secure

Title: Harnessing the Power of Decision Trees to Detect IoT Malware. (arXiv:2301.12039v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2301.12039
• Code URL: null
• Copy Paste: [[2301.12039] Harnessing the Power of Decision Trees to Detect IoT Malware](http://arxiv.org/abs/2301.12039) #secure
• Summary:

  Due to its simple installation and connectivity, the Internet of Things (IoT) is susceptible to malware attacks. Being able to operate autonomously. As IoT devices have become more prevalent, they have become the most tempting targets for malware. Weak, guessable, or hard-coded passwords, and a lack of security measures contribute to these vulnerabilities along with insecure network connections and outdated update procedures. To understand IoT malware, current methods and analysis ,using static methods, are ineffective. The field of deep learning has made great strides in recent years due to their tremendous data mining, learning, and expression capabilities, cybersecurity has enjoyed tremendous growth in recent years. As a result, malware analysts will not have to spend as much time analyzing malware. In this paper, we propose a novel detection and analysis method that harnesses the power and simplicity of decision trees. The experiments are conducted using a real word dataset, MaleVis which is a publicly available dataset. Based on the results, we show that our proposed approach outperforms existing state-of-the-art solutions in that it achieves 97.23% precision and 95.89% recall in terms of detection and classification. A specificity of 96.58%, F1-score of 96.40%, an accuracy of 96.43.

security

Title: Cybersecurity Threat Hunting and Vulnerability Analysis Using a Neo4j Graph Database of Open Source Intelligence. (arXiv:2301.12013v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2301.12013
• Code URL: null
• Copy Paste: [[2301.12013] Cybersecurity Threat Hunting and Vulnerability Analysis Using a Neo4j Graph Database of Open Source Intelligence](http://arxiv.org/abs/2301.12013) #security
• Summary:

  Open source intelligence is a powerful tool for cybersecurity analysts to gather information both for analysis of discovered vulnerabilities and for detecting novel cybersecurity threats and exploits. However the scale of information that is relevant for information security on the internet is always increasing, and is intractable for analysts to parse comprehensively. Therefore methods of condensing the available open source intelligence, and automatically developing connections between disparate sources of information, is incredibly valuable. In this research, we present a system which constructs a Neo4j graph database formed by shared connections between open source intelligence text including blogs, cybersecurity bulletins, news sites, antivirus scans, social media posts (e.g., Reddit and Twitter), and threat reports. These connections are comprised of possible indicators of compromise (e.g., IP addresses, domains, hashes, email addresses, phone numbers), information on known exploits and techniques (e.g., CVEs and MITRE ATT&CK Technique ID's), and potential sources of information on cybersecurity exploits such as twitter usernames. The construction of the database of potential IoCs is detailed, including the addition of machine learning and metadata which can be used for filtering of the data for a specific domain (for example a specific natural language) when needed. Examples of utilizing the graph database for querying connections between known malicious IoCs and open source intelligence documents, including threat reports, are shown. We show that this type of relationship querying can allow for more effective use of open source intelligence for threat hunting, malware family clustering, and vulnerability analysis.

Title: The Benefits of Vulnerability Discovery and Bug Bounty Programs: Case Studies of Chromium and Firefox. (arXiv:2301.12092v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2301.12092
• Code URL: null
• Copy Paste: [[2301.12092] The Benefits of Vulnerability Discovery and Bug Bounty Programs: Case Studies of Chromium and Firefox](http://arxiv.org/abs/2301.12092) #security
• Summary:

  Recently, bug-bounty programs have gained popularity and become a significant part of the security culture of many organizations. Bug-bounty programs enable organizations to enhance their security posture by harnessing the diverse expertise of crowds of external security experts (i.e., bug hunters). However, quantifying the benefits of bug-bounty programs remains elusive, which presents a significant challenge for managing them. Previous studies focused on measuring their benefits in terms of the number of vulnerabilities reported or based on properties of the reported vulnerabilities, such as severity or exploitability. Importantly, beyond these inherent properties, the value of a report also depends on the probability that the vulnerability would be discovered by a threat actor before an internal expert could discover and patch it. In this paper, we present a data-driven study of the Chromium and Firefox vulnerability-reward programs. First, we estimate the difficulty of discovering a vulnerability using the probability of rediscovery as a novel metric. Our findings show that vulnerability discovery and patching provide clear benefits by making it difficult for threat actors to find vulnerabilities; however, we also identify opportunities for improvement, such as incentivizing bug hunters to focus more on development releases. Second, we compare the types of vulnerabilities that are discovered internally vs. externally and those that are exploited by threat actors. We observe significant differences between vulnerabilities found by external bug hunters, internal security teams, and external threat actors, which indicates that bug-bounty programs provide an important benefit by complementing the expertise of internal teams, but also that external hunters should be incentivized more to focus on the types of vulnerabilities that are likely to be exploited by threat actors.

privacy

Title: Practical Differentially Private Hyperparameter Tuning with Subsampling. (arXiv:2301.11989v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.11989
• Code URL: null
• Copy Paste: [[2301.11989] Practical Differentially Private Hyperparameter Tuning with Subsampling](http://arxiv.org/abs/2301.11989) #privacy
• Summary:

  Tuning all the hyperparameters of differentially private (DP) machine learning (ML) algorithms often requires use of sensitive data and this may leak private information via hyperparameter values. Recently, Papernot and Steinke (2022) proposed a certain class of DP hyperparameter tuning algorithms, where the number of random search samples is randomized itself. Commonly, these algorithms still considerably increase the DP privacy parameter $\varepsilon$ over non-tuned DP ML model training and can be computationally heavy as evaluating each hyperparameter candidate requires a new training run. We focus on lowering both the DP bounds and the computational complexity of these methods by using only a random subset of the sensitive data for the hyperparameter tuning and by extrapolating the optimal values from the small dataset to a larger dataset. We provide a R\'enyi differential privacy analysis for the proposed method and experimentally show that it consistently leads to better privacy-utility trade-off than the baseline method by Papernot and Steinke (2022).

Title: A New Symmetric Homomorphic Functional Encryption over a Hidden Ring for Polynomial Public Key Encapsulations. (arXiv:2301.11995v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2301.11995
• Code URL: null
• Copy Paste: [[2301.11995] A New Symmetric Homomorphic Functional Encryption over a Hidden Ring for Polynomial Public Key Encapsulations](http://arxiv.org/abs/2301.11995) #privacy
• Summary:

  This paper proposes a new homomorphic functional encryption using modular multiplications over a hidden ring. Unlike traditional homomorphic encryption where users can only passively perform ciphertext addition or multiplication, the homomorphic functional encryption retains homomorphic addition and scalar multiplication properties, but also allows for the user's inputs through polynomial variables. The proposed homomorphic encryption can be applied to any polynomials over a finite field, with their coefficients considered as their privacy. We denote the polynomials before homomorphic encryption as plain polynomials and after homomorphic encryption as cipher polynomials. A cipher polynomial can be evaluated with variables from the finite field, GF(p), by calculating the monomials of variables modulo a prime p. These properties allow functional homomorphic encryption to be used for public key encryption of certain asymmetric cryptosystems to hide the structure of its central map construction. We propose a new variant of MPKC with homomorphic encryption of its public key. We propose to use a single plaintext vector and a noise vector of multiple variables to be associated with the central map, in place of the secret plaintext vector to be encrypted in MPKC. We call this variant of encrypted MPKC, a Homomorphic Polynomial Public Key algorithm or HPPK algorithm. The HPPK algorithm holds the property of indistinguishability under the chosen-plaintext attacks or IND-CPA. The overall classical complexity to crack the HPPK algorithm is exponential in the size of the prime field GF(p). We briefly report on benchmarking performance results using the SUPERCOP toolkit. Benchmarking results demonstrate that HPPK offers rather fast performance, which is comparable and in some cases outperforms the NIST PQC finalists for key generation, encryption, and decryption.

Title: Augmented Reality's Potential for Identifying and Mitigating Home Privacy Leaks. (arXiv:2301.11998v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2301.11998
• Code URL: null
• Copy Paste: [[2301.11998] Augmented Reality's Potential for Identifying and Mitigating Home Privacy Leaks](http://arxiv.org/abs/2301.11998) #privacy
• Summary:

  Users face various privacy risks in smart homes, yet there are limited ways for them to learn about the details of such risks, such as the data practices of smart home devices and their data flow. In this paper, we present Privacy Plumber, a system that enables a user to inspect and explore the privacy "leaks" in their home using an augmented reality tool. Privacy Plumber allows the user to learn and understand the volume of data leaving the home and how that data may affect a user's privacy -- in the same physical context as the devices in question, because we visualize the privacy leaks with augmented reality. Privacy Plumber uses ARP spoofing to gather aggregate network traffic information and presents it through an overlay on top of the device in an smartphone app. The increased transparency aims to help the user make privacy decisions and mend potential privacy leaks, such as instruct Privacy Plumber on what devices to block, on what schedule (i.e., turn off Alexa when sleeping), etc. Our initial user study with six participants demonstrates participants' increased awareness of privacy leaks in smart devices, which further contributes to their privacy decisions (e.g., which devices to block).

Title: Privacy and Bias Analysis of Disclosure Avoidance Systems. (arXiv:2301.12204v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2301.12204
• Code URL: null
• Copy Paste: [[2301.12204] Privacy and Bias Analysis of Disclosure Avoidance Systems](http://arxiv.org/abs/2301.12204) #privacy
• Summary:

  Disclosure avoidance (DA) systems are used to safeguard the confidentiality of data while allowing it to be analyzed and disseminated for analytic purposes. These methods, e.g., cell suppression, swapping, and k-anonymity, are commonly applied and may have significant societal and economic implications. However, a formal analysis of their privacy and bias guarantees has been lacking. This paper presents a framework that addresses this gap: it proposes differentially private versions of these mechanisms and derives their privacy bounds. In addition, the paper compares their performance with traditional differential privacy mechanisms in terms of accuracy and fairness on US Census data release and classification tasks. The results show that, contrary to popular beliefs, traditional differential privacy techniques may be superior in terms of accuracy and fairness to differential private counterparts of widely used DA mechanisms.

Title: (Private) Kernelized Bandits with Distributed Biased Feedback. (arXiv:2301.12061v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.12061
• Code URL: null
• Copy Paste: [[2301.12061] (Private) Kernelized Bandits with Distributed Biased Feedback](http://arxiv.org/abs/2301.12061) #privacy
• Summary:

  In this paper, we study kernelized bandits with distributed biased feedback. This problem is motivated by several real-world applications (such as dynamic pricing, cellular network configuration, and policy making), where users from a large population contribute to the reward of the action chosen by a central entity, but it is difficult to collect feedback from all users. Instead, only biased feedback (due to user heterogeneity) from a subset of users may be available. In addition to such partial biased feedback, we are also faced with two practical challenges due to communication cost and computation complexity. To tackle these challenges, we carefully design a new \emph{distributed phase-then-batch-based elimination (\texttt{DPBE})} algorithm, which samples users in phases for collecting feedback to reduce the bias and employs \emph{maximum variance reduction} to select actions in batches within each phase. By properly choosing the phase length, the batch size, and the confidence width used for eliminating suboptimal actions, we show that \texttt{DPBE} achieves a sublinear regret of $\tilde{O}(T^{1-\alpha/2}+\sqrt{\gamma_T T})$, where $\alpha\in (0,1)$ is the user-sampling parameter one can tune. Moreover, \texttt{DPBE} can significantly reduce both communication cost and computation complexity in distributed kernelized bandits, compared to some variants of the state-of-the-art algorithms (originally developed for standard kernelized bandits). Furthermore, by incorporating various \emph{differential privacy} models (including the central, local, and shuffle models), we generalize \texttt{DPBE} to provide privacy guarantees for users participating in the distributed learning process. Finally, we conduct extensive simulations to validate our theoretical results and evaluate the empirical performance.

Title: Decentralized Entropic Optimal Transport for Privacy-preserving Distributed Distribution Comparison. (arXiv:2301.12065v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.12065
• Code URL: null
• Copy Paste: [[2301.12065] Decentralized Entropic Optimal Transport for Privacy-preserving Distributed Distribution Comparison](http://arxiv.org/abs/2301.12065) #privacy
• Summary:

  Privacy-preserving distributed distribution comparison measures the distance between the distributions whose data are scattered across different agents in a distributed system and cannot be shared among the agents. In this study, we propose a novel decentralized entropic optimal transport (EOT) method, which provides a privacy-preserving and communication-efficient solution to this problem with theoretical guarantees. In particular, we design a mini-batch randomized block-coordinate descent (MRBCD) scheme to optimize the decentralized EOT distance in its dual form. The dual variables are scattered across different agents and updated locally and iteratively with limited communications among partial agents. The kernel matrix involved in the gradients of the dual variables is estimated by a distributed kernel approximation method, and each agent only needs to approximate and store a sub-kernel matrix by one-shot communication and without sharing raw data. We analyze our method's communication complexity and provide a theoretical bound for the approximation error caused by the convergence error, the approximated kernel, and the mismatch between the storage and communication protocols. Experiments on synthetic data and real-world distributed domain adaptation tasks demonstrate the effectiveness of our method.

Title: Context-Aware Differential Privacy for Language Modeling. (arXiv:2301.12288v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.12288
• Code URL: null
• Copy Paste: [[2301.12288] Context-Aware Differential Privacy for Language Modeling](http://arxiv.org/abs/2301.12288) #privacy
• Summary:

  The remarkable ability of language models (LMs) has also brought challenges at the interface of AI and security. A critical challenge pertains to how much information these models retain and leak about the training data. This is particularly urgent as the typical development of LMs relies on huge, often highly sensitive data, such as emails and chat logs. To contrast this shortcoming, this paper introduces Context-Aware Differentially Private Language Model (CADP-LM) , a privacy-preserving LM framework that relies on two key insights: First, it utilizes the notion of \emph{context} to define and audit the potentially sensitive information. Second, it adopts the notion of Differential Privacy to protect sensitive information and characterize the privacy leakage. A unique characteristic of CADP-LM is its ability to target the protection of sensitive sentences and contexts only, providing a highly accurate private model. Experiments on a variety of datasets and settings demonstrate these strengths of CADP-LM.

protect

Title: On Pre-trained Language Models for Antibody. (arXiv:2301.12112v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2301.12112
• Code URL: https://github.com/dqwang122/eatlm
• Copy Paste: [[2301.12112] On Pre-trained Language Models for Antibody](http://arxiv.org/abs/2301.12112) #protect
• Summary:

  Antibodies are vital proteins offering robust protection for the human body from pathogens. The development of general protein and antibody-specific pre-trained language models both facilitate antibody prediction tasks. However, few studies comprehensively explore the representation capability of distinct pre-trained language models on different antibody problems. Here, to investigate the problem, we aim to answer the following key questions: (1) How do pre-trained language models perform in antibody tasks with different specificity? (2) How many benefits will the model gain if we introduce the specific biological mechanism to the pre-training process? (3) Do the learned antibody pre-trained representations make sense in real-world antibody problems, like drug discovery and immune process understanding? Previously, no benchmark available largely hindered the study to answer these questions. To facilitate the investigation, we provide an AnTibody Understanding Evaluation (ATUE) benchmark. We comprehensively evaluate the performance of protein pre-trained language models by empirical study along with conclusions and new insights. Our ATUE and code are released at https://github.com/dqwang122/EATLM.

defense

Title: Analyzing Robustness of the Deep Reinforcement Learning Algorithm in Ramp Metering Applications Considering False Data Injection Attack and Defense. (arXiv:2301.12036v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.12036
• Code URL: null
• Copy Paste: [[2301.12036] Analyzing Robustness of the Deep Reinforcement Learning Algorithm in Ramp Metering Applications Considering False Data Injection Attack and Defense](http://arxiv.org/abs/2301.12036) #defense
• Summary:

  Decades of practices of ramp metering, by controlling downstream volume and smoothing the interweaving traffic, have proved that ramp metering can decrease total travel time, mitigate shockwaves, decrease rear-end collisions, reduce pollution, etc. Besides traditional methods like ALIENA algorithms, Deep Reinforcement Learning algorithms have been established recently to build finer control on ramp metering. However, those Deep Learning models may be venerable to adversarial attacks. Thus, it is important to investigate the robustness of those models under False Data Injection adversarial attack. Furthermore, algorithms capable of detecting anomaly data from clean data are the key to safeguard Deep Learning algorithm. In this study, an online algorithm that can distinguish adversarial data from clean data are tested. Results found that in most cases anomaly data can be distinguished from clean data, although their difference is too small to be manually distinguished by humans. In practice, whenever adversarial/hazardous data is detected, the system can fall back to a fixed control program, and experts should investigate the detectors status or security protocols afterwards before real damages happen.

attack

Title: Semantic Adversarial Attacks on Face Recognition through Significant Attributes. (arXiv:2301.12046v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2301.12046
• Code URL: null
• Copy Paste: [[2301.12046] Semantic Adversarial Attacks on Face Recognition through Significant Attributes](http://arxiv.org/abs/2301.12046) #attack
• Summary:

  Face recognition is known to be vulnerable to adversarial face images. Existing works craft face adversarial images by indiscriminately changing a single attribute without being aware of the intrinsic attributes of the images. To this end, we propose a new Semantic Adversarial Attack called SAA-StarGAN that tampers with the significant facial attributes for each image. We predict the most significant attributes by applying the cosine similarity or probability score. The probability score method is based on training a Face Verification model for an attribute prediction task to obtain a class probability score for each attribute. The prediction process will help craft adversarial face images more easily and efficiently, as well as improve the adversarial transferability. Then, we change the most significant facial attributes, with either one or more of the facial attributes for impersonation and dodging attacks in white-box and black-box settings. Experimental results show that our method could generate diverse and realistic adversarial face images meanwhile avoid affecting human perception of the face recognition. SAA-StarGAN achieves an 80.5% attack success rate against black-box models, outperforming existing methods by 35.5% under the impersonation attack. Concerning the black-box setting, SAA-StarGAN achieves high attack success rates on various models. The experiments confirm that predicting the most important attributes significantly affects the success of adversarial attacks in both white-box and black-box settings and could enhance the transferability of the crafted adversarial examples.

Title: Vulnerabilities and Attacks on CAN-Based 3D Printing/Additive Manufacturing. (arXiv:2301.12235v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2301.12235
• Code URL: null
• Copy Paste: [[2301.12235] Vulnerabilities and Attacks on CAN-Based 3D Printing/Additive Manufacturing](http://arxiv.org/abs/2301.12235) #attack
• Summary:

  Recent advancements in 3D-printing/additive manufacturing has brought forth a new interest in the use of Controller Area Network (CAN) for multi-module, plug-and-play bus support for their embedded systems. CAN systems provide a variety of benefits that can outweigh typical conventional wire-loom protocols in many categories. However, implementation of CAN also brings forth vulnerabilities provided by its spoofable, destination-encoded shared communication bus. These vulnerabilities result in undetectable fault injection, packet manipulation, unauthorized packet logging/sniffing, and more. They also provide attackers the capability to manipulate all sensor information, commands, and create unsafe operating conditions using only a single compromised node on the CAN network (bypassing all root-of-trust in the modules). Thus, malicious hardware requires only a connection to the bus for access to all traffic. In this paper, we discuss the effects of repurposed CAN-based attacks capable of manipulating sensor data, overriding systems, and injecting dangerous commands on the Controller Area Network using various entry methods. As a case study, we also showed a spoofing attack on critical data modules within a commercial 3D printer.

Title: Gradient Shaping: Enhancing Backdoor Attack Against Reverse Engineering. (arXiv:2301.12318v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2301.12318
• Code URL: null
• Copy Paste: [[2301.12318] Gradient Shaping: Enhancing Backdoor Attack Against Reverse Engineering](http://arxiv.org/abs/2301.12318) #attack
• Summary:

  Most existing methods to detect backdoored machine learning (ML) models take one of the two approaches: trigger inversion (aka. reverse engineer) and weight analysis (aka. model diagnosis). In particular, the gradient-based trigger inversion is considered to be among the most effective backdoor detection techniques, as evidenced by the TrojAI competition, Trojan Detection Challenge and backdoorBench. However, little has been done to understand why this technique works so well and, more importantly, whether it raises the bar to the backdoor attack. In this paper, we report the first attempt to answer this question by analyzing the change rate of the backdoored model around its trigger-carrying inputs. Our study shows that existing attacks tend to inject the backdoor characterized by a low change rate around trigger-carrying inputs, which are easy to capture by gradient-based trigger inversion. In the meantime, we found that the low change rate is not necessary for a backdoor attack to succeed: we design a new attack enhancement called \textit{Gradient Shaping} (GRASP), which follows the opposite direction of adversarial training to reduce the change rate of a backdoored model with regard to the trigger, without undermining its backdoor effect. Also, we provide a theoretic analysis to explain the effectiveness of this new technique and the fundamental weakness of gradient-based trigger inversion. Finally, we perform both theoretical and experimental analysis, showing that the GRASP enhancement does not reduce the effectiveness of the stealthy attacks against the backdoor detection methods based on weight analysis, as well as other backdoor mitigation methods without using detection.

Title: Selecting Models based on the Risk of Damage Caused by Adversarial Attacks. (arXiv:2301.12151v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.12151
• Code URL: https://github.com/duesenfranz/risk_scores_paper_code
• Copy Paste: [[2301.12151] Selecting Models based on the Risk of Damage Caused by Adversarial Attacks](http://arxiv.org/abs/2301.12151) #attack
• Summary:

  Regulation, legal liabilities, and societal concerns challenge the adoption of AI in safety and security-critical applications. One of the key concerns is that adversaries can cause harm by manipulating model predictions without being detected. Regulation hence demands an assessment of the risk of damage caused by adversaries. Yet, there is no method to translate this high-level demand into actionable metrics that quantify the risk of damage.

In this article, we propose a method to model and statistically estimate the probability of damage arising from adversarial attacks. We show that our proposed estimator is statistically consistent and unbiased. In experiments, we demonstrate that the estimation results of our method have a clear and actionable interpretation and outperform conventional metrics. We then show how operators can use the estimation results to reliably select the model with the lowest risk.

Title: Node Injection for Class-specific Network Poisoning. (arXiv:2301.12277v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.12277
• Code URL: https://github.com/rahulk207/nicki
• Copy Paste: [[2301.12277] Node Injection for Class-specific Network Poisoning](http://arxiv.org/abs/2301.12277) #attack
• Summary:

  Graph Neural Networks (GNNs) are powerful in learning rich network representations that aid the performance of downstream tasks. However, recent studies showed that GNNs are vulnerable to adversarial attacks involving node injection and network perturbation. Among these, node injection attacks are more practical as they don't require manipulation in the existing network and can be performed more realistically. In this paper, we propose a novel problem statement - a class-specific poison attack on graphs in which the attacker aims to misclassify specific nodes in the target class into a different class using node injection. Additionally, nodes are injected in such a way that they camouflage as benign nodes. We propose NICKI, a novel attacking strategy that utilizes an optimization-based approach to sabotage the performance of GNN-based node classifiers. NICKI works in two phases - it first learns the node representation and then generates the features and edges of the injected nodes. Extensive experiments and ablation studies on four benchmark networks show that NICKI is consistently better than four baseline attacking strategies for misclassifying nodes in the target class. We also show that the injected nodes are properly camouflaged as benign, thus making the poisoned graph indistinguishable from its clean version w.r.t various topological properties.

robust

Title: Alignment with human representations supports robust few-shot learning. (arXiv:2301.11990v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.11990
• Code URL: null
• Copy Paste: [[2301.11990] Alignment with human representations supports robust few-shot learning](http://arxiv.org/abs/2301.11990) #robust
• Summary:

  Should we care whether AI systems have representations of the world that are similar to those of humans? We provide an information-theoretic analysis that suggests that there should be a U-shaped relationship between the degree of representational alignment with humans and performance on few-shot learning tasks. We confirm this prediction empirically, finding such a relationship in an analysis of the performance of 491 computer vision models. We also show that highly-aligned models are more robust to both adversarial attacks and domain shifts. Our results suggest that human-alignment is often a sufficient, but not necessary, condition for models to make effective use of limited data, be robust, and generalize well.

Title: Cross-Architectural Positive Pairs improve the effectiveness of Self-Supervised Learning. (arXiv:2301.12025v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2301.12025
• Code URL: https://github.com/pranavsinghps1/CASS
• Copy Paste: [[2301.12025] Cross-Architectural Positive Pairs improve the effectiveness of Self-Supervised Learning](http://arxiv.org/abs/2301.12025) #robust
• Summary:

  Existing self-supervised techniques have extreme computational requirements and suffer a substantial drop in performance with a reduction in batch size or pretraining epochs. This paper presents Cross Architectural - Self Supervision (CASS), a novel self-supervised learning approach that leverages Transformer and CNN simultaneously. Compared to the existing state-of-the-art self-supervised learning approaches, we empirically show that CASS-trained CNNs and Transformers across four diverse datasets gained an average of 3.8% with 1% labeled data, 5.9% with 10% labeled data, and 10.13% with 100% labeled data while taking 69% less time. We also show that CASS is much more robust to changes in batch size and training epochs than existing state-of-the-art self-supervised learning approaches. We have open-sourced our code at https://github.com/pranavsinghps1/CASS.

Title: Weakly Supervised Image Segmentation Beyond Tight Bounding Box Annotations. (arXiv:2301.12053v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2301.12053
• Code URL: https://github.com/wangjuan313/wsis-beyond-tightbb
• Copy Paste: [[2301.12053] Weakly Supervised Image Segmentation Beyond Tight Bounding Box Annotations](http://arxiv.org/abs/2301.12053) #robust
• Summary:

  Weakly supervised image segmentation approaches in the literature usually achieve high segmentation performance using tight bounding box supervision and decrease the performance greatly when supervised by loose bounding boxes. However, compared with loose bounding box, it is much more difficult to acquire tight bounding box due to its strict requirements on the precise locations of the four sides of the box. To resolve this issue, this study investigates whether it is possible to maintain good segmentation performance when loose bounding boxes are used as supervision. For this purpose, this work extends our previous parallel transformation based multiple instance learning (MIL) for tight bounding box supervision by integrating an MIL strategy based on polar transformation to assist image segmentation. The proposed polar transformation based MIL formulation works for both tight and loose bounding boxes, in which a positive bag is defined as pixels in a polar line of a bounding box with one endpoint located inside the object enclosed by the box and the other endpoint located at one of the four sides of the box. Moreover, a weighted smooth maximum approximation is introduced to incorporate the observation that pixels closer to the origin of the polar transformation are more likely to belong to the object in the box. The proposed approach was evaluated on two public datasets using dice coefficient when bounding boxes at different precision levels were considered in the experiments. The results demonstrate that the proposed approach achieves state-of-the-art performance for bounding boxes at all precision levels and is robust to mild and moderate errors in the loose bounding box annotations. The codes are available at \url{https://github.com/wangjuan313/wsis-beyond-tightBB}.

Title: Learning Optimal Features via Partial Invariance. (arXiv:2301.12067v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.12067
• Code URL: https://github.com/ibtihalferwana/pirm
• Copy Paste: [[2301.12067] Learning Optimal Features via Partial Invariance](http://arxiv.org/abs/2301.12067) #robust
• Summary:

  Learning models that are robust to test-time distribution shifts is a key concern in domain generalization, and in the wider context of their real-life applicability. Invariant Risk Minimization (IRM) is one particular framework that aims to learn deep invariant features from multiple domains and has subsequently led to further variants. A key assumption for the success of these methods requires that the underlying causal mechanisms/features remain invariant across domains and the true invariant features be sufficient to learn the optimal predictor. In practical problem settings, these assumptions are often not satisfied, which leads to IRM learning a sub-optimal predictor for that task. In this work, we propose the notion of partial invariance as a relaxation of the IRM framework. Under our problem setting, we first highlight the sub-optimality of the IRM solution. We then demonstrate how partitioning the training domains, assuming access to some meta-information about the domains, can help improve the performance of invariant models via partial invariance. Finally, we conduct several experiments, both in linear settings as well as with classification tasks in language and images with deep models, which verify our conclusions.

Title: Pushing the Limits of Fewshot Anomaly Detection in Industry Vision: Graphcore. (arXiv:2301.12082v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2301.12082
• Code URL: null
• Copy Paste: [[2301.12082] Pushing the Limits of Fewshot Anomaly Detection in Industry Vision: Graphcore](http://arxiv.org/abs/2301.12082) #robust
• Summary:

  In the area of fewshot anomaly detection (FSAD), efficient visual feature plays an essential role in memory bank M-based methods. However, these methods do not account for the relationship between the visual feature and its rotated visual feature, drastically limiting the anomaly detection performance. To push the limits, we reveal that rotation-invariant feature property has a significant impact in industrial-based FSAD. Specifically, we utilize graph representation in FSAD and provide a novel visual isometric invariant feature (VIIF) as anomaly measurement feature. As a result, VIIF can robustly improve the anomaly discriminating ability and can further reduce the size of redundant features stored in M by a large amount. Besides, we provide a novel model GraphCore via VIIFs that can fast implement unsupervised FSAD training and can improve the performance of anomaly detection. A comprehensive evaluation is provided for comparing GraphCore and other SOTA anomaly detection models under our proposed fewshot anomaly detection setting, which shows GraphCore can increase average AUC by 5.8%, 4.1%, 3.4%, and 1.6% on MVTec AD and by 25.5%, 22.0%, 16.9%, and 14.1% on MPDD for 1, 2, 4, and 8-shot cases, respectively.

Title: AdaSfM: From Coarse Global to Fine Incremental Adaptive Structure from Motion. (arXiv:2301.12135v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2301.12135
• Code URL: null
• Copy Paste: [[2301.12135] AdaSfM: From Coarse Global to Fine Incremental Adaptive Structure from Motion](http://arxiv.org/abs/2301.12135) #robust
• Summary:

  Despite the impressive results achieved by many existing Structure from Motion (SfM) approaches, there is still a need to improve the robustness, accuracy, and efficiency on large-scale scenes with many outlier matches and sparse view graphs. In this paper, we propose AdaSfM: a coarse-to-fine adaptive SfM approach that is scalable to large-scale and challenging datasets. Our approach first does a coarse global SfM which improves the reliability of the view graph by leveraging measurements from low-cost sensors such as Inertial Measurement Units (IMUs) and wheel encoders. Subsequently, the view graph is divided into sub-scenes that are refined in parallel by a fine local incremental SfM regularised by the result from the coarse global SfM to improve the camera registration accuracy and alleviate scene drifts. Finally, our approach uses a threshold-adaptive strategy to align all local reconstructions to the coordinate frame of global SfM. Extensive experiments on large-scale benchmark datasets show that our approach achieves state-of-the-art accuracy and efficiency.

Title: Do Embodied Agents Dream of Pixelated Sheep?: Embodied Decision Making using Language Guided World Modelling. (arXiv:2301.12050v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.12050
• Code URL: null
• Copy Paste: [[2301.12050] Do Embodied Agents Dream of Pixelated Sheep?: Embodied Decision Making using Language Guided World Modelling](http://arxiv.org/abs/2301.12050) #robust
• Summary:

  Reinforcement learning (RL) agents typically learn tabula rasa, without prior knowledge of the world, which makes learning complex tasks with sparse rewards difficult. If initialized with knowledge of high-level subgoals and transitions between subgoals, RL agents could utilize this Abstract World Model (AWM) for planning and exploration. We propose using few-shot large language models (LLMs) to hypothesize an AWM, that is tested and verified during exploration, to improve sample efficiency in embodied RL agents. Our DECKARD agent applies LLM-guided exploration to item crafting in Minecraft in two phases: (1) the Dream phase where the agent uses an LLM to decompose a task into a sequence of subgoals, the hypothesized AWM; and (2) the Wake phase where the agent learns a modular policy for each subgoal and verifies or corrects the hypothesized AWM on the basis of its experiences. Our method of hypothesizing an AWM with LLMs and then verifying the AWM based on agent experience not only increases sample efficiency over contemporary methods by an order of magnitude but is also robust to and corrects errors in the LLM, successfully blending noisy internet-scale information from LLMs with knowledge grounded in environment dynamics.

Title: Variational Latent Branching Model for Off-Policy Evaluation. (arXiv:2301.12056v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.12056
• Code URL: https://github.com/gaoqitong/vlbm
• Copy Paste: [[2301.12056] Variational Latent Branching Model for Off-Policy Evaluation](http://arxiv.org/abs/2301.12056) #robust
• Summary:

  Model-based methods have recently shown great potential for off-policy evaluation (OPE); offline trajectories induced by behavioral policies are fitted to transitions of Markov decision processes (MDPs), which are used to rollout simulated trajectories and estimate the performance of policies. Model-based OPE methods face two key challenges. First, as offline trajectories are usually fixed, they tend to cover limited state and action space. Second, the performance of model-based methods can be sensitive to the initialization of their parameters. In this work, we propose the variational latent branching model (VLBM) to learn the transition function of MDPs by formulating the environmental dynamics as a compact latent space, from which the next states and rewards are then sampled. Specifically, VLBM leverages and extends the variational inference framework with the recurrent state alignment (RSA), which is designed to capture as much information underlying the limited training data, by smoothing out the information flow between the variational (encoding) and generative (decoding) part of VLBM. Moreover, we also introduce the branching architecture to improve the model's robustness against randomly initialized model weights. The effectiveness of the VLBM is evaluated on the deep OPE (DOPE) benchmark, from which the training trajectories are designed to result in varied coverage of the state-action space. We show that the VLBM outperforms existing state-of-the-art OPE methods in general.

Title: Deciphering the Projection Head: Representation Evaluation Self-supervised Learning. (arXiv:2301.12189v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.12189
• Code URL: null
• Copy Paste: [[2301.12189] Deciphering the Projection Head: Representation Evaluation Self-supervised Learning](http://arxiv.org/abs/2301.12189) #robust
• Summary:

  Self-supervised learning (SSL) aims to learn intrinsic features without labels. Despite the diverse architectures of SSL methods, the projection head always plays an important role in improving the performance of the downstream task. In this work, we systematically investigate the role of the projection head in SSL. Specifically, the projection head targets the uniformity part of SSL, which pushes the dissimilar samples away from each other, thus enabling the encoder to focus on extracting semantic features. Based on this understanding, we propose a Representation Evaluation Design (RED) in SSL models in which a shortcut connection between the representation and the projection vectors is built. Extensive experiments with different architectures, including SimCLR, MoCo-V2, and SimSiam, on various datasets, demonstrate that the representation evaluation design can consistently improve the baseline models in the downstream tasks. The learned representation from the RED-SSL models shows superior robustness to unseen augmentations and out-of-distribution data.

Title: Mutual Wasserstein Discrepancy Minimization for Sequential Recommendation. (arXiv:2301.12197v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.12197
• Code URL: https://github.com/zfan20/mstein
• Copy Paste: [[2301.12197] Mutual Wasserstein Discrepancy Minimization for Sequential Recommendation](http://arxiv.org/abs/2301.12197) #robust
• Summary:

  Self-supervised sequential recommendation significantly improves recommendation performance by maximizing mutual information with well-designed data augmentations. However, the mutual information estimation is based on the calculation of Kullback Leibler divergence with several limitations, including asymmetrical estimation, the exponential need of the sample size, and training instability. Also, existing data augmentations are mostly stochastic and can potentially break sequential correlations with random modifications. These two issues motivate us to investigate an alternative robust mutual information measurement capable of modeling uncertainty and alleviating KL divergence limitations. To this end, we propose a novel self-supervised learning framework based on Mutual WasserStein discrepancy minimization MStein for the sequential recommendation. We propose the Wasserstein Discrepancy Measurement to measure the mutual information between augmented sequences. Wasserstein Discrepancy Measurement builds upon the 2-Wasserstein distance, which is more robust, more efficient in small batch sizes, and able to model the uncertainty of stochastic augmentation processes. We also propose a novel contrastive learning loss based on Wasserstein Discrepancy Measurement. Extensive experiments on four benchmark datasets demonstrate the effectiveness of MStein over baselines. More quantitative analyses show the robustness against perturbations and training efficiency in batch size. Finally, improvements analysis indicates better representations of popular users or items with significant uncertainty. The source code is at https://github.com/zfan20/MStein.

Title: Continual Graph Learning: A Survey. (arXiv:2301.12230v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.12230
• Code URL: null
• Copy Paste: [[2301.12230] Continual Graph Learning: A Survey](http://arxiv.org/abs/2301.12230) #robust
• Summary:

  Research on continual learning (CL) mainly focuses on data represented in the Euclidean space, while research on graph-structured data is scarce. Furthermore, most graph learning models are tailored for static graphs. However, graphs usually evolve continually in the real world. Catastrophic forgetting also emerges in graph learning models when being trained incrementally. This leads to the need to develop robust, effective and efficient continual graph learning approaches. Continual graph learning (CGL) is an emerging area aiming to realize continual learning on graph-structured data. This survey is written to shed light on this emerging area. It introduces the basic concepts of CGL and highlights two unique challenges brought by graphs. Then it reviews and categorizes recent state-of-the-art approaches, analyzing their strategies to tackle the unique challenges in CGL. Besides, it discusses the main concerns in each family of CGL methods, offering potential solutions. Finally, it explores the open issues and potential applications of CGL.

Title: Adapting Neural Link Predictors for Complex Query Answering. (arXiv:2301.12313v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.12313
• Code URL: null
• Copy Paste: [[2301.12313] Adapting Neural Link Predictors for Complex Query Answering](http://arxiv.org/abs/2301.12313) #robust
• Summary:

  Answering complex queries on incomplete knowledge graphs is a challenging task where a model needs to answer complex logical queries in the presence of missing knowledge. Recently, Arakelyan et al. (2021); Minervini et al. (2022) showed that neural link predictors could also be used for answering complex queries: their Continuous Query Decomposition (CQD) method works by decomposing complex queries into atomic sub-queries, answers them using neural link predictors and aggregates their scores via t-norms for ranking the answers to each complex query. However, CQD does not handle negations and only uses the training signal from atomic training queries: neural link prediction scores are not calibrated to interact together via fuzzy logic t-norms during complex query answering. In this work, we propose to address this problem by training a parameter-efficient score adaptation model to re-calibrate neural link prediction scores: this new component is trained on complex queries by back-propagating through the complex query-answering process. Our method, CQD$^{A}$, produces significantly more accurate results than current state-of-the-art methods, improving from $34.4$ to $35.1$ Mean Reciprocal Rank values averaged across all datasets and query types while using $\leq 35\%$ of the available training query types. We further show that CQD$^{A}$ is data-efficient, achieving competitive results with only $1\%$ of the training data, and robust in out-of-domain evaluations.

Title: Neural Relation Graph for Identifying Problematic Data. (arXiv:2301.12321v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.12321
• Code URL: null
• Copy Paste: [[2301.12321] Neural Relation Graph for Identifying Problematic Data](http://arxiv.org/abs/2301.12321) #robust
• Summary:

  Diagnosing and cleaning datasets are crucial for building robust machine learning systems. However, identifying problems within large-scale datasets with real-world distributions is difficult due to the presence of complex issues, such as label errors or under-representation of certain types. In this paper, we propose a novel approach for identifying problematic data by utilizing a largely ignored source of information: a relational structure of data in the feature-embedded space. We develop an efficient algorithm for detecting label errors and outlier data points based on the relational graph structure of the dataset. We further introduce a visualization tool for contextualizing data points, which can serve as an effective tool for interactively diagnosing datasets. We evaluate label error and out-of-distribution detection performances on large-scale image and language domain tasks, including ImageNet and GLUE benchmarks, and demonstrate the effectiveness of our approach for debugging datasets and building robust machine learning systems.

Title: Team Resilience under Shock: An Empirical Analysis of GitHub Repositories during Early COVID-19 Pandemic. (arXiv:2301.12326v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.12326
• Code URL: null
• Copy Paste: [[2301.12326] Team Resilience under Shock: An Empirical Analysis of GitHub Repositories during Early COVID-19 Pandemic](http://arxiv.org/abs/2301.12326) #robust
• Summary:

  While many organizations have shifted to working remotely during the COVID-19 pandemic, how the remote workforce and the remote teams are influenced by and would respond to this and future shocks remain largely unknown. Software developers have relied on remote collaborations long before the pandemic, working in virtual teams (GitHub repositories). The dynamics of these repositories through the pandemic provide a unique opportunity to understand how remote teams react under shock. This work presents a systematic analysis. We measure the overall effect of the early pandemic on public GitHub repositories by comparing their sizes and productivity with the counterfactual outcomes forecasted as if there were no pandemic. We find that the productivity level and the number of active members of these teams vary significantly during different periods of the pandemic. We then conduct a finer-grained investigation and study the heterogeneous effects of the shock on individual teams. We find that the resilience of a team is highly correlated to certain properties of the team before the pandemic. Through a bootstrapped regression analysis, we reveal which types of teams are robust or fragile to the shock.

biometric

steal

extraction

Title: POSTER V2: A simpler and stronger facial expression recognition network. (arXiv:2301.12149v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2301.12149
• Code URL: https://github.com/talented-q/poster_v2
• Copy Paste: [[2301.12149] POSTER V2: A simpler and stronger facial expression recognition network](http://arxiv.org/abs/2301.12149) #extraction
• Summary:

  Facial expression recognition (FER) plays an important role in a variety of real-world applications such as human-computer interaction. POSTER V1 achieves the state-of-the-art (SOTA) performance in FER by effectively combining facial landmark and image features through two-stream pyramid cross-fusion design. However, the architecture of POSTER V1 is undoubtedly complex. It causes expensive computational costs. In order to relieve the computational pressure of POSTER V1, in this paper, we propose POSTER V2. It improves POSTER V1 in three directions: cross-fusion, two-stream, and multi-scale feature extraction. In cross-fusion, we use window-based cross-attention mechanism replacing vanilla cross-attention mechanism. We remove the image-to-landmark branch in the two-stream design. For multi-scale feature extraction, POSTER V2 combines images with landmark's multi-scale features to replace POSTER V1's pyramid design. Extensive experiments on several standard datasets show that our POSTER V2 achieves the SOTA FER performance with the minimum computational cost. For example, POSTER V2 reached 92.21\% on RAF-DB, 67.49\% on AffectNet (7 cls) and 63.77\% on AffectNet (8 cls), respectively, using only 8.4G floating point operations (FLOPs) and 43.7M parameters (Param). This demonstrates the effectiveness of our improvements. The code and models are available at ~\url{https://github.com/Talented-Q/POSTER_V2}.

Title: Multilingual Sentence Transformer as A Multilingual Word Aligner. (arXiv:2301.12140v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2301.12140
• Code URL: https://github.com/sufenlp/accalign
• Copy Paste: [[2301.12140] Multilingual Sentence Transformer as A Multilingual Word Aligner](http://arxiv.org/abs/2301.12140) #extraction
• Summary:

  Multilingual pretrained language models (mPLMs) have shown their effectiveness in multilingual word alignment induction. However, these methods usually start from mBERT or XLM-R. In this paper, we investigate whether multilingual sentence Transformer LaBSE is a strong multilingual word aligner. This idea is non-trivial as LaBSE is trained to learn language-agnostic sentence-level embeddings, while the alignment extraction task requires the more fine-grained word-level embeddings to be language-agnostic. We demonstrate that the vanilla LaBSE outperforms other mPLMs currently used in the alignment task, and then propose to finetune LaBSE on parallel corpus for further improvement. Experiment results on seven language pairs show that our best aligner outperforms previous state-of-the-art models of all varieties. In addition, our aligner supports different language pairs in a single model, and even achieves new state-of-the-art on zero-shot language pairs that does not appear in the finetuning process.

membership infer

federate

Title: Does Federated Learning Really Need Backpropagation?. (arXiv:2301.12195v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.12195
• Code URL: https://github.com/fenghz/baffle
• Copy Paste: [[2301.12195] Does Federated Learning Really Need Backpropagation?](http://arxiv.org/abs/2301.12195) #federate
• Summary:

  Federated learning (FL) is a general principle for decentralized clients to train a server model collectively without sharing local data. FL is a promising framework with practical applications, but its standard training paradigm requires the clients to backpropagate through the model to compute gradients. Since these clients are typically edge devices and not fully trusted, executing backpropagation on them incurs computational and storage overhead as well as white-box vulnerability. In light of this, we develop backpropagation-free federated learning, dubbed BAFFLE, in which backpropagation is replaced by multiple forward processes to estimate gradients. BAFFLE is 1) memory-efficient and easily fits uploading bandwidth; 2) compatible with inference-only hardware optimization and model quantization or pruning; and 3) well-suited to trusted execution environments, because the clients in BAFFLE only execute forward propagation and return a set of scalars to the server. Empirically we use BAFFLE to train deep models from scratch or to finetune pretrained models, achieving acceptable results. Code is available in https://github.com/FengHZ/BAFFLE.

Title: Heterogeneous Datasets for Federated Survival Analysis Simulation. (arXiv:2301.12166v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.12166
• Code URL: https://github.com/archettialberto/federated_survival_datasets
• Copy Paste: [[2301.12166] Heterogeneous Datasets for Federated Survival Analysis Simulation](http://arxiv.org/abs/2301.12166) #federate
• Summary:

  Survival analysis studies time-modeling techniques for an event of interest occurring for a population. Survival analysis found widespread applications in healthcare, engineering, and social sciences. However, the data needed to train survival models are often distributed, incomplete, censored, and confidential. In this context, federated learning can be exploited to tremendously improve the quality of the models trained on distributed data while preserving user privacy. However, federated survival analysis is still in its early development, and there is no common benchmarking dataset to test federated survival models. This work proposes a novel technique for constructing realistic heterogeneous datasets by starting from existing non-federated datasets in a reproducible way. Specifically, we provide two novel dataset-splitting algorithms based on the Dirichlet distribution to assign each data sample to a carefully chosen client: quantity-skewed splitting and label-skewed splitting. Furthermore, these algorithms allow for obtaining different levels of heterogeneity by changing a single hyperparameter. Finally, numerical experiments provide a quantitative evaluation of the heterogeneity level using log-rank tests and a qualitative analysis of the generated splits. The implementation of the proposed methods is publicly available in favor of reproducibility and to encourage common practices to simulate federated environments for survival analysis.

Title: CyclicFL: A Cyclic Model Pre-Training Approach to Efficient Federated Learning. (arXiv:2301.12193v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.12193
• Code URL: null
• Copy Paste: [[2301.12193] CyclicFL: A Cyclic Model Pre-Training Approach to Efficient Federated Learning](http://arxiv.org/abs/2301.12193) #federate
• Summary:

  Since random initial models in Federated Learning (FL) can easily result in unregulated Stochastic Gradient Descent (SGD) processes, existing FL methods greatly suffer from both slow convergence and poor accuracy, especially for non-IID scenarios. To address this problem, we propose a novel FL method named CyclicFL, which can quickly derive effective initial models to guide the SGD processes, thus improving the overall FL training performance. Based on the concept of Continual Learning (CL), we prove that CyclicFL approximates existing centralized pre-training methods in terms of classification and prediction performance. Meanwhile, we formally analyze the significance of data consistency between the pre-training and training stages of CyclicFL, showing the limited Lipschitzness of loss for the pre-trained models by CyclicFL. Unlike traditional centralized pre-training methods that require public proxy data, CyclicFL pre-trains initial models on selected clients cyclically without exposing their local data. Therefore, they can be easily integrated into any security-critical FL methods. Comprehensive experimental results show that CyclicFL can not only improve the classification accuracy by up to 16.21%, but also significantly accelerate the overall FL training processes.

fair

Title: Byte Pair Encoding for Symbolic Music. (arXiv:2301.11975v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.11975
• Code URL: null
• Copy Paste: [[2301.11975] Byte Pair Encoding for Symbolic Music](http://arxiv.org/abs/2301.11975) #fair
• Summary:

  The symbolic music modality is nowadays mostly represented as discrete and used with sequential models such as Transformers, for deep learning tasks. Recent research put efforts on the tokenization, i.e. the conversion of data into sequences of integers intelligible to such models. This can be achieved by many ways as music can be composed of simultaneous tracks, of simultaneous notes with several attributes. Until now, the proposed tokenizations are based on small vocabularies describing the note attributes and time events, resulting in fairly long token sequences. In this paper, we show how Byte Pair Encoding (BPE) can improve the results of deep learning models while improving its performances. We experiment on music generation and composer classification, and study the impact of BPE on how models learn the embeddings, and show that it can help to increase their isotropy, i.e., the uniformity of the variance of their positions in the space.

Title: Efficient Latency-Aware CNN Depth Compression via Two-Stage Dynamic Programming. (arXiv:2301.12187v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.12187
• Code URL: null
• Copy Paste: [[2301.12187] Efficient Latency-Aware CNN Depth Compression via Two-Stage Dynamic Programming](http://arxiv.org/abs/2301.12187) #fair
• Summary:

  Recent works on neural network pruning advocate that reducing the depth of the network is more effective in reducing run-time memory usage and accelerating inference latency than reducing the width of the network through channel pruning. In this regard, some recent works propose depth compression algorithms that merge convolution layers. However, the existing algorithms have a constricted search space and rely on human-engineered heuristics. In this paper, we propose a novel depth compression algorithm which targets general convolution operations. We propose a subset selection problem that replaces inefficient activation layers with identity functions and optimally merges consecutive convolution operations into shallow equivalent convolution operations for efficient end-to-end inference latency. Since the proposed subset selection problem is NP-hard, we formulate a surrogate optimization problem that can be solved exactly via two-stage dynamic programming within a few seconds. We evaluate our methods and baselines by TensorRT for a fair inference latency comparison. Our method outperforms the baseline method with higher accuracy and faster inference speed in MobileNetV2 on the ImageNet dataset. Specifically, we achieve $1.61\times$speed-up with only $0.62$\%p accuracy drop in MobileNetV2-1.4 on the ImageNet.

Title: Pragmatic Fairness: Developing Policies with Outcome Disparity Control. (arXiv:2301.12278v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.12278
• Code URL: https://github.com/limorigu/pragmaticfairness
• Copy Paste: [[2301.12278] Pragmatic Fairness: Developing Policies with Outcome Disparity Control](http://arxiv.org/abs/2301.12278) #fair
• Summary:

  We introduce a causal framework for designing optimal policies that satisfy fairness constraints. We take a pragmatic approach asking what we can do with an action space available to us and only with access to historical data. We propose two different fairness constraints: a moderation breaking constraint which aims at blocking moderation paths from the action and sensitive attribute to the outcome, and by that at reducing disparity in outcome levels as much as the provided action space permits; and an equal benefit constraint which aims at distributing gain from the new and maximized policy equally across sensitive attribute levels, and thus at keeping pre-existing preferential treatment in place or avoiding the introduction of new disparity. We introduce practical methods for implementing the constraints and illustrate their uses on experiments with semi-synthetic models.

interpretability

Title: BinaryVQA: A Versatile Test Set to Evaluate the Out-of-Distribution Generalization of VQA Models. (arXiv:2301.12032v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2301.12032
• Code URL: https://github.com/aliborji/binaryvqa
• Copy Paste: [[2301.12032] BinaryVQA: A Versatile Test Set to Evaluate the Out-of-Distribution Generalization of VQA Models](http://arxiv.org/abs/2301.12032) #interpretability
• Summary:

  We introduce a new test set for visual question answering (VQA) called BinaryVQA to push the limits of VQA models. Our dataset includes 7,800 questions across 1,024 images and covers a wide variety of objects, topics, and concepts. For easy model evaluation, we only consider binary questions. Questions and answers are formulated and verified carefully and manually. Around 63% of the questions have positive answers. The median number of questions per image and question length are 7 and 5, respectively. The state of the art OFA model achieves 75% accuracy on BinaryVQA dataset, which is significantly lower than its performance on the VQA v2 test-dev dataset (94.7%). We also analyze the model behavior along several dimensions including: a) performance over different categories such as text, counting and gaze direction, b) model interpretability, c) the effect of question length on accuracy, d) bias of models towards positive answers and introduction of a new score called the ShuffleAcc, and e) sensitivity to spelling and grammar errors. Our investigation demonstrates the difficulty of our dataset and shows that it can challenge VQA models for next few years. Data and code are publicly available at: DATA and CODE.

Title: TemporAI: Facilitating Machine Learning Innovation in Time Domain Tasks for Medicine. (arXiv:2301.12260v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.12260
• Code URL: https://github.com/vanderschaarlab/temporai
• Copy Paste: [[2301.12260] TemporAI: Facilitating Machine Learning Innovation in Time Domain Tasks for Medicine](http://arxiv.org/abs/2301.12260) #interpretability
• Summary:

  TemporAI is an open source Python software library for machine learning (ML) tasks involving data with a time component, focused on medicine and healthcare use cases. It supports data in time series, static, and eventmodalities and provides an interface for prediction, causal inference, and time-to-event analysis, as well as common preprocessing utilities and model interpretability methods. The library aims to facilitate innovation in the medical ML space by offering a standardized temporal setting toolkit for model development, prototyping and benchmarking, bridging the gaps in the ML research, healthcare professional, medical/pharmacological industry, and data science communities. TemporAI is available on GitHub (https://github.com/vanderschaarlab/temporai) and we welcome community engagement through use, feedback, and code contributions.

explainability

Title: Bipol: Multi-axes Evaluation of Bias with Explainability in Benchmark Datasets. (arXiv:2301.12139v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2301.12139
• Code URL: https://github.com/tosingithub/bipol
• Copy Paste: [[2301.12139] Bipol: Multi-axes Evaluation of Bias with Explainability in Benchmark Datasets](http://arxiv.org/abs/2301.12139) #explainability
• Summary:

  We evaluate five English NLP benchmark datasets (available on the superGLUE leaderboard) for bias, along multiple axes. The datasets are the following: Boolean Question (Boolq), CommitmentBank (CB), Winograd Schema Challenge (WSC), Winogender diagnostic (AXg), and Recognising Textual Entailment (RTE). Bias can be harmful and it is known to be common in data, which ML models learn from. In order to mitigate bias in data, it is crucial to be able to estimate it objectively. We use bipol, a novel multi-axes bias metric with explainability, to quantify and explain how much bias exists in these datasets. Multilingual, multi-axes bias evaluation is not very common. Hence, we also contribute a new, large labelled Swedish bias-detection dataset, with about 2 million samples; translated from the English version. In addition, we contribute new multi-axes lexica for bias detection in Swedish. We train a SotA model on the new dataset for bias detection. We make the codes, model, and new dataset publicly available.

watermark

Title: Deep Learning model integrity checking mechanism using watermarking technique. (arXiv:2301.12333v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2301.12333
• Code URL: null
• Copy Paste: [[2301.12333] Deep Learning model integrity checking mechanism using watermarking technique](http://arxiv.org/abs/2301.12333) #watermark
• Summary:

  In response to the growing popularity of Machine Learning (ML) techniques to solve problems in various industries, various malicious groups have started to target such techniques in their attack plan. However, as ML models are constantly updated with continuous data, it is very hard to monitor the integrity of ML models. One probable solution would be to use hashing techniques. Regardless of how that would mean re-hashing the model each time the model is trained on newer data which is computationally expensive and not a feasible solution for ML models that are trained on continuous data. Therefore, in this paper, we propose a model integrity-checking mechanism that uses model watermarking techniques to monitor the integrity of ML models. We then demonstrate that our proposed technique can monitor the integrity of ML models even when the model is further trained on newer data with a low computational cost. Furthermore, the integrity checking mechanism can be used on Deep Learning models that work on complex data distributions such as Cyber-Physical System applications.

diffusion

Title: Minimizing Trajectory Curvature of ODE-based Generative Models. (arXiv:2301.12003v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.12003
• Code URL: https://github.com/sangyun884/fast-ode
• Copy Paste: [[2301.12003] Minimizing Trajectory Curvature of ODE-based Generative Models](http://arxiv.org/abs/2301.12003) #diffusion
• Summary:

  Recent ODE/SDE-based generative models, such as diffusion models and flow matching, define a generative process as a time reversal of a fixed forward process. Even though these models show impressive performance on large-scale datasets, numerical simulation requires multiple evaluations of a neural network, leading to a slow sampling speed. We attribute the reason to the high curvature of the learned generative trajectories, as it is directly related to the truncation error of a numerical solver. Based on the relationship between the forward process and the curvature, here we present an efficient method of training the forward process to minimize the curvature of generative trajectories without any ODE/SDE simulation. Experiments show that our method achieves a lower curvature than previous models and, therefore, decreased sampling costs while maintaining competitive performance. Code is available at https://github.com/sangyun884/fast-ode.

Title: Towards Equitable Representation in Text-to-Image Synthesis Models with the Cross-Cultural Understanding Benchmark (CCUB) Dataset. (arXiv:2301.12073v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2301.12073
• Code URL: https://github.com/cmubig/ccub
• Copy Paste: [[2301.12073] Towards Equitable Representation in Text-to-Image Synthesis Models with the Cross-Cultural Understanding Benchmark (CCUB) Dataset](http://arxiv.org/abs/2301.12073) #diffusion
• Summary:

  It has been shown that accurate representation in media improves the well-being of the people who consume it. By contrast, inaccurate representations can negatively affect viewers and lead to harmful perceptions of other cultures. To achieve inclusive representation in generated images, we propose a culturally-aware priming approach for text-to-image synthesis using a small but culturally curated dataset that we collected, known here as Cross-Cultural Understanding Benchmark (CCUB) Dataset, to fight the bias prevalent in giant datasets. Our proposed approach is comprised of two fine-tuning techniques: (1) Adding visual context via fine-tuning a pre-trained text-to-image synthesis model, Stable Diffusion, on the CCUB text-image pairs, and (2) Adding semantic context via automated prompt engineering using the fine-tuned large language model, GPT-3, trained on our CCUB culturally-aware text data. CCUB dataset is curated and our approach is evaluated by people who have a personal relationship with that particular culture. Our experiments indicate that priming using both text and image is effective in improving the cultural relevance and decreasing the offensiveness of generated images while maintaining quality.

Title: SEGA: Instructing Diffusion using Semantic Dimensions. (arXiv:2301.12247v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2301.12247
• Code URL: null
• Copy Paste: [[2301.12247] SEGA: Instructing Diffusion using Semantic Dimensions](http://arxiv.org/abs/2301.12247) #diffusion
• Summary:

  Text-to-image diffusion models have recently received a lot of interest for their astonishing ability to produce high-fidelity images from text only. However, achieving one-shot generation that aligns with the user's intent is nearly impossible, yet small changes to the input prompt often result in very different images. This leaves the user with little semantic control. To put the user in control, we show how to interact with the diffusion process to flexibly steer it along semantic directions. This semantic guidance (SEGA) allows for subtle and extensive edits, changes in composition and style, as well as optimizing the overall artistic conception. We demonstrate SEGA's effectiveness on a variety of tasks and provide evidence for its versatility and flexibility.

Title: Don't Play Favorites: Minority Guidance for Diffusion Models. (arXiv:2301.12334v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.12334
• Code URL: null
• Copy Paste: [[2301.12334] Don't Play Favorites: Minority Guidance for Diffusion Models](http://arxiv.org/abs/2301.12334) #diffusion
• Summary:

  We explore the problem of generating minority samples using diffusion models. The minority samples are instances that lie on low-density regions of a data manifold. Generating sufficient numbers of such minority instances is important, since they often contain some unique attributes of the data. However, the conventional generation process of the diffusion models mostly yields majority samples (that lie on high-density regions of the manifold) due to their high likelihoods, making themselves highly ineffective and time-consuming for the task. In this work, we present a novel framework that can make the generation process of the diffusion models focus on the minority samples. We first provide a new insight on the majority-focused nature of the diffusion models: they denoise in favor of the majority samples. The observation motivates us to introduce a metric that describes the uniqueness of a given sample. To address the inherent preference of the diffusion models w.r.t. the majority samples, we further develop minority guidance, a sampling technique that can guide the generation process toward regions with desired likelihood levels. Experiments on benchmark real datasets demonstrate that our minority guidance can greatly improve the capability of generating the low-likelihood minority samples over existing generative frameworks including the standard diffusion sampler.

Title: Physics-Inspired Protein Encoder Pre-Training via Siamese Sequence-Structure Diffusion Trajectory Prediction. (arXiv:2301.12068v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2301.12068
• Code URL: null
• Copy Paste: [[2301.12068] Physics-Inspired Protein Encoder Pre-Training via Siamese Sequence-Structure Diffusion Trajectory Prediction](http://arxiv.org/abs/2301.12068) #diffusion
• Summary:

  Pre-training methods on proteins are recently gaining interest, leveraging either protein sequences or structures, while modeling their joint energy landscape is largely unexplored. In this work, inspired by the success of denoising diffusion models, we propose the DiffPreT approach to pre-train a protein encoder by sequence-structure multimodal diffusion modeling. DiffPreT guides the encoder to recover the native protein sequences and structures from the perturbed ones along the multimodal diffusion trajectory, which acquires the joint distribution of sequences and structures. Considering the essential protein conformational variations, we enhance DiffPreT by a physics-inspired method called Siamese Diffusion Trajectory Prediction (SiamDiff) to capture the correlation between different conformers of a protein. SiamDiff attains this goal by maximizing the mutual information between representations of diffusion trajectories of structurally-correlated conformers. We study the effectiveness of DiffPreT and SiamDiff on both atom- and residue-level structure-based protein understanding tasks. Experimental results show that the performance of DiffPreT is consistently competitive on all tasks, and SiamDiff achieves new state-of-the-art performance, considering the mean ranks on all tasks. The source code will be released upon acceptance.