secure

security

Title: Harnessing the Speed and Accuracy of Machine Learning to Advance Cybersecurity. (arXiv:2302.12415v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2302.12415
• Code URL: null
• Copy Paste: [[2302.12415] Harnessing the Speed and Accuracy of Machine Learning to Advance Cybersecurity](http://arxiv.org/abs/2302.12415) #security
• Summary:

  As cyber attacks continue to increase in frequency and sophistication, detecting malware has become a critical task for maintaining the security of computer systems. Traditional signature-based methods of malware detection have limitations in detecting complex and evolving threats. In recent years, machine learning (ML) has emerged as a promising solution to detect malware effectively. ML algorithms are capable of analyzing large datasets and identifying patterns that are difficult for humans to identify. This paper presents a comprehensive review of the state-of-the-art ML techniques used in malware detection, including supervised and unsupervised learning, deep learning, and reinforcement learning. We also examine the challenges and limitations of ML-based malware detection, such as the potential for adversarial attacks and the need for large amounts of labeled data. Furthermore, we discuss future directions in ML-based malware detection, including the integration of multiple ML algorithms and the use of explainable AI techniques to enhance the interpret ability of ML-based detection systems. Our research highlights the potential of ML-based techniques to improve the speed and accuracy of malware detection, and contribute to enhancing cybersecurity

Title: Smaller public keys for MinRank-based schemes. (arXiv:2302.12447v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2302.12447
• Code URL: null
• Copy Paste: [[2302.12447] Smaller public keys for MinRank-based schemes](http://arxiv.org/abs/2302.12447) #security
• Summary:

  MinRank is an NP-complete problem in linear algebra whose characteristics make it attractive to build post-quantum cryptographic primitives. Currently, three MinRank-based digital signature schemes have been proposed: Curtois' (2001), MR-DSS (2022), and MRitH (2022). Of these, MR-DSS has the smallest public-key size. We propose a key-generation algorithm for MinRank-based schemes that reduces the size of public key to about $50\%$ of that of MR-DSS, putting it in the range of 328-664 bits, for security levels of 128-256 bits.

Title: Machine Learning Based Intrusion Detection Systems for IoT Applications. (arXiv:2302.12452v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2302.12452
• Code URL: null
• Copy Paste: [[2302.12452] Machine Learning Based Intrusion Detection Systems for IoT Applications](http://arxiv.org/abs/2302.12452) #security
• Summary:

  Internet of Things (IoT) and its applications are the most popular research areas at present. The characteristics of IoT on one side make it easily applicable to real-life applications, whereas on the other side expose it to cyber threats. Denial of Service (DoS) is one of the most catastrophic attacks against IoT. In this paper, we investigate the prospects of using machine learning classification algorithms for securing IoT against DoS attacks. A comprehensive study is carried on the classifiers which can advance the development of anomaly-based intrusion detection systems (IDSs). Performance assessment of classifiers is done in terms of prominent metrics and validation methods. Popular datasets CIDDS-001, UNSW-NB15, and NSL-KDD are used for benchmarking classifiers. Friedman and Nemenyi tests are employed to analyze the significant differences among classifiers statistically. In addition, Raspberry Pi is used to evaluate the response time of classifiers on IoT specific hardware. We also discuss a methodology for selecting the best classifier as per application requirements. The main goals of this study are to motivate IoT security researchers for developing IDSs using ensemble learning, and suggesting appropriate methods for statistical assessment of classifier's performance.

Title: Global Pandemics Influence on Cyber Security and Cyber Crimes. (arXiv:2302.12462v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2302.12462
• Code URL: null
• Copy Paste: [[2302.12462] Global Pandemics Influence on Cyber Security and Cyber Crimes](http://arxiv.org/abs/2302.12462) #security
• Summary:

  COVID-19 has caused widespread damage across many areas of life and has made humans more dependent on the internet and technology making us realize the importance of secure remote working environments. While social separation is encouraged during moments of lockdown, online infrastructure has become the central focus for communication, commerce, working, and learning, creating a new challenge and trend for companies to adopt new methods and operating models. The cases of cyber-attacks increased, and fraudsters and cybercriminals took use of this to intensify their illegal activities by taking advantage of remote workers' vulnerabilities and the public's interest in information about the coronavirus. This paper examines the different types of security threats and cyber crimes that people faced in the pandemic time and the need for a safe and secure cyber infrastructure. This paper attempts to analyze the security implications of the issues.

Title: A Real-Time Co-simulation Testbed for EV Charging and Smart Grid Security. (arXiv:2302.12781v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2302.12781
• Code URL: null
• Copy Paste: [[2302.12781] A Real-Time Co-simulation Testbed for EV Charging and Smart Grid Security](http://arxiv.org/abs/2302.12781) #security
• Summary:

  Faced with the threat of climate change, the world is rapidly adopting Electric Vehicles (EVs). The EV ecosystem, however, is vulnerable to cyber-attacks putting it and the power grid at risk. In this article, we present a security-oriented real-time Co-simulation Testbed for the EV ecosystem and the power grid.

privacy

Title: Active Membership Inference Attack under Local Differential Privacy in Federated Learning. (arXiv:2302.12685v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.12685
• Code URL: https://github.com/trucndt/ami
• Copy Paste: [[2302.12685] Active Membership Inference Attack under Local Differential Privacy in Federated Learning](http://arxiv.org/abs/2302.12685) #privacy
• Summary:

  Federated learning (FL) was originally regarded as a framework for collaborative learning among clients with data privacy protection through a coordinating server. In this paper, we propose a new active membership inference (AMI) attack carried out by a dishonest server in FL. In AMI attacks, the server crafts and embeds malicious parameters into global models to effectively infer whether a target data sample is included in a client's private training data or not. By exploiting the correlation among data features through a non-linear decision boundary, AMI attacks with a certified guarantee of success can achieve severely high success rates under rigorous local differential privacy (LDP) protection; thereby exposing clients' training data to significant privacy risk. Theoretical and experimental results on several benchmark datasets show that adding sufficient privacy-preserving noise to prevent our attack would significantly damage FL's model utility.

Title: SurvivalGAN: Generating Time-to-Event Data for Survival Analysis. (arXiv:2302.12749v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.12749
• Code URL: https://github.com/vanderschaarlab/survivalgan
• Copy Paste: [[2302.12749] SurvivalGAN: Generating Time-to-Event Data for Survival Analysis](http://arxiv.org/abs/2302.12749) #privacy
• Summary:

  Synthetic data is becoming an increasingly promising technology, and successful applications can improve privacy, fairness, and data democratization. While there are many methods for generating synthetic tabular data, the task remains non-trivial and unexplored for specific scenarios. One such scenario is survival data. Here, the key difficulty is censoring: for some instances, we are not aware of the time of event, or if one even occurred. Imbalances in censoring and time horizons cause generative models to experience three new failure modes specific to survival analysis: (1) generating too few at-risk members; (2) generating too many at-risk members; and (3) censoring too early. We formalize these failure modes and provide three new generative metrics to quantify them. Following this, we propose SurvivalGAN, a generative model that handles survival data firstly by addressing the imbalance in the censoring and event horizons, and secondly by using a dedicated mechanism for approximating time-to-event/censoring. We evaluate this method via extensive experiments on medical datasets. SurvivalGAN outperforms multiple baselines at generating survival data, and in particular addresses the failure modes as measured by the new metrics, in addition to improving downstream performance of survival models trained on the synthetic data.

protect

defense

attack

Title: HyperAttack: Multi-Gradient-Guided White-box Adversarial Structure Attack of Hypergraph Neural Networks. (arXiv:2302.12407v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.12407
• Code URL: null
• Copy Paste: [[2302.12407] HyperAttack: Multi-Gradient-Guided White-box Adversarial Structure Attack of Hypergraph Neural Networks](http://arxiv.org/abs/2302.12407) #attack
• Summary:

  Hypergraph neural networks (HGNN) have shown superior performance in various deep learning tasks, leveraging the high-order representation ability to formulate complex correlations among data by connecting two or more nodes through hyperedge modeling. Despite the well-studied adversarial attacks on Graph Neural Networks (GNN), there is few study on adversarial attacks against HGNN, which leads to a threat to the safety of HGNN applications. In this paper, we introduce HyperAttack, the first white-box adversarial attack framework against hypergraph neural networks. HyperAttack conducts a white-box structure attack by perturbing hyperedge link status towards the target node with the guidance of both gradients and integrated gradients. We evaluate HyperAttack on the widely-used Cora and PubMed datasets and three hypergraph neural networks with typical hypergraph modeling techniques. Compared to state-of-the-art white-box structural attack methods for GNN, HyperAttack achieves a 10-20X improvement in time efficiency while also increasing attack success rates by 1.3%-3.7%. The results show that HyperAttack can achieve efficient adversarial attacks that balance effectiveness and time costs.

Title: CoSec-RPL: detection of copycat attacks in RPL based 6LoWPANs using outlier analysis. (arXiv:2302.12443v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2302.12443
• Code URL: null
• Copy Paste: [[2302.12443] CoSec-RPL: detection of copycat attacks in RPL based 6LoWPANs using outlier analysis](http://arxiv.org/abs/2302.12443) #attack
• Summary:

  The IPv6 routing protocol for low-power and lossy networks (RPL) is the standard routing protocol for IPv6 based low-power wireless personal area networks (6LoWPANs). In RPL protocol, DODAG information object (DIO) messages are used to disseminate routing information to other nodes in the network. A malicious node may eavesdrop DIO messages of its neighbor nodes and later replay the captured DIO many times with fixed intervals. In this paper, we present and investigate one of the severe attacks named as a non-spoofed copycat attack, a type of replay based DoS attack against RPL protocol. It is shown that the non-spoofed copycat attack increases the average end-to-end delay (AE2ED) and packet delivery ratio of the network. Thus, to address this problem, an intrusion detection system (IDS) named CoSec-RPL is proposed in this paper. The attack detection logic of CoSec-RPL is primarily based on the idea of outlier detection (OD). CoSec-RPL significantly mitigates the effects of the non-spoofed copycat attack on the network's performance. The effectiveness of the proposed IDS is compared with the standard RPL protocol. The experimental results indicate that CoSec-RPL detects and mitigates non-spoofed copycat attack efficiently in both static and mobile network scenarios without adding any significant overhead to the nodes. To the best of our knowledge, CoSec-RPL is the first RPL specific IDS that utilizes OD for intrusion detection in 6LoWPANs.

Title: Membership Inference Attacks against Synthetic Data through Overfitting Detection. (arXiv:2302.12580v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.12580
• Code URL: https://github.com/vanderschaarlab/domias
• Copy Paste: [[2302.12580] Membership Inference Attacks against Synthetic Data through Overfitting Detection](http://arxiv.org/abs/2302.12580) #attack
• Summary:

  Data is the foundation of most science. Unfortunately, sharing data can be obstructed by the risk of violating data privacy, impeding research in fields like healthcare. Synthetic data is a potential solution. It aims to generate data that has the same distribution as the original data, but that does not disclose information about individuals. Membership Inference Attacks (MIAs) are a common privacy attack, in which the attacker attempts to determine whether a particular real sample was used for training of the model. Previous works that propose MIAs against generative models either display low performance -- giving the false impression that data is highly private -- or need to assume access to internal generative model parameters -- a relatively low-risk scenario, as the data publisher often only releases synthetic data, not the model. In this work we argue for a realistic MIA setting that assumes the attacker has some knowledge of the underlying data distribution. We propose DOMIAS, a density-based MIA model that aims to infer membership by targeting local overfitting of the generative model. Experimentally we show that DOMIAS is significantly more successful at MIA than previous work, especially at attacking uncommon samples. The latter is disconcerting since these samples may correspond to underrepresented groups. We also demonstrate how DOMIAS' MIA performance score provides an interpretable metric for privacy, giving data publishers a new tool for achieving the desired privacy-utility trade-off in their synthetic data.

Title: Defending Against Backdoor Attacks by Layer-wise Feature Analysis. (arXiv:2302.12758v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2302.12758
• Code URL: https://github.com/najeebjebreel/dbalfa
• Copy Paste: [[2302.12758] Defending Against Backdoor Attacks by Layer-wise Feature Analysis](http://arxiv.org/abs/2302.12758) #attack
• Summary:

  Training deep neural networks (DNNs) usually requires massive training data and computational resources. Users who cannot afford this may prefer to outsource training to a third party or resort to publicly available pre-trained models. Unfortunately, doing so facilitates a new training-time attack (i.e., backdoor attack) against DNNs. This attack aims to induce misclassification of input samples containing adversary-specified trigger patterns. In this paper, we first conduct a layer-wise feature analysis of poisoned and benign samples from the target class. We find out that the feature difference between benign and poisoned samples tends to be maximum at a critical layer, which is not always the one typically used in existing defenses, namely the layer before fully-connected layers. We also demonstrate how to locate this critical layer based on the behaviors of benign samples. We then propose a simple yet effective method to filter poisoned samples by analyzing the feature differences between suspicious and benign samples at the critical layer. We conduct extensive experiments on two benchmark datasets, which confirm the effectiveness of our defense.

robust

Title: Less is More: Data Pruning for Faster Adversarial Training. (arXiv:2302.12366v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.12366
• Code URL: null
• Copy Paste: [[2302.12366] Less is More: Data Pruning for Faster Adversarial Training](http://arxiv.org/abs/2302.12366) #robust
• Summary:

  Deep neural networks (DNNs) are sensitive to adversarial examples, resulting in fragile and unreliable performance in the real world. Although adversarial training (AT) is currently one of the most effective methodologies to robustify DNNs, it is computationally very expensive (e.g., 5-10X costlier than standard training). To address this challenge, existing approaches focus on single-step AT, referred to as Fast AT, reducing the overhead of adversarial example generation. Unfortunately, these approaches are known to fail against stronger adversaries. To make AT computationally efficient without compromising robustness, this paper takes a different view of the efficient AT problem. Specifically, we propose to minimize redundancies at the data level by leveraging data pruning. Extensive experiments demonstrate that the data pruning based AT can achieve similar or superior robust (and clean) accuracy as its unpruned counterparts while being significantly faster. For instance, proposed strategies accelerate CIFAR-10 training up to 3.44X and CIFAR-100 training to 2.02X. Additionally, the data pruning methods can readily be reconciled with existing adversarial acceleration tricks to obtain the striking speed-ups of 5.66X and 5.12X on CIFAR-10, 3.67X and 3.07X on CIFAR-100 with TRADES and MART, respectively.

Title: Towards Stable Test-Time Adaptation in Dynamic Wild World. (arXiv:2302.12400v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.12400
• Code URL: https://github.com/mr-eggplant/sar
• Copy Paste: [[2302.12400] Towards Stable Test-Time Adaptation in Dynamic Wild World](http://arxiv.org/abs/2302.12400) #robust
• Summary:

  Test-time adaptation (TTA) has shown to be effective at tackling distribution shifts between training and testing data by adapting a given model on test samples. However, the online model updating of TTA may be unstable and this is often a key obstacle preventing existing TTA methods from being deployed in the real world. Specifically, TTA may fail to improve or even harm the model performance when test data have: 1) mixed distribution shifts, 2) small batch sizes, and 3) online imbalanced label distribution shifts, which are quite common in practice. In this paper, we investigate the unstable reasons and find that the batch norm layer is a crucial factor hindering TTA stability. Conversely, TTA can perform more stably with batch-agnostic norm layers, \ie, group or layer norm. However, we observe that TTA with group and layer norms does not always succeed and still suffers many failure cases. By digging into the failure cases, we find that certain noisy test samples with large gradients may disturb the model adaption and result in collapsed trivial solutions, \ie, assigning the same class label for all samples. To address the above collapse issue, we propose a sharpness-aware and reliable entropy minimization method, called SAR, for further stabilizing TTA from two aspects: 1) remove partial noisy samples with large gradients, 2) encourage model weights to go to a flat minimum so that the model is robust to the remaining noisy samples. Promising results demonstrate that SAR performs more stably over prior methods and is computationally efficient under the above wild test scenarios.

Title: RGI: robust GAN-inversion for mask-free image inpainting and unsupervised pixel-wise anomaly detection. (arXiv:2302.12464v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.12464
• Code URL: null
• Copy Paste: [[2302.12464] RGI: robust GAN-inversion for mask-free image inpainting and unsupervised pixel-wise anomaly detection](http://arxiv.org/abs/2302.12464) #robust
• Summary:

  Generative adversarial networks (GANs), trained on a large-scale image dataset, can be a good approximator of the natural image manifold. GAN-inversion, using a pre-trained generator as a deep generative prior, is a promising tool for image restoration under corruptions. However, the performance of GAN-inversion can be limited by a lack of robustness to unknown gross corruptions, i.e., the restored image might easily deviate from the ground truth. In this paper, we propose a Robust GAN-inversion (RGI) method with a provable robustness guarantee to achieve image restoration under unknown \textit{gross} corruptions, where a small fraction of pixels are completely corrupted. Under mild assumptions, we show that the restored image and the identified corrupted region mask converge asymptotically to the ground truth. Moreover, we extend RGI to Relaxed-RGI (R-RGI) for generator fine-tuning to mitigate the gap between the GAN learned manifold and the true image manifold while avoiding trivial overfitting to the corrupted input image, which further improves the image restoration and corrupted region mask identification performance. The proposed RGI/R-RGI method unifies two important applications with state-of-the-art (SOTA) performance: (i) mask-free semantic inpainting, where the corruptions are unknown missing regions, the restored background can be used to restore the missing content; (ii) unsupervised pixel-wise anomaly detection, where the corruptions are unknown anomalous regions, the retrieved mask can be used as the anomalous region's segmentation mask.

Title: Revisiting Modality Imbalance In Multimodal Pedestrian Detection. (arXiv:2302.12589v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.12589
• Code URL: null
• Copy Paste: [[2302.12589] Revisiting Modality Imbalance In Multimodal Pedestrian Detection](http://arxiv.org/abs/2302.12589) #robust
• Summary:

  Multimodal learning, particularly for pedestrian detection, has recently received emphasis due to its capability to function equally well in several critical autonomous driving scenarios such as low-light, night-time, and adverse weather conditions. However, in most cases, the training distribution largely emphasizes the contribution of one specific input that makes the network biased towards one modality. Hence, the generalization of such models becomes a significant problem where the non-dominant input modality during training could be contributing more to the course of inference. Here, we introduce a novel training setup with regularizer in the multimodal architecture to resolve the problem of this disparity between the modalities. Specifically, our regularizer term helps to make the feature fusion method more robust by considering both the feature extractors equivalently important during the training to extract the multimodal distribution which is referred to as removing the imbalance problem. Furthermore, our decoupling concept of output stream helps the detection task by sharing the spatial sensitive information mutually. Extensive experiments of the proposed method on KAIST and UTokyo datasets shows improvement of the respective state-of-the-art performance.

Title: Decoupling Human and Camera Motion from Videos in the Wild. (arXiv:2302.12827v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.12827
• Code URL: null
• Copy Paste: [[2302.12827] Decoupling Human and Camera Motion from Videos in the Wild](http://arxiv.org/abs/2302.12827) #robust
• Summary:

  We propose a method to reconstruct global human trajectories from videos in the wild. Our optimization method decouples the camera and human motion, which allows us to place people in the same world coordinate frame. Most existing methods do not model the camera motion; methods that rely on the background pixels to infer 3D human motion usually require a full scene reconstruction, which is often not possible for in-the-wild videos. However, even when existing SLAM systems cannot recover accurate scene reconstructions, the background pixel motion still provides enough signal to constrain the camera motion. We show that relative camera estimates along with data-driven human motion priors can resolve the scene scale ambiguity and recover global human trajectories. Our method robustly recovers the global 3D trajectories of people in challenging in-the-wild videos, such as PoseTrack. We quantify our improvement over existing methods on 3D human dataset Egobody. We further demonstrate that our recovered camera scale allows us to reason about motion of multiple people in a shared coordinate frame, which improves performance of downstream tracking in PoseTrack. Code and video results can be found at https://vye16.github.io/slahmr.

Title: Dynamic Benchmarking of Masked Language Models on Temporal Concept Drift with Multiple Views. (arXiv:2302.12297v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2302.12297
• Code URL: null
• Copy Paste: [[2302.12297] Dynamic Benchmarking of Masked Language Models on Temporal Concept Drift with Multiple Views](http://arxiv.org/abs/2302.12297) #robust
• Summary:

  Temporal concept drift refers to the problem of data changing over time. In NLP, that would entail that language (e.g. new expressions, meaning shifts) and factual knowledge (e.g. new concepts, updated facts) evolve over time. Focusing on the latter, we benchmark $11$ pretrained masked language models (MLMs) on a series of tests designed to evaluate the effect of temporal concept drift, as it is crucial that widely used language models remain up-to-date with the ever-evolving factual updates of the real world. Specifically, we provide a holistic framework that (1) dynamically creates temporal test sets of any time granularity (e.g. month, quarter, year) of factual data from Wikidata, (2) constructs fine-grained splits of tests (e.g. updated, new, unchanged facts) to ensure comprehensive analysis, and (3) evaluates MLMs in three distinct ways (single-token probing, multi-token generation, MLM scoring). In contrast to prior work, our framework aims to unveil how robust an MLM is over time and thus to provide a signal in case it has become outdated, by leveraging multiple views of evaluation.

Title: Testing AI performance on less frequent aspects of language reveals insensitivity to underlying meaning. (arXiv:2302.12313v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2302.12313
• Code URL: null
• Copy Paste: [[2302.12313] Testing AI performance on less frequent aspects of language reveals insensitivity to underlying meaning](http://arxiv.org/abs/2302.12313) #robust
• Summary:

  Advances in computational methods and big data availability have recently translated into breakthroughs in AI applications. With successes in bottom-up challenges partially overshadowing shortcomings, the 'human-like' performance of Large Language Models has raised the question of how linguistic performance is achieved by algorithms. Given systematic shortcomings in generalization across many AI systems, in this work we ask whether linguistic performance is indeed guided by language knowledge in Large Language Models. To this end, we prompt GPT-3 with a grammaticality judgement task and comprehension questions on less frequent constructions that are thus unlikely to form part of Large Language Models' training data. These included grammatical 'illusions', semantic anomalies, complex nested hierarchies and self-embeddings. GPT-3 failed for every prompt but one, often offering answers that show a critical lack of understanding even of high-frequency words used in these less frequent grammatical constructions. The present work sheds light on the boundaries of the alleged AI human-like linguistic competence and argues that, far from human-like, the next-word prediction abilities of LLMs may face issues of robustness, when pushed beyond training data.

Title: Extracting Victim Counts from Text. (arXiv:2302.12367v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2302.12367
• Code URL: null
• Copy Paste: [[2302.12367] Extracting Victim Counts from Text](http://arxiv.org/abs/2302.12367) #robust
• Summary:

  Decision-makers in the humanitarian sector rely on timely and exact information during crisis events. Knowing how many civilians were injured during an earthquake is vital to allocate aids properly. Information about such victim counts is often only available within full-text event descriptions from newspapers and other reports. Extracting numbers from text is challenging: numbers have different formats and may require numeric reasoning. This renders purely string matching-based approaches insufficient. As a consequence, fine-grained counts of injured, displaced, or abused victims beyond fatalities are often not extracted and remain unseen. We cast victim count extraction as a question answering (QA) task with a regression or classification objective. We compare regex, dependency parsing, semantic role labeling-based approaches, and advanced text-to-text models. Beyond model accuracy, we analyze extraction reliability and robustness which are key for this sensitive task. In particular, we discuss model calibration and investigate few-shot and out-of-distribution performance. Ultimately, we make a comprehensive recommendation on which model to select for different desiderata and data domains. Our work is among the first to apply numeracy-focused large language models in a real-world use case with a positive impact.

Title: Dual Path Modeling for Semantic Matching by Perceiving Subtle Conflicts. (arXiv:2302.12530v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2302.12530
• Code URL: null
• Copy Paste: [[2302.12530] Dual Path Modeling for Semantic Matching by Perceiving Subtle Conflicts](http://arxiv.org/abs/2302.12530) #robust
• Summary:

  Transformer-based pre-trained models have achieved great improvements in semantic matching. However, existing models still suffer from insufficient ability to capture subtle differences. The modification, addition and deletion of words in sentence pairs may make it difficult for the model to predict their relationship. To alleviate this problem, we propose a novel Dual Path Modeling Framework to enhance the model's ability to perceive subtle differences in sentence pairs by separately modeling affinity and difference semantics. Based on dual-path modeling framework we design the Dual Path Modeling Network (DPM-Net) to recognize semantic relations. And we conduct extensive experiments on 10 well-studied semantic matching and robustness test datasets, and the experimental results show that our proposed method achieves consistent improvements over baselines.

Title: Uncertainty Injection: A Deep Learning Method for Robust Optimization. (arXiv:2302.12304v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.12304
• Code URL: null
• Copy Paste: [[2302.12304] Uncertainty Injection: A Deep Learning Method for Robust Optimization](http://arxiv.org/abs/2302.12304) #robust
• Summary:

  This paper proposes a paradigm of uncertainty injection for training deep learning model to solve robust optimization problems. The majority of existing studies on deep learning focus on the model learning capability, while assuming the quality and accuracy of the inputs data can be guaranteed. However, in realistic applications of deep learning for solving optimization problems, the accuracy of inputs, which are the problem parameters in this case, plays a large role. This is because, in many situations, it is often costly or sometime impossible to obtain the problem parameters accurately, and correspondingly, it is highly desirable to develop learning algorithms that can account for the uncertainties in the input and produce solutions that are robust against these uncertainties. This paper presents a novel uncertainty injection scheme for training machine learning models that are capable of implicitly accounting for the uncertainties and producing statistically robust solutions. We further identify the wireless communications as an application field where uncertainties are prevalent in problem parameters such as the channel coefficients. We show the effectiveness of the proposed training scheme in two applications: the robust power loading for multiuser multiple-input-multiple-output (MIMO) downlink transmissions; and the robust power control for device-to-device (D2D) networks.

Title: MetaLDC: Meta Learning of Low-Dimensional Computing Classifiers for Fast On-Device Adaption. (arXiv:2302.12347v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.12347
• Code URL: null
• Copy Paste: [[2302.12347] MetaLDC: Meta Learning of Low-Dimensional Computing Classifiers for Fast On-Device Adaption](http://arxiv.org/abs/2302.12347) #robust
• Summary:

  Fast model updates for unseen tasks on intelligent edge devices are crucial but also challenging due to the limited computational power. In this paper,we propose MetaLDC, which meta-trains braininspired ultra-efficient low-dimensional computing classifiers to enable fast adaptation on tiny devices with minimal computational costs. Concretely, during the meta-training stage, MetaLDC meta trains a representation offline by explicitly taking into account that the final (binary) class layer will be fine-tuned for fast adaptation for unseen tasks on tiny devices; during the meta-testing stage, MetaLDC uses closed-form gradients of the loss function to enable fast adaptation of the class layer. Unlike traditional neural networks, MetaLDC is designed based on the emerging LDC framework to enable ultra-efficient on-device inference. Our experiments have demonstrated that compared to SOTA baselines, MetaLDC achieves higher accuracy, robustness against random bit errors, as well as cost-efficient hardware computation.

Title: On the Hardness of Robustness Transfer: A Perspective from Rademacher Complexity over Symmetric Difference Hypothesis Space. (arXiv:2302.12351v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.12351
• Code URL: null
• Copy Paste: [[2302.12351] On the Hardness of Robustness Transfer: A Perspective from Rademacher Complexity over Symmetric Difference Hypothesis Space](http://arxiv.org/abs/2302.12351) #robust
• Summary:

  Recent studies demonstrated that the adversarially robust learning under $\ell_\infty$ attack is harder to generalize to different domains than standard domain adaptation. How to transfer robustness across different domains has been a key question in domain adaptation field. To investigate the fundamental difficulty behind adversarially robust domain adaptation (or robustness transfer), we propose to analyze a key complexity measure that controls the cross-domain generalization: the adversarial Rademacher complexity over {\em symmetric difference hypothesis space} $\mathcal{H} \Delta \mathcal{H}$. For linear models, we show that adversarial version of this complexity is always greater than the non-adversarial one, which reveals the intrinsic hardness of adversarially robust domain adaptation. We also establish upper bounds on this complexity measure. Then we extend them to the ReLU neural network class by upper bounding the adversarial Rademacher complexity in the binary classification setting. Finally, even though the robust domain adaptation is provably harder, we do find positive relation between robust learning and standard domain adaptation. We explain \emph{how adversarial training helps domain adaptation in terms of standard risk}. We believe our results initiate the study of the generalization theory of adversarially robust domain adaptation, and could shed lights on distributed adversarially robust learning from heterogeneous sources, e.g., federated learning scenario.

Title: Robust Weight Signatures: Gaining Robustness as Easy as Patching Weights?. (arXiv:2302.12480v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.12480
• Code URL: null
• Copy Paste: [[2302.12480] Robust Weight Signatures: Gaining Robustness as Easy as Patching Weights?](http://arxiv.org/abs/2302.12480) #robust
• Summary:

  Given a robust model trained to be resilient to one or multiple types of distribution shifts (e.g., natural image corruptions), how is that "robustness" encoded in the model weights, and how easily can it be disentangled and/or "zero-shot" transferred to some other models? This paper empirically suggests a surprisingly simple answer: linearly - by straightforward model weight arithmetic! We start by drawing several key observations: (1)assuming that we train the same model architecture on both a clean dataset and its corrupted version, resultant weights mostly differ in shallow layers; (2)the weight difference after projection, which we call "Robust Weight Signature" (RWS), appears to be discriminative and indicative of different corruption types; (3)for the same corruption type, the RWSs obtained by one model architecture are highly consistent and transferable across different datasets.

We propose a minimalistic model robustness "patching" framework that carries a model trained on clean data together with its pre-extracted RWSs. In this way, injecting certain robustness to the model is reduced to directly adding the corresponding RWS to its weight. We verify our proposed framework to be remarkably (1)lightweight. since RWSs concentrate on the shallowest few layers and we further show they can be painlessly quantized, storing an RWS is up to 13 x more compact than storing the full weight copy; (2)in-situ adjustable. RWSs can be appended as needed and later taken off to restore the intact clean model. We further demonstrate one can linearly re-scale the RWS to control the patched robustness strength; (3)composable. Multiple RWSs can be added simultaneously to patch more comprehensive robustness at once; and (4)transferable. Even when the clean model backbone is continually adapted or updated, RWSs remain as effective patches due to their outstanding cross-dataset transferability.

Title: UnbiasedNets: A Dataset Diversification Framework for Robustness Bias Alleviation in Neural Networks. (arXiv:2302.12538v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.12538
• Code URL: https://github.com/mahum123/unbiasednets
• Copy Paste: [[2302.12538] UnbiasedNets: A Dataset Diversification Framework for Robustness Bias Alleviation in Neural Networks](http://arxiv.org/abs/2302.12538) #robust
• Summary:

  Performance of trained neural network (NN) models, in terms of testing accuracy, has improved remarkably over the past several years, especially with the advent of deep learning. However, even the most accurate NNs can be biased toward a specific output classification due to the inherent bias in the available training datasets, which may propagate to the real-world implementations. This paper deals with the robustness bias, i.e., the bias exhibited by the trained NN by having a significantly large robustness to noise for a certain output class, as compared to the remaining output classes. The bias is shown to result from imbalanced datasets, i.e., the datasets where all output classes are not equally represented. Towards this, we propose the UnbiasedNets framework, which leverages K-means clustering and the NN's noise tolerance to diversify the given training dataset, even from relatively smaller datasets. This generates balanced datasets and reduces the bias within the datasets themselves. To the best of our knowledge, this is the first framework catering to the robustness bias problem in NNs. We use real-world datasets to demonstrate the efficacy of the UnbiasedNets for data diversification, in case of both binary and multi-label classifiers. The results are compared to well-known tools aimed at generating balanced datasets, and illustrate how existing works have limited success while addressing the robustness bias. In contrast, UnbiasedNets provides a notable improvement over existing works, while even reducing the robustness bias significantly in some cases, as observed by comparing the NNs trained on the diversified and original datasets.

Title: Detection of anomalously emitting ships through deviations from predicted TROPOMI NO2 retrievals. (arXiv:2302.12744v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.12744
• Code URL: null
• Copy Paste: [[2302.12744] Detection of anomalously emitting ships through deviations from predicted TROPOMI NO2 retrievals](http://arxiv.org/abs/2302.12744) #robust
• Summary:

  Starting from 2021, more demanding $\text{NO}\text{x}$ emission restrictions were introduced for ships operating in the North and Baltic Sea waters. Since all methods currently used for ship compliance monitoring are financially and time demanding, it is important to prioritize the inspection of ships that have high chances of being non-compliant. The current state-of-the-art approach for a large-scale ship $\text{NO}\text{2}$ estimation is a supervised machine learning-based segmentation of ship plumes on TROPOMI images. However, challenging data annotation and insufficiently complex ship emission proxy used for the validation limit the applicability of the model for ship compliance monitoring. In this study, we present a method for the automated selection of potentially non-compliant ships using a combination of machine learning models on TROPOMI/S5P satellite data. It is based on a proposed regression model predicting the amount of $\text{NO}\text{2}$ that is expected to be produced by a ship with certain properties operating in the given atmospheric conditions. The model does not require manual labeling and is validated with TROPOMI data directly. The differences between the predicted and actual amount of produced $\text{NO}\text{2}$ are integrated over different observations of the same ship in time and are used as a measure of the inspection worthiness of a ship. To assure the robustness of the results, we compare the obtained results with the results of the previously developed segmentation-based method. Ships that are also highly deviating in accordance with the segmentation method require further attention. If no other explanations can be found by checking the TROPOMI data, the respective ships are advised to be the candidates for inspection.

biometric

steal

extraction

Title: A Convolutional Vision Transformer for Semantic Segmentation of Side-Scan Sonar Data. (arXiv:2302.12416v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.12416
• Code URL: https://github.com/hayatrajani/s3seg-vit
• Copy Paste: [[2302.12416] A Convolutional Vision Transformer for Semantic Segmentation of Side-Scan Sonar Data](http://arxiv.org/abs/2302.12416) #extraction
• Summary:

  Distinguishing among different marine benthic habitat characteristics is of key importance in a wide set of seabed operations ranging from installations of oil rigs to laying networks of cables and monitoring the impact of humans on marine ecosystems. The Side-Scan Sonar (SSS) is a widely used imaging sensor in this regard. It produces high-resolution seafloor maps by logging the intensities of sound waves reflected back from the seafloor. In this work, we leverage these acoustic intensity maps to produce pixel-wise categorization of different seafloor types. We propose a novel architecture adapted from the Vision Transformer (ViT) in an encoder-decoder framework. Further, in doing so, the applicability of ViTs is evaluated on smaller datasets. To overcome the lack of CNN-like inductive biases, thereby making ViTs more conducive to applications in low data regimes, we propose a novel feature extraction module to replace the Multi-layer Perceptron (MLP) block within transformer layers and a novel module to extract multiscale patch embeddings. A lightweight decoder is also proposed to complement this design in order to further boost multiscale feature extraction. With the modified architecture, we achieve state-of-the-art results and also meet real-time computational requirements. We make our code available at ~\url{https://github.com/hayatrajani/s3seg-vit

Title: An Iterative Classification and Semantic Segmentation Network for Old Landslide Detection Using High-Resolution Remote Sensing Images. (arXiv:2302.12420v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.12420
• Code URL: null
• Copy Paste: [[2302.12420] An Iterative Classification and Semantic Segmentation Network for Old Landslide Detection Using High-Resolution Remote Sensing Images](http://arxiv.org/abs/2302.12420) #extraction
• Summary:

  Huge challenges exist for old landslide detection because their morphology features have been partially or strongly transformed over a long time and have little difference from their surrounding. Besides, small-sample problem also restrict in-depth learning.

In this paper, an iterative classification and semantic segmentation network (ICSSN) is developed, which can greatly enhance both object-level and pixel-level classification performance by iteratively upgrading the feature extractor shared by two network. An object-level contrastive learning (OCL) strategy is employed in the object classification sub-network featuring a siamese network to realize the global features extraction, and a sub-object-level contrastive learning (SOCL) paradigm is designed in the semantic segmentation sub-network to efficiently extract salient features from boundaries of landslides. Moreover, an iterative training strategy is elaborated to fuse features in semantic space such that both object-level and pixel-level classification performance are improved.

The proposed ICSSN is evaluated on the real landslide data set, and the experimental results show that ICSSN can greatly improve the classification and segmentation accuracy of old landslide detection. For the semantic segmentation task, compared to the baseline, the F1 score increases from 0.5054 to 0.5448, the mIoU improves from 0.6405 to 0.6610, the landslide IoU improved from 0.3381 to 0.3743, and the object-level detection accuracy of old landslides is enhanced from 0.55 to 0.9. For the object classification task, the F1 score increases from 0.8846 to 0.9230, and the accuracy score is up from 0.8375 to 0.8875.

Title: Frequency and Scale Perspectives of Feature Extraction. (arXiv:2302.12477v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.12477
• Code URL: null
• Copy Paste: [[2302.12477] Frequency and Scale Perspectives of Feature Extraction](http://arxiv.org/abs/2302.12477) #extraction
• Summary:

  Convolutional neural networks (CNNs) have achieved superior performance but still lack clarity about the nature and properties of feature extraction. In this paper, by analyzing the sensitivity of neural networks to frequencies and scales, we find that neural networks not only have low- and medium-frequency biases but also prefer different frequency bands for different classes, and the scale of objects influences the preferred frequency bands. These observations lead to the hypothesis that neural networks must learn the ability to extract features at various scales and frequencies. To corroborate this hypothesis, we propose a network architecture based on Gaussian derivatives, which extracts features by constructing scale space and employing partial derivatives as local feature extraction operators to separate high-frequency information. This manually designed method of extracting features from different scales allows our GSSDNets to achieve comparable accuracy with vanilla networks on various datasets.

Title: Deep Learning for Video-Text Retrieval: a Review. (arXiv:2302.12552v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.12552
• Code URL: null
• Copy Paste: [[2302.12552] Deep Learning for Video-Text Retrieval: a Review](http://arxiv.org/abs/2302.12552) #extraction
• Summary:

  Video-Text Retrieval (VTR) aims to search for the most relevant video related to the semantics in a given sentence, and vice versa. In general, this retrieval task is composed of four successive steps: video and textual feature representation extraction, feature embedding and matching, and objective functions. In the last, a list of samples retrieved from the dataset is ranked based on their matching similarities to the query. In recent years, significant and flourishing progress has been achieved by deep learning techniques, however, VTR is still a challenging task due to the problems like how to learn an efficient spatial-temporal video feature and how to narrow the cross-modal gap. In this survey, we review and summarize over 100 research papers related to VTR, demonstrate state-of-the-art performance on several commonly benchmarked datasets, and discuss potential challenges and directions, with the expectation to provide some insights for researchers in the field of video-text retrieval.

Title: CHiLL: Zero-shot Custom Interpretable Feature Extraction from Clinical Notes with Large Language Models. (arXiv:2302.12343v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2302.12343
• Code URL: null
• Copy Paste: [[2302.12343] CHiLL: Zero-shot Custom Interpretable Feature Extraction from Clinical Notes with Large Language Models](http://arxiv.org/abs/2302.12343) #extraction
• Summary:

  Large Language Models (LLMs) have yielded fast and dramatic progress in NLP, and now offer strong few- and zero-shot capabilities on new tasks, reducing the need for annotation. This is especially exciting for the medical domain, in which supervision is often scant and expensive. At the same time, model predictions are rarely so accurate that they can be trusted blindly. Clinicians therefore tend to favor "interpretable" classifiers over opaque LLMs. For example, risk prediction tools are often linear models defined over manually crafted predictors that must be laboriously extracted from EHRs. We propose CHiLL (Crafting High-Level Latents), which uses LLMs to permit natural language specification of high-level features for linear models via zero-shot feature extraction using expert-composed queries. This approach has the promise to empower physicians to use their domain expertise to craft features which are clinically meaningful for a downstream task of interest, without having to manually extract these from raw EHR (as often done now). We are motivated by a real-world risk prediction task, but as a reproducible proxy, we use MIMIC-III and MIMIC-CXR data and standard predictive tasks (e.g., 30-day readmission) to evaluate our approach. We find that linear models using automatically extracted features are comparably performant to models using reference features, and provide greater interpretability than linear models using "Bag-of-Words" features. We verify that learned feature weights align well with clinical expectations.

Title: Emotion Prediction Oriented method with Multiple Supervisions for Emotion-Cause Pair Extraction. (arXiv:2302.12417v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2302.12417
• Code URL: https://github.com/lemei/epo-ecpe
• Copy Paste: [[2302.12417] Emotion Prediction Oriented method with Multiple Supervisions for Emotion-Cause Pair Extraction](http://arxiv.org/abs/2302.12417) #extraction
• Summary:

  Emotion-cause pair extraction (ECPE) task aims to extract all the pairs of emotions and their causes from an unannotated emotion text. The previous works usually extract the emotion-cause pairs from two perspectives of emotion and cause. However, emotion extraction is more crucial to the ECPE task than cause extraction. Motivated by this analysis, we propose an end-to-end emotion-cause extraction approach oriented toward emotion prediction (EPO-ECPE), aiming to fully exploit the potential of emotion prediction to enhance emotion-cause pair extraction. Considering the strong dependence between emotion prediction and emotion-cause pair extraction, we propose a synchronization mechanism to share their improvement in the training process. That is, the improvement of emotion prediction can facilitate the emotion-cause pair extraction, and then the results of emotion-cause pair extraction can also be used to improve the accuracy of emotion prediction simultaneously. For the emotion-cause pair extraction, we divide it into genuine pair supervision and fake pair supervision, where the genuine pair supervision learns from the pairs with more possibility to be emotion-cause pairs. In contrast, fake pair supervision learns from other pairs. In this way, the emotion-cause pairs can be extracted directly from the genuine pair, thereby reducing the difficulty of extraction. Experimental results show that our approach outperforms the 13 compared systems and achieves new state-of-the-art performance.

membership infer

federate

Title: Subspace based Federated Unlearning. (arXiv:2302.12448v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.12448
• Code URL: null
• Copy Paste: [[2302.12448] Subspace based Federated Unlearning](http://arxiv.org/abs/2302.12448) #federate
• Summary:

  Federated learning (FL) enables multiple clients to train a machine learning model collaboratively without exchanging their local data. Federated unlearning is an inverse FL process that aims to remove a specified target client's contribution in FL to satisfy the user's right to be forgotten. Most existing federated unlearning algorithms require the server to store the history of the parameter updates, which is not applicable in scenarios where the server storage resource is constrained. In this paper, we propose a simple-yet-effective subspace based federated unlearning method, dubbed SFU, that lets the global model perform gradient ascent in the orthogonal space of input gradient spaces formed by other clients to eliminate the target client's contribution without requiring additional storage. Specifically, the server first collects the gradients generated from the target client after performing gradient ascent, and the input representation matrix is computed locally by the remaining clients. We also design a differential privacy method to protect the privacy of the representation matrix. Then the server merges those representation matrices to get the input gradient subspace and updates the global model in the orthogonal subspace of the input gradient subspace to complete the forgetting task with minimal model performance degradation. Experiments on MNIST, CIFAR10, and CIFAR100 show that SFU outperforms several state-of-the-art (SOTA) federated unlearning algorithms by a large margin in various settings.

Title: From Noisy Fixed-Point Iterations to Private ADMM for Centralized and Federated Learning. (arXiv:2302.12559v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.12559
• Code URL: null
• Copy Paste: [[2302.12559] From Noisy Fixed-Point Iterations to Private ADMM for Centralized and Federated Learning](http://arxiv.org/abs/2302.12559) #federate
• Summary:

  We study differentially private (DP) machine learning algorithms as instances of noisy fixed-point iterations, in order to derive privacy and utility results from this well-studied framework. We show that this new perspective recovers popular private gradient-based methods like DP-SGD and provides a principled way to design and analyze new private optimization algorithms in a flexible manner. Focusing on the widely-used Alternating Directions Method of Multipliers (ADMM) method, we use our general framework to derive novel private ADMM algorithms for centralized, federated and fully decentralized learning. For these three algorithms, we establish strong privacy guarantees leveraging privacy amplification by iteration and by subsampling. Finally, we provide utility guarantees using a unified analysis that exploits a recent linear convergence result for noisy fixed-point iterations.

Title: FedPDC:Federated Learning for Public Dataset Correction. (arXiv:2302.12503v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.12503
• Code URL: null
• Copy Paste: [[2302.12503] FedPDC:Federated Learning for Public Dataset Correction](http://arxiv.org/abs/2302.12503) #federate
• Summary:

  As people pay more and more attention to privacy protection, Federated Learning (FL), as a promising distributed machine learning paradigm, is receiving more and more attention. However, due to the biased distribution of data on devices in real life, federated learning has lower classification accuracy than traditional machine learning in Non-IID scenarios. Although there are many optimization algorithms, the local model aggregation in the parameter server is still relatively traditional. In this paper, a new algorithm FedPDC is proposed to optimize the aggregation mode of local models and the loss function of local training by using the shared data sets in some industries. In many benchmark experiments, FedPDC can effectively improve the accuracy of the global model in the case of extremely unbalanced data distribution, while ensuring the privacy of the client data. At the same time, the accuracy improvement of FedPDC does not bring additional communication costs.

Title: Personalizing Federated Learning with Over-the-Air Computations. (arXiv:2302.12509v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.12509
• Code URL: null
• Copy Paste: [[2302.12509] Personalizing Federated Learning with Over-the-Air Computations](http://arxiv.org/abs/2302.12509) #federate
• Summary:

  Federated edge learning is a promising technology to deploy intelligence at the edge of wireless networks in a privacy-preserving manner. Under such a setting, multiple clients collaboratively train a global generic model under the coordination of an edge server. But the training efficiency is often throttled by challenges arising from limited communication and data heterogeneity. This paper presents a distributed training paradigm that employs analog over-the-air computation to address the communication bottleneck. Additionally, we leverage a bi-level optimization framework to personalize the federated learning model so as to cope with the data heterogeneity issue. As a result, it enhances the generalization and robustness of each client's local model. We elaborate on the model training procedure and its advantages over conventional frameworks. We provide a convergence analysis that theoretically demonstrates the training efficiency. We also conduct extensive experiments to validate the efficacy of the proposed framework.

fair

Title: Fairness in Language Models Beyond English: Gaps and Challenges. (arXiv:2302.12578v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2302.12578
• Code URL: null
• Copy Paste: [[2302.12578] Fairness in Language Models Beyond English: Gaps and Challenges](http://arxiv.org/abs/2302.12578) #fair
• Summary:

  With language models becoming increasingly ubiquitous, it has become essential to address their inequitable treatment of diverse demographic groups and factors. Most research on evaluating and mitigating fairness harms has been concentrated on English, while multilingual models and non-English languages have received comparatively little attention. In this paper, we survey different aspects of fairness in languages beyond English and multilingual contexts. This paper presents a survey of fairness in multilingual and non-English contexts, highlighting the shortcomings of current research and the difficulties faced by methods designed for English. We contend that the multitude of diverse cultures and languages across the world makes it infeasible to achieve comprehensive coverage in terms of constructing fairness datasets. Thus, the measurement and mitigation of biases must evolve beyond the current dataset-driven practices that are narrowly focused on specific dimensions and types of biases and, therefore, impossible to scale across languages and cultures.

Title: Auditing for Spatial Fairness. (arXiv:2302.12333v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.12333
• Code URL: https://github.com/dsachar/auditspatialfairness
• Copy Paste: [[2302.12333] Auditing for Spatial Fairness](http://arxiv.org/abs/2302.12333) #fair
• Summary:

  This paper studies algorithmic fairness when the protected attribute is location. To handle protected attributes that are continuous, such as age or income, the standard approach is to discretize the domain into predefined groups, and compare algorithmic outcomes across groups. However, applying this idea to location raises concerns of gerrymandering and may introduce statistical bias. Prior work addresses these concerns but only for regularly spaced locations, while raising other issues, most notably its inability to discern regions that are likely to exhibit spatial unfairness. Similar to established notions of algorithmic fairness, we define spatial fairness as the statistical independence of outcomes from location. This translates into requiring that for each region of space, the distribution of outcomes is identical inside and outside the region. To allow for localized discrepancies in the distribution of outcomes, we compare how well two competing hypotheses explain the observed outcomes. The null hypothesis assumes spatial fairness, while the alternate allows different distributions inside and outside regions. Their goodness of fit is then assessed by a likelihood ratio test. If there is no significant difference in how well the two hypotheses explain the observed outcomes, we conclude that the algorithm is spatially fair.

Title: Intersectional Fairness: A Fractal Approach. (arXiv:2302.12683v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.12683
• Code URL: null
• Copy Paste: [[2302.12683] Intersectional Fairness: A Fractal Approach](http://arxiv.org/abs/2302.12683) #fair
• Summary:

  The issue of fairness in AI has received an increasing amount of attention in recent years. The problem can be approached by looking at different protected attributes (e.g., ethnicity, gender, etc) independently, but fairness for individual protected attributes does not imply intersectional fairness. In this work, we frame the problem of intersectional fairness within a geometrical setting. We project our data onto a hypercube, and split the analysis of fairness by levels, where each level encodes the number of protected attributes we are intersecting over. We prove mathematically that, while fairness does not propagate "down" the levels, it does propagate "up" the levels. This means that ensuring fairness for all subgroups at the lowest intersectional level (e.g., black women, white women, black men and white men), will necessarily result in fairness for all the above levels, including each of the protected attributes (e.g., ethnicity and gender) taken independently. We also derive a formula describing the variance of the set of estimated success rates on each level, under the assumption of perfect fairness. Using this theoretical finding as a benchmark, we define a family of metrics which capture overall intersectional bias. Finally, we propose that fairness can be metaphorically thought of as a "fractal" problem. In fractals, patterns at the smallest scale repeat at a larger scale. We see from this example that tackling the problem at the lowest possible level, in a bottom-up manner, leads to the natural emergence of fair AI. We suggest that trustworthiness is necessarily an emergent, fractal and relational property of the AI system.

interpretability

Title: SplineCam: Exact Visualization and Characterization of Deep Network Geometry and Decision Boundaries. (arXiv:2302.12828v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.12828
• Code URL: https://github.com/ahmedimtiazprio/splinecam
• Copy Paste: [[2302.12828] SplineCam: Exact Visualization and Characterization of Deep Network Geometry and Decision Boundaries](http://arxiv.org/abs/2302.12828) #interpretability
• Summary:

  Current Deep Network (DN) visualization and interpretability methods rely heavily on data space visualizations such as scoring which dimensions of the data are responsible for their associated prediction or generating new data features or samples that best match a given DN unit or representation. In this paper, we go one step further by developing the first provably exact method for computing the geometry of a DN's mapping - including its decision boundary - over a specified region of the data space. By leveraging the theory of Continuous Piece-Wise Linear (CPWL) spline DNs, SplineCam exactly computes a DNs geometry without resorting to approximations such as sampling or architecture simplification. SplineCam applies to any DN architecture based on CPWL nonlinearities, including (leaky-)ReLU, absolute value, maxout, and max-pooling and can also be applied to regression DNs such as implicit neural representations. Beyond decision boundary visualization and characterization, SplineCam enables one to compare architectures, measure generalizability and sample from the decision boundary on or off the manifold. Project Website: bit.ly/splinecam.

Title: Analyzing And Editing Inner Mechanisms Of Backdoored Language Models. (arXiv:2302.12461v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.12461
• Code URL: null
• Copy Paste: [[2302.12461] Analyzing And Editing Inner Mechanisms Of Backdoored Language Models](http://arxiv.org/abs/2302.12461) #interpretability
• Summary:

  Recent advancements in interpretability research made transformer language models more transparent. This progress led to a better understanding of their inner workings for toy and naturally occurring models. However, how these models internally process sentiment changes has yet to be sufficiently answered. In this work, we introduce a new interpretability tool called PCP ablation, where we replace modules with low-rank matrices based on the principal components of their activations, reducing model parameters and their behavior to essentials. We demonstrate PCP ablations on MLP and attention layers in backdoored toy, backdoored large, and naturally occurring models. We determine MLPs as most important for the backdoor mechanism and use this knowledge to remove, insert, and modify backdoor mechanisms with engineered replacements via PCP ablation.

Title: Time-aware Multiway Adaptive Fusion Network for Temporal Knowledge Graph Question Answering. (arXiv:2302.12529v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2302.12529
• Code URL: null
• Copy Paste: [[2302.12529] Time-aware Multiway Adaptive Fusion Network for Temporal Knowledge Graph Question Answering](http://arxiv.org/abs/2302.12529) #interpretability
• Summary:

  Knowledge graphs (KGs) have received increasing attention due to its wide applications on natural language processing. However, its use case on temporal question answering (QA) has not been well-explored. Most of existing methods are developed based on pre-trained language models, which might not be capable to learn \emph{temporal-specific} presentations of entities in terms of temporal KGQA task. To alleviate this problem, we propose a novel \textbf{T}ime-aware \textbf{M}ultiway \textbf{A}daptive (\textbf{TMA}) fusion network. Inspired by the step-by-step reasoning behavior of humans. For each given question, TMA first extracts the relevant concepts from the KG, and then feeds them into a multiway adaptive module to produce a \emph{temporal-specific} representation of the question. This representation can be incorporated with the pre-trained KG embedding to generate the final prediction. Empirical results verify that the proposed model achieves better performance than the state-of-the-art models in the benchmark dataset. Notably, the Hits@1 and Hits@10 results of TMA on the CronQuestions dataset's complex questions are absolutely improved by 24\% and 10\% compared to the best-performing baseline. Furthermore, we also show that TMA employing an adaptive fusion mechanism can provide interpretability by analyzing the proportion of information in question representations.

Title: PaGE-Link: Path-based Graph Neural Network Explanation for Heterogeneous Link Prediction. (arXiv:2302.12465v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.12465
• Code URL: null
• Copy Paste: [[2302.12465] PaGE-Link: Path-based Graph Neural Network Explanation for Heterogeneous Link Prediction](http://arxiv.org/abs/2302.12465) #interpretability
• Summary:

  Transparency and accountability have become major concerns for black-box machine learning (ML) models. Proper explanations for the model behavior increase model transparency and help researchers develop more accountable models. Graph neural networks (GNN) have recently shown superior performance in many graph ML problems than traditional methods, and explaining them has attracted increased interest. However, GNN explanation for link prediction (LP) is lacking in the literature. LP is an essential GNN task and corresponds to web applications like recommendation and sponsored search on web. Given existing GNN explanation methods only address node/graph-level tasks, we propose Path-based GNN Explanation for heterogeneous Link prediction (PaGE-Link) that generates explanations with connection interpretability, enjoys model scalability, and handles graph heterogeneity. Qualitatively, PaGE-Link can generate explanations as paths connecting a node pair, which naturally captures connections between the two nodes and easily transfer to human-interpretable explanations. Quantitatively, explanations generated by PaGE-Link improve AUC for recommendation on citation and user-item graphs by 9

• 35% and are chosen as better by 78.79% of responses in human evaluation.

explainability

watermark

diffusion

Title: Unsupervised Discovery of Semantic Latent Directions in Diffusion Models. (arXiv:2302.12469v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.12469
• Code URL: null
• Copy Paste: [[2302.12469] Unsupervised Discovery of Semantic Latent Directions in Diffusion Models](http://arxiv.org/abs/2302.12469) #diffusion
• Summary:

  Despite the success of diffusion models (DMs), we still lack a thorough understanding of their latent space. While image editing with GANs builds upon latent space, DMs rely on editing the conditions such as text prompts. We present an unsupervised method to discover interpretable editing directions for the latent variables $\mathbf{x}_t \in \mathcal{X}$ of DMs. Our method adopts Riemannian geometry between $\mathcal{X}$ and the intermediate feature maps $\mathcal{H}$ of the U-Nets to provide a deep understanding over the geometrical structure of $\mathcal{X}$. The discovered semantic latent directions mostly yield disentangled attribute changes, and they are globally consistent across different samples. Furthermore, editing in earlier timesteps edits coarse attributes, while ones in later timesteps focus on high-frequency details. We define the curvedness of a line segment between samples to show that $\mathcal{X}$ is a curved manifold. Experiments on different baselines and datasets demonstrate the effectiveness of our method even on Stable Diffusion. Our source code will be publicly available for the future researchers.

Title: Modulating Pretrained Diffusion Models for Multimodal Image Synthesis. (arXiv:2302.12764v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.12764
• Code URL: null
• Copy Paste: [[2302.12764] Modulating Pretrained Diffusion Models for Multimodal Image Synthesis](http://arxiv.org/abs/2302.12764) #diffusion
• Summary:

  We present multimodal conditioning modules (MCM) for enabling conditional image synthesis using pretrained diffusion models. Previous multimodal synthesis works rely on training networks from scratch or fine-tuning pretrained networks, both of which are computationally expensive for large, state-of-the-art diffusion models. Our method uses pretrained networks but does not require any updates to the diffusion network's parameters. MCM is a small module trained to modulate the diffusion network's predictions during sampling using 2D modalities (e.g., semantic segmentation maps, sketches) that were unseen during the original training of the diffusion model. We show that MCM enables user control over the spatial layout of the image and leads to increased control over the image generation process. Training MCM is cheap as it does not require gradients from the original diffusion net, consists of only $\sim$1$\%$ of the number of parameters of the base diffusion model, and is trained using only a limited number of training examples. We evaluate our method on unconditional and text-conditional models to demonstrate the improved control over the generated images and their alignment with respect to the conditioning inputs.

Title: On the Limitations of Physics-informed Deep Learning: Illustrations Using First Order Hyperbolic Conservation Law-based Traffic Flow Models. (arXiv:2302.12337v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.12337
• Code URL: https://github.com/urbanity-lab/pidl-limitations
• Copy Paste: [[2302.12337] On the Limitations of Physics-informed Deep Learning: Illustrations Using First Order Hyperbolic Conservation Law-based Traffic Flow Models](http://arxiv.org/abs/2302.12337) #diffusion
• Summary:

  Since its introduction in 2017, physics-informed deep learning (PIDL) has garnered growing popularity in understanding the evolution of systems governed by physical laws in terms of partial differential equations (PDEs). However, empirical evidence points to the limitations of PIDL for learning certain types of PDEs. In this paper, we (a) present the challenges in training PIDL architecture, (b) contrast the performance of PIDL architecture in learning a first order scalar hyperbolic conservation law and its parabolic counterpart, (c) investigate the effect of training data sampling, which corresponds to various sensing scenarios in traffic networks, (d) comment on the implications of PIDL limitations for traffic flow estimation and prediction in practice. Detailed in the case study, we present the contradistinction in PIDL results between learning the traffic flow model (LWR PDE) and its variation with diffusion. The outcome indicates that PIDL experiences significant challenges in learning the hyperbolic LWR equation due to the non-smoothness of its solution. On the other hand, the architecture with parabolic PDE, augmented with the diffusion term, leads to the successful reassembly of the density data even with the shockwaves present.