secure

Title: CryptoScratch: Developing and evaluating a block-based programming tool for teaching K-12 cryptography education using Scratch. (arXiv:2302.11606v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2302.11606
• Code URL: null
• Copy Paste: [[2302.11606] CryptoScratch: Developing and evaluating a block-based programming tool for teaching K-12 cryptography education using Scratch](http://arxiv.org/abs/2302.11606) #secure
• Summary:

  This paper presents the design, implementation, and evaluation of a new framework called CryptoScratch, which extends the Scratch programming environment with modern cryptographic algorithms (e.g., AES, RSA, SHA-256) implemented as visual blocks. Using the simple interface of CryptoScratch, K-12 students can study how to use cryptographic algorithms for services like confidentiality, authentication, and integrity protection; and then use these blocks to build complex modern cryptographic schemes (e.g., Pretty Good Privacy, Digital Signatures). In addition, we present the design and implementation of a Task Block that provides students instruction on various cryptography problems and verifies that they have successfully completed the problem. The task block also generates feedback, nudging learners to implement more secure solutions for cryptographic problems. An initial usability study was performed with 16 middle-school students where students were taught basic cryptographic concepts and then asked to complete tasks using those concepts. Once students had knowledge of a variety of basic cryptographic algorithms, they were asked to use those algorithms to implement complex cryptographic schemes such as Pretty Good Privacy and Digital Signatures. Using the successful implementation of the cryptographic and task blocks in Scratch, the initial testing indicated that $\approx 60\%$ of the students could quickly grasp and implement complex cryptography concepts using CryptoScratch, while $\approx 90\%$ showed comfort with cryptography concepts and use-cases. Based on the positive results from the initial testing, a larger study of students is being developed to investigate the effectiveness across the socioeconomic spectrum.

Title: ProSpeCT: Provably Secure Speculation for the Constant-Time Policy (Extended version). (arXiv:2302.12108v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2302.12108
• Code URL: null
• Copy Paste: [[2302.12108] ProSpeCT: Provably Secure Speculation for the Constant-Time Policy (Extended version)](http://arxiv.org/abs/2302.12108) #secure
• Summary:

  We propose ProSpeCT, a generic formal processor model providing provably secure speculation for the constant-time policy. For constant-time programs under a non-speculative semantics, ProSpeCT guarantees that speculative and out-of-order execution cause no microarchitectural leaks. This guarantee is achieved by tracking secrets in the processor pipeline and ensuring that they do not influence the microarchitectural state during speculative execution. Our formalization covers a broad class of speculation mechanisms, generalizing prior work. As a result, our security proof covers all known Spectre attacks, including load value injection (LVI) attacks.

In addition to the formal model, we provide a prototype hardware implementation of ProSpeCT on a RISC-V processor and show evidence of its low impact on hardware cost, performance, and required software changes. In particular, the experimental evaluation confirms our expectation that for a compliant constant-time binary, enabling ProSpeCT incurs no performance overhead.

Title: A Survey of Secure Computation Using Trusted Execution Environments. (arXiv:2302.12150v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2302.12150
• Code URL: null
• Copy Paste: [[2302.12150] A Survey of Secure Computation Using Trusted Execution Environments](http://arxiv.org/abs/2302.12150) #secure
• Summary:

  As an essential technology underpinning trusted computing, the trusted execution environment (TEE) allows one to launch computation tasks on both on- and off-premises data while assuring confidentiality and integrity. This article provides a systematic review and comparison of TEE-based secure computation protocols. We first propose a taxonomy that classifies secure computation protocols into three major categories, namely secure outsourced computation, secure distributed computation and secure multi-party computation. To enable a fair comparison of these protocols, we also present comprehensive assessment criteria with respect to four aspects: setting, methodology, security and performance. Based on these criteria, we review, discuss and compare the state-of-the-art TEE-based secure computation protocols for both general-purpose computation functions and special-purpose ones, such as privacy-preserving machine learning and encrypted database queries. To the best of our knowledge, this article is the first survey to review TEE-based secure computation protocols and the comprehensive comparison can serve as a guideline for selecting suitable protocols for deployment in practice. Finally, we also discuss several future research directions and challenges.

Title: Harris Hawks Feature Selection in Distributed Machine Learning for Secure IoT Environments. (arXiv:2302.12205v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.12205
• Code URL: null
• Copy Paste: [[2302.12205] Harris Hawks Feature Selection in Distributed Machine Learning for Secure IoT Environments](http://arxiv.org/abs/2302.12205) #secure
• Summary:

  The development of the Internet of Things (IoT) has dramatically expanded our daily lives, playing a pivotal role in the enablement of smart cities, healthcare, and buildings. Emerging technologies, such as IoT, seek to improve the quality of service in cognitive cities. Although IoT applications are helpful in smart building applications, they present a real risk as the large number of interconnected devices in those buildings, using heterogeneous networks, increases the number of potential IoT attacks. IoT applications can collect and transfer sensitive data. Therefore, it is necessary to develop new methods to detect hacked IoT devices. This paper proposes a Feature Selection (FS) model based on Harris Hawks Optimization (HHO) and Random Weight Network (RWN) to detect IoT botnet attacks launched from compromised IoT devices. Distributed Machine Learning (DML) aims to train models locally on edge devices without sharing data to a central server. Therefore, we apply the proposed approach using centralized and distributed ML models. Both learning models are evaluated under two benchmark datasets for IoT botnet attacks and compared with other well-known classification techniques using different evaluation indicators. The experimental results show an improvement in terms of accuracy, precision, recall, and F-measure in most cases. The proposed method achieves an average F-measure up to 99.9\%. The results show that the DML model achieves competitive performance against centralized ML while maintaining the data locally.

Title: Knowledge Distillation-based Information Sharing for Online Process Monitoring in Decentralized Manufacturing System. (arXiv:2302.12004v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.12004
• Code URL: null
• Copy Paste: [[2302.12004] Knowledge Distillation-based Information Sharing for Online Process Monitoring in Decentralized Manufacturing System](http://arxiv.org/abs/2302.12004) #secure
• Summary:

  In advanced manufacturing, the incorporation of sensing technology provides an opportunity to achieve efficient in-situ process monitoring using machine learning methods. Meanwhile, the advances of information technologies also enable a connected and decentralized environment for manufacturing systems, making different manufacturing units in the system collaborate more closely. In a decentralized manufacturing system, the involved units may fabricate same or similar products and deploy their own machine learning model for online process monitoring. However, due to the possible inconsistency of task progress during the operation, it is also common that some units are data-rich while some are data-poor. Thus, the learning progress of the machine learning-based process monitoring model for each unit may vary. Therefore, it is highly valuable to achieve efficient and secured knowledge sharing among the units in a decentralized manufacturing system. To realize this goal, this paper proposes a knowledge distillation-based information sharing (KD-IS) framework, which could distill informative knowledge from data-rich unit to improve the monitoring performance of data-poor unit. To validate the effectiveness of this method, a real-world case study is conducted in a connected fused filament fabrication (FFF)-based additive manufacturing (AM) platform. The experimental results show that the developed method is efficient in improving model monitoring performance at data-poor unit, with solid protection on potential data privacy.

security

Title: Designing a Visual Cryptography Curriculum for K-12 Education. (arXiv:2302.11655v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2302.11655
• Code URL: null
• Copy Paste: [[2302.11655] Designing a Visual Cryptography Curriculum for K-12 Education](http://arxiv.org/abs/2302.11655) #security
• Summary:

  We have designed and developed a simple, visual, and narrative K-12 cybersecurity curriculum leveraging the Scratch programming platform to demonstrate and teach fundamental cybersecurity concepts such as confidentiality, integrity protection, and authentication. The visual curriculum simulates a real-world scenario of a user and a bank performing a bank transaction and an adversary attempting to attack the transaction.We have designed six visual scenarios, the curriculum first introduces students to three visual scenarios demonstrating attacks that exist when systems do not integrate concepts such as confidentiality, integrity protection, and authentication. Then, it introduces them to three visual scenarios that build on the attacks to demonstrate and teach how these fundamental concepts can be used to defend against them. We conducted an evaluation of our curriculum through a study with 18 middle and high school students. To evaluate the student's comprehension of these concepts we distributed a technical survey, where overall average of students answering these questions related to the demonstrated concepts is 9.28 out of 10. Furthermore, the survey results revealed that 66.7% found the system extremely easy and the remaining 27.8% found it easy to use and understand.

Title: Out-of-distribution Detection with Energy-based Models. (arXiv:2302.12002v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.12002
• Code URL: null
• Copy Paste: [[2302.12002] Out-of-distribution Detection with Energy-based Models](http://arxiv.org/abs/2302.12002) #security
• Summary:

  Today, deep learning is increasingly applied in security-critical situations such as autonomous driving and medical diagnosis. Despite its success, the behavior and robustness of deep networks are not fully understood yet, posing a significant risk. In particular, researchers recently found that neural networks are overly confident in their predictions, even on data they have never seen before. To tackle this issue, one can differentiate two approaches in the literature. One accounts for uncertainty in the predictions, while the second estimates the underlying density of the training data to decide whether a given input is close to the training data, and thus the network is able to perform as expected.In this thesis, we investigate the capabilities of EBMs at the task of fitting the training data distribution to perform detection of out-of-distribution (OOD) inputs. We find that on most datasets, EBMs do not inherently outperform other density estimators at detecting OOD data despite their flexibility. Thus, we additionally investigate the effects of supervision, dimensionality reduction, and architectural modifications on the performance of EBMs. Further, we propose Energy-Prior Network (EPN) which enables estimation of various uncertainties within an EBM for classification, bridging the gap between two approaches for tackling the OOD detection problem. We identify a connection between the concentration parameters of the Dirichlet distribution and the joint energy in an EBM. Additionally, this allows optimization without a held-out OOD dataset, which might not be available or costly to collect in some applications. Finally, we empirically demonstrate that Energy-Prior Network (EPN) is able to detect OOD inputs, datasets shifts, and adversarial examples. Theoretically, EPN offers favorable properties for the asymptotic case when inputs are far from the training data.

Title: Financial Distress Prediction For Small And Medium Enterprises Using Machine Learning Techniques. (arXiv:2302.12118v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.12118
• Code URL: null
• Copy Paste: [[2302.12118] Financial Distress Prediction For Small And Medium Enterprises Using Machine Learning Techniques](http://arxiv.org/abs/2302.12118) #security
• Summary:

  Financial Distress Prediction plays a crucial role in the economy by accurately forecasting the number and probability of failing structures, providing insight into the growth and stability of a country's economy. However, predicting financial distress for Small and Medium Enterprises is challenging due to their inherent ambiguity, leading to increased funding costs and decreased chances of receiving funds. While several strategies have been developed for effective FCP, their implementation, accuracy, and data security fall short of practical applications. Additionally, many of these strategies perform well for a portion of the dataset but are not adaptable to various datasets. As a result, there is a need to develop a productive prediction model for better order execution and adaptability to different datasets. In this review, we propose a feature selection algorithm for FCP based on element credits and data source collection. Current financial distress prediction models rely mainly on financial statements and disregard the timeliness of organization tests. Therefore, we propose a corporate FCP model that better aligns with industry practice and incorporates the gathering of thin-head component analysis of financial data, corporate governance qualities, and market exchange data with a Relevant Vector Machine. Experimental results demonstrate that this strategy can improve the forecast efficiency of financial distress with fewer characteristic factors.

privacy

Title: A Comprehensive Survey on Source-free Domain Adaptation. (arXiv:2302.11803v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.11803
• Code URL: null
• Copy Paste: [[2302.11803] A Comprehensive Survey on Source-free Domain Adaptation](http://arxiv.org/abs/2302.11803) #privacy
• Summary:

  Over the past decade, domain adaptation has become a widely studied branch of transfer learning that aims to improve performance on target domains by leveraging knowledge from the source domain. Conventional domain adaptation methods often assume access to both source and target domain data simultaneously, which may not be feasible in real-world scenarios due to privacy and confidentiality concerns. As a result, the research of Source-Free Domain Adaptation (SFDA) has drawn growing attention in recent years, which only utilizes the source-trained model and unlabeled target data to adapt to the target domain. Despite the rapid explosion of SFDA work, yet there has no timely and comprehensive survey in the field. To fill this gap, we provide a comprehensive survey of recent advances in SFDA and organize them into a unified categorization scheme based on the framework of transfer learning. Instead of presenting each approach independently, we modularize several components of each method to more clearly illustrate their relationships and mechanics in light of the composite properties of each method. Furthermore, we compare the results of more than 30 representative SFDA methods on three popular classification benchmarks, namely Office-31, Office-home, and VisDA, to explore the effectiveness of various technical routes and the combination effects among them. Additionally, we briefly introduce the applications of SFDA and related fields. Drawing from our analysis of the challenges facing SFDA, we offer some insights into future research directions and potential settings.

Title: On the contribution of pre-trained models to accuracy and utility in modeling distributed energy resources. (arXiv:2302.11679v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.11679
• Code URL: null
• Copy Paste: [[2302.11679] On the contribution of pre-trained models to accuracy and utility in modeling distributed energy resources](http://arxiv.org/abs/2302.11679) #privacy
• Summary:

  Despite their growing popularity, data-driven models of real-world dynamical systems require lots of data. However, due to sensing limitations as well as privacy concerns, this data is not always available, especially in domains such as energy. Pre-trained models using data gathered in similar contexts have shown enormous potential in addressing these concerns: they can improve predictive accuracy at a much lower observational data expense. Theoretically, due to the risk posed by negative transfer, this improvement is however neither uniform for all agents nor is it guaranteed. In this paper, using data from several distributed energy resources, we investigate and report preliminary findings on several key questions in this regard. First, we evaluate the improvement in predictive accuracy due to pre-trained models, both with and without fine-tuning. Subsequently, we consider the question of fairness: do pre-trained models create equal improvements for heterogeneous agents, and how does this translate to downstream utility? Answering these questions can help enable improvements in the creation, fine-tuning, and adoption of such pre-trained models.

Title: Personalized Privacy-Preserving Framework for Cross-Silo Federated Learning. (arXiv:2302.12020v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.12020
• Code URL: https://github.com/vinuni-vishc/pppf-cross-silo-fl
• Copy Paste: [[2302.12020] Personalized Privacy-Preserving Framework for Cross-Silo Federated Learning](http://arxiv.org/abs/2302.12020) #privacy
• Summary:

  Federated learning (FL) is recently surging as a promising decentralized deep learning (DL) framework that enables DL-based approaches trained collaboratively across clients without sharing private data. However, in the context of the central party being active and dishonest, the data of individual clients might be perfectly reconstructed, leading to the high possibility of sensitive information being leaked. Moreover, FL also suffers from the nonindependent and identically distributed (non-IID) data among clients, resulting in the degradation in the inference performance on local clients' data. In this paper, we propose a novel framework, namely Personalized Privacy-Preserving Federated Learning (PPPFL), with a concentration on cross-silo FL to overcome these challenges. Specifically, we introduce a stabilized variant of the Model-Agnostic Meta-Learning (MAML) algorithm to collaboratively train a global initialization from clients' synthetic data generated by Differential Private Generative Adversarial Networks (DP-GANs). After reaching convergence, the global initialization will be locally adapted by the clients to their private data. Through extensive experiments, we empirically show that our proposed framework outperforms multiple FL baselines on different datasets, including MNIST, Fashion-MNIST, CIFAR-10, and CIFAR-100.

protect

Title: Bayesian Structure Scores for Probabilistic Circuits. (arXiv:2302.12130v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.12130
• Code URL: https://github.com/yangyang-pro/bayesian-scores-pc
• Copy Paste: [[2302.12130] Bayesian Structure Scores for Probabilistic Circuits](http://arxiv.org/abs/2302.12130) #protect
• Summary:

  Probabilistic circuits (PCs) are a prominent representation of probability distributions with tractable inference. While parameter learning in PCs is rigorously studied, structure learning is often more based on heuristics than on principled objectives. In this paper, we develop Bayesian structure scores for deterministic PCs, i.e., the structure likelihood with parameters marginalized out, which are well known as rigorous objectives for structure learning in probabilistic graphical models. When used within a greedy cutset algorithm, our scores effectively protect against overfitting and yield a fast and almost hyper-parameter-free structure learner, distinguishing it from previous approaches. In experiments, we achieve good trade-offs between training time and model fit in terms of log-likelihood. Moreover, the principled nature of Bayesian scores unlocks PCs for accommodating frameworks such as structural expectation-maximization.

defense

Title: VDHLA: Variable Depth Hybrid Learning Automaton and Its Application to Defense Against the Selfish Mining Attack in Bitcoin. (arXiv:2302.12096v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.12096
• Code URL: null
• Copy Paste: [[2302.12096] VDHLA: Variable Depth Hybrid Learning Automaton and Its Application to Defense Against the Selfish Mining Attack in Bitcoin](http://arxiv.org/abs/2302.12096) #defense
• Summary:

  Learning Automaton (LA) is an adaptive self-organized model that improves its action-selection through interaction with an unknown environment. LA with finite action set can be classified into two main categories: fixed and variable structure. Furthermore, variable action-set learning automaton (VASLA) is one of the main subsets of variable structure learning automaton. In this paper, we propose VDHLA, a novel hybrid learning automaton model, which is a combination of fixed structure and variable action set learning automaton. In the proposed model, variable action set learning automaton can increase, decrease, or leave unchanged the depth of fixed structure learning automaton during the action switching phase. In addition, the depth of the proposed model can change in a symmetric (SVDHLA) or asymmetric (AVDHLA) manner. To the best of our knowledge, it is the first hybrid model that intelligently changes the depth of fixed structure learning automaton. Several computer simulations are conducted to study the performance of the proposed model with respect to the total number of rewards and action switching in stationary and non-stationary environments. The proposed model is compared with FSLA and VSLA. In order to determine the performance of the proposed model in a practical application, the selfish mining attack which threatens the incentive-compatibility of a proof-of-work based blockchain environment is considered. The proposed model is applied to defend against the selfish mining attack in Bitcoin and compared with the tie-breaking mechanism, which is a well-known defense. Simulation results in all environments have shown the superiority of the proposed model.

Title: Feature Partition Aggregation: A Fast Certified Defense Against a Union of Sparse Adversarial Attacks. (arXiv:2302.11628v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.11628
• Code URL: https://github.com/zaydh/feature-partition
• Copy Paste: [[2302.11628] Feature Partition Aggregation: A Fast Certified Defense Against a Union of Sparse Adversarial Attacks](http://arxiv.org/abs/2302.11628) #defense
• Summary:

  Deep networks are susceptible to numerous types of adversarial attacks. Certified defenses provide guarantees on a model's robustness, but most of these defenses are restricted to a single attack type. In contrast, this paper proposes feature partition aggregation (FPA) - a certified defense against a union of attack types, namely evasion, backdoor, and poisoning attacks. We specifically consider an $\ell_0$ or sparse attacker that arbitrarily controls an unknown subset of the training and test features - even across all instances. FPA generates robustness guarantees via an ensemble whose submodels are trained on disjoint feature sets. Following existing certified sparse defenses, we generalize FPA's guarantees to top-$k$ predictions. FPA significantly outperforms state-of-the-art sparse defenses providing larger and stronger robustness guarantees, while simultaneously being up to 5,000${\times}$ faster.

attack

Title: Boosting Adversarial Transferability using Dynamic Cues. (arXiv:2302.12252v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.12252
• Code URL: null
• Copy Paste: [[2302.12252] Boosting Adversarial Transferability using Dynamic Cues](http://arxiv.org/abs/2302.12252) #attack
• Summary:

  The transferability of adversarial perturbations between image models has been extensively studied. In this case, an attack is generated from a known surrogate \eg, the ImageNet trained model, and transferred to change the decision of an unknown (black-box) model trained on an image dataset. However, attacks generated from image models do not capture the dynamic nature of a moving object or a changing scene due to a lack of temporal cues within image models. This leads to reduced transferability of adversarial attacks from representation-enriched \emph{image} models such as Supervised Vision Transformers (ViTs), Self-supervised ViTs (\eg, DINO), and Vision-language models (\eg, CLIP) to black-box \emph{video} models. In this work, we induce dynamic cues within the image models without sacrificing their original performance on images. To this end, we optimize \emph{temporal prompts} through frozen image models to capture motion dynamics. Our temporal prompts are the result of a learnable transformation that allows optimizing for temporal gradients during an adversarial attack to fool the motion dynamics. Specifically, we introduce spatial (image) and temporal (video) cues within the same source model through task-specific prompts. Attacking such prompts maximizes the adversarial transferability from image-to-video and image-to-image models using the attacks designed for image models. Our attack results indicate that the attacker does not need specialized architectures, \eg, divided space-time attention, 3D convolutions, or multi-view convolution networks for different data modalities. Image models are effective surrogates to optimize an adversarial attack to fool black-box models in a changing environment over time. Code is available at https://bit.ly/3Xd9gRQ

Title: More than you've asked for: A Comprehensive Analysis of Novel Prompt Injection Threats to Application-Integrated Large Language Models. (arXiv:2302.12173v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2302.12173
• Code URL: null
• Copy Paste: [[2302.12173] More than you've asked for: A Comprehensive Analysis of Novel Prompt Injection Threats to Application-Integrated Large Language Models](http://arxiv.org/abs/2302.12173) #attack
• Summary:

  We are currently witnessing dramatic advances in the capabilities of Large Language Models (LLMs). They are already being adopted in practice and integrated into many systems, including integrated development environments (IDEs) and search engines. The functionalities of current LLMs can be modulated via natural language prompts, while their exact internal functionality remains implicit and unassessable. This property, which makes them adaptable to even unseen tasks, might also make them susceptible to targeted adversarial prompting. Recently, several ways to misalign LLMs using Prompt Injection (PI) attacks have been introduced. In such attacks, an adversary can prompt the LLM to produce malicious content or override the original instructions and the employed filtering schemes. Recent work showed that these attacks are hard to mitigate, as state-of-the-art LLMs are instruction-following. So far, these attacks assumed that the adversary is directly prompting the LLM.

In this work, we show that augmenting LLMs with retrieval and API calling capabilities (so-called Application-Integrated LLMs) induces a whole new set of attack vectors. These LLMs might process poisoned content retrieved from the Web that contains malicious prompts pre-injected and selected by adversaries. We demonstrate that an attacker can indirectly perform such PI attacks. Based on this key insight, we systematically analyze the resulting threat landscape of Application-Integrated LLMs and discuss a variety of new attack vectors. To demonstrate the practical viability of our attacks, we implemented specific demonstrations of the proposed attacks within synthetic applications. In summary, our work calls for an urgent evaluation of current mitigation techniques and an investigation of whether new techniques are needed to defend LLMs against these threats.

Title: Mitigating Adversarial Attacks in Deepfake Detection: An Exploration of Perturbation and AI Techniques. (arXiv:2302.11704v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.11704
• Code URL: null
• Copy Paste: [[2302.11704] Mitigating Adversarial Attacks in Deepfake Detection: An Exploration of Perturbation and AI Techniques](http://arxiv.org/abs/2302.11704) #attack
• Summary:

  Deep learning is a crucial aspect of machine learning, but it also makes these techniques vulnerable to adversarial examples, which can be seen in a variety of applications. These examples can even be targeted at humans, leading to the creation of false media, such as deepfakes, which are often used to shape public opinion and damage the reputation of public figures. This article will explore the concept of adversarial examples, which are comprised of perturbations added to clean images or videos, and their ability to deceive DL algorithms. The proposed approach achieved a precision value of accuracy of 76.2% on the DFDC dataset.

Title: A Plot is Worth a Thousand Words: Model Information Stealing Attacks via Scientific Plots. (arXiv:2302.11982v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2302.11982
• Code URL: https://github.com/boz083/plot_steal
• Copy Paste: [[2302.11982] A Plot is Worth a Thousand Words: Model Information Stealing Attacks via Scientific Plots](http://arxiv.org/abs/2302.11982) #attack
• Summary:

  Building advanced machine learning (ML) models requires expert knowledge and many trials to discover the best architecture and hyperparameter settings. Previous work demonstrates that model information can be leveraged to assist other attacks, such as membership inference, generating adversarial examples. Therefore, such information, e.g., hyperparameters, should be kept confidential. It is well known that an adversary can leverage a target ML model's output to steal the model's information. In this paper, we discover a new side channel for model information stealing attacks, i.e., models' scientific plots which are extensively used to demonstrate model performance and are easily accessible. Our attack is simple and straightforward. We leverage the shadow model training techniques to generate training data for the attack model which is essentially an image classifier. Extensive evaluation on three benchmark datasets shows that our proposed attack can effectively infer the architecture/hyperparameters of image classifiers based on convolutional neural network (CNN) given the scientific plot generated from it. We also reveal that the attack's success is mainly caused by the shape of the scientific plots, and further demonstrate that the attacks are robust in various scenarios. Given the simplicity and effectiveness of the attack method, our study indicates scientific plots indeed constitute a valid side channel for model information stealing attacks. To mitigate the attacks, we propose several defense mechanisms that can reduce the original attacks' accuracy while maintaining the plot utility. However, such defenses can still be bypassed by adaptive attacks.

robust

Title: Deep OC-SORT: Multi-Pedestrian Tracking by Adaptive Re-Identification. (arXiv:2302.11813v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.11813
• Code URL: https://github.com/gerardmaggiolino/deep-oc-sort
• Copy Paste: [[2302.11813] Deep OC-SORT: Multi-Pedestrian Tracking by Adaptive Re-Identification](http://arxiv.org/abs/2302.11813) #robust
• Summary:

  Motion-based association for Multi-Object Tracking (MOT) has recently re-achieved prominence with the rise of powerful object detectors. Despite this, little work has been done to incorporate appearance cues beyond simple heuristic models that lack robustness to feature degradation. In this paper, we propose a novel way to leverage objects' appearances to adaptively integrate appearance matching into existing high-performance motion-based methods. Building upon the pure motion-based method OC-SORT, we achieve 1st place on MOT20 and 2nd place on MOT17 with 63.9 and 64.9 HOTA, respectively. We also achieve 61.3 HOTA on the challenging DanceTrack benchmark as a new state-of-the-art even compared to more heavily-designed methods. The code and models are available at \url{https://github.com/GerardMaggiolino/Deep-OC-SORT}.

Title: Out-of-Domain Robustness via Targeted Augmentations. (arXiv:2302.11861v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.11861
• Code URL: https://github.com/i-gao/targeted-augs
• Copy Paste: [[2302.11861] Out-of-Domain Robustness via Targeted Augmentations](http://arxiv.org/abs/2302.11861) #robust
• Summary:

  Models trained on one set of domains often suffer performance drops on unseen domains, e.g., when wildlife monitoring models are deployed in new camera locations. In this work, we study principles for designing data augmentations for out-of-domain (OOD) generalization. In particular, we focus on real-world scenarios in which some domain-dependent features are robust, i.e., some features that vary across domains are predictive OOD. For example, in the wildlife monitoring application above, image backgrounds vary across camera locations but indicate habitat type, which helps predict the species of photographed animals. Motivated by theoretical analysis on a linear setting, we propose targeted augmentations, which selectively randomize spurious domain-dependent features while preserving robust ones. We prove that targeted augmentations improve OOD performance, allowing models to generalize better with fewer domains. In contrast, existing approaches such as generic augmentations, which fail to randomize domain-dependent features, and domain-invariant augmentations, which randomize all domain-dependent features, both perform poorly OOD. In experiments on three real-world datasets, we show that targeted augmentations set new states-of-the-art for OOD performance by 3.2-15.2%.

Title: Transformers in Single Object Tracking: An Experimental Survey. (arXiv:2302.11867v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.11867
• Code URL: null
• Copy Paste: [[2302.11867] Transformers in Single Object Tracking: An Experimental Survey](http://arxiv.org/abs/2302.11867) #robust
• Summary:

  Single object tracking is a well-known and challenging research topic in computer vision. Over the last two decades, numerous researchers have proposed various algorithms to solve this problem and achieved promising results. Recently, Transformer-based tracking approaches have ushered in a new era in single object tracking due to their superior tracking robustness. Although several survey studies have been conducted to analyze the performance of trackers, there is a need for another survey study after the introduction of Transformers in single object tracking. In this survey, we aim to analyze the literature and performances of Transformer tracking approaches. Therefore, we conduct an in-depth literature analysis of Transformer tracking approaches and evaluate their tracking robustness and computational efficiency on challenging benchmark datasets. In addition, we have measured their performances on different tracking scenarios to find their strength and weaknesses. Our survey provides insights into the underlying principles of Transformer tracking approaches, the challenges they face, and their future directions.

Title: Real-Time Damage Detection in Fiber Lifting Ropes Using Convolutional Neural Networks. (arXiv:2302.11947v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.11947
• Code URL: null
• Copy Paste: [[2302.11947] Real-Time Damage Detection in Fiber Lifting Ropes Using Convolutional Neural Networks](http://arxiv.org/abs/2302.11947) #robust
• Summary:

  The health and safety hazards posed by worn crane lifting ropes mandate periodic inspection for damage. This task is time-consuming, prone to human error, halts operation, and may result in the premature disposal of ropes. Therefore, we propose using deep learning and computer vision methods to automate the process of detecting damaged ropes. Specifically, we present a novel vision-based system for detecting damage in synthetic fiber rope images using convolutional neural networks (CNN). We use a camera-based apparatus to photograph the lifting rope's surface, while in operation, and capture the progressive wear-and-tear as well as the more significant degradation in the rope's health state. Experts from Konecranes annotate the collected images in accordance with the rope's condition; normal or damaged. Then, we pre-process the images, design a CNN model in a systematic manner, evaluate its detection and prediction performance, analyze its computational complexity, and compare it with various other models. Experimental results show the proposed model outperforms other techniques with 96.4% accuracy, 95.8% precision, 97.2% recall, 96.5% F1-score, and 99.2% AUC. Besides, they demonstrate the model's real-time operation, low memory footprint, robustness to various environmental and operational conditions, and adequacy for deployment in industrial systems.

Title: ArtiFact: A Large-Scale Dataset with Artificial and Factual Images for Generalizable and Robust Synthetic Image Detection. (arXiv:2302.11970v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.11970
• Code URL: https://github.com/awsaf49/artifact
• Copy Paste: [[2302.11970] ArtiFact: A Large-Scale Dataset with Artificial and Factual Images for Generalizable and Robust Synthetic Image Detection](http://arxiv.org/abs/2302.11970) #robust
• Summary:

  Synthetic image generation has opened up new opportunities but has also created threats in regard to privacy, authenticity, and security. Detecting fake images is of paramount importance to prevent illegal activities, and previous research has shown that generative models leave unique patterns in their synthetic images that can be exploited to detect them. However, the fundamental problem of generalization remains, as even state-of-the-art detectors encounter difficulty when facing generators never seen during training. To assess the generalizability and robustness of synthetic image detectors in the face of real-world impairments, this paper presents a large-scale dataset named ArtiFact, comprising diverse generators, object categories, and real-world challenges. Moreover, the proposed multi-class classification scheme, combined with a filter stride reduction strategy addresses social platform impairments and effectively detects synthetic images from both seen and unseen generators. The proposed solution outperforms other teams by 8.34% on Test 1, 1.26% on Test 2, and 15.08% on Test 3 in the IEEE VIP CUP at ICIP 2022.

Title: Unsupervised Domain Adaptation via Distilled Discriminative Clustering. (arXiv:2302.11984v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.11984
• Code URL: https://github.com/huitangtang/disclusterda
• Copy Paste: [[2302.11984] Unsupervised Domain Adaptation via Distilled Discriminative Clustering](http://arxiv.org/abs/2302.11984) #robust
• Summary:

  Unsupervised domain adaptation addresses the problem of classifying data in an unlabeled target domain, given labeled source domain data that share a common label space but follow a different distribution. Most of the recent methods take the approach of explicitly aligning feature distributions between the two domains. Differently, motivated by the fundamental assumption for domain adaptability, we re-cast the domain adaptation problem as discriminative clustering of target data, given strong privileged information provided by the closely related, labeled source data. Technically, we use clustering objectives based on a robust variant of entropy minimization that adaptively filters target data, a soft Fisher-like criterion, and additionally the cluster ordering via centroid classification. To distill discriminative source information for target clustering, we propose to jointly train the network using parallel, supervised learning objectives over labeled source data. We term our method of distilled discriminative clustering for domain adaptation as DisClusterDA. We also give geometric intuition that illustrates how constituent objectives of DisClusterDA help learn class-wisely pure, compact feature distributions. We conduct careful ablation studies and extensive experiments on five popular benchmark datasets, including a multi-source domain adaptation one. Based on commonly used backbone networks, DisClusterDA outperforms existing methods on these benchmarks. It is also interesting to observe that in our DisClusterDA framework, adding an additional loss term that explicitly learns to align class-level feature distributions across domains does harm to the adaptation performance, though more careful studies in different algorithmic frameworks are to be conducted.

Title: Domain Generalisation via Domain Adaptation: An Adversarial Fourier Amplitude Approach. (arXiv:2302.12047v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.12047
• Code URL: null
• Copy Paste: [[2302.12047] Domain Generalisation via Domain Adaptation: An Adversarial Fourier Amplitude Approach](http://arxiv.org/abs/2302.12047) #robust
• Summary:

  We tackle the domain generalisation (DG) problem by posing it as a domain adaptation (DA) task where we adversarially synthesise the worst-case target domain and adapt a model to that worst-case domain, thereby improving the model's robustness. To synthesise data that is challenging yet semantics-preserving, we generate Fourier amplitude images and combine them with source domain phase images, exploiting the widely believed conjecture from signal processing that amplitude spectra mainly determines image style, while phase data mainly captures image semantics. To synthesise a worst-case domain for adaptation, we train the classifier and the amplitude generator adversarially. Specifically, we exploit the maximum classifier discrepancy (MCD) principle from DA that relates the target domain performance to the discrepancy of classifiers in the model hypothesis space. By Bayesian hypothesis modeling, we express the model hypothesis space effectively as a posterior distribution over classifiers given the source domains, making adversarial MCD minimisation feasible. On the DomainBed benchmark including the large-scale DomainNet dataset, the proposed approach yields significantly improved domain generalisation performance over the state-of-the-art.

Title: Change is Hard: A Closer Look at Subpopulation Shift. (arXiv:2302.12254v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.12254
• Code URL: https://github.com/yyzharry/subpopbench
• Copy Paste: [[2302.12254] Change is Hard: A Closer Look at Subpopulation Shift](http://arxiv.org/abs/2302.12254) #robust
• Summary:

  Machine learning models often perform poorly on subgroups that are underrepresented in the training data. Yet, little is understood on the variation in mechanisms that cause subpopulation shifts, and how algorithms generalize across such diverse shifts at scale. In this work, we provide a fine-grained analysis of subpopulation shift. We first propose a unified framework that dissects and explains common shifts in subgroups. We then establish a comprehensive benchmark of 20 state-of-the-art algorithms evaluated on 12 real-world datasets in vision, language, and healthcare domains. With results obtained from training over 10,000 models, we reveal intriguing observations for future progress in this space. First, existing algorithms only improve subgroup robustness over certain types of shifts but not others. Moreover, while current algorithms rely on group-annotated validation data for model selection, we find that a simple selection criterion based on worst-class accuracy is surprisingly effective even without any group information. Finally, unlike existing works that solely aim to improve worst-group accuracy (WGA), we demonstrate the fundamental tradeoff between WGA and other important metrics, highlighting the need to carefully choose testing metrics. Code and data are available at: https://github.com/YyzHarry/SubpopBench.

Title: Does Deep Learning Learn to Abstract? A Systematic Probing Framework. (arXiv:2302.11978v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.11978
• Code URL: null
• Copy Paste: [[2302.11978] Does Deep Learning Learn to Abstract? A Systematic Probing Framework](http://arxiv.org/abs/2302.11978) #robust
• Summary:

  Abstraction is a desirable capability for deep learning models, which means to induce abstract concepts from concrete instances and flexibly apply them beyond the learning context. At the same time, there is a lack of clear understanding about both the presence and further characteristics of this capability in deep learning models. In this paper, we introduce a systematic probing framework to explore the abstraction capability of deep learning models from a transferability perspective. A set of controlled experiments are conducted based on this framework, providing strong evidence that two probed pre-trained language models (PLMs), T5 and GPT2, have the abstraction capability. We also conduct in-depth analysis, thus shedding further light: (1) the whole training phase exhibits a "memorize-then-abstract" two-stage process; (2) the learned abstract concepts are gathered in a few middle-layer attention heads, rather than being evenly distributed throughout the model; (3) the probed abstraction capabilities exhibit robustness against concept mutations, and are more robust to low-level/source-side mutations than high-level/target-side ones; (4) generic pre-training is critical to the emergence of abstraction capability, and PLMs exhibit better abstraction with larger model sizes and data scales.

Title: Asymptotically Unbiased Off-Policy Policy Evaluation when Reusing Old Data in Nonstationary Environments. (arXiv:2302.11725v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.11725
• Code URL: null
• Copy Paste: [[2302.11725] Asymptotically Unbiased Off-Policy Policy Evaluation when Reusing Old Data in Nonstationary Environments](http://arxiv.org/abs/2302.11725) #robust
• Summary:

  In this work, we consider the off-policy policy evaluation problem for contextual bandits and finite horizon reinforcement learning in the nonstationary setting. Reusing old data is critical for policy evaluation, but existing estimators that reuse old data introduce large bias such that we can not obtain a valid confidence interval. Inspired from a related field called survey sampling, we introduce a variant of the doubly robust (DR) estimator, called the regression-assisted DR estimator, that can incorporate the past data without introducing a large bias. The estimator unifies several existing off-policy policy evaluation methods and improves on them with the use of auxiliary information and a regression approach. We prove that the new estimator is asymptotically unbiased, and provide a consistent variance estimator to a construct a large sample confidence interval. Finally, we empirically show that the new estimator improves estimation for the current and future policy values, and provides a tight and valid interval estimation in several nonstationary recommendation environments.

Title: FTM: A Frame-level Timeline Modeling Method for Temporal Graph Representation Learning. (arXiv:2302.11814v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.11814
• Code URL: null
• Copy Paste: [[2302.11814] FTM: A Frame-level Timeline Modeling Method for Temporal Graph Representation Learning](http://arxiv.org/abs/2302.11814) #robust
• Summary:

  Learning representations for graph-structured data is essential for graph analytical tasks. While remarkable progress has been made on static graphs, researches on temporal graphs are still in its beginning stage. The bottleneck of the temporal graph representation learning approach is the neighborhood aggregation strategy, based on which graph attributes share and gather information explicitly. Existing neighborhood aggregation strategies fail to capture either the short-term features or the long-term features of temporal graph attributes, leading to unsatisfactory model performance and even poor robustness and domain generality of the representation learning method. To address this problem, we propose a Frame-level Timeline Modeling (FTM) method that helps to capture both short-term and long-term features and thus learns more informative representations on temporal graphs. In particular, we present a novel link-based framing technique to preserve the short-term features and then incorporate a timeline aggregator module to capture the intrinsic dynamics of graph evolution as long-term features. Our method can be easily assembled with most temporal GNNs. Extensive experiments on common datasets show that our method brings great improvements to the capability, robustness, and domain generality of backbone methods in downstream tasks. Our code can be found at https://github.com/yeeeqichen/FTM.

Title: Diverse Policy Optimization for Structured Action Space. (arXiv:2302.11917v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.11917
• Code URL: null
• Copy Paste: [[2302.11917] Diverse Policy Optimization for Structured Action Space](http://arxiv.org/abs/2302.11917) #robust
• Summary:

  Enhancing the diversity of policies is beneficial for robustness, exploration, and transfer in reinforcement learning (RL). In this paper, we aim to seek diverse policies in an under-explored setting, namely RL tasks with structured action spaces with the two properties of composability and local dependencies. The complex action structure, non-uniform reward landscape, and subtle hyperparameter tuning due to the properties of structured actions prevent existing approaches from scaling well. We propose a simple and effective RL method, Diverse Policy Optimization (DPO), to model the policies in structured action space as the energy-based models (EBM) by following the probabilistic RL framework. A recently proposed novel and powerful generative model, GFlowNet, is introduced as the efficient, diverse EBM-based policy sampler. DPO follows a joint optimization framework: the outer layer uses the diverse policies sampled by the GFlowNet to update the EBM-based policies, which supports the GFlowNet training in the inner layer. Experiments on ATSC and Battle benchmarks demonstrate that DPO can efficiently discover surprisingly diverse policies in challenging scenarios and substantially outperform existing state-of-the-art methods.

Title: Investigating Catastrophic Overfitting in Fast Adversarial Training: A Self-fitting Perspective. (arXiv:2302.11963v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.11963
• Code URL: null
• Copy Paste: [[2302.11963] Investigating Catastrophic Overfitting in Fast Adversarial Training: A Self-fitting Perspective](http://arxiv.org/abs/2302.11963) #robust
• Summary:

  Although fast adversarial training provides an efficient approach for building robust networks, it may suffer from a serious problem known as catastrophic overfitting (CO), where the multi-step robust accuracy suddenly collapses to zero. In this paper, we for the first time decouple the FGSM examples into data-information and self-information, which reveals an interesting phenomenon called "self-fitting". Self-fitting, i.e., DNNs learn the self-information embedded in single-step perturbations, naturally leads to the occurrence of CO. When self-fitting occurs, the network experiences an obvious "channel differentiation" phenomenon that some convolution channels accounting for recognizing self-information become dominant, while others for data-information are suppressed. In this way, the network learns to only recognize images with sufficient self-information and loses generalization ability to other types of data. Based on self-fitting, we provide new insight into the existing methods to mitigate CO and extend CO to multi-step adversarial training. Our findings reveal a self-learning mechanism in adversarial training and open up new perspectives for suppressing different kinds of information to mitigate CO.

Title: Robust Representation Learning by Clustering with Bisimulation Metrics for Visual Reinforcement Learning with Distractions. (arXiv:2302.12003v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.12003
• Code URL: null
• Copy Paste: [[2302.12003] Robust Representation Learning by Clustering with Bisimulation Metrics for Visual Reinforcement Learning with Distractions](http://arxiv.org/abs/2302.12003) #robust
• Summary:

  Recent work has shown that representation learning plays a critical role in sample-efficient reinforcement learning (RL) from pixels. Unfortunately, in real-world scenarios, representation learning is usually fragile to task-irrelevant distractions such as variations in background or viewpoint.To tackle this problem, we propose a novel clustering-based approach, namely Clustering with Bisimulation Metrics (CBM), which learns robust representations by grouping visual observations in the latent space. Specifically, CBM alternates between two steps: (1) grouping observations by measuring their bisimulation distances to the learned prototypes; (2) learning a set of prototypes according to the current cluster assignments. Computing cluster assignments with bisimulation metrics enables CBM to capture task-relevant information, as bisimulation metrics quantify the behavioral similarity between observations. Moreover, CBM encourages the consistency of representations within each group, which facilitates filtering out task-irrelevant information and thus induces robust representations against distractions. An appealing feature is that CBM can achieve sample-efficient representation learning even if multiple distractions exist simultaneously.Experiments demonstrate that CBM significantly improves the sample efficiency of popular visual RL algorithms and achieves state-of-the-art performance on both multiple and single distraction settings. The code is available at https://github.com/MIRALab-USTC/RL-CBM.

Title: Gaussian Switch Sampling: A Second Order Approach to Active Learning. (arXiv:2302.12018v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.12018
• Code URL: null
• Copy Paste: [[2302.12018] Gaussian Switch Sampling: A Second Order Approach to Active Learning](http://arxiv.org/abs/2302.12018) #robust
• Summary:

  In active learning, acquisition functions define informativeness directly on the representation position within the model manifold. However, for most machine learning models (in particular neural networks) this representation is not fixed due to the training pool fluctuations in between active learning rounds. Therefore, several popular strategies are sensitive to experiment parameters (e.g. architecture) and do not consider model robustness to out-of-distribution settings. To alleviate this issue, we propose a grounded second-order definition of information content and sample importance within the context of active learning. Specifically, we define importance by how often a neural network "forgets" a sample during training - artifacts of second order representation shifts. We show that our definition produces highly accurate importance scores even when the model representations are constrained by the lack of training data. Motivated by our analysis, we develop Gaussian Switch Sampling (GauSS). We show that GauSS is setup agnostic and robust to anomalous distributions with exhaustive experiments on three in-distribution benchmarks, three out-of-distribution benchmarks, and three different architectures. We report an improvement of up to 5% when compared against four popular query strategies.

Title: Online Calibrated Regression for Adversarially Robust Forecasting. (arXiv:2302.12196v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.12196
• Code URL: null
• Copy Paste: [[2302.12196] Online Calibrated Regression for Adversarially Robust Forecasting](http://arxiv.org/abs/2302.12196) #robust
• Summary:

  Accurately estimating uncertainty is a crucial component of decision-making and forecasting in machine learning. However, existing uncertainty estimation methods developed for IID data may fail when these IID assumptions no longer hold. In this paper, we present a novel approach to uncertainty estimation that leverages the principles of online learning. Specifically, we define a task called online calibrated forecasting which seeks to extend existing online learning methods to handle predictive uncertainty while ensuring high accuracy. We introduce algorithms for this task that provide formal guarantees on the accuracy and calibration of probabilistic predictions even on adversarial input. We demonstrate the practical utility of our methods on several forecasting tasks, showing that our probabilistic predictions improve over natural baselines. Overall, our approach advances calibrated uncertainty estimation, and takes a step towards more robust and reliable decision-making and forecasting in risk-sensitive scenarios.

biometric

steal

extraction

Title: RSFDM-Net: Real-time Spatial and Frequency Domains Modulation Network for Underwater Image Enhancement. (arXiv:2302.12186v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.12186
• Code URL: null
• Copy Paste: [[2302.12186] RSFDM-Net: Real-time Spatial and Frequency Domains Modulation Network for Underwater Image Enhancement](http://arxiv.org/abs/2302.12186) #extraction
• Summary:

  Underwater images typically experience mixed degradations of brightness and structure caused by the absorption and scattering of light by suspended particles. To address this issue, we propose a Real-time Spatial and Frequency Domains Modulation Network (RSFDM-Net) for the efficient enhancement of colors and details in underwater images. Specifically, our proposed conditional network is designed with Adaptive Fourier Gating Mechanism (AFGM) and Multiscale Convolutional Attention Module (MCAM) to generate vectors carrying low-frequency background information and high-frequency detail features, which effectively promote the network to model global background information and local texture details. To more precisely correct the color cast and low saturation of the image, we introduce a Three-branch Feature Extraction (TFE) block in the primary net that processes images pixel by pixel to integrate the color information extended by the same channel (R, G, or B). This block consists of three small branches, each of which has its own weights. Extensive experiments demonstrate that our network significantly outperforms over state-of-the-art methods in both visual quality and quantitative metrics.

Title: Coarse-to-Fine Knowledge Selection for Document Grounded Dialogs. (arXiv:2302.11849v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2302.11849
• Code URL: null
• Copy Paste: [[2302.11849] Coarse-to-Fine Knowledge Selection for Document Grounded Dialogs](http://arxiv.org/abs/2302.11849) #extraction
• Summary:

  Multi-document grounded dialogue systems (DGDS) belong to a class of conversational agents that answer users' requests by finding supporting knowledge from a collection of documents. Most previous studies aim to improve the knowledge retrieval model or propose more effective ways to incorporate external knowledge into a parametric generation model. These methods, however, focus on retrieving knowledge from mono-granularity language units (e.g. passages, sentences, or spans in documents), which is not enough to effectively and efficiently capture precise knowledge in long documents. This paper proposes Re3G, which aims to optimize both coarse-grained knowledge retrieval and fine-grained knowledge extraction in a unified framework. Specifically, the former efficiently finds relevant passages in a retrieval-and-reranking process, whereas the latter effectively extracts finer-grain spans within those passages to incorporate into a parametric answer generation model (BART, T5). Experiments on DialDoc Shared Task demonstrate the effectiveness of our method.

Title: LightCTS: A Lightweight Framework for Correlated Time Series Forecasting. (arXiv:2302.11974v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.11974
• Code URL: https://github.com/ai4cts/lightcts
• Copy Paste: [[2302.11974] LightCTS: A Lightweight Framework for Correlated Time Series Forecasting](http://arxiv.org/abs/2302.11974) #extraction
• Summary:

  Correlated time series (CTS) forecasting plays an essential role in many practical applications, such as traffic management and server load control. Many deep learning models have been proposed to improve the accuracy of CTS forecasting. However, while models have become increasingly complex and computationally intensive, they struggle to improve accuracy. Pursuing a different direction, this study aims instead to enable much more efficient, lightweight models that preserve accuracy while being able to be deployed on resource-constrained devices. To achieve this goal, we characterize popular CTS forecasting models and yield two observations that indicate directions for lightweight CTS forecasting. On this basis, we propose the LightCTS framework that adopts plain stacking of temporal and spatial operators instead of alternate stacking that is much more computationally expensive. Moreover, LightCTS features light temporal and spatial operator modules, called L-TCN and GL-Former, that offer improved computational efficiency without compromising their feature extraction capabilities. LightCTS also encompasses a last-shot compression scheme to reduce redundant temporal features and speed up subsequent computations. Experiments with single-step and multi-step forecasting benchmark datasets show that LightCTS is capable of nearly state-of-the-art accuracy at much reduced computational and storage overheads.

Title: Detection of Epilepsy Seizure using Different Dimensionality Reduction Techniques and Machine Learning on Transform Domain. (arXiv:2302.12012v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.12012
• Code URL: null
• Copy Paste: [[2302.12012] Detection of Epilepsy Seizure using Different Dimensionality Reduction Techniques and Machine Learning on Transform Domain](http://arxiv.org/abs/2302.12012) #extraction
• Summary:

  An Electroencephalogram (EEG) is a non-invasive exam that records the electrical activity of the brain. This exam is used to help diagnose conditions such as different brain problems. EEG signals are taken for the purpose of epilepsy detection and with Discrete Wavelet Transform (DWT) and machine learning classifier, they perform epilepsy detection. In Epilepsy seizure detection, mainly machine learning classifiers and statistical features are used. The hidden information in the EEG signal is useful for detecting diseases affecting the brain. Sometimes it is very difficult to identify the minimum changes in the EEG in time and frequency domains purpose. The DWT can give a good decomposition of the signals in different frequency bands and feature extraction. We use the tri-dimensionality reduction algorithm.; Principal Component Analysis (PCA), Independent Component Analysis (ICA) and Linear Discriminant Analysis (LDA). Finally, features are selected by using a fusion rule and at the last step three different classifiers Support Vector Machine (SVM), Naive Bayes (NB) and K-Nearest-Neighbor (KNN) has been used for the classification. The proposed framework is tested on the Bonn dataset and the simulation results provide the maximum accuracy for the combination of LDA and NB for 10-fold cross validation technique. It shows the maximum average sensitivity, specificity, accuracy, Precision and Recall of 100%, 100%, 100%, 100% and 100%. The results prove the effectiveness of this model.

membership infer

federate

Title: Federated Nearest Neighbor Machine Translation. (arXiv:2302.12211v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2302.12211
• Code URL: null
• Copy Paste: [[2302.12211] Federated Nearest Neighbor Machine Translation](http://arxiv.org/abs/2302.12211) #federate
• Summary:

  To protect user privacy and meet legal regulations, federated learning (FL) is attracting significant attention. Training neural machine translation (NMT) models with traditional FL algorithm (e.g., FedAvg) typically relies on multi-round model-based interactions. However, it is impractical and inefficient for machine translation tasks due to the vast communication overheads and heavy synchronization. In this paper, we propose a novel federated nearest neighbor (FedNN) machine translation framework that, instead of multi-round model-based interactions, leverages one-round memorization-based interaction to share knowledge across different clients to build low-overhead privacy-preserving systems. The whole approach equips the public NMT model trained on large-scale accessible data with a $k$-nearest-neighbor ($$kNN) classifier and integrates the external datastore constructed by private text data in all clients to form the final FL model. A two-phase datastore encryption strategy is introduced to achieve privacy-preserving during this process. Extensive experiments show that FedNN significantly reduces computational and communication costs compared with FedAvg, while maintaining promising performance in different FL settings.

Title: Data-Free Diversity-Based Ensemble Selection For One-Shot Federated Learning in Machine Learning Model Market. (arXiv:2302.11751v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.11751
• Code URL: null
• Copy Paste: [[2302.11751] Data-Free Diversity-Based Ensemble Selection For One-Shot Federated Learning in Machine Learning Model Market](http://arxiv.org/abs/2302.11751) #federate
• Summary:

  The emerging availability of trained machine learning models has put forward the novel concept of Machine Learning Model Market in which one can harness the collective intelligence of multiple well-trained models to improve the performance of the resultant model through one-shot federated learning and ensemble learning in a data-free manner. However, picking the models available in the market for ensemble learning is time-consuming, as using all the models is not always the best approach. It is thus crucial to have an effective ensemble selection strategy that can find a good subset of the base models for the ensemble. Conventional ensemble selection techniques are not applicable, as we do not have access to the local datasets of the parties in the federated learning setting. In this paper, we present a novel Data-Free Diversity-Based method called DeDES to address the ensemble selection problem for models generated by one-shot federated learning in practical applications such as model markets. Experiments showed that our method can achieve both better performance and higher efficiency over 5 datasets and 4 different model structures under the different data-partition strategies.

Title: FedIL: Federated Incremental Learning from Decentralized Unlabeled Data with Convergence Analysis. (arXiv:2302.11823v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.11823
• Code URL: null
• Copy Paste: [[2302.11823] FedIL: Federated Incremental Learning from Decentralized Unlabeled Data with Convergence Analysis](http://arxiv.org/abs/2302.11823) #federate
• Summary:

  Most existing federated learning methods assume that clients have fully labeled data to train on, while in reality, it is hard for the clients to get task-specific labels due to users' privacy concerns, high labeling costs, or lack of expertise. This work considers the server with a small labeled dataset and intends to use unlabeled data in multiple clients for semi-supervised learning. We propose a new framework with a generalized model, Federated Incremental Learning (FedIL), to address the problem of how to utilize labeled data in the server and unlabeled data in clients separately in the scenario of Federated Learning (FL). FedIL uses the Iterative Similarity Fusion to enforce the server-client consistency on the predictions of unlabeled data and uses incremental confidence to establish a credible pseudo-label set in each client. We show that FedIL will accelerate model convergence by Cosine Similarity with normalization, proved by Banach Fixed Point Theorem. The code is available at https://anonymous.4open.science/r/fedil.

Title: Personalized Decentralized Federated Learning with Knowledge Distillation. (arXiv:2302.12156v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.12156
• Code URL: null
• Copy Paste: [[2302.12156] Personalized Decentralized Federated Learning with Knowledge Distillation](http://arxiv.org/abs/2302.12156) #federate
• Summary:

  Personalization in federated learning (FL) functions as a coordinator for clients with high variance in data or behavior. Ensuring the convergence of these clients' models relies on how closely users collaborate with those with similar patterns or preferences. However, it is generally challenging to quantify similarity under limited knowledge about other users' models given to users in a decentralized network. To cope with this issue, we propose a personalized and fully decentralized FL algorithm, leveraging knowledge distillation techniques to empower each device so as to discern statistical distances between local models. Each client device can enhance its performance without sharing local data by estimating the similarity between two intermediate outputs from feeding local samples as in knowledge distillation. Our empirical studies demonstrate that the proposed algorithm improves the test accuracy of clients in fewer iterations under highly non-independent and identically distributed (non-i.i.d.) data distributions and is beneficial to agents with small datasets, even without the need for a central server.

fair

Title: The Geometry of Mixability. (arXiv:2302.11905v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.11905
• Code URL: null
• Copy Paste: [[2302.11905] The Geometry of Mixability](http://arxiv.org/abs/2302.11905) #fair
• Summary:

  Mixable loss functions are of fundamental importance in the context of prediction with expert advice in the online setting since they characterize fast learning rates. By re-interpreting properness from the point of view of differential geometry, we provide a simple geometric characterization of mixability for the binary and multi-class cases: a proper loss function $\ell$ is $\eta$-mixable if and only if the superpredition set $\textrm{spr}(\eta \ell)$ of the scaled loss function $\eta \ell$ slides freely inside the superprediction set $\textrm{spr}(\ell_{\log})$ of the log loss $\ell_{\log}$, under fairly general assumptions on the differentiability of $\ell$. Our approach provides a way to treat some concepts concerning loss functions (like properness) in a ''coordinate-free'' manner and reconciles previous results obtained for mixable loss functions for the binary and the multi-class cases.

interpretability

Title: Concept Learning for Interpretable Multi-Agent Reinforcement Learning. (arXiv:2302.12232v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.12232
• Code URL: null
• Copy Paste: [[2302.12232] Concept Learning for Interpretable Multi-Agent Reinforcement Learning](http://arxiv.org/abs/2302.12232) #interpretability
• Summary:

  Multi-agent robotic systems are increasingly operating in real-world environments in close proximity to humans, yet are largely controlled by policy models with inscrutable deep neural network representations. We introduce a method for incorporating interpretable concepts from a domain expert into models trained through multi-agent reinforcement learning, by requiring the model to first predict such concepts then utilize them for decision making. This allows an expert to both reason about the resulting concept policy models in terms of these high-level concepts at run-time, as well as intervene and correct mispredictions to improve performance. We show that this yields improved interpretability and training stability, with benefits to policy performance and sample efficiency in a simulated and real-world cooperative-competitive multi-agent game.

explainability

Title: Dermatological Diagnosis Explainability Benchmark for Convolutional Neural Networks. (arXiv:2302.12084v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.12084
• Code URL: null
• Copy Paste: [[2302.12084] Dermatological Diagnosis Explainability Benchmark for Convolutional Neural Networks](http://arxiv.org/abs/2302.12084) #explainability
• Summary:

  In recent years, large strides have been taken in developing machine learning methods for dermatological applications, supported in part by the success of deep learning (DL). To date, diagnosing diseases from images is one of the most explored applications of DL within dermatology. Convolutional neural networks (ConvNets) are the most common (DL) method in medical imaging due to their training efficiency and accuracy, although they are often described as black boxes because of their limited explainability. One popular way to obtain insight into a ConvNet's decision mechanism is gradient class activation maps (Grad-CAM). A quantitative evaluation of the Grad-CAM explainability has been recently made possible by the release of DermXDB, a skin disease diagnosis explainability dataset which enables explainability benchmarking of ConvNet architectures. In this paper, we perform a literature review to identify the most common ConvNet architectures used for this task, and compare their Grad-CAM explanations with the explanation maps provided by DermXDB. We identified 11 architectures: DenseNet121, EfficientNet-B0, InceptionV3, InceptionResNetV2, MobileNet, MobileNetV2, NASNetMobile, ResNet50, ResNet50V2, VGG16, and Xception. We pre-trained all architectures on an clinical skin disease dataset, and fine-tuned them on a DermXDB subset. Validation results on the DermXDB holdout subset show an explainability F1 score of between 0.35-0.46, with Xception displaying the highest explainability performance. NASNetMobile reports the highest characteristic-level explainability sensitivity, despite it's mediocre diagnosis performance. These results highlight the importance of choosing the right architecture for the desired application and target market, underline need for additional explainability datasets, and further confirm the need for explainability benchmarking that relies on quantitative analyses.

Title: Local and Global Explainability Metrics for Machine Learning Predictions. (arXiv:2302.12094v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.12094
• Code URL: null
• Copy Paste: [[2302.12094] Local and Global Explainability Metrics for Machine Learning Predictions](http://arxiv.org/abs/2302.12094) #explainability
• Summary:

  Rapid advancements in artificial intelligence (AI) technology have brought about a plethora of new challenges in terms of governance and regulation. AI systems are being integrated into various industries and sectors, creating a demand from decision-makers to possess a comprehensive and nuanced understanding of the capabilities and limitations of these systems. One critical aspect of this demand is the ability to explain the results of machine learning models, which is crucial to promoting transparency and trust in AI systems, as well as fundamental in helping machine learning models to be trained ethically. In this paper, we present novel quantitative metrics frameworks for interpreting the predictions of classifier and regressor models. The proposed metrics are model agnostic and are defined in order to be able to quantify: i. the interpretability factors based on global and local feature importance distributions; ii. the variability of feature impact on the model output; and iii. the complexity of feature interactions within model decisions. We employ publicly available datasets to apply our proposed metrics to various machine learning models focused on predicting customers' credit risk (classification task) and real estate price valuation (regression task). The results expose how these metrics can provide a more comprehensive understanding of model predictions and facilitate better communication between decision-makers and stakeholders, thereby increasing the overall transparency and accountability of AI systems.

watermark

diffusion

Title: Controlled and Conditional Text to Image Generation with Diffusion Prior. (arXiv:2302.11710v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.11710
• Code URL: null
• Copy Paste: [[2302.11710] Controlled and Conditional Text to Image Generation with Diffusion Prior](http://arxiv.org/abs/2302.11710) #diffusion
• Summary:

  Denoising Diffusion models have shown remarkable performance in generating diverse, high quality images from text. Numerous techniques have been proposed on top of or in alignment with models like Stable Diffusion and Imagen that generate images directly from text. A lesser explored approach is DALLE-2's two step process comprising a Diffusion Prior that generates a CLIP image embedding from text and a Diffusion Decoder that generates an image from a CLIP image embedding. We explore the capabilities of the Diffusion Prior and the advantages of an intermediate CLIP representation. We observe that Diffusion Prior can be used in a memory and compute efficient way to constrain the generation to a specific domain without altering the larger Diffusion Decoder. Moreover, we show that the Diffusion Prior can be trained with additional conditional information such as color histogram to further control the generation. We show quantitatively and qualitatively that the proposed approaches perform better than prompt engineering for domain specific generation and existing baselines for color conditioned generation. We believe that our observations and results will instigate further research into the diffusion prior and uncover more of its capabilities.

Title: Region-Aware Diffusion for Zero-shot Text-driven Image Editing. (arXiv:2302.11797v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.11797
• Code URL: https://github.com/haha-lisa/RDM-Region-Aware-Diffusion-Model
• Copy Paste: [[2302.11797] Region-Aware Diffusion for Zero-shot Text-driven Image Editing](http://arxiv.org/abs/2302.11797) #diffusion
• Summary:

  Image manipulation under the guidance of textual descriptions has recently received a broad range of attention. In this study, we focus on the regional editing of images with the guidance of given text prompts. Different from current mask-based image editing methods, we propose a novel region-aware diffusion model (RDM) for entity-level image editing, which could automatically locate the region of interest and replace it following given text prompts. To strike a balance between image fidelity and inference speed, we design the intensive diffusion pipeline by combing latent space diffusion and enhanced directional guidance. In addition, to preserve image content in non-edited regions, we introduce regional-aware entity editing to modify the region of interest and preserve the out-of-interest region. We validate the proposed RDM beyond the baseline methods through extensive qualitative and quantitative experiments. The results show that RDM outperforms the previous approaches in terms of visual quality, overall harmonization, non-editing region content preservation, and text-image semantic consistency. The codes are available at https://github.com/haha-lisa/RDM-Region-Aware-Diffusion-Model.

Title: Designing an Encoder for Fast Personalization of Text-to-Image Models. (arXiv:2302.12228v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.12228
• Code URL: null
• Copy Paste: [[2302.12228] Designing an Encoder for Fast Personalization of Text-to-Image Models](http://arxiv.org/abs/2302.12228) #diffusion
• Summary:

  Text-to-image personalization aims to teach a pre-trained diffusion model to reason about novel, user provided concepts, embedding them into new scenes guided by natural language prompts. However, current personalization approaches struggle with lengthy training times, high storage requirements or loss of identity. To overcome these limitations, we propose an encoder-based domain-tuning approach. Our key insight is that by underfitting on a large set of concepts from a given domain, we can improve generalization and create a model that is more amenable to quickly adding novel concepts from the same domain. Specifically, we employ two components: First, an encoder that takes as an input a single image of a target concept from a given domain, e.g. a specific face, and learns to map it into a word-embedding representing the concept. Second, a set of regularized weight-offsets for the text-to-image model that learn how to effectively ingest additional concepts. Together, these components are used to guide the learning of unseen concepts, allowing us to personalize a model using only a single image and as few as 5 training steps - accelerating personalization from dozens of minutes to seconds, while preserving quality.

Title: DiffusioNeRF: Regularizing Neural Radiance Fields with Denoising Diffusion Models. (arXiv:2302.12231v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.12231
• Code URL: null
• Copy Paste: [[2302.12231] DiffusioNeRF: Regularizing Neural Radiance Fields with Denoising Diffusion Models](http://arxiv.org/abs/2302.12231) #diffusion
• Summary:

  Under good conditions, Neural Radiance Fields (NeRFs) have shown impressive results on novel view synthesis tasks. NeRFs learn a scene's color and density fields by minimizing the photometric discrepancy between training views and differentiable renders of the scene. Once trained from a sufficient set of views, NeRFs can generate novel views from arbitrary camera positions. However, the scene geometry and color fields are severely under-constrained, which can lead to artifacts, especially when trained with few input views.

To alleviate this problem we learn a prior over scene geometry and color, using a denoising diffusion model (DDM). Our DDM is trained on RGBD patches of the synthetic Hypersim dataset and can be used to predict the gradient of the logarithm of a joint probability distribution of color and depth patches. We show that, during NeRF training, these gradients of logarithms of RGBD patch priors serve to regularize geometry and color for a scene. During NeRF training, random RGBD patches are rendered and the estimated gradients of the log-likelihood are backpropagated to the color and density fields. Evaluations on LLFF, the most relevant dataset, show that our learned prior achieves improved quality in the reconstructed geometry and improved generalization to novel views. Evaluations on DTU show improved reconstruction quality among NeRF methods.