secure

security

Title: Graph-based Time-Series Anomaly Detection: A Survey. (arXiv:2302.00058v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.00058
• Code URL: null
• Copy Paste: [[2302.00058] Graph-based Time-Series Anomaly Detection: A Survey](http://arxiv.org/abs/2302.00058) #security
• Summary:

  With the recent advances in technology, a wide range of systems continues to collect a large amount of data over time and thus generating time series. Detecting anomalies in time series data is an important task in various applications such as e-commerce, cybersecurity, and health care monitoring. However, Time-series Anomaly Detection (TSAD) is very challenging as it requires considering both the temporal dependency and the structural dependency. Recent graph-based approaches have made impressive progress in tackling the challenges of this field. In this survey, we conduct a comprehensive and up-to-date review of Graph-based Time-series Anomaly Detection (G-TSAD). First, we explore the significant potential of graph-based methods in identifying different types of anomalies in time series data. Then, we provide a structured and comprehensive review of the state-of-the-art graph anomaly detection techniques in the context of time series. Finally, we discuss the technical challenges and potential future directions for possible improvements in this research field.

privacy

Title: Continual Segment: Towards a Single, Unified and Accessible Continual Segmentation Model of 143 Whole-body Organs in CT Scans. (arXiv:2302.00162v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.00162
• Code URL: null
• Copy Paste: [[2302.00162] Continual Segment: Towards a Single, Unified and Accessible Continual Segmentation Model of 143 Whole-body Organs in CT Scans](http://arxiv.org/abs/2302.00162) #privacy
• Summary:

  Deep learning empowers the mainstream medical image segmentation methods. Nevertheless current deep segmentation approaches are not capable of efficiently and effectively adapting and updating the trained models when new incremental segmentation classes (along with new training datasets or not) are required to be added. In real clinical environment, it can be preferred that segmentation models could be dynamically extended to segment new organs/tumors without the (re-)access to previous training datasets due to obstacles of patient privacy and data storage. This process can be viewed as a continual semantic segmentation (CSS) problem, being understudied for multi-organ segmentation. In this work, we propose a new architectural CSS learning framework to learn a single deep segmentation model for segmenting a total of 143 whole-body organs. Using the encoder/decoder network structure, we demonstrate that a continually-trained then frozen encoder coupled with incrementally-added decoders can extract and preserve sufficiently representative image features for new classes to be subsequently and validly segmented. To maintain a single network model complexity, we trim each decoder progressively using neural architecture search and teacher-student based knowledge distillation. To incorporate with both healthy and pathological organs appearing in different datasets, a novel anomaly-aware and confidence learning module is proposed to merge the overlapped organ predictions, originated from different decoders. Trained and validated on 3D CT scans of 2500+ patients from four datasets, our single network can segment total 143 whole-body organs with very high accuracy, closely reaching the upper bound performance level by training four separate segmentation models (i.e., one model per dataset/task).

Title: Personalized Privacy Auditing and Optimization at Test Time. (arXiv:2302.00077v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.00077
• Code URL: null
• Copy Paste: [[2302.00077] Personalized Privacy Auditing and Optimization at Test Time](http://arxiv.org/abs/2302.00077) #privacy
• Summary:

  A number of learning models used in consequential domains, such as to assist in legal, banking, hiring, and healthcare decisions, make use of potentially sensitive users' information to carry out inference. Further, the complete set of features is typically required to perform inference. This not only poses severe privacy risks for the individuals using the learning systems, but also requires companies and organizations massive human efforts to verify the correctness of the released information.

This paper asks whether it is necessary to require \emph{all} input features for a model to return accurate predictions at test time and shows that, under a personalized setting, each individual may need to release only a small subset of these features without impacting the final decisions. The paper also provides an efficient sequential algorithm that chooses which attributes should be provided by each individual. Evaluation over several learning tasks shows that individuals may be able to report as little as 10\% of their information to ensure the same level of accuracy of a model that uses the complete users' information.

Title: Privacy Dashboards for Citizens and GDPR Services for Small Data Holders: A Literature Review. (arXiv:2302.00325v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2302.00325
• Code URL: null
• Copy Paste: [[2302.00325] Privacy Dashboards for Citizens and GDPR Services for Small Data Holders: A Literature Review](http://arxiv.org/abs/2302.00325) #privacy
• Summary:

  Citizens have gained many rights with the GDPR, e.g. the right to get a copy of their personal data. In practice, however, this is fraught with problems for citizens and small data holders. We present a literature review on solutions promising relief in the form of privacy dashboards for citizens and GDPR services for small data holders. Covered topics are analyzed, categorized and compared. This is ought to be a step towards both enabling citizens to exercise their GDPR rights and supporting small data holders to comply with their GDPR duties.

Title: Analyzing Leakage of Personally Identifiable Information in Language Models. (arXiv:2302.00539v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.00539
• Code URL: null
• Copy Paste: [[2302.00539] Analyzing Leakage of Personally Identifiable Information in Language Models](http://arxiv.org/abs/2302.00539) #privacy
• Summary:

  Language Models (LMs) have been shown to leak information about training data through sentence-level membership inference and reconstruction attacks. Understanding the risk of LMs leaking Personally Identifiable Information (PII) has received less attention, which can be attributed to the false assumption that dataset curation techniques such as scrubbing are sufficient to prevent PII leakage. Scrubbing techniques reduce but do not prevent the risk of PII leakage: in practice scrubbing is imperfect and must balance the trade-off between minimizing disclosure and preserving the utility of the dataset. On the other hand, it is unclear to which extent algorithmic defenses such as differential privacy, designed to guarantee sentence- or user-level privacy, prevent PII disclosure. In this work, we propose (i) a taxonomy of PII leakage in LMs, (ii) metrics to quantify PII leakage, and (iii) attacks showing that PII leakage is a threat in practice. Our taxonomy provides rigorous game-based definitions for PII leakage via black-box extraction, inference, and reconstruction attacks with only API access to an LM. We empirically evaluate attacks against GPT-2 models fine-tuned on three domains: case law, health care, and e-mails. Our main contributions are (i) novel attacks that can extract up to 10 times more PII sequences as existing attacks, (ii) showing that sentence-level differential privacy reduces the risk of PII disclosure but still leaks about 3% of PII sequences, and (iii) a subtle connection between record-level membership inference and PII reconstruction.

protect

defense

Title: Effectiveness of Moving Target Defenses for Adversarial Attacks in ML-based Malware Detection. (arXiv:2302.00537v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.00537
• Code URL: null
• Copy Paste: [[2302.00537] Effectiveness of Moving Target Defenses for Adversarial Attacks in ML-based Malware Detection](http://arxiv.org/abs/2302.00537) #defense
• Summary:

  Several moving target defenses (MTDs) to counter adversarial ML attacks have been proposed in recent years. MTDs claim to increase the difficulty for the attacker in conducting attacks by regularly changing certain elements of the defense, such as cycling through configurations. To examine these claims, we study for the first time the effectiveness of several recent MTDs for adversarial ML attacks applied to the malware detection domain. Under different threat models, we show that transferability and query attack strategies can achieve high levels of evasion against these defenses through existing and novel attack strategies across Android and Windows. We also show that fingerprinting and reconnaissance are possible and demonstrate how attackers may obtain critical defense hyperparameters as well as information about how predictions are produced. Based on our findings, we present key recommendations for future work on the development of effective MTDs for adversarial attacks in ML-based malware detection.

attack

Title: Exploring Semantic Perturbations on Grover. (arXiv:2302.00509v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.00509
• Code URL: https://github.com/itspranavk/cmsc473fall21-grover
• Copy Paste: [[2302.00509] Exploring Semantic Perturbations on Grover](http://arxiv.org/abs/2302.00509) #attack
• Summary:

  With news and information being as easy to access as they currently are, it is more important than ever to ensure that people are not mislead by what they read. Recently, the rise of neural fake news (AI-generated fake news) and its demonstrated effectiveness at fooling humans has prompted the development of models to detect it. One such model is the Grover model, which can both detect neural fake news to prevent it, and generate it to demonstrate how a model could be misused to fool human readers. In this work we explore the Grover model's fake news detection capabilities by performing targeted attacks through perturbations on input news articles. Through this we test Grover's resilience to these adversarial attacks and expose some potential vulnerabilities which should be addressed in further iterations to ensure it can detect all types of fake news accurately.

Title: Is Stubborn Mining Severe in Imperfect GHOST Bitcoin-like Blockchains? Quantitative Analysis. (arXiv:2302.00210v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2302.00210
• Code URL: null
• Copy Paste: [[2302.00210] Is Stubborn Mining Severe in Imperfect GHOST Bitcoin-like Blockchains? Quantitative Analysis](http://arxiv.org/abs/2302.00210) #attack
• Summary:

  GHOST, like the longest-chain protocol, is a chain selection protocol and its capability in resisting selfish mining attack has been validated in imperfect blockchains of Bitcoin and its variants (Bitcoin-like). This paper explores an analytical-model-based method to investigate the impact of stubborn mining attack in imperfect GHOST Bitcoin-like blockchains. We first quantify chain dynamics based on Markov chain and then derive the formulas of miner revenue and system throughput. We also propose a new metric, "Hazard Index", which can be used to compare attack severity and also assist attacker in determining whether it is profitable to conduct an attack. The experiment results show that 1) An attacker with more than 30% computing power can get huge profit and extremely downgrade system throughput by launching stubborn mining attack. 2) A rational attacker should not launch stubborn mining attack if it has less than 25% computing power. 3) Stubborn mining attack causes more damage than selfish mining attack under GHOST. Our work provides insight into stubborn mining attack and is helpful in designing countermeasures.

Title: A Robust Certificate Management System to Prevent Evil Twin Attacks in IEEE 802.11 Networks. (arXiv:2302.00338v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2302.00338
• Code URL: null
• Copy Paste: [[2302.00338] A Robust Certificate Management System to Prevent Evil Twin Attacks in IEEE 802](http://arxiv.org/abs/2302.00338) #attack
• Summary:

  The evil twin attack is a major security threat to WLANs. An evil twin is a rogue AP installed by a malicious user to impersonate legitimate APs. It intends to attract victims in order to intercept their credentials, to steal their sensitive information, to eavesdrop on their data, etc. In this paper, we study the security mechanisms of wireless networks and we introduce the different authentication methods, including 802.1X authentication. We show that 802.1X has improved security through the use of digital certificates but does not define any practical technique for the user to check the network certificate. Therefore, it remains vulnerable to the evil twin attack. To repair this vulnerability, we introduce Robust Certificate Management System (RCMS) which takes advantage of the digital certificates of 802.1X to protect the users against rogue APs. RCMS defines a new verification code to allow the user device to check the network certificate. This practical verification combined with the reliability of digital certificates provides a perfect protection against rogue APs. RCMS requires a small software update on the user terminal and does not need any modification of IEEE 802.11. It has a significant flexibility since trusting a single AP is enough to trust all the APs of the extended network. This allows the administrators to extend their networks easily without the need to update any database of trusted APs on the user devices.

robust

Title: Debiasing Vision-Language Models via Biased Prompts. (arXiv:2302.00070v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.00070
• Code URL: https://github.com/chingyaoc/debias_vl
• Copy Paste: [[2302.00070] Debiasing Vision-Language Models via Biased Prompts](http://arxiv.org/abs/2302.00070) #robust
• Summary:

  Machine learning models have been shown to inherit biases from their training datasets, which can be particularly problematic for vision-language foundation models trained on uncurated datasets scraped from the internet. The biases can be amplified and propagated to downstream applications like zero-shot classifiers and text-to-image generative models. In this study, we propose a general approach for debiasing vision-language foundation models by projecting out biased directions in the text embedding. In particular, we show that debiasing only the text embedding with a calibrated projection matrix suffices to yield robust classifiers and fair generative models. The closed-form solution enables easy integration into large-scale pipelines, and empirical results demonstrate that our approach effectively reduces social bias and spurious correlation in both discriminative and generative vision-language models without the need for additional data or training.

Title: QCRS: Improve Randomized Smoothing using Quasi-Concave Optimization. (arXiv:2302.00209v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.00209
• Code URL: null
• Copy Paste: [[2302.00209] QCRS: Improve Randomized Smoothing using Quasi-Concave Optimization](http://arxiv.org/abs/2302.00209) #robust
• Summary:

  Randomized smoothing is currently the state-of-the-art method that provides certified robustness for deep neural networks. However, it often cannot achieve an adequate certified region on real-world datasets. One way to obtain a larger certified region is to use an input-specific algorithm instead of using a fixed Gaussian filter for all data points. Several methods based on this idea have been proposed, but they either suffer from high computational costs or gain marginal improvement in certified radius. In this work, we show that by exploiting the quasiconvex problem structure, we can find the optimal certified radii for most data points with slight computational overhead. This observation leads to an efficient and effective input-specific randomized smoothing algorithm. We conduct extensive experiments and empirical analysis on Cifar10 and ImageNet. The results show that the proposed method significantly enhances the certified radii with low computational overhead.

Title: Learning Generalized Zero-Shot Learners for Open-Domain Image Geolocalization. (arXiv:2302.00275v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.00275
• Code URL: https://huggingface.co/geolocal/StreetCLIP
• Copy Paste: [[2302.00275] Learning Generalized Zero-Shot Learners for Open-Domain Image Geolocalization](http://arxiv.org/abs/2302.00275) #robust
• Summary:

  Image geolocalization is the challenging task of predicting the geographic coordinates of origin for a given photo. It is an unsolved problem relying on the ability to combine visual clues with general knowledge about the world to make accurate predictions across geographies. We present $\href{https://huggingface.co/geolocal/StreetCLIP}{\text{StreetCLIP}}$, a robust, publicly available foundation model not only achieving state-of-the-art performance on multiple open-domain image geolocalization benchmarks but also doing so in a zero-shot setting, outperforming supervised models trained on more than 4 million images. Our method introduces a meta-learning approach for generalized zero-shot learning by pretraining CLIP from synthetic captions, grounding CLIP in a domain of choice. We show that our method effectively transfers CLIP's generalized zero-shot capabilities to the domain of image geolocalization, improving in-domain generalized zero-shot performance without finetuning StreetCLIP on a fixed set of classes.

Title: Learning Prototype Classifiers for Long-Tailed Recognition. (arXiv:2302.00491v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.00491
• Code URL: null
• Copy Paste: [[2302.00491] Learning Prototype Classifiers for Long-Tailed Recognition](http://arxiv.org/abs/2302.00491) #robust
• Summary:

  The problem of long-tailed recognition (LTR) has received attention in recent years due to the fundamental power-law distribution of objects in the real-world. Most recent works in LTR use softmax classifiers that have a tendency to correlate classifier norm with the amount of training data for a given class. On the other hand, Prototype classifiers do not suffer from this shortcoming and can deliver promising results simply using Nearest-Class-Mean (NCM), a special case where prototypes are empirical centroids. However, the potential of Prototype classifiers as an alternative to softmax in LTR is relatively underexplored. In this work, we propose Prototype classifiers, which jointly learn prototypes that minimize average cross-entropy loss based on probability scores from distances to prototypes. We theoretically analyze the properties of Euclidean distance based prototype classifiers that leads to stable gradient-based optimization which is robust to outliers. We further enhance Prototype classifiers by learning channel-dependent temperature parameters to enable independent distance scales along each channel. Our analysis shows that prototypes learned by Prototype classifiers are better separated than empirical centroids. Results on four long-tailed recognition benchmarks show that Prototype classifier outperforms or is comparable to the state-of-the-art methods.

Title: Towards Implementing Energy-aware Data-driven Intelligence for Smart Health Applications on Mobile Platforms. (arXiv:2302.00514v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.00514
• Code URL: null
• Copy Paste: [[2302.00514] Towards Implementing Energy-aware Data-driven Intelligence for Smart Health Applications on Mobile Platforms](http://arxiv.org/abs/2302.00514) #robust
• Summary:

  Recent breakthrough technological progressions of powerful mobile computing resources such as low-cost mobile GPUs along with cutting-edge, open-source software architectures have enabled high-performance deep learning on mobile platforms. These advancements have revolutionized the capabilities of today's mobile applications in different dimensions to perform data-driven intelligence locally, particularly for smart health applications. Unlike traditional machine learning (ML) architectures, modern on-device deep learning frameworks are proficient in utilizing computing resources in mobile platforms seamlessly, in terms of producing highly accurate results in less inference time. However, on the flip side, energy resources in a mobile device are typically limited. Hence, whenever a complex Deep Neural Network (DNN) architecture is fed into the on-device deep learning framework, while it achieves high prediction accuracy (and performance), it also urges huge energy demands during the runtime. Therefore, managing these resources efficiently within the spectrum of performance and energy efficiency is the newest challenge for any mobile application featuring data-driven intelligence beyond experimental evaluations. In this paper, first, we provide a timely review of recent advancements in on-device deep learning while empirically evaluating the performance metrics of current state-of-the-art ML architectures and conventional ML approaches with the emphasis given on energy characteristics by deploying them on a smart health application. With that, we are introducing a new framework through an energy-aware, adaptive model comprehension and realization (EAMCR) approach that can be utilized to make more robust and efficient inference decisions based on the available computing/energy resources in the mobile device during the runtime.

Title: Uncertainty-Driven Dense Two-View Structure from Motion. (arXiv:2302.00523v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.00523
• Code URL: null
• Copy Paste: [[2302.00523] Uncertainty-Driven Dense Two-View Structure from Motion](http://arxiv.org/abs/2302.00523) #robust
• Summary:

  This work introduces an effective and practical solution to the dense two-view structure from motion (SfM) problem. One vital question addressed is how to mindfully use per-pixel optical flow correspondence between two frames for accurate pose estimation -- as perfect per-pixel correspondence between two images is difficult, if not impossible, to establish. With the carefully estimated camera pose and predicted per-pixel optical flow correspondences, a dense depth of the scene is computed. Later, an iterative refinement procedure is introduced to further improve optical flow matching confidence, camera pose, and depth, exploiting their inherent dependency in rigid SfM. The fundamental idea presented is to benefit from per-pixel uncertainty in the optical flow estimation and provide robustness to the dense SfM system via an online refinement. Concretely, we introduce a pipeline consisting of (i) an uncertainty-aware dense optical flow estimation approach that provides per-pixel correspondence with their confidence score of matching; (ii) a weighted dense bundle adjustment formulation that depends on optical flow uncertainty and bidirectional optical flow consistency to refine both pose and depth; (iii) a depth estimation network that considers its consistency with the estimated poses and optical flow respecting epipolar constraint. Extensive experiments show that the proposed approach achieves remarkable depth accuracy and state-of-the-art camera pose results superseding SuperPoint and SuperGlue accuracy when tested on benchmark datasets such as DeMoN, YFCC100M, and ScanNet.

Title: Continuous U-Net: Faster, Greater and Noiseless. (arXiv:2302.00626v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.00626
• Code URL: null
• Copy Paste: [[2302.00626] Continuous U-Net: Faster, Greater and Noiseless](http://arxiv.org/abs/2302.00626) #robust
• Summary:

  Image segmentation is a fundamental task in image analysis and clinical practice. The current state-of-the-art techniques are based on U-shape type encoder-decoder networks with skip connections, called U-Net. Despite the powerful performance reported by existing U-Net type networks, they suffer from several major limitations. Issues include the hard coding of the receptive field size, compromising the performance and computational cost, as well as the fact that they do not account for inherent noise in the data. They have problems associated with discrete layers, and do not offer any theoretical underpinning. In this work we introduce continuous U-Net, a novel family of networks for image segmentation. Firstly, continuous U-Net is a continuous deep neural network that introduces new dynamic blocks modelled by second order ordinary differential equations. Secondly, we provide theoretical guarantees for our network demonstrating faster convergence, higher robustness and less sensitivity to noise. Thirdly, we derive qualitative measures to tailor-made segmentation tasks. We demonstrate, through extensive numerical and visual results, that our model outperforms existing U-Net blocks for several medical image segmentation benchmarking datasets.

Title: Does Vision Accelerate Hierarchical Generalization of Neural Language Learners?. (arXiv:2302.00667v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2302.00667
• Code URL: null
• Copy Paste: [[2302.00667] Does Vision Accelerate Hierarchical Generalization of Neural Language Learners?](http://arxiv.org/abs/2302.00667) #robust
• Summary:

  Neural language models (LMs) are arguably less data-efficient than humans -- why does this gap occur? In this study, we hypothesize that this gap stems from the learners' accessibility to modalities other than text, specifically, vision. We conducted two complementary experiments (using noisy, realistic data and a simplified, artificial one) toward the advantage of vision in the syntactic generalization of LMs. Our results showed that vision accelerated a proper linguistic generalization in the simplified, artificial setting, but LMs struggled with the noisy, realistic setting. These mixed results indicate several possibilities, e.g., vision can potentially boost language acquisition, but learners' additional visual/linguistic prior knowledge should be needed to robustly make use of raw images for efficient language acquisition.

Title: Reducing Blackwell and Average Optimality to Discounted MDPs via the Blackwell Discount Factor. (arXiv:2302.00036v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.00036
• Code URL: null
• Copy Paste: [[2302.00036] Reducing Blackwell and Average Optimality to Discounted MDPs via the Blackwell Discount Factor](http://arxiv.org/abs/2302.00036) #robust
• Summary:

  We introduce the Blackwell discount factor for Markov Decision Processes (MDPs). Classical objectives for MDPs include discounted, average, and Blackwell optimality. Many existing approaches to computing average-optimal policies solve for discounted optimal policies with a discount factor close to $1$, but they only work under strong or hard-to-verify assumptions such as ergodicity or weakly communicating MDPs. In this paper, we show that when the discount factor is larger than the Blackwell discount factor $\gamma_{\mathrm{bw}}$, all discounted optimal policies become Blackwell- and average-optimal, and we derive a general upper bound on $\gamma_{\mathrm{bw}}$. The upper bound on $\gamma_{\mathrm{bw}}$ provides the first reduction from average and Blackwell optimality to discounted optimality, without any assumptions, and new polynomial-time algorithms for average- and Blackwell-optimal policies. Our work brings new ideas from the study of polynomials and algebraic numbers to the analysis of MDPs. Our results also apply to robust MDPs, enabling the first algorithms to compute robust Blackwell-optimal policies.

Title: Adaptive sparseness for correntropy-based robust regression via automatic relevance determination. (arXiv:2302.00082v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.00082
• Code URL: null
• Copy Paste: [[2302.00082] Adaptive sparseness for correntropy-based robust regression via automatic relevance determination](http://arxiv.org/abs/2302.00082) #robust
• Summary:

  Sparseness and robustness are two important properties for many machine learning scenarios. In the present study, regarding the maximum correntropy criterion (MCC) based robust regression algorithm, we investigate to integrate the MCC method with the automatic relevance determination (ARD) technique in a Bayesian framework, so that MCC-based robust regression could be implemented with adaptive sparseness. To be specific, we use an inherent noise assumption from the MCC to derive an explicit likelihood function, and realize the maximum a posteriori (MAP) estimation with the ARD prior by variational Bayesian inference. Compared to the existing robust and sparse L1-regularized MCC regression, the proposed MCC-ARD regression can eradicate the troublesome tuning for the regularization hyper-parameter which controls the regularization strength. Further, MCC-ARD achieves superior prediction performance and feature selection capability than L1-regularized MCC, as demonstrated by a noisy and high-dimensional simulation study.

Title: Deep Active Learning for Scientific Computing in the Wild. (arXiv:2302.00098v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.00098
• Code URL: null
• Copy Paste: [[2302.00098] Deep Active Learning for Scientific Computing in the Wild](http://arxiv.org/abs/2302.00098) #robust
• Summary:

  Deep learning (DL) is revolutionizing the scientific computing community. To reduce the data gap caused by usually expensive simulations or experimentation, active learning has been identified as a promising solution for the scientific computing community. However, the deep active learning (DAL) literature is currently dominated by image classification problems and pool-based methods, which are not directly transferrable to scientific computing problems, dominated by regression problems with no pre-defined 'pool' of unlabeled data. Here for the first time, we investigate the robustness of DAL methods for scientific computing problems using ten state-of-the-art DAL methods and eight benchmark problems. We show that, to our surprise, the majority of the DAL methods are not robust even compared to random sampling when the ideal pool size is unknown. We further analyze the effectiveness and robustness of DAL methods and suggest that diversity is necessary for a robust DAL for scientific computing problems.

Title: Multi-Grade Deep Learning. (arXiv:2302.00150v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.00150
• Code URL: null
• Copy Paste: [[2302.00150] Multi-Grade Deep Learning](http://arxiv.org/abs/2302.00150) #robust
• Summary:

  The current deep learning model is of a single-grade, that is, it learns a deep neural network by solving a single nonconvex optimization problem. When the layer number of the neural network is large, it is computationally challenging to carry out such a task efficiently. Inspired by the human education process which arranges learning in grades, we propose a multi-grade learning model: We successively solve a number of optimization problems of small sizes, which are organized in grades, to learn a shallow neural network for each grade. Specifically, the current grade is to learn the leftover from the previous grade. In each of the grades, we learn a shallow neural network stacked on the top of the neural network, learned in the previous grades, which remains unchanged in training of the current and future grades. By dividing the task of learning a deep neural network into learning several shallow neural networks, one can alleviate the severity of the nonconvexity of the original optimization problem of a large size. When all grades of the learning are completed, the final neural network learned is a stair-shape neural network, which is the superposition of networks learned from all grades. Such a model enables us to learn a deep neural network much more effectively and efficiently. Moreover, multi-grade learning naturally leads to adaptive learning. We prove that in the context of function approximation if the neural network generated by a new grade is nontrivial, the optimal error of the grade is strictly reduced from the optimal error of the previous grade. Furthermore, we provide several proof-of-concept numerical examples which demonstrate that the proposed multi-grade model outperforms significantly the traditional single-grade model and is much more robust than the traditional model.

Title: $\rm A^2Q$: Aggregation-Aware Quantization for Graph Neural Networks. (arXiv:2302.00193v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.00193
• Code URL: https://github.com/weihai-98/a-2q
• Copy Paste: [[2302.00193] $\rm A^2Q$: Aggregation-Aware Quantization for Graph Neural Networks](http://arxiv.org/abs/2302.00193) #robust
• Summary:

  As graph data size increases, the vast latency and memory consumption during inference pose a significant challenge to the real-world deployment of Graph Neural Networks (GNNs). While quantization is a powerful approach to reducing GNNs complexity, most previous works on GNNs quantization fail to exploit the unique characteristics of GNNs, suffering from severe accuracy degradation. Through an in-depth analysis of the topology of GNNs, we observe that the topology of the graph leads to significant differences between nodes, and most of the nodes in a graph appear to have a small aggregation value. Motivated by this, in this paper, we propose the Aggregation-Aware mixed-precision Quantization ($\rm A^2Q$) for GNNs, where an appropriate bitwidth is automatically learned and assigned to each node in the graph. To mitigate the vanishing gradient problem caused by sparse connections between nodes, we propose a Local Gradient method to serve the quantization error of the node features as the supervision during training. We also develop a Nearest Neighbor Strategy to deal with the generalization on unseen graphs. Extensive experiments on eight public node-level and graph-level datasets demonstrate the generality and robustness of our proposed method. Compared to the FP32 models, our method can achieve up to a 18.6x (i.e., 1.70bit) compression ratio with negligible accuracy degradation. Morever, compared to the state-of-the-art quantization method, our method can achieve up to 11.4\% and 9.5\% accuracy improvements on the node-level and graph-level tasks, respectively, and up to 2x speedup on a dedicated hardware accelerator.

Title: Free Lunch for Domain Adversarial Training: Environment Label Smoothing. (arXiv:2302.00194v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.00194
• Code URL: null
• Copy Paste: [[2302.00194] Free Lunch for Domain Adversarial Training: Environment Label Smoothing](http://arxiv.org/abs/2302.00194) #robust
• Summary:

  A fundamental challenge for machine learning models is how to generalize learned models for out-of-distribution (OOD) data. Among various approaches, exploiting invariant features by Domain Adversarial Training (DAT) received widespread attention. Despite its success, we observe training instability from DAT, mostly due to over-confident domain discriminator and environment label noise. To address this issue, we proposed Environment Label Smoothing (ELS), which encourages the discriminator to output soft probability, which thus reduces the confidence of the discriminator and alleviates the impact of noisy environment labels. We demonstrate, both experimentally and theoretically, that ELS can improve training stability, local convergence, and robustness to noisy environment labels. By incorporating ELS with DAT methods, we are able to yield state-of-art results on a wide range of domain generalization/adaptation tasks, particularly when the environment labels are highly noisy.

Title: Simplicity Bias in 1-Hidden Layer Neural Networks. (arXiv:2302.00457v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.00457
• Code URL: null
• Copy Paste: [[2302.00457] Simplicity Bias in 1-Hidden Layer Neural Networks](http://arxiv.org/abs/2302.00457) #robust
• Summary:

  Recent works have demonstrated that neural networks exhibit extreme simplicity bias(SB). That is, they learn only the simplest features to solve a task at hand, even in the presence of other, more robust but more complex features. Due to the lack of a general and rigorous definition of features, these works showcase SB on semi-synthetic datasets such as Color-MNIST, MNIST-CIFAR where defining features is relatively easier.

In this work, we rigorously define as well as thoroughly establish SB for one hidden layer neural networks. More concretely, (i) we define SB as the network essentially being a function of a low dimensional projection of the inputs (ii) theoretically, we show that when the data is linearly separable, the network primarily depends on only the linearly separable ($1$-dimensional) subspace even in the presence of an arbitrarily large number of other, more complex features which could have led to a significantly more robust classifier, (iii) empirically, we show that models trained on real datasets such as Imagenette and Waterbirds-Landbirds indeed depend on a low dimensional projection of the inputs, thereby demonstrating SB on these datasets, iv) finally, we present a natural ensemble approach that encourages diversity in models by training successive models on features not used by earlier models, and demonstrate that it yields models that are significantly more robust to Gaussian noise.

Title: Graph Neural Operators for Classification of Spatial Transcriptomics Data. (arXiv:2302.00658v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.00658
• Code URL: null
• Copy Paste: [[2302.00658] Graph Neural Operators for Classification of Spatial Transcriptomics Data](http://arxiv.org/abs/2302.00658) #robust
• Summary:

  The inception of spatial transcriptomics has allowed improved comprehension of tissue architectures and the disentanglement of complex underlying biological, physiological, and pathological processes through their positional contexts. Recently, these contexts, and by extension the field, have seen much promise and elucidation with the application of graph learning approaches. In particular, neural operators have risen in regards to learning the mapping between infinite-dimensional function spaces. With basic to deep neural network architectures being data-driven, i.e. dependent on quality data for prediction, neural operators provide robustness by offering generalization among different resolutions despite low quality data. Graph neural operators are a variant that utilize graph networks to learn this mapping between function spaces. The aim of this research is to identify robust machine learning architectures that integrate spatial information to predict tissue types. Under this notion, we propose a study incorporating various graph neural network approaches to validate the efficacy of applying neural operators towards prediction of brain regions in mouse brain tissue samples as a proof of concept towards our purpose. We were able to achieve an F1 score of nearly 72% for the graph neural operator approach which outperformed all baseline and other graph network approaches.

biometric

steal

extraction

Title: Efficient Scopeformer: Towards Scalable and Rich Feature Extraction for Intracranial Hemorrhage Detection. (arXiv:2302.00220v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.00220
• Code URL: null
• Copy Paste: [[2302.00220] Efficient Scopeformer: Towards Scalable and Rich Feature Extraction for Intracranial Hemorrhage Detection](http://arxiv.org/abs/2302.00220) #extraction
• Summary:

  The quality and richness of feature maps extracted by convolution neural networks (CNNs) and vision Transformers (ViTs) directly relate to the robust model performance. In medical computer vision, these information-rich features are crucial for detecting rare cases within large datasets. This work presents the "Scopeformer," a novel multi-CNN-ViT model for intracranial hemorrhage classification in computed tomography (CT) images. The Scopeformer architecture is scalable and modular, which allows utilizing various CNN architectures as the backbone with diversified output features and pre-training strategies. We propose effective feature projection methods to reduce redundancies among CNN-generated features and to control the input size of ViTs. Extensive experiments with various Scopeformer models show that the model performance is proportional to the number of convolutional blocks employed in the feature extractor. Using multiple strategies, including diversifying the pre-training paradigms for CNNs, different pre-training datasets, and style transfer techniques, we demonstrate an overall improvement in the model performance at various computational budgets. Later, we propose smaller compute-efficient Scopeformer versions with three different types of input and output ViT configurations. Efficient Scopeformers use four different pre-trained CNN architectures as feature extractors to increase feature richness. Our best Efficient Scopeformer model achieved an accuracy of 96.94\% and a weighted logarithmic loss of 0.083 with an eight times reduction in the number of trainable parameters compared to the base Scopeformer. Another version of the Efficient Scopeformer model further reduced the parameter space by almost 17 times with negligible performance reduction. Hybrid CNNs and ViTs might provide the desired feature richness for developing accurate medical computer vision models

membership infer

federate

Title: CATFL: Certificateless Authentication-based Trustworthy Federated Learning for 6G Semantic Communications. (arXiv:2302.00271v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2302.00271
• Code URL: null
• Copy Paste: [[2302.00271] CATFL: Certificateless Authentication-based Trustworthy Federated Learning for 6G Semantic Communications](http://arxiv.org/abs/2302.00271) #federate
• Summary:

  Federated learning (FL) provides an emerging approach for collaboratively training semantic encoder/decoder models of semantic communication systems, without private user data leaving the devices. Most existing studies on trustworthy FL aim to eliminate data poisoning threats that are produced by malicious clients, but in many cases, eliminating model poisoning attacks brought by fake servers is also an important objective. In this paper, a certificateless authentication-based trustworthy federated learning (CATFL) framework is proposed, which mutually authenticates the identity of clients and server. In CATFL, each client verifies the server's signature information before accepting the delivered global model to ensure that the global model is not delivered by false servers. On the contrary, the server also verifies the server's signature information before accepting the delivered model updates to ensure that they are submitted by authorized clients. Compared to PKI-based methods, the CATFL can avoid too high certificate management overheads. Meanwhile, the anonymity of clients shields data poisoning attacks, while real-name registration may suffer from user-specific privacy leakage risks. Therefore, a pseudonym generation strategy is also presented in CATFL to achieve a trade-off between identity traceability and user anonymity, which is essential to conditionally prevent from user-specific privacy leakage. Theoretical security analysis and evaluation results validate the superiority of CATFL.

Title: Truthful Incentive Mechanism for Federated Learning with Crowdsourced Data Labeling. (arXiv:2302.00106v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.00106
• Code URL: null
• Copy Paste: [[2302.00106] Truthful Incentive Mechanism for Federated Learning with Crowdsourced Data Labeling](http://arxiv.org/abs/2302.00106) #federate
• Summary:

  Federated learning (FL) has emerged as a promising paradigm that trains machine learning (ML) models on clients' devices in a distributed manner without the need of transmitting clients' data to the FL server. In many applications of ML, the labels of training data need to be generated manually by human agents. In this paper, we study FL with crowdsourced data labeling where the local data of each participating client of FL are labeled manually by the client. We consider the strategic behavior of clients who may not make desired effort in their local data labeling and local model computation and may misreport their local models to the FL server. We characterize the performance bounds on the training loss as a function of clients' data labeling effort, local computation effort, and reported local models. We devise truthful incentive mechanisms which incentivize strategic clients to make truthful efforts and report true local models to the server. The truthful design exploits the non-trivial dependence of the training loss on clients' efforts and local models. Under the truthful mechanisms, we characterize the server's optimal local computation effort assignments. We evaluate the proposed FL algorithms with crowdsourced data labeling and the incentive mechanisms using experiments.

Title: Distributed Traffic Synthesis and Classification in Edge Networks: A Federated Self-supervised Learning Approach. (arXiv:2302.00207v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.00207
• Code URL: null
• Copy Paste: [[2302.00207] Distributed Traffic Synthesis and Classification in Edge Networks: A Federated Self-supervised Learning Approach](http://arxiv.org/abs/2302.00207) #federate
• Summary:

  With the rising demand for wireless services and increased awareness of the need for data protection, existing network traffic analysis and management architectures are facing unprecedented challenges in classifying and synthesizing the increasingly diverse services and applications. This paper proposes FS-GAN, a federated self-supervised learning framework to support automatic traffic analysis and synthesis over a large number of heterogeneous datasets. FS-GAN is composed of multiple distributed Generative Adversarial Networks (GANs), with a set of generators, each being designed to generate synthesized data samples following the distribution of an individual service traffic, and each discriminator being trained to differentiate the synthesized data samples and the real data samples of a local dataset. A federated learning-based framework is adopted to coordinate local model training processes of different GANs across different datasets. FS-GAN can classify data of unknown types of service and create synthetic samples that capture the traffic distribution of the unknown types. We prove that FS-GAN can minimize the Jensen-Shannon Divergence (JSD) between the distribution of real data across all the datasets and that of the synthesized data samples. FS-GAN also maximizes the JSD among the distributions of data samples created by different generators, resulting in each generator producing synthetic data samples that follow the same distribution as one particular service type. Extensive simulation results show that the classification accuracy of FS-GAN achieves over 20% improvement in average compared to the state-of-the-art clustering-based traffic analysis algorithms. FS-GAN also has the capability to synthesize highly complex mixtures of traffic types without requiring any human-labeled data samples.

Title: $\texttt{DoCoFL}$: Downlink Compression for Cross-Device Federated Learning. (arXiv:2302.00543v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.00543
• Code URL: null
• Copy Paste: [[2302.00543] $\texttt{DoCoFL}$: Downlink Compression for Cross-Device Federated Learning](http://arxiv.org/abs/2302.00543) #federate
• Summary:

  Many compression techniques have been proposed to reduce the communication overhead of Federated Learning training procedures. However, these are typically designed for compressing model updates, which are expected to decay throughout training. As a result, such methods are inapplicable to downlink (i.e., from the parameter server to clients) compression in the cross-device setting, where heterogeneous clients $\textit{may appear only once}$ during training and thus must download the model parameters.

In this paper, we propose a new framework ($\texttt{DoCoFL}$) for downlink compression in the cross-device federated learning setting. Importantly, $\texttt{DoCoFL}$ can be seamlessly combined with many uplink compression schemes, rendering it suitable for bi-directional compression. Through extensive evaluation, we demonstrate that $\texttt{DoCoFL}$ offers significant bi-directional bandwidth reduction while achieving competitive accuracy to that of $\texttt{FedAvg}$ without compression.

fair

Title: Mind the (optimality) Gap: A Gap-Aware Learning Rate Scheduler for Adversarial Nets. (arXiv:2302.00089v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.00089
• Code URL: null
• Copy Paste: [[2302.00089] Mind the (optimality) Gap: A Gap-Aware Learning Rate Scheduler for Adversarial Nets](http://arxiv.org/abs/2302.00089) #fair
• Summary:

  Adversarial nets have proved to be powerful in various domains including generative modeling (GANs), transfer learning, and fairness. However, successfully training adversarial nets using first-order methods remains a major challenge. Typically, careful choices of the learning rates are needed to maintain the delicate balance between the competing networks. In this paper, we design a novel learning rate scheduler that dynamically adapts the learning rate of the adversary to maintain the right balance. The scheduler is driven by the fact that the loss of an ideal adversarial net is a constant known a priori. The scheduler is thus designed to keep the loss of the optimized adversarial net close to that of an ideal network. We run large-scale experiments to study the effectiveness of the scheduler on two popular applications: GANs for image generation and adversarial nets for domain adaptation. Our experiments indicate that adversarial nets trained with the scheduler are less likely to diverge and require significantly less tuning. For example, on CelebA, a GAN with the scheduler requires only one-tenth of the tuning budget needed without a scheduler. Moreover, the scheduler leads to statistically significant improvements in model quality, reaching up to $27\%$ in Frechet Inception Distance for image generation and $3\%$ in test accuracy for domain adaptation.

interpretability

Title: ADAPT: Action-aware Driving Caption Transformer. (arXiv:2302.00673v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.00673
• Code URL: https://github.com/jxbbb/adapt
• Copy Paste: [[2302.00673] ADAPT: Action-aware Driving Caption Transformer](http://arxiv.org/abs/2302.00673) #interpretability
• Summary:

  End-to-end autonomous driving has great potential in the transportation industry. However, the lack of transparency and interpretability of the automatic decision-making process hinders its industrial adoption in practice. There have been some early attempts to use attention maps or cost volume for better model explainability which is difficult for ordinary passengers to understand. To bridge the gap, we propose an end-to-end transformer-based architecture, ADAPT (Action-aware Driving cAPtion Transformer), which provides user-friendly natural language narrations and reasoning for each decision making step of autonomous vehicular control and action. ADAPT jointly trains both the driving caption task and the vehicular control prediction task, through a shared video representation. Experiments on BDD-X (Berkeley DeepDrive eXplanation) dataset demonstrate state-of-the-art performance of the ADAPT framework on both automatic metrics and human evaluation. To illustrate the feasibility of the proposed framework in real-world applications, we build a novel deployable system that takes raw car videos as input and outputs the action narrations and reasoning in real time. The code, models and data are available at https://github.com/jxbbb/ADAPT.

explainability

watermark

diffusion

Title: Neural Wavelet-domain Diffusion for 3D Shape Generation, Inversion, and Manipulation. (arXiv:2302.00190v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.00190
• Code URL: null
• Copy Paste: [[2302.00190] Neural Wavelet-domain Diffusion for 3D Shape Generation, Inversion, and Manipulation](http://arxiv.org/abs/2302.00190) #diffusion
• Summary:

  This paper presents a new approach for 3D shape generation, inversion, and manipulation, through a direct generative modeling on a continuous implicit representation in wavelet domain. Specifically, we propose a compact wavelet representation with a pair of coarse and detail coefficient volumes to implicitly represent 3D shapes via truncated signed distance functions and multi-scale biorthogonal wavelets. Then, we design a pair of neural networks: a diffusion-based generator to produce diverse shapes in the form of the coarse coefficient volumes and a detail predictor to produce compatible detail coefficient volumes for introducing fine structures and details. Further, we may jointly train an encoder network to learn a latent space for inverting shapes, allowing us to enable a rich variety of whole-shape and region-aware shape manipulations. Both quantitative and qualitative experimental results manifest the compelling shape generation, inversion, and manipulation capabilities of our approach over the state-of-the-art methods.

Title: Stable Target Field for Reduced Variance Score Estimation in Diffusion Models. (arXiv:2302.00670v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.00670
• Code URL: https://github.com/newbeeer/stf
• Copy Paste: [[2302.00670] Stable Target Field for Reduced Variance Score Estimation in Diffusion Models](http://arxiv.org/abs/2302.00670) #diffusion
• Summary:

  Diffusion models generate samples by reversing a fixed forward diffusion process. Despite already providing impressive empirical results, these diffusion models algorithms can be further improved by reducing the variance of the training targets in their denoising score-matching objective. We argue that the source of such variance lies in the handling of intermediate noise-variance scales, where multiple modes in the data affect the direction of reverse paths. We propose to remedy the problem by incorporating a reference batch which we use to calculate weighted conditional scores as more stable training targets. We show that the procedure indeed helps in the challenging intermediate regime by reducing (the trace of) the covariance of training targets. The new stable targets can be seen as trading bias for reduced variance, where the bias vanishes with increasing reference batch size. Empirically, we show that the new objective improves the image quality, stability, and training speed of various popular diffusion models across datasets with both general ODE and SDE solvers. When used in combination with EDM, our method yields a current SOTA FID of 1.90 with 35 network evaluations on the unconditional CIFAR-10 generation task. The code is available at https://github.com/Newbeeer/stf

Title: Diffusion Models for High-Resolution Solar Forecasts. (arXiv:2302.00170v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.00170
• Code URL: null
• Copy Paste: [[2302.00170] Diffusion Models for High-Resolution Solar Forecasts](http://arxiv.org/abs/2302.00170) #diffusion
• Summary:

  Forecasting future weather and climate is inherently difficult. Machine learning offers new approaches to increase the accuracy and computational efficiency of forecasts, but current methods are unable to accurately model uncertainty in high-dimensional predictions. Score-based diffusion models offer a new approach to modeling probability distributions over many dependent variables, and in this work, we demonstrate how they provide probabilistic forecasts of weather and climate variables at unprecedented resolution, speed, and accuracy. We apply the technique to day-ahead solar irradiance forecasts by generating many samples from a diffusion model trained to super-resolve coarse-resolution numerical weather predictions to high-resolution weather satellite observations.

Title: Conditional Flow Matching: Simulation-Free Dynamic Optimal Transport. (arXiv:2302.00482v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.00482
• Code URL: null
• Copy Paste: [[2302.00482] Conditional Flow Matching: Simulation-Free Dynamic Optimal Transport](http://arxiv.org/abs/2302.00482) #diffusion
• Summary:

  Continuous normalizing flows (CNFs) are an attractive generative modeling technique, but they have thus far been held back by limitations in their simulation-based maximum likelihood training. In this paper, we introduce a new technique called conditional flow matching (CFM), a simulation-free training objective for CNFs. CFM features a stable regression objective like that used to train the stochastic flow in diffusion models but enjoys the efficient inference of deterministic flow models. In contrast to both diffusion models and prior CNF training algorithms, our CFM objective does not require the source distribution to be Gaussian or require evaluation of its density. Based on this new objective, we also introduce optimal transport CFM (OT-CFM), which creates simpler flows that are more stable to train and lead to faster inference, as evaluated in our experiments. Training CNFs with CFM improves results on a variety of conditional and unconditional generation tasks such as inferring single cell dynamics, unsupervised image translation, and Schr\"odinger bridge inference. Code is available at https://github.com/atong01/conditional-flow-matching .

Title: Two for One: Diffusion Models and Force Fields for Coarse-Grained Molecular Dynamics. (arXiv:2302.00600v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.00600
• Code URL: null
• Copy Paste: [[2302.00600] Two for One: Diffusion Models and Force Fields for Coarse-Grained Molecular Dynamics](http://arxiv.org/abs/2302.00600) #diffusion
• Summary:

  Coarse-grained (CG) molecular dynamics enables the study of biological processes at temporal and spatial scales that would be intractable at an atomistic resolution. However, accurately learning a CG force field remains a challenge. In this work, we leverage connections between score-based generative models, force fields and molecular dynamics to learn a CG force field without requiring any force inputs during training. Specifically, we train a diffusion generative model on protein structures from molecular dynamics simulations, and we show that its score function approximates a force field that can directly be used to simulate CG molecular dynamics. While having a vastly simplified training setup compared to previous work, we demonstrate that our approach leads to improved performance across several small- to medium-sized protein simulations, reproducing the CG equilibrium distribution, and preserving dynamics of all-atom simulations such as protein folding events.