secure

Title: Towards Automated Detection of Single-Trace Side-Channel Vulnerabilities in Constant-Time Cryptographic Code. (arXiv:2304.02102v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2304.02102
• Code URL: null
• Copy Paste: [[2304.02102] Towards Automated Detection of Single-Trace Side-Channel Vulnerabilities in Constant-Time Cryptographic Code](http://arxiv.org/abs/2304.02102) #secure
• Summary:

  Although cryptographic algorithms may be mathematically secure, it is often possible to leak secret information from the implementation of the algorithms. Timing and power side-channel vulnerabilities are some of the most widely considered threats to cryptographic algorithm implementations. Timing vulnerabilities may be easier to detect and exploit, and all high-quality cryptographic code today should be written in constant-time style. However, this does not prevent power side-channels from existing. With constant time code, potential attackers can resort to power side-channel attacks to try leaking secrets. Detecting potential power side-channel vulnerabilities is a tedious task, as it requires analyzing code at the assembly level and needs reasoning about which instructions could be leaking information based on their operands and their values. To help make the process of detecting potential power side-channel vulnerabilities easier for cryptographers, this work presents Pascal: Power Analysis Side Channel Attack Locator, a tool that introduces novel symbolic register analysis techniques for binary analysis of constant-time cryptographic algorithms, and verifies locations of potential power side-channel vulnerabilities with high precision. Pascal is evaluated on a number of implementations of post-quantum cryptographic algorithms, and it is able to find dozens of previously reported single-trace power side-channel vulnerabilities in these algorithms, all in an automated manner.

security

Title: HyPFuzz: Formal-Assisted Processor Fuzzing. (arXiv:2304.02485v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2304.02485
• Code URL: null
• Copy Paste: [[2304.02485] HyPFuzz: Formal-Assisted Processor Fuzzing](http://arxiv.org/abs/2304.02485) #security
• Summary:

  Recent research has shown that hardware fuzzers can effectively detect security vulnerabilities in modern processors. However, existing hardware fuzzers do not fuzz well the hard-to-reach design spaces. Consequently, these fuzzers cannot effectively fuzz security-critical control- and data-flow logic in the processors, hence missing security vulnerabilities. To tackle this challenge, we present HyPFuzz, a hybrid fuzzer that leverages formal verification tools to help fuzz the hard-to-reach part of the processors. To increase the effectiveness of HyPFuzz, we perform optimizations in time and space. First, we develop a scheduling strategy to prevent under- or over-utilization of the capabilities of formal tools and fuzzers. Second, we develop heuristic strategies to select points in the design space for the formal tool to target. We evaluate HyPFuzz on five widely-used open-source processors. HyPFuzz detected all the vulnerabilities detected by the most recent processor fuzzer and found three new vulnerabilities that were missed by previous extensive fuzzing and formal verification. This led to two new common vulnerabilities and exposures (CVE) entries. HyPFuzz also achieves 11.68$\times$ faster coverage than the most recent processor fuzzer.

Title: The Realizations of Steganography in Encrypted Domain. (arXiv:2304.02614v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2304.02614
• Code URL: null
• Copy Paste: [[2304.02614] The Realizations of Steganography in Encrypted Domain](http://arxiv.org/abs/2304.02614) #security
• Summary:

  With the popularization and application of privacy protection technologies in cloud service and social network, ciphertext has been gradually becoming a common platform for public to exchange data. Under the cover of such a plat-form, we propose steganography in encrypted domain (SIED) in this paper to re-alize a novel method to realize secret communication Based on Simmons' model of prisoners' problems, we discuss the application scenarios of SIED. According to the different accesses to the encryption key and decryption key for secret mes-sage sender or receiver, the application modes of SIED are classified into four modes. To analyze the security requirments of SIED, four levels of steganalysis attacks are introduced based on the prior knowledge about the steganography system that the attacker is assumed to obtain in advance. Four levels of security standards of SIED are defined correspondingly. Based on the existing reversible data hiding techniques, we give four schemes of SIED as practical instances with different security levels. By analyzing the embedding and extraction characteris-tics of each instance, their SIED modes, application frameworks and security lev-els are discussed in detail.

privacy

Title: Segment Anything. (arXiv:2304.02643v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2304.02643
• Code URL: https://github.com/facebookresearch/segment-anything
• Copy Paste: [[2304.02643] Segment Anything](http://arxiv.org/abs/2304.02643) #privacy
• Summary:

  We introduce the Segment Anything (SA) project: a new task, model, and dataset for image segmentation. Using our efficient model in a data collection loop, we built the largest segmentation dataset to date (by far), with over 1 billion masks on 11M licensed and privacy respecting images. The model is designed and trained to be promptable, so it can transfer zero-shot to new image distributions and tasks. We evaluate its capabilities on numerous tasks and find that its zero-shot performance is impressive -- often competitive with or even superior to prior fully supervised results. We are releasing the Segment Anything Model (SAM) and corresponding dataset (SA-1B) of 1B masks and 11M images at https://segment-anything.com to foster research into foundation models for computer vision.

Title: On the Impact of Voice Anonymization on Speech-Based COVID-19 Detection. (arXiv:2304.02181v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2304.02181
• Code URL: https://github.com/zhu00121/anonymized-speech-diagnostics
• Copy Paste: [[2304.02181] On the Impact of Voice Anonymization on Speech-Based COVID-19 Detection](http://arxiv.org/abs/2304.02181) #privacy
• Summary:

  With advances seen in deep learning, voice-based applications are burgeoning, ranging from personal assistants, affective computing, to remote disease diagnostics. As the voice contains both linguistic and paralinguistic information (e.g., vocal pitch, intonation, speech rate, loudness), there is growing interest in voice anonymization to preserve speaker privacy and identity. Voice privacy challenges have emerged over the last few years and focus has been placed on removing speaker identity while keeping linguistic content intact. For affective computing and disease monitoring applications, however, the paralinguistic content may be more critical. Unfortunately, the effects that anonymization may have on these systems are still largely unknown. In this paper, we fill this gap and focus on one particular health monitoring application: speech-based COVID-19 diagnosis. We test two popular anonymization methods and their impact on five different state-of-the-art COVID-19 diagnostic systems using three public datasets. We validate the effectiveness of the anonymization methods, compare their computational complexity, and quantify the impact across different testing scenarios for both within- and across-dataset conditions. Lastly, we show the benefits of anonymization as a data augmentation tool to help recover some of the COVID-19 diagnostic accuracy loss seen with anonymized data.

Title: PrivGraph: Differentially Private Graph Data Publication by Exploiting Community Information. (arXiv:2304.02401v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2304.02401
• Code URL: null
• Copy Paste: [[2304.02401] PrivGraph: Differentially Private Graph Data Publication by Exploiting Community Information](http://arxiv.org/abs/2304.02401) #privacy
• Summary:

  Graph data is used in a wide range of applications, while analyzing graph data without protection is prone to privacy breach risks. To mitigate the privacy risks, we resort to the standard technique of differential privacy to publish a synthetic graph. However, existing differentially private graph synthesis approaches either introduce excessive noise by directly perturbing the adjacency matrix, or suffer significant information loss during the graph encoding process. In this paper, we propose an effective graph synthesis algorithm PrivGraph by exploiting the community information. Concretely, PrivGraph differentially privately partitions the private graph into communities, extracts intra-community and inter-community information, and reconstructs the graph from the extracted graph information. We validate the effectiveness of PrivGraph on six real-world graph datasets and seven commonly used graph metrics.

Title: Synthesize Extremely High-dimensional Longitudinal Electronic Health Records via Hierarchical Autoregressive Language Model. (arXiv:2304.02169v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2304.02169
• Code URL: null
• Copy Paste: [[2304.02169] Synthesize Extremely High-dimensional Longitudinal Electronic Health Records via Hierarchical Autoregressive Language Model](http://arxiv.org/abs/2304.02169) #privacy
• Summary:

  Synthetic electronic health records (EHRs) that are both realistic and preserve privacy can serve as an alternative to real EHRs for machine learning (ML) modeling and statistical analysis. However, generating high-fidelity and granular electronic health record (EHR) data in its original, highly-dimensional form poses challenges for existing methods due to the complexities inherent in high-dimensional data. In this paper, we propose Hierarchical Autoregressive Language mOdel (HALO) for generating longitudinal high-dimensional EHR, which preserve the statistical properties of real EHR and can be used to train accurate ML models without privacy concerns. Our HALO method, designed as a hierarchical autoregressive model, generates a probability density function of medical codes, clinical visits, and patient records, allowing for the generation of realistic EHR data in its original, unaggregated form without the need for variable selection or aggregation. Additionally, our model also produces high-quality continuous variables in a longitudinal and probabilistic manner. We conducted extensive experiments and demonstrate that HALO can generate high-fidelity EHR data with high-dimensional disease code probabilities (d > 10,000), disease co-occurrence probabilities within visits (d > 1,000,000), and conditional probabilities across consecutive visits (d > 5,000,000) and achieve above 0.9 R2 correlation in comparison to real EHR data. This performance then enables downstream ML models trained on its synthetic data to achieve comparable accuracy to models trained on real data (0.938 AUROC with HALO data vs. 0.943 with real data). Finally, using a combination of real and synthetic data enhances the accuracy of ML models beyond that achieved by using only real EHR data.

protect

Title: JPEG Compressed Images Can Bypass Protections Against AI Editing. (arXiv:2304.02234v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2304.02234
• Code URL: null
• Copy Paste: [[2304.02234] JPEG Compressed Images Can Bypass Protections Against AI Editing](http://arxiv.org/abs/2304.02234) #protect
• Summary:

  Recently developed text-to-image diffusion models make it easy to edit or create high-quality images. Their ease of use has raised concerns about the potential for malicious editing or deepfake creation. Imperceptible perturbations have been proposed as a means of protecting images from malicious editing by preventing diffusion models from generating realistic images. However, we find that the aforementioned perturbations are not robust to JPEG compression, which poses a major weakness because of the common usage and availability of JPEG. We discuss the importance of robustness for additive imperceptible perturbations and encourage alternative approaches to protect images against editing.

defense

attack

Title: Rethinking the Trigger-injecting Position in Graph Backdoor Attack. (arXiv:2304.02277v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2304.02277
• Code URL: null
• Copy Paste: [[2304.02277] Rethinking the Trigger-injecting Position in Graph Backdoor Attack](http://arxiv.org/abs/2304.02277) #attack
• Summary:

  Backdoor attacks have been demonstrated as a security threat for machine learning models. Traditional backdoor attacks intend to inject backdoor functionality into the model such that the backdoored model will perform abnormally on inputs with predefined backdoor triggers and still retain state-of-the-art performance on the clean inputs. While there are already some works on backdoor attacks on Graph Neural Networks (GNNs), the backdoor trigger in the graph domain is mostly injected into random positions of the sample. There is no work analyzing and explaining the backdoor attack performance when injecting triggers into the most important or least important area in the sample, which we refer to as trigger-injecting strategies MIAS and LIAS, respectively. Our results show that, generally, LIAS performs better, and the differences between the LIAS and MIAS performance can be significant. Furthermore, we explain these two strategies' similar (better) attack performance through explanation techniques, which results in a further understanding of backdoor attacks in GNNs.

Title: How to choose your best allies for a transferable attack?. (arXiv:2304.02312v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2304.02312
• Code URL: https://github.com/t-maho/transferability_measure_fit
• Copy Paste: [[2304.02312] How to choose your best allies for a transferable attack?](http://arxiv.org/abs/2304.02312) #attack
• Summary:

  The transferability of adversarial examples is a key issue in the security of deep neural networks. The possibility of an adversarial example crafted for a source model fooling another targeted model makes the threat of adversarial attacks more realistic. Measuring transferability is a crucial problem, but the Attack Success Rate alone does not provide a sound evaluation. This paper proposes a new methodology for evaluating transferability by putting distortion in a central position. This new tool shows that transferable attacks may perform far worse than a black box attack if the attacker randomly picks the source model. To address this issue, we propose a new selection mechanism, called FiT, which aims at choosing the best source model with only a few preliminary queries to the target. Our experimental results show that FiT is highly effective at selecting the best source model for multiple scenarios such as single-model attacks, ensemble-model attacks and multiple attacks (Code available at: https://github.com/t-maho/transferability_measure_fit).

Title: FPGA-Patch: Mitigating Remote Side-Channel Attacks on FPGAs using Dynamic Patch Generation. (arXiv:2304.02510v1 [cs.CR])

• Paper URL: http://arxiv.org/abs/2304.02510
• Code URL: null
• Copy Paste: [[2304.02510] FPGA-Patch: Mitigating Remote Side-Channel Attacks on FPGAs using Dynamic Patch Generation](http://arxiv.org/abs/2304.02510) #attack
• Summary:

  We propose FPGA-Patch, the first-of-its-kind defense that leverages automated program repair concepts to thwart power side-channel attacks on cloud FPGAs. FPGA-Patch generates isofunctional variants of the target hardware by injecting faults and finding transformations that eliminate failure. The obtained variants display different hardware characteristics, ensuring a maximal diversity in power traces once dynamically swapped at run-time. Yet, FPGA-Patch forces the variants to have enough similarity, enabling bitstream compression and minimizing dynamic exchange costs. Considering AES running on AMD/Xilinx FPGA, FPGA-Patch increases the attacker's effort by three orders of magnitude, while preserving the performance of AES and a minimal area overhead of 14.2%.

robust

Title: Uncertainty estimation in Deep Learning for Panoptic segmentation. (arXiv:2304.02098v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2304.02098
• Code URL: null
• Copy Paste: [[2304.02098] Uncertainty estimation in Deep Learning for Panoptic segmentation](http://arxiv.org/abs/2304.02098) #robust
• Summary:

  As deep learning-based computer vision algorithms continue to improve and advance the state of the art, their robustness to real-world data continues to lag their performance on datasets. This makes it difficult to bring an algorithm from the lab to the real world. Ensemble-based uncertainty estimation approaches such as Monte Carlo Dropout have been successfully used in many applications in an attempt to address this robustness issue. Unfortunately, it is not always clear if such ensemble-based approaches can be applied to a new problem domain. This is the case with panoptic segmentation, where the structure of the problem and architectures designed to solve it means that unlike image classification or even semantic segmentation, the typical solution of using a mean across samples cannot be directly applied. In this paper, we demonstrate how ensemble-based uncertainty estimation approaches such as Monte Carlo Dropout can be used in the panoptic segmentation domain with no changes to an existing network, providing both improved performance and more importantly a better measure of uncertainty for predictions made by the network. Results are demonstrated quantitatively and qualitatively on the COCO, KITTI-STEP and VIPER datasets.

Title: Re-Evaluating LiDAR Scene Flow for Autonomous Driving. (arXiv:2304.02150v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2304.02150
• Code URL: null
• Copy Paste: [[2304.02150] Re-Evaluating LiDAR Scene Flow for Autonomous Driving](http://arxiv.org/abs/2304.02150) #robust
• Summary:

  Current methods for self-supervised LiDAR scene flow estimation work poorly on real data. A variety of flaws in common evaluation protocols have caused leading approaches to focus on problems that do not exist in real data. We analyze a suite of recent works and find that despite their focus on deep learning, the main challenges of the LiDAR scene flow problem -- removing the dominant rigid motion and robustly estimating the simple motions that remain -- can be more effectively solved with classical techniques such as ICP motion compensation and enforcing piecewise rigid assumptions. We combine these steps with a test-time optimization method to form a state-of-the-art system that does not require any training data. Because our final approach is dataless, it can be applied on different datasets with diverse LiDAR rigs without retraining. Our proposed approach outperforms all existing methods on Argoverse 2.0, halves the error rate on NuScenes, and even rivals the performance of supervised networks on Waymo and lidarKITTI.

Title: MS3D: Leveraging Multiple Detectors for Unsupervised Domain Adaptation in 3D Object Detection. (arXiv:2304.02431v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2304.02431
• Code URL: https://github.com/darrenjkt/ms3d
• Copy Paste: [[2304.02431] MS3D: Leveraging Multiple Detectors for Unsupervised Domain Adaptation in 3D Object Detection](http://arxiv.org/abs/2304.02431) #robust
• Summary:

  We introduce Multi-Source 3D (MS3D), a new self-training pipeline for unsupervised domain adaptation in 3D object detection. Despite the remarkable accuracy of 3D detectors, they often overfit to specific domain biases, leading to suboptimal performance in various sensor setups and environments. Existing methods typically focus on adapting a single detector to the target domain, overlooking the fact that different detectors possess distinct expertise on different unseen domains. MS3D leverages this by combining different pre-trained detectors from multiple source domains and incorporating temporal information to produce high-quality pseudo-labels for fine-tuning. Our proposed Kernel-Density Estimation (KDE) Box Fusion method fuses box proposals from multiple domains to obtain pseudo-labels that surpass the performance of the best source domain detectors. MS3D exhibits greater robustness to domain shifts and produces accurate pseudo-labels over greater distances, making it well-suited for high-to-low beam domain adaptation and vice versa. Our method achieved state-of-the-art performance on all evaluated datasets, and we demonstrate that the choice of pre-trained source detectors has minimal impact on the self-training result, making MS3D suitable for real-world applications.

Title: SCB-dataset: A Dataset for Detecting Student Classroom Behavior. (arXiv:2304.02488v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2304.02488
• Code URL: https://github.com/whiffe/scb-dataset
• Copy Paste: [[2304.02488] SCB-dataset: A Dataset for Detecting Student Classroom Behavior](http://arxiv.org/abs/2304.02488) #robust
• Summary:

  The use of deep learning methods for automatic detection of students' classroom behavior is a promising approach to analyze their class performance and enhance teaching effectiveness. However, the lack of publicly available datasets on student behavior poses a challenge for researchers in this field. To address this issue, we propose a Student Classroom Behavior dataset (SCB-dataset) that reflects real-life scenarios. Our dataset includes 11,248 labels and 4,003 images, with a focus on hand-raising behavior. We evaluated the dataset using the YOLOv7 algorithm, achieving a mean average precision (map) of up to 85.3%. We believe that our dataset can serve as a robust foundation for future research in the field of student behavior detection and promote further advancements in this area.Our SCB-dataset can be downloaded from: https://github.com/Whiffe/SCB-dataset

Title: Dynamic Point Fields. (arXiv:2304.02626v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2304.02626
• Code URL: null
• Copy Paste: [[2304.02626] Dynamic Point Fields](http://arxiv.org/abs/2304.02626) #robust
• Summary:

  Recent years have witnessed significant progress in the field of neural surface reconstruction. While the extensive focus was put on volumetric and implicit approaches, a number of works have shown that explicit graphics primitives such as point clouds can significantly reduce computational complexity, without sacrificing the reconstructed surface quality. However, less emphasis has been put on modeling dynamic surfaces with point primitives. In this work, we present a dynamic point field model that combines the representational benefits of explicit point-based graphics with implicit deformation networks to allow efficient modeling of non-rigid 3D surfaces. Using explicit surface primitives also allows us to easily incorporate well-established constraints such as-isometric-as-possible regularisation. While learning this deformation model is prone to local optima when trained in a fully unsupervised manner, we propose to additionally leverage semantic information such as keypoint dynamics to guide the deformation learning. We demonstrate our model with an example application of creating an expressive animatable human avatar from a collection of 3D scans. Here, previous methods mostly rely on variants of the linear blend skinning paradigm, which fundamentally limits the expressivity of such models when dealing with complex cloth appearances such as long skirts. We show the advantages of our dynamic point field framework in terms of its representational power, learning efficiency, and robustness to out-of-distribution novel poses.

Title: What Affects Learned Equivariance in Deep Image Recognition Models?. (arXiv:2304.02628v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2304.02628
• Code URL: null
• Copy Paste: [[2304.02628] What Affects Learned Equivariance in Deep Image Recognition Models?](http://arxiv.org/abs/2304.02628) #robust
• Summary:

  Equivariance w.r.t. geometric transformations in neural networks improves data efficiency, parameter efficiency and robustness to out-of-domain perspective shifts. When equivariance is not designed into a neural network, the network can still learn equivariant functions from the data. We quantify this learned equivariance, by proposing an improved measure for equivariance. We find evidence for a correlation between learned translation equivariance and validation accuracy on ImageNet. We therefore investigate what can increase the learned equivariance in neural networks, and find that data augmentation, reduced model capacity and inductive bias in the form of convolutions induce higher learned equivariance in neural networks.

Title: Unlocking the Potential of ChatGPT: A Comprehensive Exploration of its Applications, Advantages, Limitations, and Future Directions in Natural Language Processing. (arXiv:2304.02017v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2304.02017
• Code URL: null
• Copy Paste: [[2304.02017] Unlocking the Potential of ChatGPT: A Comprehensive Exploration of its Applications, Advantages, Limitations, and Future Directions in Natural Language Processing](http://arxiv.org/abs/2304.02017) #robust
• Summary:

  ChatGPT is a powerful tool in the field of artificial intelligence that has been widely used in various applications. ChatGPT has been applied successfully in chatbots, content generation, language translation, personalized recommendations, and medical diagnosis and treatment. Its versatility and accuracy make it a powerful tool for natural language processing (NLP). However, there are also limitations to ChatGPT, such as its tendency to produce biased responses and its potential to perpetuate harmful language patterns. This article provides a comprehensive overview of ChatGPT, its applications, advantages, and limitations. Additionally, the paper emphasizes the importance of ethical considerations when using this robust tool in real-world scenarios. Finally, This paper contributes to ongoing discussions surrounding artificial intelligence and its impact on vision and NLP domains by providing insights into prompt engineering techniques.

Title: Ericson: An Interactive Open-Domain Conversational Search Agent. (arXiv:2304.02233v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2304.02233
• Code URL: null
• Copy Paste: [[2304.02233] Ericson: An Interactive Open-Domain Conversational Search Agent](http://arxiv.org/abs/2304.02233) #robust
• Summary:

  Open-domain conversational search (ODCS) aims to provide valuable, up-to-date information, while maintaining natural conversations to help users refine and ultimately answer information needs. However, creating an effective and robust ODCS agent is challenging. In this paper, we present a fully functional ODCS system, Ericson, which includes state-of-the-art question answering and information retrieval components, as well as intent inference and dialogue management models for proactive question refinement and recommendations. Our system was stress-tested in the Amazon Alexa Prize, by engaging in live conversations with thousands of Alexa users, thus providing empirical basis for the analysis of the ODCS system in real settings. Our interaction data analysis revealed that accurate intent classification, encouraging user engagement, and careful proactive recommendations contribute most to the users satisfaction. Our study further identifies limitations of the existing search techniques, and can serve as a building block for the next generation of ODCS agents.

Title: Disentangling Structure and Style: Political Bias Detection in News by Inducing Document Hierarchy. (arXiv:2304.02247v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2304.02247
• Code URL: null
• Copy Paste: [[2304.02247] Disentangling Structure and Style: Political Bias Detection in News by Inducing Document Hierarchy](http://arxiv.org/abs/2304.02247) #robust
• Summary:

  We address an important gap in detection of political bias in news articles. Previous works that perform supervised document classification can be biased towards the writing style of each news outlet, leading to overfitting and limited generalizability. Our approach overcomes this limitation by considering both the sentence-level semantics and the document-level rhetorical structure, resulting in a more robust and style-agnostic approach to detecting political bias in news articles. We introduce a novel multi-head hierarchical attention model that effectively encodes the structure of long documents through a diverse ensemble of attention heads. While journalism follows a formalized rhetorical structure, the writing style may vary by news outlet. We demonstrate that our method overcomes this domain dependency and outperforms previous approaches for robustness and accuracy. Further analysis demonstrates the ability of our model to capture the discourse structures commonly used in the journalism domain.

Title: Detecting Fake Job Postings Using Bidirectional LSTM. (arXiv:2304.02019v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2304.02019
• Code URL: https://github.com/aravindsp/fake-job-postings-detection/blob/main/code/fake-job-postings-detection-bidlstm.ipynb
• Copy Paste: [[2304.02019] Detecting Fake Job Postings Using Bidirectional LSTM](http://arxiv.org/abs/2304.02019) #robust
• Summary:

  Fake job postings have become prevalent in the online job market, posing significant challenges to job seekers and employers. Despite the growing need to address this problem, there is limited research that leverages deep learning techniques for the detection of fraudulent job advertisements. This study aims to fill the gap by employing a Bidirectional Long Short-Term Memory (Bi-LSTM) model to identify fake job advertisements. Our approach considers both numeric and text features, effectively capturing the underlying patterns and relationships within the data. The proposed model demonstrates a superior performance, achieving a 0.91 ROC AUC score and a 98.71% accuracy rate, indicating its potential for practical applications in the online job market. The findings of this research contribute to the development of robust, automated tools that can help combat the proliferation of fake job postings and improve the overall integrity of the job search process. Moreover, we discuss challenges, future research directions, and ethical considerations related to our approach, aiming to inspire further exploration and development of practical solutions to combat online job fraud.

Title: Local Intrinsic Dimensional Entropy. (arXiv:2304.02223v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2304.02223
• Code URL: null
• Copy Paste: [[2304.02223] Local Intrinsic Dimensional Entropy](http://arxiv.org/abs/2304.02223) #robust
• Summary:

  Most entropy measures depend on the spread of the probability distribution over the sample space X, and the maximum entropy achievable scales proportionately with the sample space cardinality |X|. For a finite |X|, this yields robust entropy measures which satisfy many important properties, such as invariance to bijections, while the same is not true for continuous spaces (where |X|=infinity). Furthermore, since R and R^d (d in Z+) have the same cardinality (from Cantor's correspondence argument), cardinality-dependent entropy measures cannot encode the data dimensionality. In this work, we question the role of cardinality and distribution spread in defining entropy measures for continuous spaces, which can undergo multiple rounds of transformations and distortions, e.g., in neural networks. We find that the average value of the local intrinsic dimension of a distribution, denoted as ID-Entropy, can serve as a robust entropy measure for continuous spaces, while capturing the data dimensionality. We find that ID-Entropy satisfies many desirable properties and can be extended to conditional entropy, joint entropy and mutual-information variants. ID-Entropy also yields new information bottleneck principles and also links to causality. In the context of deep learning, for feedforward architectures, we show, theoretically and empirically, that the ID-Entropy of a hidden layer directly controls the generalization gap for both classifiers and auto-encoders, when the target function is Lipschitz continuous. Our work primarily shows that, for continuous spaces, taking a structural rather than a statistical approach yields entropy measures which preserve intrinsic data dimensionality, while being relevant for studying various architectures.

Title: Hyper-parameter Tuning for Adversarially Robust Models. (arXiv:2304.02497v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2304.02497
• Code URL: null
• Copy Paste: [[2304.02497] Hyper-parameter Tuning for Adversarially Robust Models](http://arxiv.org/abs/2304.02497) #robust
• Summary:

  This work focuses on the problem of hyper-parameter tuning (HPT) for robust (i.e., adversarially trained) models, with the twofold goal of i) establishing which additional HPs are relevant to tune in adversarial settings, and ii) reducing the cost of HPT for robust models. We pursue the first goal via an extensive experimental study based on 3 recent models widely adopted in the prior literature on adversarial robustness. Our findings show that the complexity of the HPT problem, already notoriously expensive, is exacerbated in adversarial settings due to two main reasons: i) the need of tuning additional HPs which balance standard and adversarial training; ii) the need of tuning the HPs of the standard and adversarial training phases independently. Fortunately, we also identify new opportunities to reduce the cost of HPT for robust models. Specifically, we propose to leverage cheap adversarial training methods to obtain inexpensive, yet highly correlated, estimations of the quality achievable using state-of-the-art methods (PGD). We show that, by exploiting this novel idea in conjunction with a recent multi-fidelity optimizer (taKG), the efficiency of the HPT process can be significantly enhanced.

Title: Multi-annotator Deep Learning: A Probabilistic Framework for Classification. (arXiv:2304.02539v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2304.02539
• Code URL: https://github.com/ies-research/multi-annotator-deep-learning
• Copy Paste: [[2304.02539] Multi-annotator Deep Learning: A Probabilistic Framework for Classification](http://arxiv.org/abs/2304.02539) #robust
• Summary:

  Solving complex classification tasks using deep neural networks typically requires large amounts of annotated data. However, corresponding class labels are noisy when provided by error-prone annotators, e.g., crowd workers. Training standard deep neural networks leads to subpar performances in such multi-annotator supervised learning settings. We address this issue by presenting a probabilistic training framework named multi-annotator deep learning (MaDL). A ground truth and an annotator performance model are jointly trained in an end-to-end learning approach. The ground truth model learns to predict instances' true class labels, while the annotator performance model infers probabilistic estimates of annotators' performances. A modular network architecture enables us to make varying assumptions regarding annotators' performances, e.g., an optional class or instance dependency. Further, we learn annotator embeddings to estimate annotators' densities within a latent space as proxies of their potentially correlated annotations. Together with a weighted loss function, we improve the learning from correlated annotation patterns. In a comprehensive evaluation, we examine three research questions about multi-annotator supervised learning. Our findings indicate MaDL's state-of-the-art performance and robustness against many correlated, spamming annotators.

biometric

steal

extraction

Title: Large Language Models as Master Key: Unlocking the Secrets of Materials Science with GPT. (arXiv:2304.02213v1 [cs.CL])

• Paper URL: http://arxiv.org/abs/2304.02213
• Code URL: null
• Copy Paste: [[2304.02213] Large Language Models as Master Key: Unlocking the Secrets of Materials Science with GPT](http://arxiv.org/abs/2304.02213) #extraction
• Summary:

  This article presents a new NLP task called structured information inference (SIS) to address the complexities of information extraction at the device level in materials science. We accomplished this task by finetuning GPT-3 on a exsiting perovskite solar cell FAIR dataset with 91.8 F1-score and we updated the dataset with all related scientific papers up to now. The produced dataset is formatted and normalized, enabling its direct utilization as input in subsequent data analysis. This feature will enable materials scientists to develop their own models by selecting high-quality review papers within their domain. Furthermore, we designed experiments to predict PCE and reverse-predict parameters and obtained comparable performance with DFT, which demonstrates the potential of large language models to judge materials and design new materials like a materials scientist.

membership infer

federate

fair

Title: FREDOM: Fairness Domain Adaptation Approach to Semantic Scene Understanding. (arXiv:2304.02135v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2304.02135
• Code URL: https://github.com/uark-cviu/fredom
• Copy Paste: [[2304.02135] FREDOM: Fairness Domain Adaptation Approach to Semantic Scene Understanding](http://arxiv.org/abs/2304.02135) #fair
• Summary:

  Although Domain Adaptation in Semantic Scene Segmentation has shown impressive improvement in recent years, the fairness concerns in the domain adaptation have yet to be well defined and addressed. In addition, fairness is one of the most critical aspects when deploying the segmentation models into human-related real-world applications, e.g., autonomous driving, as any unfair predictions could influence human safety. In this paper, we propose a novel Fairness Domain Adaptation (FREDOM) approach to semantic scene segmentation. In particular, from the proposed formulated fairness objective, a new adaptation framework will be introduced based on the fair treatment of class distributions. Moreover, to generally model the context of structural dependency, a new conditional structural constraint is introduced to impose the consistency of predicted segmentation. Thanks to the proposed Conditional Structure Network, the self-attention mechanism has sufficiently modeled the structural information of segmentation. Through the ablation studies, the proposed method has shown the performance improvement of the segmentation models and promoted fairness in the model predictions. The experimental results on the two standard benchmarks, i.e., SYNTHIA $\to$ Cityscapes and GTA5 $\to$ Cityscapes, have shown that our method achieved State-of-the-Art (SOTA) performance.

Title: Globalizing Fairness Attributes in Machine Learning: A Case Study on Health in Africa. (arXiv:2304.02190v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2304.02190
• Code URL: null
• Copy Paste: [[2304.02190] Globalizing Fairness Attributes in Machine Learning: A Case Study on Health in Africa](http://arxiv.org/abs/2304.02190) #fair
• Summary:

  With growing machine learning (ML) applications in healthcare, there have been calls for fairness in ML to understand and mitigate ethical concerns these systems may pose. Fairness has implications for global health in Africa, which already has inequitable power imbalances between the Global North and South. This paper seeks to explore fairness for global health, with Africa as a case study. We propose fairness attributes for consideration in the African context and delineate where they may come into play in different ML-enabled medical modalities. This work serves as a basis and call for action for furthering research into fairness in global health.

interpretability

Title: Physics-Inspired Interpretability Of Machine Learning Models. (arXiv:2304.02381v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2304.02381
• Code URL: null
• Copy Paste: [[2304.02381] Physics-Inspired Interpretability Of Machine Learning Models](http://arxiv.org/abs/2304.02381) #interpretability
• Summary:

  The ability to explain decisions made by machine learning models remains one of the most significant hurdles towards widespread adoption of AI in highly sensitive areas such as medicine, cybersecurity or autonomous driving. Great interest exists in understanding which features of the input data prompt model decision making. In this contribution, we propose a novel approach to identify relevant features of the input data, inspired by methods from the energy landscapes field, developed in the physical sciences. By identifying conserved weights within groups of minima of the loss landscapes, we can identify the drivers of model decision making. Analogues to this idea exist in the molecular sciences, where coordinate invariants or order parameters are employed to identify critical features of a molecule. However, no such approach exists for machine learning loss landscapes. We will demonstrate the applicability of energy landscape methods to machine learning models and give examples, both synthetic and from the real world, for how these methods can help to make models more interpretable.

Title: Selecting Features by their Resilience to the Curse of Dimensionality. (arXiv:2304.02455v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2304.02455
• Code URL: https://github.com/mstubbemann/fscod
• Copy Paste: [[2304.02455] Selecting Features by their Resilience to the Curse of Dimensionality](http://arxiv.org/abs/2304.02455) #interpretability
• Summary:

  Real-world datasets are often of high dimension and effected by the curse of dimensionality. This hinders their comprehensibility and interpretability. To reduce the complexity feature selection aims to identify features that are crucial to learn from said data. While measures of relevance and pairwise similarities are commonly used, the curse of dimensionality is rarely incorporated into the process of selecting features. Here we step in with a novel method that identifies the features that allow to discriminate data subsets of different sizes. By adapting recent work on computing intrinsic dimensionalities, our method is able to select the features that can discriminate data and thus weaken the curse of dimensionality. Our experiments show that our method is competitive and commonly outperforms established feature selection methods. Furthermore, we propose an approximation that allows our method to scale to datasets consisting of millions of data points. Our findings suggest that features that discriminate data and are connected to a low intrinsic dimensionality are meaningful for learning procedures.

explainability

Title: Towards Self-Explainability of Deep Neural Networks with Heatmap Captioning and Large-Language Models. (arXiv:2304.02202v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2304.02202
• Code URL: null
• Copy Paste: [[2304.02202] Towards Self-Explainability of Deep Neural Networks with Heatmap Captioning and Large-Language Models](http://arxiv.org/abs/2304.02202) #explainability
• Summary:

  Heatmaps are widely used to interpret deep neural networks, particularly for computer vision tasks, and the heatmap-based explainable AI (XAI) techniques are a well-researched topic. However, most studies concentrate on enhancing the quality of the generated heatmap or discovering alternate heatmap generation techniques, and little effort has been devoted to making heatmap-based XAI automatic, interactive, scalable, and accessible. To address this gap, we propose a framework that includes two modules: (1) context modelling and (2) reasoning. We proposed a template-based image captioning approach for context modelling to create text-based contextual information from the heatmap and input data. The reasoning module leverages a large language model to provide explanations in combination with specialised knowledge. Our qualitative experiments demonstrate the effectiveness of our framework and heatmap captioning approach. The code for the proposed template-based heatmap captioning approach will be publicly available.

watermark

diffusion

Title: Multimodal Garment Designer: Human-Centric Latent Diffusion Models for Fashion Image Editing. (arXiv:2304.02051v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2304.02051
• Code URL: https://github.com/aimagelab/multimodal-garment-designer
• Copy Paste: [[2304.02051] Multimodal Garment Designer: Human-Centric Latent Diffusion Models for Fashion Image Editing](http://arxiv.org/abs/2304.02051) #diffusion
• Summary:

  Fashion illustration is used by designers to communicate their vision and to bring the design idea from conceptualization to realization, showing how clothes interact with the human body. In this context, computer vision can thus be used to improve the fashion design process. Differently from previous works that mainly focused on the virtual try-on of garments, we propose the task of multimodal-conditioned fashion image editing, guiding the generation of human-centric fashion images by following multimodal prompts, such as text, human body poses, and garment sketches. We tackle this problem by proposing a new architecture based on latent diffusion models, an approach that has not been used before in the fashion domain. Given the lack of existing datasets suitable for the task, we also extend two existing fashion datasets, namely Dress Code and VITON-HD, with multimodal annotations collected in a semi-automatic manner. Experimental results on these new datasets demonstrate the effectiveness of our proposal, both in terms of realism and coherence with the given multimodal inputs. Source code and collected multimodal annotations will be publicly released at: https://github.com/aimagelab/multimodal-garment-designer.

Title: A Diffusion-based Method for Multi-turn Compositional Image Generation. (arXiv:2304.02192v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2304.02192
• Code URL: null
• Copy Paste: [[2304.02192] A Diffusion-based Method for Multi-turn Compositional Image Generation](http://arxiv.org/abs/2304.02192) #diffusion
• Summary:

  Multi-turn compositional image generation (M-CIG) is a challenging task that aims to iteratively manipulate a reference image given a modification text. While most of the existing methods for M-CIG are based on generative adversarial networks (GANs), recent advances in image generation have demonstrated the superiority of diffusion models over GANs. In this paper, we propose a diffusion-based method for M-CIG named conditional denoising diffusion with image compositional matching (CDD-ICM). We leverage CLIP as the backbone of image and text encoders, and incorporate a gated fusion mechanism, originally proposed for question answering, to compositionally fuse the reference image and the modification text at each turn of M-CIG. We introduce a conditioning scheme to generate the target image based on the fusion results. To prioritize the semantic quality of the generated target image, we learn an auxiliary image compositional match (ICM) objective, along with the conditional denoising diffusion (CDD) objective in a multi-task learning framework. Additionally, we also perform ICM guidance and classifier-free guidance to improve performance. Experimental results show that CDD-ICM achieves state-of-the-art results on two benchmark datasets for M-CIG, i.e., CoDraw and i-CLEVR.

Title: Few-shot Semantic Image Synthesis with Class Affinity Transfer. (arXiv:2304.02321v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2304.02321
• Code URL: null
• Copy Paste: [[2304.02321] Few-shot Semantic Image Synthesis with Class Affinity Transfer](http://arxiv.org/abs/2304.02321) #diffusion
• Summary:

  Semantic image synthesis aims to generate photo realistic images given a semantic segmentation map. Despite much recent progress, training them still requires large datasets of images annotated with per-pixel label maps that are extremely tedious to obtain. To alleviate the high annotation cost, we propose a transfer method that leverages a model trained on a large source dataset to improve the learning ability on small target datasets via estimated pairwise relations between source and target classes. The class affinity matrix is introduced as a first layer to the source model to make it compatible with the target label maps, and the source model is then further finetuned for the target domain. To estimate the class affinities we consider different approaches to leverage prior knowledge: semantic segmentation on the source domain, textual label embeddings, and self-supervised vision features. We apply our approach to GAN-based and diffusion-based architectures for semantic synthesis. Our experiments show that the different ways to estimate class affinity can be effectively combined, and that our approach significantly improves over existing state-of-the-art transfer approaches for generative image models.

Title: Generative Novel View Synthesis with 3D-Aware Diffusion Models. (arXiv:2304.02602v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2304.02602
• Code URL: null
• Copy Paste: [[2304.02602] Generative Novel View Synthesis with 3D-Aware Diffusion Models](http://arxiv.org/abs/2304.02602) #diffusion
• Summary:

  We present a diffusion-based model for 3D-aware generative novel view synthesis from as few as a single input image. Our model samples from the distribution of possible renderings consistent with the input and, even in the presence of ambiguity, is capable of rendering diverse and plausible novel views. To achieve this, our method makes use of existing 2D diffusion backbones but, crucially, incorporates geometry priors in the form of a 3D feature volume. This latent feature field captures the distribution over possible scene representations and improves our method's ability to generate view-consistent novel renderings. In addition to generating novel views, our method has the ability to autoregressively synthesize 3D-consistent sequences. We demonstrate state-of-the-art results on synthetic renderings and room-scale scenes; we also show compelling results for challenging, real-world objects.

Title: Taming Encoder for Zero Fine-tuning Image Customization with Text-to-Image Diffusion Models. (arXiv:2304.02642v1 [cs.CV])

• Paper URL: http://arxiv.org/abs/2304.02642
• Code URL: null
• Copy Paste: [[2304.02642] Taming Encoder for Zero Fine-tuning Image Customization with Text-to-Image Diffusion Models](http://arxiv.org/abs/2304.02642) #diffusion
• Summary:

  This paper proposes a method for generating images of customized objects specified by users. The method is based on a general framework that bypasses the lengthy optimization required by previous approaches, which often employ a per-object optimization paradigm. Our framework adopts an encoder to capture high-level identifiable semantics of objects, producing an object-specific embedding with only a single feed-forward pass. The acquired object embedding is then passed to a text-to-image synthesis model for subsequent generation. To effectively blend a object-aware embedding space into a well developed text-to-image model under the same generation context, we investigate different network designs and training strategies, and propose a simple yet effective regularized joint training scheme with an object identity preservation loss. Additionally, we propose a caption generation scheme that become a critical piece in fostering object specific embedding faithfully reflected into the generation process, while keeping control and editing abilities. Once trained, the network is able to produce diverse content and styles, conditioned on both texts and objects. We demonstrate through experiments that our proposed method is able to synthesize images with compelling output quality, appearance diversity, and object fidelity, without the need of test-time optimization. Systematic studies are also conducted to analyze our models, providing insights for future work.

Title: Goal-Conditioned Imitation Learning using Score-based Diffusion Policies. (arXiv:2304.02532v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2304.02532
• Code URL: null
• Copy Paste: [[2304.02532] Goal-Conditioned Imitation Learning using Score-based Diffusion Policies](http://arxiv.org/abs/2304.02532) #diffusion
• Summary:

  We propose a new policy representation based on score-based diffusion models (SDMs). We apply our new policy representation in the domain of Goal-Conditioned Imitation Learning (GCIL) to learn general-purpose goal-specified policies from large uncurated datasets without rewards. Our new goal-conditioned policy architecture "$\textbf{BE}$havior generation with $\textbf{S}$c$\textbf{O}$re-based Diffusion Policies" (BESO) leverages a generative, score-based diffusion model as its policy. BESO decouples the learning of the score model from the inference sampling process, and, hence allows for fast sampling strategies to generate goal-specified behavior in just 3 denoising steps, compared to 30+ steps of other diffusion based policies. Furthermore, BESO is highly expressive and can effectively capture multi-modality present in the solution space of the play data. Unlike previous methods such as Latent Plans or C-Bet, BESO does not rely on complex hierarchical policies or additional clustering for effective goal-conditioned behavior learning. Finally, we show how BESO can even be used to learn a goal-independent policy from play-data using classifier-free guidance. To the best of our knowledge this is the first work that a) represents a behavior policy based on such a decoupled SDM b) learns an SDM based policy in the domain of GCIL and c) provides a way to simultaneously learn a goal-dependent and a goal-independent policy from play-data. We evaluate BESO through detailed simulation and show that it consistently outperforms several state-of-the-art goal-conditioned imitation learning methods on challenging benchmarks. We additionally provide extensive ablation studies and experiments to demonstrate the effectiveness of our method for effective goal-conditioned behavior generation.

Title: GenPhys: From Physical Processes to Generative Models. (arXiv:2304.02637v1 [cs.LG])

• Paper URL: http://arxiv.org/abs/2304.02637
• Code URL: null
• Copy Paste: [[2304.02637] GenPhys: From Physical Processes to Generative Models](http://arxiv.org/abs/2304.02637) #diffusion
• Summary:

  Since diffusion models (DM) and the more recent Poisson flow generative models (PFGM) are inspired by physical processes, it is reasonable to ask: Can physical processes offer additional new generative models? We show that the answer is yes. We introduce a general family, Generative Models from Physical Processes (GenPhys), where we translate partial differential equations (PDEs) describing physical processes to generative models. We show that generative models can be constructed from s-generative PDEs (s for smooth). GenPhys subsume the two existing generative models (DM and PFGM) and even give rise to new families of generative models, e.g., "Yukawa Generative Models" inspired from weak interactions. On the other hand, some physical processes by default do not belong to the GenPhys family, e.g., the wave equation and the Schr\"{o}dinger equation, but could be made into the GenPhys family with some modifications. Our goal with GenPhys is to explore and expand the design space of generative models.