secure

Title: Information Flow Control in Machine Learning through Modular Model Architecture. (arXiv:2306.03235v1 [cs.LG])

Title: Correlated Pseudorandomness from the Hardness of Quasi-Abelian Decoding. (arXiv:2306.03488v1 [cs.CR])

In this work, we overcome both limitations. To this end, we introduce the quasi-abelian syndrome decoding problem (QA-SD), a family of assumptions which generalises the well-established quasi-cyclic syndrome decoding assumption. Building upon QA-SD, we construct new programmable PCG's for OLE's over any field $\mathbb{F}_q$ with $q>2$. Our analysis also sheds light on the security of the ring-LPN assumption used in Boyle $\textit{et al.}$ (Crypto 2020). Using our new PCG's, we obtain the first efficient N-party silent secure computation protocols for computing general arithmetic circuit over $\mathbb{F}_q$ for any $q>2$.

Title: A Practical Framework for Storing and Searching Encrypted Data on Cloud Storage. (arXiv:2306.03547v1 [cs.CR])

Searchable encryption allows a cloud server to conduct a search over encrypted data on behalf of the data users without learning the underlying plaintexts. While many academic SE schemes show provable security, they usually expose some query information, making them less practical, weak in usability, and challenging to deploy. Also, sharing encrypted data with other authorized users must provide each document's secret key. However, this way has many limitations due to the difficulty of key management and distribution.

We have designed the system using the existing cryptographic approaches, ensuring the search on encrypted data over the cloud. The primary focus of our proposed model is to ensure user privacy and security through a less computationally intensive, user-friendly system with a trusted third party entity. To demonstrate our proposed model, we have implemented a web application called CryptoSearch as an overlay system on top of a well-known cloud storage domain. It exhibits secure search on encrypted data with no compromise to the user-friendliness and the scheme's functional performance in real-world applications.

Title: mdTLS: How to Make middlebox-aware TLS more efficient?. (arXiv:2306.03573v1 [cs.CR])

Title: TALUS: Reinforcing TEE Confidentiality with Cryptographic Coprocessors (Technical Report). (arXiv:2306.03643v1 [cs.CR])

security

Title: Security Knowledge-Guided Fuzzing of Deep Learning Libraries. (arXiv:2306.03269v1 [cs.CR])

To fill this gap, we first conduct an empirical study regarding root cause analysis on 447 history security vulnerabilities of two of the most popular DL libraries, i.e., PyTorch and TensorFlow, for characterizing and understanding their malicious inputs. As a result, we categorize 18 rules regarding the construction of malicious inputs, which we believe can be used to generate effective malformed inputs for testing DL libraries. We further design and implement Orion, a new fuzzer that tests DL libraries by utilizing our malformed input generation rules mined from real-world deep learning security vulnerabilities. Specifically, Orion first collects API invocation code from various sources such as API documentation, source code, developer tests, and publicly available repositories on GitHub. Then Orion instruments these code snippets to dynamically trace execution information for each API such as parameters' types, shapes, and values. Then, Orion combines the malformed input generation rules and the dynamic execution information to create inputs to test DL libraries.

Our evaluation on TensorFlow and PyTorch shows that Orion reports 143 bugs and 68 of which are previously unknown. Among the 68 new bugs, 58 have been fixed or confirmed by developers after we report them and the left are awaiting confirmation. Compared to the state-of-the-art DL fuzzers (i.e., FreeFuzz and DocTer), Orion detects 21% and 34% more bugs respectively.

privacy

Title: OptimShare: A Unified Framework for Privacy Preserving Data Sharing -- Towards the Practical Utility of Data with Privacy. (arXiv:2306.03379v1 [cs.CR])

Title: Machine Unlearning: A Survey. (arXiv:2306.03558v1 [cs.CR])

Title: Origin-Destination Network Generation via Gravity-Guided GAN. (arXiv:2306.03390v1 [cs.LG])

protect

Title: Protecting the Intellectual Property of Diffusion Models by the Watermark Diffusion Process. (arXiv:2306.03436v1 [cs.CR])

defense

Title: A Survey on Federated Learning Poisoning Attacks and Defenses. (arXiv:2306.03397v1 [cs.CR])

Title: Adversarial Attacks and Defenses for Semantic Communication in Vehicular Metaverses. (arXiv:2306.03528v1 [cs.CR])

attack

Title: Adversarial alignment: Breaking the trade-off between the strength of an attack and its relevance to human perception. (arXiv:2306.03229v1 [cs.CV])

Here, we investigate how the robustness of DNNs to adversarial attacks has evolved as their accuracy on ImageNet has continued to improve. We measure adversarial robustness in two different ways: First, we measure the smallest adversarial attack needed to cause a model to change its object categorization decision. Second, we measure how aligned successful attacks are with the features that humans find diagnostic for object recognition. We find that adversarial attacks are inducing bigger and more easily detectable changes to image pixels as DNNs grow better on ImageNet, but these attacks are also becoming less aligned with features that humans find diagnostic for recognition. To better understand the source of this trade-off, we turn to the neural harmonizer, a DNN training routine that encourages models to leverage the same features as humans to solve tasks. Harmonized DNNs achieve the best of both worlds and experience attacks that are detectable and affect features that humans find diagnostic for recognition, meaning that attacks on these models are more likely to be rendered ineffective by inducing similar effects on human perception. Our findings suggest that the sensitivity of DNNs to adversarial attacks can be mitigated by DNN scale, data scale, and training routines that align models with biological intelligence.

Title: An Open Patch Generator based Fingerprint Presentation Attack Detection using Generative Adversarial Network. (arXiv:2306.03577v1 [cs.CV])

Title: Greedy-Mine: A Profitable Mining Attack Strategy in Bitcoin-NG. (arXiv:2306.03540v1 [cs.CR])

robust

Title: A Robust Likelihood Model for Novelty Detection. (arXiv:2306.03331v1 [cs.CV])

Title: A Unified Framework to Super-Resolve Face Images of Varied Low Resolutions. (arXiv:2306.03380v1 [cs.CV])

Title: Revisiting the Trade-off between Accuracy and Robustness via Weight Distribution of Filters. (arXiv:2306.03430v1 [cs.CV])

Title: Explaining and Adapting Graph Conditional Shift. (arXiv:2306.03256v1 [cs.LG])

Title: Survival Instinct in Offline Reinforcement Learning. (arXiv:2306.03286v1 [cs.LG])

Title: On Pitfalls of Test-Time Adaptation. (arXiv:2306.03536v1 [cs.LG])

Title: Zero-shot Preference Learning for Offline RL via Optimal Transport. (arXiv:2306.03615v1 [cs.LG])

biometric

steal

extraction

Title: ICDAR 2023 Competition on Structured Text Extraction from Visually-Rich Document Images. (arXiv:2306.03287v1 [cs.CV])

Title: Joint Event Extraction via Structural Semantic Matching. (arXiv:2306.03469v1 [cs.CL])

Title: Dance Generation by Sound Symbolic Words. (arXiv:2306.03646v1 [cs.LG])

membership infer

federate

Title: Confidence-based federated distillation for vision-based lane-centering. (arXiv:2306.03222v1 [cs.CV])

Title: Improving Accelerated Federated Learning with Compression and Importance Sampling. (arXiv:2306.03240v1 [cs.LG])

Title: A Lightweight Method for Tackling Unknown Participation Probabilities in Federated Averaging. (arXiv:2306.03401v1 [cs.LG])

Title: Masked Autoencoders are Efficient Continual Federated Learners. (arXiv:2306.03542v1 [cs.LG])

Title: Personalization Disentanglement for Federated Learning. (arXiv:2306.03570v1 [cs.LG])

Title: Avoid Adversarial Adaption in Federated Learning by Multi-Metric Investigations. (arXiv:2306.03600v1 [cs.LG])

Mitigation techniques against poisoning attacks rely on monitoring certain metrics and filtering malicious model updates. However, previous works didn't consider real-world adversaries and data distributions. To support our statement, we define a new notion of strong adaptive adversaries that can simultaneously adapt to multiple objectives and demonstrate through extensive tests, that existing defense methods can be circumvented in this adversary model. We also demonstrate, that existing defenses have limited effectiveness when no assumptions are made about underlying data distributions.

To address realistic scenarios and adversary models, we propose Metric-Cascades (MESAS) a new defense that leverages multiple detection metrics simultaneously for the filtering of poisoned model updates. This approach forces adaptive attackers into a heavy multi-objective optimization problem, and our evaluation with nine backdoors and three datasets shows that even our strong adaptive attacker cannot evade MESAS's detection. We show that MESAS outperforms existing defenses in distinguishing backdoors from distortions originating from different data distributions within and across the clients. Overall, MESAS is the first defense that is robust against strong adaptive adversaries and is effective in real-world data scenarios while introducing a low overhead of 24.37s on average.

fair

Title: Fair Patient Model: Mitigating Bias in the Patient Representation Learned from the Electronic Health Records. (arXiv:2306.03179v1 [cs.LG])

Methods: We defined a new loss function, called weighted loss function, in the deep representation learning model to balance the importance of different groups of patients and features. We applied the proposed model, called Fair Patient Model (FPM), to a sample of 34,739 patients from the MIMIC-III dataset and learned patient representations for four clinical outcome prediction tasks.

Results: FPM outperformed the baseline models in terms of three fairness metrics: demographic parity, equality of opportunity difference, and equalized odds ratio. FPM also achieved comparable predictive performance with the baselines, with an average accuracy of 0.7912. Feature analysis revealed that FPM captured more information from clinical features than the baselines.

Conclusion: FPM is a novel method to pre-train fair and unbiased patient representations from EHR data using a weighted loss function. The learned representations can be used for various downstream tasks in healthcare and can be extended to other domains where bias and fairness are important.

interpretability

Title: Efficient and Interpretable Compressive Text Summarisation with Unsupervised Dual-Agent Reinforcement Learning. (arXiv:2306.03415v1 [cs.CL])

explainability

Title: Expanding Explainability Horizons: A Unified Concept-Based System for Local, Global, and Misclassification Explanations. (arXiv:2306.03531v1 [cs.CV])

Title: $\textit{WHAT}$, $\textit{WHEN}$, and $\textit{HOW}$ to Ground: Designing User Persona-Aware Conversational Agents for Engaging Dialogue. (arXiv:2306.03361v1 [cs.CL])

watermark

diffusion

Title: DreamSparse: Escaping from Plato's Cave with 2D Diffusion Model Given Sparse Views. (arXiv:2306.03414v1 [cs.CV])

Title: Change Diffusion: Change Detection Map Generation Based on Difference-Feature Guided DDPM. (arXiv:2306.03424v1 [cs.CV])

Title: DFormer: Diffusion-guided Transformer for Universal Image Segmentation. (arXiv:2306.03437v1 [cs.CV])

Title: Optimizing Sampling Patterns for Compressed Sensing MRI with Diffusion Generative Models. (arXiv:2306.03284v1 [cs.LG])

Title: Logic Diffusion for Knowledge Graph Reasoning. (arXiv:2306.03515v1 [cs.LG])

Title: Machine learning in and out of equilibrium. (arXiv:2306.03521v1 [cs.LG])

noise learning

data-free

transformer

Title: PGformer: Proxy-Bridged Game Transformer for Multi-Person Extremely Interactive Motion Prediction. (arXiv:2306.03374v1 [cs.CV])

Title: TextFormer: A Query-based End-to-End Text Spotter with Mixed Supervision. (arXiv:2306.03377v1 [cs.CV])

Title: SGAT4PASS: Spherical Geometry-Aware Transformer for PAnoramic Semantic Segmentation. (arXiv:2306.03403v1 [cs.CV])

Title: Deep neural networks architectures from the perspective of manifold learning. (arXiv:2306.03406v1 [cs.LG])

Title: SciCap+: A Knowledge Augmented Dataset to Study the Challenges of Scientific Figure Captioning. (arXiv:2306.03491v1 [cs.CV])

Title: Efficient Anomaly Detection with Budget Annotation Using Semi-Supervised Residual Transformer. (arXiv:2306.03492v1 [cs.CV])

In this work, the above two problems are addressed in a unified framework. Firstly, inspired by the success of the patch-matching-based AD algorithms, we train a sliding vision transformer over the residuals generated by a novel position-constrained patch-matching. Secondly, the conventional pixel-wise segmentation problem is cast into a block-wise classification problem. Thus the sliding transformer can attain even higher accuracy with much less annotation labor. Thirdly, to further reduce the labeling cost, we propose to label the anomalous regions using only bounding boxes. The unlabeled regions caused by the weak labels are effectively exploited using a highly-customized semi-supervised learning scheme equipped with two novel data augmentation methods. The proposed method outperforms all the state-of-the-art approaches using all the evaluation metrics in both the unsupervised and supervised scenarios. On the popular MVTec-AD dataset, our SemiREST algorithm obtains the Average Precision (AP) of 81.2% in the unsupervised condition and 84.4% AP for supervised anomaly detection. Surprisingly, with the bounding-box-based semi-supervisions, SemiREST still outperforms the SOTA methods with full supervision (83.8% AP) on MVTec-AD.

Title: Human-Object Interaction Prediction in Videos through Gaze Following. (arXiv:2306.03597v1 [cs.CV])

generative

Title: GaitGCI: Generative Counterfactual Intervention for Gait Recognition. (arXiv:2306.03428v1 [cs.CV])

Title: SDR-GAIN: A High Real-Time Occluded Pedestrian Pose Completion Method for Autonomous Driving. (arXiv:2306.03538v1 [cs.CV])

Title: shs-nlp at RadSum23: Domain-Adaptive Pre-training of Instruction-tuned LLMs for Radiology Report Impression Generation. (arXiv:2306.03264v1 [cs.CL])

Title: A Scalable and Adaptive System to Infer the Industry Sectors of Companies: Prompt + Model Tuning of Generative Language Models. (arXiv:2306.03313v1 [cs.CL])

Title: Alzheimer Disease Classification through ASR-based Transcriptions: Exploring the Impact of Punctuation and Pauses. (arXiv:2306.03443v1 [cs.CL])

Title: Estimating Conditional Mutual Information for Dynamic Feature Selection. (arXiv:2306.03301v1 [cs.LG])

Title: GSHOT: Few-shot Generative Modeling of Labeled Graphs. (arXiv:2306.03480v1 [cs.LG])

large language model

Title: Prompting Large Language Models to Reformulate Queries for Moment Localization. (arXiv:2306.03422v1 [cs.CV])

Title: A Static Evaluation of Code Completion by Large Language Models. (arXiv:2306.03203v1 [cs.CL])

Title: NLU on Data Diets: Dynamic Data Subset Selection for NLP Classification Tasks. (arXiv:2306.03208v1 [cs.CL])

Title: Understanding the Effectiveness of Early Weight Averaging for Training Large Language Models. (arXiv:2306.03241v1 [cs.LG])

Title: Stack Over-Flowing with Results: The Case for Domain-Specific Pre-Training Over One-Size-Fits-All Models. (arXiv:2306.03268v1 [cs.CL])

Title: Inference-Time Intervention: Eliciting Truthful Answers from a Language Model. (arXiv:2306.03341v1 [cs.LG])

Title: On the Role of Attention in Prompt-tuning. (arXiv:2306.03435v1 [cs.LG])

Title: Large Language Models of Code Fail at Completing Code with Potential Bugs. (arXiv:2306.03438v1 [cs.LG])

segmentation

Title: Zero-Shot 3D Shape Correspondence. (arXiv:2306.03253v1 [cs.CV])

Title: DVIS: Decoupled Video Instance Segmentation Framework. (arXiv:2306.03413v1 [cs.CV])

Title: Instructive Feature Enhancement for Dichotomous Medical Image Segmentation. (arXiv:2306.03497v1 [cs.CV])

Title: Semantic Segmentation on VSPW Dataset through Contrastive Loss and Multi-dataset Training Approach. (arXiv:2306.03508v1 [cs.CV])