secure

Title: Secure and Privacy Preserving Proxy Biometrics Identities. (arXiv:2212.10812v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.10812
• Code URL: null
• Copy Paste: [[2212.10812] Secure and Privacy Preserving Proxy Biometrics Identities](http://arxiv.org/abs/2212.10812) #secure
• Summary:

  With large-scale adaption to biometric based applications, security and privacy of biometrics is utmost important especially when operating in unsupervised online mode. This work proposes a novel approach for generating new artificial fingerprints also called proxy fingerprints that are natural looking, non-invertible, revocable and privacy preserving. These proxy biometrics can be generated from original ones only with the help of a user-specific key. Instead of using the original fingerprint, these proxy templates can be used anywhere with same convenience. The manuscripts walks through an interesting way in which proxy fingerprints of different types can be generated and how they can be combined with use-specific keys to provide revocability and cancelability in case of compromise. Using the proposed approach a proxy dataset is generated from samples belonging to Anguli fingerprint database. Matching experiments were performed on the new set which is 5 times larger than the original, and it was found that their performance is at par with 0 FAR and 0 FRR in the stolen key, safe key scenarios. Other parameters on revocability and diversity are also analyzed for protection performance.

security

Title: Chatbots in a Botnet World. (arXiv:2212.11126v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2212.11126
• Code URL: null
• Copy Paste: [[2212.11126] Chatbots in a Botnet World](http://arxiv.org/abs/2212.11126) #security
• Summary:

  Question-and-answer formats provide a novel experimental platform for investigating cybersecurity questions. Unlike previous chatbots, the latest ChatGPT model from OpenAI supports an advanced understanding of complex coding questions. The research demonstrates thirteen coding tasks that generally qualify as stages in the MITRE ATT&CK framework, ranging from credential access to defense evasion. With varying success, the experimental prompts generate examples of keyloggers, logic bombs, obfuscated worms, and payment-fulfilled ransomware. The empirical results illustrate cases that support the broad gain of functionality, including self-replication and self-modification, evasion, and strategic understanding of complex cybersecurity goals. One surprising feature of ChatGPT as a language-only model centers on its ability to spawn coding approaches that yield images that obfuscate or embed executable programming steps or links.

Title: AutoMESC: Automatic Framework for Mining and Classifying Ethereum Smart Contract Vulnerabilities and Their Fixes. (arXiv:2212.10660v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2212.10660
• Code URL: null
• Copy Paste: [[2212.10660] AutoMESC: Automatic Framework for Mining and Classifying Ethereum Smart Contract Vulnerabilities and Their Fixes](http://arxiv.org/abs/2212.10660) #security
• Summary:

  Due to the risks associated with vulnerabilities in smart contracts, their security has gained significant attention in recent years. However, there is a lack of open datasets on smart contract vulnerabilities and their fixes that allows for data-driven research. Towards this end, we propose an automated method for mining and classifying Ethereum's smart contract vulnerabilities and their corresponding fixes from GitHub and from the Common Vulnerabilities and Exposures (CVE) records in the National Vulnerability Database. We implemented the proposed method in a fully automated framework, which we call AutoMESC. AutoMESC uses seven of the most well-known smart contract security tools to classify and label the collected vulnerabilities based on vulnerability types. Furthermore, it collects metadata that can be used in data-intensive smart contract security research (e.g., vulnerability detection, vulnerability classification, severity prediction, and automated repair). We used AutoMESC to construct a sample dataset and made it publicly available. Currently, the dataset contains 6.7K smart contracts' vulnerability-fix pairs written in Solidity. We assess the quality of the constructed dataset in terms of accuracy, provenance, and relevance, and compare it with existing datasets. AutoMESC is designed to collect data continuously and keep the corresponding dataset up-to-date with newly discovered smart contract vulnerabilities and their fixes from GitHub and CVE records.

Title: A Comparative Risk Analysis on CyberShip System with STPA-Sec, STRIDE and CORAS. (arXiv:2212.10830v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2212.10830
• Code URL: null
• Copy Paste: [[2212.10830] A Comparative Risk Analysis on CyberShip System with STPA-Sec, STRIDE and CORAS](http://arxiv.org/abs/2212.10830) #security
• Summary:

  The widespread use of software-intensive cyber systems in critical infrastructures such as ships (CyberShips) has brought huge benefits, yet it has also opened new avenues for cyber attacks to potentially disrupt operations. Cyber risk assessment plays a vital role in identifying cyber threats and vulnerabilities that can be exploited to compromise cyber systems. A number of methodologies have been proposed to carry out these analyses. This paper evaluates and compares the application of three risk assessment methodologies: system theoretic process analysis (STPA-Sec), STRIDE and CORAS for identifying threats and vulnerabilities in a CyberShip system. We specifically selected these three methodologies because they identify threats not only at the component level, but also threats or hazards caused due to the interaction between components, resulting in sets of threats identified with each methodology and relevant differences. Moreover, STPA-Sec which is a variant of the STPA is widely used for safety and security analysis of cyber physical systems (CPS); CORAS offers a framework to perform cyber risk assessment in a top-down approach that aligns with STPA-Sec; and STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of Service, Elevation of Privilege) considers threat at the component level as well as during the interaction that is similar to STPA-Sec. As a result of this analysis, this paper highlights the pros and cons of these methodologies, illustrates areas of special applicability, and suggests that their complementary use as threats identified through STRIDE can be used as an input to CORAS and STPA-Sec to make these methods more structured.

Title: Ensemble learning techniques for intrusion detection system in the context of cybersecurity. (arXiv:2212.10913v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2212.10913
• Code URL: null
• Copy Paste: [[2212.10913] Ensemble learning techniques for intrusion detection system in the context of cybersecurity](http://arxiv.org/abs/2212.10913) #security
• Summary:

  Recently, there has been an interest in improving the resources available in Intrusion Detection System (IDS) techniques. In this sense, several studies related to cybersecurity show that the environment invasions and information kidnapping are increasingly recurrent and complex. The criticality of the business involving operations in an environment using computing resources does not allow the vulnerability of the information. Cybersecurity has taken on a dimension within the universe of indispensable technology in corporations, and the prevention of risks of invasions into the environment is dealt with daily by Security teams. Thus, the main objective of the study was to investigate the Ensemble Learning technique using the Stacking method, supported by the Support Vector Machine (SVM) and k-Nearest Neighbour (kNN) algorithms aiming at an optimization of the results for DDoS attack detection. For this, the Intrusion Detection System concept was used with the application of the Data Mining and Machine Learning Orange tool to obtain better results

Title: Quotable Signatures for Authenticating Shared Quotes. (arXiv:2212.10963v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2212.10963
• Code URL: null
• Copy Paste: [[2212.10963] Quotable Signatures for Authenticating Shared Quotes](http://arxiv.org/abs/2212.10963) #security
• Summary:

  Quotable signatures are digital signatures that allow a user to quote parts of a signed document, permitting a reader of the quote to verify its authenticity. This paper adds to the theory on {quotable signatures} in three ways: (1) by giving bounds on the size of signatures for arbitrary and contiguous quotes, when the quotable signatures are realized using Merkle trees, (2) by proving the security of quotable signature realized using Merkle trees, and (3) by providing algorithms for signing, quoting, and verifying quotable signatures realized using Merkle trees. Additionally, the paper carefully considers a concrete use case of quotable signatures, using them to combat misinformation by bolstering authentic content. Motivation is given for why using quotable signatures could help mitigate the effects of fake news.

Title: LogAnMeta: Log Anomaly Detection Using Meta Learning. (arXiv:2212.10992v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.10992
• Code URL: null
• Copy Paste: [[2212.10992] LogAnMeta: Log Anomaly Detection Using Meta Learning](http://arxiv.org/abs/2212.10992) #security
• Summary:

  Modern telecom systems are monitored with performance and system logs from multiple application layers and components. Detecting anomalous events from these logs is key to identify security breaches, resource over-utilization, critical/fatal errors, etc. Current supervised log anomaly detection frameworks tend to perform poorly on new types or signatures of anomalies with few or unseen samples in the training data. In this work, we propose a meta-learning-based log anomaly detection framework (LogAnMeta) for detecting anomalies from sequence of log events with few samples. LoganMeta train a hybrid few-shot classifier in an episodic manner. The experimental results demonstrate the efficacy of our proposed method

Title: Is it worth it? An experimental comparison of six deep- and classical machine learning methods for unsupervised anomaly detection in time series. (arXiv:2212.11080v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.11080
• Code URL: https://gitlab.com/dlr-dw/is-it-worth-it-benchmark
• Copy Paste: [[2212.11080] Is it worth it? An experimental comparison of six deep- and classical machine learning methods for unsupervised anomaly detection in time series](http://arxiv.org/abs/2212.11080) #security
• Summary:

  The detection of anomalies in time series data is crucial in a wide range of applications, such as system monitoring, health care or cyber security. While the vast number of available methods makes selecting the right method for a certain application hard enough, different methods have different strengths, e.g. regarding the type of anomalies they are able to find. In this work, we compare six unsupervised anomaly detection methods with different complexities to answer the questions: Are the more complex methods usually performing better? And are there specific anomaly types that those method are tailored to? The comparison is done on the UCR anomaly archive, a recent benchmark dataset for anomaly detection. We compare the six methods by analyzing the experimental results on a dataset- and anomaly type level after tuning the necessary hyperparameter for each method. Additionally we examine the ability of individual methods to incorporate prior knowledge about the anomalies and analyse the differences of point-wise and sequence wise features. We show with broad experiments, that the classical machine learning methods show a superior performance compared to the deep learning methods across a wide range of anomaly types.

privacy

Title: Privacy-Protecting Behaviours of Risk Detection in People with Dementia using Videos. (arXiv:2212.10682v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.10682
• Code URL: null
• Copy Paste: [[2212.10682] Privacy-Protecting Behaviours of Risk Detection in People with Dementia using Videos](http://arxiv.org/abs/2212.10682) #privacy
• Summary:

  People living with dementia often exhibit behavioural and psychological symptoms of dementia that can put their and others' safety at risk. Existing video surveillance systems in long-term care facilities can be used to monitor such behaviours of risk to alert the staff to prevent potential injuries or death in some cases. However, these behaviours of risk events are heterogeneous and infrequent in comparison to normal events. Moreover, analyzing raw videos can also raise privacy concerns. In this paper, we present two novel privacy-protecting video-based anomaly detection approaches to detect behaviours of risks in people with dementia. We either extracted body pose information as skeletons and use semantic segmentation masks to replace multiple humans in the scene with their semantic boundaries. Our work differs from most existing approaches for video anomaly detection that focus on appearance-based features, which can put the privacy of a person at risk and is also susceptible to pixel-based noise, including illumination and viewing direction. We used anonymized videos of normal activities to train customized spatio-temporal convolutional autoencoders and identify behaviours of risk as anomalies. We show our results on a real-world study conducted in a dementia care unit with patients with dementia, containing approximately 21 hours of normal activities data for training and 9 hours of data containing normal and behaviours of risk events for testing. We compared our approaches with the original RGB videos and obtained an equivalent area under the receiver operating characteristic curve performance of 0.807 for the skeleton-based approach and 0.823 for the segmentation mask-based approach. This is one of the first studies to incorporate privacy for the detection of behaviours of risks in people with dementia.

Title: Local Differential Privacy Image Generation Using Flow-based Deep Generative Models. (arXiv:2212.10688v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.10688
• Code URL: null
• Copy Paste: [[2212.10688] Local Differential Privacy Image Generation Using Flow-based Deep Generative Models](http://arxiv.org/abs/2212.10688) #privacy
• Summary:

  Diagnostic radiologists need artificial intelligence (AI) for medical imaging, but access to medical images required for training in AI has become increasingly restrictive. To release and use medical images, we need an algorithm that can simultaneously protect privacy and preserve pathologies in medical images. To develop such an algorithm, here, we propose DP-GLOW, a hybrid of a local differential privacy (LDP) algorithm and one of the flow-based deep generative models (GLOW). By applying a GLOW model, we disentangle the pixelwise correlation of images, which makes it difficult to protect privacy with straightforward LDP algorithms for images. Specifically, we map images onto the latent vector of the GLOW model, each element of which follows an independent normal distribution, and we apply the Laplace mechanism to the latent vector. Moreover, we applied DP-GLOW to chest X-ray images to generate LDP images while preserving pathologies.

Title: PABAU: Privacy Analysis of Biometric API Usage. (arXiv:2212.10861v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2212.10861
• Code URL: null
• Copy Paste: [[2212.10861] PABAU: Privacy Analysis of Biometric API Usage](http://arxiv.org/abs/2212.10861) #privacy
• Summary:

  Biometric data privacy is becoming a major concern for many organizations in the age of big data, particularly in the ICT sector, because it may be easily exploited in apps. Most apps utilize biometrics by accessing common application programming interfaces (APIs); hence, we aim to categorize their usage. The categorization based on behavior may be closely correlated with the sensitive processing of a user's biometric data, hence highlighting crucial biometric data privacy assessment concerns. We propose PABAU, Privacy Analysis of Biometric API Usage. PABAU learns semantic features of methods in biometric APIs and uses them to detect and categorize the usage of biometric API implementation in the software according to their privacy-related behaviors. This technique bridges the communication and background knowledge gap between technical and non-technical individuals in organizations by providing an automated method for both parties to acquire a rapid understanding of the essential behaviors of biometric API in apps, as well as future support to data protection officers (DPO) with legal documentation, such as conducting a Data Protection Impact Assessment (DPIA).

Title: SoK: Let The Privacy Games Begin! A Unified Treatment of Data Inference Privacy in Machine Learning. (arXiv:2212.10986v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.10986
• Code URL: null
• Copy Paste: [[2212.10986] SoK: Let The Privacy Games Begin! A Unified Treatment of Data Inference Privacy in Machine Learning](http://arxiv.org/abs/2212.10986) #privacy
• Summary:

  Deploying machine learning models in production may allow adversaries to infer sensitive information about training data. There is a vast literature analyzing different types of inference risks, ranging from membership inference to reconstruction attacks. Inspired by the success of games (i.e., probabilistic experiments) to study security properties in cryptography, some authors describe privacy inference risks in machine learning using a similar game-based style. However, adversary capabilities and goals are often stated in subtly different ways from one presentation to the other, which makes it hard to relate and compose results. In this paper, we present a game-based framework to systematize the body of knowledge on privacy inference risks in machine learning.

Title: BDSP: A Fair Blockchain-enabled Framework for Privacy-Enhanced Enterprise Data Sharing. (arXiv:2212.11128v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2212.11128
• Code URL: null
• Copy Paste: [[2212.11128] BDSP: A Fair Blockchain-enabled Framework for Privacy-Enhanced Enterprise Data Sharing](http://arxiv.org/abs/2212.11128) #privacy
• Summary:

  Across industries, there is an ever-increasing rate of data sharing for collaboration and innovation between organizations and their customers, partners, suppliers, and internal teams. However, many enterprises are restricted from freely sharing data due to regulatory restrictions across different regions, performance issues in moving large volume data, or requirements to maintain autonomy. In such situations, the enterprise can benefit from the concept of federated learning, in which machine learning models are constructed at various geographic sites. In this paper, we introduce a general framework, namely BDSP, to share data among enterprises based on Blockchain and federated learning techniques. Specifically, we propose a transparency contribution accounting mechanism to estimate the valuation of data and implement a proof-of-concept for further evaluation. The extensive experimental results show that the proposed BDSP has a competitive performance with higher training accuracy, an increase of over 5%, and lower communication overhead, reducing 3 times, compared to baseline approaches.

protect

Title: Device-Bind Key-Storageless Hardware AI Model IP Protection: A PUF and Permute-Diffusion Encryption-Enabled Approach. (arXiv:2212.11133v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2212.11133
• Code URL: null
• Copy Paste: [[2212.11133] Device-Bind Key-Storageless Hardware AI Model IP Protection: A PUF and Permute-Diffusion Encryption-Enabled Approach](http://arxiv.org/abs/2212.11133) #protect
• Summary:

  Machine learning as a service (MLaaS) framework provides intelligent services or well-trained artificial intelligence (AI) models for local devices. However, in the process of model transmission and deployment, there are security issues, i.e. AI model leakage due to the unreliable transmission environments and illegal abuse at local devices without permission. Although existing works study the intellectual property (IP) protection of AI models, they mainly focus on the watermark-based and encryption-based methods and have the following problems: (i) The watermark-based methods only provide passive verification afterward rather than active protection. (ii) Encryption-based methods are low efficiency in computation and low security in key storage. (iii) The existing methods are not device-bind without the ability to avoid illegal abuse of AI models. To deal with these problems, we propose a device-bind and key-storageless hardware AI model IP protection mechanism. First, a physical unclonable function (PUF) and permute-diffusion encryption-based AI model protection framework is proposed, including the PUF-based secret key generation and the geometric-value transformation-based weights encryption. Second, we design a PUF-based key generation protocol, where delay-based Anderson PUF is adopted to generate the derive-bind secret key. Besides, convolutional coding and convolutional interleaving technologies are combined to improve the stability of PUF-based key generation and reconstruction. Third, a permute and diffusion-based intelligent model weights encryption/decryption method is proposed to achieve effective IP protection, where chaos theory is utilized to convert the PUF-based secret key to encryption/decryption keys. Finally, experimental evaluation demonstrates the effectiveness of the proposed intelligent model IP protection mechanism.

defense

attack

Title: Holistic risk assessment of inference attacks in machine learning. (arXiv:2212.10628v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2212.10628
• Code URL: null
• Copy Paste: [[2212.10628] Holistic risk assessment of inference attacks in machine learning](http://arxiv.org/abs/2212.10628) #attack
• Summary:

  As machine learning expanding application, there are more and more unignorable privacy and safety issues. Especially inference attacks against Machine Learning models allow adversaries to infer sensitive information about the target model, such as training data, model parameters, etc. Inference attacks can lead to serious consequences, including violating individuals privacy, compromising the intellectual property of the owner of the machine learning model. As far as concerned, researchers have studied and analyzed in depth several types of inference attacks, albeit in isolation, but there is still a lack of a holistic rick assessment of inference attacks against machine learning models, such as their application in different scenarios, the common factors affecting the performance of these attacks and the relationship among the attacks. As a result, this paper performs a holistic risk assessment of different inference attacks against Machine Learning models. This paper focuses on three kinds of representative attacks: membership inference attack, attribute inference attack and model stealing attack. And a threat model taxonomy is established. A total of 12 target models using three model architectures, including AlexNet, ResNet18 and Simple CNN, are trained on four datasets, namely CelebA, UTKFace, STL10 and FMNIST.

Title: An Evaluation of the State-of-the-Art Software and Hardware Implementations of BIKE. (arXiv:2212.10636v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2212.10636
• Code URL: null
• Copy Paste: [[2212.10636] An Evaluation of the State-of-the-Art Software and Hardware Implementations of BIKE](http://arxiv.org/abs/2212.10636) #attack
• Summary:

  NIST is conducting a process for the standardization of post-quantum cryptosystems, i.e., cryptosystems that are resistant to attacks by both traditional and quantum computers and that can thus substitute the traditional public-key cryptography solutions which are expected to be broken by quantum computers in the next decades. This manuscript provides an overview and a comparison of the existing state-of-the-art implementations of the BIKE QC-MDPC code-based post-quantum KEM, a candidate in NIST's PQC standardization process. We consider both software, hardware, and mixed hardware-software implementations and evaluate their performance and, for hardware ones, their resource utilization.

Title: Hidden Poison: Machine Unlearning Enables Camouflaged Poisoning Attacks. (arXiv:2212.10717v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.10717
• Code URL: https://github.com/jimmy-di/camouflage-poisoning
• Copy Paste: [[2212.10717] Hidden Poison: Machine Unlearning Enables Camouflaged Poisoning Attacks](http://arxiv.org/abs/2212.10717) #attack
• Summary:

  We introduce camouflaged data poisoning attacks, a new attack vector that arises in the context of machine unlearning and other settings when model retraining may be induced. An adversary first adds a few carefully crafted points to the training dataset such that the impact on the model's predictions is minimal. The adversary subsequently triggers a request to remove a subset of the introduced points at which point the attack is unleashed and the model's predictions are negatively affected. In particular, we consider clean-label targeted attacks (in which the goal is to cause the model to misclassify a specific test point) on datasets including CIFAR-10, Imagenette, and Imagewoof. This attack is realized by constructing camouflage datapoints that mask the effect of a poisoned dataset.

Title: Defining C-ITS Environment and Attack Scenarios. (arXiv:2212.10854v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2212.10854
• Code URL: null
• Copy Paste: [[2212.10854] Defining C-ITS Environment and Attack Scenarios](http://arxiv.org/abs/2212.10854) #attack
• Summary:

  As technology advances, it is possible to process a lot of data, and as various elements in the city become diverse and complex, cities are becoming smart cities. One of the core systems of smart cities is Cooperative-Intelligent Transport Systems (C-ITS). C-ITS is a system that provides drivers with real-time accident risk information such as surrounding traffic conditions, sudden stops, and falling objects while a vehicle is driving, and consists of road infrastructure, C-ITS center, and vehicle terminals. Meanwhile, smart cities can have cybersecurity problems because many elements of the city are networked and electronically controlled. If cybersecurity problems occur in C-ITS, there is a high risk of safety problems. The purpose of this technical document is to describe C-ITS environment modeling and C-ITS attack scenarios for C-ITS security. After describing the concept of C-ITS and MITRE ATT&CK, we describe the C-ITS environment model and the attack scenario model that we define.

Title: A new weighted ensemble model for phishing detection based on feature selection. (arXiv:2212.11125v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2212.11125
• Code URL: null
• Copy Paste: [[2212.11125] A new weighted ensemble model for phishing detection based on feature selection](http://arxiv.org/abs/2212.11125) #attack
• Summary:

  A phishing attack is a sort of cyber assault in which the attacker sends fake communications to entice a human victim to provide personal information or credentials. Phishing website identification can assist visitors in avoiding becoming victims of these assaults. The phishing problem is increasing day by day, and there is no single solution that can properly mitigate all vulnerabilities, thus many techniques are used. In this paper, We have proposed an ensemble model that combines multiple base models with a voting technique based on the weights. Moreover, we applied feature selection methods and standardization on the dataset effectively and compared the result before and after applying any feature selection.

Title: Vulnerabilities of Deep Learning-Driven Semantic Communications to Backdoor (Trojan) Attacks. (arXiv:2212.11205v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2212.11205
• Code URL: null
• Copy Paste: [[2212.11205] Vulnerabilities of Deep Learning-Driven Semantic Communications to Backdoor (Trojan) Attacks](http://arxiv.org/abs/2212.11205) #attack
• Summary:

  This paper highlights vulnerabilities of deep learning-driven semantic communications to backdoor (Trojan) attacks. Semantic communications aims to convey a desired meaning while transferring information from a transmitter to its receiver. An encoder-decoder pair that is represented by two deep neural networks (DNNs) as part of an autoencoder is trained to reconstruct signals such as images at the receiver by transmitting latent features of small size over a limited number of channel uses. In the meantime, another DNN of a semantic task classifier at the receiver is jointly trained with the autoencoder to check the meaning conveyed to the receiver. The complex decision space of the DNNs makes semantic communications susceptible to adversarial manipulations. In a backdoor (Trojan) attack, the adversary adds triggers to a small portion of training samples and changes the label to a target label. When the transfer of images is considered, the triggers can be added to the images or equivalently to the corresponding transmitted or received signals. In test time, the adversary activates these triggers by providing poisoned samples as input to the encoder (or decoder) of semantic communications. The backdoor attack can effectively change the semantic information transferred for the poisoned input samples to a target meaning. As the performance of semantic communications improves with the signal-to-noise ratio and the number of channel uses, the success of the backdoor attack increases as well. Also, increasing the Trojan ratio in training data makes the attack more successful. In the meantime, the effect of this attack on the unpoisoned input samples remains limited. Overall, this paper shows that the backdoor attack poses a serious threat to semantic communications and presents novel design guidelines to preserve the meaning of transferred information in the presence of backdoor attacks.

Title: A Theoretical Study of The Effects of Adversarial Attacks on Sparse Regression. (arXiv:2212.11209v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.11209
• Code URL: null
• Copy Paste: [[2212.11209] A Theoretical Study of The Effects of Adversarial Attacks on Sparse Regression](http://arxiv.org/abs/2212.11209) #attack
• Summary:

  This paper analyzes $\ell_1$ regularized linear regression under the challenging scenario of having only adversarially corrupted data for training. We use the primal-dual witness paradigm to provide provable performance guarantees for the support of the estimated regression parameter vector to match the actual parameter. Our theoretical analysis shows the counter-intuitive result that an adversary can influence sample complexity by corrupting the irrelevant features, i.e., those corresponding to zero coefficients of the regression parameter vector, which, consequently, do not affect the dependent variable. As any adversarially robust algorithm has its limitations, our theoretical analysis identifies the regimes under which the learning algorithm and adversary can dominate over each other. It helps us to analyze these fundamental limits and address critical scientific questions of which parameters (like mutual incoherence, the maximum and minimum eigenvalue of the covariance matrix, and the budget of adversarial perturbation) play a role in the high or low probability of success of the LASSO algorithm. Also, the derived sample complexity is logarithmic with respect to the size of the regression parameter vector, and our theoretical claims are validated by empirical analysis on synthetic and real-world datasets.

robust

Title: Semi-Supervised Learning of Monocular Depth Estimation via Consistency Regularization with K-way Disjoint Masking. (arXiv:2212.10806v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.10806
• Code URL: https://github.com/ku-cvlab/maskingdepth
• Copy Paste: [[2212.10806] Semi-Supervised Learning of Monocular Depth Estimation via Consistency Regularization with K-way Disjoint Masking](http://arxiv.org/abs/2212.10806) #robust
• Summary:

  Semi-Supervised Learning (SSL) has recently accomplished successful achievements in various fields such as image classification, object detection, and semantic segmentation, which typically require a lot of labour to construct ground-truth. Especially in the depth estimation task, annotating training data is very costly and time-consuming, and thus recent SSL regime seems an attractive solution. In this paper, for the first time, we introduce a novel framework for semi-supervised learning of monocular depth estimation networks, using consistency regularization to mitigate the reliance on large ground-truth depth data. We propose a novel data augmentation approach, called K-way disjoint masking, which allows the network for learning how to reconstruct invisible regions so that the model not only becomes robust to perturbations but also generates globally consistent output depth maps. Experiments on the KITTI and NYU-Depth-v2 datasets demonstrate the effectiveness of each component in our pipeline, robustness to the use of fewer and fewer annotated images, and superior results compared to other state-of-the-art, semi-supervised methods for monocular depth estimation. Our code is available at https://github.com/KU-CVLAB/MaskingDepth.

Title: TruFor: Leveraging all-round clues for trustworthy image forgery detection and localization. (arXiv:2212.10957v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.10957
• Code URL: null
• Copy Paste: [[2212.10957] TruFor: Leveraging all-round clues for trustworthy image forgery detection and localization](http://arxiv.org/abs/2212.10957) #robust
• Summary:

  In this paper we present TruFor, a forensic framework that can be applied to a large variety of image manipulation methods, from classic cheapfakes to more recent manipulations based on deep learning. We rely on the extraction of both high-level and low-level traces through a transformer-based fusion architecture that combines the RGB image and a learned noise-sensitive fingerprint. The latter learns to embed the artifacts related to the camera internal and external processing by training only on real data in a self-supervised manner. Forgeries are detected as deviations from the expected regular pattern that characterizes each pristine image. Looking for anomalies makes the approach able to robustly detect a variety of local manipulations, ensuring generalization. In addition to a pixel-level localization map and a whole-image integrity score, our approach outputs a reliability map that highlights areas where localization predictions may be error-prone. This is particularly important in forensic applications in order to reduce false alarms and allow for a large scale analysis. Extensive experiments on several datasets show that our method is able to reliably detect and localize both cheapfakes and deepfakes manipulations outperforming state-of-the-art works. Code will be publicly available at https://grip-unina.github.io/TruFor/

Title: Revisiting Residual Networks for Adversarial Robustness: An Architectural Perspective. (arXiv:2212.11005v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.11005
• Code URL: https://github.com/zhichao-lu/robust-residual-network
• Copy Paste: [[2212.11005] Revisiting Residual Networks for Adversarial Robustness: An Architectural Perspective](http://arxiv.org/abs/2212.11005) #robust
• Summary:

  Efforts to improve the adversarial robustness of convolutional neural networks have primarily focused on developing more effective adversarial training methods. In contrast, little attention was devoted to analyzing the role of architectural elements (such as topology, depth, and width) on adversarial robustness. This paper seeks to bridge this gap and present a holistic study on the impact of architectural design on adversarial robustness. We focus on residual networks and consider architecture design at the block level, i.e., topology, kernel size, activation, and normalization, as well as at the network scaling level, i.e., depth and width of each block in the network. In both cases, we first derive insights through systematic ablative experiments. Then we design a robust residual block, dubbed RobustResBlock, and a compound scaling rule, dubbed RobustScaling, to distribute depth and width at the desired FLOP count. Finally, we combine RobustResBlock and RobustScaling and present a portfolio of adversarially robust residual networks, RobustResNets, spanning a broad spectrum of model capacities. Experimental validation across multiple datasets and adversarial attacks demonstrate that RobustResNets consistently outperform both the standard WRNs and other existing robust architectures, achieving state-of-the-art AutoAttack robust accuracy of 61.1% without additional data and 63.7% with 500K external data while being $2\times$ more compact in terms of parameters. Code is available at \url{ https://github.com/zhichao-lu/robust-residual-network}

Title: Object detection-based inspection of power line insulators: Incipient fault detection in the low data-regime. (arXiv:2212.11017v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.11017
• Code URL: null
• Copy Paste: [[2212.11017] Object detection-based inspection of power line insulators: Incipient fault detection in the low data-regime](http://arxiv.org/abs/2212.11017) #robust
• Summary:

  Deep learning-based object detection is a powerful approach for detecting faulty insulators in power lines. This involves training an object detection model from scratch, or fine tuning a model that is pre-trained on benchmark computer vision datasets. This approach works well with a large number of insulator images, but can result in unreliable models in the low data regime. The current literature mainly focuses on detecting the presence or absence of insulator caps, which is a relatively easy detection task, and does not consider detection of finer faults such as flashed and broken disks. In this article, we formulate three object detection tasks for insulator and asset inspection from aerial images, focusing on incipient faults in disks. We curate a large reference dataset of insulator images that can be used to learn robust features for detecting healthy and faulty insulators. We study the advantage of using this dataset in the low target data regime by pre-training on the reference dataset followed by fine-tuning on the target dataset. The results suggest that object detection models can be used to detect faults in insulators at a much incipient stage, and that transfer learning adds value depending on the type of object detection model. We identify key factors that dictate performance in the low data-regime and outline potential approaches to improve the state-of-the-art.

Title: THMA: Tencent HD Map AI System for Creating HD Map Annotations. (arXiv:2212.11123v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.11123
• Code URL: null
• Copy Paste: [[2212.11123] THMA: Tencent HD Map AI System for Creating HD Map Annotations](http://arxiv.org/abs/2212.11123) #robust
• Summary:

  Nowadays, autonomous vehicle technology is becoming more and more mature. Critical to progress and safety, high-definition (HD) maps, a type of centimeter-level map collected using a laser sensor, provide accurate descriptions of the surrounding environment. The key challenge of HD map production is efficient, high-quality collection and annotation of large-volume datasets. Due to the demand for high quality, HD map production requires significant manual human effort to create annotations, a very time-consuming and costly process for the map industry. In order to reduce manual annotation burdens, many artificial intelligence (AI) algorithms have been developed to pre-label the HD maps. However, there still exists a large gap between AI algorithms and the traditional manual HD map production pipelines in accuracy and robustness. Furthermore, it is also very resource-costly to build large-scale annotated datasets and advanced machine learning algorithms for AI-based HD map automatic labeling systems. In this paper, we introduce the Tencent HD Map AI (THMA) system, an innovative end-to-end, AI-based, active learning HD map labeling system capable of producing and labeling HD maps with a scale of hundreds of thousands of kilometers. In THMA, we train AI models directly from massive HD map datasets via supervised, self-supervised, and weakly supervised learning to achieve high accuracy and efficiency required by downstream users. THMA has been deployed by the Tencent Map team to provide services to downstream companies and users, serving over 1,000 labeling workers and producing more than 30,000 kilometers of HD map data per day at most. More than 90 percent of the HD map data in Tencent Map is labeled automatically by THMA, accelerating the traditional HD map labeling process by more than ten times.

Title: Not Just Pretty Pictures: Text-to-Image Generators Enable Interpretable Interventions for Robust Representations. (arXiv:2212.11237v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.11237
• Code URL: null
• Copy Paste: [[2212.11237] Not Just Pretty Pictures: Text-to-Image Generators Enable Interpretable Interventions for Robust Representations](http://arxiv.org/abs/2212.11237) #robust
• Summary:

  Neural image classifiers are known to undergo severe performance degradation when exposed to input that exhibits covariate-shift with respect to the training distribution. Successful hand-crafted augmentation pipelines aim at either approximating the expected test domain conditions or to perturb the features that are specific to the training environment. The development of effective pipelines is typically cumbersome, and produce transformations whose impact on the classifier performance are hard to understand and control. In this paper, we show that recent Text-to-Image (T2I) generators' ability to simulate image interventions via natural-language prompts can be leveraged to train more robust models, offering a more interpretable and controllable alternative to traditional augmentation methods. We find that a variety of prompting mechanisms are effective for producing synthetic training data sufficient to achieve state-of-the-art performance in widely-adopted domain-generalization benchmarks and reduce classifiers' dependency on spurious features. Our work suggests that further progress in T2I generation and a tighter integration with other research fields may represent a significant step towards the development of more robust machine learning systems.

Title: Understanding Stereotypes in Language Models: Towards Robust Measurement and Zero-Shot Debiasing. (arXiv:2212.10678v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2212.10678
• Code URL: null
• Copy Paste: [[2212.10678] Understanding Stereotypes in Language Models: Towards Robust Measurement and Zero-Shot Debiasing](http://arxiv.org/abs/2212.10678) #robust
• Summary:

  Generated texts from large pretrained language models have been shown to exhibit a variety of harmful, human-like biases about various demographics. These findings prompted large efforts aiming to understand and measure such effects, with the goal of providing benchmarks that can guide the development of techniques mitigating these stereotypical associations. However, as recent research has pointed out, the current benchmarks lack a robust experimental setup, consequently hindering the inference of meaningful conclusions from their evaluation metrics. In this paper, we extend these arguments and demonstrate that existing techniques and benchmarks aiming to measure stereotypes tend to be inaccurate and consist of a high degree of experimental noise that severely limits the knowledge we can gain from benchmarking language models based on them. Accordingly, we propose a new framework for robustly measuring and quantifying biases exhibited by generative language models. Finally, we use this framework to investigate GPT-3's occupational gender bias and propose prompting techniques for mitigating these biases without the need for fine-tuning.

Title: Resolving Indirect Referring Expressions for Entity Selection. (arXiv:2212.10933v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2212.10933
• Code URL: null
• Copy Paste: [[2212.10933] Resolving Indirect Referring Expressions for Entity Selection](http://arxiv.org/abs/2212.10933) #robust
• Summary:

  Recent advances in language modeling have enabled new conversational systems. In particular, it is often desirable for people to make choices among specified options when using such systems. We address the problem of reference resolution, when people use natural expressions to choose between real world entities. For example, given the choice Should we make a Simnel cake or a Pandan cake?' a natural response from a non-expert may be indirect:let's make the green one'. Reference resolution has been little studied with natural expressions, thus robustly understanding such language has large potential for improving naturalness in dialog, recommendation, and search systems. We create AltEntities (Alternative Entities), a new public dataset of entity pairs and utterances, and develop models for the disambiguation problem. Consisting of 42K indirect referring expressions across three domains, it enables for the first time the study of how large language models can be adapted to this task. We find they achieve 82%-87% accuracy in realistic settings, which while reasonable also invites further advances.

Title: QVIP: An ILP-based Formal Verification Approach for Quantized Neural Networks. (arXiv:2212.11138v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2212.11138
• Code URL: null
• Copy Paste: [[2212.11138] QVIP: An ILP-based Formal Verification Approach for Quantized Neural Networks](http://arxiv.org/abs/2212.11138) #robust
• Summary:

  Deep learning has become a promising programming paradigm in software development, owing to its surprising performance in solving many challenging tasks. Deep neural networks (DNNs) are increasingly being deployed in practice, but are limited on resource-constrained devices owing to their demand for computational power. Quantization has emerged as a promising technique to reduce the size of DNNs with comparable accuracy as their floating-point numbered counterparts. The resulting quantized neural networks (QNNs) can be implemented energy-efficiently. Similar to their floating-point numbered counterparts, quality assurance techniques for QNNs, such as testing and formal verification, are essential but are currently less explored. In this work, we propose a novel and efficient formal verification approach for QNNs. In particular, we are the first to propose an encoding that reduces the verification problem of QNNs into the solving of integer linear constraints, which can be solved using off-the-shelf solvers. Our encoding is both sound and complete. We demonstrate the application of our approach on local robustness verification and maximum robustness radius computation. We implement our approach in a prototype tool QVIP and conduct a thorough evaluation. Experimental results on QNNs with different quantization bits confirm the effectiveness and efficiency of our approach, e.g., two orders of magnitude faster and able to solve more verification tasks in the same time limit than the state-of-the-art methods.

biometric

steal

extraction

Title: Attention-Aware Anime Line Drawing Colorization. (arXiv:2212.10988v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.10988
• Code URL: null
• Copy Paste: [[2212.10988] Attention-Aware Anime Line Drawing Colorization](http://arxiv.org/abs/2212.10988) #extraction
• Summary:

  Automatic colorization of anime line drawing has attracted much attention in recent years since it can substantially benefit the animation industry. User-hint based methods are the mainstream approach for line drawing colorization, while reference-based methods offer a more intuitive approach. Nevertheless, although reference-based methods can improve feature aggregation of the reference image and the line drawing, the colorization results are not compelling in terms of color consistency or semantic correspondence. In this paper, we introduce an attention-based model for anime line drawing colorization, in which a channel-wise and spatial-wise Convolutional Attention module is used to improve the ability of the encoder for feature extraction and key area perception, and a Stop-Gradient Attention module with cross-attention and self-attention is used to tackle the cross-domain long-range dependency problem. Extensive experiments show that our method outperforms other SOTA methods, with more accurate line structure and semantic color information.

Title: Zero-shot Triplet Extraction by Template Infilling. (arXiv:2212.10708v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2212.10708
• Code URL: null
• Copy Paste: [[2212.10708] Zero-shot Triplet Extraction by Template Infilling](http://arxiv.org/abs/2212.10708) #extraction
• Summary:

  Triplet extraction aims to extract entities and their corresponding relations in unstructured text. Most existing methods train an extraction model on high-quality training data, and hence are incapable of extracting relations that were not observed during training. Generalizing the model to unseen relations typically requires fine-tuning on synthetic training data which is often noisy and unreliable. In this paper, we argue that reducing triplet extraction to a template filling task over a pre-trained language model can equip the model with zero-shot learning capabilities and enable it to leverage the implicit knowledge in the language model. Embodying these ideas, we propose a novel framework, ZETT (ZEro-shot Triplet extraction by Template infilling), that is based on end-to-end generative transformers. Our experiments show that without any data augmentation or pipeline systems, ZETT can outperform previous state-of-the-art models with 25% less parameters. We further show that ZETT is more robust in detecting entities and can be incorporated with automatically generated templates for relations.

Title: Integrating Heterogeneous Domain Information into Relation Extraction: A Case Study on Drug-Drug Interaction Extraction. (arXiv:2212.10714v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2212.10714
• Code URL: null
• Copy Paste: [[2212.10714] Integrating Heterogeneous Domain Information into Relation Extraction: A Case Study on Drug-Drug Interaction Extraction](http://arxiv.org/abs/2212.10714) #extraction
• Summary:

  The development of deep neural networks has improved representation learning in various domains, including textual, graph structural, and relational triple representations. This development opened the door to new relation extraction beyond the traditional text-oriented relation extraction. However, research on the effectiveness of considering multiple heterogeneous domain information simultaneously is still under exploration, and if a model can take an advantage of integrating heterogeneous information, it is expected to exhibit a significant contribution to many problems in the world. This thesis works on Drug-Drug Interactions (DDIs) from the literature as a case study and realizes relation extraction utilizing heterogeneous domain information. First, a deep neural relation extraction model is prepared and its attention mechanism is analyzed. Next, a method to combine the drug molecular structure information and drug description information to the input sentence information is proposed, and the effectiveness of utilizing drug molecular structures and drug descriptions for the relation extraction task is shown. Then, in order to further exploit the heterogeneous information, drug-related items, such as protein entries, medical terms and pathways are collected from multiple existing databases and a new data set in the form of a knowledge graph (KG) is constructed. A link prediction task on the constructed data set is conducted to obtain embedding representations of drugs that contain the heterogeneous domain information. Finally, a method that integrates the input sentence information and the heterogeneous KG information is proposed. The proposed model is trained and evaluated on a widely used data set, and as a result, it is shown that utilizing heterogeneous domain information significantly improves the performance of relation extraction from the literature.

Title: How Does Beam Search improve Span-Level Confidence Estimation in Generative Sequence Labeling?. (arXiv:2212.10767v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2212.10767
• Code URL: null
• Copy Paste: [[2212.10767] How Does Beam Search improve Span-Level Confidence Estimation in Generative Sequence Labeling?](http://arxiv.org/abs/2212.10767) #extraction
• Summary:

  Text-to-text generation models have increasingly become the go-to solution for a wide variety of sequence labeling tasks (e.g., entity extraction and dialog slot filling). While most research has focused on the labeling accuracy, a key aspect -- of vital practical importance -- has slipped through the cracks: understanding model confidence. More specifically, we lack a principled understanding of how to reliably gauge the confidence of a model in its predictions for each labeled span. This paper aims to provide some empirical insights on estimating model confidence for generative sequence labeling. Most notably, we find that simply using the decoder's output probabilities is not the best in realizing well-calibrated confidence estimates. As verified over six public datasets of different tasks, we show that our proposed approach -- which leverages statistics from top-$k$ predictions by a beam search -- significantly reduces calibration errors of the predictions of a generative sequence labeling model.

Title: ImPaKT: A Dataset for Open-Schema Knowledge Base Construction. (arXiv:2212.10770v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2212.10770
• Code URL: null
• Copy Paste: [[2212.10770] ImPaKT: A Dataset for Open-Schema Knowledge Base Construction](http://arxiv.org/abs/2212.10770) #extraction
• Summary:

  Large language models have ushered in a golden age of semantic parsing. The seq2seq paradigm allows for open-schema and abstractive attribute and relation extraction given only small amounts of finetuning data. Language model pretraining has simultaneously enabled great strides in natural language inference, reasoning about entailment and implication in free text. These advances motivate us to construct ImPaKT, a dataset for open-schema information extraction, consisting of around 2500 text snippets from the C4 corpus, in the shopping domain (product buying guides), professionally annotated with extracted attributes, types, attribute summaries (attribute schema discovery from idiosyncratic text), many-to-one relations between compound and atomic attributes, and implication relations. We release this data in hope that it will be useful in fine tuning semantic parsers for information extraction and knowledge base construction across a variety of domains. We evaluate the power of this approach by fine-tuning the open source UL2 language model on a subset of the dataset, extracting a set of implication relations from a corpus of product buying guides, and conducting human evaluations of the resulting predictions.

Title: Can NLI Provide Proper Indirect Supervision for Low-resource Biomedical Relation Extraction?. (arXiv:2212.10784v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2212.10784
• Code URL: null
• Copy Paste: [[2212.10784] Can NLI Provide Proper Indirect Supervision for Low-resource Biomedical Relation Extraction?](http://arxiv.org/abs/2212.10784) #extraction
• Summary:

  Two key obstacles in biomedical relation extraction (RE) are the scarcity of annotations and the prevalence of instances without explicitly pre-defined labels due to low annotation coverage. Existing approaches, which treat biomedical RE as a multi-class classification task, often result in poor generalization in low-resource settings and do not have the ability to make selective prediction on unknown cases but give a guess from seen relations, hindering the applicability of those approaches. We present NBR, which converts biomedical RE as natural language inference formulation through indirect supervision. By converting relations to natural language hypotheses, NBR is capable of exploiting semantic cues to alleviate annotation scarcity. By incorporating a ranking-based loss that implicitly calibrates abstinent instances, NBR learns a clearer decision boundary and is instructed to abstain on uncertain instances. Extensive experiments on three widely-used biomedical RE benchmarks, namely ChemProt, DDI and GAD, verify the effectiveness of NBR in both full-set and low-resource regimes. Our analysis demonstrates that indirect supervision benefits biomedical RE even when a domain gap exists, and combining NLI knowledge with biomedical knowledge leads to the best performance gains.

Title: Multi-hop Evidence Retrieval for Cross-document Relation Extraction. (arXiv:2212.10786v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2212.10786
• Code URL: null
• Copy Paste: [[2212.10786] Multi-hop Evidence Retrieval for Cross-document Relation Extraction](http://arxiv.org/abs/2212.10786) #extraction
• Summary:

  Relation Extraction (RE) has been extended to cross-document scenarios because many relations are not simply described in a single document. This inevitably brings the challenge of efficient open-space evidence retrieval to support the inference of cross-document relations, along with the challenge of multi-hop reasoning on top of entities and evidence scattered in an open set of documents. To combat these challenges, we propose Mr.CoD, a multi-hop evidence retrieval method based on evidence path mining and ranking with adapted dense retrievers. We explore multiple variants of retrievers to show evidence retrieval is an essential part in cross-document RE. Experiments on CodRED show that evidence retrieval with Mr.Cod effectively acquires cross-document evidence that essentially supports open-setting cross-document RE. Additionally, we show that Mr.CoD facilitates evidence retrieval and boosts end-to-end RE performance with effective multi-hop reasoning in both closed and open settings of RE.

Title: Continual Contrastive Finetuning Improves Low-Resource Relation Extraction. (arXiv:2212.10823v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2212.10823
• Code URL: null
• Copy Paste: [[2212.10823] Continual Contrastive Finetuning Improves Low-Resource Relation Extraction](http://arxiv.org/abs/2212.10823) #extraction
• Summary:

  Relation extraction (RE), which has relied on structurally annotated corpora for model training, has been particularly challenging in low-resource scenarios and domains. Recent literature has tackled low-resource RE by self-supervised learning, where the solution involves pretraining the relation embedding by RE-based objective and finetuning on labeled data by classification-based objective. However, a critical challenge to this approach is the gap in objectives, which prevents the RE model from fully utilizing the knowledge in pretrained representations. In this paper, we aim at bridging the gap and propose to pretrain and finetune the RE model using consistent objectives of contrastive learning. Since in this kind of representation learning paradigm, one relation may easily form multiple clusters in the representation space, we further propose a multi-center contrastive loss that allows one relation to form multiple clusters to better align with pretraining. Experiments on two document-level RE datasets, BioRED and Re-DocRED, demonstrate the effectiveness of our method. Particularly, when using 1% end-task training data, our method outperforms PLM-based RE classifier by 10.5% and 5.8% on the two datasets, respectively.

membership infer

federate

Title: Personalized Decentralized Multi-Task Learning Over Dynamic Communication Graphs. (arXiv:2212.11268v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.11268
• Code URL: null
• Copy Paste: [[2212.11268] Personalized Decentralized Multi-Task Learning Over Dynamic Communication Graphs](http://arxiv.org/abs/2212.11268) #federate
• Summary:

  Decentralized and federated learning algorithms face data heterogeneity as one of the biggest challenges, especially when users want to learn a specific task. Even when personalized headers are used concatenated to a shared network (PF-MTL), aggregating all the networks with a decentralized algorithm can result in performance degradation as a result of heterogeneity in the data. Our algorithm uses exchanged gradients to calculate the correlations among tasks automatically, and dynamically adjusts the communication graph to connect mutually beneficial tasks and isolate those that may negatively impact each other. This algorithm improves the learning performance and leads to faster convergence compared to the case where all clients are connected to each other regardless of their correlations. We conduct experiments on a synthetic Gaussian dataset and a large-scale celebrity attributes (CelebA) dataset. The experiment with the synthetic data illustrates that our proposed method is capable of detecting tasks that are positively and negatively correlated. Moreover, the results of the experiments with CelebA demonstrate that the proposed method may produce significantly faster training results than fully-connected networks.

fair

Title: Cross-Linguistic Syntactic Difference in Multilingual BERT: How Good is It and How Does It Affect Transfer?. (arXiv:2212.10879v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2212.10879
• Code URL: https://github.com/ningyuxu/cl-syntactic-difference-mbert
• Copy Paste: [[2212.10879] Cross-Linguistic Syntactic Difference in Multilingual BERT: How Good is It and How Does It Affect Transfer?](http://arxiv.org/abs/2212.10879) #fair
• Summary:

  Multilingual BERT (mBERT) has demonstrated considerable cross-lingual syntactic ability, whereby it enables effective zero-shot cross-lingual transfer of syntactic knowledge. The transfer is more successful between some languages, but it is not well understood what leads to this variation and whether it fairly reflects difference between languages. In this work, we investigate the distributions of grammatical relations induced from mBERT in the context of 24 typologically different languages. We demonstrate that the distance between the distributions of different languages is highly consistent with the syntactic difference in terms of linguistic formalisms. Such difference learnt via self-supervision plays a crucial role in the zero-shot transfer performance and can be predicted by variation in morphosyntactic properties between languages. These results suggest that mBERT properly encodes languages in a way consistent with linguistic diversity and provide insights into the mechanism of cross-lingual transfer.

Title: Crab: Learning Certifiably Fair Predictive Models in the Presence of Selection Bias. (arXiv:2212.10839v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.10839
• Code URL: null
• Copy Paste: [[2212.10839] Crab: Learning Certifiably Fair Predictive Models in the Presence of Selection Bias](http://arxiv.org/abs/2212.10839) #fair
• Summary:

  A recent explosion of research focuses on developing methods and tools for building fair predictive models. However, most of this work relies on the assumption that the training and testing data are representative of the target population on which the model will be deployed. However, real-world training data often suffer from selection bias and are not representative of the target population for many reasons, including the cost and feasibility of collecting and labeling data, historical discrimination, and individual biases.

In this paper, we introduce a new framework for certifying and ensuring the fairness of predictive models trained on biased data. We take inspiration from query answering over incomplete and inconsistent databases to present and formalize the problem of consistent range approximation (CRA) of answers to queries about aggregate information for the target population. We aim to leverage background knowledge about the data collection process, biased data, and limited or no auxiliary data sources to compute a range of answers for aggregate queries over the target population that are consistent with available information. We then develop methods that use CRA of such aggregate queries to build predictive models that are certifiably fair on the target population even when no external information about that population is available during training. We evaluate our methods on real data and demonstrate improvements over state of the art. Significantly, we show that enforcing fairness using our methods can lead to predictive models that are not only fair, but more accurate on the target population.

interpretability

Title: UnICLAM:Contrastive Representation Learning with Adversarial Masking for Unified and Interpretable Medical Vision Question Answering. (arXiv:2212.10729v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2212.10729
• Code URL: null
• Copy Paste: [[2212.10729] UnICLAM:Contrastive Representation Learning with Adversarial Masking for Unified and Interpretable Medical Vision Question Answering](http://arxiv.org/abs/2212.10729) #interpretability
• Summary:

  Medical Visual Question Answering (Medical-VQA) aims to answer clinical questions regarding radiology images, assisting doctors with decision-making options. Nevertheless, current Medical-VQA models learn cross-modal representations through residing vision and texture encoders in dual separate spaces, which lead to indirect semantic alignment. In this paper, we propose UnICLAM, a Unified and Interpretable Medical-VQA model through Contrastive Representation Learning with Adversarial Masking. Specifically, to learn an aligned image-text representation, we first establish a unified dual-stream pre-training structure with the gradually soft-parameter sharing strategy. Technically, the proposed strategy learns a constraint for the vision and texture encoders to be close in a same space, which is gradually loosened as the higher number of layers. Moreover, for grasping the semantic representation, we extend the unified Adversarial Masking data augmentation strategy to the contrastive representation learning of vision and text in a unified manner, alleviating the meaningless of the commonly used random mask. Concretely, while the encoder training minimizes the distance between the original feature and the masking feature, the adversarial masking model keeps adversarial learning to conversely maximize the distance. Furthermore, we also intuitively take a further exploration of the unified adversarial masking strategy, which improves the potential ante-hoc interpretability with remarkable performance and efficiency. Experimental results on VQA-RAD and SLAKE public benchmarks demonstrate that UnICLAM outperforms the existing 11 state-of-the-art Medical-VQA models. More importantly, we make an additional discussion about the performance of UnICLAM in diagnosing heart failure, verifying that UnICLAM exhibits superior few-shot adaption performance in practical disease diagnosis.

Title: Interpretability and causal discovery of the machine learning models to predict the production of CBM wells after hydraulic fracturing. (arXiv:2212.10718v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.10718
• Code URL: null
• Copy Paste: [[2212.10718] Interpretability and causal discovery of the machine learning models to predict the production of CBM wells after hydraulic fracturing](http://arxiv.org/abs/2212.10718) #interpretability
• Summary:

  Machine learning approaches are widely studied in the production prediction of CBM wells after hydraulic fracturing, but merely used in practice due to the low generalization ability and the lack of interpretability. A novel methodology is proposed in this article to discover the latent causality from observed data, which is aimed at finding an indirect way to interpret the machine learning results. Based on the theory of causal discovery, a causal graph is derived with explicit input, output, treatment and confounding variables. Then, SHAP is employed to analyze the influence of the factors on the production capability, which indirectly interprets the machine learning models. The proposed method can capture the underlying nonlinear relationship between the factors and the output, which remedies the limitation of the traditional machine learning routines based on the correlation analysis of factors. The experiment on the data of CBM shows that the detected relationship between the production and the geological/engineering factors by the presented method, is coincident with the actual physical mechanism. Meanwhile, compared with traditional methods, the interpretable machine learning models have better performance in forecasting production capability, averaging 20% improvement in accuracy.

explainability

Title: A Survey of Mix-based Data Augmentation: Taxonomy, Methods, Applications, and Explainability. (arXiv:2212.10888v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.10888
• Code URL: null
• Copy Paste: [[2212.10888] A Survey of Mix-based Data Augmentation: Taxonomy, Methods, Applications, and Explainability](http://arxiv.org/abs/2212.10888) #explainability
• Summary:

  Data augmentation (DA) is indispensable in modern machine learning and deep neural networks. The basic idea of DA is to construct new training data to improve the model's generalization by adding slightly disturbed versions of existing data or synthesizing new data. In this work, we review a small but essential subset of DA -- Mix-based Data Augmentation (MixDA) that generates novel samples by mixing multiple examples. Unlike conventional DA approaches based on a single-sample operation or requiring domain knowledge, MixDA is more general in creating a broad spectrum of new data and has received increasing attention in the community. We begin with proposing a new taxonomy classifying MixDA into, Mixup-based, Cutmix-based, and hybrid approaches according to a hierarchical view of the data mix. Various MixDA techniques are then comprehensively reviewed in a more fine-grained way. Owing to its generalization, MixDA has penetrated a variety of applications which are also completely reviewed in this work. We also examine why MixDA works from different aspects of improving model performance, generalization, and calibration while explaining the model behavior based on the properties of MixDA. Finally, we recapitulate the critical findings and fundamental challenges of current MixDA studies, and outline the potential directions for future works. Different from previous related works that summarize the DA approaches in a specific domain (e.g., images or natural language processing) or only review a part of MixDA studies, we are the first to provide a systematical survey of MixDA in terms of its taxonomy, methodology, applications, and explainability. This work can serve as a roadmap to MixDA techniques and application reviews while providing promising directions for researchers interested in this exciting area.

Title: GraphIX: Graph-based In silico XAI(explainable artificial intelligence) for drug repositioning from biopharmaceutical network. (arXiv:2212.10788v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.10788
• Code URL: null
• Copy Paste: [[2212.10788] GraphIX: Graph-based In silico XAI(explainable artificial intelligence) for drug repositioning from biopharmaceutical network](http://arxiv.org/abs/2212.10788) #explainability
• Summary:

  Drug repositioning holds great promise because it can reduce the time and cost of new drug development. While drug repositioning can omit various R&D processes, confirming pharmacological effects on biomolecules is essential for application to new diseases. Biomedical explainability in a drug repositioning model can support appropriate insights in subsequent in-depth studies. However, the validity of the XAI methodology is still under debate, and the effectiveness of XAI in drug repositioning prediction applications remains unclear. In this study, we propose GraphIX, an explainable drug repositioning framework using biological networks, and quantitatively evaluate its explainability. GraphIX first learns the network weights and node features using a graph neural network from known drug indication and knowledge graph that consists of three types of nodes (but not given node type information): disease, drug, and protein. Analysis of the post-learning features showed that node types that were not known to the model beforehand are distinguished through the learning process based on the graph structure. From the learned weights and features, GraphIX then predicts the disease-drug association and calculates the contribution values of the nodes located in the neighborhood of the predicted disease and drug. We hypothesized that the neighboring protein node to which the model gave a high contribution is important in understanding the actual pharmacological effects. Quantitative evaluation of the validity of protein nodes' contribution using a real-world database showed that the high contribution proteins shown by GraphIX are reasonable as a mechanism of drug action. GraphIX is a framework for evidence-based drug discovery that can present to users new disease-drug associations and identify the protein important for understanding its pharmacological effects from a large and complex knowledge base.

Title: Greenhouse gases emissions: estimating corporate non-reported emissions using interpretable machine learning. (arXiv:2212.10844v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.10844
• Code URL: null
• Copy Paste: [[2212.10844] Greenhouse gases emissions: estimating corporate non-reported emissions using interpretable machine learning](http://arxiv.org/abs/2212.10844) #explainability
• Summary:

  As of 2022, greenhouse gases (GHG) emissions reporting and auditing are not yet compulsory for all companies and methodologies of measurement and estimation are not unified. We propose a machine learning-based model to estimate scope 1 and scope 2 GHG emissions of companies not reporting them yet. Our model, specifically designed to be transparent and completely adapted to this use case, is able to estimate emissions for a large universe of companies. It shows good out-of-sample global performances as well as good out-of-sample granular performances when evaluating it by sectors, by countries or by revenues buckets. We also compare our results to those of other providers and find our estimates to be more accurate. Thanks to the proposed explainability tools using Shapley values, our model is fully interpretable, the user being able to understand which factors split explain the GHG emissions for each particular company.

Title: It is not "accuracy vs. explainability" -- we need both for trustworthy AI systems. (arXiv:2212.11136v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.11136
• Code URL: null
• Copy Paste: [[2212.11136] It is not "accuracy vs](http://arxiv.org/abs/2212.11136) #explainability
• Summary:

  We are witnessing the emergence of an AI economy and society where AI technologies are increasingly impacting health care, business, transportation and many aspects of everyday life. Many successes have been reported where AI systems even surpassed the accuracy of human experts. However, AI systems may produce errors, can exhibit bias, may be sensitive to noise in the data, and often lack technical and judicial transparency resulting in reduction in trust and challenges in their adoption. These recent shortcomings and concerns have been documented in scientific but also in general press such as accidents with self driving cars, biases in healthcare, hiring and face recognition systems for people of color, seemingly correct medical decisions later found to be made due to wrong reasons etc. This resulted in emergence of many government and regulatory initiatives requiring trustworthy and ethical AI to provide accuracy and robustness, some form of explainability, human control and oversight, elimination of bias, judicial transparency and safety. The challenges in delivery of trustworthy AI systems motivated intense research on explainable AI systems (XAI). Aim of XAI is to provide human understandable information of how AI systems make their decisions. In this paper we first briefly summarize current XAI work and then challenge the recent arguments of accuracy vs. explainability for being mutually exclusive and being focused only on deep learning. We then present our recommendations for the use of XAI in full lifecycle of high stakes trustworthy AI systems delivery, e.g. development, validation and certification, and trustworthy production and maintenance.

watermark

diffusion

Title: Hierarchically branched diffusion models for efficient and interpretable multi-class conditional generation. (arXiv:2212.10777v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2212.10777
• Code URL: null
• Copy Paste: [[2212.10777] Hierarchically branched diffusion models for efficient and interpretable multi-class conditional generation](http://arxiv.org/abs/2212.10777) #diffusion
• Summary:

  Diffusion models have achieved justifiable popularity by attaining state-of-the-art performance in generating realistic objects from seemingly arbitrarily complex data distributions, including when conditioning generation on labels. Unfortunately, however, their iterative nature renders them very computationally inefficient during the sampling process. For the multi-class conditional generation problem, we propose a novel, structurally unique framework of diffusion models which are hierarchically branched according to the inherent relationships between classes. In this work, we demonstrate that branched diffusion models offer major improvements in efficiently generating samples from multiple classes. We also showcase several other advantages of branched diffusion models, including ease of extension to novel classes in a continual-learning setting, and a unique interpretability that offers insight into these generative models. Branched diffusion models represent an alternative paradigm to their traditional linear counterparts, and can have large impacts in how we use diffusion models for efficient generation, online learning, and scientific discovery.