secure

Title: Secure synchronization of artificial neural networks used to correct errors in quantum cryptography. (arXiv:2301.11440v1 [cs.CR])

Paper URL: http://arxiv.org/abs/2301.11440
Code URL: null
Copy Paste: [[2301.11440] Secure synchronization of artificial neural networks used to correct errors in quantum cryptography](http://arxiv.org/abs/2301.11440) #secure
Summary:
Quantum cryptography can provide a very high level of data security. However, a big challenge of this technique is errors in quantum channels. Therefore, error correction methods must be applied in real implementations. An example is error correction based on artificial neural networks. This paper considers the practical aspects of this recently proposed method and analyzes elements which influence security and efficiency. The synchronization process based on mutual learning processes is analyzed in detail. The results allowed us to determine the impact of various parameters. Additionally, the paper describes the recommended number of iterations for different structures of artificial neural networks and various error rates. All this aims to support users in choosing a suitable configuration of neural networks used to correct errors in a secure and efficient way.

Title: Vulnerablity analysis of Azure Blockchain Workbench key management system. (arXiv:2301.11569v1 [cs.CR])

Paper URL: http://arxiv.org/abs/2301.11569
Code URL: null
Copy Paste: [[2301.11569] Vulnerablity analysis of Azure Blockchain Workbench key management system](http://arxiv.org/abs/2301.11569) #secure
Summary:
With rise of blockchain popularity, more and more people seek to implement blockchain technology into their projects. Most common way is to take existing blockchain stack, such as Azure Blockchain Workbench or Oracle Blockchain Platform. While the blockchain technology is well-protected by its algorithms it is still vulnerable because its privacy relies on regular cryptography. And mistakes or vulnerabilities in key management protocols can affect even the most secure blockchain projects. This article considers question of vulnerabilities within Azure Blockchain Workbench key management system. We describe potential threats for each stage of key management lifecycle based on public reports and then assess how likely are those threats to realize within Azure Blockchain Workbench environment based on the technical documentation for Azure Blockchain Workbench and Azure Key Vault. Finally, we compile results of our assessment into the key management threat table with three distinct degrees of protection: fully protected, partially protected and not protected.

security

Title: Side Auth: Synthesizing Virtual Sensors for Authentication. (arXiv:2301.11745v1 [cs.CR])

Paper URL: http://arxiv.org/abs/2301.11745
Code URL: null
Copy Paste: [[2301.11745] Side Auth: Synthesizing Virtual Sensors for Authentication](http://arxiv.org/abs/2301.11745) #security
Summary:
While the embedded security research community aims to protect systems by reducing analog sensor side channels, our work argues that sensor side channels can be beneficial to defenders. This work introduces the general problem of synthesizing virtual sensors from existing circuits to authenticate physical sensors' measurands. We investigate how to apply this approach and present a preliminary analytical framework and definitions for sensor side channels. To illustrate the general concept, we provide a proof-of-concept case study to synthesize a virtual inertial measurement unit from a camera motion side channel. Our work also provides an example of applying this technique to protect facial recognition against silicon mask spoofing attacks. Finally, we discuss downstream problems of how to ensure that side channels benefit the defender, but not the adversary, during authentication.

privacy

Title: Universal Domain Adaptation for Remote Sensing Image Scene Classification. (arXiv:2301.11387v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2301.11387
Code URL: https://github.com/zhu-xlab/unida
Copy Paste: [[2301.11387] Universal Domain Adaptation for Remote Sensing Image Scene Classification](http://arxiv.org/abs/2301.11387) #privacy
Summary:
The domain adaptation (DA) approaches available to date are usually not well suited for practical DA scenarios of remote sensing image classification, since these methods (such as unsupervised DA) rely on rich prior knowledge about the relationship between label sets of source and target domains, and source data are often not accessible due to privacy or confidentiality issues. To this end, we propose a practical universal domain adaptation setting for remote sensing image scene classification that requires no prior knowledge on the label sets. Furthermore, a novel universal domain adaptation method without source data is proposed for cases when the source data is unavailable. The architecture of the model is divided into two parts: the source data generation stage and the model adaptation stage. The first stage estimates the conditional distribution of source data from the pre-trained model using the knowledge of class-separability in the source domain and then synthesizes the source data. With this synthetic source data in hand, it becomes a universal DA task to classify a target sample correctly if it belongs to any category in the source label set, or mark it as unknown" otherwise. In the second stage, a novel transferable weight that distinguishes the shared and private label sets in each domain promotes the adaptation in the automatically discovered shared label set and recognizes theunknown'' samples successfully. Empirical results show that the proposed model is effective and practical for remote sensing image scene classification, regardless of whether the source data is available or not. The code is available at https://github.com/zhu-xlab/UniDA.

Title: Privacy-Preserving Methods for Outlier-Resistant Average Consensus and Shallow Ranked Vote Leader Election. (arXiv:2301.11882v1 [cs.CR])

Paper URL: http://arxiv.org/abs/2301.11882
Code URL: null
Copy Paste: [[2301.11882] Privacy-Preserving Methods for Outlier-Resistant Average Consensus and Shallow Ranked Vote Leader Election](http://arxiv.org/abs/2301.11882) #privacy
Summary:
Consensus and leader election are fundamental problems in distributed systems. Consensus is the problem in which all processes in a distributed computation must agree on some value. Average consensus is a popular form of consensus, where the agreed upon value is the average of the initial values of all the processes. In a typical solution for consensus, each process learns the value of others' to determine the final decision. However, this is undesirable if processes want to keep their values secret from others.

With this motivation, we present a solution to privacy-preserving average consensus, where no process can learn the initial value of any other process. Additionally, we augment our approach to provide outlier resistance, where extreme values are not included in the average calculation. Privacy is fully preserved at every stage, including preventing any process from learning the identities of processes that hold outlier values. To our knowledge, this is the first privacy-preserving average consensus algorithm featuring outlier resistance.

In the context of leader election, each process votes for the one that it wants to be the leader. The goal is to ensure that the leader is elected in such a way that each vote remains secret and the sum of votes remain secret during the election. Only the final vote tally is available to all processes. This ensures that processes that vote early are not able to influence the votes of other processes. We augment our approach with shallow ranked voting by allowing processes to not only vote for a single process, but to designate a secondary process to vote towards in the event that their primary vote's candidate does not win the election.

Title: FedHP: Heterogeneous Federated Learning with Privacy-preserving. (arXiv:2301.11705v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2301.11705
Code URL: null
Copy Paste: [[2301.11705] FedHP: Heterogeneous Federated Learning with Privacy-preserving](http://arxiv.org/abs/2301.11705) #privacy
Summary:
Federated Learning is a distributed machine learning environment, which ensures that clients complete collaborative training without sharing private data, only by exchanging parameters. However, the data does not satisfy the same distribution and the computing resources of clients are different, which brings challenges to the related research. To better solve the above heterogeneous problems, we designed a novel federated learning method. The local model consists of the pre-trained model as the backbone and fully connected layers as the head. The backbone can extract features for the head, and the embedding vector of classes is shared between clients to optimize the head so that the local model can perform better. By sharing the embedding vector of classes, instead of parameters based on gradient space, clients can better adapt to private data, and it is more efficient in the communication between the server and clients. To better protect privacy, we proposed a privacy-preserving hybrid method to add noise to the embedding vector of classes, which has less impact on the local model performance under the premise of satisfying differential privacy. We conduct a comprehensive evaluation with other federated learning methods on the self-built vehicle dataset under non-independent identically distributed(Non-IID)

protect

Title: Khaos: The Impact of Inter-procedural Code Obfuscation on Binary Diffing Techniques. (arXiv:2301.11586v1 [cs.CR])

Paper URL: http://arxiv.org/abs/2301.11586
Code URL: null
Copy Paste: [[2301.11586] Khaos: The Impact of Inter-procedural Code Obfuscation on Binary Diffing Techniques](http://arxiv.org/abs/2301.11586) #protect
Summary:
Software obfuscation techniques can prevent binary diffing techniques from locating vulnerable code by obfuscating the third-party code, to achieve the purpose of protecting embedded device software. With the rapid development of binary diffing techniques, they can achieve more and more accurate function matching and identification by extracting the features within the function. This makes existing software obfuscation techniques, which mainly focus on the intra-procedural code obfuscation, no longer effective.

In this paper, we propose a new inter-procedural code obfuscation mechanism Khaos, which moves the code across functions to obfuscate the function by using compilation optimizations. Two obfuscation primitives are proposed to separate and aggregate the function, which are called fission and fusion respectively. A prototype of Khaos is implemented based on the LLVM compiler and evaluated on a large number of real-world programs including SPEC CPU 2006 & 2017, CoreUtils, JavaScript engines, etc. Experimental results show that Khaos outperforms existing code obfuscations and can significantly reduce the accuracy rates of five state-of-the-art binary diffing techniques (less than 19%) with lower runtime overhead (less than 7%).

Title: Learning to Unlearn: Instance-wise Unlearning for Pre-trained Classifiers. (arXiv:2301.11578v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2301.11578
Code URL: null
Copy Paste: [[2301.11578] Learning to Unlearn: Instance-wise Unlearning for Pre-trained Classifiers](http://arxiv.org/abs/2301.11578) #protect
Summary:
Since the recent advent of regulations for data protection (e.g., the General Data Protection Regulation), there has been increasing demand in deleting information learned from sensitive data in pre-trained models without retraining from scratch. The inherent vulnerability of neural networks towards adversarial attacks and unfairness also calls for a robust method to remove or correct information in an instance-wise fashion, while retaining the predictive performance across remaining data. To this end, we define instance-wise unlearning, of which the goal is to delete information on a set of instances from a pre-trained model, by either misclassifying each instance away from its original prediction or relabeling the instance to a different label. We also propose two methods that reduce forgetting on the remaining data: 1) utilizing adversarial examples to overcome forgetting at the representation-level and 2) leveraging weight importance metrics to pinpoint network parameters guilty of propagating unwanted information. Both methods only require the pre-trained model and data instances to forget, allowing painless application to real-life settings where the entire training set is unavailable. Through extensive experimentation on various image classification benchmarks, we show that our approach effectively preserves knowledge of remaining data while unlearning given instances in both single-task and continual unlearning scenarios.

defense

Title: Nik Defense: An Artificial Intelligence Based Defense Mechanism against Selfish Mining in Bitcoin. (arXiv:2301.11463v1 [cs.CR])

Paper URL: http://arxiv.org/abs/2301.11463
Code URL: https://github.com/alinikhalat/selfishmining
Copy Paste: [[2301.11463] Nik Defense: An Artificial Intelligence Based Defense Mechanism against Selfish Mining in Bitcoin](http://arxiv.org/abs/2301.11463) #defense
Summary:
The Bitcoin cryptocurrency has received much attention recently. In the network of Bitcoin, transactions are recorded in a ledger. In this network, the process of recording transactions depends on some nodes called miners that execute a protocol known as mining protocol. One of the significant aspects of mining protocol is incentive compatibility. However, literature has shown that Bitcoin mining's protocol is not incentive-compatible. Some nodes with high computational power can obtain more revenue than their fair share by adopting a type of attack called the selfish mining attack. In this paper, we propose an artificial intelligence-based defense against selfish mining attacks by applying the theory of learning automata. The proposed defense mechanism ignores private blocks by assigning weight based on block discovery time and changes current Bitcoin's fork resolving policy by evaluating branches' height difference in a self-adaptive manner utilizing learning automata. To the best of our knowledge, the proposed protocol is the literature's first learning-based defense mechanism. Simulation results have shown the superiority of the proposed mechanism against tie-breaking mechanism, which is a well-known defense. The simulation results have shown that the suggested defense mechanism increases the profit threshold up to 40\% and decreases the revenue of selfish attackers.

Title: CAPoW: Context-Aware AI-Assisted Proof of Work based DDoS Defense. (arXiv:2301.11767v1 [cs.CR])

Paper URL: http://arxiv.org/abs/2301.11767
Code URL: null
Copy Paste: [[2301.11767] CAPoW: Context-Aware AI-Assisted Proof of Work based DDoS Defense](http://arxiv.org/abs/2301.11767) #defense
Summary:
Critical servers can be secured against distributed denial of service (DDoS) attacks using proof of work (PoW) systems assisted by an Artificial Intelligence (AI) that learns contextual network request patterns. In this work, we introduce CAPoW, a context-aware anti-DDoS framework that injects latency adaptively during communication by utilizing context-aware PoW puzzles. In CAPoW, a security professional can define relevant request context attributes which can be learned by the AI system. These contextual attributes can include information about the user request, such as IP address, time, flow-level information, etc., and are utilized to generate a contextual score for incoming requests that influence the hardness of a PoW puzzle. These puzzles need to be solved by a user before the server begins to process their request. Solving puzzles slow down the volume of incoming adversarial requests. Additionally, the framework compels the adversary to incur a cost per request, hence making it expensive for an adversary to prolong a DDoS attack. We include the theoretical foundations of the CAPoW framework along with a description of its implementation and evaluation.

Title: PECAN: A Deterministic Certified Defense Against Backdoor Attacks. (arXiv:2301.11824v1 [cs.CR])

Paper URL: http://arxiv.org/abs/2301.11824
Code URL: null
Copy Paste: [[2301.11824] PECAN: A Deterministic Certified Defense Against Backdoor Attacks](http://arxiv.org/abs/2301.11824) #defense
Summary:
Neural networks are vulnerable to backdoor poisoning attacks, where the attackers maliciously poison the training set and insert triggers into the test input to change the prediction of the victim model. Existing defenses for backdoor attacks either provide no formal guarantees or come with expensive-to-compute and ineffective probabilistic guarantees. We present PECAN, an efficient and certified approach for defending against backdoor attacks. The key insight powering PECAN is to apply off-the-shelf test-time evasion certification techniques on a set of neural networks trained on disjoint partitions of the data. We evaluate PECAN on image classification and malware detection datasets. Our results demonstrate that PECAN can (1) significantly outperform the state-of-the-art certified backdoor defense, both in defense strength and efficiency, and (2) on real back-door attacks, PECAN can reduce attack success rate by order of magnitude when compared to a range of baselines from the literature.

attack

Title: Attacking Important Pixels for Anchor-free Detectors. (arXiv:2301.11457v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2301.11457
Code URL: null
Copy Paste: [[2301.11457] Attacking Important Pixels for Anchor-free Detectors](http://arxiv.org/abs/2301.11457) #attack
Summary:
Deep neural networks have been demonstrated to be vulnerable to adversarial attacks: subtle perturbation can completely change the prediction result. Existing adversarial attacks on object detection focus on attacking anchor-based detectors, which may not work well for anchor-free detectors. In this paper, we propose the first adversarial attack dedicated to anchor-free detectors. It is a category-wise attack that attacks important pixels of all instances of a category simultaneously. Our attack manifests in two forms, sparse category-wise attack (SCA) and dense category-wise attack (DCA), that minimize the $L_0$ and $L_\infty$ norm-based perturbations, respectively. For DCA, we present three variants, DCA-G, DCA-L, and DCA-S, that select a global region, a local region, and a semantic region, respectively, to attack. Our experiments on large-scale benchmark datasets including PascalVOC, MS-COCO, and MS-COCO Keypoints indicate that our proposed methods achieve state-of-the-art attack performance and transferability on both object detection and human pose estimation tasks.

Title: PCV: A Point Cloud-Based Network Verifier. (arXiv:2301.11806v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2301.11806
Code URL: null
Copy Paste: [[2301.11806] PCV: A Point Cloud-Based Network Verifier](http://arxiv.org/abs/2301.11806) #attack
Summary:
3D vision with real-time LiDAR-based point cloud data became a vital part of autonomous system research, especially perception and prediction modules use for object classification, segmentation, and detection. Despite their success, point cloud-based network models are vulnerable to multiple adversarial attacks, where the certain factor of changes in the validation set causes significant performance drop in well-trained networks. Most of the existing verifiers work perfectly on 2D convolution. Due to complex architecture, dimension of hyper-parameter, and 3D convolution, no verifiers can perform the basic layer-wise verification. It is difficult to conclude the robustness of a 3D vision model without performing the verification. Because there will be always corner cases and adversarial input that can compromise the model's effectiveness.

In this project, we describe a point cloud-based network verifier that successfully deals state of the art 3D classifier PointNet verifies the robustness by generating adversarial inputs. We have used extracted properties from the trained PointNet and changed certain factors for perturbation input. We calculate the impact on model accuracy versus property factor and can test PointNet network's robustness against a small collection of perturbing input states resulting from adversarial attacks like the suggested hybrid reverse signed attack. The experimental results reveal that the resilience property of PointNet is affected by our hybrid reverse signed perturbation strategy

Title: RAPTOR: Advanced Persistent Threat Detection in Industrial IoT via Attack Stage Correlation. (arXiv:2301.11524v1 [cs.CR])

Paper URL: http://arxiv.org/abs/2301.11524
Code URL: null
Copy Paste: [[2301.11524] RAPTOR: Advanced Persistent Threat Detection in Industrial IoT via Attack Stage Correlation](http://arxiv.org/abs/2301.11524) #attack
Summary:
IIoT (Industrial Internet-of-Things) systems are getting more prone to attacks by APT (Advanced Persistent Threat) adversaries. Past APT attacks on IIoT systems such as the 2016 Ukrainian power grid attack which cut off the capital Kyiv off power for an hour and the 2017 Saudi petrochemical plant attack which almost shut down the plant's safety controllers have shown that APT campaigns can disrupt industrial processes, shut down critical systems and endanger human lives. In this work, we propose RAPTOR, a system to detect APT campaigns in IIoT environments. RAPTOR detects and correlates various APT attack stages (adapted to IIoT) using multiple data sources. Subsequently, it constructs a high-level APT campaign graph which can be used by cybersecurity analysts towards attack analysis and mitigation. A performance evaluation of RAPTOR's APT stage detection stages shows high precision and low false positive/negative rates. We also show that RAPTOR is able to construct the APT campaign graph for APT attacks (modelled after real-world attacks on ICS/OT infrastructure) executed on our IIoT testbed.

Title: Targeted Attacks on Timeseries Forecasting. (arXiv:2301.11544v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2301.11544
Code URL: null
Copy Paste: [[2301.11544] Targeted Attacks on Timeseries Forecasting](http://arxiv.org/abs/2301.11544) #attack
Summary:
Real-world deep learning models developed for Time Series Forecasting are used in several critical applications ranging from medical devices to the security domain. Many previous works have shown how deep learning models are prone to adversarial attacks and studied their vulnerabilities. However, the vulnerabilities of time series models for forecasting due to adversarial inputs are not extensively explored. While the attack on a forecasting model might aim to deteriorate the performance of the model, it is more effective, if the attack is focused on a specific impact on the model's output. In this paper, we propose a novel formulation of Directional, Amplitudinal, and Temporal targeted adversarial attacks on time series forecasting models. These targeted attacks create a specific impact on the amplitude and direction of the output prediction. We use the existing adversarial attack techniques from the computer vision domain and adapt them for time series. Additionally, we propose a modified version of the Auto Projected Gradient Descent attack for targeted attacks. We examine the impact of the proposed targeted attacks versus untargeted attacks. We use KS-Tests to statistically demonstrate the impact of the attack. Our experimental results show how targeted attacks on time series models are viable and are more powerful in terms of statistical similarity. It is, hence difficult to detect through statistical methods. We believe that this work opens a new paradigm in the time series forecasting domain and represents an important consideration for developing better defenses.

Title: Improved Differential-neural Cryptanalysis for Round-reduced Simeck32/64. (arXiv:2301.11601v1 [cs.CR])

Paper URL: http://arxiv.org/abs/2301.11601
Code URL: null
Copy Paste: [[2301.11601] Improved Differential-neural Cryptanalysis for Round-reduced Simeck32/64](http://arxiv.org/abs/2301.11601) #attack
Summary:
In CRYPTO 2019, Gohr presented differential-neural cryptanalysis by building the differential distinguisher with a neural network, achieving practical 11-, and 12-round key recovery attack for Speck32/64. Inspired by this framework, we develop the Inception neural network that is compatible with the round function of Simeck to improve the accuracy of the neural distinguishers, thus improving the accuracy of (9-12)-round neural distinguishers for Simeck32/64. To provide solid baselines for neural distinguishers, we compute the full distribution of differences induced by one specific input difference up to 13-round Simeck32/64. Moreover, the performance of the DDT-based distinguishers in multiple ciphertext pairs is evaluated. Compared with the DDT-based distinguishers, the 9-, and 10-round neural distinguishers achieve better accuracy. Also, an in-depth analysis of the wrong key response profile revealed that the 12-th and 13-th bits of the subkey have little effect on the score of the neural distinguisher, thereby accelerating key recovery attacks. Finally, an enhanced 15-round and the first practical 16-, and 17-round attacks are implemented for Simeck32/64, and the success rate of both the 15-, and 16-round attacks is almost 100%.

Title: Adapting Step-size: A Unified Perspective to Analyze and Improve Gradient-based Methods for Adversarial Attacks. (arXiv:2301.11546v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2301.11546
Code URL: null
Copy Paste: [[2301.11546] Adapting Step-size: A Unified Perspective to Analyze and Improve Gradient-based Methods for Adversarial Attacks](http://arxiv.org/abs/2301.11546) #attack
Summary:
Learning adversarial examples can be formulated as an optimization problem of maximizing the loss function with some box-constraints. However, for solving this induced optimization problem, the state-of-the-art gradient-based methods such as FGSM, I-FGSM and MI-FGSM look different from their original methods especially in updating the direction, which makes it difficult to understand them and then leaves some theoretical issues to be addressed in viewpoint of optimization. In this paper, from the perspective of adapting step-size, we provide a unified theoretical interpretation of these gradient-based adversarial learning methods. We show that each of these algorithms is in fact a specific reformulation of their original gradient methods but using the step-size rules with only current gradient information. Motivated by such analysis, we present a broad class of adaptive gradient-based algorithms based on the regular gradient methods, in which the step-size strategy utilizing information of the accumulated gradients is integrated. Such adaptive step-size strategies directly normalize the scale of the gradients rather than use some empirical operations. The important benefit is that convergence for the iterative algorithms is guaranteed and then the whole optimization process can be stabilized. The experiments demonstrate that our AdaI-FGM consistently outperforms I-FGSM and AdaMI-FGM remains competitive with MI-FGSM for black-box attacks.

Title: Certified Invertibility in Neural Networks via Mixed-Integer Programming. (arXiv:2301.11783v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2301.11783
Code URL: null
Copy Paste: [[2301.11783] Certified Invertibility in Neural Networks via Mixed-Integer Programming](http://arxiv.org/abs/2301.11783) #attack
Summary:
Neural networks are notoriously vulnerable to adversarial attacks -- small imperceptible perturbations that can change the network's output drastically. In the reverse direction, there may exist large, meaningful perturbations that leave the network's decision unchanged (excessive invariance, nonivertibility). We study the latter phenomenon in two contexts: (a) discrete-time dynamical system identification, as well as (b) calibration of the output of one neural network to the output of another (neural network matching). For ReLU networks and $L_p$ norms ($p=1,2,\infty$), we formulate these optimization problems as mixed-integer programs (MIPs) that apply to neural network approximators of dynamical systems. We also discuss the applicability of our results to invertibility certification in transformations between neural networks (e.g. at different levels of pruning).

robust

Title: Multimodal Event Transformer for Image-guided Story Ending Generation. (arXiv:2301.11357v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2301.11357
Code URL: null
Copy Paste: [[2301.11357] Multimodal Event Transformer for Image-guided Story Ending Generation](http://arxiv.org/abs/2301.11357) #robust
Summary:
Image-guided story ending generation (IgSEG) is to generate a story ending based on given story plots and ending image. Existing methods focus on cross-modal feature fusion but overlook reasoning and mining implicit information from story plots and ending image. To tackle this drawback, we propose a multimodal event transformer, an event-based reasoning framework for IgSEG. Specifically, we construct visual and semantic event graphs from story plots and ending image, and leverage event-based reasoning to reason and mine implicit information in a single modality. Next, we connect visual and semantic event graphs and utilize cross-modal fusion to integrate different-modality features. In addition, we propose a multimodal injector to adaptive pass essential information to decoder. Besides, we present an incoherence detection to enhance the understanding context of a story plot and the robustness of graph modeling for our model. Experimental results show that our method achieves state-of-the-art performance for the image-guided story ending generation.

Title: Rethinking 1x1 Convolutions: Can we train CNNs with Frozen Random Filters?. (arXiv:2301.11360v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2301.11360
Code URL: null
Copy Paste: [[2301.11360] Rethinking 1x1 Convolutions: Can we train CNNs with Frozen Random Filters?](http://arxiv.org/abs/2301.11360) #robust
Summary:
Modern CNNs are learning the weights of vast numbers of convolutional operators. In this paper, we raise the fundamental question if this is actually necessary. We show that even in the extreme case of only randomly initializing and never updating spatial filters, certain CNN architectures can be trained to surpass the accuracy of standard training. By reinterpreting the notion of pointwise ($1\times 1$) convolutions as an operator to learn linear combinations (LC) of frozen (random) spatial filters, we are able to analyze these effects and propose a generic LC convolution block that allows tuning of the linear combination rate. Empirically, we show that this approach not only allows us to reach high test accuracies on CIFAR and ImageNet but also has favorable properties regarding model robustness, generalization, sparsity, and the total number of necessary weights. Additionally, we propose a novel weight sharing mechanism, which allows sharing of a single weight tensor between all spatial convolution layers to massively reduce the number of weights.

Title: Revisiting Discriminative Entropy Clustering and its relation to K-means. (arXiv:2301.11405v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2301.11405
Code URL: null
Copy Paste: [[2301.11405] Revisiting Discriminative Entropy Clustering and its relation to K-means](http://arxiv.org/abs/2301.11405) #robust
Summary:
Maximization of mutual information between the model's input and output is formally related to "decisiveness" and "fairness" of the softmax predictions, motivating such unsupervised entropy-based losses for discriminative neural networks. Recent self-labeling methods based on such losses represent the state of the art in deep clustering. However, some important properties of entropy clustering are not well-known, or even misunderstood. For example, we provide a counterexample to prior claims about equivalence to variance clustering (K-means) and point out technical mistakes in such theories. We discuss the fundamental differences between these discriminative and generative clustering approaches. Moreover, we show the susceptibility of standard entropy clustering to narrow margins and motivate an explicit margin maximization term. We also propose an improved self-labeling loss; it is robust to pseudo-labeling errors and enforces stronger fairness. We develop an EM algorithm for our loss that is significantly faster than the standard alternatives. Our results improve the state-of-the-art on standard benchmarks.

Title: Semidefinite Relaxations for Robust Multiview Triangulation. (arXiv:2301.11431v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2301.11431
Code URL: null
Copy Paste: [[2301.11431] Semidefinite Relaxations for Robust Multiview Triangulation](http://arxiv.org/abs/2301.11431) #robust
Summary:
We propose the first convex relaxation for multiview triangulation that is robust to both noise and outliers. To this end, we extend existing semidefinite relaxation approaches to loss functions that include a truncated least squares cost to account for outliers. We propose two formulations, one based on epipolar constraints and one based on the fractional reprojection equations. The first is lower dimensional and remains tight under moderate noise and outlier levels, while the second is higher dimensional and therefore slower but remains tight even under extreme noise and outlier levels. We demonstrate through extensive experiments that the proposed approach allows us to compute provably optimal reconstructions and that empirically the relaxations remain tight even under significant noise and a large percentage of outliers.

Title: Robust Transformer with Locality Inductive Bias and Feature Normalization. (arXiv:2301.11553v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2301.11553
Code URL: null
Copy Paste: [[2301.11553] Robust Transformer with Locality Inductive Bias and Feature Normalization](http://arxiv.org/abs/2301.11553) #robust
Summary:
Vision transformers have been demonstrated to yield state-of-the-art results on a variety of computer vision tasks using attention-based networks. However, research works in transformers mostly do not investigate robustness/accuracy trade-off, and they still struggle to handle adversarial perturbations. In this paper, we explore the robustness of vision transformers against adversarial perturbations and try to enhance their robustness/accuracy trade-off in white box attack settings. To this end, we propose Locality iN Locality (LNL) transformer model. We prove that the locality introduction to LNL contributes to the robustness performance since it aggregates local information such as lines, edges, shapes, and even objects. In addition, to further improve the robustness performance, we encourage LNL to extract training signal from the moments (a.k.a., mean and standard deviation) and the normalized features. We validate the effectiveness and generality of LNL by achieving state-of-the-art results in terms of accuracy and robustness metrics on German Traffic Sign Recognition Benchmark (GTSRB) and Canadian Institute for Advanced Research (CIFAR-10). More specifically, for traffic sign classification, the proposed LNL yields gains of 1.1% and ~35% in terms of clean and robustness accuracy compared to the state-of-the-art studies.

Title: Leveraging the Third Dimension in Contrastive Learning. (arXiv:2301.11790v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2301.11790
Code URL: null
Copy Paste: [[2301.11790] Leveraging the Third Dimension in Contrastive Learning](http://arxiv.org/abs/2301.11790) #robust
Summary:
Self-Supervised Learning (SSL) methods operate on unlabeled data to learn robust representations useful for downstream tasks. Most SSL methods rely on augmentations obtained by transforming the 2D image pixel map. These augmentations ignore the fact that biological vision takes place in an immersive three-dimensional, temporally contiguous environment, and that low-level biological vision relies heavily on depth cues. Using a signal provided by a pretrained state-of-the-art monocular RGB-to-depth model (the \emph{Depth Prediction Transformer}, Ranftl et al., 2021), we explore two distinct approaches to incorporating depth signals into the SSL framework. First, we evaluate contrastive learning using an RGB+depth input representation. Second, we use the depth signal to generate novel views from slightly different camera positions, thereby producing a 3D augmentation for contrastive learning. We evaluate these two approaches on three different SSL methods -- BYOL, SimSiam, and SwAV -- using ImageNette (10 class subset of ImageNet), ImageNet-100 and ImageNet-1k datasets. We find that both approaches to incorporating depth signals improve the robustness and generalization of the baseline SSL methods, though the first approach (with depth-channel concatenation) is superior. For instance, BYOL with the additional depth channel leads to an increase in downstream classification accuracy from 85.3\% to 88.0\% on ImageNette and 84.1\% to 87.0\% on ImageNet-C.

Title: Neural-Symbolic Inference for Robust Autoregressive Graph Parsing via Compositional Uncertainty Quantification. (arXiv:2301.11459v1 [cs.CL])

Paper URL: http://arxiv.org/abs/2301.11459
Code URL: https://github.com/google/uncertainty-baselines
Copy Paste: [[2301.11459] Neural-Symbolic Inference for Robust Autoregressive Graph Parsing via Compositional Uncertainty Quantification](http://arxiv.org/abs/2301.11459) #robust
Summary:
Pre-trained seq2seq models excel at graph semantic parsing with rich annotated data, but generalize worse to out-of-distribution (OOD) and long-tail examples. In comparison, symbolic parsers under-perform on population-level metrics, but exhibit unique strength in OOD and tail generalization. In this work, we study compositionality-aware approach to neural-symbolic inference informed by model confidence, performing fine-grained neural-symbolic reasoning at subgraph level (i.e., nodes and edges) and precisely targeting subgraph components with high uncertainty in the neural parser. As a result, the method combines the distinct strength of the neural and symbolic approaches in capturing different aspects of the graph prediction, leading to well-rounded generalization performance both across domains and in the tail. We empirically investigate the approach in the English Resource Grammar (ERG) parsing problem on a diverse suite of standard in-domain and seven OOD corpora. Our approach leads to 35.26% and 35.60% error reduction in aggregated Smatch score over neural and symbolic approaches respectively, and 14% absolute accuracy gain in key tail linguistic categories over the neural model, outperforming prior state-of-art methods that do not account for compositionality or uncertainty.

Title: Probing Out-of-Distribution Robustness of Language Models with Parameter-Efficient Transfer Learning Methods. (arXiv:2301.11660v1 [cs.CL])

Paper URL: http://arxiv.org/abs/2301.11660
Code URL: null
Copy Paste: [[2301.11660] Probing Out-of-Distribution Robustness of Language Models with Parameter-Efficient Transfer Learning Methods](http://arxiv.org/abs/2301.11660) #robust
Summary:
As the size of the pre-trained language model (PLM) continues to increase, numerous parameter-efficient transfer learning methods have been proposed recently to compensate for the tremendous cost of fine-tuning. Despite the impressive results achieved by large pre-trained language models (PLMs) and various parameter-efficient transfer learning (PETL) methods on sundry benchmarks, it remains unclear if they can handle inputs that have been distributionally shifted effectively. In this study, we systematically explore how the ability to detect out-of-distribution (OOD) changes as the size of the PLM grows or the transfer methods are altered. Specifically, we evaluated various PETL techniques, including fine-tuning, Adapter, LoRA, and prefix-tuning, on three different intention classification tasks, each utilizing various language models with different scales.

Title: A Robust Optimisation Perspective on Counterexample-Guided Repair of Neural Networks. (arXiv:2301.11342v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2301.11342
Code URL: https://github.com/sen-uni-kn/specrepair
Copy Paste: [[2301.11342] A Robust Optimisation Perspective on Counterexample-Guided Repair of Neural Networks](http://arxiv.org/abs/2301.11342) #robust
Summary:
Counterexample-guided repair aims at creating neural networks with mathematical safety guarantees, facilitating the application of neural networks in safety-critical domains. However, whether counterexample-guided repair is guaranteed to terminate remains an open question. We approach this question by showing that counterexample-guided repair can be viewed as a robust optimisation algorithm. While termination guarantees for neural network repair itself remain beyond our reach, we prove termination for more restrained machine learning models and disprove termination in a general setting. We empirically study the practical implications of our theoretical results, demonstrating the suitability of common verifiers and falsifiers for repair despite a disadvantageous theoretical result. Additionally, we use our theoretical insights to devise a novel algorithm for repairing linear regression models, surpassing existing approaches.

Title: Policy Optimization with Robustness Certificates. (arXiv:2301.11374v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2301.11374
Code URL: null
Copy Paste: [[2301.11374] Policy Optimization with Robustness Certificates](http://arxiv.org/abs/2301.11374) #robust
Summary:
We present a policy optimization framework in which the learned policy comes with a machine-checkable certificate of adversarial robustness. Our approach, called CAROL, learns a model of the environment. In each learning iteration, it uses the current version of this model and an external abstract interpreter to construct a differentiable signal for provable robustness. This signal is used to guide policy learning, and the abstract interpretation used to construct it directly leads to the robustness certificate returned at convergence. We give a theoretical analysis that bounds the worst-case accumulative reward of CAROL. We also experimentally evaluate CAROL on four MuJoCo environments. On these tasks, which involve continuous state and action spaces, CAROL learns certified policies that have performance comparable to the (non-certified) policies learned using state-of-the-art robust RL methods.

Title: MG-GNN: Multigrid Graph Neural Networks for Learning Multilevel Domain Decomposition Methods. (arXiv:2301.11378v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2301.11378
Code URL: https://github.com/jrd971000/code-multilevel-mloras
Copy Paste: [[2301.11378] MG-GNN: Multigrid Graph Neural Networks for Learning Multilevel Domain Decomposition Methods](http://arxiv.org/abs/2301.11378) #robust
Summary:
Domain decomposition methods (DDMs) are popular solvers for discretized systems of partial differential equations (PDEs), with one-level and multilevel variants. These solvers rely on several algorithmic and mathematical parameters, prescribing overlap, subdomain boundary conditions, and other properties of the DDM. While some work has been done on optimizing these parameters, it has mostly focused on the one-level setting or special cases such as structured-grid discretizations with regular subdomain construction. In this paper, we propose multigrid graph neural networks (MG-GNN), a novel GNN architecture for learning optimized parameters in two-level DDMs\@. We train MG-GNN using a new unsupervised loss function, enabling effective training on small problems that yields robust performance on unstructured grids that are orders of magnitude larger than those in the training set. We show that MG-GNN outperforms popular hierarchical graph network architectures for this optimization and that our proposed loss function is critical to achieving this improved performance.

Title: Learning Modulo Theories. (arXiv:2301.11435v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2301.11435
Code URL: null
Copy Paste: [[2301.11435] Learning Modulo Theories](http://arxiv.org/abs/2301.11435) #robust
Summary:
Recent techniques that integrate \emph{solver layers} into Deep Neural Networks (DNNs) have shown promise in bridging a long-standing gap between inductive learning and symbolic reasoning techniques. In this paper we present a set of techniques for integrating \emph{Satisfiability Modulo Theories} (SMT) solvers into the forward and backward passes of a deep network layer, called SMTLayer. Using this approach, one can encode rich domain knowledge into the network in the form of mathematical formulas. In the forward pass, the solver uses symbols produced by prior layers, along with these formulas, to construct inferences; in the backward pass, the solver informs updates to the network, driving it towards representations that are compatible with the solver's theory. Notably, the solver need not be differentiable. We implement \layername as a Pytorch module, and our empirical results show that it leads to models that \emph{1)} require fewer training samples than conventional models, \emph{2)} that are robust to certain types of covariate shift, and \emph{3)} that ultimately learn representations that are consistent with symbolic knowledge, and thus naturally interpretable.

Title: OccRob: Efficient SMT-Based Occlusion Robustness Verification of Deep Neural Networks. (arXiv:2301.11912v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2301.11912
Code URL: null
Copy Paste: [[2301.11912] OccRob: Efficient SMT-Based Occlusion Robustness Verification of Deep Neural Networks](http://arxiv.org/abs/2301.11912) #robust
Summary:
Occlusion is a prevalent and easily realizable semantic perturbation to deep neural networks (DNNs). It can fool a DNN into misclassifying an input image by occluding some segments, possibly resulting in severe errors. Therefore, DNNs planted in safety-critical systems should be verified to be robust against occlusions prior to deployment. However, most existing robustness verification approaches for DNNs are focused on non-semantic perturbations and are not suited to the occlusion case. In this paper, we propose the first efficient, SMT-based approach for formally verifying the occlusion robustness of DNNs. We formulate the occlusion robustness verification problem and prove it is NP-complete. Then, we devise a novel approach for encoding occlusions as a part of neural networks and introduce two acceleration techniques so that the extended neural networks can be efficiently verified using off-the-shelf, SMT-based neural network verification tools. We implement our approach in a prototype called OccRob and extensively evaluate its performance on benchmark datasets with various occlusion variants. The experimental results demonstrate our approach's effectiveness and efficiency in verifying DNNs' robustness against various occlusions, and its ability to generate counterexamples when these DNNs are not robust.

biometric

steal

extraction

Title: Semi-Parametric Video-Grounded Text Generation. (arXiv:2301.11507v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2301.11507
Code URL: null
Copy Paste: [[2301.11507] Semi-Parametric Video-Grounded Text Generation](http://arxiv.org/abs/2301.11507) #extraction
Summary:
Efficient video-language modeling should consider the computational cost because of a large, sometimes intractable, number of video frames. Parametric approaches such as the attention mechanism may not be ideal since its computational cost quadratically increases as the video length increases. Rather, previous studies have relied on offline feature extraction or frame sampling to represent the video efficiently, focusing on cross-modal modeling in short video clips. In this paper, we propose a semi-parametric video-grounded text generation model, SeViT, a novel perspective on scalable video-language modeling toward long untrimmed videos. Treating a video as an external data store, SeViT includes a non-parametric frame retriever to select a few query-relevant frames from the data store for a given query and a parametric generator to effectively aggregate the frames with the query via late fusion methods. Experimental results demonstrate our method has a significant advantage in longer videos and causal video understanding. Moreover, our model achieves the new state of the art on four video-language datasets, iVQA (+4.8), Next-QA (+6.9), and Activitynet-QA (+4.8) in accuracy, and MSRVTT-Caption (+3.6) in CIDEr.

Title: Task formulation for Extracting Social Determinants of Health from Clinical Narratives. (arXiv:2301.11386v1 [cs.CL])

Paper URL: http://arxiv.org/abs/2301.11386
Code URL: null
Copy Paste: [[2301.11386] Task formulation for Extracting Social Determinants of Health from Clinical Narratives](http://arxiv.org/abs/2301.11386) #extraction
Summary:
Objective: The 2022 n2c2 NLP Challenge posed identification of social determinants of health (SDOH) in clinical narratives. We present three systems that we developed for the Challenge and discuss the distinctive task formulation used in each of the three systems. Materials and Methods: The first system identifies target pieces of information independently using machine learning classifiers. The second system uses a large language model (LLM) to extract complete structured outputs per document. The third system extracts candidate phrases using machine learning and identifies target relations with hand-crafted rules. Results: The three systems achieved F1 scores of 0.884, 0.831, and 0.663 in the Subtask A of the Challenge, which are ranked third, seventh, and eighth among the 15 participating teams. The review of the extraction results from our systems reveals characteristics of each approach and those of the SODH extraction task. Discussion: Phrases and relations annotated in the task is unique and diverse, not conforming to the conventional event extraction task. These annotations are difficult to model with limited training data. The system that extracts information independently, ignoring the annotated relations, achieves the highest F1 score. Meanwhile, LLM with its versatile capability achieves the high F1 score, while respecting the annotated relations. The rule-based system tackling relation extraction obtains the low F1 score, while it is the most explainable approach. Conclusion: The F1 scores of the three systems vary in this challenge setting, but each approach has advantages and disadvantages in a practical application. The selection of the approach depends not only on the F1 score but also on the requirements in the application.

Title: Theme-driven Keyphrase Extraction from Social Media on Opioid Recovery. (arXiv:2301.11508v1 [cs.CL])

Paper URL: http://arxiv.org/abs/2301.11508
Code URL: null
Copy Paste: [[2301.11508] Theme-driven Keyphrase Extraction from Social Media on Opioid Recovery](http://arxiv.org/abs/2301.11508) #extraction
Summary:
An emerging trend on social media platforms is their use as safe spaces for peer support. Particularly in healthcare, where many medical conditions contain harsh stigmas, social media has become a stigma-free way to engage in dialogues regarding symptoms, treatments, and personal experiences. Many existing works have employed NLP algorithms to facilitate quantitative analysis of health trends. Notably absent from existing works are keyphrase extraction (KE) models for social health posts-a task crucial to discovering emerging public health trends. This paper presents a novel, theme-driven KE dataset, SuboxoPhrase, and a qualitative annotation scheme with an overarching goal of extracting targeted clinically-relevant keyphrases. To the best of our knowledge, this is the first study to design a KE schema for social media healthcare texts. To demonstrate the value of this approach, this study analyzes Reddit posts regarding medications for opioid use disorder, a paramount health concern worldwide. Additionally, we benchmark ten off-the-shelf KE models on our new dataset, demonstrating the unique extraction challenges in modeling user-generated health texts. The proposed theme-driven KE approach lays the foundation of future work on efficient, large-scale analysis of social health texts, allowing researchers to surface useful public health trends, patterns, and knowledge gaps.

Title: Event Causality Extraction with Event Argument Correlations. (arXiv:2301.11621v1 [cs.CL])

Paper URL: http://arxiv.org/abs/2301.11621
Code URL: https://github.com/cuishiyao96/ece
Copy Paste: [[2301.11621] Event Causality Extraction with Event Argument Correlations](http://arxiv.org/abs/2301.11621) #extraction
Summary:
Event Causality Identification (ECI), which aims to detect whether a causality relation exists between two given textual events, is an important task for event causality understanding. However, the ECI task ignores crucial event structure and cause-effect causality component information, making it struggle for downstream applications. In this paper, we explore a novel task, namely Event Causality Extraction (ECE), aiming to extract the cause-effect event causality pairs with their structured event information from plain texts. The ECE task is more challenging since each event can contain multiple event arguments, posing fine-grained correlations between events to decide the causeeffect event pair. Hence, we propose a method with a dual grid tagging scheme to capture the intra- and inter-event argument correlations for ECE. Further, we devise a event type-enhanced model architecture to realize the dual grid tagging scheme. Experiments demonstrate the effectiveness of our method, and extensive analyses point out several future directions for ECE.

Title: Graph Attention with Hierarchies for Multi-hop Question Answering. (arXiv:2301.11792v1 [cs.CL])

Paper URL: http://arxiv.org/abs/2301.11792
Code URL: null
Copy Paste: [[2301.11792] Graph Attention with Hierarchies for Multi-hop Question Answering](http://arxiv.org/abs/2301.11792) #extraction
Summary:
Multi-hop QA (Question Answering) is the task of finding the answer to a question across multiple documents. In recent years, a number of Deep Learning-based approaches have been proposed to tackle this complex task, as well as a few standard benchmarks to assess models Multi-hop QA capabilities. In this paper, we focus on the well-established HotpotQA benchmark dataset, which requires models to perform answer span extraction as well as support sentence prediction. We present two extensions to the SOTA Graph Neural Network (GNN) based model for HotpotQA, Hierarchical Graph Network (HGN): (i) we complete the original hierarchical structure by introducing new edges between the query and context sentence nodes; (ii) in the graph propagation step, we propose a novel extension to Hierarchical Graph Attention Network GATH (Graph ATtention with Hierarchies) that makes use of the graph hierarchy to update the node representations in a sequential fashion. Experiments on HotpotQA demonstrate the efficiency of the proposed modifications and support our assumptions about the effects of model related variables.

Title: Feature space exploration as an alternative for design space exploration beyond the parametric space. (arXiv:2301.11416v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2301.11416
Code URL: null
Copy Paste: [[2301.11416] Feature space exploration as an alternative for design space exploration beyond the parametric space](http://arxiv.org/abs/2301.11416) #extraction
Summary:
This paper compares the parametric design space with a feature space generated by the extraction of design features using deep learning (DL) as an alternative way for design space exploration. In this comparison, the parametric design space is constructed by creating a synthetic dataset of 15.000 elements using a parametric algorithm and reducing its dimensions for visualization. The feature space - reduced-dimensionality vector space of embedded data features - is constructed by training a DL model on the same dataset. We analyze and compare the extracted design features by reducing their dimension and visualizing the results. We demonstrate that parametric design space is narrow in how it describes the design solutions because it is based on the combination of individual parameters. In comparison, we observed that the feature design space can intuitively represent design solutions according to complex parameter relationships. Based on our results, we discuss the potential of translating the features learned by DL models to provide a mechanism for intuitive design exploration space and visualization of possible design solutions.

membership infer

federate

Title: Personalised Federated Learning On Heterogeneous Feature Spaces. (arXiv:2301.11447v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2301.11447
Code URL: null
Copy Paste: [[2301.11447] Personalised Federated Learning On Heterogeneous Feature Spaces](http://arxiv.org/abs/2301.11447) #federate
Summary:
Most personalised federated learning (FL) approaches assume that raw data of all clients are defined in a common subspace i.e. all clients store their data according to the same schema. For real-world applications, this assumption is restrictive as clients, having their own systems to collect and then store data, may use heterogeneous data representations. We aim at filling this gap. To this end, we propose a general framework coined FLIC that maps client's data onto a common feature space via local embedding functions. The common feature space is learnt in a federated manner using Wasserstein barycenters while the local embedding functions are trained on each client via distribution alignment. We integrate this distribution alignement mechanism into a federated learning approach and provide the algorithmics of FLIC. We compare its performances against FL benchmarks involving heterogeneous input features spaces. In addition, we provide theoretical insights supporting the relevance of our methodology.

fair

Title: Learning Informative Representation for Fairness-aware Multivariate Time-series Forecasting: A Group-based Perspective. (arXiv:2301.11535v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2301.11535
Code URL: null
Copy Paste: [[2301.11535] Learning Informative Representation for Fairness-aware Multivariate Time-series Forecasting: A Group-based Perspective](http://arxiv.org/abs/2301.11535) #fair
Summary:
Multivariate time series (MTS) forecasting has penetrated and benefited our daily life. However, the unfair forecasting of MTSs not only degrades their practical benefit but even brings about serious potential risk. Such unfair MTS forecasting may be attributed to variable disparity leading to advantaged and disadvantaged variables. This issue has rarely been studied in the existing MTS forecasting models. To address this significant gap, we formulate the MTS fairness modeling problem as learning informative representations attending to both advantaged and disadvantaged variables. Accordingly, we propose a novel framework, named FairFor, for fairness-aware MTS forecasting. FairFor is based on adversarial learning to generate both group-irrelevant and -relevant representations for the downstream forecasting. FairFor first adopts the recurrent graph convolution to capture spatio-temporal variable correlations and to group variables by leveraging a spectral relaxation of the K-means objective. Then, it utilizes a novel filtering & fusion module to filter the group-relevant information and generate group-irrelevant representations by orthogonality regularization. The group-irrelevant and -relevant representations form highly informative representations, facilitating to share the knowledge from advantaged variables to disadvantaged variables and guarantee fairness. Extensive experiments on four public datasets demonstrate the FairFor effectiveness for fair forecasting and significant performance improvement.

Title: Variance, Self-Consistency, and Arbitrariness in Fair Classification. (arXiv:2301.11562v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2301.11562
Code URL: null
Copy Paste: [[2301.11562] Variance, Self-Consistency, and Arbitrariness in Fair Classification](http://arxiv.org/abs/2301.11562) #fair
Summary:
In fair classification, it is common to train a model, and to compare and correct subgroup-specific error rates for disparities. However, even if a model's classification decisions satisfy a fairness metric, it is not necessarily the case that these decisions are equally confident. This becomes clear if we measure variance: We can fix everything in the learning process except the subset of training data, train multiple models, measure (dis)agreement in predictions for each test example, and interpret disagreement to mean that the learning process is more unstable with respect to its classification decision. Empirically, some decisions can in fact be so unstable that they are effectively arbitrary. To reduce this arbitrariness, we formalize a notion of self-consistency of a learning process, develop an ensembling algorithm that provably increases self-consistency, and empirically demonstrate its utility to often improve both fairness and accuracy. Further, our evaluation reveals a startling observation: Applying ensembling to common fair classification benchmarks can significantly reduce subgroup error rate disparities, without employing common pre-, in-, or post-processing fairness interventions. Taken together, our results indicate that variance, particularly on small datasets, can muddle the reliability of conclusions about fairness. One solution is to develop larger benchmark tasks. To this end, we release a toolkit that makes the Home Mortgage Disclosure Act datasets easily usable for future research.

Title: Aleatoric and Epistemic Discrimination in Classification. (arXiv:2301.11781v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2301.11781
Code URL: null
Copy Paste: [[2301.11781] Aleatoric and Epistemic Discrimination in Classification](http://arxiv.org/abs/2301.11781) #fair
Summary:
Machine learning (ML) models can underperform on certain population groups due to choices made during model development and bias inherent in the data. We categorize sources of discrimination in the ML pipeline into two classes: aleatoric discrimination, which is inherent in the data distribution, and epistemic discrimination, which is due to decisions during model development. We quantify aleatoric discrimination by determining the performance limits of a model under fairness constraints, assuming perfect knowledge of the data distribution. We demonstrate how to characterize aleatoric discrimination by applying Blackwell's results on comparing statistical experiments. We then quantify epistemic discrimination as the gap between a model's accuracy given fairness constraints and the limit posed by aleatoric discrimination. We apply this approach to benchmark existing interventions and investigate fairness risks in data with missing values. Our results indicate that state-of-the-art fairness interventions are effective at removing epistemic discrimination. However, when data has missing values, there is still significant room for improvement in handling aleatoric discrimination.

interpretability

Title: Multi-dimensional concept discovery (MCD): A unifying framework with completeness guarantees. (arXiv:2301.11911v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2301.11911
Code URL: null
Copy Paste: [[2301.11911] Multi-dimensional concept discovery (MCD): A unifying framework with completeness guarantees](http://arxiv.org/abs/2301.11911) #interpretability
Summary:
The completeness axiom renders the explanation of a post-hoc XAI method only locally faithful to the model, i.e. for a single decision. For the trustworthy application of XAI, in particular for high-stake decisions, a more global model understanding is required. Recently, concept-based methods have been proposed, which are however not guaranteed to be bound to the actual model reasoning. To circumvent this problem, we propose Multi-dimensional Concept Discovery (MCD) as an extension of previous approaches that fulfills a completeness relation on the level of concepts. Our method starts from general linear subspaces as concepts and does neither require reinforcing concept interpretability nor re-training of model parts. We propose sparse subspace clustering to discover improved concepts and fully leverage the potential of multi-dimensional subspaces. MCD offers two complementary analysis tools for concepts in input space: (1) concept activation maps, that show where a concept is expressed within a sample, allowing for concept characterization through prototypical samples, and (2) concept relevance heatmaps, that decompose the model decision into concept contributions. Both tools together enable a detailed understanding of the model reasoning, which is guaranteed to relate to the model via a completeness relation. This paves the way towards more trustworthy concept-based XAI. We empirically demonstrate the superiority of MCD against more constrained concept definitions.

explainability

watermark

diffusion

Title: 3DShape2VecSet: A 3D Shape Representation for Neural Fields and Generative Diffusion Models. (arXiv:2301.11445v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2301.11445
Code URL: null
Copy Paste: [[2301.11445] 3DShape2VecSet: A 3D Shape Representation for Neural Fields and Generative Diffusion Models](http://arxiv.org/abs/2301.11445) #diffusion
Summary:
We introduce 3DShape2VecSet, a novel shape representation for neural fields designed for generative diffusion models. Our shape representation can encode 3D shapes given as surface models or point clouds, and represents them as neural fields. The concept of neural fields has previously been combined with a global latent vector, a regular grid of latent vectors, or an irregular grid of latent vectors. Our new representation encodes neural fields on top of a set of vectors. We draw from multiple concepts, such as the radial basis function representation and the cross attention and self-attention function, to design a learnable representation that is especially suitable for processing with transformers. Our results show improved performance in 3D shape encoding and 3D shape generative modeling tasks. We demonstrate a wide variety of generative applications: unconditioned generation, category-conditioned generation, text-conditioned generation, point-cloud completion, and image-conditioned generation.

Title: Accelerating Guided Diffusion Sampling with Splitting Numerical Methods. (arXiv:2301.11558v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2301.11558
Code URL: https://github.com/swizad/split-diffusion
Copy Paste: [[2301.11558] Accelerating Guided Diffusion Sampling with Splitting Numerical Methods](http://arxiv.org/abs/2301.11558) #diffusion
Summary:
Guided diffusion is a technique for conditioning the output of a diffusion model at sampling time without retraining the network for each specific task. One drawback of diffusion models, however, is their slow sampling process. Recent techniques can accelerate unguided sampling by applying high-order numerical methods to the sampling process when viewed as differential equations. On the contrary, we discover that the same techniques do not work for guided sampling, and little has been explored about its acceleration. This paper explores the culprit of this problem and provides a solution based on operator splitting methods, motivated by our key finding that classical high-order numerical methods are unsuitable for the conditional function. Our proposed method can re-utilize the high-order methods for guided sampling and can generate images with the same quality as a 250-step DDIM baseline using 32-58% less sampling time on ImageNet256. We also demonstrate usage on a wide variety of conditional generation tasks, such as text-to-image generation, colorization, inpainting, and super-resolution.

Title: Input Perturbation Reduces Exposure Bias in Diffusion Models. (arXiv:2301.11706v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2301.11706
Code URL: https://github.com/forever208/ddpm-ip
Copy Paste: [[2301.11706] Input Perturbation Reduces Exposure Bias in Diffusion Models](http://arxiv.org/abs/2301.11706) #diffusion
Summary:
Denoising Diffusion Probabilistic Models have shown an impressive generation quality, although their long sampling chain leads to high computational costs. In this paper, we observe that a long sampling chain also leads to an error accumulation phenomenon, which is similar to the \textbf{exposure bias} problem in autoregressive text generation. Specifically, we note that there is a discrepancy between training and testing, since the former is conditioned on the ground truth samples, while the latter is conditioned on the previously generated results. To alleviate this problem, we propose a very simple but effective training regularization, consisting in perturbing the ground truth samples to simulate the inference time prediction errors. We empirically show that the proposed input perturbation leads to a significant improvement of the sample quality while reducing both the training and the inference times. For instance, on CelebA 64$\times$64, we achieve a new state-of-the-art FID score of 1.27, while saving 37.5% of the training time.

Title: Dual Diffusion Architecture for Fisheye Image Rectification: Synthetic-to-Real Generalization. (arXiv:2301.11785v1 [cs.CV])

Paper URL: http://arxiv.org/abs/2301.11785
Code URL: null
Copy Paste: [[2301.11785] Dual Diffusion Architecture for Fisheye Image Rectification: Synthetic-to-Real Generalization](http://arxiv.org/abs/2301.11785) #diffusion
Summary:
Fisheye image rectification has a long-term unresolved issue with synthetic-to-real generalization. In most previous works, the model trained on the synthetic images obtains unsatisfactory performance on the real-world fisheye image. To this end, we propose a Dual Diffusion Architecture (DDA) for the fisheye rectification with a better generalization ability. The proposed DDA is simultaneously trained with paired synthetic fisheye images and unlabeled real fisheye images. By gradually introducing noises, the synthetic and real fisheye images can eventually develop into a consistent noise distribution, improving the generalization and achieving unlabeled real fisheye correction. The original image serves as the prior guidance in existing DDPMs (Denoising Diffusion Probabilistic Models). However, the non-negligible indeterminate relationship between the prior condition and the target affects the generation performance. Especially in the rectification task, the radial distortion can cause significant artifacts. Therefore, we provide an unsupervised one-pass network that produces a plausible new condition to strengthen guidance. This network can be regarded as an alternate scheme for fast producing reliable results without iterative inference. Compared with the state-of-the-art methods, our approach can reach superior performance in both synthetic and real fisheye image corrections.

Title: Mo\^usai: Text-to-Music Generation with Long-Context Latent Diffusion. (arXiv:2301.11757v1 [cs.CL])

Paper URL: http://arxiv.org/abs/2301.11757
Code URL: https://github.com/archinetai/audio-diffusion-pytorch
Copy Paste: [[2301.11757] Mo\^usai: Text-to-Music Generation with Long-Context Latent Diffusion](http://arxiv.org/abs/2301.11757) #diffusion
Summary:
The recent surge in popularity of diffusion models for image generation has brought new attention to the potential of these models in other areas of media synthesis. One area that has yet to be fully explored is the application of diffusion models to music generation. Music generation requires to handle multiple aspects, including the temporal dimension, long-term structure, multiple layers of overlapping sounds, and nuances that only trained listeners can detect. In our work, we investigate the potential of diffusion models for text-conditional music generation. We develop a cascading latent diffusion approach that can generate multiple minutes of high-quality stereo music at 48kHz from textual descriptions. For each model, we make an effort to maintain reasonable inference speed, targeting real-time on a single consumer GPU. In addition to trained models, we provide a collection of open-source libraries with the hope of facilitating future work in the field.

We open-source the following: - Music samples for this paper: https://bit.ly/anonymous-mousai - All music samples for all models: https://bit.ly/audio-diffusion - Codes: https://github.com/archinetai/audio-diffusion-pytorch

Title: PLay: Parametrically Conditioned Layout Generation using Latent Diffusion. (arXiv:2301.11529v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2301.11529
Code URL: null
Copy Paste: [[2301.11529] PLay: Parametrically Conditioned Layout Generation using Latent Diffusion](http://arxiv.org/abs/2301.11529) #diffusion
Summary:
Layout design is an important task in various design fields, including user interfaces, document, and graphic design. As this task requires tedious manual effort by designers, prior works have attempted to automate this process using generative models, but commonly fell short of providing intuitive user controls and achieving design objectives. In this paper, we build a conditional latent diffusion model, PLay, that generates parametrically conditioned layouts in vector graphic space from user-specified guidelines, which are commonly used by designers for representing their design intents in current practices. Our method outperforms prior works across three datasets on metrics including FID and FD-VG, and in user test. Moreover, it brings a novel and interactive experience to professional layout design processes.

Title: A denoting diffusion model for fluid flow prediction. (arXiv:2301.11661v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2301.11661
Code URL: null
Copy Paste: [[2301.11661] A denoting diffusion model for fluid flow prediction](http://arxiv.org/abs/2301.11661) #diffusion
Summary:
We propose a novel denoising diffusion generative model for predicting nonlinear fluid fields named FluidDiff. By performing a diffusion process, the model is able to learn a complex representation of the high-dimensional dynamic system, and then Langevin sampling is used to generate predictions for the flow state under specified initial conditions. The model is trained with finite, discrete fluid simulation data. We demonstrate that our model has the capacity to model the distribution of simulated training data and that it gives accurate predictions on the test data. Without encoded prior knowledge of the underlying physical system, it shares competitive performance with other deep learning models for fluid prediction, which is promising for investigation on new computational fluid dynamics methods.

Title: Improving deep learning precipitation nowcasting by using prior knowledge. (arXiv:2301.11707v1 [cs.LG])

Paper URL: http://arxiv.org/abs/2301.11707
Code URL: null
Copy Paste: [[2301.11707] Improving deep learning precipitation nowcasting by using prior knowledge](http://arxiv.org/abs/2301.11707) #diffusion
Summary:
Deep learning methods dominate short-term high-resolution precipitation nowcasting in terms of prediction error. However, their operational usability is limited by difficulties explaining dynamics behind the predictions, which are smoothed out and missing the high-frequency features due to optimizing for mean error loss functions. We experiment with hand-engineering of the advection-diffusion differential equation into a PhyCell to introduce more accurate physical prior to a PhyDNet model that disentangles physical and residual dynamics. Results indicate that while PhyCell can learn the intended dynamics, training of PhyDNet remains driven by loss optimization, resulting in a model with the same prediction capabilities.