secure

security

Title: Ethical Frameworks and Computer Security Trolley Problems: Foundations for Conversations. (arXiv:2302.14326v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2302.14326
• Code URL: null
• Copy Paste: [[2302.14326] Ethical Frameworks and Computer Security Trolley Problems: Foundations for Conversations](http://arxiv.org/abs/2302.14326) #security
• Summary:

  The computer security research community regularly tackles ethical questions. The field of ethics / moral philosophy has for centuries considered what it means to be "morally good" or at least "morally allowed / acceptable". Among philosophy's contributions are (1) frameworks for evaluating the morality of actions -- including the well-established consequentialist and deontological frameworks -- and (2) scenarios (like trolley problems) featuring moral dilemmas that can facilitate discussion about and intellectual inquiry into different perspectives on moral reasoning and decision-making. In a classic trolley problem, consequentialist and deontological analyses may render different opinions. In this research, we explicitly make and explore connections between moral questions in computer security research and ethics / moral philosophy through the creation and analysis of trolley problem-like computer security-themed moral dilemmas and, in doing so, we seek to contribute to conversations among security researchers about the morality of security research-related decisions. We explicitly do not seek to define what is morally right or wrong, nor do we argue for one framework over another. Indeed, the consequentialist and deontological frameworks that we center, in addition to coming to different conclusions for our scenarios, have significant limitations. Instead, by offering our scenarios and by comparing two different approaches to ethics, we strive to contribute to how the computer security research field considers and converses about ethical questions, especially when there are different perspectives on what is morally right or acceptable.

Title: Security in Distributed Systems by Verifiable Location-Based Identities. (arXiv:2302.14713v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2302.14713
• Code URL: null
• Copy Paste: [[2302.14713] Security in Distributed Systems by Verifiable Location-Based Identities](http://arxiv.org/abs/2302.14713) #security
• Summary:

  Proof-of-Location (PoL) is a lightweight security concept for Internet-of-Things (IoT) networks, focusing on the sensor nodes as the least performant and most vulnerable parts of IoT networks. PoL builds on the identification of network participants based on their physical location. It introduces a secondary message type to exchange location information. Via these messages, the nodes can verify the integrity of other network participants and reach a consensus to identify potential attackers and prevent malicious information from spreading. The paper presents the concretization of the concept to allow implementation on real hardware. The evaluation based on this implementation demonstrates the feasibility of PoL and enables identifying further steps to develop a deployable protocol.

Title: Auditing Lustre file system. (arXiv:2302.14824v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2302.14824
• Code URL: null
• Copy Paste: [[2302.14824] Auditing Lustre file system](http://arxiv.org/abs/2302.14824) #security
• Summary:

  With the increasing time, we are facing massive demand for the increasing amount of data storage. Single-server traditional architectures are failing to meet the demand of dealing with the humongous amount of data storage, transfer, and different events of file systems. Therefore, distributed file systems have become a necessity in order to deal with the scalability of file systems. Lustre file system is one of the most popular parallel file systems which is used by most high-performance computers nowadays. Lustre auditing plays a vital role as a proof of security to support rich security features like authentication with Kerberos, mandatory access control with SELinux, isolation, etc. In this project, we will explore luster auditing using centos in a lustre architecture and represent the auditing features with a graphical interface.

Title: mmSense: Detecting Concealed Weapons with a Miniature Radar Sensor. (arXiv:2302.14625v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.14625
• Code URL: null
• Copy Paste: [[2302.14625] mmSense: Detecting Concealed Weapons with a Miniature Radar Sensor](http://arxiv.org/abs/2302.14625) #security
• Summary:

  For widespread adoption, public security and surveillance systems must be accurate, portable, compact, and real-time, without impeding the privacy of the individuals being observed. Current systems broadly fall into two categories -- image-based which are accurate, but lack privacy, and RF signal-based, which preserve privacy but lack portability, compactness and accuracy. Our paper proposes mmSense, an end-to-end portable miniaturised real-time system that can accurately detect the presence of concealed metallic objects on persons in a discrete, privacy-preserving modality. mmSense features millimeter wave radar technology, provided by Google's Soli sensor for its data acquisition, and TransDope, our real-time neural network, capable of processing a single radar data frame in 19 ms. mmSense achieves high recognition rates on a diverse set of challenging scenes while running on standard laptop hardware, demonstrating a significant advancement towards creating portable, cost-effective real-time radar based surveillance systems.

privacy

Title: On Differentially Private Online Predictions. (arXiv:2302.14099v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.14099
• Code URL: null
• Copy Paste: [[2302.14099] On Differentially Private Online Predictions](http://arxiv.org/abs/2302.14099) #privacy
• Summary:

  In this work we introduce an interactive variant of joint differential privacy towards handling online processes in which existing privacy definitions seem too restrictive. We study basic properties of this definition and demonstrate that it satisfies (suitable variants) of group privacy, composition, and post processing. We then study the cost of interactive joint privacy in the basic setting of online classification. We show that any (possibly non-private) learning rule can be effectively transformed to a private learning rule with only a polynomial overhead in the mistake bound. This demonstrates a stark difference with more restrictive notions of privacy such as the one studied by Golowich and Livni (2021), where only a double exponential overhead on the mistake bound is known (via an information theoretic upper bound).

Title: Publicly verifiable delegative democracy with secret voting power. (arXiv:2302.14421v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2302.14421
• Code URL: null
• Copy Paste: [[2302.14421] Publicly verifiable delegative democracy with secret voting power](http://arxiv.org/abs/2302.14421) #privacy
• Summary:

  We use a commitment scheme to track every individual's voting power on a public ledger with the ability to validate transfers and transitive, reversible delegations of it between them without sacrificing their privacy. Every unit of voting power is represented by the Merkle root of a tree consisting of its latest owner's public key, a random nonce and the Merkle root of the tree of its previous owner's public key and random nonce and so on. Transfers and delegations mention the input units, their owner's public keys, the hashes of their nonces and the output units, which are the Merkle roots of the new owners' public keys, new random nonces and the previous units' identifiers. In case of a delegation, the receiver provides the sender with the hashed random nonces and the hashed public keys whose secret keys they control. In case of a transfer, only the hashes of these hashes' concatenations are provided. To reverse a delegation, a historical owner reveals the individual hashes that resulted the subsequent units. In voting, the owner reveals the actual nonces and public keys of the units.

Title: Arbitrary Decisions are a Hidden Cost of Differentially-Private Training. (arXiv:2302.14517v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.14517
• Code URL: null
• Copy Paste: [[2302.14517] Arbitrary Decisions are a Hidden Cost of Differentially-Private Training](http://arxiv.org/abs/2302.14517) #privacy
• Summary:

  Mechanisms used in privacy-preserving machine learning often aim to guarantee differential privacy (DP) during model training. Practical DP-ensuring training methods use randomization when fitting model parameters to privacy-sensitive data (e.g., adding Gaussian noise to clipped gradients). We demonstrate that such randomization incurs predictive multiplicity: for a given input example, the output predicted by equally-private models depends on the randomness used in training. Thus, for a given input, the predicted output can vary drastically if a model is re-trained, even if the same training dataset is used. The predictive-multiplicity cost of DP training has not been studied, and is currently neither audited for nor communicated to model designers and stakeholders. We derive a bound on the number of re-trainings required to estimate predictive multiplicity reliably. We analyze -- both theoretically and through extensive experiments -- the predictive-multiplicity cost of three DP-ensuring algorithms: output perturbation, objective perturbation, and DP-SGD. We demonstrate that the degree of predictive multiplicity rises as the level of privacy increases, and is unevenly distributed across individuals and demographic groups in the data. Because randomness used to ensure DP during training explains predictions for some examples, our results highlight a fundamental challenge to the justifiability of decisions supported by differentially-private models in high-stakes settings. We conclude that practitioners should audit the predictive multiplicity of their DP-ensuring algorithms before deploying them in applications of individual-level consequence.

Title: Implicit Bilevel Optimization: Differentiating through Bilevel Optimization Programming. (arXiv:2302.14473v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.14473
• Code URL: null
• Copy Paste: [[2302.14473] Implicit Bilevel Optimization: Differentiating through Bilevel Optimization Programming](http://arxiv.org/abs/2302.14473) #privacy
• Summary:

  Bilevel Optimization Programming is used to model complex and conflicting interactions between agents, for example in Robust AI or Privacy-preserving AI. Integrating bilevel mathematical programming within deep learning is thus an essential objective for the Machine Learning community. Previously proposed approaches only consider single-level programming. In this paper, we extend existing single-level optimization programming approaches and thus propose Differentiating through Bilevel Optimization Programming (BiGrad) for end-to-end learning of models that use Bilevel Programming as a layer. BiGrad has wide applicability and can be used in modern machine learning frameworks. BiGrad is applicable to both continuous and combinatorial Bilevel optimization problems. We describe a class of gradient estimators for the combinatorial case which reduces the requirements in terms of computation complexity; for the case of the continuous variable, the gradient computation takes advantage of the push-back approach (i.e. vector-jacobian product) for an efficient implementation. Experiments show that the BiGrad successfully extends existing single-level approaches to Bilevel Programming.

protect

defense

attack

Title: GLOW: Global Layout Aware Attacks for Object Detection. (arXiv:2302.14166v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.14166
• Code URL: null
• Copy Paste: [[2302.14166] GLOW: Global Layout Aware Attacks for Object Detection](http://arxiv.org/abs/2302.14166) #attack
• Summary:

  Adversarial attacks aims to perturb images such that a predictor outputs incorrect results. Due to the limited research in structured attacks, imposing consistency checks on natural multi-object scenes is a promising yet practical defense against conventional adversarial attacks. More desired attacks, to this end, should be able to fool defenses with such consistency checks. Therefore, we present the first approach GLOW that copes with various attack requests by generating global layout-aware adversarial attacks where both categorical and geometric layout constraints are explicitly established. Specifically, we focus on object detection task and given a victim image, GLOW first localizes victim objects according to target labels. And then it generates multiple attack plans, together with their context-consistency scores. Our proposed GLOW, on the one hand, is capable of handling various types of requests, including single or multiple victim objects, with or without specified victim objects. On the other hand, it produces a consistency score for each attack plan, reflecting the overall contextual consistency that both semantic category and global scene layout are considered. In experiment, we design multiple types of attack requests and validate our ideas on MS COCO validation set. Extensive experimental results demonstrate that we can achieve about 40$\%$ average relative improvement compared to state-of-the-art methods in conventional single object attack request; Moreover, our method outperforms SOTAs significantly on more generic attack requests by at least 30$\%$; Finally, our method produces superior performance under challenging zero-query black-box setting, or 30$\%$ better than SOTAs. Our code, model and attack requests would be made available.

Title: Adversarial Attack with Raindrops. (arXiv:2302.14267v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.14267
• Code URL: null
• Copy Paste: [[2302.14267] Adversarial Attack with Raindrops](http://arxiv.org/abs/2302.14267) #attack
• Summary:

  Deep neural networks (DNNs) are known to be vulnerable to adversarial examples, which are usually designed artificially to fool DNNs, but rarely exist in real-world scenarios. In this paper, we study the adversarial examples caused by raindrops, to demonstrate that there exist plenty of natural phenomena being able to work as adversarial attackers to DNNs. Moreover, we present a new approach to generate adversarial raindrops, denoted as AdvRD, using the generative adversarial network (GAN) technique to simulate natural raindrops. The images crafted by our AdvRD look very similar to the real-world raindrop images, statistically close to the distribution of true raindrop images, and more importantly, can perform strong adversarial attack to the state-of-the-art DNN models. On the other side, we show that the adversarial training using our AdvRD images can significantly improve the robustness of DNNs to the real-world raindrop attacks. Extensive experiments are carried out to demonstrate that the images crafted by AdvRD are visually and statistically close to the natural raindrop images, can work as strong attackers to DNN models, and also help improve the robustness of DNNs to raindrop attacks.

Title: Backdoor Attacks Against Deep Image Compression via Adaptive Frequency Trigger. (arXiv:2302.14677v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.14677
• Code URL: null
• Copy Paste: [[2302.14677] Backdoor Attacks Against Deep Image Compression via Adaptive Frequency Trigger](http://arxiv.org/abs/2302.14677) #attack
• Summary:

  Recent deep-learning-based compression methods have achieved superior performance compared with traditional approaches. However, deep learning models have proven to be vulnerable to backdoor attacks, where some specific trigger patterns added to the input can lead to malicious behavior of the models. In this paper, we present a novel backdoor attack with multiple triggers against learned image compression models. Motivated by the widely used discrete cosine transform (DCT) in existing compression systems and standards, we propose a frequency-based trigger injection model that adds triggers in the DCT domain. In particular, we design several attack objectives for various attacking scenarios, including: 1) attacking compression quality in terms of bit-rate and reconstruction quality; 2) attacking task-driven measures, such as down-stream face recognition and semantic segmentation. Moreover, a novel simple dynamic loss is designed to balance the influence of different loss terms adaptively, which helps achieve more efficient training. Extensive experiments show that with our trained trigger injection models and simple modification of encoder parameters (of the compression model), the proposed attack can successfully inject several backdoors with corresponding triggers in a single image compression model.

Title: Membership Inference Attack for Beluga Whales Discrimination. (arXiv:2302.14769v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.14769
• Code URL: null
• Copy Paste: [[2302.14769] Membership Inference Attack for Beluga Whales Discrimination](http://arxiv.org/abs/2302.14769) #attack
• Summary:

  To efficiently monitor the growth and evolution of a particular wildlife population, one of the main fundamental challenges to address in animal ecology is the re-identification of individuals that have been previously encountered but also the discrimination between known and unknown individuals (the so-called "open-set problem"), which is the first step to realize before re-identification. In particular, in this work, we are interested in the discrimination within digital photos of beluga whales, which are known to be among the most challenging marine species to discriminate due to their lack of distinctive features. To tackle this problem, we propose a novel approach based on the use of Membership Inference Attacks (MIAs), which are normally used to assess the privacy risks associated with releasing a particular machine learning model. More precisely, we demonstrate that the problem of discriminating between known and unknown individuals can be solved efficiently using state-of-the-art approaches for MIAs. Extensive experiments on three benchmark datasets related to whales, two different neural network architectures, and three MIA clearly demonstrate the performance of the approach. In addition, we have also designed a novel MIA strategy that we coined as ensemble MIA, which combines the outputs of different MIAs to increase the attack accuracy while diminishing the false positive rate. Overall, one of our main objectives is also to show that the research on privacy attacks can also be leveraged "for good" by helping to address practical challenges encountered in animal ecology.

Title: Scalable Attribution of Adversarial Attacks via Multi-Task Learning. (arXiv:2302.14059v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.14059
• Code URL: null
• Copy Paste: [[2302.14059] Scalable Attribution of Adversarial Attacks via Multi-Task Learning](http://arxiv.org/abs/2302.14059) #attack
• Summary:

  Deep neural networks (DNNs) can be easily fooled by adversarial attacks during inference phase when attackers add imperceptible perturbations to original examples, i.e., adversarial examples. Many works focus on adversarial detection and adversarial training to defend against adversarial attacks. However, few works explore the tool-chains behind adversarial examples, which can help defenders to seize the clues about the originator of the attack, their goals, and provide insight into the most effective defense algorithm against corresponding attacks. With such a gap, it is necessary to develop techniques that can recognize tool-chains that are leveraged to generate the adversarial examples, which is called Adversarial Attribution Problem (AAP). In this paper, AAP is defined as the recognition of three signatures, i.e., {\em attack algorithm}, {\em victim model} and {\em hyperparameter}. Current works transfer AAP into single label classification task and ignore the relationship between these signatures. The former will meet combination explosion problem as the number of signatures is increasing. The latter dictates that we cannot treat AAP simply as a single task problem. We first conduct some experiments to validate the attributability of adversarial examples. Furthermore, we propose a multi-task learning framework named Multi-Task Adversarial Attribution (MTAA) to recognize the three signatures simultaneously. MTAA contains perturbation extraction module, adversarial-only extraction module and classification and regression module. It takes the relationship between attack algorithm and corresponding hyperparameter into account and uses the uncertainty weighted loss to adjust the weights of three recognition tasks. The experimental results on MNIST and ImageNet show the feasibility and scalability of the proposed framework as well as its effectiveness in dealing with false alarms.

Title: Enhancing Vulnerability Prioritization: Data-Driven Exploit Predictions with Community-Driven Insights. (arXiv:2302.14172v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2302.14172
• Code URL: null
• Copy Paste: [[2302.14172] Enhancing Vulnerability Prioritization: Data-Driven Exploit Predictions with Community-Driven Insights](http://arxiv.org/abs/2302.14172) #attack
• Summary:

  The number of disclosed vulnerabilities has been steadily increasing over the years. At the same time, organizations face significant challenges patching their systems, leading to a need to prioritize vulnerability remediation in order to reduce the risk of attacks. Unfortunately, existing vulnerability scoring systems are either vendor-specific, proprietary, or are only commercially available. Moreover, these and other prioritization strategies based on vulnerability severity are poor predictors of actual vulnerability exploitation because they do not incorporate new information that might impact the likelihood of exploitation. In this paper we present the efforts behind building a Special Interest Group (SIG) that seeks to develop a completely data-driven exploit scoring system that produces scores for all known vulnerabilities, that is freely available, and which adapts to new information. The Exploit Prediction Scoring System (EPSS) SIG consists of more than 170 experts from around the world and across all industries, providing crowd-sourced expertise and feedback. Based on these collective insights, we describe the design decisions and trade-offs that lead to the development of the next version of EPSS. This new machine learning model provides an 82\% performance improvement over past models in distinguishing vulnerabilities that are exploited in the wild and thus may be prioritized for remediation.

Title: A Survey of Automatic Generation of Attack Trees and Attack Graphs. (arXiv:2302.14479v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2302.14479
• Code URL: null
• Copy Paste: [[2302.14479] A Survey of Automatic Generation of Attack Trees and Attack Graphs](http://arxiv.org/abs/2302.14479) #attack
• Summary:

  Graphical security models constitute a well-known, user-friendly way to represent the security of a system. These kinds of models are used by security experts to identify vulnerabilities and assess the security of a system. The manual construction of these models can be tedious, especially for large enterprises. Consequently, the research community is trying to address this issue by proposing methods for the automatic generation of such models. In this work, we present a survey illustrating the current status of the automatic generation of two kinds of graphical security models -Attack Trees and Attack Graphs. The goal of this survey is to present the current methodologies used in the field, compare them and present the challenges and future directions for the research community.

Title: FreeEagle: Detecting Complex Neural Trojans in Data-Free Cases. (arXiv:2302.14500v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2302.14500
• Code URL: null
• Copy Paste: [[2302.14500] FreeEagle: Detecting Complex Neural Trojans in Data-Free Cases](http://arxiv.org/abs/2302.14500) #attack
• Summary:

  Trojan attack on deep neural networks, also known as backdoor attack, is a typical threat to artificial intelligence. A trojaned neural network behaves normally with clean inputs. However, if the input contains a particular trigger, the trojaned model will have attacker-chosen abnormal behavior. Although many backdoor detection methods exist, most of them assume that the defender has access to a set of clean validation samples or samples with the trigger, which may not hold in some crucial real-world cases, e.g., the case where the defender is the maintainer of model-sharing platforms. Thus, in this paper, we propose FreeEagle, the first data-free backdoor detection method that can effectively detect complex backdoor attacks on deep neural networks, without relying on the access to any clean samples or samples with the trigger. The evaluation results on diverse datasets and model architectures show that FreeEagle is effective against various complex backdoor attacks, even outperforming some state-of-the-art non-data-free backdoor detection methods.

Title: A semantic backdoor attack against Graph Convolutional Networks. (arXiv:2302.14353v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.14353
• Code URL: null
• Copy Paste: [[2302.14353] A semantic backdoor attack against Graph Convolutional Networks](http://arxiv.org/abs/2302.14353) #attack
• Summary:

  Graph Convolutional Networks (GCNs) have been very effective in addressing the issue of various graph-structured related tasks, such as node classification and graph classification. However, extensive research has shown that GCNs are vulnerable to adversarial attacks. One of the security threats facing GCNs is the backdoor attack, which hides incorrect classification rules in models and activates only when the model encounters specific inputs containing special features (e.g., fixed patterns like subgraphs, called triggers), thus outputting incorrect classification results, while the model behaves normally on benign samples. The semantic backdoor attack is a type of the backdoor attack where the trigger is a semantic part of the sample; i.e., the trigger exists naturally in the original dataset and the attacker can pick a naturally occurring feature as the backdoor trigger, which causes the model to misclassify even unmodified inputs. Meanwhile, it is difficult to detect even if the attacker modifies the input samples in the inference phase as they do not have any anomaly compared to normal samples. Thus, semantic backdoor attacks are more imperceptible than non-semantic ones. However, existed research on semantic backdoor attacks has only focused on image and text domains, which have not been well explored against GCNs. In this work, we propose a black-box Semantic Backdoor Attack (SBA) against GCNs. We assign the trigger as a certain class of nodes in the dataset and our trigger is semantic. Through evaluation on several real-world benchmark graph datasets, the experimental results demonstrate that our proposed SBA can achieve almost 100% attack success rate under the poisoning rate less than 5% while having no impact on normal predictive accuracy.

robust

Title: Towards Surgical Context Inference and Translation to Gestures. (arXiv:2302.14237v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.14237
• Code URL: https://github.com/uva-dsa/auto_surgical_context2gesture
• Copy Paste: [[2302.14237] Towards Surgical Context Inference and Translation to Gestures](http://arxiv.org/abs/2302.14237) #robust
• Summary:

  Manual labeling of gestures in robot-assisted surgery is labor intensive, prone to errors, and requires expertise or training. We propose a method for automated and explainable generation of gesture transcripts that leverages the abundance of data for image segmentation to train a surgical scene segmentation model that provides surgical tool and object masks. Surgical context is detected using segmentation masks by examining the distances and intersections between the tools and objects. Next, context labels are translated into gesture transcripts using knowledge-based Finite State Machine (FSM) and data-driven Long Short Term Memory (LSTM) models. We evaluate the performance of each stage of our method by comparing the results with the ground truth segmentation masks, the consensus context labels, and the gesture labels in the JIGSAWS dataset. Our results show that our segmentation models achieve state-of-the-art performance in recognizing needle and thread in Suturing and we can automatically detect important surgical states with high agreement with crowd-sourced labels (e.g., contact between graspers and objects in Suturing). We also find that the FSM models are more robust to poor segmentation and labeling performance than LSTMs. Our proposed method can significantly shorten the gesture labeling process (~2.8 times).

Title: A Comprehensive Study on Robustness of Image Classification Models: Benchmarking and Rethinking. (arXiv:2302.14301v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.14301
• Code URL: null
• Copy Paste: [[2302.14301] A Comprehensive Study on Robustness of Image Classification Models: Benchmarking and Rethinking](http://arxiv.org/abs/2302.14301) #robust
• Summary:

  The robustness of deep neural networks is usually lacking under adversarial examples, common corruptions, and distribution shifts, which becomes an important research problem in the development of deep learning. Although new deep learning methods and robustness improvement techniques have been constantly proposed, the robustness evaluations of existing methods are often inadequate due to their rapid development, diverse noise patterns, and simple evaluation metrics. Without thorough robustness evaluations, it is hard to understand the advances in the field and identify the effective methods. In this paper, we establish a comprehensive robustness benchmark called \textbf{ARES-Bench} on the image classification task. In our benchmark, we evaluate the robustness of 55 typical deep learning models on ImageNet with diverse architectures (e.g., CNNs, Transformers) and learning algorithms (e.g., normal supervised training, pre-training, adversarial training) under numerous adversarial attacks and out-of-distribution (OOD) datasets. Using robustness curves as the major evaluation criteria, we conduct large-scale experiments and draw several important findings, including: 1) there is an inherent trade-off between adversarial and natural robustness for the same model architecture; 2) adversarial training effectively improves adversarial robustness, especially when performed on Transformer architectures; 3) pre-training significantly improves natural robustness based on more training data or self-supervised learning. Based on ARES-Bench, we further analyze the training tricks in large-scale adversarial training on ImageNet. By designing the training settings accordingly, we achieve the new state-of-the-art adversarial robustness. We have made the benchmarking results and code platform publicly available.

Title: Temporal Coherent Test-Time Optimization for Robust Video Classification. (arXiv:2302.14309v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.14309
• Code URL: null
• Copy Paste: [[2302.14309] Temporal Coherent Test-Time Optimization for Robust Video Classification](http://arxiv.org/abs/2302.14309) #robust
• Summary:

  Deep neural networks are likely to fail when the test data is corrupted in real-world deployment (e.g., blur, weather, etc.). Test-time optimization is an effective way that adapts models to generalize to corrupted data during testing, which has been shown in the image domain. However, the techniques for improving video classification corruption robustness remain few. In this work, we propose a Temporal Coherent Test-time Optimization framework (TeCo) to utilize spatio-temporal information in test-time optimization for robust video classification. To exploit information in video with self-supervised learning, TeCo uses global content from video clips and optimizes models for entropy minimization. TeCo minimizes the entropy of the prediction based on the global content from video clips. Meanwhile, it also feeds local content to regularize the temporal coherence at the feature level. TeCo retains the generalization ability of various video classification models and achieves significant improvements in corruption robustness across Mini Kinetics-C and Mini SSV2-C. Furthermore, TeCo sets a new baseline in video classification corruption robustness via test-time optimization.

Title: Read Pointer Meters in complex environments based on a Human-like Alignment and Recognition Algorithm. (arXiv:2302.14323v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.14323
• Code URL: null
• Copy Paste: [[2302.14323] Read Pointer Meters in complex environments based on a Human-like Alignment and Recognition Algorithm](http://arxiv.org/abs/2302.14323) #robust
• Summary:

  Recently, developing an automatic reading system for analog measuring instruments has gained increased attention, as it enables the collection of numerous state of equipment. Nonetheless, two major obstacles still obstruct its deployment to real-world applications. The first issue is that they rarely take the entire pipeline's speed into account. The second is that they are incapable of dealing with some low-quality images (i.e., meter breakage, blur, and uneven scale). In this paper, we propose a human-like alignment and recognition algorithm to overcome these problems. More specifically, a Spatial Transformed Module(STM) is proposed to obtain the front view of images in a self-autonomous way based on an improved Spatial Transformer Networks(STN). Meanwhile, a Value Acquisition Module(VAM) is proposed to infer accurate meter values by an end-to-end trained framework. In contrast to previous research, our model aligns and recognizes meters totally implemented by learnable processing, which mimics human's behaviours and thus achieves higher performances. Extensive results verify the good robustness of the proposed model in terms of the accuracy and efficiency.

Title: BEVPlace: Learning LiDAR-based Place Recognition using Bird's Eye View Images. (arXiv:2302.14325v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.14325
• Code URL: null
• Copy Paste: [[2302.14325] BEVPlace: Learning LiDAR-based Place Recognition using Bird's Eye View Images](http://arxiv.org/abs/2302.14325) #robust
• Summary:

  Place recognition is a key module for long-term SLAM systems. Current LiDAR-based place recognition methods are usually based on representations of point clouds such as unordered points or range images. These methods achieve high recall rates of retrieval, but their performance may degrade in the case of view variation or scene changes. In this work, we explore the potential of a different representation in place recognition, i.e. bird's eye view (BEV) images. We observe that the structural contents of BEV images are less influenced by rotations and translations of point clouds. We validate that, without any delicate design, a simple VGGNet trained on BEV images achieves comparable performance with the state-of-the-art place recognition methods in scenes of slight viewpoint changes. For more robust place recognition, we design a rotation-invariant network called BEVPlace. We use group convolution to extract rotation-equivariant local features from the images and NetVLAD for global feature aggregation. In addition, we observe that the distance between BEV features is correlated with the geometry distance of point clouds. Based on the observation, we develop a method to estimate the position of the query cloud, extending the usage of place recognition. The experiments conducted on large-scale public datasets show that our method 1) achieves state-of-the-art performance in terms of recall rates, 2) is robust to view changes, 3) shows strong generalization ability, and 4) can estimate the positions of query point clouds. Source code will be made publicly available at https://github.com/zjuluolun/BEVPlace.

Title: DC-Former: Diverse and Compact Transformer for Person Re-Identification. (arXiv:2302.14335v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.14335
• Code URL: null
• Copy Paste: [[2302.14335] DC-Former: Diverse and Compact Transformer for Person Re-Identification](http://arxiv.org/abs/2302.14335) #robust
• Summary:

  In person re-identification (re-ID) task, it is still challenging to learn discriminative representation by deep learning, due to limited data. Generally speaking, the model will get better performance when increasing the amount of data. The addition of similar classes strengthens the ability of the classifier to identify similar identities, thereby improving the discrimination of representation. In this paper, we propose a Diverse and Compact Transformer (DC-Former) that can achieve a similar effect by splitting embedding space into multiple diverse and compact subspaces. Compact embedding subspace helps model learn more robust and discriminative embedding to identify similar classes. And the fusion of these diverse embeddings containing more fine-grained information can further improve the effect of re-ID. Specifically, multiple class tokens are used in vision transformer to represent multiple embedding spaces. Then, a self-diverse constraint (SDC) is applied to these spaces to push them away from each other, which makes each embedding space diverse and compact. Further, a dynamic weight controller(DWC) is further designed for balancing the relative importance among them during training. The experimental results of our method are promising, which surpass previous state-of-the-art methods on several commonly used person re-ID benchmarks.

Title: HelixSurf: A Robust and Efficient Neural Implicit Surface Learning of Indoor Scenes with Iterative Intertwined Regularization. (arXiv:2302.14340v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.14340
• Code URL: https://github.com/gorilla-lab-scut/helixsurf
• Copy Paste: [[2302.14340] HelixSurf: A Robust and Efficient Neural Implicit Surface Learning of Indoor Scenes with Iterative Intertwined Regularization](http://arxiv.org/abs/2302.14340) #robust
• Summary:

  Recovery of an underlying scene geometry from multiview images stands as a long-time challenge in computer vision research. The recent promise leverages neural implicit surface learning and differentiable volume rendering, and achieves both the recovery of scene geometry and synthesis of novel views, where deep priors of neural models are used as an inductive smoothness bias. While promising for object-level surfaces, these methods suffer when coping with complex scene surfaces. In the meanwhile, traditional multi-view stereo can recover the geometry of scenes with rich textures, by globally optimizing the local, pixel-wise correspondences across multiple views. We are thus motivated to make use of the complementary benefits from the two strategies, and propose a method termed Helix-shaped neural implicit Surface learning or HelixSurf; HelixSurf uses the intermediate prediction from one strategy as the guidance to regularize the learning of the other one, and conducts such intertwined regularization iteratively during the learning process. We also propose an efficient scheme for differentiable volume rendering in HelixSurf. Experiments on surface reconstruction of indoor scenes show that our method compares favorably with existing methods and is orders of magnitude faster, even when some of existing methods are assisted with auxiliary training data. The source code is available at https://github.com/Gorilla-Lab-SCUT/HelixSurf.

Title: Im2Hands: Learning Attentive Implicit Representation of Interacting Two-Hand Shapes. (arXiv:2302.14348v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.14348
• Code URL: https://github.com/jyunlee/im2hands
• Copy Paste: [[2302.14348] Im2Hands: Learning Attentive Implicit Representation of Interacting Two-Hand Shapes](http://arxiv.org/abs/2302.14348) #robust
• Summary:

  We present Implicit Two Hands (Im2Hands), the first neural implicit representation of two interacting hands. Unlike existing methods on two-hand reconstruction that rely on a parametric hand model and/or low-resolution meshes, Im2Hands can produce fine-grained geometry of two hands with high hand-to-hand and hand-to-image coherency. To handle the shape complexity and interaction context between two hands, Im2Hands models the occupancy volume of two hands - conditioned on an RGB image and coarse 3D keypoints - by two novel attention-based modules responsible for (1) initial occupancy estimation and (2) context-aware occupancy refinement, respectively. Im2Hands first learns per-hand neural articulated occupancy in the canonical space designed for each hand using query-image attention. It then refines the initial two-hand occupancy in the posed space to enhance the coherency between the two hand shapes using query-anchor attention. In addition, we introduce an optional keypoint refinement module to enable robust two-hand shape estimation from predicted hand keypoints in a single-image reconstruction scenario. We experimentally demonstrate the effectiveness of Im2Hands on two-hand reconstruction in comparison to related methods, where ours achieves state-of-the-art results. Our code is publicly available at https://github.com/jyunlee/Im2Hands.

Title: RoPAWS: Robust Semi-supervised Representation Learning from Uncurated Data. (arXiv:2302.14483v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.14483
• Code URL: https://github.com/facebookresearch/suncet
• Copy Paste: [[2302.14483] RoPAWS: Robust Semi-supervised Representation Learning from Uncurated Data](http://arxiv.org/abs/2302.14483) #robust
• Summary:

  Semi-supervised learning aims to train a model using limited labels. State-of-the-art semi-supervised methods for image classification such as PAWS rely on self-supervised representations learned with large-scale unlabeled but curated data. However, PAWS is often less effective when using real-world unlabeled data that is uncurated, e.g., contains out-of-class data. We propose RoPAWS, a robust extension of PAWS that can work with real-world unlabeled data. We first reinterpret PAWS as a generative classifier that models densities using kernel density estimation. From this probabilistic perspective, we calibrate its prediction based on the densities of labeled and unlabeled data, which leads to a simple closed-form solution from the Bayes' rule. We demonstrate that RoPAWS significantly improves PAWS for uncurated Semi-iNat by +5.3% and curated ImageNet by +0.4%.

Title: Kartezio: Evolutionary Design of Explainable Pipelines for Biomedical Image Analysis. (arXiv:2302.14762v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.14762
• Code URL: null
• Copy Paste: [[2302.14762] Kartezio: Evolutionary Design of Explainable Pipelines for Biomedical Image Analysis](http://arxiv.org/abs/2302.14762) #robust
• Summary:

  An unresolved issue in contemporary biomedicine is the overwhelming number and diversity of complex images that require annotation, analysis and interpretation. Recent advances in Deep Learning have revolutionized the field of computer vision, creating algorithms that compete with human experts in image segmentation tasks. Crucially however, these frameworks require large human-annotated datasets for training and the resulting models are difficult to interpret. In this study, we introduce Kartezio, a modular Cartesian Genetic Programming based computational strategy that generates transparent and easily interpretable image processing pipelines by iteratively assembling and parameterizing computer vision functions. The pipelines thus generated exhibit comparable precision to state-of-the-art Deep Learning approaches on instance segmentation tasks, while requiring drastically smaller training datasets, a feature which confers tremendous flexibility, speed, and functionality to this approach. We also deployed Kartezio to solve semantic and instance segmentation problems in four real-world Use Cases, and showcase its utility in imaging contexts ranging from high-resolution microscopy to clinical pathology. By successfully implementing Kartezio on a portfolio of images ranging from subcellular structures to tumoral tissue, we demonstrated the flexibility, robustness and practical utility of this fully explicable evolutionary designer for semantic and instance segmentation.

Title: GLM-Dialog: Noise-tolerant Pre-training for Knowledge-grounded Dialogue Generation. (arXiv:2302.14401v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2302.14401
• Code URL: https://github.com/ruckbreasoning/glm-dialog
• Copy Paste: [[2302.14401] GLM-Dialog: Noise-tolerant Pre-training for Knowledge-grounded Dialogue Generation](http://arxiv.org/abs/2302.14401) #robust
• Summary:

  We present GLM-Dialog, a large-scale language model (LLM) with 10B parameters capable of knowledge-grounded conversation in Chinese using a search engine to access the Internet knowledge. GLM-Dialog offers a series of applicable techniques for exploiting various external knowledge including both helpful and noisy knowledge, enabling the creation of robust knowledge-grounded dialogue LLMs with limited proper datasets. To evaluate the GLM-Dialog more fairly, we also propose a novel evaluation method to allow humans to converse with multiple deployed bots simultaneously and compare their performance implicitly instead of explicitly rating using multidimensional metrics.Comprehensive evaluations from automatic to human perspective demonstrate the advantages of GLM-Dialog comparing with existing open source Chinese dialogue models. We release both the model checkpoint and source code, and also deploy it as a WeChat application to interact with users. We offer our evaluation platform online in an effort to prompt the development of open source models and reliable dialogue evaluation systems. The additional easy-to-use toolkit that consists of short text entity linking, query generation, and helpful knowledge classification is also released to enable diverse applications. All the source code is available on Github.

Title: SMoA: Sparse Mixture of Adapters to Mitigate Multiple Dataset Biases. (arXiv:2302.14413v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2302.14413
• Code URL: null
• Copy Paste: [[2302.14413] SMoA: Sparse Mixture of Adapters to Mitigate Multiple Dataset Biases](http://arxiv.org/abs/2302.14413) #robust
• Summary:

  Recent studies reveal that various biases exist in different NLP tasks, and over-reliance on biases results in models' poor generalization ability and low adversarial robustness. To mitigate datasets biases, previous works propose lots of debiasing techniques to tackle specific biases, which perform well on respective adversarial sets but fail to mitigate other biases. In this paper, we propose a new debiasing method Sparse Mixture-of-Adapters (SMoA), which can mitigate multiple dataset biases effectively and efficiently. Experiments on Natural Language Inference and Paraphrase Identification tasks demonstrate that SMoA outperforms full-finetuning, adapter tuning baselines, and prior strong debiasing methods. Further analysis indicates the interpretability of SMoA that sub-adapter can capture specific pattern from the training data and specialize to handle specific bias.

Title: A Dataset for Learning Graph Representations to Predict Customer Returns in Fashion Retail. (arXiv:2302.14096v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.14096
• Code URL: null
• Copy Paste: [[2302.14096] A Dataset for Learning Graph Representations to Predict Customer Returns in Fashion Retail](http://arxiv.org/abs/2302.14096) #robust
• Summary:

  We present a novel dataset collected by ASOS (a major online fashion retailer) to address the challenge of predicting customer returns in a fashion retail ecosystem. With the release of this substantial dataset we hope to motivate further collaboration between research communities and the fashion industry. We first explore the structure of this dataset with a focus on the application of Graph Representation Learning in order to exploit the natural data structure and provide statistical insights into particular features within the data. In addition to this, we show examples of a return prediction classification task with a selection of baseline models (i.e. with no intermediate representation learning step) and a graph representation based model. We show that in a downstream return prediction classification task, an F1-score of 0.792 can be found using a Graph Neural Network (GNN), improving upon other models discussed in this work. Alongside this increased F1-score, we also present a lower cross-entropy loss by recasting the data into a graph structure, indicating more robust predictions from a GNN based solution. These results provide evidence that GNNs could provide more impactful and usable classifications than other baseline models on the presented dataset and with this motivation, we hope to encourage further research into graph-based approaches using the ASOS GraphReturns dataset.

Title: Linear pretraining in recurrent mixture density networks. (arXiv:2302.14141v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.14141
• Code URL: null
• Copy Paste: [[2302.14141] Linear pretraining in recurrent mixture density networks](http://arxiv.org/abs/2302.14141) #robust
• Summary:

  We present a method for pretraining a recurrent mixture density network (RMDN). We also propose a slight modification to the architecture of the RMDN-GARCH proposed by Nikolaev et al. [2012]. The pretraining method helps the RMDN avoid bad local minima during training and improves its robustness to the persistent NaN problem, as defined by Guillaumes [2017], which is often encountered with mixture density networks. Such problem consists in frequently obtaining "Not a number" (NaN) values during training. The pretraining method proposed resolves these issues by training the linear nodes in the hidden layer of the RMDN before starting including non-linear node updates. Such an approach improves the performance of the RMDN and ensures it surpasses that of the GARCH model, which is the RMDN's linear counterpart.

Title: BrainBERT: Self-supervised representation learning for intracranial recordings. (arXiv:2302.14367v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.14367
• Code URL: null
• Copy Paste: [[2302.14367] BrainBERT: Self-supervised representation learning for intracranial recordings](http://arxiv.org/abs/2302.14367) #robust
• Summary:

  We create a reusable Transformer, BrainBERT, for intracranial recordings bringing modern representation learning approaches to neuroscience. Much like in NLP and speech recognition, this Transformer enables classifying complex concepts, i.e., decoding neural data, with higher accuracy and with much less data by being pretrained in an unsupervised manner on a large corpus of unannotated neural recordings. Our approach generalizes to new subjects with electrodes in new positions and to unrelated tasks showing that the representations robustly disentangle the neural signal. Just like in NLP where one can study language by investigating what a language model learns, this approach opens the door to investigating the brain by what a model of the brain learns. As a first step along this path, we demonstrate a new analysis of the intrinsic dimensionality of the computations in different areas of the brain. To construct these representations, we combine a technique for producing super-resolution spectrograms of neural data with an approach designed for generating contextual representations of audio by masking. In the future, far more concepts will be decodable from neural recordings by using representation learning, potentially unlocking the brain like language models unlocked language.

Title: Policy Dispersion in Non-Markovian Environment. (arXiv:2302.14509v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.14509
• Code URL: null
• Copy Paste: [[2302.14509] Policy Dispersion in Non-Markovian Environment](http://arxiv.org/abs/2302.14509) #robust
• Summary:

  Markov Decision Process (MDP) presents a mathematical framework to formulate the learning processes of agents in reinforcement learning. MDP is limited by the Markovian assumption that a reward only depends on the immediate state and action. However, a reward sometimes depends on the history of states and actions, which may result in the decision process in a non-Markovian environment. In such environments, agents receive rewards via temporally-extended behaviors sparsely, and the learned policies may be similar. This leads the agents acquired with similar policies generally overfit to the given task and can not quickly adapt to perturbations of environments. To resolve this problem, this paper tries to learn the diverse policies from the history of state-action pairs under a non-Markovian environment, in which a policy dispersion scheme is designed for seeking diverse policy representation. Specifically, we first adopt a transformer-based method to learn policy embeddings. Then, we stack the policy embeddings to construct a dispersion matrix to induce a set of diverse policies. Finally, we prove that if the dispersion matrix is positive definite, the dispersed embeddings can effectively enlarge the disagreements across policies, yielding a diverse expression for the original policy embedding distribution. Experimental results show that this dispersion scheme can obtain more expressive diverse policies, which then derive more robust performance than recent learning baselines under various learning environments.

Title: Toward Robust Uncertainty Estimation with Random Activation Functions. (arXiv:2302.14552v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.14552
• Code URL: https://github.com/yanasgh/rafs_code
• Copy Paste: [[2302.14552] Toward Robust Uncertainty Estimation with Random Activation Functions](http://arxiv.org/abs/2302.14552) #robust
• Summary:

  Deep neural networks are in the limelight of machine learning with their excellent performance in many data-driven applications. However, they can lead to inaccurate predictions when queried in out-of-distribution data points, which can have detrimental effects especially in sensitive domains, such as healthcare and transportation, where erroneous predictions can be very costly and/or dangerous. Subsequently, quantifying the uncertainty of the output of a neural network is often leveraged to evaluate the confidence of its predictions, and ensemble models have proved to be effective in measuring the uncertainty by utilizing the variance of predictions over a pool of models. In this paper, we propose a novel approach for uncertainty quantification via ensembles, called Random Activation Functions (RAFs) Ensemble, that aims at improving the ensemble diversity toward a more robust estimation, by accommodating each neural network with a different (random) activation function. Extensive empirical study demonstrates that RAFs Ensemble outperforms state-of-the-art ensemble uncertainty quantification methods on both synthetic and real-world datasets in a series of regression tasks.

Title: Graph-based Knowledge Distillation: A survey and experimental evaluation. (arXiv:2302.14643v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.14643
• Code URL: null
• Copy Paste: [[2302.14643] Graph-based Knowledge Distillation: A survey and experimental evaluation](http://arxiv.org/abs/2302.14643) #robust
• Summary:

  Graph, such as citation networks, social networks, and transportation networks, are prevalent in the real world. Graph Neural Networks (GNNs) have gained widespread attention for their robust expressiveness and exceptional performance in various graph applications. However, the efficacy of GNNs is heavily reliant on sufficient data labels and complex network models, with the former obtaining hardly and the latter computing costly. To address the labeled data scarcity and high complexity of GNNs, Knowledge Distillation (KD) has been introduced to enhance existing GNNs. This technique involves transferring the soft-label supervision of the large teacher model to the small student model while maintaining prediction performance. This survey offers a comprehensive overview of Graph-based Knowledge Distillation methods, systematically categorizing and summarizing them while discussing their limitations and future directions. This paper first introduces the background of graph and KD. It then provides a comprehensive summary of three types of Graph-based Knowledge Distillation methods, namely Graph-based Knowledge Distillation for deep neural networks (DKD), Graph-based Knowledge Distillation for GNNs (GKD), and Self-Knowledge Distillation based Graph-based Knowledge Distillation (SKD). Each type is further divided into knowledge distillation methods based on the output layer, middle layer, and constructed graph. Subsequently, various algorithms' ideas are analyzed and compared, concluding with the advantages and disadvantages of each algorithm supported by experimental results. In addition, the applications of graph-based knowledge distillation in CV, NLP, RS, and other fields are listed. Finally, the graph-based knowledge distillation is summarized and prospectively discussed. We have also released related resources at https://github.com/liujing1023/Graph-based-Knowledge-Distillation.

Title: Pushing One Pair of Labels Apart Each Time in Multi-Label Learning: From Single Positive to Full Labels. (arXiv:2302.14695v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.14695
• Code URL: null
• Copy Paste: [[2302.14695] Pushing One Pair of Labels Apart Each Time in Multi-Label Learning: From Single Positive to Full Labels](http://arxiv.org/abs/2302.14695) #robust
• Summary:

  In Multi-Label Learning (MLL), it is extremely challenging to accurately annotate every appearing object due to expensive costs and limited knowledge. When facing such a challenge, a more practical and cheaper alternative should be Single Positive Multi-Label Learning (SPMLL), where only one positive label needs to be provided per sample. Existing SPMLL methods usually assume unknown labels as negatives, which inevitably introduces false negatives as noisy labels. More seriously, Binary Cross Entropy (BCE) loss is often used for training, which is notoriously not robust to noisy labels. To mitigate this issue, we customize an objective function for SPMLL by pushing only one pair of labels apart each time to prevent the domination of negative labels, which is the main culprit of fitting noisy labels in SPMLL. To further combat such noisy labels, we explore the high-rankness of label matrix, which can also push apart different labels. By directly extending from SPMLL to MLL with full labels, a unified loss applicable to both settings is derived. Experiments on real datasets demonstrate that the proposed loss not only performs more robustly to noisy labels for SPMLL but also works well for full labels. Besides, we empirically discover that high-rankness can mitigate the dramatic performance drop in SPMLL. Most surprisingly, even without any regularization or fine-tuned label correction, only adopting our loss defeats state-of-the-art SPMLL methods on CUB, a dataset that severely lacks labels.

Title: Learning Hidden Markov Models Using Conditional Samples. (arXiv:2302.14753v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.14753
• Code URL: null
• Copy Paste: [[2302.14753] Learning Hidden Markov Models Using Conditional Samples](http://arxiv.org/abs/2302.14753) #robust
• Summary:

  This paper is concerned with the computational complexity of learning the Hidden Markov Model (HMM). Although HMMs are some of the most widely used tools in sequential and time series modeling, they are cryptographically hard to learn in the standard setting where one has access to i.i.d. samples of observation sequences. In this paper, we depart from this setup and consider an interactive access model, in which the algorithm can query for samples from the conditional distributions of the HMMs. We show that interactive access to the HMM enables computationally efficient learning algorithms, thereby bypassing cryptographic hardness. Specifically, we obtain efficient algorithms for learning HMMs in two settings:

(a) An easier setting where we have query access to the exact conditional probabilities. Here our algorithm runs in polynomial time and makes polynomially many queries to approximate any HMM in total variation distance.

(b) A harder setting where we can only obtain samples from the conditional distributions. Here the performance of the algorithm depends on a new parameter, called the fidelity of the HMM. We show that this captures cryptographically hard instances and previously known positive results.

We also show that these results extend to a broader class of distributions with latent low rank structure. Our algorithms can be viewed as generalizations and robustifications of Angluin's $L^*$ algorithm for learning deterministic finite automata from membership queries.

biometric

steal

extraction

Title: Markerless Camera-to-Robot Pose Estimation via Self-supervised Sim-to-Real Transfer. (arXiv:2302.14332v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.14332
• Code URL: null
• Copy Paste: [[2302.14332] Markerless Camera-to-Robot Pose Estimation via Self-supervised Sim-to-Real Transfer](http://arxiv.org/abs/2302.14332) #extraction
• Summary:

  Solving the camera-to-robot pose is a fundamental requirement for vision-based robot control, and is a process that takes considerable effort and cares to make accurate. Traditional approaches require modification of the robot via markers, and subsequent deep learning approaches enabled markerless feature extraction. Mainstream deep learning methods only use synthetic data and rely on Domain Randomization to fill the sim-to-real gap, because acquiring the 3D annotation is labor-intensive. In this work, we go beyond the limitation of 3D annotations for real-world data. We propose an end-to-end pose estimation framework that is capable of online camera-to-robot calibration and a self-supervised training method to scale the training to unlabeled real-world data. Our framework combines deep learning and geometric vision for solving the robot pose, and the pipeline is fully differentiable. To train the Camera-to-Robot Pose Estimation Network (CtRNet), we leverage foreground segmentation and differentiable rendering for image-level self-supervision. The pose prediction is visualized through a renderer and the image loss with the input image is back-propagated to train the neural network. Our experimental results on two public real datasets confirm the effectiveness of our approach over existing works. We also integrate our framework into a visual servoing system to demonstrate the promise of real-time precise robot pose estimation for automation tasks.

Title: GRAN: Ghost Residual Attention Network for Single Image Super Resolution. (arXiv:2302.14557v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.14557
• Code URL: null
• Copy Paste: [[2302.14557] GRAN: Ghost Residual Attention Network for Single Image Super Resolution](http://arxiv.org/abs/2302.14557) #extraction
• Summary:

  Recently, many works have designed wider and deeper networks to achieve higher image super-resolution performance. Despite their outstanding performance, they still suffer from high computational resources, preventing them from directly applying to embedded devices. To reduce the computation resources and maintain performance, we propose a novel Ghost Residual Attention Network (GRAN) for efficient super-resolution. This paper introduces Ghost Residual Attention Block (GRAB) groups to overcome the drawbacks of the standard convolutional operation, i.e., redundancy of the intermediate feature. GRAB consists of the Ghost Module and Channel and Spatial Attention Module (CSAM) to alleviate the generation of redundant features. Specifically, Ghost Module can reveal information underlying intrinsic features by employing linear operations to replace the standard convolutions. Reducing redundant features by the Ghost Module, our model decreases memory and computing resource requirements in the network. The CSAM pays more comprehensive attention to where and what the feature extraction is, which is critical to recovering the image details. Experiments conducted on the benchmark datasets demonstrate the superior performance of our method in both qualitative and quantitative. Compared to the baseline models, we achieve higher performance with lower computational resources, whose parameters and FLOPs have decreased by more than ten times.

Title: Augmented Transformers with Adaptive n-grams Embedding for Multilingual Scene Text Recognition. (arXiv:2302.14261v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2302.14261
• Code URL: null
• Copy Paste: [[2302.14261] Augmented Transformers with Adaptive n-grams Embedding for Multilingual Scene Text Recognition](http://arxiv.org/abs/2302.14261) #extraction
• Summary:

  While vision transformers have been highly successful in improving the performance in image-based tasks, not much work has been reported on applying transformers to multilingual scene text recognition due to the complexities in the visual appearance of multilingual texts. To fill the gap, this paper proposes an augmented transformer architecture with n-grams embedding and cross-language rectification (TANGER). TANGER consists of a primary transformer with single patch embeddings of visual images, and a supplementary transformer with adaptive n-grams embeddings that aims to flexibly explore the potential correlations between neighbouring visual patches, which is essential for feature extraction from multilingual scene texts. Cross-language rectification is achieved with a loss function that takes into account both language identification and contextual coherence scoring. Extensive comparative studies are conducted on four widely used benchmark datasets as well as a new multilingual scene text dataset containing Indonesian, English, and Chinese collected from tourism scenes in Indonesia. Our experimental results demonstrate that TANGER is considerably better compared to the state-of-the-art, especially in handling complex multilingual scene texts.

Title: HugNLP: A Unified and Comprehensive Library for Natural Language Processing. (arXiv:2302.14286v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2302.14286
• Code URL: https://github.com/wjn1996/hugnlp
• Copy Paste: [[2302.14286] HugNLP: A Unified and Comprehensive Library for Natural Language Processing](http://arxiv.org/abs/2302.14286) #extraction
• Summary:

  In this paper, we introduce HugNLP, a unified and comprehensive library for natural language processing (NLP) with the prevalent backend of HuggingFace Transformers, which is designed for NLP researchers to easily utilize off-the-shelf algorithms and develop novel methods with user-defined models and tasks in real-world scenarios. HugNLP consists of a hierarchical structure including models, processors and applications that unifies the learning process of pre-trained language models (PLMs) on different NLP tasks. Additionally, we present some featured NLP applications to show the effectiveness of HugNLP, such as knowledge-enhanced PLMs, universal information extraction, low-resource mining, and code understanding and generation, etc. The source code will be released on GitHub (https://github.com/wjn1996/HugNLP).

Title: Self-training through Classifier Disagreement for Cross-Domain Opinion Target Extraction. (arXiv:2302.14719v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2302.14719
• Code URL: null
• Copy Paste: [[2302.14719] Self-training through Classifier Disagreement for Cross-Domain Opinion Target Extraction](http://arxiv.org/abs/2302.14719) #extraction
• Summary:

  Opinion target extraction (OTE) or aspect extraction (AE) is a fundamental task in opinion mining that aims to extract the targets (or aspects) on which opinions have been expressed. Recent work focus on cross-domain OTE, which is typically encountered in real-world scenarios, where the testing and training distributions differ. Most methods use domain adversarial neural networks that aim to reduce the domain gap between the labelled source and unlabelled target domains to improve target domain performance. However, this approach only aligns feature distributions and does not account for class-wise feature alignment, leading to suboptimal results. Semi-supervised learning (SSL) has been explored as a solution, but is limited by the quality of pseudo-labels generated by the model. Inspired by the theoretical foundations in domain adaptation [2], we propose a new SSL approach that opts for selecting target samples whose model output from a domain-specific teacher and student network disagree on the unlabelled target data, in an effort to boost the target domain performance. Extensive experiments on benchmark cross-domain OTE datasets show that this approach is effective and performs consistently well in settings with large domain shifts.

Title: Identification of pattern mining algorithm for rugby league players positional groups separation based on movement patterns. (arXiv:2302.14058v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.14058
• Code URL: null
• Copy Paste: [[2302.14058] Identification of pattern mining algorithm for rugby league players positional groups separation based on movement patterns](http://arxiv.org/abs/2302.14058) #extraction
• Summary:

  The application of pattern mining algorithms to extract movement patterns from sports big data can improve training specificity by facilitating a more granular evaluation of movement. As there are various pattern mining algorithms, this study aimed to validate which algorithm discovers the best set of movement patterns for player movement profiling in professional rugby league and the similarity in extracted movement patterns between the algorithms. Three pattern mining algorithms (l-length Closed Contiguous [LCCspm], Longest Common Subsequence [LCS] and AprioriClose) were used to profile elite rugby football league hookers (n = 22 players) and wingers (n = 28 players) match-games movements across 319 matches. Machine learning classification algorithms were used to identify which algorithm gives the best set of movement patterns to separate playing positions with Jaccard similarity score identifying the extent of similarity between algorithms' movement patterns. LCCspm and LCS movement patterns shared a 0.19 Jaccard similarity score. AprioriClose movement patterns shared no significant similarity with LCCspm and LCS patterns. The closed contiguous movement patterns profiled by LCCspm best-separated players into playing positions. Multi-layered Perceptron algorithm achieved the highest accuracy of 91.02% and precision, recall and F1 scores of 0.91 respectively. Therefore, we recommend the extraction of closed contiguous (consecutive) over non-consecutive movement patterns for separating groups of players.

membership infer

federate

Title: GradMA: A Gradient-Memory-based Accelerated Federated Learning with Alleviated Catastrophic Forgetting. (arXiv:2302.14307v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.14307
• Code URL: null
• Copy Paste: [[2302.14307] GradMA: A Gradient-Memory-based Accelerated Federated Learning with Alleviated Catastrophic Forgetting](http://arxiv.org/abs/2302.14307) #federate
• Summary:

  Federated Learning (FL) has emerged as a de facto machine learning area and received rapid increasing research interests from the community. However, catastrophic forgetting caused by data heterogeneity and partial participation poses distinctive challenges for FL, which are detrimental to the performance. To tackle the problems, we propose a new FL approach (namely GradMA), which takes inspiration from continual learning to simultaneously correct the server-side and worker-side update directions as well as take full advantage of server's rich computing and memory resources. Furthermore, we elaborate a memory reduction strategy to enable GradMA to accommodate FL with a large scale of workers. We then analyze convergence of GradMA theoretically under the smooth non-convex setting and show that its convergence rate achieves a linear speed up w.r.t the increasing number of sampled active workers. At last, our extensive experiments on various image classification tasks show that GradMA achieves significant performance gains in accuracy and communication efficiency compared to SOTA baselines.

fair

Title: A Closer Look at the Intervention Procedure of Concept Bottleneck Models. (arXiv:2302.14260v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.14260
• Code URL: https://github.com/ssbin4/closer-intervention-cbm
• Copy Paste: [[2302.14260] A Closer Look at the Intervention Procedure of Concept Bottleneck Models](http://arxiv.org/abs/2302.14260) #fair
• Summary:

  Concept bottleneck models (CBMs) are a class of interpretable neural network models that predict the target response of a given input based on its high-level concepts. Unlike the standard end-to-end models, CBMs enable domain experts to intervene on the predicted concepts and rectify any mistakes at test time, so that more accurate task predictions can be made at the end. While such intervenability provides a powerful avenue of control, many aspects of the intervention procedure remain rather unexplored. In this work, we develop various ways of selecting intervening concepts to improve the intervention effectiveness and conduct an array of in-depth analyses as to how they evolve under different circumstances. Specifically, we find that an informed intervention strategy can reduce the task error more than ten times compared to the current baseline under the same amount of intervention counts in realistic settings, and yet, this can vary quite significantly when taking into account different intervention granularity. We verify our findings through comprehensive evaluations, not only on the standard real datasets, but also on synthetic datasets that we generate based on a set of different causal graphs. We further discover some major pitfalls of the current practices which, without a proper addressing, raise concerns on reliability and fairness of the intervention procedure.

Title: Asymptotically Optimal Thompson Sampling Based Policy for the Uniform Bandits and the Gaussian Bandits. (arXiv:2302.14407v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.14407
• Code URL: null
• Copy Paste: [[2302.14407] Asymptotically Optimal Thompson Sampling Based Policy for the Uniform Bandits and the Gaussian Bandits](http://arxiv.org/abs/2302.14407) #fair
• Summary:

  Thompson sampling (TS) for the parametric stochastic multi-armed bandits has been well studied under the one-dimensional parametric models. It is often reported that TS is fairly insensitive to the choice of the prior when it comes to regret bounds. However, this property is not necessarily true when multiparameter models are considered, e.g., a Gaussian model with unknown mean and variance parameters. In this paper, we first extend the regret analysis of TS to the model of uniform distributions with unknown supports. Specifically, we show that a switch of noninformative priors drastically affects the regret in expectation. Through our analysis, the uniform prior is proven to be the optimal choice in terms of the expected regret, while the reference prior and the Jeffreys prior are found to be suboptimal, which is consistent with previous findings in the model of Gaussian distributions. However, the uniform prior is specific to the parameterization of the distributions, meaning that if an agent considers different parameterizations of the same model, the agent with the uniform prior might not always achieve the optimal performance. In light of this limitation, we propose a slightly modified TS-based policy, called TS with Truncation (TS-T), which can achieve the asymptotic optimality for the Gaussian distributions and the uniform distributions by using the reference prior and the Jeffreys prior that are invariant under one-to-one reparameterizations. The pre-processig of the posterior distribution is the key to TS-T, where we add an adaptive truncation procedure on the parameter space of the posterior distributions. Simulation results support our analysis, where TS-T shows the best performance in a finite-time horizon compared to other known optimal policies, while TS with the invariant priors performs poorly.

interpretability

explainability

Title: Multi-Layer Attention-Based Explainability via Transformers for Tabular Data. (arXiv:2302.14278v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.14278
• Code URL: null
• Copy Paste: [[2302.14278] Multi-Layer Attention-Based Explainability via Transformers for Tabular Data](http://arxiv.org/abs/2302.14278) #explainability
• Summary:

  We propose a graph-oriented attention-based explainability method for tabular data. Tasks involving tabular data have been solved mostly using traditional tree-based machine learning models which have the challenges of feature selection and engineering. With that in mind, we consider a transformer architecture for tabular data, which is amenable to explainability, and present a novel way to leverage self-attention mechanism to provide explanations by taking into account the attention matrices of all layers as a whole. The matrices are mapped to a graph structure where groups of features correspond to nodes and attention values to arcs. By finding the maximum probability paths in the graph, we identify groups of features providing larger contributions to explain the model's predictions. To assess the quality of multi-layer attention-based explanations, we compare them with popular attention-, gradient-, and perturbation-based explanability methods.

watermark

diffusion

Title: Towards Enhanced Controllability of Diffusion Models. (arXiv:2302.14368v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.14368
• Code URL: null
• Copy Paste: [[2302.14368] Towards Enhanced Controllability of Diffusion Models](http://arxiv.org/abs/2302.14368) #diffusion
• Summary:

  Denoising Diffusion models have shown remarkable capabilities in generating realistic, high-quality and diverse images. However, the extent of controllability and editability with diffusion models is underexplored relative to GANs. Inspired by techniques based on the latent space of GAN models for image manipulation, we propose to train a diffusion model conditioned on two latent codes, a spatial content mask and a flattened style embedding. We rely on the inductive bias of the progressive denoising process of diffusion models to encode pose/layout information in the spatial structure mask and semantic/style information in the style code. We extend the sampling technique from composable diffusion models to allow for some dependence between conditional inputs. This improves the quality of the generations significantly while also providing control over the amount of guidance from each latent code separately as well as from their joint distribution. To further enhance controllability, we vary the level of guidance for structure and style latents based on the denoising timestep. We observe more controllability compared to existing methods and show that without explicit training objectives, diffusion models can be leveraged for effective image manipulation, reference based image translation and style transfer.

Title: Can We Use Diffusion Probabilistic Models for 3D Motion Prediction?. (arXiv:2302.14503v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.14503
• Code URL: null
• Copy Paste: [[2302.14503] Can We Use Diffusion Probabilistic Models for 3D Motion Prediction?](http://arxiv.org/abs/2302.14503) #diffusion
• Summary:

  After many researchers observed fruitfulness from the recent diffusion probabilistic model, its effectiveness in image generation is actively studied these days. In this paper, our objective is to evaluate the potential of diffusion probabilistic models for 3D human motion-related tasks. To this end, this paper presents a study of employing diffusion probabilistic models to predict future 3D human motion(s) from the previously observed motion. Based on the Human 3.6M and HumanEva-I datasets, our results show that diffusion probabilistic models are competitive for both single (deterministic) and multiple (stochastic) 3D motion prediction tasks, after finishing a single training process. In addition, we find out that diffusion probabilistic models can offer an attractive compromise, since they can strike the right balance between the likelihood and diversity of the predicted future motions. Our code is publicly available on the project website: https://sites.google.com/view/diffusion-motion-prediction.

Title: Dissolving Is Amplifying: Towards Fine-Grained Anomaly Detection. (arXiv:2302.14696v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.14696
• Code URL: null
• Copy Paste: [[2302.14696] Dissolving Is Amplifying: Towards Fine-Grained Anomaly Detection](http://arxiv.org/abs/2302.14696) #diffusion
• Summary:

  Medical anomalous data normally contains fine-grained instance-wise additive feature patterns (e.g. tumor, hemorrhage), that are oftenly critical but insignificant. Interestingly, apart from the remarkable image generation abilities of diffusion models, we observed that diffusion models can dissolve image details for a given image, resulting in generalized feature representations. We hereby propose DIA, dissolving is amplifying, that amplifies fine-grained image features by contrasting an image against its feature dissolved counterpart. In particular, we show that diffusion models can serve as semantic preserving feature dissolvers that help learning fine-grained anomalous patterns for anomaly detection tasks, especially for medical domains with fine-grained feature differences. As a result, our method yields a novel fine-grained anomaly detection method, aims at amplifying instance-level feature patterns, that significantly improves medical anomaly detection accuracy in a large margin without any prior knowledge of explicit fine-grained anomalous feature patterns.

Title: Monocular Depth Estimation using Diffusion Models. (arXiv:2302.14816v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2302.14816
• Code URL: null
• Copy Paste: [[2302.14816] Monocular Depth Estimation using Diffusion Models](http://arxiv.org/abs/2302.14816) #diffusion
• Summary:

  We formulate monocular depth estimation using denoising diffusion models, inspired by their recent successes in high fidelity image generation. To that end, we introduce innovations to address problems arising due to noisy, incomplete depth maps in training data, including step-unrolled denoising diffusion, an $L_1$ loss, and depth infilling during training. To cope with the limited availability of data for supervised training, we leverage pre-training on self-supervised image-to-image translation tasks. Despite the simplicity of the approach, with a generic loss and architecture, our DepthGen model achieves SOTA performance on the indoor NYU dataset, and near SOTA results on the outdoor KITTI dataset. Further, with a multimodal posterior, DepthGen naturally represents depth ambiguity (e.g., from transparent surfaces), and its zero-shot performance combined with depth imputation, enable a simple but effective text-to-3D pipeline. Project page: https://depth-gen.github.io

Title: Synthesizing Mixed-type Electronic Health Records using Diffusion Models. (arXiv:2302.14679v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2302.14679
• Code URL: null
• Copy Paste: [[2302.14679] Synthesizing Mixed-type Electronic Health Records using Diffusion Models](http://arxiv.org/abs/2302.14679) #diffusion
• Summary:

  Electronic Health Records (EHRs) contain sensitive patient information, which presents privacy concerns when sharing such data. Synthetic data generation is a promising solution to mitigate these risks, often relying on deep generative models such as Generative Adversarial Networks (GANs). However, recent studies have shown that diffusion models offer several advantages over GANs, such as generation of more realistic synthetic data and stable training in generating data modalities, including image, text, and sound. In this work, we investigate the potential of diffusion models for generating realistic mixed-type tabular EHRs, comparing TabDDPM model with existing methods on four datasets in terms of data quality, utility, privacy, and augmentation. Our experiments demonstrate that TabDDPM outperforms the state-of-the-art models across all evaluation metrics, except for privacy, which confirms the trade-off between privacy and utility.