secure

Title: Zero-Effort Two-Factor Authentication Using Wi-Fi Radio Wave Transmission and Machine Learning. (arXiv:2303.02503v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2303.02503
• Code URL: null
• Copy Paste: [[2303.02503] Zero-Effort Two-Factor Authentication Using Wi-Fi Radio Wave Transmission and Machine Learning](http://arxiv.org/abs/2303.02503) #secure
• Summary:

  The proliferation of sensitive information being stored online highlights the pressing need for secure and efficient user authentication methods. To address this issue, this paper presents a novel zero-effort two-factor authentication (2FA) approach that combines the unique characteristics of a users environment and Machine Learning (ML) to confirm their identity. Our proposed approach utilizes Wi-Fi radio wave transmission and ML algorithms to analyze beacon frame characteristics and Received Signal Strength Indicator (RSSI) values from Wi-Fi access points to determine the users location. The aim is to provide a secure and efficient method of authentication without the need for additional hardware or software. A prototype was developed using Raspberry Pi devices and experiments were conducted to demonstrate the effectiveness and practicality of the proposed approach. Results showed that the proposed system can significantly enhance the security of sensitive information in various industries such as finance, healthcare, and retail. This study sheds light on the potential of Wi-Fi radio waves and RSSI values as a means of user authentication and the power of ML to identify patterns in wireless signals for security purposes. The proposed system holds great promise in revolutionizing the field of 2FA and user authentication, offering a new era of secure and seamless access to sensitive information.

security

privacy

Title: Hierarchical Training of Deep Neural Networks Using Early Exiting. (arXiv:2303.02384v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.02384
• Code URL: null
• Copy Paste: [[2303.02384] Hierarchical Training of Deep Neural Networks Using Early Exiting](http://arxiv.org/abs/2303.02384) #privacy
• Summary:

  Deep Neural Networks provide state-of-the-art accuracy for vision tasks but they require significant resources for training. Thus, they are trained on cloud servers far from the edge devices that acquire the data. This issue increases communication cost, runtime and privacy concerns. In this study, a novel hierarchical training method for deep neural networks is proposed that reduces the communication cost, training runtime, and privacy concerns by dividing the architecture between edge and cloud workers using early exits. The method proposes a brand-new use case for early exits to separate the backward pass of neural networks between the edge and the cloud during the training phase. We address the issues of most available hierarchical training methods that due to the sequential nature of the training phase, cannot train the levels of hierarchy at the same time or they do it with the cost of privacy. In contrast to these schemes, our method can use both edge and cloud workers simultaneously, does not share the raw input data with the cloud, and does not require communication during the backward pass. Several simulations and on-device experiments for different neural network architectures are done to demonstrate the effectiveness of this method. It is shown that the method reduces 29% and 61% runtime in CIFAR-10 classification experiment for VGG-16 and ResNet-18 when the communication with the cloud is done over the 3G protocol. This gain in the runtime is achieved whilst the accuracy drop is negligible. This method can be inspirational to provide online learning of high-accuracy deep neural networks on low-resource devices such as mobile phones or robots as a part of an edge-cloud system, making them more flexible in facing new tasks and classes of data in the future.

protect

defense

Title: Backdoor Attacks and Defenses in Federated Learning: Survey, Challenges and Future Research Directions. (arXiv:2303.02213v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2303.02213
• Code URL: null
• Copy Paste: [[2303.02213] Backdoor Attacks and Defenses in Federated Learning: Survey, Challenges and Future Research Directions](http://arxiv.org/abs/2303.02213) #defense
• Summary:

  Federated learning (FL) is a machine learning (ML) approach that allows the use of distributed data without compromising personal privacy. However, the heterogeneous distribution of data among clients in FL can make it difficult for the orchestration server to validate the integrity of local model updates, making FL vulnerable to various threats, including backdoor attacks. Backdoor attacks involve the insertion of malicious functionality into a targeted model through poisoned updates from malicious clients. These attacks can cause the global model to misbehave on specific inputs while appearing normal in other cases. Backdoor attacks have received significant attention in the literature due to their potential to impact real-world deep learning applications. However, they have not been thoroughly studied in the context of FL. In this survey, we provide a comprehensive survey of current backdoor attack strategies and defenses in FL, including a comprehensive analysis of different approaches. We also discuss the challenges and potential future directions for attacks and defenses in the context of FL.

attack

Title: TrojText: Test-time Invisible Textual Trojan Insertion. (arXiv:2303.02242v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2303.02242
• Code URL: https://github.com/ucf-ml-research/trojtext
• Copy Paste: [[2303.02242] TrojText: Test-time Invisible Textual Trojan Insertion](http://arxiv.org/abs/2303.02242) #attack
• Summary:

  In Natural Language Processing (NLP), intelligent neuron models can be susceptible to textual Trojan attacks. Such attacks occur when Trojan models behave normally for standard inputs but generate malicious output for inputs that contain a specific trigger. Syntactic-structure triggers, which are invisible, are becoming more popular for Trojan attacks because they are difficult to detect and defend against. However, these types of attacks require a large corpus of training data to generate poisoned samples with the necessary syntactic structures for Trojan insertion. Obtaining such data can be difficult for attackers, and the process of generating syntactic poisoned triggers and inserting Trojans can be time-consuming. This paper proposes a solution called TrojText, which aims to determine whether invisible textual Trojan attacks can be performed more efficiently and cost-effectively without training data. The proposed approach, called the Representation-Logit Trojan Insertion (RLI) algorithm, uses smaller sampled test data instead of large training data to achieve the desired attack. The paper also introduces two additional techniques, namely the accumulated gradient ranking (AGR) and Trojan Weights Pruning (TWP), to reduce the number of tuned parameters and the attack overhead. The TrojText approach was evaluated on three datasets (AG's News, SST-2, and OLID) using three NLP models (BERT, XLNet, and DeBERTa). The experiments demonstrated that the TrojText approach achieved a 98.35\% classification accuracy for test sentences in the target class on the BERT model for the AG's News dataset. The source code for TrojText is available at https://github.com/UCF-ML-Research/TrojText.

Title: Adversarial Attacks on Machine Learning in Embedded and IoT Platforms. (arXiv:2303.02214v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2303.02214
• Code URL: null
• Copy Paste: [[2303.02214] Adversarial Attacks on Machine Learning in Embedded and IoT Platforms](http://arxiv.org/abs/2303.02214) #attack
• Summary:

  Machine learning (ML) algorithms are increasingly being integrated into embedded and IoT systems that surround us, and they are vulnerable to adversarial attacks. The deployment of these ML algorithms on resource-limited embedded platforms also requires the use of model compression techniques. The impact of such model compression techniques on adversarial robustness in ML is an important and emerging area of research. This article provides an overview of the landscape of adversarial attacks and ML model compression techniques relevant to embedded systems. We then describe efforts that seek to understand the relationship between adversarial attacks and ML model compression before discussing open problems in this area.

Title: Improved Robustness Against Adaptive Attacks With Ensembles and Error-Correcting Output Codes. (arXiv:2303.02322v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2303.02322
• Code URL: https://github.com/thomasp05/improved-robustness-with-ecoc
• Copy Paste: [[2303.02322] Improved Robustness Against Adaptive Attacks With Ensembles and Error-Correcting Output Codes](http://arxiv.org/abs/2303.02322) #attack
• Summary:

  Neural network ensembles have been studied extensively in the context of adversarial robustness and most ensemble-based approaches remain vulnerable to adaptive attacks. In this paper, we investigate the robustness of Error-Correcting Output Codes (ECOC) ensembles through architectural improvements and ensemble diversity promotion. We perform a comprehensive robustness assessment against adaptive attacks and investigate the relationship between ensemble diversity and robustness. Our results demonstrate the benefits of ECOC ensembles for adversarial robustness compared to regular ensembles of convolutional neural networks (CNNs) and show why the robustness of previous implementations is limited. We also propose an adversarial training method specific to ECOC ensembles that allows to further improve robustness to adaptive attacks.

robust

Title: Lightweight, Uncertainty-Aware Conformalized Visual Odometry. (arXiv:2303.02207v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.02207
• Code URL: null
• Copy Paste: [[2303.02207] Lightweight, Uncertainty-Aware Conformalized Visual Odometry](http://arxiv.org/abs/2303.02207) #robust
• Summary:

  Data-driven visual odometry (VO) is a critical subroutine for autonomous edge robotics, and recent progress in the field has produced highly accurate point predictions in complex environments. However, emerging autonomous edge robotics devices like insect-scale drones and surgical robots lack a computationally efficient framework to estimate VO's predictive uncertainties. Meanwhile, as edge robotics continue to proliferate into mission-critical application spaces, awareness of model's the predictive uncertainties has become crucial for risk-aware decision-making. This paper addresses this challenge by presenting a novel, lightweight, and statistically robust framework that leverages conformal inference (CI) to extract VO's uncertainty bands. Our approach represents the uncertainties using flexible, adaptable, and adjustable prediction intervals that, on average, guarantee the inclusion of the ground truth across all degrees of freedom (DOF) of pose estimation. We discuss the architectures of generative deep neural networks for estimating multivariate uncertainty bands along with point (mean) prediction. We also present techniques to improve the uncertainty estimation accuracy, such as leveraging Monte Carlo dropout (MC-dropout) for data augmentation. Finally, we propose a novel training loss function that combines interval scoring and calibration loss with traditional training metrics--mean-squared error and KL-divergence--to improve uncertainty-aware learning. Our simulation results demonstrate that the presented framework consistently captures true uncertainty in pose estimations across different datasets, estimation models, and applied noise types, indicating its wide applicability.

Title: A Visual SLAM with Moving Object Trajectory Prediction. (arXiv:2303.02257v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.02257
• Code URL: null
• Copy Paste: [[2303.02257] A Visual SLAM with Moving Object Trajectory Prediction](http://arxiv.org/abs/2303.02257) #robust
• Summary:

  Visual Simultaneous Localization and Mapping (SLAM) has received significant attention in recent years due to its ability to estimate camera trajectory and create an environment map using visual data alone, making a substantial contribution to autonomous driving applications, in particular, a real-world scenario with moving crowds and vehicles. In this work, we propose a visual SLAM system that incorporates moving object trajectory tracking and prediction. We take into account the motion clues of the pedestrians to track and predict their movement, as long as mapping the environment. Such an integrated system solves the localization of the camera and other moving objects in the scene, and further creates a sparse map to support the potential navigation of the vehicle. In the experiment, we demonstrate the effectiveness and robustness of our approach through a comprehensive evaluation on both our simulation and real-world KITTI datasets.

Title: APE: An Open and Shared Annotated Dataset for Learning Urban Pedestrian Path Networks. (arXiv:2303.02323v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.02323
• Code URL: null
• Copy Paste: [[2303.02323] APE: An Open and Shared Annotated Dataset for Learning Urban Pedestrian Path Networks](http://arxiv.org/abs/2303.02323) #robust
• Summary:

  Inferring the full transportation network, including sidewalks and cycleways, is crucial for many automated systems, including autonomous driving, multi-modal navigation, trip planning, mobility simulations, and freight management. Many transportation decisions can be informed based on an accurate pedestrian network, its interactions, and connectivity with the road networks of other modes of travel. A connected pedestrian path network is vital to transportation activities, as sidewalks and crossings connect pedestrians to other modes of transportation. However, information about these paths' location and connectivity is often missing or inaccurate in city planning systems and wayfinding applications, causing severe information gaps and errors for planners and pedestrians. This work begins to address this problem at scale by introducing a novel dataset of aerial satellite imagery, street map imagery, and rasterized annotations of sidewalks, crossings, and corner bulbs in urban cities. The dataset spans $2,700 km^2$ land area, covering select regions from $6$ different cities. It can be used for various learning tasks related to segmenting and understanding pedestrian environments. We also present an end-to-end process for inferring a connected pedestrian path network map using street network information and our proposed dataset. The process features the use of a multi-input segmentation network trained on our dataset to predict important classes in the pedestrian environment and then generate a connected pedestrian path network. Our results demonstrate that the dataset is sufficiently large to train common segmentation models yielding accurate, robust pedestrian path networks.

Title: Decompose, Adjust, Compose: Effective Normalization by Playing with Frequency for Domain Generalization. (arXiv:2303.02328v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.02328
• Code URL: null
• Copy Paste: [[2303.02328] Decompose, Adjust, Compose: Effective Normalization by Playing with Frequency for Domain Generalization](http://arxiv.org/abs/2303.02328) #robust
• Summary:

  Domain generalization (DG) is a principal task to evaluate the robustness of computer vision models. Many previous studies have used normalization for DG. In normalization, statistics and normalized features are regarded as style and content, respectively. However, it has a content variation problem when removing style because the boundary between content and style is unclear. This study addresses this problem from the frequency domain perspective, where amplitude and phase are considered as style and content, respectively. First, we verify the quantitative phase variation of normalization through the mathematical derivation of the Fourier transform formula. Then, based on this, we propose a novel normalization method, PCNorm, which eliminates style only as the preserving content through spectral decomposition. Furthermore, we propose advanced PCNorm variants, CCNorm and SCNorm, which adjust the degrees of variations in content and style, respectively. Thus, they can learn domain-agnostic representations for DG. With the normalization methods, we propose ResNet-variant models, DAC-P and DAC-SC, which are robust to the domain gap. The proposed models outperform other recent DG methods. The DAC-SC achieves an average state-of-the-art performance of 65.6% on five datasets: PACS, VLCS, Office-Home, DomainNet, and TerraIncognita.

Title: Graph-based Representation for Image based on Granular-ball. (arXiv:2303.02388v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.02388
• Code URL: https://github.com/ddw2aigroup2cqupt/grig
• Copy Paste: [[2303.02388] Graph-based Representation for Image based on Granular-ball](http://arxiv.org/abs/2303.02388) #robust
• Summary:

  Current image processing methods usually operate on the finest-granularity unit; that is, the pixel, which leads to challenges in terms of efficiency, robustness, and understandability in deep learning models. We present an improved granular-ball computing method to represent the image as a graph, in which each node expresses a structural block in the image and each edge represents the association between two nodes. Specifically:(1) We design a gradient-based strategy for the adaptive reorganization of all pixels in the image into numerous rectangular regions, each of which can be regarded as one node. (2) Each node has a connection edge with the nodes with which it shares regions. (3) We design a low-dimensional vector as the attribute of each node. All nodes and their corresponding edges form a graphical representation of a digital image. In the experiments, our proposed graph representation is applied to benchmark datasets for image classification tasks, and the efficiency and good understandability demonstrate that our proposed method offers significant potential in artificial intelligence theory and application.

Title: Fine-Grained ImageNet Classification in the Wild. (arXiv:2303.02400v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.02400
• Code URL: https://github.com/marialymperaiou/classification-in-the-wild
• Copy Paste: [[2303.02400] Fine-Grained ImageNet Classification in the Wild](http://arxiv.org/abs/2303.02400) #robust
• Summary:

  Image classification has been one of the most popular tasks in Deep Learning, seeing an abundance of impressive implementations each year. However, there is a lot of criticism tied to promoting complex architectures that continuously push performance metrics higher and higher. Robustness tests can uncover several vulnerabilities and biases which go unnoticed during the typical model evaluation stage. So far, model robustness under distribution shifts has mainly been examined within carefully curated datasets. Nevertheless, such approaches do not test the real response of classifiers in the wild, e.g. when uncurated web-crawled image data of corresponding classes are provided. In our work, we perform fine-grained classification on closely related categories, which are identified with the help of hierarchical knowledge. Extensive experimentation on a variety of convolutional and transformer-based architectures reveals model robustness in this novel setting. Finally, hierarchical knowledge is again employed to evaluate and explain misclassifications, providing an information-rich evaluation scheme adaptable to any classifier.

Title: Fine-Grained Classification with Noisy Labels. (arXiv:2303.02404v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.02404
• Code URL: null
• Copy Paste: [[2303.02404] Fine-Grained Classification with Noisy Labels](http://arxiv.org/abs/2303.02404) #robust
• Summary:

  Learning with noisy labels (LNL) aims to ensure model generalization given a label-corrupted training set. In this work, we investigate a rarely studied scenario of LNL on fine-grained datasets (LNL-FG), which is more practical and challenging as large inter-class ambiguities among fine-grained classes cause more noisy labels. We empirically show that existing methods that work well for LNL fail to achieve satisfying performance for LNL-FG, arising the practical need of effective solutions for LNL-FG. To this end, we propose a novel framework called stochastic noise-tolerated supervised contrastive learning (SNSCL) that confronts label noise by encouraging distinguishable representation. Specifically, we design a noise-tolerated supervised contrastive learning loss that incorporates a weight-aware mechanism for noisy label correction and selectively updating momentum queue lists. By this mechanism, we mitigate the effects of noisy anchors and avoid inserting noisy labels into the momentum-updated queue. Besides, to avoid manually-defined augmentation strategies in contrastive learning, we propose an efficient stochastic module that samples feature embeddings from a generated distribution, which can also enhance the representation ability of deep models. SNSCL is general and compatible with prevailing robust LNL strategies to improve their performance for LNL-FG. Extensive experiments demonstrate the effectiveness of SNSCL.

Title: Comparative Studies of Unsupervised and Supervised Learning Methods based on Multimedia Applications. (arXiv:2303.02446v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.02446
• Code URL: null
• Copy Paste: [[2303.02446] Comparative Studies of Unsupervised and Supervised Learning Methods based on Multimedia Applications](http://arxiv.org/abs/2303.02446) #robust
• Summary:

  In the mobile communication field, some of the video applications boosted the interest of robust methods for video quality assessment. Out of all existing methods, We Preferred, No Reference Video Quality Assessment is the one which is most needed in situations where the handiness of reference video is partially available. Our research interest lies in formulating and melding effective features into one model based on human visualizing characteristics. Our work explores comparative study between Supervised and unsupervised learning methods. Therefore, we implemented support vector regression algorithm as NR-based Video Quality Metric(VQM) for quality estimation with simplified input features. We concluded that our proposed model exhibited sparseness even after dimension reduction for objective scores of SSIM quality metric.

Title: Self-tuning hyper-parameters for unsupervised cross-lingual tokenization. (arXiv:2303.02427v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2303.02427
• Code URL: null
• Copy Paste: [[2303.02427] Self-tuning hyper-parameters for unsupervised cross-lingual tokenization](http://arxiv.org/abs/2303.02427) #robust
• Summary:

  We explore the possibility of meta-learning for the language-independent unsupervised tokenization problem for English, Russian, and Chinese. We implement the meta-learning approach for automatic determination of hyper-parameters of the unsupervised tokenization model proposed in earlier works, relying on various human-independent fitness functions such as normalised anti-entropy, compression factor and cross-split F 1 score, as well as additive and multiplicative composite combinations of the three metrics, testing them against the conventional F1 tokenization score. We find a fairly good correlation between the latter and the additive combination of the former three metrics for English and Russian. In case of Chinese, we find a significant correlation between the F 1 score and the compression factor. Our results suggest the possibility of robust unsupervised tokenization of low-resource and dead languages and allow us to think about human languages in terms of the evolution of efficient symbolic communication codes with different structural optimisation schemes that have evolved in different human cultures.

Title: Traffic State Estimation with Anisotropic Gaussian Processes from Vehicle Trajectories. (arXiv:2303.02311v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2303.02311
• Code URL: null
• Copy Paste: [[2303.02311] Traffic State Estimation with Anisotropic Gaussian Processes from Vehicle Trajectories](http://arxiv.org/abs/2303.02311) #robust
• Summary:

  Accurately monitoring road traffic state and speed is crucial for various applications, including travel time prediction, traffic control, and traffic safety. However, the lack of sensors often results in incomplete traffic state data, making it challenging to obtain reliable information for decision-making. This paper proposes a novel method for imputing traffic state data using Gaussian processes (GP) to address this issue. We propose a kernel rotation re-parametrization scheme that transforms a standard isotropic GP kernel into an anisotropic kernel, which can better model the propagation of traffic waves in traffic flow data. This method can be applied to impute traffic state data from fixed sensors or probe vehicles. Moreover, the rotated GP method provides statistical uncertainty quantification for the imputed traffic state, making it more reliable. We also extend our approach to a multi-output GP, which allows for simultaneously estimating the traffic state for multiple lanes. We evaluate our method using real-world traffic data from the Next Generation simulation (NGSIM) and HighD programs. Considering current and future mixed traffic of connected vehicles (CVs) and human-driven vehicles (HVs), we experiment with the traffic state estimation scheme from 5% to 50% available trajectories, mimicking different CV penetration rates in a mixed traffic environment. Results show that our method outperforms state-of-the-art methods in terms of estimation accuracy, efficiency, and robustness.

Title: RoLNiP: Robust Learning Using Noisy Pairwise Comparisons. (arXiv:2303.02341v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2303.02341
• Code URL: null
• Copy Paste: [[2303.02341] RoLNiP: Robust Learning Using Noisy Pairwise Comparisons](http://arxiv.org/abs/2303.02341) #robust
• Summary:

  This paper presents a robust approach for learning from noisy pairwise comparisons. We propose sufficient conditions on the loss function under which the risk minimization framework becomes robust to noise in the pairwise similar dissimilar data. Our approach does not require the knowledge of noise rate in the uniform noise case. In the case of conditional noise, the proposed method depends on the noise rates. For such cases, we offer a provably correct approach for estimating the noise rates. Thus, we propose an end-to-end approach to learning robust classifiers in this setting. We experimentally show that the proposed approach RoLNiP outperforms the robust state-of-the-art methods for learning with noisy pairwise comparisons.

Title: Calibrating Transformers via Sparse Gaussian Processes. (arXiv:2303.02444v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2303.02444
• Code URL: https://github.com/chenw20/sgpa
• Copy Paste: [[2303.02444] Calibrating Transformers via Sparse Gaussian Processes](http://arxiv.org/abs/2303.02444) #robust
• Summary:

  Transformer models have achieved profound success in prediction tasks in a wide range of applications in natural language processing, speech recognition and computer vision. Extending Transformer's success to safety-critical domains requires calibrated uncertainty estimation which remains under-explored. To address this, we propose Sparse Gaussian Process attention (SGPA), which performs Bayesian inference directly in the output space of multi-head attention blocks (MHAs) in transformer to calibrate its uncertainty. It replaces the scaled dot-product operation with a valid symmetric kernel and uses sparse Gaussian processes (SGP) techniques to approximate the posterior processes of MHA outputs. Empirically, on a suite of prediction tasks on text, images and graphs, SGPA-based Transformers achieve competitive predictive accuracy, while noticeably improving both in-distribution calibration and out-of-distribution robustness and detection.

Title: Investigating Group Distributionally Robust Optimization for Deep Imbalanced Learning: A Case Study of Binary Tabular Data Classification. (arXiv:2303.02505v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2303.02505
• Code URL: null
• Copy Paste: [[2303.02505] Investigating Group Distributionally Robust Optimization for Deep Imbalanced Learning: A Case Study of Binary Tabular Data Classification](http://arxiv.org/abs/2303.02505) #robust
• Summary:

  One of the most studied machine learning challenges that recent studies have shown the susceptibility of deep neural networks to is the class imbalance problem. While concerted research efforts in this direction have been notable in recent years, findings have shown that the canonical learning objective, empirical risk minimization (ERM), is unable to achieve optimal imbalance learning in deep neural networks given its bias to the majority class. An alternative learning objective, group distributionally robust optimization (gDRO), is investigated in this study for imbalance learning, focusing on tabular imbalanced data as against image data that has dominated deep imbalance learning research. Contrary to minimizing average per instance loss as in ERM, gDRO seeks to minimize the worst group loss over the training data. Experimental findings in comparison with ERM and classical imbalance methods using four popularly used evaluation metrics in imbalance learning across several benchmark imbalance binary tabular data of varying imbalance ratios reveal impressive performance of gDRO, outperforming other compared methods in terms of g-mean and roc-auc.

biometric

steal

extraction

Title: X$^3$KD: Knowledge Distillation Across Modalities, Tasks and Stages for Multi-Camera 3D Object Detection. (arXiv:2303.02203v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.02203
• Code URL: null
• Copy Paste: [[2303.02203] X$^3$KD: Knowledge Distillation Across Modalities, Tasks and Stages for Multi-Camera 3D Object Detection](http://arxiv.org/abs/2303.02203) #extraction
• Summary:

  Recent advances in 3D object detection (3DOD) have obtained remarkably strong results for LiDAR-based models. In contrast, surround-view 3DOD models based on multiple camera images underperform due to the necessary view transformation of features from perspective view (PV) to a 3D world representation which is ambiguous due to missing depth information. This paper introduces X$^3$KD, a comprehensive knowledge distillation framework across different modalities, tasks, and stages for multi-camera 3DOD. Specifically, we propose cross-task distillation from an instance segmentation teacher (X-IS) in the PV feature extraction stage providing supervision without ambiguous error backpropagation through the view transformation. After the transformation, we apply cross-modal feature distillation (X-FD) and adversarial training (X-AT) to improve the 3D world representation of multi-camera features through the information contained in a LiDAR-based 3DOD teacher. Finally, we also employ this teacher for cross-modal output distillation (X-OD), providing dense supervision at the prediction stage. We perform extensive ablations of knowledge distillation at different stages of multi-camera 3DOD. Our final X$^3$KD model outperforms previous state-of-the-art approaches on the nuScenes and Waymo datasets and generalizes to RADAR-based 3DOD. Qualitative results video at https://youtu.be/1do9DPFmr38.

membership infer

federate

Title: Federated Virtual Learning on Heterogeneous Data with Local-global Distillation. (arXiv:2303.02278v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2303.02278
• Code URL: null
• Copy Paste: [[2303.02278] Federated Virtual Learning on Heterogeneous Data with Local-global Distillation](http://arxiv.org/abs/2303.02278) #federate
• Summary:

  Despite Federated Learning (FL)'s trend for learning machine learning models in a distributed manner, it is susceptible to performance drops when training on heterogeneous data. Recently, dataset distillation has been explored in order to improve the efficiency and scalability of FL by creating a smaller, synthetic dataset that retains the performance of a model trained on the local private datasets. We discover that using distilled local datasets can amplify the heterogeneity issue in FL. To address this, we propose a new method, called Federated Virtual Learning on Heterogeneous Data with Local-Global Distillation (FEDLGD), which trains FL using a smaller synthetic dataset (referred as virtual data) created through a combination of local and global distillation. Specifically, to handle synchronization and class imbalance, we propose iterative distribution matching to allow clients to have the same amount of balanced local virtual data; to harmonize the domain shifts, we use federated gradient matching to distill global virtual data that are shared with clients without hindering data privacy to rectify heterogeneous local training via enforcing local-global feature similarity. We experiment on both benchmark and real-world datasets that contain heterogeneous data from different sources. Our method outperforms state-of-the-art heterogeneous FL algorithms under the setting with a very limited amount of distilled virtual data.

Title: Federated Semi-Supervised Learning with Annotation Heterogeneity. (arXiv:2303.02445v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2303.02445
• Code URL: null
• Copy Paste: [[2303.02445] Federated Semi-Supervised Learning with Annotation Heterogeneity](http://arxiv.org/abs/2303.02445) #federate
• Summary:

  Federated Semi-Supervised Learning (FSSL) aims to learn a global model from different clients in an environment with both labeled and unlabeled data. Most of the existing FSSL work generally assumes that both types of data are available on each client. In this paper, we study a more general problem setup of FSSL with annotation heterogeneity, where each client can hold an arbitrary percentage (0%-100%) of labeled data. To this end, we propose a novel FSSL framework called Heterogeneously Annotated Semi-Supervised LEarning (HASSLE). Specifically, it is a dual-model framework with two models trained separately on labeled and unlabeled data such that it can be simply applied to a client with an arbitrary labeling percentage. Furthermore, a mutual learning strategy called Supervised-Unsupervised Mutual Alignment (SUMA) is proposed for the dual models within HASSLE with global residual alignment and model proximity alignment. Subsequently, the dual models can implicitly learn from both types of data across different clients, although each dual model is only trained locally on a single type of data. Experiments verify that the dual models in HASSLE learned by SUMA can mutually learn from each other, thereby effectively utilizing the information of both types of data across different clients.

fair

Title: Achieving Counterfactual Fairness for Anomaly Detection. (arXiv:2303.02318v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2303.02318
• Code URL: https://github.com/hanxiao0607/cfad
• Copy Paste: [[2303.02318] Achieving Counterfactual Fairness for Anomaly Detection](http://arxiv.org/abs/2303.02318) #fair
• Summary:

  Ensuring fairness in anomaly detection models has received much attention recently as many anomaly detection applications involve human beings. However, existing fair anomaly detection approaches mainly focus on association-based fairness notions. In this work, we target counterfactual fairness, which is a prevalent causation-based fairness notion. The goal of counterfactually fair anomaly detection is to ensure that the detection outcome of an individual in the factual world is the same as that in the counterfactual world where the individual had belonged to a different group. To this end, we propose a counterfactually fair anomaly detection (CFAD) framework which consists of two phases, counterfactual data generation and fair anomaly detection. Experimental results on a synthetic dataset and two real datasets show that CFAD can effectively detect anomalies as well as ensure counterfactual fairness.

interpretability

explainability

watermark

diffusion

Title: Diffusion Models Generate Images Like Painters: an Analytical Theory of Outline First, Details Later. (arXiv:2303.02490v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.02490
• Code URL: null
• Copy Paste: [[2303.02490] Diffusion Models Generate Images Like Painters: an Analytical Theory of Outline First, Details Later](http://arxiv.org/abs/2303.02490) #diffusion
• Summary:

  How do diffusion generative models convert pure noise into meaningful images? We argue that generation involves first committing to an outline, and then to finer and finer details. The corresponding reverse diffusion process can be modeled by dynamics on a (time-dependent) high-dimensional landscape full of Gaussian-like modes, which makes the following predictions: (i) individual trajectories tend to be very low-dimensional; (ii) scene elements that vary more within training data tend to emerge earlier; and (iii) early perturbations substantially change image content more often than late perturbations. We show that the behavior of a variety of trained unconditional and conditional diffusion models like Stable Diffusion is consistent with these predictions. Finally, we use our theory to search for the latent image manifold of diffusion models, and propose a new way to generate interpretable image variations. Our viewpoint suggests generation by GANs and diffusion models have unexpected similarities.