aging) factors. Evidently, prior knowledge of these factors will be beneficial when modeling their future state, i.e., via image generation. However, most of the medical image generation tasks only rely on the input from a single image, thus ignoring the sequential dependency even when longitudinal data is available. Sequence-aware deep generative models, where model input is a sequence of ordered and timestamped images, are still underexplored in the medical imaging domain that is featured by several unique challenges: 1) Sequences with various lengths; 2) Missing data or frame, and 3) High dimensionality. To this end, we propose a sequence-aware diffusion model (SADM) for the generation of longitudinal medical images. Recently, diffusion models have shown promising results on high-fidelity image generation. Our method extends this new technique by introducing a sequence-aware transformer as the conditional module in a diffusion model. The novel design enables learning longitudinal dependency even with missing data during training and allows autoregressive generation of a sequence of images during inference. Our extensive experiments on 3D longitudinal medical images demonstrate the effectiveness of SADM compared with baselines and alternative methods.

Title: Unifying Human Motion Synthesis and Style Transfer with Denoising Diffusion Probabilistic Models. (arXiv:2212.08526v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.08526
• Code URL: https://github.com/mrzzy2021/styledmotionsynthesis
• Copy Paste: [[2212.08526] Unifying Human Motion Synthesis and Style Transfer with Denoising Diffusion Probabilistic Models](http://arxiv.org/abs/2212.08526) #diffusion
• Summary:

  Generating realistic motions for digital humans is a core but challenging part of computer animations and games, as human motions are both diverse in content and rich in styles. While the latest deep learning approaches have made significant advancements in this domain, they mostly consider motion synthesis and style manipulation as two separate problems. This is mainly due to the challenge of learning both motion contents that account for the inter-class behaviour and styles that account for the intra-class behaviour effectively in a common representation. To tackle this challenge, we propose a denoising diffusion probabilistic model solution for styled motion synthesis. As diffusion models have a high capacity brought by the injection of stochasticity, we can represent both inter-class motion content and intra-class style behaviour in the same latent. This results in an integrated, end-to-end trained pipeline that facilitates the generation of optimal motion and exploration of content-style coupled latent space. To achieve high-quality results, we design a multi-task architecture of diffusion model that strategically generates aspects of human motions for local guidance. We also design adversarial and physical regulations for global guidance. We demonstrate superior performance with quantitative and qualitative results and validate the effectiveness of our multi-task architecture.