Publications
At ELSA, we aim to inspire and share knowledge within our network and beyond. The collection of publications below provides an overview of both the network’s own output and research we support. Labels distinguish the categories.
Please note that this list makes no claims of being complete. If you have published a paper which is related to ELSA and should be listed, please reach out to our Press and Communications team.
2026
Gupta, Srishti; Angioni, Daniele; Pintor, Maura; Demontis, Ambra; Schönherr, Lea; Biggio, Battista; Roli, Fabio
Buffer-free Class-Incremental Learning with Out-of-Distribution Detection Journal Article
In: Pattern Recognition, vol. 172, pp. 112441, 2026.
@article{gupta26-pr,
title = {Buffer-free Class-Incremental Learning with Out-of-Distribution Detection},
author = {Srishti Gupta and Daniele Angioni and Maura Pintor and Ambra Demontis and Lea Schönherr and Battista Biggio and Fabio Roli},
year = {2026},
date = {2026-01-01},
journal = {Pattern Recognition},
volume = {172},
pages = {112441},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Ledda, Emanuele; Scodeller, Giovanni; Angioni, Daniele; Piras, Giorgio; Cinà, Antonio Emanuele; Fumera, Giorgio; Biggio, Battista; Roli, Fabio
On the Robustness of Adversarial Training Against Uncertainty Attacks Journal Article
In: Pattern Recognition, vol. 172, pp. 112519, 2026.
@article{ledda26-pr,
title = {On the Robustness of Adversarial Training Against Uncertainty Attacks},
author = {Emanuele Ledda and Giovanni Scodeller and Daniele Angioni and Giorgio Piras and Antonio Emanuele Cinà and Giorgio Fumera and Battista Biggio and Fabio Roli},
year = {2026},
date = {2026-01-01},
journal = {Pattern Recognition},
volume = {172},
pages = {112519},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
2025
Pellicer, Alvaro Lopez; Mariucci, Andre; Angelov, Plamen; Bukhari, Marwan; Kerns, Jemma G.
ProtoMedX: Towards Explainable Multi-Modal Prototype Learning for Bone Health Classification Proceedings Article
In: Proceedings of the IEEE/CVF International Conference on Computer Vision (ICCV) Workshops, pp. 7357-7366, 2025.
@inproceedings{Pellicer_2025_ICCV,
title = {ProtoMedX: Towards Explainable Multi-Modal Prototype Learning for Bone Health Classification},
author = {Alvaro Lopez Pellicer and Andre Mariucci and Plamen Angelov and Marwan Bukhari and Jemma G. Kerns},
year = {2025},
date = {2025-10-01},
booktitle = {Proceedings of the IEEE/CVF International Conference on Computer Vision (ICCV) Workshops},
pages = {7357-7366},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Yeung, Karen; Li, Wenlong
In: Data & Policy, Cambridge University Press, vol. 7, no. e59, 2025.
@article{nokey,
title = {From ‘wild west’ to ‘responsible’ AI testing ‘in-the-wild’: Lessons from Live Facial Recognition Testing by Law Enforcement Authorities in Europe},
author = {Karen Yeung and Wenlong Li},
url = {https://www.cambridge.org/core/journals/data-and-policy/article/from-wild-west-to-responsible-ai-testing-inthewild-lessons-from-live-facial-recognition-testing-by-law-enforcement-authorities-in-europe/3C1F920D9588C8872C195CE403AE3BDF},
year = {2025},
date = {2025-09-19},
journal = {Data & Policy, Cambridge University Press},
volume = {7},
number = {e59},
abstract = {Although ‘in-the-wild’ technology testing provides an important opportunity to collect evidence about the performance of new technologies in real world deployment environments, such tests may themselves cause harm and wrongfully interfere with the rights of others. This paper critically examines real-world AI testing, focusing on live facial recognition technology (FRT) trials by European law enforcement agencies (in London, Wales, Berlin, and Nice) undertaken between 2016 and 2020, which serve as a set of comparative case studies. We argue that there is an urgent need for a clear framework of principles to govern real-world AI testing, which is currently a largely ungoverned ‘wild west’ without adequate safeguards or oversight. We propose a principled framework to ensure that these tests are undertaken in an epistemically, ethically, and legally responsible manner, thereby helping to ensure that such tests generate sound, reliable evidence while safeguarding the human rights and other vital interests of others. Although the case studies of FRT testing were undertaken prior to the passage of the EU’s AI Act, we suggest that these three kinds of responsibility should provide the foundational anchor points to inform the design and conduct of real-world testing of high-risk AI systems pursuant to Article 60 of the AI Act.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Aghasanli, Agil; Li, Yi; Angelov, Plamen
Prototype-Based Continual Learning with Label-free Replay Buffer and Cluster Preservation Loss Proceedings Article
In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) Workshops, pp. 6556-6565, 2025.
@inproceedings{Aghasanli_2025_CVPR,
title = {Prototype-Based Continual Learning with Label-free Replay Buffer and Cluster Preservation Loss},
author = {Agil Aghasanli and Yi Li and Plamen Angelov},
url = {https://github.com/lira-centre/Continual-Learning-with-Label-free-Replay-Buffer-and-Cluster-Preservation},
year = {2025},
date = {2025-06-01},
urldate = {2025-06-01},
booktitle = {Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) Workshops},
pages = {6556-6565},
abstract = {Dimensionality reduction techniques like t-SNE excel at visualizing structure in high-dimensional data but incur high computational costs that limit their use on large or streaming datasets. We introduce the Recursive SNE (RSNE) framework, which extends t-SNE with two complementary strategies: i-RSNE for real-time, point-wise updates and Bi-RSNE for efficient batch processing. Across diverse settings, including standard image benchmarks (CIFAR10/CIFAR100) with DINOv2 and CLIP features, domain-specific iROADS road scenes, neuroimaging data from the Haxby fMRI dataset, and long-term climate records, RSNE delivers substantial speedups over Barnes–Hut t-SNE while maintaining or even improving cluster separability. By combining a lightweight prototype-based initialization with localized KL-divergence refinements, RSNE offers a scalable and adaptable framework for both large-scale offline embedding and on-the-fly visualization of streaming data.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Plamen Angelov Agil Aghasanli, Dmitry Kangin
Transfer learning from inorganic materials to ivory detection Journal Article
In: nature scientific reports, vol. 2025, no. 15, 2025.
@article{nokey,
title = {Transfer learning from inorganic materials to ivory detection},
author = {Agil Aghasanli, Plamen Angelov, Dmitry Kangin, Jemma Kerns, Rebecca Shepherd },
url = {https://www.nature.com/articles/s41598-025-98915-y#Abs1},
year = {2025},
date = {2025-05-03},
journal = {nature scientific reports},
volume = {2025},
number = {15},
abstract = {This paper describes the automatic identification of ivory using Raman spectroscopy data and deep neural network (DNN) models pre-trained on open-source data from inorganic minerals. The proposed approach uses transfer learning (TL) from foundation models trained on a larger inorganic (minerals) spectroscopy dataset (MLROD). The results demonstrate, for the first time, the ability to transfer machine learning (ML) models from a Raman spectroscopy dataset of geological substances to classify biological ivory samples. Current identification methods, such as DNA analysis and radiocarbon dating, are costly and destructive. Recently, it was demonstrated that the use of Raman spectroscopy, a laser-based, non-destructive technique, in combination with well-known statistical techniques, has the potential to differentiate between mammoth and elephant ivory. However, this previous study had a small sample size due to difficulties in obtaining large amounts of labeled ivory data. To date, there has been no reported work on ivory classification using DNNs, and only limited studies using Raman spectra. The work proposed in this paper suggests that ML can provide high levels of accuracy in the classification of Raman spectroscopy data from ivory samples of different elephant species (up to 99.7%). This has the potential to create a quick and inexpensive method of identifying legal and illegal types of ivory to aid in enforcement of ivory trade bans. This study also demonstrated that DNN models initially pre-trained on inorganic minerals (from the MLROD dataset) that were not finetuned on ivory data had a high accuracy rate of 92%, alleviating the need for large amounts of training data from ivory specimens. Finally, the approach proposed in this paper, provides insight into the decision making and interpretation of the results using prototype-based models. This novel work demonstrates that: (1) ML methods can provide highly accurate classification of ivory from different species of elephant using data obtained using Raman spectroscopy and providing insight into the decision making (2) TL enables re-purposing the models trained on larger mineral datasets of inorganic materials (such as MLROD) to discriminating between the classes of ivory, containing inorganic and organic biological components, for the first time transgressing between non-biological and biological samples (3) the proposed method allows both training from labelled samples of ivory and the identification of unknown ivory samples through prototype-based methods.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Angelov, Plamen; Kangin, Dmitry; Zhang, Ziyang
Towards interpretable-by-design deep learning algorithms Journal Article
In: 2025.
@article{angelov2023interpretablebydesigndeeplearningalgorithms,
title = {Towards interpretable-by-design deep learning algorithms},
author = {Plamen Angelov and Dmitry Kangin and Ziyang Zhang},
url = {https://arxiv.org/abs/2311.11396},
doi = {10.48550/arXiv.2311.11396},
year = {2025},
date = {2025-04-14},
urldate = {2025-04-14},
abstract = {The proposed framework named IDEAL (Interpretable-by-design DEep learning ALgorithms) recasts the standard supervised classification problem into a function of similarity to a set of prototypes derived from the training data, while taking advantage of existing latent spaces of large neural networks forming so-called Foundation Models (FM). This addresses the issue of explainability (stage B) while retaining the benefits from the tremendous achievements offered by DL models (e.g., visual transformers, ViT) pre-trained on huge data sets such as IG-3.6B + ImageNet-1K or LVD-142M (stage A). We show that one can turn such DL models into conceptually simpler, explainable-through-prototypes ones.
The key findings can be summarized as follows: (1) the proposed models are interpretable through prototypes, mitigating the issue of confounded interpretations, (2) the proposed IDEAL framework circumvents the issue of catastrophic forgetting allowing efficient class-incremental learning, and (3) the proposed IDEAL approach demonstrates that ViT architectures narrow the gap between finetuned and non-finetuned models allowing for transfer learning in a fraction of time textbf{without} finetuning of the feature space on a target dataset with iterative supervised methods.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The key findings can be summarized as follows: (1) the proposed models are interpretable through prototypes, mitigating the issue of confounded interpretations, (2) the proposed IDEAL framework circumvents the issue of catastrophic forgetting allowing efficient class-incremental learning, and (3) the proposed IDEAL approach demonstrates that ViT architectures narrow the gap between finetuned and non-finetuned models allowing for transfer learning in a fraction of time textbf{without} finetuning of the feature space on a target dataset with iterative supervised methods.
Xiaoyong Xue Xiyue Zhang, Xiaoning Du
Runtime Backdoor Detection for Federated Learning via Representational Dissimilarity Analysis Journal Article
In: IEEE Transactions on Dependable and Secure Computing (TDSC) , 2025, ISSN: 1545‑5971.
@article{nokey,
title = {Runtime Backdoor Detection for Federated Learning via Representational Dissimilarity Analysis},
author = {Xiyue Zhang, Xiaoyong Xue, Xiaoning Du, Xiaofei Xie, Yang Liu, Meng Sun},
url = {https://arxiv.org/abs/2503.04473},
issn = {1545‑5971},
year = {2025},
date = {2025-03-01},
journal = {IEEE Transactions on Dependable and Secure Computing (TDSC) },
abstract = {Federated learning (FL), as a powerful learning paradigm, trains a shared model by aggregating model updates from distributed clients. However, the decoupling of model learning from local data makes FL highly vulnerable to backdoor attacks, where a single compromised client can poison the shared model. While recent progress has been made in backdoor detection, existing methods face challenges with detection accuracy and runtime effectiveness, particularly when dealing with complex model architectures. In this work, we propose a novel approach to detecting malicious clients in an accurate, stable, and efficient manner. Our method utilizes a sampling-based network representation method to quantify dissimilarities between clients, identifying model deviations caused by backdoor injections. We also propose an iterative algorithm to progressively detect and exclude malicious clients as outliers based on these dissimilarity measurements. Evaluations across a range of benchmark tasks demonstrate that our approach outperforms state-of-the-art methods in detection accuracy and defense effectiveness. When deployed for runtime protection, our approach effectively eliminates backdoor injections with marginal overheads.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Shen, Yaling; Zhuang, Zhixiong; Yuan, Kun; Nicolae, Maria-Irina; Navab, Nassir; Padoy, Nicolas; Fritz, Mario
Medical Multimodal Model Stealing Attacks via Adversarial Domain Alignment Proceedings Article
In: Association for the Advancement of Artificial Intelligence (AAAI), 2025.
@inproceedings{shen25aaai,
title = {Medical Multimodal Model Stealing Attacks via Adversarial Domain Alignment},
author = {Yaling Shen and Zhixiong Zhuang and Kun Yuan and Maria-Irina Nicolae and Nassir Navab and Nicolas Padoy and Mario Fritz},
year = {2025},
date = {2025-02-25},
urldate = {2024-02-25},
booktitle = {Association for the Advancement of Artificial Intelligence (AAAI)},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Sukhija, Bhavya; Coros, Stelian; Krause, Andreas; Abbeel, Pieter; Sferrazza, Carmelo
MaxInfoRL: Boosting exploration in reinforcement learning through information gain maximization Journal Article
In: ICLR, 2025.
@article{sukhija2025maxinforl,
title = {MaxInfoRL: Boosting exploration in reinforcement learning through information gain maximization},
author = {Bhavya Sukhija and Stelian Coros and Andreas Krause and Pieter Abbeel and Carmelo Sferrazza},
year = {2025},
date = {2025-01-01},
journal = {ICLR},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Bossy, Thierry; Vignoud, Julien; Rabbani, Tahseen; Pastoriza, Juan R. Troncoso; Jaggi, Martin
Mitigating Unintended Memorization with LoRA in Federated Learning for LLMs Miscellaneous
2025.
@misc{bossy2025mitigatingunintendedmemorizationlora,
title = {Mitigating Unintended Memorization with LoRA in Federated Learning for LLMs},
author = {Thierry Bossy and Julien Vignoud and Tahseen Rabbani and Juan R. Troncoso Pastoriza and Martin Jaggi},
url = {https://arxiv.org/abs/2502.05087},
year = {2025},
date = {2025-01-01},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
Baraldi, Lorenzo; Amoroso, Roberto; Cornia, Marcella; Baraldi, Lorenzo; Pilzer, Andrea; Cucchiara, Rita
Learning to mask and permute visual tokens for Vision Transformer pre-training Journal Article
In: Computer Vision and Image Understanding, vol. 252, pp. 104294, 2025, ISSN: 1077-3142.
@article{BARALDI2025104294,
title = {Learning to mask and permute visual tokens for Vision Transformer pre-training},
author = {Lorenzo Baraldi and Roberto Amoroso and Marcella Cornia and Lorenzo Baraldi and Andrea Pilzer and Rita Cucchiara},
url = {https://www.sciencedirect.com/science/article/pii/S1077314225000177},
doi = {https://doi.org/10.1016/j.cviu.2025.104294},
issn = {1077-3142},
year = {2025},
date = {2025-01-01},
journal = {Computer Vision and Image Understanding},
volume = {252},
pages = {104294},
abstract = {The use of self-supervised pre-training has emerged as a promising approach to enhance the performance of many different visual tasks. In this context, recent approaches have employed the Masked Image Modeling paradigm, which pre-trains a backbone by reconstructing visual tokens associated with randomly masked image patches. This masking approach, however, introduces noise into the input data during pre-training, leading to discrepancies that can impair performance during the fine-tuning phase. Furthermore, input masking neglects the dependencies between corrupted patches, increasing the inconsistencies observed in downstream fine-tuning tasks. To overcome these issues, we propose a new self-supervised pre-training approach, named Masked and Permuted Vision Transformer (MaPeT), that employs autoregressive and permuted predictions to capture intra-patch dependencies. In addition, MaPeT employs auxiliary positional information to reduce the disparity between the pre-training and fine-tuning phases. In our experiments, we employ a fair setting to ensure reliable and meaningful comparisons and conduct investigations on multiple visual tokenizers, including our proposed k-CLIP which directly employs discretized CLIP features. Our results demonstrate that MaPeT achieves competitive performance on ImageNet, compared to baselines and competitors under the same model setting. We release an implementation of our code and models at https://github.com/aimagelab/MaPeT.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Alrawajfeh, Talal; Jälkö, Joonas; Honkela, Antti
Noise-Aware Differentially Private Variational Inference Miscellaneous
2025.
@misc{alrawajfeh2025noiseawaredifferentiallyprivatevariational,
title = {Noise-Aware Differentially Private Variational Inference},
author = {Talal Alrawajfeh and Joonas Jälkö and Antti Honkela},
url = {https://arxiv.org/abs/2410.19371},
year = {2025},
date = {2025-01-01},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
Bhatt, Umang; Chen, Valerie; Collins, Katherine M.; Kamalaruban, Parameswaran; Kallina, Emma; Weller, Adrian; Talwalkar, Ameet
Learning Personalized Decision Support Policies Miscellaneous
2025.
@misc{bhatt2025learningpersonalizeddecisionsupport,
title = {Learning Personalized Decision Support Policies},
author = {Umang Bhatt and Valerie Chen and Katherine M. Collins and Parameswaran Kamalaruban and Emma Kallina and Adrian Weller and Ameet Talwalkar},
url = {https://arxiv.org/abs/2304.06701},
year = {2025},
date = {2025-01-01},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
Wang, Hui-Po; Fritz, Mario
Language Models as Zero-shot Lossless Gradient Compressors: Towards General Neural Parameter Prior Models Miscellaneous
2025.
@misc{wang2025languagemodelszeroshotlossless,
title = {Language Models as Zero-shot Lossless Gradient Compressors: Towards General Neural Parameter Prior Models},
author = {Hui-Po Wang and Mario Fritz},
url = {https://arxiv.org/abs/2409.17836},
year = {2025},
date = {2025-01-01},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
Angelov, Plamen; Kangin, Dmitry; Zhang, Ziyang
IDEAL: Interpretable-by-Design ALgorithms for learning from foundation feature spaces Journal Article
In: Neurocomputing, vol. 626, pp. 129464, 2025, ISSN: 0925-2312.
@article{ANGELOV2025129464,
title = {IDEAL: Interpretable-by-Design ALgorithms for learning from foundation feature spaces},
author = {Plamen Angelov and Dmitry Kangin and Ziyang Zhang},
url = {https://www.sciencedirect.com/science/article/pii/S0925231225001365},
doi = {https://doi.org/10.1016/j.neucom.2025.129464},
issn = {0925-2312},
year = {2025},
date = {2025-01-01},
journal = {Neurocomputing},
volume = {626},
pages = {129464},
abstract = {The advance of foundation models (FM) makes it possible to avoid parametric tuning for transfer learning, taking advantage of pretrained feature spaces. In this study, we define a framework called IDEAL (Interpretable-by-design DEep learning ALgorithms) which tackles the problem of interpretable transfer learning by recasting the standard supervised classification problem into a function of similarity to a set of prototypes derived from the training data. This framework generalises previously-known prototypical approaches, such as ProtoPNet, xDNN and DNC, and decomposes the overall problem into two inherently connected stages: (A) feature extraction (FE), which maps the raw features of real-world data into a latent space, and (B) identification of representative prototypes and decision making based on similarity and association between the query and the prototypes. This addresses the issue of interpretability (stage B) while retaining the benefits of pretrained deep learning (DL) models. On a range of datasets (CIFAR-10, CIFAR-100, CalTech101, STL-10, Oxford-IIIT Pet, EuroSAT), we demonstrate, through an extensive set of experiments, how the choice of the latent space, prototype selection, and finetuning of the latent space affect accuracy and generalisation of the models on transfer learning scenarios for different backbones. Building upon this knowledge, we demonstrate that the proposed framework helps achieve an advantage over state-of-the-art baselines in class-incremental learning. The key findings can be summarised as follows: (1) the setting allows interpretability through prototypes, (2) lack of finetuning helps circumvent the issue of catastrophic forgetting, allowing efficient class-incremental transfer learning, while mitigating the issue of confounding bias, and (3) ViT architectures narrow the gap between finetuned and non-finetuned models allowing for transfer learning in a fraction of time without finetuning of the feature space on a target dataset with iterative supervised methods.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Pradhan, Gauri; Jälkö, Joonas; Tobaben, Marlon; Honkela, Antti
Hyperparameters in Score-Based Membership Inference Attacks Miscellaneous
2025.
@misc{pradhan2025hyperparametersscorebasedmembershipinference,
title = {Hyperparameters in Score-Based Membership Inference Attacks},
author = {Gauri Pradhan and Joonas Jälkö and Marlon Tobaben and Antti Honkela},
url = {https://arxiv.org/abs/2502.06374},
year = {2025},
date = {2025-01-01},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
Abdelnabi, Sahar; Fay, Aideen; Cherubin, Giovanni; Salem, Ahmed; Fritz, Mario; Paverd, Andrew
Get my drift? Catching LLM Task Drift with Activation Deltas Miscellaneous
2025.
@misc{abdelnabi2025driftcatchingllmtask,
title = {Get my drift? Catching LLM Task Drift with Activation Deltas},
author = {Sahar Abdelnabi and Aideen Fay and Giovanni Cherubin and Ahmed Salem and Mario Fritz and Andrew Paverd},
url = {https://arxiv.org/abs/2406.00799},
year = {2025},
date = {2025-01-01},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
Marta, Daniel; Holk, Simon; Vasco, Miguel; Lundell, Jens; Homberger, Timon; Busch, Finn L.; Andersson, Olov; Kragic, Danica; Leite, Iolanda
FLoRA: Sample-Efficient Preference-based RL via Low-Rank Style Adaptation of Reward Functions Proceedings Article
In: :, 2025.
@inproceedings{Marta1942924,
title = {FLoRA: Sample-Efficient Preference-based RL via Low-Rank Style Adaptation of Reward Functions},
author = {Daniel Marta and Simon Holk and Miguel Vasco and Jens Lundell and Timon Homberger and Finn L. Busch and Olov Andersson and Danica Kragic and Iolanda Leite},
year = {2025},
date = {2025-01-01},
booktitle = {:},
institution = {KTH, Centre for Autonomous Systems, CAS},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Betran, Santiago Bou; Longhini, Alberta; Vasco, Miguel; Zhang, Yuchong; Kragic, Danica
FLAME: A Federated Learning Benchmark for Robotic Manipulation Miscellaneous
2025.
@misc{betran2025flamefederatedlearningbenchmark,
title = {FLAME: A Federated Learning Benchmark for Robotic Manipulation},
author = {Santiago Bou Betran and Alberta Longhini and Miguel Vasco and Yuchong Zhang and Danica Kragic},
url = {https://arxiv.org/abs/2503.01729},
year = {2025},
date = {2025-01-01},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
Nguyen, Khanh; Kerkouche, Raouf; Fritz, Mario; Karatzas, Dimosthenis
DocMIA: Document-Level Membership Inference Attacks against DocVQA Models Proceedings Article
In: The Thirteenth International Conference on Learning Representations, 2025.
@inproceedings{nguyen2025docmia,
title = {DocMIA: Document-Level Membership Inference Attacks against DocVQA Models},
author = {Khanh Nguyen and Raouf Kerkouche and Mario Fritz and Dimosthenis Karatzas},
url = {https://openreview.net/forum?id=gNxvs5pUdu},
year = {2025},
date = {2025-01-01},
booktitle = {The Thirteenth International Conference on Learning Representations},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Mohtashami, Amirkeivan; Pagliardini, Matteo; Jaggi, Martin
CoTFormer: A Chain of Thought Driven Architecture with Budget-Adaptive Computation Cost at Inference Proceedings Article
In: The Thirteenth International Conference on Learning Representations, 2025.
@inproceedings{mohtashami2025cotformer,
title = {CoTFormer: A Chain of Thought Driven Architecture with Budget-Adaptive Computation Cost at Inference},
author = {Amirkeivan Mohtashami and Matteo Pagliardini and Martin Jaggi},
url = {https://openreview.net/forum?id=7igPXQFupX},
year = {2025},
date = {2025-01-01},
booktitle = {The Thirteenth International Conference on Learning Representations},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Binkyte, Ruta; Sheth, Ivaxi; Jin, Zhijing; Havaei, Muhammad; Scholkopf, Bernhard; Fritz, Mario
Causality Is Key to Understand and Balance Multiple Goals in Trustworthy ML and Foundation Models Proceedings Article
In: 2025.
@inproceedings{Binkyte2025CausalityIK,
title = {Causality Is Key to Understand and Balance Multiple Goals in Trustworthy ML and Foundation Models},
author = {Ruta Binkyte and Ivaxi Sheth and Zhijing Jin and Muhammad Havaei and Bernhard Scholkopf and Mario Fritz},
url = {https://api.semanticscholar.org/CorpusID:276724775},
year = {2025},
date = {2025-01-01},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Sheth, Ivaxi; Fatemi, Bahare; Fritz, Mario
CausalGraph2LLM: Evaluating LLMs for Causal Queries Miscellaneous
2025.
@misc{sheth2025causalgraph2llmevaluatingllmscausal,
title = {CausalGraph2LLM: Evaluating LLMs for Causal Queries},
author = {Ivaxi Sheth and Bahare Fatemi and Mario Fritz},
url = {https://arxiv.org/abs/2410.15939},
year = {2025},
date = {2025-01-01},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
As*, Yarden; Sukhija*, Bhavya; Treven, Lenart; Sferrazza, Carmelo; Coros, Stelian; Krause, Andreas
Actsafe: Active exploration with safety constraints for reinforcement learning Journal Article
In: ICLR, 2025.
@article{as2025actsafe,
title = {Actsafe: Active exploration with safety constraints for reinforcement learning},
author = {Yarden As* and Bhavya Sukhija* and Lenart Treven and Carmelo Sferrazza and Stelian Coros and Andreas Krause},
year = {2025},
date = {2025-01-01},
journal = {ICLR},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Piras, Giorgio; Pintor, Maura; Demontis, Ambra; Biggio, Battista; Giacinto, Giorgio; Roli, Fabio
Adversarial Pruning: A Survey and Benchmark of Pruning Methods for Adversarial Robustness Journal Article
In: Pattern Recognition, vol. 168, pp. 111788, 2025.
@article{piras25-pr,
title = {Adversarial Pruning: A Survey and Benchmark of Pruning Methods for Adversarial Robustness},
author = {Giorgio Piras and Maura Pintor and Ambra Demontis and Battista Biggio and Giorgio Giacinto and Fabio Roli},
url = {https://www.sciencedirect.com/science/article/pii/S0031320325004480},
doi = {10.1016/j.patcog.2025.111788},
year = {2025},
date = {2025-01-01},
journal = {Pattern Recognition},
volume = {168},
pages = {111788},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Souibgui, Mohamed Ali; Choi, Changkyu; Barsky, Andrey; Jung, Kangsoo; Valveny, Ernest; Karatzas, Dimosthenis
DocVXQA: Context-Aware Visual Explanations for Document Question Answering Proceedings Article
In: Forty-second International Conference on Machine Learning, 2025.
@inproceedings{souibgui2025docvxqa,
title = {DocVXQA: Context-Aware Visual Explanations for Document Question Answering},
author = {Mohamed Ali Souibgui and Changkyu Choi and Andrey Barsky and Kangsoo Jung and Ernest Valveny and Dimosthenis Karatzas},
url = {https://openreview.net/forum?id=wex0vL4c2Y},
year = {2025},
date = {2025-01-01},
booktitle = {Forty-second International Conference on Machine Learning},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Iurada, Leonardo; Ciccone, Marco; Tommasi, Tatiana
Efficient Model Editing with Task-Localized Sparse Fine-tuning Proceedings Article
In: The Thirteenth International Conference on Learning Representations, 2025.
@inproceedings{iurada2025efficient,
title = {Efficient Model Editing with Task-Localized Sparse Fine-tuning},
author = {Leonardo Iurada and Marco Ciccone and Tatiana Tommasi},
url = {https://openreview.net/forum?id=TDyE2iuvyc},
year = {2025},
date = {2025-01-01},
booktitle = {The Thirteenth International Conference on Learning Representations},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Cinà, Antonio Emanuele; Pintor, Maura; Demetrio, Luca; Demontis, Ambra; Biggio, Battista; Roli, Fabio
Evaluating the Evaluators: Trust in Adversarial Robustness Tests Conference
Ital-IA, CEUR Workshop Proceedings CEUR-WS.org, 2025.
@conference{cina25-ital-ia,
title = {Evaluating the Evaluators: Trust in Adversarial Robustness Tests},
author = {Antonio Emanuele Cinà and Maura Pintor and Luca Demetrio and Ambra Demontis and Battista Biggio and Fabio Roli},
year = {2025},
date = {2025-01-01},
booktitle = {Ital-IA},
publisher = {CEUR-WS.org},
series = {CEUR Workshop Proceedings},
keywords = {},
pubstate = {published},
tppubtype = {conference}
}
Sheth, Ivaxi; Wehner, Jan; Abdelnabi, Sahar; Binkyte, Ruta; Fritz, Mario
Safety is Essential for Responsible Open-Ended Systems Miscellaneous
2025.
@misc{sheth2025safetyessentialresponsibleopenended,
title = {Safety is Essential for Responsible Open-Ended Systems},
author = {Ivaxi Sheth and Jan Wehner and Sahar Abdelnabi and Ruta Binkyte and Mario Fritz},
url = {https://arxiv.org/abs/2502.04512},
year = {2025},
date = {2025-01-01},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
Benigmim, Yasser; Fahes, Mohammad; Vu, Tuan-Hung; Bursuc, Andrei; Charette, Raoul
FLOSS: Free Lunch in Open-vocabulary Semantic Segmentation Proceedings Article
In: ICCV, 2025.
@inproceedings{benigmim2025floss,
title = {FLOSS: Free Lunch in Open-vocabulary Semantic Segmentation},
author = {Yasser Benigmim and Mohammad Fahes and Tuan-Hung Vu and Andrei Bursuc and Raoul Charette},
year = {2025},
date = {2025-01-01},
booktitle = {ICCV},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Poppi, Tobia; Kasarla, Tejaswi; Mettes, Pascal; Baraldi, Lorenzo; Cucchiara, Rita
Hyperbolic Safety-Aware Vision-Language Models Proceedings Article
In: Proceedings of the Computer Vision and Pattern Recognition Conference, pp. 4222–4232, 2025.
@inproceedings{poppi2025hyperbolic,
title = {Hyperbolic Safety-Aware Vision-Language Models},
author = {Tobia Poppi and Tejaswi Kasarla and Pascal Mettes and Lorenzo Baraldi and Rita Cucchiara},
year = {2025},
date = {2025-01-01},
booktitle = {Proceedings of the Computer Vision and Pattern Recognition Conference},
pages = {4222–4232},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Chen, Xin; As, Yarden; Krause, Andreas
Learning Safety Constraints for Large Language Models Miscellaneous
2025.
@misc{chen2025learningsafetyconstraintslarge,
title = {Learning Safety Constraints for Large Language Models},
author = {Xin Chen and Yarden As and Andreas Krause},
url = {https://arxiv.org/abs/2505.24445},
year = {2025},
date = {2025-01-01},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
Floris, Giuseppe; Scano, Christian; Montaruli, Biagio; Demetrio, Luca; Valenza, Andrea; Compagna, Luca; Ariu, Davide; Piras, Luca; Balzarotti, Davide; Biggio, Battista
ModSec-AdvLearn: Countering Adversarial SQL Injections With Robust Machine Learning Journal Article
In: IEEE Transactions on Information Forensics and Security, vol. 20, pp. 6693-6705, 2025.
@article{floris25-tifs,
title = {ModSec-AdvLearn: Countering Adversarial SQL Injections With Robust Machine Learning},
author = {Giuseppe Floris and Christian Scano and Biagio Montaruli and Luca Demetrio and Andrea Valenza and Luca Compagna and Davide Ariu and Luca Piras and Davide Balzarotti and Battista Biggio},
doi = {10.1109/TIFS.2025.3583234},
year = {2025},
date = {2025-01-01},
journal = {IEEE Transactions on Information Forensics and Security},
volume = {20},
pages = {6693-6705},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Räisä, Ossi; Jälkö, Joonas; Honkela, Antti
On Consistent Bayesian Inference from Synthetic Data Journal Article
In: Journal of Machine Learning Research, vol. 26, no. 74, pp. 1–65, 2025.
@article{JMLR:v26:23-1428,
title = {On Consistent Bayesian Inference from Synthetic Data},
author = {Ossi Räisä and Joonas Jälkö and Antti Honkela},
url = {http://jmlr.org/papers/v26/23-1428.html},
year = {2025},
date = {2025-01-01},
journal = {Journal of Machine Learning Research},
volume = {26},
number = {74},
pages = {1–65},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Anani, Alaa; Lorenz, Tobias; Fritz, Mario; Schiele, Bernt
Pixel-level Certified Explanations via Randomized Smoothing Proceedings Article
In: Forty-second International Conference on Machine Learning, 2025.
@inproceedings{anani2025pixellevel,
title = {Pixel-level Certified Explanations via Randomized Smoothing},
author = {Alaa Anani and Tobias Lorenz and Mario Fritz and Bernt Schiele},
url = {https://openreview.net/forum?id=NngoETL9IK},
year = {2025},
date = {2025-01-01},
booktitle = {Forty-second International Conference on Machine Learning},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Gairola, Siddhartha; Böhle, Moritz; Locatello, Francesco; Schiele, Bernt
How to Probe: Simple Yet Effective Techniques for Improving Post-hoc Explanations Proceedings Article
In: Thirteenth International Conference on Learning Representations, OpenReview. net 2025.
@inproceedings{gairola2025probe,
title = {How to Probe: Simple Yet Effective Techniques for Improving Post-hoc Explanations},
author = {Siddhartha Gairola and Moritz Böhle and Francesco Locatello and Bernt Schiele},
year = {2025},
date = {2025-01-01},
booktitle = {Thirteenth International Conference on Learning Representations},
organization = {OpenReview. net},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Klock, João Pedro; Pinto, João; Li, Yi; Castro, Cristiano; Angelov, Plamen
Vision-based Landing Guidance through Tracking and Orientation Estimation Proceedings Article
In: 2025.
@inproceedings{inproceedings,
title = {Vision-based Landing Guidance through Tracking and Orientation Estimation},
author = {João Pedro Klock and João Pinto and Yi Li and Cristiano Castro and Plamen Angelov},
year = {2025},
date = {2025-01-01},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Brau, Fabio; Pintor, Maura; Cinà, Antonio Emanuele; Mura, Raffaele; Scionis, Luca; Oneto, Luca; Roli, Fabio; Biggio, Battista
TransferBench: Benchmarking Ensemble-based Black-box Transfer Attacks Proceedings Article
In: The Thirty-ninth Annual Conference on Neural Information Processing Systems Datasets and Benchmarks Track, 2025.
@inproceedings{brau25-neurips,
title = {TransferBench: Benchmarking Ensemble-based Black-box Transfer Attacks},
author = {Fabio Brau and Maura Pintor and Antonio Emanuele Cinà and Raffaele Mura and Luca Scionis and Luca Oneto and Fabio Roli and Battista Biggio},
year = {2025},
date = {2025-01-01},
booktitle = {The Thirty-ninth Annual Conference on Neural Information Processing Systems Datasets and Benchmarks Track},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Cinà, Antonio Emanuele; Rony, Jérôme; Pintor, Maura; Demetrio, Luca; Demontis, Ambra; Biggio, Battista; Ayed, Ismail Ben; Roli, Fabio
AttackBench: Evaluating Gradient-based Attacks for Adversarial Examples Proceedings Article
In: Proc. AAAI Conference on Artificial Intelligence, pp. 2600-2608, 2025.
@inproceedings{cina25-aaai,
title = {AttackBench: Evaluating Gradient-based Attacks for Adversarial Examples},
author = {Antonio Emanuele Cinà and Jérôme Rony and Maura Pintor and Luca Demetrio and Ambra Demontis and Battista Biggio and Ismail Ben Ayed and Fabio Roli},
year = {2025},
date = {2025-01-01},
booktitle = {Proc. AAAI Conference on Artificial Intelligence},
volume = {39},
number = {3},
pages = {2600-2608},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Melis, Luca; Scionis, Luca; Brau, Fabio; Pintor, Maura; Biggio, Battista
Less is More? An Ablation Study on AutoAttack for Adversarial Robustness Evaluation Proceedings Article
In: International Conference on Machine Learning and Cybernetics, IEEE, 2025.
@inproceedings{melis25-icmlc,
title = {Less is More? An Ablation Study on AutoAttack for Adversarial Robustness Evaluation},
author = {Luca Melis and Luca Scionis and Fabio Brau and Maura Pintor and Battista Biggio},
year = {2025},
date = {2025-01-01},
booktitle = {International Conference on Machine Learning and Cybernetics},
publisher = {IEEE},
series = {ICMLC},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Scano, Christian; Floris, Giuseppe; Montaruli, Biagio; Demetrio, Luca; Valenza, Andrea; Compagna, Luca; Ariu, Davide; Piras, Luca; Balzarotti, Davide; Biggio, Battista
ModSec-Learn: Boosting ModSecurity with Machine Learning Proceedings Article
In: Mehmood, Rashid; Hernández, Guillermo; Praça, Isabel; Wikarek, Jaroslaw; Loukanova, Roussanka; dos Reis, Arsénio Monteiro; Skarmeta, Antonio; Lombardi, Eleonora (Ed.): Distributed Computing and Artificial Intelligence, Special Sessions I, 21st International Conference, pp. 23–33, Springer Nature Switzerland, Cham, 2025.
@inproceedings{scano25-dcai,
title = {ModSec-Learn: Boosting ModSecurity with Machine Learning},
author = {Christian Scano and Giuseppe Floris and Biagio Montaruli and Luca Demetrio and Andrea Valenza and Luca Compagna and Davide Ariu and Luca Piras and Davide Balzarotti and Battista Biggio},
editor = {Rashid Mehmood and Guillermo Hernández and Isabel Praça and Jaroslaw Wikarek and Roussanka Loukanova and Arsénio Monteiro dos Reis and Antonio Skarmeta and Eleonora Lombardi},
year = {2025},
date = {2025-01-01},
booktitle = {Distributed Computing and Artificial Intelligence, Special Sessions I, 21st International Conference},
pages = {23–33},
publisher = {Springer Nature Switzerland},
address = {Cham},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Grazzi, Riccardo; Siems, Julien; Franke, Jörg K. H.; Zela, Arber; Hutter, Frank; Pontil, Massimiliano
Unlocking State-Tracking in Linear RNNs Through Negative Eigenvalues Proceedings Article
In: The Thirteenth International Conference on Learning Representations, 2025.
@inproceedings{,
title = {Unlocking State-Tracking in Linear RNNs Through Negative Eigenvalues},
author = {Riccardo Grazzi and Julien Siems and Jörg K. H. Franke and Arber Zela and Frank Hutter and Massimiliano Pontil},
url = {https://openreview.net/forum?id=UvTo3tVBk2},
year = {2025},
date = {2025-01-01},
urldate = {2025-01-01},
booktitle = {The Thirteenth International Conference on Learning Representations},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Manca, Cristian; Minnei, Luca; Pintor, Maura; Brau, Fabio; Biggio, Battista
A Comparative Analysis of Active Learning Strategies for Android Malware Detection Proceedings Article
In: International Conference on Machine Learning and Cybernetics, IEEE, 2025.
@inproceedings{manca25-icmlc,
title = {A Comparative Analysis of Active Learning Strategies for Android Malware Detection},
author = {Cristian Manca and Luca Minnei and Maura Pintor and Fabio Brau and Battista Biggio},
year = {2025},
date = {2025-01-01},
booktitle = {International Conference on Machine Learning and Cybernetics},
publisher = {IEEE},
series = {ICMLC},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Piras, Giorgio; Zhao, Qi; Brau, Fabio; Pintor, Maura; Wressnegger, Christian; Biggio, Battista
S2AP: Score-space Sharpness Minimization for Adversarial Pruning Journal Article
In: ArXiv e-prints, vol. 2510.18381, 2025.
@article{piras25-arxiv,
title = {S2AP: Score-space Sharpness Minimization for Adversarial Pruning},
author = {Giorgio Piras and Qi Zhao and Fabio Brau and Maura Pintor and Christian Wressnegger and Battista Biggio},
year = {2025},
date = {2025-01-01},
journal = {ArXiv e-prints},
volume = {2510.18381},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Vadillo, Jon; Santana, Roberto; Lozano, Jose A.; Kwiatkowska, Marta
Uncertainty-Aware Explanations Through Probabilistic Self-Explainable Neural Networks Miscellaneous
2025.
@misc{vadillo2025uncertaintyawareexplanationsprobabilisticselfexplainable,
title = {Uncertainty-Aware Explanations Through Probabilistic Self-Explainable Neural Networks},
author = {Jon Vadillo and Roberto Santana and Jose A. Lozano and Marta Kwiatkowska},
url = {https://arxiv.org/abs/2403.13740},
year = {2025},
date = {2025-01-01},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
Ghiani, Daniele; Angioni, Daniele; Piras, Giorgio; Sotgiu, Angelo; Minnei, Luca; Gupta, Srishti; Pintor, Maura; Roli, Fabio; Biggio, Battista
Regression-aware Continual Learning for Android Malware Detection Journal Article
In: ArXiv e-prints, vol. 2507.18313, 2025.
@article{ghiani25-arxiv,
title = {Regression-aware Continual Learning for Android Malware Detection},
author = {Daniele Ghiani and Daniele Angioni and Giorgio Piras and Angelo Sotgiu and Luca Minnei and Srishti Gupta and Maura Pintor and Fabio Roli and Battista Biggio},
year = {2025},
date = {2025-01-01},
journal = {ArXiv e-prints},
volume = {2507.18313},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Guo, Wei; Pintor, Maura; Demontis, Ambra; Biggio, Battista
Silent Until Sparse: Backdoor Attacks on Semi-Structured Sparsity Journal Article
In: ArXiv e-prints, vol. 2509.08747, 2025.
@article{guo25a-arxiv,
title = {Silent Until Sparse: Backdoor Attacks on Semi-Structured Sparsity},
author = {Wei Guo and Maura Pintor and Ambra Demontis and Battista Biggio},
year = {2025},
date = {2025-01-01},
journal = {ArXiv e-prints},
volume = {2509.08747},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Guo, Wei; Pintor, Maura; Demontis, Ambra; Biggio, Battista
Prototype-Guided Robust Learning against Backdoor Attacks Journal Article
In: ArXiv e-prints, vol. 2509.08748, 2025.
@article{guo25-arxiv,
title = {Prototype-Guided Robust Learning against Backdoor Attacks},
author = {Wei Guo and Maura Pintor and Ambra Demontis and Battista Biggio},
year = {2025},
date = {2025-01-01},
journal = {ArXiv e-prints},
volume = {2509.08748},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Aghasanli, Agil; Angelov, Plamen P
Recursive SNE: Fast Prototype-Based t-SNE for Large-Scale and Online Data Journal Article
In: Transactions on Machine Learning Research, 2025, ISSN: 2835-8856.
@article{<LineBreak>aghasanli2025recursive,
title = {Recursive SNE: Fast Prototype-Based t-SNE for Large-Scale and Online Data},
author = {Agil Aghasanli and Plamen P Angelov},
url = {https://openreview.net/forum?id=7wCPAFMDWM},
issn = {2835-8856},
year = {2025},
date = {2025-01-01},
urldate = {2025-01-01},
journal = {Transactions on Machine Learning Research},
abstract = {Dimensionality reduction techniques like t-SNE excel at visualizing structure in highdimensional data but incur high computational costs that limit their use on large or streaming datasets. We introduce the Recursive SNE (RSNE) framework, which extends t-SNE with two complementary strategies: i-RSNE for real-time, point-wise updates and Bi-RSNE for efficient batch processing. Across diverse settings, including standard image benchmarks (CIFAR10/CIFAR100) with DINOv2 and CLIP features, domain-specific iROADS road scenes, neuroimaging data from the Haxby fMRI dataset, and long-term climate records, RSNE delivers substantial speedups over Barnes–Hut t-SNE while maintaining or even improving cluster separability. By combining a lightweight prototype-based initialization with localized KL-divergence refinements, RSNE offers a scalable and adaptable framework for both large-scale offline embedding and on-the-fly visualization of streaming data.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}