secure

Title: A Comparative Study of Image Disguising Methods for Confidential Outsourced Learning. (arXiv:2301.00252v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2301.00252
• Code URL: null
• Copy Paste: [[2301.00252] A Comparative Study of Image Disguising Methods for Confidential Outsourced Learning](http://arxiv.org/abs/2301.00252) #secure
• Summary:

  Large training data and expensive model tweaking are standard features of deep learning for images. As a result, data owners often utilize cloud resources to develop large-scale complex models, which raises privacy concerns. Existing solutions are either too expensive to be practical or do not sufficiently protect the confidentiality of data and models. In this paper, we study and compare novel \emph{image disguising} mechanisms, DisguisedNets and InstaHide, aiming to achieve a better trade-off among the level of protection for outsourced DNN model training, the expenses, and the utility of data. DisguisedNets are novel combinations of image blocktization, block-level random permutation, and two block-level secure transformations: random multidimensional projection (RMT) and AES pixel-level encryption (AES). InstaHide is an image mixup and random pixel flipping technique \cite{huang20}. We have analyzed and evaluated them under a multi-level threat model. RMT provides a better security guarantee than InstaHide, under the Level-1 adversarial knowledge with well-preserved model quality. In contrast, AES provides a security guarantee under the Level-2 adversarial knowledge, but it may affect model quality more. The unique features of image disguising also help us to protect models from model-targeted attacks. We have done an extensive experimental evaluation to understand how these methods work in different settings for different datasets.

Title: Internet of Things: Digital Footprints Carry A Device Identity. (arXiv:2301.00328v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.00328
• Code URL: null
• Copy Paste: [[2301.00328] Internet of Things: Digital Footprints Carry A Device Identity](http://arxiv.org/abs/2301.00328) #secure
• Summary:

  The usage of technologically advanced devices has seen a boom in many domains, including education, automation, and healthcare; with most of the services requiring Internet connectivity. To secure a network, device identification plays key role. In this paper, a device fingerprinting (DFP) model, which is able to distinguish between Internet of Things (IoT) and non-IoT devices, as well as uniquely identify individual devices, has been proposed. Four statistical features have been extracted from the consecutive five device-originated packets, to generate individual device fingerprints. The method has been evaluated using the Random Forest (RF) classifier and different datasets. Experimental results have shown that the proposed method achieves up to 99.8% accuracy in distinguishing between IoT and non-IoT devices and over 97.6% in classifying individual devices. These signify that the proposed method is useful in assisting operators in making their networks more secure and robust to security breaches and unauthorized access.

Title: Honeypot Implementation in a Cloud Environment. (arXiv:2301.00710v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2301.00710
• Code URL: null
• Copy Paste: [[2301.00710] Honeypot Implementation in a Cloud Environment](http://arxiv.org/abs/2301.00710) #secure
• Summary:

  In this age of digitalization, Internet services face more attacks than ever. An attacker's objective is to exploit systems and use them for malicious purposes. Such efforts are rising as vulnerable systems can be discovered and compromised through Internet-wide scanning. One known methodology besides traditional security leverages is to learn from those who attack it. A honeypot helps to collect information about an attacker by pretending to be a vulnerable target. Thus, how honeypots can contribute to a more secure infrastructure makes an interesting topic of research. This thesis will present a honeypot solution to investigate malicious activities in heiCLOUD and show that attacks have increased significantly. To detect attackers in restricted network zones at Heidelberg University, a new concept to discover leaks in the firewall will be created. Furthermore, to consider an attacker's point of view, a method for detecting honeypots at the transport level will be introduced. Lastly, a customized OpenSSH server that works as an intermediary instance will be presented to mitigate these efforts.

security

Title: Tracking Passengers and Baggage Items using Multiple Overhead Cameras at Security Checkpoints. (arXiv:2301.00190v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2301.00190
• Code URL: null
• Copy Paste: [[2301.00190] Tracking Passengers and Baggage Items using Multiple Overhead Cameras at Security Checkpoints](http://arxiv.org/abs/2301.00190) #security
• Summary:

  We introduce a novel framework to track multiple objects in overhead camera videos for airport checkpoint security scenarios where targets correspond to passengers and their baggage items. We propose a Self-Supervised Learning (SSL) technique to provide the model information about instance segmentation uncertainty from overhead images. Our SSL approach improves object detection by employing a test-time data augmentation and a regression-based, rotation-invariant pseudo-label refinement technique. Our pseudo-label generation method provides multiple geometrically-transformed images as inputs to a Convolutional Neural Network (CNN), regresses the augmented detections generated by the network to reduce localization errors, and then clusters them using the mean-shift algorithm. The self-supervised detector model is used in a single-camera tracking algorithm to generate temporal identifiers for the targets. Our method also incorporates a multi-view trajectory association mechanism to maintain consistent temporal identifiers as passengers travel across camera views. An evaluation of detection, tracking, and association performances on videos obtained from multiple overhead cameras in a realistic airport checkpoint environment demonstrates the effectiveness of the proposed approach. Our results show that self-supervision improves object detection accuracy by up to $42\%$ without increasing the inference time of the model. Our multi-camera association method achieves up to $89\%$ multi-object tracking accuracy with an average computation time of less than $15$ ms.

Title: Deep Learning Technique for Human Parsing: A Survey and Outlook. (arXiv:2301.00394v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2301.00394
• Code URL: https://github.com/soeaver/awesome-human-parsing
• Copy Paste: [[2301.00394] Deep Learning Technique for Human Parsing: A Survey and Outlook](http://arxiv.org/abs/2301.00394) #security
• Summary:

  Human parsing aims to partition humans in image or video into multiple pixel-level semantic parts. In the last decade, it has gained significantly increased interest in the computer vision community and has been utilized in a broad range of practical applications, from security monitoring, to social media, to visual special effects, just to name a few. Although deep learning-based human parsing solutions have made remarkable achievements, many important concepts, existing challenges, and potential research directions are still confusing. In this survey, we comprehensively review three core sub-tasks: single human parsing, multiple human parsing, and video human parsing, by introducing their respective task settings, background concepts, relevant problems and applications, representative literature, and datasets. We also present quantitative performance comparisons of the reviewed methods on benchmark datasets. Additionally, to promote sustainable development of the community, we put forward a transformer-based human parsing framework, providing a high-performance baseline for follow-up research through universal, concise, and extensible solutions. Finally, we point out a set of under-investigated open issues in this field and suggest new directions for future study. We also provide a regularly updated project page, to continuously track recent developments in this fast-advancing field: https://github.com/soeaver/awesome-human-parsing.

Title: The Design Principle of Blockchain: An Initiative for the SoK of SoKs. (arXiv:2301.00479v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2301.00479
• Code URL: null
• Copy Paste: [[2301.00479] The Design Principle of Blockchain: An Initiative for the SoK of SoKs](http://arxiv.org/abs/2301.00479) #security
• Summary:

  Blockchain, also coined as decentralized AI, has the potential to empower AI to be more trustworthy by creating a decentralized trust of privacy, security, and audibility. However, systematic studies on the design principle of Blockchain as a trust engine for an integrated society of Cyber-Physical-Socia-System (CPSS) are still absent. In this article, we provide an initiative for seeking the design principle of Blockchain for a better digital world. Using a hybrid method of qualitative and quantitative studies, we examine the past origin, the current development, and the future directions of Blockchain design principles. We have three findings. First, the answers to whether Blockchain lives up to its original design principle as a distributed database are controversial. Second, the current development of Blockchain community reveals a taxonomy of 7 categories, including privacy and security, scalability, decentralization, applicability, governance and regulation, system design, and cross-chain interoperability. Both research and practice are more centered around the first category of privacy and security and the fourth category of applicability. Future scholars, practitioners, and policy-makers have vast opportunities in other, much less exploited facets and the synthesis at the interface of multiple aspects. Finally, in counter-examples, we conclude that a synthetic solution that crosses discipline boundaries is necessary to close the gaps between the current design of Blockchain and the design principle of a trust engine for a truly intelligent world.

Title: Targeted Phishing Campaigns using Large Scale Language Models. (arXiv:2301.00665v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2301.00665
• Code URL: null
• Copy Paste: [[2301.00665] Targeted Phishing Campaigns using Large Scale Language Models](http://arxiv.org/abs/2301.00665) #security
• Summary:

  In this research, we aim to explore the potential of natural language models (NLMs) such as GPT-3 and GPT-2 to generate effective phishing emails. Phishing emails are fraudulent messages that aim to trick individuals into revealing sensitive information or taking actions that benefit the attackers. We propose a framework for evaluating the performance of NLMs in generating these types of emails based on various criteria, including the quality of the generated text, the ability to bypass spam filters, and the success rate of tricking individuals. Our evaluations show that NLMs are capable of generating phishing emails that are difficult to detect and that have a high success rate in tricking individuals, but their effectiveness varies based on the specific NLM and training data used. Our research indicates that NLMs could have a significant impact on the prevalence of phishing attacks and emphasizes the need for further study on the ethical and security implications of using NLMs for malicious purposes.

Title: Detecting Forged Kerberos Tickets in an Active Directory Environment. (arXiv:2301.00044v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2301.00044
• Code URL: null
• Copy Paste: [[2301.00044] Detecting Forged Kerberos Tickets in an Active Directory Environment](http://arxiv.org/abs/2301.00044) #security
• Summary:

  Active Directory is the most popular service to manage users and devices on the network. Its widespread deployment in the corporate world has made it a popular target for threat actors. While there are many attacks that target Active Directory and its authentication protocol Kerberos, ticket forgery attacks are among the most dangerous. By exploiting weaknesses in Kerberos, attackers can craft their own tickets that allow them to gain unauthorized access to services on the network. These types of attacks are both dangerous and hard to detect. They may require a powerful centralized log collecting system to analyze Windows security logs across multiple services. This would give additional visibility to be able to find these forged tickets in the network.

Title: Knowledge-Based Dataset for Training PE Malware Detection Models. (arXiv:2301.00153v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2301.00153
• Code URL: null
• Copy Paste: [[2301.00153] Knowledge-Based Dataset for Training PE Malware Detection Models](http://arxiv.org/abs/2301.00153) #security
• Summary:

  Ontologies are a standard for semantic schemata in many knowledge-intensive domains of human interest. They are now becoming increasingly important also in areas until very recently dominated by subsymbolic representations and machine-learning-based data processing. One such area is information security, and more specifically malware detection. We propose PE Malware Ontology that offers a reusable semantic schema for Portable Executable (PE, Windows binary format) malware files. The ontology was inspired by the structure of the data in the EMBER dataset and it currently covers the data intended for static malware analysis. With this proposal, we hope to achieve: a) a unified semantic representation for PE malware datasets that are available or will be published in the future; (b) applicability of symbolic, neural-symbolic, or otherwise explainable approaches in the PE Malware domain that may lead to improved interpretability of results which may now be characterized by the terms defined in the ontology; and (c)by joint publishing of semantically treated EMBER data, including fractional datasets, also improved reproducibility of experiments.

Title: New Challenges in Reinforcement Learning: A Survey of Security and Privacy. (arXiv:2301.00188v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.00188
• Code URL: null
• Copy Paste: [[2301.00188] New Challenges in Reinforcement Learning: A Survey of Security and Privacy](http://arxiv.org/abs/2301.00188) #security
• Summary:

  Reinforcement learning (RL) is one of the most important branches of AI. Due to its capacity for self-adaption and decision-making in dynamic environments, reinforcement learning has been widely applied in multiple areas, such as healthcare, data markets, autonomous driving, and robotics. However, some of these applications and systems have been shown to be vulnerable to security or privacy attacks, resulting in unreliable or unstable services. A large number of studies have focused on these security and privacy problems in reinforcement learning. However, few surveys have provided a systematic review and comparison of existing problems and state-of-the-art solutions to keep up with the pace of emerging threats. Accordingly, we herein present such a comprehensive review to explain and summarize the challenges associated with security and privacy in reinforcement learning from a new perspective, namely that of the Markov Decision Process (MDP). In this survey, we first introduce the key concepts related to this area. Next, we cover the security and privacy issues linked to the state, action, environment, and reward function of the MDP process, respectively. We further highlight the special characteristics of security and privacy methodologies related to reinforcement learning. Finally, we discuss the possible future research directions within this area.

Title: Deep Correlation-Aware Kernelized Autoencoders for Anomaly Detection in Cybersecurity. (arXiv:2301.00462v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.00462
• Code URL: null
• Copy Paste: [[2301.00462] Deep Correlation-Aware Kernelized Autoencoders for Anomaly Detection in Cybersecurity](http://arxiv.org/abs/2301.00462) #security
• Summary:

  Unsupervised learning-based anomaly detection in latent space has gained importance since discriminating anomalies from normal data becomes difficult in high-dimensional space. Both density estimation and distance-based methods to detect anomalies in latent space have been explored in the past. These methods prove that retaining valuable properties of input data in latent space helps in the better reconstruction of test data. Moreover, real-world sensor data is skewed and non-Gaussian in nature, making mean-based estimators unreliable for skewed data. Again, anomaly detection methods based on reconstruction error rely on Euclidean distance, which does not consider useful correlation information in the feature space and also fails to accurately reconstruct the data when it deviates from the training distribution. In this work, we address the limitations of reconstruction error-based autoencoders and propose a kernelized autoencoder that leverages a robust form of Mahalanobis distance (MD) to measure latent dimension correlation to effectively detect both near and far anomalies. This hybrid loss is aided by the principle of maximizing the mutual information gain between the latent dimension and the high-dimensional prior data space by maximizing the entropy of the latent space while preserving useful correlation information of the original data in the low-dimensional latent space. The multi-objective function has two goals -- it measures correlation information in the latent feature space in the form of robust MD distance and simultaneously tries to preserve useful correlation information from the original data space in the latent space by maximizing mutual information between the prior and latent space.

privacy

Title: Skeletal Video Anomaly Detection using Deep Learning: Survey, Challenges and Future Directions. (arXiv:2301.00114v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2301.00114
• Code URL: null
• Copy Paste: [[2301.00114] Skeletal Video Anomaly Detection using Deep Learning: Survey, Challenges and Future Directions](http://arxiv.org/abs/2301.00114) #privacy
• Summary:

  The existing methods for video anomaly detection mostly utilize videos containing identifiable facial and appearance-based features. The use of videos with identifiable faces raises privacy concerns, especially when used in a hospital or community-based setting. Appearance-based features can also be sensitive to pixel-based noise, straining the anomaly detection methods to model the changes in the background and making it difficult to focus on the actions of humans in the foreground. Structural information in the form of skeletons describing the human motion in the videos is privacy-protecting and can overcome some of the problems posed by appearance-based features. In this paper, we present a survey of privacy-protecting deep learning anomaly detection methods using skeletons extracted from videos. We present a novel taxonomy of algorithms based on the various learning approaches. We conclude that skeleton-based approaches for anomaly detection can be a plausible privacy-protecting alternative for video anomaly detection. Lastly, we identify major open research questions and provide guidelines to address them.

Title: DensePose From WiFi. (arXiv:2301.00250v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2301.00250
• Code URL: null
• Copy Paste: [[2301.00250] DensePose From WiFi](http://arxiv.org/abs/2301.00250) #privacy
• Summary:

  Advances in computer vision and machine learning techniques have led to significant development in 2D and 3D human pose estimation from RGB cameras, LiDAR, and radars. However, human pose estimation from images is adversely affected by occlusion and lighting, which are common in many scenarios of interest. Radar and LiDAR technologies, on the other hand, need specialized hardware that is expensive and power-intensive. Furthermore, placing these sensors in non-public areas raises significant privacy concerns. To address these limitations, recent research has explored the use of WiFi antennas (1D sensors) for body segmentation and key-point body detection. This paper further expands on the use of the WiFi signal in combination with deep learning architectures, commonly used in computer vision, to estimate dense human pose correspondence. We developed a deep neural network that maps the phase and amplitude of WiFi signals to UV coordinates within 24 human regions. The results of the study reveal that our model can estimate the dense pose of multiple subjects, with comparable performance to image-based approaches, by utilizing WiFi signals as the only input. This paves the way for low-cost, broadly accessible, and privacy-preserving algorithms for human sensing.

Title: Source-Free Unsupervised Domain Adaptation: A Survey. (arXiv:2301.00265v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2301.00265
• Code URL: null
• Copy Paste: [[2301.00265] Source-Free Unsupervised Domain Adaptation: A Survey](http://arxiv.org/abs/2301.00265) #privacy
• Summary:

  Unsupervised domain adaptation (UDA) via deep learning has attracted appealing attention for tackling domain-shift problems caused by distribution discrepancy across different domains. Existing UDA approaches highly depend on the accessibility of source domain data, which is usually limited in practical scenarios due to privacy protection, data storage and transmission cost, and computation burden. To tackle this issue, many source-free unsupervised domain adaptation (SFUDA) methods have been proposed recently, which perform knowledge transfer from a pre-trained source model to unlabeled target domain with source data inaccessible. A comprehensive review of these works on SFUDA is of great significance. In this paper, we provide a timely and systematic literature review of existing SFUDA approaches from a technical perspective. Specifically, we categorize current SFUDA studies into two groups, i.e., white-box SFUDA and black-box SFUDA, and further divide them into finer subcategories based on different learning strategies they use. We also investigate the challenges of methods in each subcategory, discuss the advantages/disadvantages of white-box and black-box SFUDA methods, conclude the commonly used benchmark datasets, and summarize the popular techniques for improved generalizability of models learned without using source data. We finally discuss several promising future directions in this field.

Title: Separating Computational and Statistical Differential Privacy (Under Plausible Assumptions). (arXiv:2301.00104v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2301.00104
• Code URL: null
• Copy Paste: [[2301.00104] Separating Computational and Statistical Differential Privacy (Under Plausible Assumptions)](http://arxiv.org/abs/2301.00104) #privacy
• Summary:

  Computational differential privacy (CDP) is a natural relaxation of the standard notion of (statistical) differential privacy (SDP) proposed by Beimel, Nissim, and Omri (CRYPTO 2008) and Mironov, Pandey, Reingold, and Vadhan (CRYPTO 2009). In contrast to SDP, CDP only requires privacy guarantees to hold against computationally-bounded adversaries rather than computationally-unbounded statistical adversaries. Despite the question being raised explicitly in several works (e.g., Bun, Chen, and Vadhan, TCC 2016), it has remained tantalizingly open whether there is any task achievable with the CDP notion but not the SDP notion. Even a candidate such task is unknown. Indeed, it is even unclear what the truth could be!

In this work, we give the first construction of a task achievable with the CDP notion but not the SDP notion. More specifically, under strong but plausible cryptographic assumptions, we construct a task for which there exists an $\varepsilon$-CDP mechanism with $\varepsilon = O(1)$ achieving $1-o(1)$ utility, but any $(\varepsilon, \delta)$-SDP mechanism, including computationally unbounded ones, that achieves a constant utility must use either a super-constant $\varepsilon$ or a non-negligible $\delta$. To prove this, we introduce a new approach for showing that a mechanism satisfies CDP: first we show that a mechanism is "private" against a certain class of decision tree adversaries, and then we use cryptographic constructions to "lift" this into privacy against computational adversaries. We believe this approach could be useful to devise further tasks separating CDP from SDP.

Title: Local Differential Privacy for Sequential Decision Making in a Changing Environment. (arXiv:2301.00561v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.00561
• Code URL: null
• Copy Paste: [[2301.00561] Local Differential Privacy for Sequential Decision Making in a Changing Environment](http://arxiv.org/abs/2301.00561) #privacy
• Summary:

  We study the problem of preserving privacy while still providing high utility in sequential decision making scenarios in a changing environment. We consider abruptly changing environment: the environment remains constant during periods and it changes at unknown time instants. To formulate this problem, we propose a variant of multi-armed bandits called non-stationary stochastic corrupt bandits. We construct an algorithm called SW-KLUCB-CF and prove an upper bound on its utility using the performance measure of regret. The proven regret upper bound for SW-KLUCB-CF is near-optimal in the number of time steps and matches the best known bound for analogous problems in terms of the number of time steps and the number of changes. Moreover, we present a provably optimal mechanism which can guarantee the desired level of local differential privacy while providing high utility.

Title: Training Differentially Private Graph Neural Networks with Random Walk Sampling. (arXiv:2301.00738v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.00738
• Code URL: null
• Copy Paste: [[2301.00738] Training Differentially Private Graph Neural Networks with Random Walk Sampling](http://arxiv.org/abs/2301.00738) #privacy
• Summary:

  Deep learning models are known to put the privacy of their training data at risk, which poses challenges for their safe and ethical release to the public. Differentially private stochastic gradient descent is the de facto standard for training neural networks without leaking sensitive information about the training data. However, applying it to models for graph-structured data poses a novel challenge: unlike with i.i.d. data, sensitive information about a node in a graph cannot only leak through its gradients, but also through the gradients of all nodes within a larger neighborhood. In practice, this limits privacy-preserving deep learning on graphs to very shallow graph neural networks. We propose to solve this issue by training graph neural networks on disjoint subgraphs of a given training graph. We develop three random-walk-based methods for generating such disjoint subgraphs and perform a careful analysis of the data-generating distributions to provide strong privacy guarantees. Through extensive experiments, we show that our method greatly outperforms the state-of-the-art baseline on three large graphs, and matches or outperforms it on four smaller ones.

Title: Generalized PTR: User-Friendly Recipes for Data-Adaptive Algorithms with Differential Privacy. (arXiv:2301.00301v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.00301
• Code URL: null
• Copy Paste: [[2301.00301] Generalized PTR: User-Friendly Recipes for Data-Adaptive Algorithms with Differential Privacy](http://arxiv.org/abs/2301.00301) #privacy
• Summary:

  The ''Propose-Test-Release'' (PTR) framework is a classic recipe for designing differentially private (DP) algorithms that are data-adaptive, i.e. those that add less noise when the input dataset is nice. We extend PTR to a more general setting by privately testing data-dependent privacy losses rather than local sensitivity, hence making it applicable beyond the standard noise-adding mechanisms, e.g. to queries with unbounded or undefined sensitivity. We demonstrate the versatility of generalized PTR using private linear regression as a case study. Additionally, we apply our algorithm to solve an open problem from ''Private Aggregation of Teacher Ensembles (PATE)'' -- privately releasing the entire model with a delicate data-dependent analysis.

protect

Title: Mapping smallholder cashew plantations to inform sustainable tree crop expansion in Benin. (arXiv:2301.00363v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2301.00363
• Code URL: null
• Copy Paste: [[2301.00363] Mapping smallholder cashew plantations to inform sustainable tree crop expansion in Benin](http://arxiv.org/abs/2301.00363) #protect
• Summary:

  Cashews are grown by over 3 million smallholders in more than 40 countries worldwide as a principal source of income. As the third largest cashew producer in Africa, Benin has nearly 200,000 smallholder cashew growers contributing 15% of the country's national export earnings. However, a lack of information on where and how cashew trees grow across the country hinders decision-making that could support increased cashew production and poverty alleviation. By leveraging 2.4-m Planet Basemaps and 0.5-m aerial imagery, newly developed deep learning algorithms, and large-scale ground truth datasets, we successfully produced the first national map of cashew in Benin and characterized the expansion of cashew plantations between 2015 and 2021. In particular, we developed a SpatioTemporal Classification with Attention (STCA) model to map the distribution of cashew plantations, which can fully capture texture information from discriminative time steps during a growing season. We further developed a Clustering Augmented Self-supervised Temporal Classification (CASTC) model to distinguish high-density versus low-density cashew plantations by automatic feature extraction and optimized clustering. Results show that the STCA model has an overall accuracy of 80% and the CASTC model achieved an overall accuracy of 77.9%. We found that the cashew area in Benin has doubled from 2015 to 2021 with 60% of new plantation development coming from cropland or fallow land, while encroachment of cashew plantations into protected areas has increased by 70%. Only half of cashew plantations were high-density in 2021, suggesting high potential for intensification. Our study illustrates the power of combining high-resolution remote sensing imagery and state-of-the-art deep learning algorithms to better understand tree crops in the heterogeneous smallholder landscape.

Title: Detection of Groups with Biased Representation in Ranking. (arXiv:2301.00719v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.00719
• Code URL: null
• Copy Paste: [[2301.00719] Detection of Groups with Biased Representation in Ranking](http://arxiv.org/abs/2301.00719) #protect
• Summary:

  Real-life tools for decision-making in many critical domains are based on ranking results. With the increasing awareness of algorithmic fairness, recent works have presented measures for fairness in ranking. Many of those definitions consider the representation of different ``protected groups'', in the top-$k$ ranked items, for any reasonable $k$. Given the protected groups, confirming algorithmic fairness is a simple task. However, the groups' definitions may be unknown in advance.

In this paper, we study the problem of detecting groups with biased representation in the top-$k$ ranked items, eliminating the need to pre-define protected groups. The number of such groups possible can be exponential, making the problem hard. We propose efficient search algorithms for two different fairness measures: global representation bounds, and proportional representation. Then we propose a method to explain the bias in the representations of groups utilizing the notion of Shapley values. We conclude with an experimental study, showing the scalability of our approach and demonstrating the usefulness of the proposed algorithms.

defense

attack

Title: Generalizable Black-Box Adversarial Attack with Meta Learning. (arXiv:2301.00364v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.00364
• Code URL: https://github.com/sclbd/mcg-blackbox
• Copy Paste: [[2301.00364] Generalizable Black-Box Adversarial Attack with Meta Learning](http://arxiv.org/abs/2301.00364) #attack
• Summary:

  In the scenario of black-box adversarial attack, the target model's parameters are unknown, and the attacker aims to find a successful adversarial perturbation based on query feedback under a query budget. Due to the limited feedback information, existing query-based black-box attack methods often require many queries for attacking each benign example. To reduce query cost, we propose to utilize the feedback information across historical attacks, dubbed example-level adversarial transferability. Specifically, by treating the attack on each benign example as one task, we develop a meta-learning framework by training a meta-generator to produce perturbations conditioned on benign examples. When attacking a new benign example, the meta generator can be quickly fine-tuned based on the feedback information of the new task as well as a few historical attacks to produce effective perturbations. Moreover, since the meta-train procedure consumes many queries to learn a generalizable generator, we utilize model-level adversarial transferability to train the meta-generator on a white-box surrogate model, then transfer it to help the attack against the target model. The proposed framework with the two types of adversarial transferability can be naturally combined with any off-the-shelf query-based attack methods to boost their performance, which is verified by extensive experiments.

Title: An Analysis of Honeypots and their Impact as a Cyber Deception Tactic. (arXiv:2301.00045v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2301.00045
• Code URL: null
• Copy Paste: [[2301.00045] An Analysis of Honeypots and their Impact as a Cyber Deception Tactic](http://arxiv.org/abs/2301.00045) #attack
• Summary:

  This paper explores deploying a cyber honeypot system to learn how cyber defenders can use a honeypot system as a deception mechanism to gather intelligence. Defenders can gather intelligence about an attacker such as the autonomous system that the IP of the attacker is allocated from, the way the attacker is trying to penetrate the system, what different types of attacks are being used, the commands the attacker is running once they are inside the honeypot, and what malware the attacker is downloading to the deployed system. We demonstrate an experiment to implement a honeypot system that can lure in attackers and gather all the information mentioned above. The data collected is then thoroughly analyzed and explained to understand all this information. This experiment can be recreated and makes use of many open-source tools to successfully create a honeypot system.

Title: TaxIdMA: Towards a Taxonomy for Attacks related to Identities. (arXiv:2301.00443v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2301.00443
• Code URL: null
• Copy Paste: [[2301.00443] TaxIdMA: Towards a Taxonomy for Attacks related to Identities](http://arxiv.org/abs/2301.00443) #attack
• Summary:

  Identity management refers to the technology and policies for the identification, authentication, and authorization of users in computer networks. Identity management is therefore fundamental to today's IT ecosystem. At the same time, identity management systems, where digital identities are managed, pose an attractive target for attacks. With the heterogeneity of identity management systems, every type (i.e., models, protocols, implementations) has different requirements, typical problems, and hence attack vectors. In order to provide a systematic and categorized overview, the framework Taxonomy for Identity Management Attacks (TaxIdMA) for attacks related to identities is proposed. The purpose of this framework is to classify existing attacks associated with system identities, identity management systems, and end-user identities as well as the background using an extensible structure from a scientific perspective. The taxonomy is then evaluated with eight real-world attacks resp. vulnerabilities. This analysis shows the capability of the proposed taxonomy framework TaxIdMA in describing and categorizing these attacks.

Title: An Efficient Hierarchical Kriging Modeling Method for High-dimension Multi-fidelity Problems. (arXiv:2301.00216v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.00216
• Code URL: null
• Copy Paste: [[2301.00216] An Efficient Hierarchical Kriging Modeling Method for High-dimension Multi-fidelity Problems](http://arxiv.org/abs/2301.00216) #attack
• Summary:

  Multi-fidelity Kriging model is a promising technique in surrogate-based design as it can balance the model accuracy and cost of sample preparation by fusing low- and high-fidelity data. However, the cost for building a multi-fidelity Kriging model increases significantly with the increase of the problem dimension. To attack this issue, an efficient Hierarchical Kriging modeling method is proposed. In building the low-fidelity model, the maximal information coefficient is utilized to calculate the relative value of the hyperparameter. With this, the maximum likelihood estimation problem for determining the hyperparameters is transformed as a one-dimension optimization problem, which can be solved in an efficient manner and thus improve the modeling efficiency significantly. A local search is involved further to exploit the search space of hyperparameters to improve the model accuracy. The high-fidelity model is built in a similar manner with the hyperparameter of the low-fidelity model served as the relative value of the hyperparameter for high-fidelity model. The performance of the proposed method is compared with the conventional tuning strategy, by testing them over ten analytic problems and an engineering problem of modeling the isentropic efficiency of a compressor rotor. The empirical results demonstrate that the modeling time of the proposed method is reduced significantly without sacrificing the model accuracy. For the modeling of the isentropic efficiency of the compressor rotor, the cost saving associated with the proposed method is about 90% compared with the conventional strategy. Meanwhile, the proposed method achieves higher accuracy.

robust

Title: Robust Domain Adaptive Object Detection with Unified Multi-Granularity Alignment. (arXiv:2301.00371v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2301.00371
• Code URL: null
• Copy Paste: [[2301.00371] Robust Domain Adaptive Object Detection with Unified Multi-Granularity Alignment](http://arxiv.org/abs/2301.00371) #robust
• Summary:

  Domain adaptive detection aims to improve the generalization of detectors on target domain. To reduce discrepancy in feature distributions between two domains, recent approaches achieve domain adaption through feature alignment in different granularities via adversarial learning. However, they neglect the relationship between multiple granularities and different features in alignment, degrading detection. Addressing this, we introduce a unified multi-granularity alignment (MGA)-based detection framework for domain-invariant feature learning. The key is to encode the dependencies across different granularities including pixel-, instance-, and category-levels simultaneously to align two domains. Specifically, based on pixel-level features, we first develop an omni-scale gated fusion (OSGF) module to aggregate discriminative representations of instances with scale-aware convolutions, leading to robust multi-scale detection. Besides, we introduce multi-granularity discriminators to identify where, either source or target domains, different granularities of samples come from. Note that, MGA not only leverages instance discriminability in different categories but also exploits category consistency between two domains for detection. Furthermore, we present an adaptive exponential moving average (AEMA) strategy that explores model assessments for model update to improve pseudo labels and alleviate local misalignment problem, boosting detection robustness. Extensive experiments on multiple domain adaption scenarios validate the superiority of MGA over other approaches on FCOS and Faster R-CNN detectors. Code will be released at https://github.com/tiankongzhang/MGA.

Title: In Quest of Ground Truth: Learning Confident Models and Estimating Uncertainty in the Presence of Annotator Noise. (arXiv:2301.00524v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2301.00524
• Code URL: null
• Copy Paste: [[2301.00524] In Quest of Ground Truth: Learning Confident Models and Estimating Uncertainty in the Presence of Annotator Noise](http://arxiv.org/abs/2301.00524) #robust
• Summary:

  The performance of the Deep Learning (DL) models depends on the quality of labels. In some areas, the involvement of human annotators may lead to noise in the data. When these corrupted labels are blindly regarded as the ground truth (GT), DL models suffer from performance deficiency. This paper presents a method that aims to learn a confident model in the presence of noisy labels. This is done in conjunction with estimating the uncertainty of multiple annotators.

We robustly estimate the predictions given only the noisy labels by adding entropy or information-based regularizer to the classifier network. We conduct our experiments on a noisy version of MNIST, CIFAR-10, and FMNIST datasets. Our empirical results demonstrate the robustness of our method as it outperforms or performs comparably to other state-of-the-art (SOTA) methods. In addition, we evaluated the proposed method on the curated dataset, where the noise type and level of various annotators depend on the input image style. We show that our approach performs well and is adept at learning annotators' confusion. Moreover, we demonstrate how our model is more confident in predicting GT than other baselines. Finally, we assess our approach for segmentation problem and showcase its effectiveness with experiments.

Title: Multi-Stage Spatio-Temporal Aggregation Transformer for Video Person Re-identification. (arXiv:2301.00531v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2301.00531
• Code URL: null
• Copy Paste: [[2301.00531] Multi-Stage Spatio-Temporal Aggregation Transformer for Video Person Re-identification](http://arxiv.org/abs/2301.00531) #robust
• Summary:

  In recent years, the Transformer architecture has shown its superiority in the video-based person re-identification task. Inspired by video representation learning, these methods mainly focus on designing modules to extract informative spatial and temporal features. However, they are still limited in extracting local attributes and global identity information, which are critical for the person re-identification task. In this paper, we propose a novel Multi-Stage Spatial-Temporal Aggregation Transformer (MSTAT) with two novel designed proxy embedding modules to address the above issue. Specifically, MSTAT consists of three stages to encode the attribute-associated, the identity-associated, and the attribute-identity-associated information from the video clips, respectively, achieving the holistic perception of the input person. We combine the outputs of all the stages for the final identification. In practice, to save the computational cost, the Spatial-Temporal Aggregation (STA) modules are first adopted in each stage to conduct the self-attention operations along the spatial and temporal dimensions separately. We further introduce the Attribute-Aware and Identity-Aware Proxy embedding modules (AAP and IAP) to extract the informative and discriminative feature representations at different stages. All of them are realized by employing newly designed self-attention operations with specific meanings. Moreover, temporal patch shuffling is also introduced to further improve the robustness of the model. Extensive experimental results demonstrate the effectiveness of the proposed modules in extracting the informative and discriminative information from the videos, and illustrate the MSTAT can achieve state-of-the-art accuracies on various standard benchmarks.

Title: Knockoffs-SPR: Clean Sample Selection in Learning with Noisy Labels. (arXiv:2301.00545v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.00545
• Code URL: null
• Copy Paste: [[2301.00545] Knockoffs-SPR: Clean Sample Selection in Learning with Noisy Labels](http://arxiv.org/abs/2301.00545) #robust
• Summary:

  A noisy training set usually leads to the degradation of the generalization and robustness of neural networks. In this paper, we propose a novel theoretically guaranteed clean sample selection framework for learning with noisy labels. Specifically, we first present a Scalable Penalized Regression (SPR) method, to model the linear relation between network features and one-hot labels. In SPR, the clean data are identified by the zero mean-shift parameters solved in the regression model. We theoretically show that SPR can recover clean data under some conditions. Under general scenarios, the conditions may be no longer satisfied; and some noisy data are falsely selected as clean data. To solve this problem, we propose a data-adaptive method for Scalable Penalized Regression with Knockoff filters (Knockoffs-SPR), which is provable to control the False-Selection-Rate (FSR) in the selected clean data. To improve the efficiency, we further present a split algorithm that divides the whole training set into small pieces that can be solved in parallel to make the framework scalable to large datasets. While Knockoffs-SPR can be regarded as a sample selection module for a standard supervised training pipeline, we further combine it with a semi-supervised algorithm to exploit the support of noisy data as unlabeled data. Experimental results on several benchmark datasets and real-world noisy datasets show the effectiveness of our framework and validate the theoretical results of Knockoffs-SPR. Our code and pre-trained models will be released.

Title: Analysing Discrete Self Supervised Speech Representation for Spoken Language Modeling. (arXiv:2301.00591v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2301.00591
• Code URL: https://github.com/slp-rl/slm-discrete-representations
• Copy Paste: [[2301.00591] Analysing Discrete Self Supervised Speech Representation for Spoken Language Modeling](http://arxiv.org/abs/2301.00591) #robust
• Summary:

  This work profoundly analyzes discrete self-supervised speech representations through the eyes of Generative Spoken Language Modeling (GSLM). Following the findings of such an analysis, we propose practical improvements to the discrete unit for the GSLM. First, we start comprehending these units by analyzing them in three axes: interpretation, visualization, and resynthesis. Our analysis finds a high correlation between the speech units to phonemes and phoneme families, while their correlation with speaker or gender is weaker. Additionally, we found redundancies in the extracted units and claim that one reason may be the units' context. Following this analysis, we propose a new, unsupervised metric to measure unit redundancies. Finally, we use this metric to develop new methods that improve the robustness of units clustering and show significant improvement considering zero-resource speech metrics such as ABX. Code and analysis tools are available under the following link.

Title: Active Learning for Neural Machine Translation. (arXiv:2301.00688v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2301.00688
• Code URL: null
• Copy Paste: [[2301.00688] Active Learning for Neural Machine Translation](http://arxiv.org/abs/2301.00688) #robust
• Summary:

  The machine translation mechanism translates texts automatically between different natural languages, and Neural Machine Translation (NMT) has gained attention for its rational context analysis and fluent translation accuracy. However, processing low-resource languages that lack relevant training attributes like supervised data is a current challenge for Natural Language Processing (NLP). We incorporated a technique known Active Learning with the NMT toolkit Joey NMT to reach sufficient accuracy and robust predictions of low-resource language translation. With active learning, a semi-supervised machine learning strategy, the training algorithm determines which unlabeled data would be the most beneficial for obtaining labels using selected query techniques. We implemented two model-driven acquisition functions for selecting the samples to be validated. This work uses transformer-based NMT systems; baseline model (BM), fully trained model (FTM) , active learning least confidence based model (ALLCM), and active learning margin sampling based model (ALMSM) when translating English to Hindi. The Bilingual Evaluation Understudy (BLEU) metric has been used to evaluate system results. The BLEU scores of BM, FTM, ALLCM and ALMSM systems are 16.26, 22.56 , 24.54, and 24.20, respectively. The findings in this paper demonstrate that active learning techniques helps the model to converge early and improve the overall quality of the translation system.

Title: Self-organization Preserved Graph Structure Learning with Principle of Relevant Information. (arXiv:2301.00015v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.00015
• Code URL: null
• Copy Paste: [[2301.00015] Self-organization Preserved Graph Structure Learning with Principle of Relevant Information](http://arxiv.org/abs/2301.00015) #robust
• Summary:

  Most Graph Neural Networks follow the message-passing paradigm, assuming the observed structure depicts the ground-truth node relationships. However, this fundamental assumption cannot always be satisfied, as real-world graphs are always incomplete, noisy, or redundant. How to reveal the inherent graph structure in a unified way remains under-explored. We proposed PRI-GSL, a Graph Structure Learning framework guided by the Principle of Relevant Information, providing a simple and unified framework for identifying the self-organization and revealing the hidden structure. PRI-GSL learns a structure that contains the most relevant yet least redundant information quantified by von Neumann entropy and Quantum Jensen-Shannon divergence. PRI-GSL incorporates the evolution of quantum continuous walk with graph wavelets to encode node structural roles, showing in which way the nodes interplay and self-organize with the graph structure. Extensive experiments demonstrate the superior effectiveness and robustness of PRI-GSL.

Title: Robust Consensus Clustering and its Applications for Advertising Forecasting. (arXiv:2301.00717v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.00717
• Code URL: null
• Copy Paste: [[2301.00717] Robust Consensus Clustering and its Applications for Advertising Forecasting](http://arxiv.org/abs/2301.00717) #robust
• Summary:

  Consensus clustering aggregates partitions in order to find a better fit by reconciling clustering results from different sources/executions. In practice, there exist noise and outliers in clustering task, which, however, may significantly degrade the performance. To address this issue, we propose a novel algorithm -- robust consensus clustering that can find common ground truth among experts' opinions, which tends to be minimally affected by the bias caused by the outliers. In particular, we formalize the robust consensus clustering problem as a constraint optimization problem, and then derive an effective algorithm upon alternating direction method of multipliers (ADMM) with rigorous convergence guarantee. Our method outperforms the baselines on benchmarks. We apply the proposed method to the real-world advertising campaign segmentation and forecasting tasks using the proposed consensus clustering results based on the similarity computed via Kolmogorov-Smirnov Statistics. The accurate clustering result is helpful for building the advertiser profiles so as to perform the forecasting.

biometric

steal

extraction

Title: Attentional Graph Convolutional Network for Structure-aware Audio-Visual Scene Classification. (arXiv:2301.00145v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2301.00145
• Code URL: null
• Copy Paste: [[2301.00145] Attentional Graph Convolutional Network for Structure-aware Audio-Visual Scene Classification](http://arxiv.org/abs/2301.00145) #extraction
• Summary:

  Audio-Visual scene understanding is a challenging problem due to the unstructured spatial-temporal relations that exist in the audio signals and spatial layouts of different objects and various texture patterns in the visual images. Recently, many studies have focused on abstracting features from convolutional neural networks while the learning of explicit semantically relevant frames of sound signals and visual images has been overlooked. To this end, we present an end-to-end framework, namely attentional graph convolutional network (AGCN), for structure-aware audio-visual scene representation. First, the spectrogram of sound and input image is processed by a backbone network for feature extraction. Then, to build multi-scale hierarchical information of input features, we utilize an attention fusion mechanism to aggregate features from multiple layers of the backbone network. Notably, to well represent the salient regions and contextual information of audio-visual inputs, the salient acoustic graph (SAG) and contextual acoustic graph (CAG), salient visual graph (SVG), and contextual visual graph (CVG) are constructed for the audio-visual scene representation. Finally, the constructed graphs pass through a graph convolutional network for structure-aware audio-visual scene recognition. Extensive experimental results on the audio, visual and audio-visual scene recognition datasets show that promising results have been achieved by the AGCN methods. Visualizing graphs on the spectrograms and images have been presented to show the effectiveness of proposed CAG/SAG and CVG/SVG that could focus on the salient and semantic relevant regions.

Title: STEPs: Self-Supervised Key Step Extraction from Unlabeled Procedural Videos. (arXiv:2301.00794v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2301.00794
• Code URL: null
• Copy Paste: [[2301.00794] STEPs: Self-Supervised Key Step Extraction from Unlabeled Procedural Videos](http://arxiv.org/abs/2301.00794) #extraction
• Summary:

  We address the problem of extracting key steps from unlabeled procedural videos, motivated by the potential of Augmented Reality (AR) headsets to revolutionize job training and performance. We decompose the problem into two steps: representation learning and key steps extraction. We employ self-supervised representation learning via a training strategy that adapts off-the-shelf video features using a temporal module. Training implements self-supervised learning losses involving multiple cues such as appearance, motion and pose trajectories extracted from videos to learn generalizable representations. Our method extracts key steps via a tunable algorithm that clusters the representations extracted from procedural videos. We quantitatively evaluate our approach with key step localization and also demonstrate the effectiveness of the extracted representations on related downstream tasks like phase classification. Qualitative results demonstrate that the extracted key steps are meaningful to succinctly represent the procedural tasks.

Title: Floods Relevancy and Identification of Location from Twitter Posts using NLP Techniques. (arXiv:2301.00321v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2301.00321
• Code URL: null
• Copy Paste: [[2301.00321] Floods Relevancy and Identification of Location from Twitter Posts using NLP Techniques](http://arxiv.org/abs/2301.00321) #extraction
• Summary:

  This paper presents our solutions for the MediaEval 2022 task on DisasterMM. The task is composed of two subtasks, namely (i) Relevance Classification of Twitter Posts (RCTP), and (ii) Location Extraction from Twitter Texts (LETT). The RCTP subtask aims at differentiating flood-related and non-relevant social posts while LETT is a Named Entity Recognition (NER) task and aims at the extraction of location information from the text. For RCTP, we proposed four different solutions based on BERT, RoBERTa, Distil BERT, and ALBERT obtaining an F1-score of 0.7934, 0.7970, 0.7613, and 0.7924, respectively. For LETT, we used three models namely BERT, RoBERTa, and Distil BERTA obtaining an F1-score of 0.6256, 0.6744, and 0.6723, respectively.

Title: Modified Query Expansion Through Generative Adversarial Networks for Information Extraction in E-Commerce. (arXiv:2301.00036v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.00036
• Code URL: null
• Copy Paste: [[2301.00036] Modified Query Expansion Through Generative Adversarial Networks for Information Extraction in E-Commerce](http://arxiv.org/abs/2301.00036) #extraction
• Summary:

  This work addresses an alternative approach for query expansion (QE) using a generative adversarial network (GAN) to enhance the effectiveness of information search in e-commerce. We propose a modified QE conditional GAN (mQE-CGAN) framework, which resolves keywords by expanding the query with a synthetically generated query that proposes semantic information from text input. We train a sequence-to-sequence transformer model as the generator to produce keywords and use a recurrent neural network model as the discriminator to classify an adversarial output with the generator. With the modified CGAN framework, various forms of semantic insights gathered from the query document corpus are introduced to the generation process. We leverage these insights as conditions for the generator model and discuss their effectiveness for the query expansion task. Our experiments demonstrate that the utilization of condition structures within the mQE-CGAN framework can increase the semantic similarity between generated sequences and reference documents up to nearly 10% compared to baseline models

membership infer

federate

Title: Efficient On-device Training via Gradient Filtering. (arXiv:2301.00330v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2301.00330
• Code URL: null
• Copy Paste: [[2301.00330] Efficient On-device Training via Gradient Filtering](http://arxiv.org/abs/2301.00330) #federate
• Summary:

  Despite its importance for federated learning, continuous learning and many other applications, on-device training remains an open problem for EdgeAI. The problem stems from the large number of operations (e.g., floating point multiplications and additions) and memory consumption required during training by the back-propagation algorithm. Consequently, in this paper, we propose a new gradient filtering approach which enables on-device DNN model training. More precisely, our approach creates a special structure with fewer unique elements in the gradient map, thus significantly reducing the computational complexity and memory consumption of back propagation during training. Extensive experiments on image classification and semantic segmentation with multiple DNN models (e.g., MobileNet, DeepLabV3, UPerNet) and devices (e.g., Raspberry Pi and Jetson Nano) demonstrate the effectiveness and wide applicability of our approach. For example, compared to SOTA, we achieve up to 19$\times$ speedup and 77.1% memory savings on ImageNet classification with only 0.1% accuracy loss. Finally, our method is easy to implement and deploy; over 20$\times$ speedup and 90% energy savings have been observed compared to highly optimized baselines in MKLDNN and CUDNN on NVIDIA Jetson Nano. Consequently, our approach opens up a new direction of research with a huge potential for on-device training.

Title: An Adaptive Kernel Approach to Federated Learning of Heterogeneous Causal Effects. (arXiv:2301.00346v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.00346
• Code URL: https://github.com/vothanhvinh/causalrff
• Copy Paste: [[2301.00346] An Adaptive Kernel Approach to Federated Learning of Heterogeneous Causal Effects](http://arxiv.org/abs/2301.00346) #federate
• Summary:

  We propose a new causal inference framework to learn causal effects from multiple, decentralized data sources in a federated setting. We introduce an adaptive transfer algorithm that learns the similarities among the data sources by utilizing Random Fourier Features to disentangle the loss function into multiple components, each of which is associated with a data source. The data sources may have different distributions; the causal effects are independently and systematically incorporated. The proposed method estimates the similarities among the sources through transfer coefficients, and hence requiring no prior information about the similarity measures. The heterogeneous causal effects can be estimated with no sharing of the raw training data among the sources, thus minimizing the risk of privacy leak. We also provide minimax lower bounds to assess the quality of the parameters learned from the disparate sources. The proposed method is empirically shown to outperform the baselines on decentralized data sources with dissimilar distributions.

Title: FedICT: Federated Multi-task Distillation for Multi-access Edge Computing. (arXiv:2301.00389v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.00389
• Code URL: null
• Copy Paste: [[2301.00389] FedICT: Federated Multi-task Distillation for Multi-access Edge Computing](http://arxiv.org/abs/2301.00389) #federate
• Summary:

  The growing interest in intelligent services and privacy protection for mobile devices has given rise to the widespread application of federated learning in Multi-access Edge Computing (MEC). Diverse user behaviors call for personalized services with heterogeneous Machine Learning (ML) models on different devices. Federated Multi-task Learning (FMTL) is proposed to train related but personalized ML models for different devices, whereas previous works suffer from excessive communication overhead during training and neglect the model heterogeneity among devices in MEC. Introducing knowledge distillation into FMTL can simultaneously enable efficient communication and model heterogeneity among clients, whereas existing methods rely on a public dataset, which is impractical in reality. To tackle this dilemma, Federated MultI-task Distillation for Multi-access Edge CompuTing (FedICT) is proposed. FedICT direct local-global knowledge aloof during bi-directional distillation processes between clients and the server, aiming to enable multi-task clients while alleviating client drift derived from divergent optimization directions of client-side local models. Specifically, FedICT includes Federated Prior Knowledge Distillation (FPKD) and Local Knowledge Adjustment (LKA). FPKD is proposed to reinforce the clients' fitting of local data by introducing prior knowledge of local data distributions. Moreover, LKA is proposed to correct the distillation loss of the server, making the transferred local knowledge better match the generalized representation. Experiments on three datasets show that FedICT significantly outperforms all compared benchmarks in various data heterogeneous and model architecture settings, achieving improved accuracy with less than 1.2% training communication overhead compared with FedAvg and no more than 75% training communication round compared with FedGKT.

Title: Federated Learning with Client-Exclusive Classes. (arXiv:2301.00489v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.00489
• Code URL: null
• Copy Paste: [[2301.00489] Federated Learning with Client-Exclusive Classes](http://arxiv.org/abs/2301.00489) #federate
• Summary:

  Existing federated classification algorithms typically assume the local annotations at every client cover the same set of classes. In this paper, we aim to lift such an assumption and focus on a more general yet practical non-IID setting where every client can work on non-identical and even disjoint sets of classes (i.e., client-exclusive classes), and the clients have a common goal which is to build a global classification model to identify the union of these classes. Such heterogeneity in client class sets poses a new challenge: how to ensure different clients are operating in the same latent space so as to avoid the drift after aggregation? We observe that the classes can be described in natural languages (i.e., class names) and these names are typically safe to share with all parties. Thus, we formulate the classification problem as a matching process between data representations and class representations and break the classification model into a data encoder and a label encoder. We leverage the natural-language class names as the common ground to anchor the class representations in the label encoder. In each iteration, the label encoder updates the class representations and regulates the data representations through matching. We further use the updated class representations at each round to annotate data samples for locally-unaware classes according to similarity and distill knowledge to local models. Extensive experiments on four real-world datasets show that the proposed method can outperform various classical and state-of-the-art federated learning methods designed for learning with non-IID data.

fair

Title: Political representation bias in DBpedia and Wikidata as a challenge for downstream processing. (arXiv:2301.00671v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2301.00671
• Code URL: null
• Copy Paste: [[2301.00671] Political representation bias in DBpedia and Wikidata as a challenge for downstream processing](http://arxiv.org/abs/2301.00671) #fair
• Summary:

  Diversity Searcher is a tool originally developed to help analyse diversity in news media texts. It relies on a form of automated content analysis and thus rests on prior assumptions and depends on certain design choices related to diversity and fairness. One such design choice is the external knowledge source(s) used. In this article, we discuss implications that these sources can have on the results of content analysis. We compare two data sources that Diversity Searcher has worked with - DBpedia and Wikidata - with respect to their ontological coverage and diversity, and describe implications for the resulting analyses of text corpora. We describe a case study of the relative over- or under-representation of Belgian political parties between 1990 and 2020 in the English-language DBpedia, the Dutch-language DBpedia, and Wikidata, and highlight the many decisions needed with regard to the design of this data analysis and the assumptions behind it, as well as implications from the results. In particular, we came across a staggering over-representation of the political right in the English-language DBpedia.

interpretability

Title: Second Thoughts are Best: Learning to Re-Align With Human Values from Text Edits. (arXiv:2301.00355v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2301.00355
• Code URL: null
• Copy Paste: [[2301.00355] Second Thoughts are Best: Learning to Re-Align With Human Values from Text Edits](http://arxiv.org/abs/2301.00355) #interpretability
• Summary:

  We present Second Thought, a new learning paradigm that enables language models (LMs) to re-align with human values. By modeling the chain-of-edits between value-unaligned and value-aligned text, with LM fine-tuning and additional refinement through reinforcement learning, Second Thought not only achieves superior performance in three value alignment benchmark datasets but also shows strong human-value transfer learning ability in few-shot scenarios. The generated editing steps also offer better interpretability and ease for interactive error correction. Extensive human evaluations further confirm its effectiveness.

Title: Tsetlin Machine Embedding: Representing Words Using Logical Expressions. (arXiv:2301.00709v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2301.00709
• Code URL: null
• Copy Paste: [[2301.00709] Tsetlin Machine Embedding: Representing Words Using Logical Expressions](http://arxiv.org/abs/2301.00709) #interpretability
• Summary:

  Embedding words in vector space is a fundamental first step in state-of-the-art natural language processing (NLP). Typical NLP solutions employ pre-defined vector representations to improve generalization by co-locating similar words in vector space. For instance, Word2Vec is a self-supervised predictive model that captures the context of words using a neural network. Similarly, GLoVe is a popular unsupervised model incorporating corpus-wide word co-occurrence statistics. Such word embedding has significantly boosted important NLP tasks, including sentiment analysis, document classification, and machine translation. However, the embeddings are dense floating-point vectors, making them expensive to compute and difficult to interpret. In this paper, we instead propose to represent the semantics of words with a few defining words that are related using propositional logic. To produce such logical embeddings, we introduce a Tsetlin Machine-based autoencoder that learns logical clauses self-supervised. The clauses consist of contextual words like "black," "cup," and "hot" to define other words like "coffee," thus being human-understandable. We evaluate our embedding approach on several intrinsic and extrinsic benchmarks, outperforming GLoVe on six classification tasks. Furthermore, we investigate the interpretability of our embedding using the logical representations acquired during training. We also visualize word clusters in vector space, demonstrating how our logical embedding co-locate similar words.

explainability

Title: A Concept Knowledge Graph for User Next Intent Prediction at Alipay. (arXiv:2301.00503v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2301.00503
• Code URL: null
• Copy Paste: [[2301.00503] A Concept Knowledge Graph for User Next Intent Prediction at Alipay](http://arxiv.org/abs/2301.00503) #explainability
• Summary:

  This paper illustrates the technologies of user next intent prediction with a concept knowledge graph. The system has been deployed on the Web at Alipay, serving more than 100 million daily active users. Specifically, we propose AlipayKG to explicitly characterize user intent, which is an offline concept knowledge graph in the Life-Service domain modeling the historical behaviors of users, the rich content interacted by users and the relations between them. We further introduce a Transformer-based model which integrates expert rules from the knowledge graph to infer the online user's next intent. Experimental results demonstrate that the proposed system can effectively enhance the performance of the downstream tasks while retaining explainability.

Title: GANExplainer: GAN-based Graph Neural Networks Explainer. (arXiv:2301.00012v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.00012
• Code URL: null
• Copy Paste: [[2301.00012] GANExplainer: GAN-based Graph Neural Networks Explainer](http://arxiv.org/abs/2301.00012) #explainability
• Summary:

  With the rapid deployment of graph neural networks (GNNs) based techniques into a wide range of applications such as link prediction, node classification, and graph classification the explainability of GNNs has become an indispensable component for predictive and trustworthy decision-making. Thus, it is critical to explain why graph neural network (GNN) makes particular predictions for them to be believed in many applications. Some GNNs explainers have been proposed recently. However, they lack to generate accurate and real explanations. To mitigate these limitations, we propose GANExplainer, based on Generative Adversarial Network (GAN) architecture. GANExplainer is composed of a generator to create explanations and a discriminator to assist with the Generator development. We investigate the explanation accuracy of our models by comparing the performance of GANExplainer with other state-of-the-art methods. Our empirical results on synthetic datasets indicate that GANExplainer improves explanation accuracy by up to 35\% compared to its alternatives.

watermark

diffusion

Title: Diffusion Model based Semi-supervised Learning on Brain Hemorrhage Images for Efficient Midline Shift Quantification. (arXiv:2301.00409v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2301.00409
• Code URL: null
• Copy Paste: [[2301.00409] Diffusion Model based Semi-supervised Learning on Brain Hemorrhage Images for Efficient Midline Shift Quantification](http://arxiv.org/abs/2301.00409) #diffusion
• Summary:

  Brain midline shift (MLS) is one of the most critical factors to be considered for clinical diagnosis and treatment decision-making for intracranial hemorrhage. Existing computational methods on MLS quantification not only require intensive labeling in millimeter-level measurement but also suffer from poor performance due to their dependence on specific landmarks or simplified anatomical assumptions. In this paper, we propose a novel semi-supervised framework to accurately measure the scale of MLS from head CT scans. We formulate the MLS measurement task as a deformation estimation problem and solve it using a few MLS slices with sparse labels. Meanwhile, with the help of diffusion models, we are able to use a great number of unlabeled MLS data and 2793 non-MLS cases for representation learning and regularization. The extracted representation reflects how the image is different from a non-MLS image and regularization serves an important role in the sparse-to-dense refinement of the deformation field. Our experiment on a real clinical brain hemorrhage dataset has achieved state-of-the-art performance and can generate interpretable deformation fields.

Title: Diffusion Probabilistic Models for Scene-Scale 3D Categorical Data. (arXiv:2301.00527v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2301.00527
• Code URL: https://github.com/zoomin-lee/scene-scale-diffusion
• Copy Paste: [[2301.00527] Diffusion Probabilistic Models for Scene-Scale 3D Categorical Data](http://arxiv.org/abs/2301.00527) #diffusion
• Summary:

  In this paper, we learn a diffusion model to generate 3D data on a scene-scale. Specifically, our model crafts a 3D scene consisting of multiple objects, while recent diffusion research has focused on a single object. To realize our goal, we represent a scene with discrete class labels, i.e., categorical distribution, to assign multiple objects into semantic categories. Thus, we extend discrete diffusion models to learn scene-scale categorical distributions. In addition, we validate that a latent diffusion model can reduce computation costs for training and deploying. To the best of our knowledge, our work is the first to apply discrete and latent diffusion for 3D categorical data on a scene-scale. We further propose to perform semantic scene completion (SSC) by learning a conditional distribution using our diffusion model, where the condition is a partial observation in a sparse point cloud. In experiments, we empirically show that our diffusion models not only generate reasonable scenes, but also perform the scene completion task better than a discriminative model. Our code and models are available at https://github.com/zoomin-lee/scene-scale-diffusion

Title: Muse: Text-To-Image Generation via Masked Generative Transformers. (arXiv:2301.00704v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2301.00704
• Code URL: null
• Copy Paste: [[2301.00704] Muse: Text-To-Image Generation via Masked Generative Transformers](http://arxiv.org/abs/2301.00704) #diffusion
• Summary:

  We present Muse, a text-to-image Transformer model that achieves state-of-the-art image generation performance while being significantly more efficient than diffusion or autoregressive models. Muse is trained on a masked modeling task in discrete token space: given the text embedding extracted from a pre-trained large language model (LLM), Muse is trained to predict randomly masked image tokens. Compared to pixel-space diffusion models, such as Imagen and DALL-E 2, Muse is significantly more efficient due to the use of discrete tokens and requiring fewer sampling iterations; compared to autoregressive models, such as Parti, Muse is more efficient due to the use of parallel decoding. The use of a pre-trained LLM enables fine-grained language understanding, translating to high-fidelity image generation and the understanding of visual concepts such as objects, their spatial relationships, pose, cardinality etc. Our 900M parameter model achieves a new SOTA on CC3M, with an FID score of 6.06. The Muse 3B parameter model achieves an FID of 7.88 on zero-shot COCO evaluation, along with a CLIP score of 0.32. Muse also directly enables a number of image editing applications without the need to fine-tune or invert the model: inpainting, outpainting, and mask-free editing. More results are available at https://muse-model.github.io

Title: Conditional Diffusion Based on Discrete Graph Structures for Molecular Graph Generation. (arXiv:2301.00427v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.00427
• Code URL: null
• Copy Paste: [[2301.00427] Conditional Diffusion Based on Discrete Graph Structures for Molecular Graph Generation](http://arxiv.org/abs/2301.00427) #diffusion
• Summary:

  Learning the underlying distribution of molecular graphs and generating high-fidelity samples is a fundamental research problem in drug discovery and material science. However, accurately modeling distribution and rapidly generating novel molecular graphs remain crucial and challenging goals. To accomplish these goals, we propose a novel Conditional Diffusion model based on discrete Graph Structures (CDGS) for molecular graph generation. Specifically, we construct a forward graph diffusion process on both graph structures and inherent features through stochastic differential equations (SDE) and derive discrete graph structures as the condition for reverse generative processes. We present a specialized hybrid graph noise prediction model that extracts the global context and the local node-edge dependency from intermediate graph states. We further utilize ordinary differential equation (ODE) solvers for efficient graph sampling, based on the semi-linear structure of the probability flow ODE. Experiments on diverse datasets validate the effectiveness of our framework. Particularly, the proposed method still generates high-quality molecular graphs in a limited number of steps.