secure

Title: Secure Aggregation in Federated Learning is not Private: Leaking User Data at Large Scale through Model Modification. (arXiv:2303.12233v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2303.12233
• Code URL: null
• Copy Paste: [[2303.12233] Secure Aggregation in Federated Learning is not Private: Leaking User Data at Large Scale through Model Modification](http://arxiv.org/abs/2303.12233) #secure
• Summary:

  Security and privacy are important concerns in machine learning. End user devices often contain a wealth of data and this information is sensitive and should not be shared with servers or enterprises. As a result, federated learning was introduced to enable machine learning over large decentralized datasets while promising privacy by eliminating the need for data sharing. However, prior work has shown that shared gradients often contain private information and attackers can gain knowledge either through malicious modification of the architecture and parameters or by using optimization to approximate user data from the shared gradients. Despite this, most attacks have so far been limited in scale of number of clients, especially failing when client gradients are aggregated together using secure model aggregation. The attacks that still function are strongly limited in the number of clients attacked, amount of training samples they leak, or number of iterations they take to be trained. In this work, we introduce MANDRAKE, an attack that overcomes previous limitations to directly leak large amounts of client data even under secure aggregation across large numbers of clients. Furthermore, we break the anonymity of aggregation as the leaked data is identifiable and directly tied back to the clients they come from. We show that by sending clients customized convolutional parameters, the weight gradients of data points between clients will remain separate through aggregation. With an aggregation across many clients, prior work could only leak less than 1% of images. With the same number of non-zero parameters, and using only a single training iteration, MANDRAKE leaks 70-80% of data samples.

Title: Insecure by Design in the Backbone of Critical Infrastructure. (arXiv:2303.12340v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2303.12340
• Code URL: null
• Copy Paste: [[2303.12340] Insecure by Design in the Backbone of Critical Infrastructure](http://arxiv.org/abs/2303.12340) #secure
• Summary:

  We inspected 45 actively deployed Operational Technology (OT) product families from ten major vendors and found that every system suffers from at least one trivial vulnerability. We reported a total of 53 weaknesses, stemming from insecure by design practices or basic security design failures. They enable attackers to take a device offline, manipulate its operational parameters, and execute arbitrary code without any constraint. We discuss why vulnerable products are often security certified and appear to be more secure than they actually are, and we explain complicating factors of OT risk management.

Title: Risk-Based Authentication for OpenStack: A Fully Functional Implementation and Guiding Example. (arXiv:2303.12361v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2303.12361
• Code URL: null
• Copy Paste: [[2303.12361] Risk-Based Authentication for OpenStack: A Fully Functional Implementation and Guiding Example](http://arxiv.org/abs/2303.12361) #secure
• Summary:

  Online services have difficulties to replace passwords with more secure user authentication mechanisms, such as Two-Factor Authentication (2FA). This is partly due to the fact that users tend to reject such mechanisms in use cases outside of online banking. Relying on password authentication alone, however, is not an option in light of recent attack patterns such as credential stuffing.

Risk-Based Authentication (RBA) can serve as an interim solution to increase password-based account security until better methods are in place. Unfortunately, RBA is currently used by only a few major online services, even though it is recommended by various standards and has been shown to be effective in scientific studies. This paper contributes to the hypothesis that the low adoption of RBA in practice can be due to the complexity of implementing it. We provide an RBA implementation for the open source cloud management software OpenStack, which is the first fully functional open source RBA implementation based on the Freeman et al. algorithm, along with initial reference tests that can serve as a guiding example and blueprint for developers.

security

Title: Empirical Assessment of End-to-End Iris Recognition System Capacity. (arXiv:2303.12742v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12742
• Code URL: null
• Copy Paste: [[2303.12742] Empirical Assessment of End-to-End Iris Recognition System Capacity](http://arxiv.org/abs/2303.12742) #security
• Summary:

  Iris is an established modality in biometric recognition applications including consumer electronics, e-commerce, border security, forensics, and de-duplication of identity at a national scale. In light of the expanding usage of biometric recognition, identity clash (when templates from two different people match) is an imperative factor of consideration for a system's deployment. This study explores system capacity estimation by empirically estimating the constrained capacity of an end-to-end iris recognition system (NIR systems with Daugman-based feature extraction) operating at an acceptable error rate i.e. the number of subjects a system can resolve before encountering an error. We study the impact of six system parameters on an iris recognition system's constrained capacity -- number of enrolled identities, image quality, template dimension, random feature elimination, filter resolution, and system operating point. In our assessment, we analyzed 13.2 million comparisons from 5158 unique identities for each of 24 different system configurations. This work provides a framework to better understand iris recognition system capacity as a function of biometric system configurations beyond the operating point, for large-scale applications.

Title: Audio-Visual Deception Detection: DOLOS Dataset and Parameter-Efficient Crossmodal Learning. (arXiv:2303.12745v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12745
• Code URL: null
• Copy Paste: [[2303.12745] Audio-Visual Deception Detection: DOLOS Dataset and Parameter-Efficient Crossmodal Learning](http://arxiv.org/abs/2303.12745) #security
• Summary:

  Deception detection in conversations is a challenging yet important task, having pivotal applications in many fields such as credibility assessment in business, multimedia anti-frauds, and custom security. Despite this, deception detection research is hindered by the lack of high-quality deception datasets, as well as the difficulties of learning multimodal features effectively. To address this issue, we introduce DOLOS, the largest gameshow deception detection dataset with rich deceptive conversations. DOLOS includes 1,675 video clips featuring 213 subjects, and it has been labeled with audio-visual feature annotations. We provide train-test, duration, and gender protocols to investigate the impact of different factors. We benchmark our dataset on previously proposed deception detection approaches. To further improve the performance by fine-tuning fewer parameters, we propose Parameter-Efficient Crossmodal Learning (PECL), where a Uniform Temporal Adapter (UT-Adapter) explores temporal attention in transformer-based architectures, and a crossmodal fusion module, Plug-in Audio-Visual Fusion (PAVF), combines crossmodal information from audio-visual features. Based on the rich fine-grained audio-visual annotations on DOLOS, we also exploit multi-task learning to enhance performance by concurrently predicting deception and audio-visual features. Experimental results demonstrate the desired quality of the DOLOS dataset and the effectiveness of the PECL. The DOLOS dataset and the source codes will be publicly available soon.

Title: X-CANIDS: Signal-Aware Explainable Intrusion Detection System for Controller Area Network-Based In-Vehicle Network. (arXiv:2303.12278v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2303.12278
• Code URL: null
• Copy Paste: [[2303.12278] X-CANIDS: Signal-Aware Explainable Intrusion Detection System for Controller Area Network-Based In-Vehicle Network](http://arxiv.org/abs/2303.12278) #security
• Summary:

  Controller Area Network (CAN) is an essential networking protocol that connects multiple electronic control units (ECUs) in a vehicle. However, CAN-based in-vehicle networks (IVNs) face security risks owing to the CAN mechanisms. An adversary can sabotage a vehicle by leveraging the security risks if they can access the CAN bus. Thus, recent actions and cybersecurity regulations (e.g., UNR 155) require carmakers to implement intrusion detection systems (IDSs) in their vehicles. An IDS should detect cyberattacks and provide a forensic capability to analyze attacks. Although many IDSs have been proposed, considerations regarding their feasibility and explainability remain lacking. This study proposes X-CANIDS, which is a novel IDS for CAN-based IVNs. X-CANIDS dissects the payloads in CAN messages into human-understandable signals using a CAN database. The signals improve the intrusion detection performance compared with the use of bit representations of raw payloads. These signals also enable an understanding of which signal or ECU is under attack. X-CANIDS can detect zero-day attacks because it does not require any labeled dataset in the training phase. We confirmed the feasibility of the proposed method through a benchmark test on an automotive-grade embedded device with a GPU. The results of this work will be valuable to carmakers and researchers considering the installation of in-vehicle IDSs for their vehicles.

Title: AIIPot: Adaptive Intelligent-Interaction Honeypot for IoT Devices. (arXiv:2303.12367v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2303.12367
• Code URL: null
• Copy Paste: [[2303.12367] AIIPot: Adaptive Intelligent-Interaction Honeypot for IoT Devices](http://arxiv.org/abs/2303.12367) #security
• Summary:

  The proliferation of the Internet of Things (IoT) has raised concerns about the security of connected devices. There is a need to develop suitable and cost-efficient methods to identify vulnerabilities in IoT devices in order to address them before attackers seize opportunities to compromise them. The deception technique is a prominent approach to improving the security posture of IoT systems. Honeypot is a popular deception technique that mimics interaction in real fashion and encourages unauthorised users (attackers) to launch attacks. Due to the large number and the heterogeneity of IoT devices, manually crafting the low and high-interaction honeypots is not affordable. This has forced researchers to seek innovative ways to build honeypots for IoT devices. In this paper, we propose a honeypot for IoT devices that uses machine learning techniques to learn and interact with attackers automatically. The evaluation of the proposed model indicates that our system can improve the session length with attackers and capture more attacks on the IoT network.

Title: A survey of hardware-based malware detection approach. (arXiv:2303.12525v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2303.12525
• Code URL: null
• Copy Paste: [[2303.12525] A survey of hardware-based malware detection approach](http://arxiv.org/abs/2303.12525) #security
• Summary:

  Malware is the most significant threat to computer security. This paper aims to overview the malware detection field, focusing on the recent and promising hardware-based approach. This approach leverages the Hardware Performance Counters already available in modern processors and the power of Machine Learning, offering attractive advantages like resilience to disabling the protection, resilience to unknown malware, low complexity/overhead/cost, and run-time detection. The approach is deeply analyzed in light of a generic hardware-based detection framework. Some challenges related to the approach are presented: the necessary accuracy improvements, how to deal with the classification error, better correlating the hardware events behavior with the malware, and essential improvements on the hardware performance monitor.

Title: BlockChain and Decentralized Apps. (arXiv:2303.12536v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2303.12536
• Code URL: null
• Copy Paste: [[2303.12536] BlockChain and Decentralized Apps](http://arxiv.org/abs/2303.12536) #security
• Summary:

  Blockchain, the backbone of Bitcoin, has recently gained a lot of attention. Blockchain functions as an immutable record that enables decentralized transactions. Blockchain-based applications are sprouting up in a variety of industries, including financial services, reputation systems, and the Internet of Things (IoT), among others. However, many hurdles of blockchain technology, including scalability and security issues, have to be overcome. Many industries, including finance, medicine, manufacturing, and education, use blockchain applications to capitalize on this technology's unique set of properties. Blockchain technology (BT) has the potential to improve trustworthiness, collaboration, organization, identity, credibility, and transparency. We provide an overview of blockchain architecture, various different kinds of blockchain as well as information about the Decentralized apps which are also known as Dapps. This paper provides an in-depth look at blockchain technology

privacy

Title: Exploring the Benefits of Visual Prompting in Differential Privacy. (arXiv:2303.12247v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12247
• Code URL: null
• Copy Paste: [[2303.12247] Exploring the Benefits of Visual Prompting in Differential Privacy](http://arxiv.org/abs/2303.12247) #privacy
• Summary:

  Visual Prompting (VP) is an emerging and powerful technique that allows sample-efficient adaptation to downstream tasks by engineering a well-trained frozen source model. In this work, we explore the benefits of VP in constructing compelling neural network classifiers with differential privacy (DP). We explore and integrate VP into canonical DP training methods and demonstrate its simplicity and efficiency. In particular, we discover that VP in tandem with PATE, a state-of-the-art DP training method that leverages the knowledge transfer from an ensemble of teachers, achieves the state-of-the-art privacy-utility trade-off with minimum expenditure of privacy budget. Moreover, we conduct additional experiments on cross-domain image classification with a sufficient domain gap to further unveil the advantage of VP in DP. Lastly, we also conduct extensive ablation studies to validate the effectiveness and contribution of VP under DP consideration.

Title: On-Device Unsupervised Image Segmentation. (arXiv:2303.12753v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12753
• Code URL: null
• Copy Paste: [[2303.12753] On-Device Unsupervised Image Segmentation](http://arxiv.org/abs/2303.12753) #privacy
• Summary:

  Along with the breakthrough of convolutional neural networks, learning-based segmentation has emerged in many research works. Most of them are based on supervised learning, requiring plenty of annotated data; however, to support segmentation, a label for each pixel is required, which is obviously expensive. As a result, the issue of lacking annotated segmentation data commonly exists. Continuous learning is a promising way to deal with this issue; however, it still has high demands on human labor for annotation. What's more, privacy is highly required in segmentation data for real-world applications, which further calls for on-device learning. In this paper, we aim to resolve the above issue in an alternative way: Instead of supervised segmentation, we propose to develop efficient unsupervised segmentation that can be executed on edge devices. Based on our observation that segmentation can obtain high performance when pixels are mapped to a high-dimension space, we for the first time bring brain-inspired hyperdimensional computing (HDC) to the segmentation task. We build the HDC-based unsupervised segmentation framework, namely "SegHDC". In SegHDC, we devise a novel encoding approach that follows the Manhattan distance. A clustering algorithm is further developed on top of the encoded high-dimension vectors to obtain segmentation results. Experimental results show SegHDC can significantly surpass neural network-based unsupervised segmentation. On a standard segmentation dataset, DSB2018, SegHDC can achieve a 28.0% improvement in Intersection over Union (IoU) score; meanwhile, it achieves over 300x speedup on Raspberry PI. What's more, for a larger size image in the BBBC005 dataset, the existing approach cannot be accommodated to Raspberry PI due to out of memory; on the other hand, SegHDC can obtain segmentation results within 3 minutes while achieving a 0.9587 IoU score.

Title: Man vs the machine: The Struggle for Effective Text Anonymisation in the Age of Large Language Models. (arXiv:2303.12429v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2303.12429
• Code URL: null
• Copy Paste: [[2303.12429] Man vs the machine: The Struggle for Effective Text Anonymisation in the Age of Large Language Models](http://arxiv.org/abs/2303.12429) #privacy
• Summary:

  The collection and use of personal data are becoming more common in today's data-driven culture. While there are many advantages to this, including better decision-making and service delivery, it also poses significant ethical issues around confidentiality and privacy. Text anonymisation tries to prune and/or mask identifiable information from a text while keeping the remaining content intact to alleviate privacy concerns. Text anonymisation is especially important in industries like healthcare, law, as well as research, where sensitive and personal information is collected, processed, and exchanged under high legal and ethical standards.

Although text anonymization is widely adopted in practice, it continues to face considerable challenges. The most significant challenge is striking a balance between removing information to protect individuals' privacy while maintaining the text's usability for future purposes. The question is whether these anonymisation methods sufficiently reduce the risk of re-identification, in which an individual can be identified based on the remaining information in the text.

In this work, we challenge the effectiveness of these methods and how we perceive identifiers. We assess the efficacy of these methods against the elephant in the room, the use of AI over big data. While most of the research is focused on identifying and removing personal information, there is limited discussion on whether the remaining information is sufficient to deanonymise individuals and, more precisely, who can do it. To this end, we conduct an experiment using GPT over anonymised texts of famous people to determine whether such trained networks can deanonymise them. The latter allows us to revise these methods and introduce a novel methodology that employs Large Language Models to improve the anonymity of texts.

protect

Title: Edge Deep Learning Model Protection via Neuron Authorization. (arXiv:2303.12397v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2303.12397
• Code URL: https://github.com/leon022/edgepro
• Copy Paste: [[2303.12397] Edge Deep Learning Model Protection via Neuron Authorization](http://arxiv.org/abs/2303.12397) #protect
• Summary:

  With the development of deep learning processors and accelerators, deep learning models have been widely deployed on edge devices as part of the Internet of Things. Edge device models are generally considered as valuable intellectual properties that are worth for careful protection. Unfortunately, these models have a great risk of being stolen or illegally copied. The existing model protections using encryption algorithms are suffered from high computation overhead which is not practical due to the limited computing capacity on edge devices. In this work, we propose a light-weight, practical, and general Edge device model Pro tection method at neuron level, denoted as EdgePro. Specifically, we select several neurons as authorization neurons and set their activation values to locking values and scale the neuron outputs as the "asswords" during training. EdgePro protects the model by ensuring it can only work correctly when the "passwords" are met, at the cost of encrypting and storing the information of the "passwords" instead of the whole model. Extensive experimental results indicate that EdgePro can work well on the task of protecting on datasets with different modes. The inference time increase of EdgePro is only 60% of state-of-the-art methods, and the accuracy loss is less than 1%. Additionally, EdgePro is robust against adaptive attacks including fine-tuning and pruning, which makes it more practical in real-world applications. EdgePro is also open sourced to facilitate future research: https://github.com/Leon022/Edg

defense

Title: Black-box Backdoor Defense via Zero-shot Image Purification. (arXiv:2303.12175v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12175
• Code URL: null
• Copy Paste: [[2303.12175] Black-box Backdoor Defense via Zero-shot Image Purification](http://arxiv.org/abs/2303.12175) #defense
• Summary:

  Backdoor attacks inject poisoned data into the training set, resulting in misclassification of the poisoned samples during model inference. Defending against such attacks is challenging, especially in real-world black-box settings where only model predictions are available. In this paper, we propose a novel backdoor defense framework that can effectively defend against various attacks through zero-shot image purification (ZIP). Our proposed framework can be applied to black-box models without requiring any internal information about the poisoned model or any prior knowledge of the clean/poisoned samples. Our defense framework involves a two-step process. First, we apply a linear transformation on the poisoned image to destroy the trigger pattern. Then, we use a pre-trained diffusion model to recover the missing semantic information removed by the transformation. In particular, we design a new reverse process using the transformed image to guide the generation of high-fidelity purified images, which can be applied in zero-shot settings. We evaluate our ZIP backdoor defense framework on multiple datasets with different kinds of attacks. Experimental results demonstrate the superiority of our ZIP framework compared to state-of-the-art backdoor defense baselines. We believe that our results will provide valuable insights for future defense methods for black-box models.

Title: Fundamentals of Generative Large Language Models and Perspectives in Cyber-Defense. (arXiv:2303.12132v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2303.12132
• Code URL: null
• Copy Paste: [[2303.12132] Fundamentals of Generative Large Language Models and Perspectives in Cyber-Defense](http://arxiv.org/abs/2303.12132) #defense
• Summary:

  Generative Language Models gained significant attention in late 2022 / early 2023, notably with the introduction of models refined to act consistently with users' expectations of interactions with AI (conversational models). Arguably the focal point of public attention has been such a refinement of the GPT3 model -- the ChatGPT and its subsequent integration with auxiliary capabilities, including search as part of Microsoft Bing. Despite extensive prior research invested in their development, their performance and applicability to a range of daily tasks remained unclear and niche. However, their wider utilization without a requirement for technical expertise, made in large part possible through conversational fine-tuning, revealed the extent of their true capabilities in a real-world environment. This has garnered both public excitement for their potential applications and concerns about their capabilities and potential malicious uses. This review aims to provide a brief overview of the history, state of the art, and implications of Generative Language Models in terms of their principles, abilities, limitations, and future prospects -- especially in the context of cyber-defense, with a focus on the Swiss operational environment.

Title: Wasserstein Adversarial Examples on Univariant Time Series Data. (arXiv:2303.12357v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2303.12357
• Code URL: null
• Copy Paste: [[2303.12357] Wasserstein Adversarial Examples on Univariant Time Series Data](http://arxiv.org/abs/2303.12357) #defense
• Summary:

  Adversarial examples are crafted by adding indistinguishable perturbations to normal examples in order to fool a well-trained deep learning model to misclassify. In the context of computer vision, this notion of indistinguishability is typically bounded by $L_{\infty}$ or other norms. However, these norms are not appropriate for measuring indistinguishiability for time series data. In this work, we propose adversarial examples in the Wasserstein space for time series data for the first time and utilize Wasserstein distance to bound the perturbation between normal examples and adversarial examples. We introduce Wasserstein projected gradient descent (WPGD), an adversarial attack method for perturbing univariant time series data. We leverage the closed-form solution of Wasserstein distance in the 1D space to calculate the projection step of WPGD efficiently with the gradient descent method. We further propose a two-step projection so that the search of adversarial examples in the Wasserstein space is guided and constrained by Euclidean norms to yield more effective and imperceptible perturbations. We empirically evaluate the proposed attack on several time series datasets in the healthcare domain. Extensive results demonstrate that the Wasserstein attack is powerful and can successfully attack most of the target classifiers with a high attack success rate. To better study the nature of Wasserstein adversarial example, we evaluate a strong defense mechanism named Wasserstein smoothing for potential certified robustness defense. Although the defense can achieve some accuracy gain, it still has limitations in many cases and leaves space for developing a stronger certified robustness method to Wasserstein adversarial examples on univariant time series data.

attack

Title: State-of-the-art optical-based physical adversarial attacks for deep learning computer vision systems. (arXiv:2303.12249v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12249
• Code URL: null
• Copy Paste: [[2303.12249] State-of-the-art optical-based physical adversarial attacks for deep learning computer vision systems](http://arxiv.org/abs/2303.12249) #attack
• Summary:

  Adversarial attacks can mislead deep learning models to make false predictions by implanting small perturbations to the original input that are imperceptible to the human eye, which poses a huge security threat to the computer vision systems based on deep learning. Physical adversarial attacks, which is more realistic, as the perturbation is introduced to the input before it is being captured and converted to a binary image inside the vision system, when compared to digital adversarial attacks. In this paper, we focus on physical adversarial attacks and further classify them into invasive and non-invasive. Optical-based physical adversarial attack techniques (e.g. using light irradiation) belong to the non-invasive category. As the perturbations can be easily ignored by humans as the perturbations are very similar to the effects generated by a natural environment in the real world. They are highly invisibility and executable and can pose a significant or even lethal threats to real systems. This paper focuses on optical-based physical adversarial attack techniques for computer vision systems, with emphasis on the introduction and discussion of optical-based physical adversarial attack techniques.

Title: Sibling-Attack: Rethinking Transferable Adversarial Attacks against Face Recognition. (arXiv:2303.12512v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12512
• Code URL: null
• Copy Paste: [[2303.12512] Sibling-Attack: Rethinking Transferable Adversarial Attacks against Face Recognition](http://arxiv.org/abs/2303.12512) #attack
• Summary:

  A hard challenge in developing practical face recognition (FR) attacks is due to the black-box nature of the target FR model, i.e., inaccessible gradient and parameter information to attackers. While recent research took an important step towards attacking black-box FR models through leveraging transferability, their performance is still limited, especially against online commercial FR systems that can be pessimistic (e.g., a less than 50% ASR--attack success rate on average). Motivated by this, we present Sibling-Attack, a new FR attack technique for the first time explores a novel multi-task perspective (i.e., leveraging extra information from multi-correlated tasks to boost attacking transferability). Intuitively, Sibling-Attack selects a set of tasks correlated with FR and picks the Attribute Recognition (AR) task as the task used in Sibling-Attack based on theoretical and quantitative analysis. Sibling-Attack then develops an optimization framework that fuses adversarial gradient information through (1) constraining the cross-task features to be under the same space, (2) a joint-task meta optimization framework that enhances the gradient compatibility among tasks, and (3) a cross-task gradient stabilization method which mitigates the oscillation effect during attacking. Extensive experiments demonstrate that Sibling-Attack outperforms state-of-the-art FR attack techniques by a non-trivial margin, boosting ASR by 12.61% and 55.77% on average on state-of-the-art pre-trained FR models and two well-known, widely used commercial FR systems.

Title: Evaluating the Role of Target Arguments in Rumour Stance Classification. (arXiv:2303.12665v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2303.12665
• Code URL: null
• Copy Paste: [[2303.12665] Evaluating the Role of Target Arguments in Rumour Stance Classification](http://arxiv.org/abs/2303.12665) #attack
• Summary:

  Considering a conversation thread, stance classification aims to identify the opinion (e.g. agree or disagree) of replies towards a given target. The target of the stance is expected to be an essential component in this task, being one of the main factors that make it different from sentiment analysis. However, a recent study shows that a target-oblivious model outperforms target-aware models, suggesting that targets are not useful when predicting stance. This paper re-examines this phenomenon for rumour stance classification (RSC) on social media, where a target is a rumour story implied by the source tweet in the conversation. We propose adversarial attacks in the test data, aiming to assess the models robustness and evaluate the role of the data in the models performance. Results show that state-of-the-art models, including approaches that use the entire conversation thread, overly relying on superficial signals. Our hypothesis is that the naturally high occurrence of target-independent direct replies in RSC (e.g. "this is fake" or just "fake") results in the impressive performance of target-oblivious models, highlighting the risk of target instances being treated as noise during training.

Title: Revisiting DeepFool: generalization and improvement. (arXiv:2303.12481v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2303.12481
• Code URL: https://github.com/alirezaabdollahpour/superdeepfool
• Copy Paste: [[2303.12481] Revisiting DeepFool: generalization and improvement](http://arxiv.org/abs/2303.12481) #attack
• Summary:

  Deep neural networks have been known to be vulnerable to adversarial examples, which are inputs that are modified slightly to fool the network into making incorrect predictions. This has led to a significant amount of research on evaluating the robustness of these networks against such perturbations. One particularly important robustness metric is the robustness to minimal l2 adversarial perturbations. However, existing methods for evaluating this robustness metric are either computationally expensive or not very accurate. In this paper, we introduce a new family of adversarial attacks that strike a balance between effectiveness and computational efficiency. Our proposed attacks are generalizations of the well-known DeepFool (DF) attack, while they remain simple to understand and implement. We demonstrate that our attacks outperform existing methods in terms of both effectiveness and computational efficiency. Our proposed attacks are also suitable for evaluating the robustness of large models and can be used to perform adversarial training (AT) to achieve state-of-the-art robustness to minimal l2 adversarial perturbations.

Title: Do Backdoors Assist Membership Inference Attacks?. (arXiv:2303.12589v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2303.12589
• Code URL: null
• Copy Paste: [[2303.12589] Do Backdoors Assist Membership Inference Attacks?](http://arxiv.org/abs/2303.12589) #attack
• Summary:

  When an adversary provides poison samples to a machine learning model, privacy leakage, such as membership inference attacks that infer whether a sample was included in the training of the model, becomes effective by moving the sample to an outlier. However, the attacks can be detected because inference accuracy deteriorates due to poison samples. In this paper, we discuss a \textit{backdoor-assisted membership inference attack}, a novel membership inference attack based on backdoors that return the adversary's expected output for a triggered sample. We found three crucial insights through experiments with an academic benchmark dataset. We first demonstrate that the backdoor-assisted membership inference attack is unsuccessful. Second, when we analyzed loss distributions to understand the reason for the unsuccessful results, we found that backdoors cannot separate loss distributions of training and non-training samples. In other words, backdoors cannot affect the distribution of clean samples. Third, we also show that poison and triggered samples activate neurons of different distributions. Specifically, backdoors make any clean sample an inlier, contrary to poisoning samples. As a result, we confirm that backdoors cannot assist membership inference.

Title: LoadLord: Loading on the Fly to Defend Against Code-Reuse Attacks. (arXiv:2303.12612v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2303.12612
• Code URL: null
• Copy Paste: [[2303.12612] LoadLord: Loading on the Fly to Defend Against Code-Reuse Attacks](http://arxiv.org/abs/2303.12612) #attack
• Summary:

  Code-reuse attacks have become a kind of common attack method, in which attackers use the existing code in the program to hijack the control flow. Most existing defenses focus on control flow integrity (CFI), code randomization, and software debloating. However, most fine-grained schemes of those that ensure such high security suffer from significant performance overhead, and only reduce attack surfaces such as software debloating can not defend against code-reuse attacks completely. In this paper, from the perspective of shrinking the available code space at runtime, we propose LoadLord, which dynamically loads, and timely unloads functions during program running to defend against code-reuse attacks. LoadLord can reduce the number of gadgets in memory, especially high-risk gadgets. Moreover, LoadLord ensures the control flow integrity of the loading process and breaks the necessary conditions to build a gadget chain. We implemented LoadLord on Linux operating system and experimented that when limiting only 1/16 of the original function. As a result, LoadLord can defend against code-reuse attacks and has an average runtime overhead of 1.7% on the SPEC CPU 2006, reducing gadgets by 94.02%.

robust

Title: MAIR: Multi-view Attention Inverse Rendering with 3D Spatially-Varying Lighting Estimation. (arXiv:2303.12368v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12368
• Code URL: null
• Copy Paste: [[2303.12368] MAIR: Multi-view Attention Inverse Rendering with 3D Spatially-Varying Lighting Estimation](http://arxiv.org/abs/2303.12368) #robust
• Summary:

  We propose a scene-level inverse rendering framework that uses multi-view images to decompose the scene into geometry, a SVBRDF, and 3D spatially-varying lighting. Because multi-view images provide a variety of information about the scene, multi-view images in object-level inverse rendering have been taken for granted. However, owing to the absence of multi-view HDR synthetic dataset, scene-level inverse rendering has mainly been studied using single-view image. We were able to successfully perform scene-level inverse rendering using multi-view images by expanding OpenRooms dataset and designing efficient pipelines to handle multi-view images, and splitting spatially-varying lighting. Our experiments show that the proposed method not only achieves better performance than single-view-based methods, but also achieves robust performance on unseen real-world scene. Also, our sophisticated 3D spatially-varying lighting volume allows for photorealistic object insertion in any 3D location.

Title: Rigidity-Aware Detection for 6D Object Pose Estimation. (arXiv:2303.12396v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12396
• Code URL: null
• Copy Paste: [[2303.12396] Rigidity-Aware Detection for 6D Object Pose Estimation](http://arxiv.org/abs/2303.12396) #robust
• Summary:

  Most recent 6D object pose estimation methods first use object detection to obtain 2D bounding boxes before actually regressing the pose. However, the general object detection methods they use are ill-suited to handle cluttered scenes, thus producing poor initialization to the subsequent pose network. To address this, we propose a rigidity-aware detection method exploiting the fact that, in 6D pose estimation, the target objects are rigid. This lets us introduce an approach to sampling positive object regions from the entire visible object area during training, instead of naively drawing samples from the bounding box center where the object might be occluded. As such, every visible object part can contribute to the final bounding box prediction, yielding better detection robustness. Key to the success of our approach is a visibility map, which we propose to build using a minimum barrier distance between every pixel in the bounding box and the box boundary. Our results on seven challenging 6D pose estimation datasets evidence that our method outperforms general detection frameworks by a large margin. Furthermore, combined with a pose regression network, we obtain state-of-the-art pose estimation results on the challenging BOP benchmark.

Title: BiCro: Noisy Correspondence Rectification for Multi-modality Data via Bi-directional Cross-modal Similarity Consistency. (arXiv:2303.12419v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12419
• Code URL: https://github.com/xu5zhao/bicro
• Copy Paste: [[2303.12419] BiCro: Noisy Correspondence Rectification for Multi-modality Data via Bi-directional Cross-modal Similarity Consistency](http://arxiv.org/abs/2303.12419) #robust
• Summary:

  As one of the most fundamental techniques in multimodal learning, cross-modal matching aims to project various sensory modalities into a shared feature space. To achieve this, massive and correctly aligned data pairs are required for model training. However, unlike unimodal datasets, multimodal datasets are extremely harder to collect and annotate precisely. As an alternative, the co-occurred data pairs (e.g., image-text pairs) collected from the Internet have been widely exploited in the area. Unfortunately, the cheaply collected dataset unavoidably contains many mismatched data pairs, which have been proven to be harmful to the model's performance. To address this, we propose a general framework called BiCro (Bidirectional Cross-modal similarity consistency), which can be easily integrated into existing cross-modal matching models and improve their robustness against noisy data. Specifically, BiCro aims to estimate soft labels for noisy data pairs to reflect their true correspondence degree. The basic idea of BiCro is motivated by that -- taking image-text matching as an example -- similar images should have similar textual descriptions and vice versa. Then the consistency of these two similarities can be recast as the estimated soft labels to train the matching model. The experiments on three popular cross-modal matching datasets demonstrate that our method significantly improves the noise-robustness of various matching models, and surpass the state-of-the-art by a clear margin.

Title: MEDIMP: Medical Images and Prompts for renal transplant representation learning. (arXiv:2303.12445v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12445
• Code URL: https://github.com/leomlck/medimp
• Copy Paste: [[2303.12445] MEDIMP: Medical Images and Prompts for renal transplant representation learning](http://arxiv.org/abs/2303.12445) #robust
• Summary:

  Renal transplantation emerges as the most effective solution for end-stage renal disease. Occurring from complex causes, a substantial risk of transplant chronic dysfunction persists and may lead to graft loss. Medical imaging plays a substantial role in renal transplant monitoring in clinical practice. However, graft supervision is multi-disciplinary, notably joining nephrology, urology, and radiology, while identifying robust biomarkers from such high-dimensional and complex data for prognosis is challenging. In this work, taking inspiration from the recent success of Large Language Models (LLMs), we propose MEDIMP -- Medical Images and Prompts -- a model to learn meaningful multi-modal representations of renal transplant Dynamic Contrast-Enhanced Magnetic Resonance Imaging (DCE MRI) by incorporating structural clinicobiological data after translating them into text prompts. MEDIMP is based on contrastive learning from joint text-image paired embeddings to perform this challenging task. Moreover, we propose a framework that generates medical prompts using automatic textual data augmentations from LLMs. Our goal is to learn meaningful manifolds of renal transplant DCE MRI, interesting for the prognosis of the transplant or patient status (2, 3, and 4 years after the transplant), fully exploiting the available multi-modal data in the most efficient way. Extensive experiments and comparisons with other renal transplant representation learning methods with limited data prove the effectiveness of MEDIMP in a relevant clinical setting, giving new directions toward medical prompts. Our code is available at https://github.com/leomlck/MEDIMP.

Title: Reliable and Efficient Evaluation of Adversarial Robustness for Deep Hashing-Based Retrieval. (arXiv:2303.12658v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12658
• Code URL: null
• Copy Paste: [[2303.12658] Reliable and Efficient Evaluation of Adversarial Robustness for Deep Hashing-Based Retrieval](http://arxiv.org/abs/2303.12658) #robust
• Summary:

  Deep hashing has been extensively applied to massive image retrieval due to its efficiency and effectiveness. Recently, several adversarial attacks have been presented to reveal the vulnerability of deep hashing models against adversarial examples. However, existing attack methods suffer from degraded performance or inefficiency because they underutilize the semantic relations between original samples or spend a lot of time learning these relations with a deep neural network. In this paper, we propose a novel Pharos-guided Attack, dubbed PgA, to evaluate the adversarial robustness of deep hashing networks reliably and efficiently. Specifically, we design pharos code to represent the semantics of the benign image, which preserves the similarity to semantically relevant samples and dissimilarity to irrelevant ones. It is proven that we can quickly calculate the pharos code via a simple math formula. Accordingly, PgA can directly conduct a reliable and efficient attack on deep hashing-based retrieval by maximizing the similarity between the hash code of the adversarial example and the pharos code. Extensive experiments on the benchmark datasets verify that the proposed algorithm outperforms the prior state-of-the-arts in both attack strength and speed.

Title: Toward Polar Sea-Ice Classification using Color-based Segmentation and Auto-labeling of Sentinel-2 Imagery to Train an Efficient Deep Learning Model. (arXiv:2303.12719v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12719
• Code URL: null
• Copy Paste: [[2303.12719] Toward Polar Sea-Ice Classification using Color-based Segmentation and Auto-labeling of Sentinel-2 Imagery to Train an Efficient Deep Learning Model](http://arxiv.org/abs/2303.12719) #robust
• Summary:

  Global warming is an urgent issue that is generating catastrophic environmental changes, such as the melting of sea ice and glaciers, particularly in the polar regions. The melting pattern and retreat of polar sea ice cover is an essential indicator of global warming. The Sentinel-2 satellite (S2) captures high-resolution optical imagery over the polar regions. This research aims at developing a robust and effective system for classifying polar sea ice as thick or snow-covered, young or thin, or open water using S2 images. A key challenge is the lack of labeled S2 training data to serve as the ground truth. We demonstrate a method with high precision to segment and automatically label the S2 images based on suitably determined color thresholds and employ these auto-labeled data to train a U-Net machine model (a fully convolutional neural network), yielding good classification accuracy. Evaluation results over S2 data from the polar summer season in the Ross Sea region of the Antarctic show that the U-Net model trained on auto-labeled data has an accuracy of 90.18% over the original S2 images, whereas the U-Net model trained on manually labeled data has an accuracy of 91.39%. Filtering out the thin clouds and shadows from the S2 images further improves U-Net's accuracy, respectively, to 98.97% for auto-labeled and 98.40% for manually labeled training datasets.

Title: AdaOPC: A Self-Adaptive Mask Optimization Framework For Real Design Patterns. (arXiv:2303.12723v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12723
• Code URL: null
• Copy Paste: [[2303.12723] AdaOPC: A Self-Adaptive Mask Optimization Framework For Real Design Patterns](http://arxiv.org/abs/2303.12723) #robust
• Summary:

  Optical proximity correction (OPC) is a widely-used resolution enhancement technique (RET) for printability optimization. Recently, rigorous numerical optimization and fast machine learning are the research focus of OPC in both academia and industry, each of which complements the other in terms of robustness or efficiency. We inspect the pattern distribution on a design layer and find that different sub-regions have different pattern complexity. Besides, we also find that many patterns repetitively appear in the design layout, and these patterns may possibly share optimized masks. We exploit these properties and propose a self-adaptive OPC framework to improve efficiency. Firstly we choose different OPC solvers adaptively for patterns of different complexity from an extensible solver pool to reach a speed/accuracy co-optimization. Apart from that, we prove the feasibility of reusing optimized masks for repeated patterns and hence, build a graph-based dynamic pattern library reusing stored masks to further speed up the OPC flow. Experimental results show that our framework achieves substantial improvement in both performance and efficiency.

Title: Learning to Transfer In-Hand Manipulations Using a Greedy Shape Curriculum. (arXiv:2303.12726v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12726
• Code URL: null
• Copy Paste: [[2303.12726] Learning to Transfer In-Hand Manipulations Using a Greedy Shape Curriculum](http://arxiv.org/abs/2303.12726) #robust
• Summary:

  In-hand object manipulation is challenging to simulate due to complex contact dynamics, non-repetitive finger gaits, and the need to indirectly control unactuated objects. Further adapting a successful manipulation skill to new objects with different shapes and physical properties is a similarly challenging problem. In this work, we show that natural and robust in-hand manipulation of simple objects in a dynamic simulation can be learned from a high quality motion capture example via deep reinforcement learning with careful designs of the imitation learning problem. We apply our approach on both single-handed and two-handed dexterous manipulations of diverse object shapes and motions. We then demonstrate further adaptation of the example motion to a more complex shape through curriculum learning on intermediate shapes morphed between the source and target object. While a naive curriculum of progressive morphs often falls short, we propose a simple greedy curriculum search algorithm that can successfully apply to a range of objects such as a teapot, bunny, bottle, train, and elephant.

Title: LocalEyenet: Deep Attention framework for Localization of Eyes. (arXiv:2303.12728v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12728
• Code URL: null
• Copy Paste: [[2303.12728] LocalEyenet: Deep Attention framework for Localization of Eyes](http://arxiv.org/abs/2303.12728) #robust
• Summary:

  Development of human machine interface has become a necessity for modern day machines to catalyze more autonomy and more efficiency. Gaze driven human intervention is an effective and convenient option for creating an interface to alleviate human errors. Facial landmark detection is very crucial for designing a robust gaze detection system. Regression based methods capacitate good spatial localization of the landmarks corresponding to different parts of the faces. But there are still scope of improvements which have been addressed by incorporating attention.

In this paper, we have proposed a deep coarse-to-fine architecture called LocalEyenet for localization of only the eye regions that can be trained end-to-end. The model architecture, build on stacked hourglass backbone, learns the self-attention in feature maps which aids in preserving global as well as local spatial dependencies in face image. We have incorporated deep layer aggregation in each hourglass to minimize the loss of attention over the depth of architecture. Our model shows good generalization ability in cross-dataset evaluation and in real-time localization of eyes.

Title: DPPMask: Masked Image Modeling with Determinantal Point Processes. (arXiv:2303.12736v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12736
• Code URL: null
• Copy Paste: [[2303.12736] DPPMask: Masked Image Modeling with Determinantal Point Processes](http://arxiv.org/abs/2303.12736) #robust
• Summary:

  Masked Image Modeling (MIM) has achieved impressive representative performance with the aim of reconstructing randomly masked images. Despite the empirical success, most previous works have neglected the important fact that it is unreasonable to force the model to reconstruct something beyond recovery, such as those masked objects. In this work, we show that uniformly random masking widely used in previous works unavoidably loses some key objects and changes original semantic information, resulting in a misalignment problem and hurting the representative learning eventually. To address this issue, we augment MIM with a new masking strategy namely the DPPMask by substituting the random process with Determinantal Point Process (DPPs) to reduce the semantic change of the image after masking. Our method is simple yet effective and requires no extra learnable parameters when implemented within various frameworks. In particular, we evaluate our method on two representative MIM frameworks, MAE and iBOT. We show that DPPMask surpassed random sampling under both lower and higher masking ratios, indicating that DPPMask makes the reconstruction task more reasonable. We further test our method on the background challenge and multi-class classification tasks, showing that our method is more robust at various tasks.

Title: A Method for Automatically Animating Children's Drawings of the Human Figure. (arXiv:2303.12741v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12741
• Code URL: null
• Copy Paste: [[2303.12741] A Method for Automatically Animating Children's Drawings of the Human Figure](http://arxiv.org/abs/2303.12741) #robust
• Summary:

  Children's drawings have a wonderful inventiveness, creativity, and variety to them. We present a system that automatically animates children's drawings of the human figure, is robust to the variance inherent in these depictions, and is simple and straightforward enough for anyone to use. We demonstrate the value and broad appeal of our approach by building and releasing the Animated Drawings Demo, a freely available public website that has been used by millions of people around the world. We present a set of experiments exploring the amount of training data needed for fine-tuning, as well as a perceptual study demonstrating the appeal of a novel "twisted perspective" retargeting technique. Finally, we introduce the Amateur Drawings Dataset, a first-of-its-kind annotated dataset, collected via the public demo, containing ~180,000 amateur drawings and corresponding user-accepted character bounding box, segmentation mask, and joint location annotations.

Title: Open-source Frame Semantic Parsing. (arXiv:2303.12788v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2303.12788
• Code URL: https://github.com/chanind/frame-semantic-transformer
• Copy Paste: [[2303.12788] Open-source Frame Semantic Parsing](http://arxiv.org/abs/2303.12788) #robust
• Summary:

  While the state-of-the-art for frame semantic parsing has progressed dramatically in recent years, it is still difficult for end-users to apply state-of-the-art models in practice. To address this, we present Frame Semantic Transformer, an open-source Python library which achieves near state-of-the-art performance on FrameNet 1.7, while focusing on ease-of-use. We use a T5 model fine-tuned on Propbank and FrameNet exemplars as a base, and improve performance by using FrameNet lexical units to provide hints to T5 at inference time. We enhance robustness to real-world data by using textual data augmentations during training.

Title: Distribution-restrained Softmax Loss for the Model Robustness. (arXiv:2303.12363v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2303.12363
• Code URL: null
• Copy Paste: [[2303.12363] Distribution-restrained Softmax Loss for the Model Robustness](http://arxiv.org/abs/2303.12363) #robust
• Summary:

  Recently, the robustness of deep learning models has received widespread attention, and various methods for improving model robustness have been proposed, including adversarial training, model architecture modification, design of loss functions, certified defenses, and so on. However, the principle of the robustness to attacks is still not fully understood, also the related research is still not sufficient. Here, we have identified a significant factor that affects the robustness of models: the distribution characteristics of softmax values for non-real label samples. We found that the results after an attack are highly correlated with the distribution characteristics, and thus we proposed a loss function to suppress the distribution diversity of softmax. A large number of experiments have shown that our method can improve robustness without significant time consumption.

Title: Policy Optimization for Personalized Interventions in Behavioral Health. (arXiv:2303.12206v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2303.12206
• Code URL: null
• Copy Paste: [[2303.12206] Policy Optimization for Personalized Interventions in Behavioral Health](http://arxiv.org/abs/2303.12206) #robust
• Summary:

  Problem definition: Behavioral health interventions, delivered through digital platforms, have the potential to significantly improve health outcomes, through education, motivation, reminders, and outreach. We study the problem of optimizing personalized interventions for patients to maximize some long-term outcome, in a setting where interventions are costly and capacity-constrained.

Methodology/results: This paper provides a model-free approach to solving this problem. We find that generic model-free approaches from the reinforcement learning literature are too data intensive for healthcare applications, while simpler bandit approaches make progress at the expense of ignoring long-term patient dynamics. We present a new algorithm we dub DecompPI that approximates one step of policy iteration. Implementing DecompPI simply consists of a prediction task from offline data, alleviating the need for online experimentation. Theoretically, we show that under a natural set of structural assumptions on patient dynamics, DecompPI surprisingly recovers at least 1/2 of the improvement possible between a naive baseline policy and the optimal policy. At the same time, DecompPI is both robust to estimation errors and interpretable. Through an empirical case study on a mobile health platform for improving treatment adherence for tuberculosis, we find that DecompPI can provide the same efficacy as the status quo with approximately half the capacity of interventions.

Managerial implications: DecompPI is general and is easily implementable for organizations aiming to improve long-term behavior through targeted interventions. Our case study suggests that the platform's costs of deploying interventions can potentially be cut by 50%, which facilitates the ability to scale up the system in a cost-efficient fashion.

Title: TsSHAP: Robust model agnostic feature-based explainability for time series forecasting. (arXiv:2303.12316v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2303.12316
• Code URL: null
• Copy Paste: [[2303.12316] TsSHAP: Robust model agnostic feature-based explainability for time series forecasting](http://arxiv.org/abs/2303.12316) #robust
• Summary:

  A trustworthy machine learning model should be accurate as well as explainable. Understanding why a model makes a certain decision defines the notion of explainability. While various flavors of explainability have been well-studied in supervised learning paradigms like classification and regression, literature on explainability for time series forecasting is relatively scarce.

In this paper, we propose a feature-based explainability algorithm, TsSHAP, that can explain the forecast of any black-box forecasting model. The method is agnostic of the forecasting model and can provide explanations for a forecast in terms of interpretable features defined by the user a prior.

The explanations are in terms of the SHAP values obtained by applying the TreeSHAP algorithm on a surrogate model that learns a mapping between the interpretable feature space and the forecast of the black-box model.

Moreover, we formalize the notion of local, semi-local, and global explanations in the context of time series forecasting, which can be useful in several scenarios. We validate the efficacy and robustness of TsSHAP through extensive experiments on multiple datasets.

Title: ExBEHRT: Extended Transformer for Electronic Health Records to Predict Disease Subtypes & Progressions. (arXiv:2303.12364v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2303.12364
• Code URL: https://github.com/ZhiGroup/Med-BERT
• Copy Paste: [[2303.12364] ExBEHRT: Extended Transformer for Electronic Health Records to Predict Disease Subtypes & Progressions](http://arxiv.org/abs/2303.12364) #robust
• Summary:

  In this study, we introduce ExBEHRT, an extended version of BEHRT (BERT applied to electronic health records), and apply different algorithms to interpret its results. While BEHRT considers only diagnoses and patient age, we extend the feature space to several multimodal records, namely demographics, clinical characteristics, vital signs, smoking status, diagnoses, procedures, medications, and laboratory tests, by applying a novel method to unify the frequencies and temporal dimensions of the different features. We show that additional features significantly improve model performance for various downstream tasks in different diseases. To ensure robustness, we interpret model predictions using an adaptation of expected gradients, which has not been previously applied to transformers with EHR data and provides more granular interpretations than previous approaches such as feature and token importances. Furthermore, by clustering the model representations of oncology patients, we show that the model has an implicit understanding of the disease and is able to classify patients with the same cancer type into different risk groups. Given the additional features and interpretability, ExBEHRT can help make informed decisions about disease trajectories, diagnoses, and risk factors of various diseases.

biometric

Title: Longitudinal Performance of Iris Recognition in Children: Time Intervals up to Six years. (arXiv:2303.12720v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12720
• Code URL: null
• Copy Paste: [[2303.12720] Longitudinal Performance of Iris Recognition in Children: Time Intervals up to Six years](http://arxiv.org/abs/2303.12720) #biometric
• Summary:

  The temporal stability of iris recognition performance is core to its success as a biometric modality. With the expanding horizon of applications for children, gaps in the knowledge base on the temporal stability of iris recognition performance in children have impacted decision-making during applications at the global scale. This report presents the most extensive analysis of longitudinal iris recognition performance in children with data from the same 230 children over 6.5 years between enrollment and query for ages 4 to 17 years. Assessment of match scores, statistical modelling of variability factors impacting match scores and in-depth assessment of the root causes of the false rejections concludes no impact on iris recognition performance due to aging.

steal

extraction

Title: One-Step Detection Paradigm for Hyperspectral Anomaly Detection via Spectral Deviation Relationship Learning. (arXiv:2303.12342v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12342
• Code URL: null
• Copy Paste: [[2303.12342] One-Step Detection Paradigm for Hyperspectral Anomaly Detection via Spectral Deviation Relationship Learning](http://arxiv.org/abs/2303.12342) #extraction
• Summary:

  Hyperspectral anomaly detection (HAD) involves identifying the targets that deviate spectrally from their surroundings, without prior knowledge. Recently, deep learning based methods have become the mainstream HAD methods, due to their powerful spatial-spectral feature extraction ability. However, the current deep detection models are optimized to complete a proxy task (two-step paradigm), such as background reconstruction or generation, rather than achieving anomaly detection directly. This leads to suboptimal results and poor transferability, which means that the deep model is trained and tested on the same image. In this paper, an unsupervised transferred direct detection (TDD) model is proposed, which is optimized directly for the anomaly detection task (one-step paradigm) and has transferability. Specially, the TDD model is optimized to identify the spectral deviation relationship according to the anomaly definition. Compared to learning the specific background distribution as most models do, the spectral deviation relationship is universal for different images and guarantees the model transferability. To train the TDD model in an unsupervised manner, an anomaly sample simulation strategy is proposed to generate numerous pairs of anomaly samples. Furthermore, a global self-attention module and a local self-attention module are designed to help the model focus on the "spectrally deviating" relationship. The TDD model was validated on four public HAD datasets. The results show that the proposed TDD model can successfully overcome the limitation of traditional model training and testing on a single image, and the model has a powerful detection ability and excellent transferability.

Title: Road Extraction with Satellite Images and Partial Road Maps. (arXiv:2303.12394v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12394
• Code URL: null
• Copy Paste: [[2303.12394] Road Extraction with Satellite Images and Partial Road Maps](http://arxiv.org/abs/2303.12394) #extraction
• Summary:

  Road extraction is a process of automatically generating road maps mainly from satellite images. Existing models all target to generate roads from the scratch despite that a large quantity of road maps, though incomplete, are publicly available (e.g. those from OpenStreetMap) and can help with road extraction. In this paper, we propose to conduct road extraction based on satellite images and partial road maps, which is new. We then propose a two-branch Partial to Complete Network (P2CNet) for the task, which has two prominent components: Gated Self-Attention Module (GSAM) and Missing Part (MP) loss. GSAM leverages a channel-wise self-attention module and a gate module to capture long-range semantics, filter out useless information, and better fuse the features from two branches. MP loss is derived from the partial road maps, trying to give more attention to the road pixels that do not exist in partial road maps. Extensive experiments are conducted to demonstrate the effectiveness of our model, e.g. P2CNet achieves state-of-the-art performance with the IoU scores of 70.71% and 75.52%, respectively, on the SpaceNet and OSM datasets.

Title: Multi-view Feature Extraction based on Triple Contrastive Heads. (arXiv:2303.12615v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12615
• Code URL: null
• Copy Paste: [[2303.12615] Multi-view Feature Extraction based on Triple Contrastive Heads](http://arxiv.org/abs/2303.12615) #extraction
• Summary:

  Multi-view feature extraction is an efficient approach for alleviating the issue of dimensionality in highdimensional multi-view data. Contrastive learning (CL), which is a popular self-supervised learning method, has recently attracted considerable attention. In this study, we propose a novel multi-view feature extraction method based on triple contrastive heads, which combines the sample-, recovery- , and feature-level contrastive losses to extract the sufficient yet minimal subspace discriminative information in compliance with information bottleneck principle. In MFETCH, we construct the feature-level contrastive loss, which removes the redundent information in the consistency information to achieve the minimality of the subspace discriminative information. Moreover, the recovery-level contrastive loss is also constructed in MFETCH, which captures the view-specific discriminative information to achieve the sufficiency of the subspace discriminative information.The numerical experiments demonstrate that the proposed method offers a strong advantage for multi-view feature extraction.

Title: Visual motion analysis of the player's finger. (arXiv:2303.12697v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12697
• Code URL: null
• Copy Paste: [[2303.12697] Visual motion analysis of the player's finger](http://arxiv.org/abs/2303.12697) #extraction
• Summary:

  This work is about the extraction of the motion of fingers, in their three articulations, of a keyboard player from a video sequence. The relevance of the problem involves several aspects, in fact, the extraction of the movements of the fingers may be used to compute the keystroke efficiency and individual joint contributions, as showed by Werner Goebl and Caroline Palmer in the paper 'Temporal Control and Hand Movement Efficiency in Skilled Music Performance'. Those measures are directly related to the precision in timing and force measures. A very good approach to the hand gesture recognition problem has been presented in the paper ' Real-Time Hand Gesture Recognition Using Finger Segmentation'. Detecting the keys pressed on a keyboard is a task that can be complex because of the shadows that can degrade the quality of the result and possibly cause the detection of not pressed keys. Among the several approaches that already exist, a great amount of them is based on the subtraction of frames in order to detect the movements of the keys caused by their pressure. Detecting the keys that are pressed could be useful to automatically evaluate the performance of a pianist or to automatically write sheet music of the melody that is being played.

Title: Interpretable Bangla Sarcasm Detection using BERT and Explainable AI. (arXiv:2303.12772v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2303.12772
• Code URL: null
• Copy Paste: [[2303.12772] Interpretable Bangla Sarcasm Detection using BERT and Explainable AI](http://arxiv.org/abs/2303.12772) #extraction
• Summary:

  A positive phrase or a sentence with an underlying negative motive is usually defined as sarcasm that is widely used in today's social media platforms such as Facebook, Twitter, Reddit, etc. In recent times active users in social media platforms are increasing dramatically which raises the need for an automated NLP-based system that can be utilized in various tasks such as determining market demand, sentiment analysis, threat detection, etc. However, since sarcasm usually implies the opposite meaning and its detection is frequently a challenging issue, data meaning extraction through an NLP-based model becomes more complicated. As a result, there has been a lot of study on sarcasm detection in English over the past several years, and there's been a noticeable improvement and yet sarcasm detection in the Bangla language's state remains the same. In this article, we present a BERT-based system that can achieve 99.60\% while the utilized traditional machine learning algorithms are only capable of achieving 89.93\%. Additionally, we have employed Local Interpretable Model-Agnostic Explanations that introduce explainability to our system. Moreover, we have utilized a newly collected bangla sarcasm dataset, BanglaSarc that was constructed specifically for the evaluation of this study. This dataset consists of fresh records of sarcastic and non-sarcastic comments, the majority of which are acquired from Facebook and YouTube comment sections.

membership infer

federate

Title: Re-thinking Federated Active Learning based on Inter-class Diversity. (arXiv:2303.12317v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12317
• Code URL: https://github.com/raymin0223/logo
• Copy Paste: [[2303.12317] Re-thinking Federated Active Learning based on Inter-class Diversity](http://arxiv.org/abs/2303.12317) #federate
• Summary:

  Although federated learning has made awe-inspiring advances, most studies have assumed that the client's data are fully labeled. However, in a real-world scenario, every client may have a significant amount of unlabeled instances. Among the various approaches to utilizing unlabeled data, a federated active learning framework has emerged as a promising solution. In the decentralized setting, there are two types of available query selector models, namely 'global' and 'local-only' models, but little literature discusses their performance dominance and its causes. In this work, we first demonstrate that the superiority of two selector models depends on the global and local inter-class diversity. Furthermore, we observe that the global and local-only models are the keys to resolving the imbalance of each side. Based on our findings, we propose LoGo, a FAL sampling strategy robust to varying local heterogeneity levels and global imbalance ratio, that integrates both models by two steps of active selection scheme. LoGo consistently outperforms six active learning strategies in the total number of 38 experimental settings.

Title: Prototype Helps Federated Learning: Towards Faster Convergence. (arXiv:2303.12296v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2303.12296
• Code URL: null
• Copy Paste: [[2303.12296] Prototype Helps Federated Learning: Towards Faster Convergence](http://arxiv.org/abs/2303.12296) #federate
• Summary:

  Federated learning (FL) is a distributed machine learning technique in which multiple clients cooperate to train a shared model without exchanging their raw data. However, heterogeneity of data distribution among clients usually leads to poor model inference. In this paper, a prototype-based federated learning framework is proposed, which can achieve better inference performance with only a few changes to the last global iteration of the typical federated learning process. In the last iteration, the server aggregates the prototypes transmitted from distributed clients and then sends them back to local clients for their respective model inferences. Experiments on two baseline datasets show that our proposal can achieve higher accuracy (at least 1%) and relatively efficient communication than two popular baselines under different heterogeneous settings.

Title: Delay-Aware Hierarchical Federated Learning. (arXiv:2303.12414v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2303.12414
• Code URL: null
• Copy Paste: [[2303.12414] Delay-Aware Hierarchical Federated Learning](http://arxiv.org/abs/2303.12414) #federate
• Summary:

  Federated learning has gained popularity as a means of training models distributed across the wireless edge. The paper introduces delay-aware federated learning (DFL) to improve the efficiency of distributed machine learning (ML) model training by addressing communication delays between edge and cloud. DFL employs multiple stochastic gradient descent iterations on device datasets during each global aggregation interval and intermittently aggregates model parameters through edge servers in local subnetworks. The cloud server synchronizes the local models with the global deployed model computed via a local-global combiner at global synchronization. The convergence behavior of DFL is theoretically investigated under a generalized data heterogeneity metric. A set of conditions is obtained to achieve the sub-linear convergence rate of O(1/k). Based on these findings, an adaptive control algorithm is developed for DFL, implementing policies to mitigate energy consumption and edge-to-cloud communication latency while aiming for a sublinear convergence rate. Numerical evaluations show DFL's superior performance in terms of faster global model convergence, reduced resource consumption, and robustness against communication delays compared to existing FL algorithms. In summary, this proposed method offers improved efficiency and satisfactory results when dealing with both convex and non-convex loss functions.

fair

Title: On Domain-Specific Pre-Training for Effective Semantic Perception in Agricultural Robotics. (arXiv:2303.12499v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12499
• Code URL: null
• Copy Paste: [[2303.12499] On Domain-Specific Pre-Training for Effective Semantic Perception in Agricultural Robotics](http://arxiv.org/abs/2303.12499) #fair
• Summary:

  Agricultural robots have the prospect to enable more efficient and sustainable agricultural production of food, feed, and fiber. Perception of crops and weeds is a central component of agricultural robots that aim to monitor fields and assess the plants as well as their growth stage in an automatic manner. Semantic perception mostly relies on deep learning using supervised approaches, which require time and qualified workers to label fairly large amounts of data. In this paper, we look into the problem of reducing the amount of labels without compromising the final segmentation performance. For robots operating in the field, pre-training networks in a supervised way is already a popular method to reduce the number of required labeled images. We investigate the possibility of pre-training in a self-supervised fashion using data from the target domain. To better exploit this data, we propose a set of domain-specific augmentation strategies. We evaluate our pre-training on semantic segmentation and leaf instance segmentation, two important tasks in our domain. The experimental results suggest that pre-training with domain-specific data paired with our data augmentation strategy leads to superior performance compared to commonly used pre-trainings. Furthermore, the pre-trained networks obtain similar performance to the fully supervised with less labeled data.

Title: Can we trust the evaluation on ChatGPT?. (arXiv:2303.12767v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2303.12767
• Code URL: null
• Copy Paste: [[2303.12767] Can we trust the evaluation on ChatGPT?](http://arxiv.org/abs/2303.12767) #fair
• Summary:

  ChatGPT, the first large language model (LLM) with mass adoption, has demonstrated remarkable performance in numerous natural language tasks. Despite its evident usefulness, evaluating ChatGPT's performance in diverse problem domains remains challenging due to the closed nature of the model and its continuous updates via Reinforcement Learning from Human Feedback (RLHF). We highlight the issue of data contamination in ChatGPT evaluations, with a case study of the task of stance detection. We discuss the challenge of preventing data contamination and ensuring fair model evaluation in the age of closed and continuously trained models.

Title: Fairness Improves Learning from Noisily Labeled Long-Tailed Data. (arXiv:2303.12291v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2303.12291
• Code URL: null
• Copy Paste: [[2303.12291] Fairness Improves Learning from Noisily Labeled Long-Tailed Data](http://arxiv.org/abs/2303.12291) #fair
• Summary:

  Both long-tailed and noisily labeled data frequently appear in real-world applications and impose significant challenges for learning. Most prior works treat either problem in an isolated way and do not explicitly consider the coupling effects of the two. Our empirical observation reveals that such solutions fail to consistently improve the learning when the dataset is long-tailed with label noise. Moreover, with the presence of label noise, existing methods do not observe universal improvements across different sub-populations; in other words, some sub-populations enjoyed the benefits of improved accuracy at the cost of hurting others. Based on these observations, we introduce the Fairness Regularizer (FR), inspired by regularizing the performance gap between any two sub-populations. We show that the introduced fairness regularizer improves the performances of sub-populations on the tail and the overall learning performance. Extensive experiments demonstrate the effectiveness of the proposed solution when complemented with certain existing popular robust or class-balanced methods.

interpretability

Title: Challenges and opportunities for machine learning in multiscale computational modeling. (arXiv:2303.12261v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2303.12261
• Code URL: null
• Copy Paste: [[2303.12261] Challenges and opportunities for machine learning in multiscale computational modeling](http://arxiv.org/abs/2303.12261) #interpretability
• Summary:

  Many mechanical engineering applications call for multiscale computational modeling and simulation. However, solving for complex multiscale systems remains computationally onerous due to the high dimensionality of the solution space. Recently, machine learning (ML) has emerged as a promising solution that can either serve as a surrogate for, accelerate or augment traditional numerical methods. Pioneering work has demonstrated that ML provides solutions to governing systems of equations with comparable accuracy to those obtained using direct numerical methods, but with significantly faster computational speed. These high-speed, high-fidelity estimations can facilitate the solving of complex multiscale systems by providing a better initial solution to traditional solvers. This paper provides a perspective on the opportunities and challenges of using ML for complex multiscale modeling and simulation. We first outline the current state-of-the-art ML approaches for simulating multiscale systems and highlight some of the landmark developments. Next, we discuss current challenges for ML in multiscale computational modeling, such as the data and discretization dependence, interpretability, and data sharing and collaborative platform development. Finally, we suggest several potential research directions for the future.

Title: EasyDGL: Encode, Train and Interpret for Continuous-time Dynamic Graph Learning. (arXiv:2303.12341v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2303.12341
• Code URL: https://github.com/cchao0116/EasyDGL
• Copy Paste: [[2303.12341] EasyDGL: Encode, Train and Interpret for Continuous-time Dynamic Graph Learning](http://arxiv.org/abs/2303.12341) #interpretability
• Summary:

  Dynamic graphs arise in various real-world applications, and it is often welcomed to model the dynamics directly in continuous time domain for its flexibility. This paper aims to design an easy-to-use pipeline (termed as EasyDGL which is also due to its implementation by DGL toolkit) composed of three key modules with both strong fitting ability and interpretability. Specifically the proposed pipeline which involves encoding, training and interpreting: i) a temporal point process (TPP) modulated attention architecture to endow the continuous-time resolution with the coupled spatiotemporal dynamics of the observed graph with edge-addition events; ii) a principled loss composed of task-agnostic TPP posterior maximization based on observed events on the graph, and a task-aware loss with a masking strategy over dynamic graph, where the covered tasks include dynamic link prediction, dynamic node classification and node traffic forecasting; iii) interpretation of the model outputs (e.g., representations and predictions) with scalable perturbation-based quantitative analysis in the graph Fourier domain, which could more comprehensively reflect the behavior of the learned model. Extensive experimental results on public benchmarks show the superior performance of our EasyDGL for time-conditioned predictive tasks, and in particular demonstrate that EasyDGL can effectively quantify the predictive power of frequency content that a model learn from the evolving graph data.

Title: Semi-supervised counterfactual explanations. (arXiv:2303.12634v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2303.12634
• Code URL: null
• Copy Paste: [[2303.12634] Semi-supervised counterfactual explanations](http://arxiv.org/abs/2303.12634) #interpretability
• Summary:

  Counterfactual explanations for machine learning models are used to find minimal interventions to the feature values such that the model changes the prediction to a different output or a target output. A valid counterfactual explanation should have likely feature values. Here, we address the challenge of generating counterfactual explanations that lie in the same data distribution as that of the training data and more importantly, they belong to the target class distribution. This requirement has been addressed through the incorporation of auto-encoder reconstruction loss in the counterfactual search process. Connecting the output behavior of the classifier to the latent space of the auto-encoder has further improved the speed of the counterfactual search process and the interpretability of the resulting counterfactual explanations. Continuing this line of research, we show further improvement in the interpretability of counterfactual explanations when the auto-encoder is trained in a semi-supervised fashion with class tagged input data. We empirically evaluate our approach on several datasets and show considerable improvement in-terms of several metrics.

explainability

Title: Thrill-K Architecture: Towards a Solution to the Problem of Knowledge Based Understanding. (arXiv:2303.12084v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2303.12084
• Code URL: null
• Copy Paste: [[2303.12084] Thrill-K Architecture: Towards a Solution to the Problem of Knowledge Based Understanding](http://arxiv.org/abs/2303.12084) #explainability
• Summary:

  While end-to-end learning systems are rapidly gaining capabilities and popularity, the increasing computational demands for deploying such systems, along with a lack of flexibility, adaptability, explainability, reasoning and verification capabilities, require new types of architectures. Here we introduce a classification of hybrid systems which, based on an analysis of human knowledge and intelligence, combines neural learning with various types of knowledge and knowledge sources. We present the Thrill-K architecture as a prototypical solution for integrating instantaneous knowledge, standby knowledge and external knowledge sources in a framework capable of inference, learning and intelligent control.

watermark

diffusion

Title: Compositional 3D Scene Generation using Locally Conditioned Diffusion. (arXiv:2303.12218v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12218
• Code URL: null
• Copy Paste: [[2303.12218] Compositional 3D Scene Generation using Locally Conditioned Diffusion](http://arxiv.org/abs/2303.12218) #diffusion
• Summary:

  Designing complex 3D scenes has been a tedious, manual process requiring domain expertise. Emerging text-to-3D generative models show great promise for making this task more intuitive, but existing approaches are limited to object-level generation. We introduce \textbf{locally conditioned diffusion} as an approach to compositional scene diffusion, providing control over semantic parts using text prompts and bounding boxes while ensuring seamless transitions between these parts. We demonstrate a score distillation sampling--based text-to-3D synthesis pipeline that enables compositional 3D scene generation at a higher fidelity than relevant baselines.

Title: SALAD: Part-Level Latent Diffusion for 3D Shape Generation and Manipulation. (arXiv:2303.12236v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12236
• Code URL: null
• Copy Paste: [[2303.12236] SALAD: Part-Level Latent Diffusion for 3D Shape Generation and Manipulation](http://arxiv.org/abs/2303.12236) #diffusion
• Summary:

  We present a cascaded diffusion model based on a part-level implicit 3D representation. Our model achieves state-of-the-art generation quality and also enables part-level shape editing and manipulation without any additional training in conditional setup. Diffusion models have demonstrated impressive capabilities in data generation as well as zero-shot completion and editing via a guided reverse process. Recent research on 3D diffusion models has focused on improving their generation capabilities with various data representations, while the absence of structural information has limited their capability in completion and editing tasks. We thus propose our novel diffusion model using a part-level implicit representation. To effectively learn diffusion with high-dimensional embedding vectors of parts, we propose a cascaded framework, learning diffusion first on a low-dimensional subspace encoding extrinsic parameters of parts and then on the other high-dimensional subspace encoding intrinsic attributes. In the experiments, we demonstrate the outperformance of our method compared with the previous ones both in generation and part-level completion and manipulation tasks.

Title: Distribution Aligned Diffusion and Prototype-guided network for Unsupervised Domain Adaptive Segmentation. (arXiv:2303.12313v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12313
• Code URL: null
• Copy Paste: [[2303.12313] Distribution Aligned Diffusion and Prototype-guided network for Unsupervised Domain Adaptive Segmentation](http://arxiv.org/abs/2303.12313) #diffusion
• Summary:

  The Diffusion Probabilistic Model (DPM) has emerged as a highly effective generative model in the field of computer vision. Its intermediate latent vectors offer rich semantic information, making it an attractive option for various downstream tasks such as segmentation and detection. In order to explore its potential further, we have taken a step forward and considered a more complex scenario in the medical image domain, specifically, under an unsupervised adaptation condition. To this end, we propose a Diffusion-based and Prototype-guided network (DP-Net) for unsupervised domain adaptive segmentation. Concretely, our DP-Net consists of two stages: 1) Distribution Aligned Diffusion (DADiff), which involves training a domain discriminator to minimize the difference between the intermediate features generated by the DPM, thereby aligning the inter-domain distribution; and 2) Prototype-guided Consistency Learning (PCL), which utilizes feature centroids as prototypes and applies a prototype-guided loss to ensure that the segmentor learns consistent content from both source and target domains. Our approach is evaluated on fundus datasets through a series of experiments, which demonstrate that the performance of the proposed method is reliable and outperforms state-of-the-art methods. Our work presents a promising direction for using DPM in complex medical image scenarios, opening up new possibilities for further research in medical imaging.

Title: LD-ZNet: A Latent Diffusion Approach for Text-Based Image Segmentation. (arXiv:2303.12343v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12343
• Code URL: null
• Copy Paste: [[2303.12343] LD-ZNet: A Latent Diffusion Approach for Text-Based Image Segmentation](http://arxiv.org/abs/2303.12343) #diffusion
• Summary:

  We present a technique for segmenting real and AI-generated images using latent diffusion models (LDMs) trained on internet-scale datasets. First, we show that the latent space of LDMs (z-space) is a better input representation compared to other feature representations like RGB images or CLIP encodings for text-based image segmentation. By training the segmentation models on the latent z-space, which creates a compressed representation across several domains like different forms of art, cartoons, illustrations, and photographs, we are also able to bridge the domain gap between real and AI-generated images. We show that the internal features of LDMs contain rich semantic information and present a technique in the form of LD-ZNet to further boost the performance of text-based segmentation. Overall, we show up to 6% improvement over standard baselines for text-to-image segmentation on natural images. For AI-generated imagery, we show close to 20% improvement compared to state-of-the-art techniques.

Title: NUWA-XL: Diffusion over Diffusion for eXtremely Long Video Generation. (arXiv:2303.12346v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12346
• Code URL: null
• Copy Paste: [[2303.12346] NUWA-XL: Diffusion over Diffusion for eXtremely Long Video Generation](http://arxiv.org/abs/2303.12346) #diffusion
• Summary:

  In this paper, we propose NUWA-XL, a novel Diffusion over Diffusion architecture for eXtremely Long video generation. Most current work generates long videos segment by segment sequentially, which normally leads to the gap between training on short videos and inferring long videos, and the sequential generation is inefficient. Instead, our approach adopts a ``coarse-to-fine'' process, in which the video can be generated in parallel at the same granularity. A global diffusion model is applied to generate the keyframes across the entire time range, and then local diffusion models recursively fill in the content between nearby frames. This simple yet effective strategy allows us to directly train on long videos (3376 frames) to reduce the training-inference gap, and makes it possible to generate all segments in parallel. To evaluate our model, we build FlintstonesHD dataset, a new benchmark for long video generation. Experiments show that our model not only generates high-quality long videos with both global and local coherence, but also decreases the average inference time from 7.55min to 26s (by 94.26\%) at the same hardware setting when generating 1024 frames. The homepage link is \url{https://msra-nuwa.azurewebsites.net/}

Title: Affordance Diffusion: Synthesizing Hand-Object Interactions. (arXiv:2303.12538v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12538
• Code URL: null
• Copy Paste: [[2303.12538] Affordance Diffusion: Synthesizing Hand-Object Interactions](http://arxiv.org/abs/2303.12538) #diffusion
• Summary:

  Recent successes in image synthesis are powered by large-scale diffusion models. However, most methods are currently limited to either text- or image-conditioned generation for synthesizing an entire image, texture transfer or inserting objects into a user-specified region. In contrast, in this work we focus on synthesizing complex interactions (ie, an articulated hand) with a given object. Given an RGB image of an object, we aim to hallucinate plausible images of a human hand interacting with it. We propose a two-step generative approach: a LayoutNet that samples an articulation-agnostic hand-object-interaction layout, and a ContentNet that synthesizes images of a hand grasping the object given the predicted layout. Both are built on top of a large-scale pretrained diffusion model to make use of its latent representation. Compared to baselines, the proposed method is shown to generalize better to novel objects and perform surprisingly well on out-of-distribution in-the-wild scenes of portable-sized objects. The resulting system allows us to predict descriptive affordance information, such as hand articulation and approaching orientation. Project page: https://judyye.github.io/affordiffusion-www

Title: A Perceptual Quality Assessment Exploration for AIGC Images. (arXiv:2303.12618v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12618
• Code URL: null
• Copy Paste: [[2303.12618] A Perceptual Quality Assessment Exploration for AIGC Images](http://arxiv.org/abs/2303.12618) #diffusion
• Summary:

  \underline{AI} \underline{G}enerated \underline{C}ontent (\textbf{AIGC}) has gained widespread attention with the increasing efficiency of deep learning in content creation. AIGC, created with the assistance of artificial intelligence technology, includes various forms of content, among which the AI-generated images (AGIs) have brought significant impact to society and have been applied to various fields such as entertainment, education, social media, etc. However, due to hardware limitations and technical proficiency, the quality of AIGC images (AGIs) varies, necessitating refinement and filtering before practical use. Consequently, there is an urgent need for developing objective models to assess the quality of AGIs. Unfortunately, no research has been carried out to investigate the perceptual quality assessment for AGIs specifically. Therefore, in this paper, we first discuss the major evaluation aspects such as technical issues, AI artifacts, unnaturalness, discrepancy, and aesthetics for AGI quality assessment. Then we present the first perceptual AGI quality assessment database, AGIQA-1K, which consists of 1,080 AGIs generated from diffusion models. A well-organized subjective experiment is followed to collect the quality labels of the AGIs. Finally, we conduct a benchmark experiment to evaluate the performance of current image quality assessment (IQA) models.

Title: Feature-Conditioned Cascaded Video Diffusion Models for Precise Echocardiogram Synthesis. (arXiv:2303.12644v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12644
• Code URL: null
• Copy Paste: [[2303.12644] Feature-Conditioned Cascaded Video Diffusion Models for Precise Echocardiogram Synthesis](http://arxiv.org/abs/2303.12644) #diffusion
• Summary:

  Image synthesis is expected to provide value for the translation of machine learning methods into clinical practice. Fundamental problems like model robustness, domain transfer, causal modelling, and operator training become approachable through synthetic data. Especially, heavily operator-dependant modalities like Ultrasound imaging require robust frameworks for image and video generation. So far, video generation has only been possible by providing input data that is as rich as the output data, e.g., image sequence plus conditioning in, video out. However, clinical documentation is usually scarce and only single images are reported and stored, thus retrospective patient-specific analysis or the generation of rich training data becomes impossible with current approaches. In this paper, we extend elucidated diffusion models for video modelling to generate plausible video sequences from single images and arbitrary conditioning with clinical parameters. We explore this idea within the context of echocardiograms by looking into the variation of the Left Ventricle Ejection Fraction, the most essential clinical metric gained from these examinations. We use the publicly available EchoNet-Dynamic dataset for all our experiments. Our image to sequence approach achieves an R2 score of 93%, which is 38 points higher than recently proposed sequence to sequence generation methods. A public demo is available here: bit.ly/3HTskPF. Code and models will be available at: https://github.com/HReynaud/EchoDiffusion.

Title: Pix2Video: Video Editing using Image Diffusion. (arXiv:2303.12688v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12688
• Code URL: null
• Copy Paste: [[2303.12688] Pix2Video: Video Editing using Image Diffusion](http://arxiv.org/abs/2303.12688) #diffusion
• Summary:

  Image diffusion models, trained on massive image collections, have emerged as the most versatile image generator model in terms of quality and diversity. They support inverting real images and conditional (e.g., text) generation, making them attractive for high-quality image editing applications. We investigate how to use such pre-trained image models for text-guided video editing. The critical challenge is to achieve the target edits while still preserving the content of the source video. Our method works in two simple steps: first, we use a pre-trained structure-guided (e.g., depth) image diffusion model to perform text-guided edits on an anchor frame; then, in the key step, we progressively propagate the changes to the future frames via self-attention feature injection to adapt the core denoising step of the diffusion model. We then consolidate the changes by adjusting the latent code for the frame before continuing the process. Our approach is training-free and generalizes to a wide range of edits. We demonstrate the effectiveness of the approach by extensive experimentation and compare it against four different prior and parallel efforts (on ArXiv). We demonstrate that realistic text-guided video edits are possible, without any compute-intensive preprocessing or video-specific finetuning.

Title: Diffusion-based Target Sampler for Unsupervised Domain Adaptation. (arXiv:2303.12724v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12724
• Code URL: null
• Copy Paste: [[2303.12724] Diffusion-based Target Sampler for Unsupervised Domain Adaptation](http://arxiv.org/abs/2303.12724) #diffusion
• Summary:

  Limited transferability hinders the performance of deep learning models when applied to new application scenarios. Recently, unsupervised domain adaptation (UDA) has achieved significant progress in addressing this issue via learning domain-invariant features. However, large domain shifts and the sample scarcity in the target domain make existing UDA methods achieve suboptimal performance. To alleviate these issues, we propose a plug-and-play Diffusion-based Target Sampler (DTS) to generate high fidelity and diversity pseudo target samples. By introducing class-conditional information, the labels of the generated target samples can be controlled. The generated samples can well simulate the data distribution of the target domain and help existing UDA methods transfer from the source domain to the target domain more easily, thus improving the transfer performance. Extensive experiments on various benchmarks demonstrate that the performance of existing UDA methods can be greatly improved through the proposed DTS method.

Title: On the De-duplication of LAION-2B. (arXiv:2303.12733v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12733
• Code URL: https://github.com/ryanwebster90/snip-dedup
• Copy Paste: [[2303.12733] On the De-duplication of LAION-2B](http://arxiv.org/abs/2303.12733) #diffusion
• Summary:

  Generative models, such as DALL-E, Midjourney, and Stable Diffusion, have societal implications that extend beyond the field of computer science. These models require large image databases like LAION-2B, which contain two billion images. At this scale, manual inspection is difficult and automated analysis is challenging. In addition, recent studies show that duplicated images pose copyright problems for models trained on LAION2B, which hinders its usability. This paper proposes an algorithmic chain that runs with modest compute, that compresses CLIP features to enable efficient duplicate detection, even for vast image volumes. Our approach demonstrates that roughly 700 million images, or about 30\%, of LAION-2B's images are likely duplicated. Our method also provides the histograms of duplication on this dataset, which we use to reveal more examples of verbatim copies by Stable Diffusion and further justify the approach. The current version of the de-duplicated set will be distributed online.

Title: Text Semantics to Image Generation: A method of building facades design base on Stable Diffusion model. (arXiv:2303.12755v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12755
• Code URL: null
• Copy Paste: [[2303.12755] Text Semantics to Image Generation: A method of building facades design base on Stable Diffusion model](http://arxiv.org/abs/2303.12755) #diffusion
• Summary:

  Stable Diffusion model has been extensively employed in the study of archi-tectural image generation, but there is still an opportunity to enhance in terms of the controllability of the generated image content. A multi-network combined text-to-building facade image generating method is proposed in this work. We first fine-tuned the Stable Diffusion model on the CMP Fa-cades dataset using the LoRA (Low-Rank Adaptation) approach, then we ap-ply the ControlNet model to further control the output. Finally, we contrast-ed the facade generating outcomes under various architectural style text con-tents and control strategies. The results demonstrate that the LoRA training approach significantly decreases the possibility of fine-tuning the Stable Dif-fusion large model, and the addition of the ControlNet model increases the controllability of the creation of text to building facade images. This pro-vides a foundation for subsequent studies on the generation of architectural images.

Title: FeatureNeRF: Learning Generalizable NeRFs by Distilling Foundation Models. (arXiv:2303.12786v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12786
• Code URL: null
• Copy Paste: [[2303.12786] FeatureNeRF: Learning Generalizable NeRFs by Distilling Foundation Models](http://arxiv.org/abs/2303.12786) #diffusion
• Summary:

  Recent works on generalizable NeRFs have shown promising results on novel view synthesis from single or few images. However, such models have rarely been applied on other downstream tasks beyond synthesis such as semantic understanding and parsing. In this paper, we propose a novel framework named FeatureNeRF to learn generalizable NeRFs by distilling pre-trained vision foundation models (e.g., DINO, Latent Diffusion). FeatureNeRF leverages 2D pre-trained foundation models to 3D space via neural rendering, and then extract deep features for 3D query points from NeRF MLPs. Consequently, it allows to map 2D images to continuous 3D semantic feature volumes, which can be used for various downstream tasks. We evaluate FeatureNeRF on tasks of 2D/3D semantic keypoint transfer and 2D/3D object part segmentation. Our extensive experiments demonstrate the effectiveness of FeatureNeRF as a generalizable 3D semantic feature extractor. Our project page is available at https://jianglongye.com/featurenerf/ .

Title: Instruct-NeRF2NeRF: Editing 3D Scenes with Instructions. (arXiv:2303.12789v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12789
• Code URL: null
• Copy Paste: [[2303.12789] Instruct-NeRF2NeRF: Editing 3D Scenes with Instructions](http://arxiv.org/abs/2303.12789) #diffusion
• Summary:

  We propose a method for editing NeRF scenes with text-instructions. Given a NeRF of a scene and the collection of images used to reconstruct it, our method uses an image-conditioned diffusion model (InstructPix2Pix) to iteratively edit the input images while optimizing the underlying scene, resulting in an optimized 3D scene that respects the edit instruction. We demonstrate that our proposed method is able to edit large-scale, real-world scenes, and is able to accomplish more realistic, targeted edits than prior work.

Title: Diffuse-Denoise-Count: Accurate Crowd-Counting with Diffusion Models. (arXiv:2303.12790v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2303.12790
• Code URL: null
• Copy Paste: [[2303.12790] Diffuse-Denoise-Count: Accurate Crowd-Counting with Diffusion Models](http://arxiv.org/abs/2303.12790) #diffusion
• Summary:

  Crowd counting is a key aspect of crowd analysis and has been typically accomplished by estimating a crowd-density map and summing over the density values. However, this approach suffers from background noise accumulation and loss of density due to the use of broad Gaussian kernels to create the ground truth density maps. This issue can be overcome by narrowing the Gaussian kernel. However, existing approaches perform poorly when trained with such ground truth density maps. To overcome this limitation, we propose using conditional diffusion models to predict density maps, as diffusion models are known to model complex distributions well and show high fidelity to training data during crowd-density map generation. Furthermore, as the intermediate time steps of the diffusion process are noisy, we incorporate a regression branch for direct crowd estimation only during training to improve the feature learning. In addition, owing to the stochastic nature of the diffusion model, we introduce producing multiple density maps to improve the counting performance contrary to the existing crowd counting pipelines. Further, we also differ from the density summation and introduce contour detection followed by summation as the counting operation, which is more immune to background noise. We conduct extensive experiments on public datasets to validate the effectiveness of our method. Specifically, our novel crowd-counting pipeline improves the error of crowd-counting by up to $6\%$ on JHU-CROWD++ and up to $7\%$ on UCF-QNRF.

Title: ChatGPT for Programming Numerical Methods. (arXiv:2303.12093v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2303.12093
• Code URL: https://github.com/ali-stanford/chatgpt_programming_numerical_methods
• Copy Paste: [[2303.12093] ChatGPT for Programming Numerical Methods](http://arxiv.org/abs/2303.12093) #diffusion
• Summary:

  ChatGPT is a large language model trained by OpenAI. In this technical report, we explore for the first time the capability of ChatGPT for programming numerical algorithms. Specifically, we examine the capability of GhatGPT for generating codes for numerical algorithms in different programming languages, for debugging and improving written codes by users, for completing missed parts of numerical codes, rewriting available codes in other programming languages, and for parallelizing serial codes. Additionally, we assess if ChatGPT can recognize if given codes are written by humans or machines. To reach this goal, we consider a variety of mathematical problems such as the Poisson equation, the diffusion equation, the incompressible Navier-Stokes equations, compressible inviscid flow, eigenvalue problems, solving linear systems of equations, storing sparse matrices, etc. Furthermore, we exemplify scientific machine learning such as physics-informed neural networks and convolutional neural networks with applications to computational physics. Through these examples, we investigate the successes, failures, and challenges of ChatGPT. Examples of failures are producing singular matrices, operations on arrays with incompatible sizes, programming interruption for relatively long codes, etc. Our outcomes suggest that ChatGPT can successfully program numerical algorithms in different programming languages, but certain limitations and challenges exist that require further improvement of this machine learning model.

Title: Synthetic Health-related Longitudinal Data with Mixed-type Variables Generated using Diffusion Models. (arXiv:2303.12281v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2303.12281
• Code URL: null
• Copy Paste: [[2303.12281] Synthetic Health-related Longitudinal Data with Mixed-type Variables Generated using Diffusion Models](http://arxiv.org/abs/2303.12281) #diffusion
• Summary:

  This paper presents a novel approach to simulating electronic health records (EHRs) using diffusion probabilistic models (DPMs). Specifically, we demonstrate the effectiveness of DPMs in synthesising longitudinal EHRs that capture mixed-type variables, including numeric, binary, and categorical variables. To our knowledge, this represents the first use of DPMs for this purpose. We compared our DPM-simulated datasets to previous state-of-the-art results based on generative adversarial networks (GANs) for two clinical applications: acute hypotension and human immunodeficiency virus (ART for HIV). Given the lack of similar previous studies in DPMs, a core component of our work involves exploring the advantages and caveats of employing DPMs across a wide range of aspects. In addition to assessing the realism of the synthetic datasets, we also trained reinforcement learning (RL) agents on the synthetic data to evaluate their utility for supporting the development of downstream machine learning models. Finally, we estimated that our DPM-simulated datasets are secure and posed a low patient exposure risk for public access.

Title: EDGI: Equivariant Diffusion for Planning with Embodied Agents. (arXiv:2303.12410v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2303.12410
• Code URL: null
• Copy Paste: [[2303.12410] EDGI: Equivariant Diffusion for Planning with Embodied Agents](http://arxiv.org/abs/2303.12410) #diffusion
• Summary:

  Embodied agents operate in a structured world, often solving tasks with spatial, temporal, and permutation symmetries. Most algorithms for planning and model-based reinforcement learning (MBRL) do not take this rich geometric structure into account, leading to sample inefficiency and poor generalization. We introduce the Equivariant Diffuser for Generating Interactions (EDGI), an algorithm for MBRL and planning that is equivariant with respect to the product of the spatial symmetry group $\mathrm{SE(3)}$, the discrete-time translation group $\mathbb{Z}$, and the object permutation group $\mathrm{S}_n$. EDGI follows the Diffuser framework (Janner et al. 2022) in treating both learning a world model and planning in it as a conditional generative modeling problem, training a diffusion model on an offline trajectory dataset. We introduce a new $\mathrm{SE(3)} \times \mathbb{Z} \times \mathrm{S}_n$-equivariant diffusion model that supports multiple representations. We integrate this model in a planning loop, where conditioning and classifier-based guidance allow us to softly break the symmetry for specific tasks as needed. On navigation and object manipulation tasks, EDGI improves sample efficiency and generalization.