secure

Title: Blockchain-based certificate authentication system with enabling correction. (arXiv:2302.03877v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2302.03877
• Code URL: null
• Copy Paste: [[2302.03877] Blockchain-based certificate authentication system with enabling correction](http://arxiv.org/abs/2302.03877) #secure
• Summary:

  Blockchain has proven to be an emerging technology in the digital world, changing the way everyone thinks about data security and bringing efficiency to several industries. It has already been applied to a wide range of applications, from financial services and supply chain management to voting systems and identity verification. An organization must verify its candidates before selecting them. Choosing an unqualified candidate can ruin an organization's reputation. In this digital era, many key fraudulent schemes are rampant in many companies and one of them is certificate fraud. It is possible to validate a candidate's qualifications using traditional methods, but there are drawbacks such as security issues and time consumption. In this paper, a blockchain-based academic certificate authentication system will be used to ensure authenticity and make the assertion of the decentralized system secure. However, the system will generate, authenticate and make corrections on academic certificates. Ultimately, some blockchain-based authentication systems already exist, they can't correct any errors that occur during generation. The proposed system will help in many ways, such as providing a user-friendly university admission, and smooth job hiring process, etc. In conclusion, our proposed system can permanently eradicate certificate forgeries and create and promote trust in society.

Title: COCOAEXPO: Confidential Containers via Attested Execution Policies. (arXiv:2302.03976v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2302.03976
• Code URL: null
• Copy Paste: [[2302.03976] COCOAEXPO: Confidential Containers via Attested Execution Policies](http://arxiv.org/abs/2302.03976) #secure
• Summary:

  Container-based technologies empower cloud tenants to develop highly portable software and deploy services in the cloud at a rapid pace. Cloud privacy, meanwhile, is important as a large number of container deployments operate on privacy-sensitive data, but challenging due to the increasing frequency and sophistication of attacks. State-of-the-art confidential container-based designs leverage process-based trusted execution environments (TEEs), but face security and compatibility issues that limits their practical deployment.

We propose COCOAEXPO, an architecture that provides lift-and-shift deployment of unmodified containers while providing strong security protection against a powerful attacker who controls the untrusted host and hypervisor. COCOAEXPO leverages VM-level isolation to execute a container group within a unique VM-based TEE. Besides container integrity and user data confidentiality and integrity, COCOAEXPO also offers container attestation and execution integrity based on an attested execution policy. COCOAEXPO execution policies provide an inductive proof over all future states of the container group. This proof, which is established during initialization, forms a root of trust that can be used for secure operations within the container group without requiring any modifications of the containerized workflow itself (aside from the inclusion of the execution policy.)

We evaluate COCOAEXPO on AMD SEV-SNP processors by running a diverse set of workloads demonstrating that workflows exhibit 0-26% additional overhead in performance over running outside the enclave, with a mean 13% overhead on SPEC2017, while requiring no modifications to their program code. Adding execution policies introduces less than 1% additional overhead.

Title: Structural hierarchical learning for energy networks. (arXiv:2302.03978v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.03978
• Code URL: null
• Copy Paste: [[2302.03978] Structural hierarchical learning for energy networks](http://arxiv.org/abs/2302.03978) #secure
• Summary:

  Many sectors nowadays require accurate and coherent predictions across their organization to effectively operate. Otherwise, decision-makers would be planning using disparate views of the future, resulting in inconsistent decisions across their sectors. To secure coherency across hierarchies, recent research has put forward hierarchical learning, a coherency-informed hierarchical regressor leveraging the power of machine learning thanks to a custom loss function founded on optimal reconciliation methods. While promising potentials were outlined, results exhibited discordant performances in which coherency information only improved hierarchical forecasts in one setting. This work proposes to tackle these obstacles by investigating custom neural network designs inspired by the topological structures of hierarchies. Results unveil that, in a data-limited setting, structural models with fewer connections perform overall best and demonstrate the coherency information value for both accuracy and coherency forecasting performances, provided individual forecasts were generated within reasonable accuracy limits. Overall, this work expands and improves hierarchical learning methods thanks to a structurally-scaled learning mechanism extension coupled with tailored network designs, producing a resourceful, data-efficient, and information-rich learning process.

security

Title: Systematically Finding Security Vulnerabilities in Black-Box Code Generation Models. (arXiv:2302.04012v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2302.04012
• Code URL: null
• Copy Paste: [[2302.04012] Systematically Finding Security Vulnerabilities in Black-Box Code Generation Models](http://arxiv.org/abs/2302.04012) #security
• Summary:

  Recently, large language models for code generation have achieved breakthroughs in several programming language tasks. Their advances in competition-level programming problems have made them an emerging pillar in AI-assisted pair programming. Tools such as GitHub Copilot are already part of the daily programming workflow and are used by more than a million developers. The training data for these models is usually collected from open-source repositories (e.g., GitHub) that contain software faults and security vulnerabilities. This unsanitized training data can lead language models to learn these vulnerabilities and propagate them in the code generation procedure. Given the wide use of these models in the daily workflow of developers, it is crucial to study the security aspects of these models systematically.

In this work, we propose the first approach to automatically finding security vulnerabilities in black-box code generation models. To achieve this, we propose a novel black-box inversion approach based on few-shot prompting. We evaluate the effectiveness of our approach by examining code generation models in the generation of high-risk security weaknesses. We show that our approach automatically and systematically finds 1000s of security vulnerabilities in various code generation models, including the commercial black-box model GitHub Copilot.

privacy

Title: Geometric Perception based Efficient Text Recognition. (arXiv:2302.03873v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.03873
• Code URL: https://github.com/ACRA-FL/GeoTRNet
• Copy Paste: [[2302.03873] Geometric Perception based Efficient Text Recognition](http://arxiv.org/abs/2302.03873) #privacy
• Summary:

  Every Scene Text Recognition (STR) task consists of text localization \& text recognition as the prominent sub-tasks. However, in real-world applications with fixed camera positions such as equipment monitor reading, image-based data entry, and printed document data extraction, the underlying data tends to be regular scene text. Hence, in these tasks, the use of generic, bulky models comes up with significant disadvantages compared to customized, efficient models in terms of model deployability, data privacy \& model reliability. Therefore, this paper introduces the underlying concepts, theory, implementation, and experiment results to develop models, which are highly specialized for the task itself, to achieve not only the SOTA performance but also to have minimal model weights, shorter inference time, and high model reliability. We introduce a novel deep learning architecture (GeoTRNet), trained to identify digits in a regular scene image, only using the geometrical features present, mimicking human perception over text recognition. The code is publicly available at https://github.com/ACRA-FL/GeoTRNet

Title: A prototype-oriented clustering for domain shift with source privacy. (arXiv:2302.03807v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.03807
• Code URL: null
• Copy Paste: [[2302.03807] A prototype-oriented clustering for domain shift with source privacy](http://arxiv.org/abs/2302.03807) #privacy
• Summary:

  Unsupervised clustering under domain shift (UCDS) studies how to transfer the knowledge from abundant unlabeled data from multiple source domains to learn the representation of the unlabeled data in a target domain. In this paper, we introduce Prototype-oriented Clustering with Distillation (PCD) to not only improve the performance and applicability of existing methods for UCDS, but also address the concerns on protecting the privacy of both the data and model of the source domains. PCD first constructs a source clustering model by aligning the distributions of prototypes and data. It then distills the knowledge to the target model through cluster labels provided by the source model while simultaneously clustering the target data. Finally, it refines the target model on the target domain data without guidance from the source model. Experiments across multiple benchmarks show the effectiveness and generalizability of our source-private clustering method.

Title: DIFF2: Differential Private Optimization via Gradient Differences for Nonconvex Distributed Learning. (arXiv:2302.03884v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.03884
• Code URL: null
• Copy Paste: [[2302.03884] DIFF2: Differential Private Optimization via Gradient Differences for Nonconvex Distributed Learning](http://arxiv.org/abs/2302.03884) #privacy
• Summary:

  Differential private optimization for nonconvex smooth objective is considered. In the previous work, the best known utility bound is $\widetilde O(\sqrt{d}/(n\varepsilon_\mathrm{DP}))$ in terms of the squared full gradient norm, which is achieved by Differential Private Gradient Descent (DP-GD) as an instance, where $n$ is the sample size, $d$ is the problem dimensionality and $\varepsilon_\mathrm{DP}$ is the differential privacy parameter. To improve the best known utility bound, we propose a new differential private optimization framework called \emph{DIFF2 (DIFFerential private optimization via gradient DIFFerences)} that constructs a differential private global gradient estimator with possibly quite small variance based on communicated \emph{gradient differences} rather than gradients themselves. It is shown that DIFF2 with a gradient descent subroutine achieves the utility of $\widetilde O(d^{2/3}/(n\varepsilon_\mathrm{DP})^{4/3})$, which can be significantly better than the previous one in terms of the dependence on the sample size $n$. To the best of our knowledge, this is the first fundamental result to improve the standard utility $\widetilde O(\sqrt{d}/(n\varepsilon_\mathrm{DP}))$ for nonconvex objectives. Additionally, a more computational and communication efficient subroutine is combined with DIFF2 and its theoretical analysis is also given. Numerical experiments are conducted to validate the superiority of DIFF2 framework.

Title: AVeCQ: Anonymous Verifiable Crowdsourcing with Worker Qualities. (arXiv:2302.03941v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2302.03941
• Code URL: null
• Copy Paste: [[2302.03941] AVeCQ: Anonymous Verifiable Crowdsourcing with Worker Qualities](http://arxiv.org/abs/2302.03941) #privacy
• Summary:

  In crowdsourcing systems, requesters publish tasks, and interested workers provide answers to get rewards. Worker anonymity motivates participation since it protects their privacy. Anonymity with unlinkability is an enhanced version of anonymity because it makes it impossible to ``link'' workers across the tasks they participate in. Another core feature of crowdsourcing systems is worker quality which expresses a worker's trustworthiness and quantifies their historical performance. Notably, worker quality depends on the participation history, revealing information about it, while unlinkability aims to disassociate the workers' identities from their past activity. In this work, we present AVeCQ, the first crowdsourcing system that reconciles these properties, achieving enhanced anonymity and verifiable worker quality updates. AVeCQ relies on a suite of cryptographic tools, such as zero-knowledge proofs, to (i) guarantee workers' privacy, (ii) prove the correctness of worker quality scores and task answers, and (iii) commensurate payments. AVeCQ is developed modularly, where the requesters and workers communicate over a platform that supports pseudonymity, information logging, and payments. In order to compare AVeCQ with the state-of-the-art, we prototype it over Ethereum. AVeCQ outperforms the state-of-the-art in three popular crowdsourcing tasks (image annotation, average review, and Gallup polls). For instance, for an Average Review task with $5$ choices and $128$ participating workers AVeCQ is 40\% faster (including overhead to compute and verify the necessary proofs and blockchain transaction processing time) with the task's requester consuming 87\% fewer gas units.

Title: Participatory Systems for Personalized Prediction. (arXiv:2302.03874v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.03874
• Code URL: null
• Copy Paste: [[2302.03874] Participatory Systems for Personalized Prediction](http://arxiv.org/abs/2302.03874) #privacy
• Summary:

  Machine learning models are often personalized based on information that is protected, sensitive, self-reported, or costly to acquire. These models use information about people, but do not facilitate nor inform their \emph{consent}. Individuals cannot opt out of reporting information that a model needs to personalize their predictions, nor tell if they would benefit from personalization in the first place. In this work, we introduce a new family of prediction models, called \emph{participatory systems}, that allow individuals to opt into personalization at prediction time. We present a model-agnostic algorithm to learn participatory systems for supervised learning tasks where models are personalized with categorical group attributes. We conduct a comprehensive empirical study of participatory systems in clinical prediction tasks, comparing them to common approaches for personalization and imputation. Our results demonstrate that participatory systems can facilitate and inform consent in a way that improves performance and privacy across all groups who report personal data.

Title: InMyFace: Inertial and Mechanomyography-Based Sensor Fusion for Wearable Facial Activity Recognition. (arXiv:2302.04024v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.04024
• Code URL: null
• Copy Paste: [[2302.04024] InMyFace: Inertial and Mechanomyography-Based Sensor Fusion for Wearable Facial Activity Recognition](http://arxiv.org/abs/2302.04024) #privacy
• Summary:

  Recognizing facial activity is a well-understood (but non-trivial) computer vision problem. However, reliable solutions require a camera with a good view of the face, which is often unavailable in wearable settings. Furthermore, in wearable applications, where systems accompany users throughout their daily activities, a permanently running camera can be problematic for privacy (and legal) reasons. This work presents an alternative solution based on the fusion of wearable inertial sensors, planar pressure sensors, and acoustic mechanomyography (muscle sounds). The sensors were placed unobtrusively in a sports cap to monitor facial muscle activities related to facial expressions. We present our integrated wearable sensor system, describe data fusion and analysis methods, and evaluate the system in an experiment with thirteen subjects from different cultural backgrounds (eight countries) and both sexes (six women and seven men). In a one-model-per-user scheme and using a late fusion approach, the system yielded an average F1 score of 85.00% for the case where all sensing modalities are combined. With a cross-user validation and a one-model-for-all-user scheme, an F1 score of 79.00% was obtained for thirteen participants (six females and seven males). Moreover, in a hybrid fusion (cross-user) approach and six classes, an average F1 score of 82.00% was obtained for eight users. The results are competitive with state-of-the-art non-camera-based solutions for a cross-user study. In addition, our unique set of participants demonstrates the inclusiveness and generalizability of the approach.

Title: Machine Learning for Synthetic Data Generation: a Review. (arXiv:2302.04062v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.04062
• Code URL: null
• Copy Paste: [[2302.04062] Machine Learning for Synthetic Data Generation: a Review](http://arxiv.org/abs/2302.04062) #privacy
• Summary:

  Data plays a crucial role in machine learning. However, in real-world applications, there are several problems with data, e.g., data are of low quality; a limited number of data points lead to under-fitting of the machine learning model; it is hard to access the data due to privacy, safety and regulatory concerns. \textit{Synthetic data generation} offers a promising new avenue, as it can be shared and used in ways that real-world data cannot. This paper systematically reviews the existing works that leverage machine learning models for synthetic data generation. Specifically, we discuss the synthetic data generation works from several perspectives: (i) applications, including computer vision, speech, natural language, healthcare, and business; (ii) machine learning methods, particularly neural network architectures and deep generative models; (iii) privacy and fairness issue. In addition, we identify the challenges and opportunities in this emerging field and suggest future research directions.

Title: Exploratory Analysis of Federated Learning Methods with Differential Privacy on MIMIC-III. (arXiv:2302.04208v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.04208
• Code URL: null
• Copy Paste: [[2302.04208] Exploratory Analysis of Federated Learning Methods with Differential Privacy on MIMIC-III](http://arxiv.org/abs/2302.04208) #privacy
• Summary:

  Background: Federated learning methods offer the possibility of training machine learning models on privacy-sensitive data sets, which cannot be easily shared. Multiple regulations pose strict requirements on the storage and usage of healthcare data, leading to data being in silos (i.e. locked-in at healthcare facilities). The application of federated algorithms on these datasets could accelerate disease diagnostic, drug development, as well as improve patient care.

Methods: We present an extensive evaluation of the impact of different federation and differential privacy techniques when training models on the open-source MIMIC-III dataset. We analyze a set of parameters influencing a federated model performance, namely data distribution (homogeneous and heterogeneous), communication strategies (communication rounds vs. local training epochs), federation strategies (FedAvg vs. FedProx). Furthermore, we assess and compare two differential privacy (DP) techniques during model training: a stochastic gradient descent-based differential privacy algorithm (DP-SGD), and a sparse vector differential privacy technique (DP-SVT).

Results: Our experiments show that extreme data distributions across sites (imbalance either in the number of patients or the positive label ratios between sites) lead to a deterioration of model performance when trained using the FedAvg strategy. This issue is resolved when using FedProx with the use of appropriate hyperparameter tuning. Furthermore, the results show that both differential privacy techniques can reach model performances similar to those of models trained without DP, however at the expense of a large quantifiable privacy leakage.

Conclusions: We evaluate empirically the benefits of two federation strategies and propose optimal strategies for the choice of parameters when using differential privacy techniques.

protect

Title: GLAZE: Protecting Artists from Style Mimicry by Text-to-Image Models. (arXiv:2302.04222v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2302.04222
• Code URL: null
• Copy Paste: [[2302.04222] GLAZE: Protecting Artists from Style Mimicry by Text-to-Image Models](http://arxiv.org/abs/2302.04222) #protect
• Summary:

  Recent text-to-image diffusion models such as MidJourney and Stable Diffusion threaten to displace many in the professional artist community. In particular, models can learn to mimic the artistic style of specific artists after "fine-tuning" on samples of their art. In this paper, we describe the design, implementation and evaluation of Glaze, a tool that enables artists to apply "style cloaks" to their art before sharing online. These cloaks apply barely perceptible perturbations to images, and when used as training data, mislead generative models that try to mimic a specific artist. In coordination with the professional artist community, we deploy user studies to more than 1000 artists, assessing their views of AI art, as well as the efficacy of our tool, its usability and tolerability of perturbations, and robustness across different scenarios and against adaptive countermeasures. Both surveyed artists and empirical CLIP-based scores show that even at low perturbation levels (p=0.05), Glaze is highly successful at disrupting mimicry under normal conditions (>92%) and against adaptive countermeasures (>85%).

defense

attack

Title: Training-free Lexical Backdoor Attacks on Language Models. (arXiv:2302.04116v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2302.04116
• Code URL: https://github.com/jinxhy/tflexattack
• Copy Paste: [[2302.04116] Training-free Lexical Backdoor Attacks on Language Models](http://arxiv.org/abs/2302.04116) #attack
• Summary:

  Large-scale language models have achieved tremendous success across various natural language processing (NLP) applications. Nevertheless, language models are vulnerable to backdoor attacks, which inject stealthy triggers into models for steering them to undesirable behaviors. Most existing backdoor attacks, such as data poisoning, require further (re)training or fine-tuning language models to learn the intended backdoor patterns. The additional training process however diminishes the stealthiness of the attacks, as training a language model usually requires long optimization time, a massive amount of data, and considerable modifications to the model parameters. In this work, we propose Training-Free Lexical Backdoor Attack (TFLexAttack) as the first training-free backdoor attack on language models. Our attack is achieved by injecting lexical triggers into the tokenizer of a language model via manipulating its embedding dictionary using carefully designed rules. These rules are explainable to human developers which inspires attacks from a wider range of hackers. The sparse manipulation of the dictionary also habilitates the stealthiness of our attack. We conduct extensive experiments on three dominant NLP tasks based on nine language models to demonstrate the effectiveness and universality of our attack. The code of this work is available at https://github.com/Jinxhy/TFLexAttack.

Title: Short Squeeze in DeFi Lending Market: Decentralization in Jeopardy?. (arXiv:2302.04068v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2302.04068
• Code URL: null
• Copy Paste: [[2302.04068] Short Squeeze in DeFi Lending Market: Decentralization in Jeopardy?](http://arxiv.org/abs/2302.04068) #attack
• Summary:

  Anxiety levels in the AAVE community spiked in November 2022 as Avi Eisenberg performed an attack on AAVE. Eisenberg attempted to short the CRV token by using funds borrowed on the protocol to artificially deflate the value of CRV. While the attack was ultimately unsuccessful, it left the AAVE community scared and even raised question marks regarding the feasibility of large lending platforms under decentralized governance.

In this work, we analyze Avi Eisenberg's actions and show how he was able to artificially lower the price of CRV by selling large quantities of borrowed CRV for stablecoins on both decentralized and centralized exchanges. Despite the failure of his attack, it still led to approximately 1.6 Mio USD of irretrievable debt and, thereby, quadrupled the protocol's irretrievable debt. Furthermore, we highlight that his attack was enabled by the vast proportion of CRV available to borrow as well as AAVE's lending protocol design hindering rapid intervention. We stress Eisenberg's attack exposes a predicament of large DeFi lending protocols: limit the scope or compromise on `decentralization'.

Title: Explainable Label-flipping Attacks on Human Emotion Assessment System. (arXiv:2302.04109v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.04109
• Code URL: null
• Copy Paste: [[2302.04109] Explainable Label-flipping Attacks on Human Emotion Assessment System](http://arxiv.org/abs/2302.04109) #attack
• Summary:

  This paper's main goal is to provide an attacker's point of view on data poisoning assaults that use label-flipping during the training phase of systems that use electroencephalogram (EEG) signals to evaluate human emotion. To attack different machine learning classifiers such as Adaptive Boosting (AdaBoost) and Random Forest dedicated to the classification of 4 different human emotions using EEG signals, this paper proposes two scenarios of label-flipping methods. The results of the studies show that the proposed data poison attacksm based on label-flipping are successful regardless of the model, but different models show different degrees of resistance to the assaults. In addition, numerous Explainable Artificial Intelligence (XAI) techniques are used to explain the data poison attacks on EEG signal-based human emotion evaluation systems.

robust

Title: 3D Neural Embedding Likelihood for Robust Sim-to-Real Transfer in Inverse Graphics. (arXiv:2302.03744v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.03744
• Code URL: null
• Copy Paste: [[2302.03744] 3D Neural Embedding Likelihood for Robust Sim-to-Real Transfer in Inverse Graphics](http://arxiv.org/abs/2302.03744) #robust
• Summary:

  A central challenge in 3D scene perception via inverse graphics is robustly modeling the gap between 3D graphics and real-world data. We propose a novel 3D Neural Embedding Likelihood (3DNEL) over RGB-D images to address this gap. 3DNEL uses neural embeddings to predict 2D-3D correspondences from RGB and combines this with depth in a principled manner. 3DNEL is trained entirely from synthetic images and generalizes to real-world data. To showcase this capability, we develop a multi-stage inverse graphics pipeline that uses 3DNEL for 6D object pose estimation from real RGB-D images. Our method outperforms the previous state-of-the-art in sim-to-real pose estimation on the YCB-Video dataset, and improves robustness, with significantly fewer large-error predictions. Unlike existing bottom-up, discriminative approaches that are specialized for pose estimation, 3DNEL adopts a probabilistic generative formulation that jointly models multi-object scenes. This generative formulation enables easy extension of 3DNEL to additional tasks like object and camera tracking from video, using principled inference in the same probabilistic model without task specific retraining.

Title: Standing Between Past and Future: Spatio-Temporal Modeling for Multi-Camera 3D Multi-Object Tracking. (arXiv:2302.03802v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.03802
• Code URL: null
• Copy Paste: [[2302.03802] Standing Between Past and Future: Spatio-Temporal Modeling for Multi-Camera 3D Multi-Object Tracking](http://arxiv.org/abs/2302.03802) #robust
• Summary:

  This work proposes an end-to-end multi-camera 3D multi-object tracking (MOT) framework. It emphasizes spatio-temporal continuity and integrates both past and future reasoning for tracked objects. Thus, we name it "Past-and-Future reasoning for Tracking" (PF-Track). Specifically, our method adapts the "tracking by attention" framework and represents tracked instances coherently over time with object queries. To explicitly use historical cues, our "Past Reasoning" module learns to refine the tracks and enhance the object features by cross-attending to queries from previous frames and other objects. The "Future Reasoning" module digests historical information and predicts robust future trajectories. In the case of long-term occlusions, our method maintains the object positions and enables re-association by integrating motion predictions. On the nuScenes dataset, our method improves AMOTA by a large margin and remarkably reduces ID-Switches by 90% compared to prior approaches, which is an order of magnitude less. The code and models are made available at https://github.com/TRI-ML/PF-Track.

Title: A Unified Multi-view Multi-person Tracking Framework. (arXiv:2302.03820v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.03820
• Code URL: null
• Copy Paste: [[2302.03820] A Unified Multi-view Multi-person Tracking Framework](http://arxiv.org/abs/2302.03820) #robust
• Summary:

  Although there is a significant development in 3D Multi-view Multi-person Tracking (3D MM-Tracking), current 3D MM-Tracking frameworks are designed separately for footprint and pose tracking. Specifically, frameworks designed for footprint tracking cannot be utilized in 3D pose tracking, because they directly obtain 3D positions on the ground plane with a homography projection, which is inapplicable to 3D poses above the ground. In contrast, frameworks designed for pose tracking generally isolate multi-view and multi-frame associations and may not be robust to footprint tracking, since footprint tracking utilizes fewer key points than pose tracking, which weakens multi-view association cues in a single frame. This study presents a Unified Multi-view Multi-person Tracking framework to bridge the gap between footprint tracking and pose tracking. Without additional modifications, the framework can adopt monocular 2D bounding boxes and 2D poses as the input to produce robust 3D trajectories for multiple persons. Importantly, multi-frame and multi-view information are jointly employed to improve the performance of association and triangulation. The effectiveness of our framework is verified by accomplishing state-of-the-art performance on the Campus and Shelf datasets for 3D pose tracking, and by comparable results on the WILDTRACK and MMPTRACK datasets for 3D footprint tracking.

Title: Neural Congealing: Aligning Images to a Joint Semantic Atlas. (arXiv:2302.03956v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.03956
• Code URL: null
• Copy Paste: [[2302.03956] Neural Congealing: Aligning Images to a Joint Semantic Atlas](http://arxiv.org/abs/2302.03956) #robust
• Summary:

  We present Neural Congealing -- a zero-shot self-supervised framework for detecting and jointly aligning semantically-common content across a given set of images. Our approach harnesses the power of pre-trained DINO-ViT features to learn: (i) a joint semantic atlas -- a 2D grid that captures the mode of DINO-ViT features in the input set, and (ii) dense mappings from the unified atlas to each of the input images. We derive a new robust self-supervised framework that optimizes the atlas representation and mappings per image set, requiring only a few real-world images as input without any additional input information (e.g., segmentation masks). Notably, we design our losses and training paradigm to account only for the shared content under severe variations in appearance, pose, background clutter or other distracting objects. We demonstrate results on a plethora of challenging image sets including sets of mixed domains (e.g., aligning images depicting sculpture and artwork of cats), sets depicting related yet different object categories (e.g., dogs and tigers), or domains for which large-scale training data is scarce (e.g., coffee mugs). We thoroughly evaluate our method and show that our test-time optimization approach performs favorably compared to a state-of-the-art method that requires extensive training on large-scale datasets.

Title: PFGM++: Unlocking the Potential of Physics-Inspired Generative Models. (arXiv:2302.04265v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.04265
• Code URL: https://github.com/newbeeer/pfgmpp
• Copy Paste: [[2302.04265] PFGM++: Unlocking the Potential of Physics-Inspired Generative Models](http://arxiv.org/abs/2302.04265) #robust
• Summary:

  We introduce a new family of physics-inspired generative models termed PFGM++ that unifies diffusion models and Poisson Flow Generative Models (PFGM). These models realize generative trajectories for $N$ dimensional data by embedding paths in $N{+}D$ dimensional space while still controlling the progression with a simple scalar norm of the $D$ additional variables. The new models reduce to PFGM when $D{=}1$ and to diffusion models when $D{\to}\infty$. The flexibility of choosing $D$ allows us to trade off robustness against rigidity as increasing $D$ results in more concentrated coupling between the data and the additional variable norms. We dispense with the biased large batch field targets used in PFGM and instead provide an unbiased perturbation-based objective similar to diffusion models. To explore different choices of $D$, we provide a direct alignment method for transferring well-tuned hyperparameters from diffusion models ($D{\to} \infty$) to any finite $D$ values. Our experiments show that models with finite $D$ can be superior to previous state-of-the-art diffusion models on CIFAR-10/FFHQ $64{\times}64$ datasets, with FID scores of $1.91/2.43$ when $D{=}2048/128$. In addition, we demonstrate that models with smaller $D$ exhibit improved robustness against modeling errors. Code is available at https://github.com/Newbeeer/pfgmpp

Title: Augmenting Zero-Shot Dense Retrievers with Plug-in Mixture-of-Memories. (arXiv:2302.03754v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2302.03754
• Code URL: null
• Copy Paste: [[2302.03754] Augmenting Zero-Shot Dense Retrievers with Plug-in Mixture-of-Memories](http://arxiv.org/abs/2302.03754) #robust
• Summary:

  In this paper we improve the zero-shot generalization ability of language models via Mixture-Of-Memory Augmentation (MoMA), a mechanism that retrieves augmentation documents from multiple information corpora ("external memories"), with the option to "plug in" new memory at inference time. We develop a joint learning mechanism that trains the augmentation component with latent labels derived from the end retrieval task, paired with hard negatives from the memory mixture. We instantiate the model in a zero-shot dense retrieval setting by augmenting a strong T5-based retriever with MoMA. Our model, MoMA, obtains strong zero-shot retrieval accuracy on the eighteen tasks included in the standard BEIR benchmark. It outperforms systems that seek generalization from increased model parameters and computation steps. Our analysis further illustrates the necessity of augmenting with mixture-of-memory for robust generalization, the benefits of augmentation learning, and how MoMA utilizes the plug-in memory at inference time without changing its parameters. We plan to open source our code.

Title: Transformer-based Models for Long-Form Document Matching: Challenges and Empirical Analysis. (arXiv:2302.03765v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2302.03765
• Code URL: null
• Copy Paste: [[2302.03765] Transformer-based Models for Long-Form Document Matching: Challenges and Empirical Analysis](http://arxiv.org/abs/2302.03765) #robust
• Summary:

  Recent advances in the area of long document matching have primarily focused on using transformer-based models for long document encoding and matching. There are two primary challenges associated with these models. Firstly, the performance gain provided by transformer-based models comes at a steep cost - both in terms of the required training time and the resource (memory and energy) consumption. The second major limitation is their inability to handle more than a pre-defined input token length at a time. In this work, we empirically demonstrate the effectiveness of simple neural models (such as feed-forward networks, and CNNs) and simple embeddings (like GloVe, and Paragraph Vector) over transformer-based models on the task of document matching. We show that simple models outperform the more complex BERT-based models while taking significantly less training time, energy, and memory. The simple models are also more robust to variations in document length and text perturbations.

Title: Efficient Adversarial Contrastive Learning via Robustness-Aware Coreset Selection. (arXiv:2302.03857v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.03857
• Code URL: null
• Copy Paste: [[2302.03857] Efficient Adversarial Contrastive Learning via Robustness-Aware Coreset Selection](http://arxiv.org/abs/2302.03857) #robust
• Summary:

  Adversarial contrastive learning (ACL) does not require expensive data annotations but outputs a robust representation that withstands adversarial attacks and also generalizes to a wide range of downstream tasks. However, ACL needs tremendous running time to generate the adversarial variants of all training data, which limits its scalability to large datasets. To speed up ACL, this paper proposes a robustness-aware coreset selection (RCS) method. RCS does not require label information and searches for an informative subset that minimizes a representational divergence, which is the distance of the representation between natural data and their virtual adversarial variants. The vanilla solution of RCS via traversing all possible subsets is computationally prohibitive. Therefore, we theoretically transform RCS into a surrogate problem of submodular maximization, of which the greedy search is an efficient solution with an optimality guarantee for the original problem. Empirically, our comprehensive results corroborate that RCS can speed up ACL by a large margin without significantly hurting the robustness and standard transferability. Notably, to the best of our knowledge, we are the first to conduct ACL efficiently on the large-scale ImageNet-1K dataset to obtain an effective robust representation via RCS.

Title: Leveraging User-Triggered Supervision in Contextual Bandits. (arXiv:2302.03784v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.03784
• Code URL: null
• Copy Paste: [[2302.03784] Leveraging User-Triggered Supervision in Contextual Bandits](http://arxiv.org/abs/2302.03784) #robust
• Summary:

  We study contextual bandit (CB) problems, where the user can sometimes respond with the best action in a given context. Such an interaction arises, for example, in text prediction or autocompletion settings, where a poor suggestion is simply ignored and the user enters the desired text instead. Crucially, this extra feedback is user-triggered on only a subset of the contexts. We develop a new framework to leverage such signals, while being robust to their biased nature. We also augment standard CB algorithms to leverage the signal, and show improved regret guarantees for the resulting algorithms under a variety of conditions on the helpfulness of and bias inherent in this feedback.

Title: Modified Policy Iteration for Exponential Cost Risk Sensitive MDPs. (arXiv:2302.03811v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.03811
• Code URL: null
• Copy Paste: [[2302.03811] Modified Policy Iteration for Exponential Cost Risk Sensitive MDPs](http://arxiv.org/abs/2302.03811) #robust
• Summary:

  Modified policy iteration (MPI) also known as optimistic policy iteration is at the core of many reinforcement learning algorithms. It works by combining elements of policy iteration and value iteration. The convergence of MPI has been well studied in the case of discounted and average-cost MDPs. In this work, we consider the exponential cost risk-sensitive MDP formulation, which is known to provide some robustness to model parameters. Although policy iteration and value iteration have been well studied in the context of risk sensitive MDPs, modified policy iteration is relatively unexplored. We provide the first proof that MPI also converges for the risk-sensitive problem in the case of finite state and action spaces. Since the exponential cost formulation deals with the multiplicative Bellman equation, our main contribution is a convergence proof which is quite different than existing results for discounted and risk-neutral average-cost problems. The proof of approximate modified policy iteration for risk sensitive MDPs is also provided in the appendix.

Title: Decentralized Riemannian Algorithm for Nonconvex Minimax Problems. (arXiv:2302.03825v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.03825
• Code URL: null
• Copy Paste: [[2302.03825] Decentralized Riemannian Algorithm for Nonconvex Minimax Problems](http://arxiv.org/abs/2302.03825) #robust
• Summary:

  The minimax optimization over Riemannian manifolds (possibly nonconvex constraints) has been actively applied to solve many problems, such as robust dimensionality reduction and deep neural networks with orthogonal weights (Stiefel manifold). Although many optimization algorithms for minimax problems have been developed in the Euclidean setting, it is difficult to convert them into Riemannian cases, and algorithms for nonconvex minimax problems with nonconvex constraints are even rare. On the other hand, to address the big data challenges, decentralized (serverless) training techniques have recently been emerging since they can reduce communications overhead and avoid the bottleneck problem on the server node. Nonetheless, the algorithm for decentralized Riemannian minimax problems has not been studied. In this paper, we study the distributed nonconvex-strongly-concave minimax optimization problem over the Stiefel manifold and propose both deterministic and stochastic minimax methods. The local model is non-convex strong-concave and the Steifel manifold is a non-convex set. The global function is represented as the finite sum of local functions. For the deterministic setting, we propose DRGDA and prove that our deterministic method achieves a gradient complexity of $O( \epsilon^{-2})$ under mild conditions. For the stochastic setting, we propose DRSGDA and prove that our stochastic method achieves a gradient complexity of $O(\epsilon^{-4})$. The DRGDA and DRSGDA are the first algorithms for distributed minimax optimization with nonconvex constraints with exact convergence. Extensive experimental results on the Deep Neural Networks (DNNs) training over the Stiefel manifold demonstrate the efficiency of our algorithms.

Title: Topological Deep Learning: A Review of an Emerging Paradigm. (arXiv:2302.03836v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.03836
• Code URL: null
• Copy Paste: [[2302.03836] Topological Deep Learning: A Review of an Emerging Paradigm](http://arxiv.org/abs/2302.03836) #robust
• Summary:

  Topological data analysis (TDA) provides insight into data shape. The summaries obtained by these methods are principled global descriptions of multi-dimensional data whilst exhibiting stable properties such as robustness to deformation and noise. Such properties are desirable in deep learning pipelines but they are typically obtained using non-TDA strategies. This is partly caused by the difficulty of combining TDA constructs (e.g. barcode and persistence diagrams) with current deep learning algorithms. Fortunately, we are now witnessing a growth of deep learning applications embracing topologically-guided components. In this survey, we review the nascent field of topological deep learning by first revisiting the core concepts of TDA. We then explore how the use of TDA techniques has evolved over time to support deep learning frameworks, and how they can be integrated into different aspects of deep learning. Furthermore, we touch on TDA usage for analyzing existing deep models; deep topological analytics. Finally, we discuss the challenges and future prospects of topological deep learning.

Title: Predictable MDP Abstraction for Unsupervised Model-Based RL. (arXiv:2302.03921v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.03921
• Code URL: null
• Copy Paste: [[2302.03921] Predictable MDP Abstraction for Unsupervised Model-Based RL](http://arxiv.org/abs/2302.03921) #robust
• Summary:

  A key component of model-based reinforcement learning (RL) is a dynamics model that predicts the outcomes of actions. Errors in this predictive model can degrade the performance of model-based controllers, and complex Markov decision processes (MDPs) can present exceptionally difficult prediction problems. To mitigate this issue, we propose predictable MDP abstraction (PMA): instead of training a predictive model on the original MDP, we train a model on a transformed MDP with a learned action space that only permits predictable, easy-to-model actions, while covering the original state-action space as much as possible. As a result, model learning becomes easier and more accurate, which allows robust, stable model-based planning or model-based RL. This transformation is learned in an unsupervised manner, before any task is specified by the user. Downstream tasks can then be solved with model-based control in a zero-shot fashion, without additional environment interactions. We theoretically analyze PMA and empirically demonstrate that PMA leads to significant improvements over prior unsupervised model-based RL approaches in a range of benchmark environments. Our code and videos are available at https://seohong.me/projects/pma/

Title: Fortuna: A Library for Uncertainty Quantification in Deep Learning. (arXiv:2302.04019v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.04019
• Code URL: null
• Copy Paste: [[2302.04019] Fortuna: A Library for Uncertainty Quantification in Deep Learning](http://arxiv.org/abs/2302.04019) #robust
• Summary:

  We present Fortuna, an open-source library for uncertainty quantification in deep learning. Fortuna supports a range of calibration techniques, such as conformal prediction that can be applied to any trained neural network to generate reliable uncertainty estimates, and scalable Bayesian inference methods that can be applied to Flax-based deep neural networks trained from scratch for improved uncertainty quantification and accuracy. By providing a coherent framework for advanced uncertainty quantification methods, Fortuna simplifies the process of benchmarking and helps practitioners build robust AI systems.

Title: WAT: Improve the Worst-class Robustness in Adversarial Training. (arXiv:2302.04025v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.04025
• Code URL: https://github.com/boqili/wat
• Copy Paste: [[2302.04025] WAT: Improve the Worst-class Robustness in Adversarial Training](http://arxiv.org/abs/2302.04025) #robust
• Summary:

  Deep Neural Networks (DNN) have been shown to be vulnerable to adversarial examples. Adversarial training (AT) is a popular and effective strategy to defend against adversarial attacks. Recent works (Benz et al., 2020; Xu et al., 2021; Tian et al., 2021) have shown that a robust model well-trained by AT exhibits a remarkable robustness disparity among classes, and propose various methods to obtain consistent robust accuracy across classes. Unfortunately, these methods sacrifice a good deal of the average robust accuracy. Accordingly, this paper proposes a novel framework of worst-class adversarial training and leverages no-regret dynamics to solve this problem. Our goal is to obtain a classifier with great performance on worst-class and sacrifice just a little average robust accuracy at the same time. We then rigorously analyze the theoretical properties of our proposed algorithm, and the generalization error bound in terms of the worst-class robust risk. Furthermore, we propose a measurement to evaluate the proposed method in terms of both the average and worst-class accuracies. Experiments on various datasets and networks show that our proposed method outperforms the state-of-the-art approaches.

Title: Probabilistic Attention based on Gaussian Processes for Deep Multiple Instance Learning. (arXiv:2302.04061v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.04061
• Code URL: https://github.com/arneschmidt/attention_gp
• Copy Paste: [[2302.04061] Probabilistic Attention based on Gaussian Processes for Deep Multiple Instance Learning](http://arxiv.org/abs/2302.04061) #robust
• Summary:

  Multiple Instance Learning (MIL) is a weakly supervised learning paradigm that is becoming increasingly popular because it requires less labeling effort than fully supervised methods. This is especially interesting for areas where the creation of large annotated datasets remains challenging, as in medicine. Although recent deep learning MIL approaches have obtained state-of-the-art results, they are fully deterministic and do not provide uncertainty estimations for the predictions. In this work, we introduce the Attention Gaussian Process (AGP) model, a novel probabilistic attention mechanism based on Gaussian Processes for deep MIL. AGP provides accurate bag-level predictions as well as instance-level explainability, and can be trained end-to-end. Moreover, its probabilistic nature guarantees robustness to overfitting on small datasets and uncertainty estimations for the predictions. The latter is especially important in medical applications, where decisions have a direct impact on the patient's health. The proposed model is validated experimentally as follows. First, its behavior is illustrated in two synthetic MIL experiments based on the well-known MNIST and CIFAR-10 datasets, respectively. Then, it is evaluated in three different real-world cancer detection experiments. AGP outperforms state-of-the-art MIL approaches, including deterministic deep learning ones. It shows a strong performance even on a small dataset with less than 100 labels and generalizes better than competing methods on an external test set. Moreover, we experimentally show that predictive uncertainty correlates with the risk of wrong predictions, and therefore it is a good indicator of reliability in practice. Our code is publicly available.

Title: Robustness to Spurious Correlations Improves Semantic Out-of-Distribution Detection. (arXiv:2302.04132v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.04132
• Code URL: null
• Copy Paste: [[2302.04132] Robustness to Spurious Correlations Improves Semantic Out-of-Distribution Detection](http://arxiv.org/abs/2302.04132) #robust
• Summary:

  Methods which utilize the outputs or feature representations of predictive models have emerged as promising approaches for out-of-distribution (OOD) detection of image inputs. However, these methods struggle to detect OOD inputs that share nuisance values (e.g. background) with in-distribution inputs. The detection of shared-nuisance out-of-distribution (SN-OOD) inputs is particularly relevant in real-world applications, as anomalies and in-distribution inputs tend to be captured in the same settings during deployment. In this work, we provide a possible explanation for SN-OOD detection failures and propose nuisance-aware OOD detection to address them. Nuisance-aware OOD detection substitutes a classifier trained via empirical risk minimization and cross-entropy loss with one that 1. is trained under a distribution where the nuisance-label relationship is broken and 2. yields representations that are independent of the nuisance under this distribution, both marginally and conditioned on the label. We can train a classifier to achieve these objectives using Nuisance-Randomized Distillation (NuRD), an algorithm developed for OOD generalization under spurious correlations. Output- and feature-based nuisance-aware OOD detection perform substantially better than their original counterparts, succeeding even when detection based on domain generalization algorithms fails to improve performance.

biometric

steal

extraction

Title: Multi-view Feature Extraction based on Dual Contrastive Head. (arXiv:2302.03932v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.03932
• Code URL: null
• Copy Paste: [[2302.03932] Multi-view Feature Extraction based on Dual Contrastive Head](http://arxiv.org/abs/2302.03932) #extraction
• Summary:

  Multi-view feature extraction is an efficient approach for alleviating the issue of dimensionality in highdimensional multi-view data. Contrastive learning (CL), which is a popular self-supervised learning method, has recently attracted considerable attention. Most CL-based methods were constructed only from the sample level. In this study, we propose a novel multiview feature extraction method based on dual contrastive head, which introduce structural-level contrastive loss into sample-level CL-based method. Structural-level CL push the potential subspace structures consistent in any two cross views, which assists sample-level CL to extract discriminative features more effectively. Furthermore, it is proven that the relationships between structural-level CL and mutual information and probabilistic intraand inter-scatter, which provides the theoretical support for the excellent performance. Finally, numerical experiments on six real datasets demonstrate the superior performance of the proposed method compared to existing methods.

Title: A Systematic Performance Analysis of Deep Perceptual Loss Networks Breaks Transfer Learning Conventions. (arXiv:2302.04032v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.04032
• Code URL: null
• Copy Paste: [[2302.04032] A Systematic Performance Analysis of Deep Perceptual Loss Networks Breaks Transfer Learning Conventions](http://arxiv.org/abs/2302.04032) #extraction
• Summary:

  Deep perceptual loss is a type of loss function in computer vision that aims to mimic human perception by using the deep features extracted from neural networks. In recent years the method has been applied to great effect on a host of interesting computer vision tasks, especially for tasks with image or image-like outputs. Many applications of the method use pretrained networks, often convolutional networks, for loss calculation. Despite the increased interest and broader use, more effort is needed toward exploring which networks to use for calculating deep perceptual loss and from which layers to extract the features.

This work aims to rectify this by systematically evaluating a host of commonly used and readily available, pretrained networks for a number of different feature extraction points on four existing use cases of deep perceptual loss. The four use cases are implementations of previous works where the selected networks and extraction points are evaluated instead of the networks and extraction points used in the original work. The experimental tasks are dimensionality reduction, image segmentation, super-resolution, and perceptual similarity. The performance on these four tasks, attributes of the networks, and extraction points are then used as a basis for an in-depth analysis. This analysis uncovers essential information regarding which architectures provide superior performance for deep perceptual loss and how to choose an appropriate extraction point for a particular task and dataset. Furthermore, the work discusses the implications of the results for deep perceptual loss and the broader field of transfer learning. The results break commonly held assumptions in transfer learning, which imply that deep perceptual loss deviates from most transfer learning settings or that these assumptions need a thorough re-evaluation.

Title: Efficient Joint Learning for Clinical Named Entity Recognition and Relation Extraction Using Fourier Networks: A Use Case in Adverse Drug Events. (arXiv:2302.04185v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2302.04185
• Code URL: https://github.com/ds4dh/jnrf
• Copy Paste: [[2302.04185] Efficient Joint Learning for Clinical Named Entity Recognition and Relation Extraction Using Fourier Networks: A Use Case in Adverse Drug Events](http://arxiv.org/abs/2302.04185) #extraction
• Summary:

  Current approaches for clinical information extraction are inefficient in terms of computational costs and memory consumption, hindering their application to process large-scale electronic health records (EHRs). We propose an efficient end-to-end model, the Joint-NER-RE-Fourier (JNRF), to jointly learn the tasks of named entity recognition and relation extraction for documents of variable length. The architecture uses positional encoding and unitary batch sizes to process variable length documents and uses a weight-shared Fourier network layer for low-complexity token mixing. Finally, we reach the theoretical computational complexity lower bound for relation extraction using a selective pooling strategy and distance-aware attention weights with trainable polynomial distance functions. We evaluated the JNRF architecture using the 2018 N2C2 ADE benchmark to jointly extract medication-related entities and relations in variable-length EHR summaries. JNRF outperforms rolling window BERT with selective pooling by 0.42%, while being twice as fast to train. Compared to state-of-the-art BiLSTM-CRF architectures on the N2C2 ADE benchmark, results show that the proposed approach trains 22 times faster and reduces GPU memory consumption by 1.75 folds, with a reasonable performance tradeoff of 90%, without the use of external tools, hand-crafted rules or post-processing. Given the significant carbon footprint of deep learning models and the current energy crises, these methods could support efficient and cleaner information extraction in EHRs and other types of large-scale document databases.

membership infer

federate

Title: Multi-site Organ Segmentation with Federated Partial Supervision and Site Adaptation. (arXiv:2302.03911v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.03911
• Code URL: null
• Copy Paste: [[2302.03911] Multi-site Organ Segmentation with Federated Partial Supervision and Site Adaptation](http://arxiv.org/abs/2302.03911) #federate
• Summary:

  Objective and Impact Statement: Accurate organ segmentation is critical for many clinical applications at different clinical sites, which may have their specific application requirements that concern different organs. Introduction: However, learning high-quality, site-specific organ segmentation models is challenging as it often needs on-site curation of a large number of annotated images. Security concerns further complicate the matter. Methods: The paper aims to tackle these challenges via a two-phase aggregation-then-adaptation approach. The first phase of federated aggregation learns a single multi-organ segmentation model by leveraging the strength of 'bigger data', which are formed by (i) aggregating together datasets from multiple sites that with different organ labels to provide partial supervision, and (ii) conducting partially supervised learning without data breach. The second phase of site adaptation is to transfer the federated multi-organ segmentation model to site-specific organ segmentation models, one model per site, in order to further improve the performance of each site's organ segmentation task. Furthermore, improved marginal loss and exclusion loss functions are used to avoid 'knowledge conflict' problem in a partially supervision mechanism. Results and Conclusion: Extensive experiments on five organ segmentation datasets demonstrate the effectiveness of our multi-site approach, significantly outperforming the site-per-se learned models and achieving the performance comparable to the centrally learned models.

Title: Improving the Model Consistency of Decentralized Federated Learning. (arXiv:2302.04083v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.04083
• Code URL: null
• Copy Paste: [[2302.04083] Improving the Model Consistency of Decentralized Federated Learning](http://arxiv.org/abs/2302.04083) #federate
• Summary:

  To mitigate the privacy leakages and communication burdens of Federated Learning (FL), decentralized FL (DFL) discards the central server and each client only communicates with its neighbors in a decentralized communication network. However, existing DFL suffers from high inconsistency among local clients, which results in severe distribution shift and inferior performance compared with centralized FL (CFL), especially on heterogeneous data or sparse communication topology. To alleviate this issue, we propose two DFL algorithms named DFedSAM and DFedSAM-MGS to improve the performance of DFL. Specifically, DFedSAM leverages gradient perturbation to generate local flat models via Sharpness Aware Minimization (SAM), which searches for models with uniformly low loss values. DFedSAM-MGS further boosts DFedSAM by adopting Multiple Gossip Steps (MGS) for better model consistency, which accelerates the aggregation of local flat models and better balances communication complexity and generalization. Theoretically, we present improved convergence rates $\small \mathcal{O}\big(\frac{1}{\sqrt{KT}}+\frac{1}{T}+\frac{1}{K^{1/2}T^{3/2}(1-\lambda)^2}\big)$ and $\small \mathcal{O}\big(\frac{1}{\sqrt{KT}}+\frac{1}{T}+\frac{\lambda^Q+1}{K^{1/2}T^{3/2}(1-\lambda^Q)^2}\big)$ in non-convex setting for DFedSAM and DFedSAM-MGS, respectively, where $1-\lambda$ is the spectral gap of gossip matrix and $Q$ is the number of MGS. Empirically, our methods can achieve competitive performance compared with CFL methods and outperform existing DFL methods.

Title: Federated Learning as Variational Inference: A Scalable Expectation Propagation Approach. (arXiv:2302.04228v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.04228
• Code URL: https://github.com/hanguo97/expectation-propagation
• Copy Paste: [[2302.04228] Federated Learning as Variational Inference: A Scalable Expectation Propagation Approach](http://arxiv.org/abs/2302.04228) #federate
• Summary:

  The canonical formulation of federated learning treats it as a distributed optimization problem where the model parameters are optimized against a global loss function that decomposes across client loss functions. A recent alternative formulation instead treats federated learning as a distributed inference problem, where the goal is to infer a global posterior from partitioned client data (Al-Shedivat et al., 2021). This paper extends the inference view and describes a variational inference formulation of federated learning where the goal is to find a global variational posterior that well-approximates the true posterior. This naturally motivates an expectation propagation approach to federated learning (FedEP), where approximations to the global posterior are iteratively refined through probabilistic message-passing between the central server and the clients. We conduct an extensive empirical study across various algorithmic considerations and describe practical strategies for scaling up expectation propagation to the modern federated setting. We apply FedEP on standard federated learning benchmarks and find that it outperforms strong baselines in terms of both convergence speed and accuracy.

Title: Federated Minimax Optimization with Client Heterogeneity. (arXiv:2302.04249v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.04249
• Code URL: null
• Copy Paste: [[2302.04249] Federated Minimax Optimization with Client Heterogeneity](http://arxiv.org/abs/2302.04249) #federate
• Summary:

  Minimax optimization has seen a surge in interest with the advent of modern applications such as GANs, and it is inherently more challenging than simple minimization. The difficulty is exacerbated by the training data residing at multiple edge devices or \textit{clients}, especially when these clients can have heterogeneous datasets and local computation capabilities. We propose a general federated minimax optimization framework that subsumes such settings and several existing methods like Local SGDA. We show that naive aggregation of heterogeneous local progress results in optimizing a mismatched objective function -- a phenomenon previously observed in standard federated minimization. To fix this problem, we propose normalizing the client updates by the number of local steps undertaken between successive communication rounds. We analyze the convergence of the proposed algorithm for classes of nonconvex-concave and nonconvex-nonconcave functions and characterize the impact of heterogeneous client data, partial client participation, and heterogeneous local computations. Our analysis works under more general assumptions on the intra-client noise and inter-client heterogeneity than so far considered in the literature. For all the function classes considered, we significantly improve the existing computation and communication complexity results. Experimental results support our theoretical claims.

fair

Title: Fairness in Matching under Uncertainty. (arXiv:2302.03810v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.03810
• Code URL: null
• Copy Paste: [[2302.03810] Fairness in Matching under Uncertainty](http://arxiv.org/abs/2302.03810) #fair
• Summary:

  The prevalence and importance of algorithmic two-sided marketplaces has drawn attention to the issue of fairness in such settings. Algorithmic decisions are used in assigning students to schools, users to advertisers, and applicants to job interviews. These decisions should heed the preferences of individuals, and simultaneously be fair with respect to their merits (synonymous with fit, future performance, or need). Merits conditioned on observable features are always uncertain, a fact that is exacerbated by the widespread use of machine learning algorithms to infer merit from the observables. As our key contribution, we carefully axiomatize a notion of individual fairness in the two-sided marketplace setting which respects the uncertainty in the merits; indeed, it simultaneously recognizes uncertainty as the primary potential cause of unfairness and an approach to address it. We design a linear programming framework to find fair utility-maximizing distributions over allocations, and we show that the linear program is robust to perturbations in the estimated parameters of the uncertain merit distributions, a key property in combining the approach with machine learning techniques.

Title: On Generalized Degree Fairness in Graph Neural Networks. (arXiv:2302.03881v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.03881
• Code URL: null
• Copy Paste: [[2302.03881] On Generalized Degree Fairness in Graph Neural Networks](http://arxiv.org/abs/2302.03881) #fair
• Summary:

  Conventional graph neural networks (GNNs) are often confronted with fairness issues that may stem from their input, including node attributes and neighbors surrounding a node. While several recent approaches have been proposed to eliminate the bias rooted in sensitive attributes, they ignore the other key input of GNNs, namely the neighbors of a node, which can introduce bias since GNNs hinge on neighborhood structures to generate node representations. In particular, the varying neighborhood structures across nodes, manifesting themselves in drastically different node degrees, give rise to the diverse behaviors of nodes and biased outcomes. In this paper, we first define and generalize the degree bias using a generalized definition of node degree as a manifestation and quantification of different multi-hop structures around different nodes. To address the bias in the context of node classification, we propose a novel GNN framework called Generalized Degree Fairness-centric Graph Neural Network (Deg-FairGNN). Specifically, in each GNN layer, we employ a learnable debiasing function to generate debiasing contexts, which modulate the layer-wise neighborhood aggregation to eliminate the degree bias originating from the diverse degrees among nodes. Extensive experiments on three benchmark datasets demonstrate the effectiveness of our model on both accuracy and fairness metrics.

Title: On the Richness of Calibration. (arXiv:2302.04118v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.04118
• Code URL: null
• Copy Paste: [[2302.04118] On the Richness of Calibration](http://arxiv.org/abs/2302.04118) #fair
• Summary:

  Probabilistic predictions can be evaluated through comparisons with observed label frequencies, that is, through the lens of calibration. Recent scholarship on algorithmic fairness has started to look at a growing variety of calibration-based objectives under the name of multi-calibration but has still remained fairly restricted. In this paper, we explore and analyse forms of evaluation through calibration by making explicit the choices involved in designing calibration scores. We organise these into three grouping choices and a choice concerning the agglomeration of group errors. This provides a framework for comparing previously proposed calibration scores and helps to formulate novel ones with desirable mathematical properties. In particular, we explore the possibility of grouping datapoints based on their input features rather than on predictions and formally demonstrate advantages of such approaches. We also characterise the space of suitable agglomeration functions for group errors, generalising previously proposed calibration scores. Complementary to such population-level scores, we explore calibration scores at the individual level and analyse their relationship to choices of grouping. We draw on these insights to introduce and axiomatise fairness deviation measures for population-level scores. We demonstrate that with appropriate choices of grouping, these novel global fairness scores can provide notions of (sub-)group or individual fairness.

interpretability

explainability

Title: KENGIC: KEyword-driven and N-Gram Graph based Image Captioning. (arXiv:2302.03729v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.03729
• Code URL: null
• Copy Paste: [[2302.03729] KENGIC: KEyword-driven and N-Gram Graph based Image Captioning](http://arxiv.org/abs/2302.03729) #explainability
• Summary:

  This paper presents a Keyword-driven and N-gram Graph based approach for Image Captioning (KENGIC). Most current state-of-the-art image caption generators are trained end-to-end on large scale paired image-caption datasets which are very laborious and expensive to collect. Such models are limited in terms of their explainability and their applicability across different domains. To address these limitations, a simple model based on N-Gram graphs which does not require any end-to-end training on paired image captions is proposed. Starting with a set of image keywords considered as nodes, the generator is designed to form a directed graph by connecting these nodes through overlapping n-grams as found in a given text corpus. The model then infers the caption by maximising the most probable n-gram sequences from the constructed graph. To analyse the use and choice of keywords in context of this approach, this study analysed the generation of image captions based on (a) keywords extracted from gold standard captions and (b) from automatically detected keywords. Both quantitative and qualitative analyses demonstrated the effectiveness of KENGIC. The performance achieved is very close to that of current state-of-the-art image caption generators that are trained in the unpaired setting. The analysis of this approach could also shed light on the generation process behind current top performing caption generators trained in the paired setting, and in addition, provide insights on the limitations of the current most widely used evaluation metrics in automatic image captioning.

watermark

diffusion

Title: Zero-shot Generation of Coherent Storybook from Plain Text Story using Diffusion Models. (arXiv:2302.03900v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.03900
• Code URL: null
• Copy Paste: [[2302.03900] Zero-shot Generation of Coherent Storybook from Plain Text Story using Diffusion Models](http://arxiv.org/abs/2302.03900) #diffusion
• Summary:

  Recent advancements in large scale text-to-image models have opened new possibilities for guiding the creation of images through human-devised natural language. However, while prior literature has primarily focused on the generation of individual images, it is essential to consider the capability of these models to ensure coherency within a sequence of images to fulfill the demands of real-world applications such as storytelling. To address this, here we present a novel neural pipeline for generating a coherent storybook from the plain text of a story. Specifically, we leverage a combination of a pre-trained Large Language Model and a text-guided Latent Diffusion Model to generate coherent images. While previous story synthesis frameworks typically require a large-scale text-to-image model trained on expensive image-caption pairs to maintain the coherency, we employ simple textual inversion techniques along with detector-based semantic image editing which allows zero-shot generation of the coherent storybook. Experimental results show that our proposed method outperforms state-of-the-art image editing baselines.

Title: Analyzing the Performance of Deep Encoder-Decoder Networks as Surrogates for a Diffusion Equation. (arXiv:2302.03786v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.03786
• Code URL: null
• Copy Paste: [[2302.03786] Analyzing the Performance of Deep Encoder-Decoder Networks as Surrogates for a Diffusion Equation](http://arxiv.org/abs/2302.03786) #diffusion
• Summary:

  Neural networks (NNs) have proven to be a viable alternative to traditional direct numerical algorithms, with the potential to accelerate computational time by several orders of magnitude. In the present paper we study the use of encoder-decoder convolutional neural network (CNN) as surrogates for steady-state diffusion solvers. The construction of such surrogates requires the selection of an appropriate task, network architecture, training set structure and size, loss function, and training algorithm hyperparameters. It is well known that each of these factors can have a significant impact on the performance of the resultant model. Our approach employs an encoder-decoder CNN architecture, which we posit is particularly well-suited for this task due to its ability to effectively transform data, as opposed to merely compressing it. We systematically evaluate a range of loss functions, hyperparameters, and training set sizes. Our results indicate that increasing the size of the training set has a substantial effect on reducing performance fluctuations and overall error. Additionally, we observe that the performance of the model exhibits a logarithmic dependence on the training set size. Furthermore, we investigate the effect on model performance by using different subsets of data with varying features. Our results highlight the importance of sampling the configurational space in an optimal manner, as this can have a significant impact on the performance of the model and the required training time. In conclusion, our results suggest that training a model with a pre-determined error performance bound is not a viable approach, as it does not guarantee that edge cases with errors larger than the bound do not exist. Furthermore, as most surrogate tasks involve a high dimensional landscape, an ever increasing training set size is, in principle, needed, however it is not a practical solution.

Title: GraphGUIDE: interpretable and controllable conditional graph generation with discrete Bernoulli diffusion. (arXiv:2302.03790v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.03790
• Code URL: null
• Copy Paste: [[2302.03790] GraphGUIDE: interpretable and controllable conditional graph generation with discrete Bernoulli diffusion](http://arxiv.org/abs/2302.03790) #diffusion
• Summary:

  Diffusion models achieve state-of-the-art performance in generating realistic objects and have been successfully applied to images, text, and videos. Recent work has shown that diffusion can also be defined on graphs, including graph representations of drug-like molecules. Unfortunately, it remains difficult to perform conditional generation on graphs in a way which is interpretable and controllable. In this work, we propose GraphGUIDE, a novel framework for graph generation using diffusion models, where edges in the graph are flipped or set at each discrete time step. We demonstrate GraphGUIDE on several graph datasets, and show that it enables full control over the conditional generation of arbitrary structural properties without relying on predefined labels. Our framework for graph diffusion can have a large impact on the interpretable conditional generation of graphs, including the generation of drug-like molecules with desired properties in a way which is informed by experimental evidence.

Title: Information-Theoretic Diffusion. (arXiv:2302.03792v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.03792
• Code URL: null
• Copy Paste: [[2302.03792] Information-Theoretic Diffusion](http://arxiv.org/abs/2302.03792) #diffusion
• Summary:

  Denoising diffusion models have spurred significant gains in density modeling and image generation, precipitating an industrial revolution in text-guided AI art generation. We introduce a new mathematical foundation for diffusion models inspired by classic results in information theory that connect Information with Minimum Mean Square Error regression, the so-called I-MMSE relations. We generalize the I-MMSE relations to exactly relate the data distribution to an optimal denoising regression problem, leading to an elegant refinement of existing diffusion bounds. This new insight leads to several improvements for probability distribution estimation, including theoretical justification for diffusion model ensembling. Remarkably, our framework shows how continuous and discrete probabilities can be learned with the same regression objective, avoiding domain-specific generative models used in variational methods. Code to reproduce experiments is provided at this http URL and simplified demonstration code is at this http URL