Publications
At ELSA, we aim to inspire and share knowledge within our network and beyond. The collection of publications below provides an overview of both the network’s own output and research we support. Labels distinguish the categories.
Please note that this list makes no claims of being complete. If you have published a paper which is related to ELSA and should be listed, please reach out to our Press and Communications team.
2025
Angelov, Plamen; Kangin, Dmitry; Zhang, Ziyang
IDEAL: Interpretable-by-Design ALgorithms for learning from foundation feature spaces Journal Article
In: Neurocomputing, vol. 626, pp. 129464, 2025, ISSN: 0925-2312.
@article{ANGELOV2025129464,
title = {IDEAL: Interpretable-by-Design ALgorithms for learning from foundation feature spaces},
author = {Plamen Angelov and Dmitry Kangin and Ziyang Zhang},
url = {https://www.sciencedirect.com/science/article/pii/S0925231225001365},
doi = {https://doi.org/10.1016/j.neucom.2025.129464},
issn = {0925-2312},
year = {2025},
date = {2025-01-01},
journal = {Neurocomputing},
volume = {626},
pages = {129464},
abstract = {The advance of foundation models (FM) makes it possible to avoid parametric tuning for transfer learning, taking advantage of pretrained feature spaces. In this study, we define a framework called IDEAL (Interpretable-by-design DEep learning ALgorithms) which tackles the problem of interpretable transfer learning by recasting the standard supervised classification problem into a function of similarity to a set of prototypes derived from the training data. This framework generalises previously-known prototypical approaches, such as ProtoPNet, xDNN and DNC, and decomposes the overall problem into two inherently connected stages: (A) feature extraction (FE), which maps the raw features of real-world data into a latent space, and (B) identification of representative prototypes and decision making based on similarity and association between the query and the prototypes. This addresses the issue of interpretability (stage B) while retaining the benefits of pretrained deep learning (DL) models. On a range of datasets (CIFAR-10, CIFAR-100, CalTech101, STL-10, Oxford-IIIT Pet, EuroSAT), we demonstrate, through an extensive set of experiments, how the choice of the latent space, prototype selection, and finetuning of the latent space affect accuracy and generalisation of the models on transfer learning scenarios for different backbones. Building upon this knowledge, we demonstrate that the proposed framework helps achieve an advantage over state-of-the-art baselines in class-incremental learning. The key findings can be summarised as follows: (1) the setting allows interpretability through prototypes, (2) lack of finetuning helps circumvent the issue of catastrophic forgetting, allowing efficient class-incremental transfer learning, while mitigating the issue of confounding bias, and (3) ViT architectures narrow the gap between finetuned and non-finetuned models allowing for transfer learning in a fraction of time without finetuning of the feature space on a target dataset with iterative supervised methods.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The advance of foundation models (FM) makes it possible to avoid parametric tuning for transfer learning, taking advantage of pretrained feature spaces. In this study, we define a framework called IDEAL (Interpretable-by-design DEep learning ALgorithms) which tackles the problem of interpretable transfer learning by recasting the standard supervised classification problem into a function of similarity to a set of prototypes derived from the training data. This framework generalises previously-known prototypical approaches, such as ProtoPNet, xDNN and DNC, and decomposes the overall problem into two inherently connected stages: (A) feature extraction (FE), which maps the raw features of real-world data into a latent space, and (B) identification of representative prototypes and decision making based on similarity and association between the query and the prototypes. This addresses the issue of interpretability (stage B) while retaining the benefits of pretrained deep learning (DL) models. On a range of datasets (CIFAR-10, CIFAR-100, CalTech101, STL-10, Oxford-IIIT Pet, EuroSAT), we demonstrate, through an extensive set of experiments, how the choice of the latent space, prototype selection, and finetuning of the latent space affect accuracy and generalisation of the models on transfer learning scenarios for different backbones. Building upon this knowledge, we demonstrate that the proposed framework helps achieve an advantage over state-of-the-art baselines in class-incremental learning. The key findings can be summarised as follows: (1) the setting allows interpretability through prototypes, (2) lack of finetuning helps circumvent the issue of catastrophic forgetting, allowing efficient class-incremental transfer learning, while mitigating the issue of confounding bias, and (3) ViT architectures narrow the gap between finetuned and non-finetuned models allowing for transfer learning in a fraction of time without finetuning of the feature space on a target dataset with iterative supervised methods.
Wang, Hui-Po; Fritz, Mario
Language Models as Zero-shot Lossless Gradient Compressors: Towards General Neural Parameter Prior Models Miscellaneous
2025.
@misc{wang2025languagemodelszeroshotlossless,
title = {Language Models as Zero-shot Lossless Gradient Compressors: Towards General Neural Parameter Prior Models},
author = {Hui-Po Wang and Mario Fritz},
url = {https://arxiv.org/abs/2409.17836},
year = {2025},
date = {2025-01-01},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
Bhatt, Umang; Chen, Valerie; Collins, Katherine M.; Kamalaruban, Parameswaran; Kallina, Emma; Weller, Adrian; Talwalkar, Ameet
Learning Personalized Decision Support Policies Miscellaneous
2025.
@misc{bhatt2025learningpersonalizeddecisionsupport,
title = {Learning Personalized Decision Support Policies},
author = {Umang Bhatt and Valerie Chen and Katherine M. Collins and Parameswaran Kamalaruban and Emma Kallina and Adrian Weller and Ameet Talwalkar},
url = {https://arxiv.org/abs/2304.06701},
year = {2025},
date = {2025-01-01},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
Alrawajfeh, Talal; Jälkö, Joonas; Honkela, Antti
Noise-Aware Differentially Private Variational Inference Miscellaneous
2025.
@misc{alrawajfeh2025noiseawaredifferentiallyprivatevariational,
title = {Noise-Aware Differentially Private Variational Inference},
author = {Talal Alrawajfeh and Joonas Jälkö and Antti Honkela},
url = {https://arxiv.org/abs/2410.19371},
year = {2025},
date = {2025-01-01},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
Baraldi, Lorenzo; Amoroso, Roberto; Cornia, Marcella; Baraldi, Lorenzo; Pilzer, Andrea; Cucchiara, Rita
Learning to mask and permute visual tokens for Vision Transformer pre-training Journal Article
In: Computer Vision and Image Understanding, vol. 252, pp. 104294, 2025, ISSN: 1077-3142.
@article{BARALDI2025104294,
title = {Learning to mask and permute visual tokens for Vision Transformer pre-training},
author = {Lorenzo Baraldi and Roberto Amoroso and Marcella Cornia and Lorenzo Baraldi and Andrea Pilzer and Rita Cucchiara},
url = {https://www.sciencedirect.com/science/article/pii/S1077314225000177},
doi = {https://doi.org/10.1016/j.cviu.2025.104294},
issn = {1077-3142},
year = {2025},
date = {2025-01-01},
journal = {Computer Vision and Image Understanding},
volume = {252},
pages = {104294},
abstract = {The use of self-supervised pre-training has emerged as a promising approach to enhance the performance of many different visual tasks. In this context, recent approaches have employed the Masked Image Modeling paradigm, which pre-trains a backbone by reconstructing visual tokens associated with randomly masked image patches. This masking approach, however, introduces noise into the input data during pre-training, leading to discrepancies that can impair performance during the fine-tuning phase. Furthermore, input masking neglects the dependencies between corrupted patches, increasing the inconsistencies observed in downstream fine-tuning tasks. To overcome these issues, we propose a new self-supervised pre-training approach, named Masked and Permuted Vision Transformer (MaPeT), that employs autoregressive and permuted predictions to capture intra-patch dependencies. In addition, MaPeT employs auxiliary positional information to reduce the disparity between the pre-training and fine-tuning phases. In our experiments, we employ a fair setting to ensure reliable and meaningful comparisons and conduct investigations on multiple visual tokenizers, including our proposed k-CLIP which directly employs discretized CLIP features. Our results demonstrate that MaPeT achieves competitive performance on ImageNet, compared to baselines and competitors under the same model setting. We release an implementation of our code and models at https://github.com/aimagelab/MaPeT.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The use of self-supervised pre-training has emerged as a promising approach to enhance the performance of many different visual tasks. In this context, recent approaches have employed the Masked Image Modeling paradigm, which pre-trains a backbone by reconstructing visual tokens associated with randomly masked image patches. This masking approach, however, introduces noise into the input data during pre-training, leading to discrepancies that can impair performance during the fine-tuning phase. Furthermore, input masking neglects the dependencies between corrupted patches, increasing the inconsistencies observed in downstream fine-tuning tasks. To overcome these issues, we propose a new self-supervised pre-training approach, named Masked and Permuted Vision Transformer (MaPeT), that employs autoregressive and permuted predictions to capture intra-patch dependencies. In addition, MaPeT employs auxiliary positional information to reduce the disparity between the pre-training and fine-tuning phases. In our experiments, we employ a fair setting to ensure reliable and meaningful comparisons and conduct investigations on multiple visual tokenizers, including our proposed k-CLIP which directly employs discretized CLIP features. Our results demonstrate that MaPeT achieves competitive performance on ImageNet, compared to baselines and competitors under the same model setting. We release an implementation of our code and models at https://github.com/aimagelab/MaPeT.
Bossy, Thierry; Vignoud, Julien; Rabbani, Tahseen; Pastoriza, Juan R. Troncoso; Jaggi, Martin
Mitigating Unintended Memorization with LoRA in Federated Learning for LLMs Miscellaneous
2025.
@misc{bossy2025mitigatingunintendedmemorizationlora,
title = {Mitigating Unintended Memorization with LoRA in Federated Learning for LLMs},
author = {Thierry Bossy and Julien Vignoud and Tahseen Rabbani and Juan R. Troncoso Pastoriza and Martin Jaggi},
url = {https://arxiv.org/abs/2502.05087},
year = {2025},
date = {2025-01-01},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
2024
Debenedetti, Edoardo; Rando, Javier; Paleka, Daniel; Florin, Silaghi Fineas; Albastroiu, Dragos; Cohen, Niv; Lemberg, Yuval; Ghosh, Reshmi; Wen, Rui; Salem, Ahmed; Cherubin, Giovanni; Zanella-Beguelin, Santiago; Schmid, Robin; Klemm, Victor; Miki, Takahiro; Li, Chenhao; Kraft, Stefan; Fritz, Mario; Tramèr, Florian; Abdelnabi, Sahar; Schönherr, Lea
Dataset and Lessons Learned from the 2024 SaTML LLM Capture-the-Flag Competition Proceedings Article
In: Neural Information Processing Systems (NeurIPS), 2024.
@inproceedings{llmctf24neurips,
title = {Dataset and Lessons Learned from the 2024 SaTML LLM Capture-the-Flag Competition},
author = {Edoardo Debenedetti and Javier Rando and Daniel Paleka and Silaghi Fineas Florin and Dragos Albastroiu and Niv Cohen and Yuval Lemberg and Reshmi Ghosh and Rui Wen and Ahmed Salem and Giovanni Cherubin and Santiago Zanella-Beguelin and Robin Schmid and Victor Klemm and Takahiro Miki and Chenhao Li and Stefan Kraft and Mario Fritz and Florian Tramèr and Sahar Abdelnabi and Lea Schönherr},
url = {https://arxiv.org/abs/2406.07954
https://arxiv.org/pdf/2406.07954},
year = {2024},
date = {2024-12-10},
booktitle = {Neural Information Processing Systems (NeurIPS)},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Penedo, Guilherme; Kydlíček, Hynek; Sabolčec, Vinko; Messmer, Bettina; Foroutan, Negar; Jaggi, Martin; Werra, Leandro; Wolf, Thomas
FineWeb2: A sparkling update with 1000s of languages software
2024.
@software{penedo2024fineweb-2,
title = {FineWeb2: A sparkling update with 1000s of languages},
author = {Guilherme Penedo and Hynek Kydlíček and Vinko Sabolčec and Bettina Messmer and Negar Foroutan and Martin Jaggi and Leandro Werra and Thomas Wolf},
url = {https://huggingface.co/datasets/HuggingFaceFW/fineweb-2},
year = {2024},
date = {2024-12-01},
keywords = {},
pubstate = {published},
tppubtype = {software}
}
Amoroso, Roberto; Morelli, Davide; Cornia, Marcella; Baraldi, Lorenzo; Bimbo, Alberto Del; Cucchiara, Rita
Parents and Children: Distinguishing Multimodal Deepfakes from Natural Images Journal Article
In: ACM Trans. Multimedia Comput. Commun. Appl., vol. 21, no. 1, 2024, ISSN: 1551-6857.
@article{10.1145/3665497,
title = {Parents and Children: Distinguishing Multimodal Deepfakes from Natural Images},
author = {Roberto Amoroso and Davide Morelli and Marcella Cornia and Lorenzo Baraldi and Alberto Del Bimbo and Rita Cucchiara},
url = {https://doi.org/10.1145/3665497},
doi = {10.1145/3665497},
issn = {1551-6857},
year = {2024},
date = {2024-12-01},
journal = {ACM Trans. Multimedia Comput. Commun. Appl.},
volume = {21},
number = {1},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
abstract = {Recent advancements in diffusion models have enabled the generation of realistic deepfakes from textual prompts in natural language. While these models have numerous benefits across various sectors, they have also raised concerns about the potential misuse of fake images and cast new pressures on fake image detection. In this work, we pioneer a systematic study on deepfake detection generated by state-of-the-art diffusion models. Firstly, we conduct a comprehensive analysis of the performance of contrastive and classification-based visual features, respectively, extracted from CLIP-based models and ResNet or Vision Transformer (ViT)-based architectures trained on image classification datasets. Our results demonstrate that fake images share common low-level cues, which render them easily recognizable. Further, we devise a multimodal setting wherein fake images are synthesized by different textual captions, which are used as seeds for a generator. Under this setting, we quantify the performance of fake detection strategies and introduce a contrastive-based disentangling method that lets us analyze the role of the semantics of textual descriptions and low-level perceptual cues. Finally, we release a new dataset, called COCOFake, containing about 1.2 million images generated from the original COCO image–caption pairs using two recent text-to-image diffusion models, namely Stable Diffusion v1.4 and v2.0.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Recent advancements in diffusion models have enabled the generation of realistic deepfakes from textual prompts in natural language. While these models have numerous benefits across various sectors, they have also raised concerns about the potential misuse of fake images and cast new pressures on fake image detection. In this work, we pioneer a systematic study on deepfake detection generated by state-of-the-art diffusion models. Firstly, we conduct a comprehensive analysis of the performance of contrastive and classification-based visual features, respectively, extracted from CLIP-based models and ResNet or Vision Transformer (ViT)-based architectures trained on image classification datasets. Our results demonstrate that fake images share common low-level cues, which render them easily recognizable. Further, we devise a multimodal setting wherein fake images are synthesized by different textual captions, which are used as seeds for a generator. Under this setting, we quantify the performance of fake detection strategies and introduce a contrastive-based disentangling method that lets us analyze the role of the semantics of textual descriptions and low-level perceptual cues. Finally, we release a new dataset, called COCOFake, containing about 1.2 million images generated from the original COCO image–caption pairs using two recent text-to-image diffusion models, namely Stable Diffusion v1.4 and v2.0.
Fan, Dongyang; Messmer, Bettina; Doikov, Nikita; Jaggi, Martin
On-Device Collaborative Language Modeling via a Mixture of Generalists and Specialists Journal Article
In: arXiv e-prints, pp. arXiv:2409.13931, 2024.
@article{2024arXiv240913931F,
title = {On-Device Collaborative Language Modeling via a Mixture of Generalists and Specialists},
author = {Dongyang Fan and Bettina Messmer and Nikita Doikov and Martin Jaggi},
doi = {10.48550/arXiv.2409.13931},
year = {2024},
date = {2024-09-01},
urldate = {2024-09-01},
journal = {arXiv e-prints},
pages = {arXiv:2409.13931},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Zhuang, Zhixiong; Nicolae, Maria-Irina; Fritz, Mario
Stealthy Imitation: Reward-guided Environment-free Policy Stealing Proceedings Article
In: Salakhutdinov, Ruslan; Kolter, Zico; Heller, Katherine; Weller, Adrian; Oliver, Nuria; Scarlett, Jonathan; Berkenkamp, Felix (Ed.): Proceedings of the 41st International Conference on Machine Learning, pp. 62682–62706, PMLR, 2024.
@inproceedings{pmlr-v235-zhuang24a,
title = {Stealthy Imitation: Reward-guided Environment-free Policy Stealing},
author = {Zhixiong Zhuang and Maria-Irina Nicolae and Mario Fritz},
editor = {Ruslan Salakhutdinov and Zico Kolter and Katherine Heller and Adrian Weller and Nuria Oliver and Jonathan Scarlett and Felix Berkenkamp},
url = {https://proceedings.mlr.press/v235/zhuang24a.html},
year = {2024},
date = {2024-07-01},
booktitle = {Proceedings of the 41st International Conference on Machine Learning},
volume = {235},
pages = {62682–62706},
publisher = {PMLR},
series = {Proceedings of Machine Learning Research},
abstract = {Deep reinforcement learning policies, which are integral to modern control systems, represent valuable intellectual property. The development of these policies demands considerable resources, such as domain expertise, simulation fidelity, and real-world validation. These policies are potentially vulnerable to model stealing attacks, which aim to replicate their functionality using only black-box access. In this paper, we propose Stealthy Imitation, the first attack designed to steal policies without access to the environment or knowledge of the input range. This setup has not been considered by previous model stealing methods. Lacking access to the victim’s input states distribution, Stealthy Imitation fits a reward model that allows to approximate it. We show that the victim policy is harder to imitate when the distribution of the attack queries matches that of the victim. We evaluate our approach across diverse, high-dimensional control tasks and consistently outperform prior data-free approaches adapted for policy stealing. Lastly, we propose a countermeasure that significantly diminishes the effectiveness of the attack.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Deep reinforcement learning policies, which are integral to modern control systems, represent valuable intellectual property. The development of these policies demands considerable resources, such as domain expertise, simulation fidelity, and real-world validation. These policies are potentially vulnerable to model stealing attacks, which aim to replicate their functionality using only black-box access. In this paper, we propose Stealthy Imitation, the first attack designed to steal policies without access to the environment or knowledge of the input range. This setup has not been considered by previous model stealing methods. Lacking access to the victim’s input states distribution, Stealthy Imitation fits a reward model that allows to approximate it. We show that the victim policy is harder to imitate when the distribution of the attack queries matches that of the victim. We evaluate our approach across diverse, high-dimensional control tasks and consistently outperform prior data-free approaches adapted for policy stealing. Lastly, we propose a countermeasure that significantly diminishes the effectiveness of the attack.
Barsellotti, Luca; Amoroso, Roberto; Cornia, Marcella; Baraldi, Lorenzo; Cucchiara, Rita
Training-Free Open-Vocabulary Segmentation with Offline Diffusion-Augmented Prototype Generation Proceedings Article
In: 2024 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pp. 3689-3698, 2024, ISSN: 2575-7075.
@inproceedings{10655445,
title = {Training-Free Open-Vocabulary Segmentation with Offline Diffusion-Augmented Prototype Generation},
author = {Luca Barsellotti and Roberto Amoroso and Marcella Cornia and Lorenzo Baraldi and Rita Cucchiara},
doi = {10.1109/CVPR52733.2024.00354},
issn = {2575-7075},
year = {2024},
date = {2024-06-01},
booktitle = {2024 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR)},
pages = {3689-3698},
abstract = {Open-vocabulary semantic segmentation aims at segmenting arbitrary categories expressed in textual form. Pre-vious works have trained over large amounts of image-caption pairs to enforce pixel-level multimodal alignments. However, captions provide global information about the semantics of a given image but lack direct localization of individual concepts. Further, training on large-scale datasets inevitably brings significant computational costs. In this paper, we propose FreeDA, a training-free diffusion-augmented method for open-vocabulary semantic segmentation, which leverages the ability of diffusion models to visually localize generated concepts and local-global similarities to match class-agnostic regions with semantic classes. Our approach involves an offline stage in which textual-visual reference embeddings are collected, starting from a large set of captions and leveraging visual and semantic contexts. At test time, these are queried to support the visual matching process, which is carried out by jointly considering class-agnostic regions and global semantic similarities. Extensive analyses demonstrate that FreeDA achieves state-of-the-art performance on five datasets, surpassing previous methods by more than 7.0 average points in terms of mIoU and without requiring any training. Our source code is available at aimagelab.github. io/freeda.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Open-vocabulary semantic segmentation aims at segmenting arbitrary categories expressed in textual form. Pre-vious works have trained over large amounts of image-caption pairs to enforce pixel-level multimodal alignments. However, captions provide global information about the semantics of a given image but lack direct localization of individual concepts. Further, training on large-scale datasets inevitably brings significant computational costs. In this paper, we propose FreeDA, a training-free diffusion-augmented method for open-vocabulary semantic segmentation, which leverages the ability of diffusion models to visually localize generated concepts and local-global similarities to match class-agnostic regions with semantic classes. Our approach involves an offline stage in which textual-visual reference embeddings are collected, starting from a large set of captions and leveraging visual and semantic contexts. At test time, these are queried to support the visual matching process, which is carried out by jointly considering class-agnostic regions and global semantic similarities. Extensive analyses demonstrate that FreeDA achieves state-of-the-art performance on five datasets, surpassing previous methods by more than 7.0 average points in terms of mIoU and without requiring any training. Our source code is available at aimagelab.github. io/freeda.
Trivigno, Gabriele; Masone, Carlo; Caputo, Barbara; Sattler, Torsten
The Unreasonable Effectiveness of Pre-Trained Features for Camera Pose Refinement Proceedings Article
In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pp. 12786-12798, 2024.
@inproceedings{Trivigno_2024_CVPR,
title = {The Unreasonable Effectiveness of Pre-Trained Features for Camera Pose Refinement},
author = {Gabriele Trivigno and Carlo Masone and Barbara Caputo and Torsten Sattler},
year = {2024},
date = {2024-06-01},
booktitle = {Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR)},
pages = {12786-12798},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Smuha, Nathalie A.; Yeung, Karen
The European Union’s AI Act: beyond motherhood and apple pie? Journal Article
In: SSRN Electronic Journal, 2024.
@article{SmuhaYeung2024,
title = {The European Union's AI Act: beyond motherhood and apple pie?},
author = {Nathalie A. Smuha and Karen Yeung},
url = {https://ssrn.com/abstract=4874852},
doi = {10.2139/ssrn.4874852},
year = {2024},
date = {2024-06-01},
journal = {SSRN Electronic Journal},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Fahes, Mohammad; Vu, Tuan-Hung; Bursuc, Andrei; Pérez, Patrick; Charette, Raoul De
A Simple Recipe for Language-Guided Domain Generalized Segmentation Proceedings Article
In: 2024 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pp. 23428-23437, 2024, ISSN: 2575-7075.
@inproceedings{10658405,
title = {A Simple Recipe for Language-Guided Domain Generalized Segmentation},
author = {Mohammad Fahes and Tuan-Hung Vu and Andrei Bursuc and Patrick Pérez and Raoul De Charette},
doi = {10.1109/CVPR52733.2024.02211},
issn = {2575-7075},
year = {2024},
date = {2024-06-01},
booktitle = {2024 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR)},
pages = {23428-23437},
abstract = {Generalization to new domains not seen during training is one of the longstanding challenges in deploying neural networks in real-world applications. Existing generalization techniques either necessitate external images for augmentation, and/or aim at learning invariant representations by imposing various alignment constraints. Largescale pretraining has recently shown promising generalization capabilities, along with the potential of binding different modalities. For instance, the advent of vision-language models like CLIP has opened the doorway for vision models to exploit the textual modality. In this paper, we introduce a simple framework for generalizing semantic segmentation networks by employing language as the source of randomization. Our recipe comprises three key ingredients: (i) the preservation of the intrinsic CLIP robustness through mini-mal fine-tuning, (ii) language-driven local style augmentation, and (iii) randomization by locally mixing the source and augmented styles during training. Extensive experiments report state-of-the-art results on various generalization benchmarks. Code is accessible on the project page11https://astra-vision.github.io/FAMix.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Generalization to new domains not seen during training is one of the longstanding challenges in deploying neural networks in real-world applications. Existing generalization techniques either necessitate external images for augmentation, and/or aim at learning invariant representations by imposing various alignment constraints. Largescale pretraining has recently shown promising generalization capabilities, along with the potential of binding different modalities. For instance, the advent of vision-language models like CLIP has opened the doorway for vision models to exploit the textual modality. In this paper, we introduce a simple framework for generalizing semantic segmentation networks by employing language as the source of randomization. Our recipe comprises three key ingredients: (i) the preservation of the intrinsic CLIP robustness through mini-mal fine-tuning, (ii) language-driven local style augmentation, and (iii) randomization by locally mixing the source and augmented styles during training. Extensive experiments report state-of-the-art results on various generalization benchmarks. Code is accessible on the project page11https://astra-vision.github.io/FAMix.
Böhle, Moritz; Singh, Navdeeppal; Fritz, Mario; Schiele, Bernt
B-Cos Alignment for Inherently Interpretable CNNs and Vision Transformers Journal Article
In: IEEE Trans. Pattern Anal. Mach. Intell., vol. 46, no. 6, pp. 4504–4518, 2024, ISSN: 0162-8828.
@article{10.1109/TPAMI.2024.3355155,
title = {B-Cos Alignment for Inherently Interpretable CNNs and Vision Transformers},
author = {Moritz Böhle and Navdeeppal Singh and Mario Fritz and Bernt Schiele},
url = {https://doi.org/10.1109/TPAMI.2024.3355155},
doi = {10.1109/TPAMI.2024.3355155},
issn = {0162-8828},
year = {2024},
date = {2024-06-01},
urldate = {2024-06-01},
journal = {IEEE Trans. Pattern Anal. Mach. Intell.},
volume = {46},
number = {6},
pages = {4504–4518},
publisher = {IEEE Computer Society},
address = {USA},
abstract = {We present a new direction for increasing the interpretability of deep neural networks (DNNs) by promoting weight-input alignment during training. For this, we propose to replace the linear transformations in DNNs by our novel B-cos transformation. As we show, a sequence (network) of such transformations induces a single linear transformation that faithfully summarises the full model computations. Moreover, the B-cos transformation is designed such that the weights align with relevant signals during optimisation. As a result, those induced linear transformations become highly interpretable and highlight task-relevant features. Importantly, the B-cos transformation is designed to be compatible with existing architectures and we show that it can easily be integrated into virtually all of the latest state of the art models for computer vision—e.g. ResNets, DenseNets, ConvNext models, as well as Vision Transformers—by combining the B-cos-based explanations with normalisation and attention layers, all whilst maintaining similar accuracy on ImageNet. Finally, we show that the resulting explanations are of high visual quality and perform well under quantitative interpretability metrics.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
We present a new direction for increasing the interpretability of deep neural networks (DNNs) by promoting weight-input alignment during training. For this, we propose to replace the linear transformations in DNNs by our novel B-cos transformation. As we show, a sequence (network) of such transformations induces a single linear transformation that faithfully summarises the full model computations. Moreover, the B-cos transformation is designed such that the weights align with relevant signals during optimisation. As a result, those induced linear transformations become highly interpretable and highlight task-relevant features. Importantly, the B-cos transformation is designed to be compatible with existing architectures and we show that it can easily be integrated into virtually all of the latest state of the art models for computer vision—e.g. ResNets, DenseNets, ConvNext models, as well as Vision Transformers—by combining the B-cos-based explanations with normalisation and attention layers, all whilst maintaining similar accuracy on ImageNet. Finally, we show that the resulting explanations are of high visual quality and perform well under quantitative interpretability metrics.
Berton, Gabriele; Goletto, Gabriele; Trivigno, Gabriele; Stoken, Alex; Caputo, Barbara; Masone, Carlo
EarthMatch: Iterative Coregistration for Fine-grained Localization of Astronaut Photography Proceedings Article
In: 2024 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops (CVPRW), pp. 4264-4274, IEEE Computer Society, Los Alamitos, CA, USA, 2024.
@inproceedings{10678575,
title = { EarthMatch: Iterative Coregistration for Fine-grained Localization of Astronaut Photography },
author = {Gabriele Berton and Gabriele Goletto and Gabriele Trivigno and Alex Stoken and Barbara Caputo and Carlo Masone},
url = {https://doi.ieeecomputersociety.org/10.1109/CVPRW63382.2024.00430},
doi = {10.1109/CVPRW63382.2024.00430},
year = {2024},
date = {2024-06-01},
booktitle = {2024 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops (CVPRW)},
pages = {4264-4274},
publisher = {IEEE Computer Society},
address = {Los Alamitos, CA, USA},
abstract = {Precise, pixel-wise geolocalization of astronaut photography is critical to unlocking the potential of this unique type of remotely sensed Earth data, particularly for its use in disaster management and climate change research. Recent works have established the Astronaut Photography Localization task, but have either proved too costly for mass deployment or generated too coarse a localization. Thus, we present EarthMatch, an iterative homography estimation method that produces fine-grained localization of astronaut photographs while maintaining an emphasis on speed. We refocus the astronaut photography benchmark, AIMS, on the geolocalization task itself, and prove our method’s efficacy on this dataset. In addition, we offer a new, fair method for image matcher comparison, and an extensive evaluation of different matching models within our localization pipeline. Our method will enable fast and accurate localization of the 4.5 million and growing collection of astronaut photography of Earth. Code and data are available at https://EarthLoc-and-EarthMatch.github.io/},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Precise, pixel-wise geolocalization of astronaut photography is critical to unlocking the potential of this unique type of remotely sensed Earth data, particularly for its use in disaster management and climate change research. Recent works have established the Astronaut Photography Localization task, but have either proved too costly for mass deployment or generated too coarse a localization. Thus, we present EarthMatch, an iterative homography estimation method that produces fine-grained localization of astronaut photographs while maintaining an emphasis on speed. We refocus the astronaut photography benchmark, AIMS, on the geolocalization task itself, and prove our method’s efficacy on this dataset. In addition, we offer a new, fair method for image matcher comparison, and an extensive evaluation of different matching models within our localization pipeline. Our method will enable fast and accurate localization of the 4.5 million and growing collection of astronaut photography of Earth. Code and data are available at https://EarthLoc-and-EarthMatch.github.io/
Franchi, Gianni; Laurent, Olivier; Leguery, Maxence; Bursuc, Andrei; Pilzer, Andrea; Yao, Angela
Make Me a BNN: A Simple Strategy for Estimating Bayesian Uncertainty from Pre-trained Models Proceedings Article
In: 2024 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pp. 12194-12204, IEEE Computer Society, Los Alamitos, CA, USA, 2024.
@inproceedings{10656702,
title = { Make Me a BNN: A Simple Strategy for Estimating Bayesian Uncertainty from Pre-trained Models },
author = {Gianni Franchi and Olivier Laurent and Maxence Leguery and Andrei Bursuc and Andrea Pilzer and Angela Yao},
url = {https://doi.ieeecomputersociety.org/10.1109/CVPR52733.2024.01159},
doi = {10.1109/CVPR52733.2024.01159},
year = {2024},
date = {2024-06-01},
booktitle = {2024 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR)},
pages = {12194-12204},
publisher = {IEEE Computer Society},
address = {Los Alamitos, CA, USA},
abstract = {Deep Neural Networks (DNNs) are powerful tools for various computer vision tasks, yet they often struggle with reliable uncertainty quantification — a critical requirement for real-world applications. Bayesian Neural Networks (BNN) are equipped for uncertainty estimation but cannot scale to large DNNs where they are highly unstable to train. To address this challenge, we introduce the Adaptable Bayesian Neural Network (ABNN), a simple and scalable strategy to seamlessly transform DNNs into BNNs in a post-hoc manner with minimal computational and training overheads. ABNN preserves the main predictive properties of DNNs while enhancing their uncertainty quantification abilities through simple BNN adaptation layers (attached to normalization layers) and a few fine-tuning steps on pretrained models. We conduct extensive experiments across multiple datasets for image classification and semantic segmentation tasks, and our results demonstrate that ABNN achieves state-of-the-art performance without the computational budget typically associated with ensemble methods.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Deep Neural Networks (DNNs) are powerful tools for various computer vision tasks, yet they often struggle with reliable uncertainty quantification — a critical requirement for real-world applications. Bayesian Neural Networks (BNN) are equipped for uncertainty estimation but cannot scale to large DNNs where they are highly unstable to train. To address this challenge, we introduce the Adaptable Bayesian Neural Network (ABNN), a simple and scalable strategy to seamlessly transform DNNs into BNNs in a post-hoc manner with minimal computational and training overheads. ABNN preserves the main predictive properties of DNNs while enhancing their uncertainty quantification abilities through simple BNN adaptation layers (attached to normalization layers) and a few fine-tuning steps on pretrained models. We conduct extensive experiments across multiple datasets for image classification and semantic segmentation tasks, and our results demonstrate that ABNN achieves state-of-the-art performance without the computational budget typically associated with ensemble methods.
Ramesh, Shyam Sundhar; Sessa, Pier Giuseppe; Hu, Yifan; Krause, Andreas; Bogunovic, Ilija
Distributionally Robust Model-based Reinforcement Learning with Large State Spaces Proceedings Article
In: Dasgupta, Sanjoy; Mandt, Stephan; Li, Yingzhen (Ed.): Proceedings of The 27th International Conference on Artificial Intelligence and Statistics, pp. 100–108, PMLR, 2024.
@inproceedings{pmlr-v238-sundhar-ramesh24a,
title = {Distributionally Robust Model-based Reinforcement Learning with Large State Spaces},
author = {Shyam Sundhar Ramesh and Pier Giuseppe Sessa and Yifan Hu and Andreas Krause and Ilija Bogunovic},
editor = {Sanjoy Dasgupta and Stephan Mandt and Yingzhen Li},
url = {https://proceedings.mlr.press/v238/sundhar-ramesh24a.html},
year = {2024},
date = {2024-05-01},
booktitle = {Proceedings of The 27th International Conference on Artificial Intelligence and Statistics},
volume = {238},
pages = {100–108},
publisher = {PMLR},
series = {Proceedings of Machine Learning Research},
abstract = {Three major challenges in reinforcement learning are the complex dynamical systems with large state spaces, the costly data acquisition processes, and the deviation of real-world dynamics from the training environment deployment. To overcome these issues, we study distributionally robust Markov decision processes with continuous state spaces under the widely used Kullback-Leibler, chi-square, and total variation uncertainty sets. We propose a model-based approach that utilizes Gaussian Processes and the maximum variance reduction algorithm to efficiently learn multi-output nominal transition dynamics, leveraging access to a generative model (i.e., simulator). We further demonstrate the statistical sample complexity of the proposed method for different uncertainty sets. These complexity bounds are independent of the number of states and extend beyond linear dynamics, ensuring the effectiveness of our approach in identifying near-optimal distributionally-robust policies. The proposed method can be further combined with other model-free distributionally robust reinforcement learning methods to obtain a near-optimal robust policy. Experimental results demonstrate the robustness of our algorithm to distributional shifts and its superior performance in terms of the number of samples needed.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Three major challenges in reinforcement learning are the complex dynamical systems with large state spaces, the costly data acquisition processes, and the deviation of real-world dynamics from the training environment deployment. To overcome these issues, we study distributionally robust Markov decision processes with continuous state spaces under the widely used Kullback-Leibler, chi-square, and total variation uncertainty sets. We propose a model-based approach that utilizes Gaussian Processes and the maximum variance reduction algorithm to efficiently learn multi-output nominal transition dynamics, leveraging access to a generative model (i.e., simulator). We further demonstrate the statistical sample complexity of the proposed method for different uncertainty sets. These complexity bounds are independent of the number of states and extend beyond linear dynamics, ensuring the effectiveness of our approach in identifying near-optimal distributionally-robust policies. The proposed method can be further combined with other model-free distributionally robust reinforcement learning methods to obtain a near-optimal robust policy. Experimental results demonstrate the robustness of our algorithm to distributional shifts and its superior performance in terms of the number of samples needed.
Aghasanli, Agil; Angelov, Plamen
Edge Implementation of Unsupervised Self-evolving Vision Classifier Proceedings Article
In: 2024 IEEE International Conference on Evolving and Adaptive Intelligent Systems (EAIS), pp. 1-8, 2024, ISSN: 2473-4691.
@inproceedings{10570024,
title = {Edge Implementation of Unsupervised Self-evolving Vision Classifier},
author = {Agil Aghasanli and Plamen Angelov},
doi = {10.1109/EAIS58494.2024.10570024},
issn = {2473-4691},
year = {2024},
date = {2024-05-01},
booktitle = {2024 IEEE International Conference on Evolving and Adaptive Intelligent Systems (EAIS)},
pages = {1-8},
abstract = {This paper details the implementation of a recently introduced method (called IDEAL) for unsupervised self-evolving vision classifier within the latent feature space defined by a large Vision Transformer (ViT-L/14) based DinoV2 model pre-trained on large data set LVD-142M. Within the IDEAL concept the pre-trained DinoV2 (PT-DinoV2) is frozen (its parameters are not changed further) and thus it reduces to a very large but still simply arithmetic transformation. The recently introduced IDEAL method is leveraging the 1024-dimensional final fully connected layer of the PT-DinoV2 as a feature extractor defining the latent feature space called further foundation feature (FF) space. IDEAL utilizes mini-batch k-means clustering of images taken by a micro-camera mounted on Nvidia’s Jetson nano development board within the FF space in its initialization phase. It further identifies prototypes that play a critical role in the interpretation of the classifier’s decision by evaluation of the similarity between a query image and the prototypes. The proposed implementation in its self-evolving phase also demonstrates the ability to adapt to new data/images by creating new prototypes through a simple “greedy” clustering. Furthermore, it demonstrates the ability to detect data/images that are significantly different from the ones that were already presented (open set classification or anomaly) resulting in unknown or “I do not know” type of output (inability to associate such new data/image to any of the existing prototypes). The proposed implementation demonstrates the ability to apply IDEAL method to a federated learning scenario when aggregated data (prototypes and statistics of the data that are associated with the prototypes) are passed to another edge device (Jetson nano) and it is able to continue to correctly classify images. By demonstrating the method’s feasibility in practical situations with constrained resources, this implementation substantially decreases the computational and communication overhead; thus, it provides a solution for distributed machine learning applications that are scalable and resource-efficient.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
This paper details the implementation of a recently introduced method (called IDEAL) for unsupervised self-evolving vision classifier within the latent feature space defined by a large Vision Transformer (ViT-L/14) based DinoV2 model pre-trained on large data set LVD-142M. Within the IDEAL concept the pre-trained DinoV2 (PT-DinoV2) is frozen (its parameters are not changed further) and thus it reduces to a very large but still simply arithmetic transformation. The recently introduced IDEAL method is leveraging the 1024-dimensional final fully connected layer of the PT-DinoV2 as a feature extractor defining the latent feature space called further foundation feature (FF) space. IDEAL utilizes mini-batch k-means clustering of images taken by a micro-camera mounted on Nvidia’s Jetson nano development board within the FF space in its initialization phase. It further identifies prototypes that play a critical role in the interpretation of the classifier’s decision by evaluation of the similarity between a query image and the prototypes. The proposed implementation in its self-evolving phase also demonstrates the ability to adapt to new data/images by creating new prototypes through a simple “greedy” clustering. Furthermore, it demonstrates the ability to detect data/images that are significantly different from the ones that were already presented (open set classification or anomaly) resulting in unknown or “I do not know” type of output (inability to associate such new data/image to any of the existing prototypes). The proposed implementation demonstrates the ability to apply IDEAL method to a federated learning scenario when aggregated data (prototypes and statistics of the data that are associated with the prototypes) are passed to another edge device (Jetson nano) and it is able to continue to correctly classify images. By demonstrating the method’s feasibility in practical situations with constrained resources, this implementation substantially decreases the computational and communication overhead; thus, it provides a solution for distributed machine learning applications that are scalable and resource-efficient.
Wang, Ruohan; Falk, John Isak Texas; Pontil, Massimiliano; Ciliberto, Carlo
Robust Meta-Representation Learning via Global Label Inference and Classification Journal Article
In: IEEE Transactions on Pattern Analysis & Machine Intelligence, vol. 46, no. 04, pp. 1996-2010, 2024, ISSN: 1939-3539.
@article{10298810,
title = { Robust Meta-Representation Learning via Global Label Inference and Classification },
author = {Ruohan Wang and John Isak Texas Falk and Massimiliano Pontil and Carlo Ciliberto},
url = {https://doi.ieeecomputersociety.org/10.1109/TPAMI.2023.3328184},
doi = {10.1109/TPAMI.2023.3328184},
issn = {1939-3539},
year = {2024},
date = {2024-04-01},
journal = {IEEE Transactions on Pattern Analysis & Machine Intelligence},
volume = {46},
number = {04},
pages = {1996-2010},
publisher = {IEEE Computer Society},
address = {Los Alamitos, CA, USA},
abstract = {Few-shot learning (FSL) is a central problem in meta-learning, where learners must efficiently learn from few labeled examples. Within FSL, feature pre-training has become a popular strategy to significantly improve generalization performance. However, the contribution of pre-training to generalization performance is often overlooked and understudied, with limited theoretical understanding. Further, pre-training requires a consistent set of global labels shared across training tasks, which may be unavailable in practice. In this work, we address the above issues by first showing the connection between pre-training and meta-learning. We discuss why pre-training yields more robust meta-representation and connect the theoretical analysis to existing works and empirical results. Second, we introduce Meta Label Learning (MeLa), a novel meta-learning algorithm that learns task relations by inferring global labels across tasks. This allows us to exploit pre-training for FSL even when global labels are unavailable or ill-defined. Lastly, we introduce an augmented pre-training procedure that further improves the learned meta-representation. Empirically, MeLa outperforms existing methods across a diverse range of benchmarks, in particular under a more challenging setting where the number of training tasks is limited and labels are task-specific.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Few-shot learning (FSL) is a central problem in meta-learning, where learners must efficiently learn from few labeled examples. Within FSL, feature pre-training has become a popular strategy to significantly improve generalization performance. However, the contribution of pre-training to generalization performance is often overlooked and understudied, with limited theoretical understanding. Further, pre-training requires a consistent set of global labels shared across training tasks, which may be unavailable in practice. In this work, we address the above issues by first showing the connection between pre-training and meta-learning. We discuss why pre-training yields more robust meta-representation and connect the theoretical analysis to existing works and empirical results. Second, we introduce Meta Label Learning (MeLa), a novel meta-learning algorithm that learns task relations by inferring global labels across tasks. This allows us to exploit pre-training for FSL even when global labels are unavailable or ill-defined. Lastly, we introduce an augmented pre-training procedure that further improves the learned meta-representation. Empirically, MeLa outperforms existing methods across a diverse range of benchmarks, in particular under a more challenging setting where the number of training tasks is limited and labels are task-specific.
Hajipour, Hossein; Hassler, Keno; Holz, Thorsten; Schonherr, Lea; Fritz, Mario
CodeLMSec Benchmark: Systematically Evaluating and Finding Security Vulnerabilities in Black-Box Code Language Models Proceedings Article
In: 2024 IEEE Conference on Secure and Trustworthy Machine Learning (SaTML), pp. 684-709, IEEE Computer Society, Los Alamitos, CA, USA, 2024.
@inproceedings{10516658,
title = { CodeLMSec Benchmark: Systematically Evaluating and Finding Security Vulnerabilities in Black-Box Code Language Models },
author = {Hossein Hajipour and Keno Hassler and Thorsten Holz and Lea Schonherr and Mario Fritz},
url = {https://doi.ieeecomputersociety.org/10.1109/SaTML59370.2024.00040},
doi = {10.1109/SaTML59370.2024.00040},
year = {2024},
date = {2024-04-01},
booktitle = {2024 IEEE Conference on Secure and Trustworthy Machine Learning (SaTML)},
pages = {684-709},
publisher = {IEEE Computer Society},
address = {Los Alamitos, CA, USA},
abstract = {Large language models (LLMs) for automatic code generation have recently achieved breakthroughs in several programming tasks. Their advances in competition-level programming problems have made them an essential pillar of AI-assisted pair programming, and tools such as GitHub Copilot have emerged as part of the daily programming workflow used by millions of developers. Training data for these models is usually collected from the Internet (e.g., from open-source repositories) and is likely to contain faults and security vulnerabilities. This unsanitized training data can cause the language models to learn these vulnerabilities and propagate them during the code generation procedure. While these models have been extensively evaluated for their ability to produce functionally correct programs, there remains a lack of comprehensive investigations and benchmarks addressing the security aspects of these models.In this work, we propose a method to systematically study the security issues of code language models to assess their susceptibility to generating vulnerable code. To this end, we introduce the first approach to automatically find generated code that contains vulnerabilities in black-box code generation models. This involves proposing a novel few-shot prompting approach. We evaluate the effectiveness of our approach by examining code language models in generating high-risk security weaknesses. Furthermore, we use our method to create a collection of diverse non-secure prompts for various vulnerability scenarios. This dataset serves as a benchmark to evaluate and compare the security weaknesses of code language models.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Large language models (LLMs) for automatic code generation have recently achieved breakthroughs in several programming tasks. Their advances in competition-level programming problems have made them an essential pillar of AI-assisted pair programming, and tools such as GitHub Copilot have emerged as part of the daily programming workflow used by millions of developers. Training data for these models is usually collected from the Internet (e.g., from open-source repositories) and is likely to contain faults and security vulnerabilities. This unsanitized training data can cause the language models to learn these vulnerabilities and propagate them during the code generation procedure. While these models have been extensively evaluated for their ability to produce functionally correct programs, there remains a lack of comprehensive investigations and benchmarks addressing the security aspects of these models.In this work, we propose a method to systematically study the security issues of code language models to assess their susceptibility to generating vulnerable code. To this end, we introduce the first approach to automatically find generated code that contains vulnerabilities in black-box code generation models. This involves proposing a novel few-shot prompting approach. We evaluate the effectiveness of our approach by examining code language models in generating high-risk security weaknesses. Furthermore, we use our method to create a collection of diverse non-secure prompts for various vulnerability scenarios. This dataset serves as a benchmark to evaluate and compare the security weaknesses of code language models.
Cinà, A. E.; Villani, F.; Pintor, M.; Schönherr, L.; Biggio, B.; Pelillo, M.
σ-zero: Gradient-based Optimization of ℓ0-norm Adversarial Examples Miscellaneous
2024.
@misc{nokey,
title = {σ-zero: Gradient-based Optimization of ℓ0-norm Adversarial Examples},
author = {Cinà, A.E. and Villani, F. and Pintor, M. and Schönherr, L. and Biggio, B. and Pelillo, M.},
url = {https://doi.org/10.48550/arXiv.2402.01879},
doi = {10.48550},
year = {2024},
date = {2024-02-02},
urldate = {2024-02-02},
abstract = {Evaluating the adversarial robustness of deep networks to gradient-based attacks is challenging. While most attacks consider ℓ2- and ℓ∞-norm constraints to craft input perturbations, only a few investigate sparse ℓ1- and ℓ0-norm attacks. In particular, ℓ0-norm attacks remain the least studied due to the inherent complexity of optimizing over a non-convex and non-differentiable constraint. However, evaluating adversarial robustness under these attacks could reveal weaknesses otherwise left untested with more conventional ℓ2- and ℓ∞-norm attacks. In this work, we propose a novel ℓ0-norm attack, called σ-zero, which leverages a differentiable approximation of the ℓ0 norm to facilitate gradient-based optimization, and an adaptive projection operator to dynamically adjust the trade-off between loss minimization and perturbation sparsity. Extensive evaluations using MNIST, CIFAR10, and ImageNet datasets, involving robust and non-robust models, show that σtexttt{-zero} finds minimum ℓ0-norm adversarial examples without requiring any time-consuming hyperparameter tuning, and that it outperforms all competing sparse attacks in terms of success rate, perturbation size, and efficiency.},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
Evaluating the adversarial robustness of deep networks to gradient-based attacks is challenging. While most attacks consider ℓ2- and ℓ∞-norm constraints to craft input perturbations, only a few investigate sparse ℓ1- and ℓ0-norm attacks. In particular, ℓ0-norm attacks remain the least studied due to the inherent complexity of optimizing over a non-convex and non-differentiable constraint. However, evaluating adversarial robustness under these attacks could reveal weaknesses otherwise left untested with more conventional ℓ2- and ℓ∞-norm attacks. In this work, we propose a novel ℓ0-norm attack, called σ-zero, which leverages a differentiable approximation of the ℓ0 norm to facilitate gradient-based optimization, and an adaptive projection operator to dynamically adjust the trade-off between loss minimization and perturbation sparsity. Extensive evaluations using MNIST, CIFAR10, and ImageNet datasets, involving robust and non-robust models, show that σtexttt{-zero} finds minimum ℓ0-norm adversarial examples without requiring any time-consuming hyperparameter tuning, and that it outperforms all competing sparse attacks in terms of success rate, perturbation size, and efficiency.
Shen, Ao; Zhu, Yijie; Angelov, Plamen; Jiang, Richard
Marine Debris Detection in Satellite Surveillance using Attention Mechanisms Proceedings Article
In: IEEE Journal of Selected Topics in Applied Earth Observations and Remote Sensing, pp. 4320 – 4330, IEEE, 2024.
@inproceedings{nokey,
title = {Marine Debris Detection in Satellite Surveillance using Attention Mechanisms},
author = {Ao Shen and Yijie Zhu and Plamen Angelov and Richard Jiang},
url = {https://ieeexplore.ieee.org/document/10379646/authors#authors},
doi = {10.1109/JSTARS.2024.3349489},
year = {2024},
date = {2024-01-03},
booktitle = {IEEE Journal of Selected Topics in Applied Earth Observations and Remote Sensing},
volume = {17},
pages = {4320 - 4330},
publisher = {IEEE},
abstract = {Marine debris poses a critical threat to environmental ecosystems, necessitating effective methods for its detection and localization. This study addresses the existing limitations in the literature by proposing an innovative approach that combines the instance segmentation capabilities of YOLOv7 with various attention mechanisms to enhance efficiency and broaden applicability. The primary contribution lies in the exploration and comparison of three attentional models: lightweight coordinate attention, combining spatial and channel focus (CBAM), and bottleneck transformer based on self-attention. Leveraging a meticulously labeled dataset of satellite images containing ocean debris, the study conducts a comprehensive assessment of box detection and mask evaluation. The results demonstrate that CBAM emerges as the standout performer, achieving the highest F1 score (77%) in box detection, surpassing coordinate attention (71%) and YOLOv7/bottleneck transformer (both around 66%). In mask evaluation, CBAM continues to lead with an F1 score of 73%, while coordinate attention and YOLOv7 exhibit comparable performances (around F1 scores of 68% and 69%), and bottleneck transformer lags behind at an F1 score of 56%. This compelling evidence underscores CBAM's superior suitability for detecting marine debris compared to existing methods. Notably, the study reveals an intriguing aspect of the bottleneck transformer, which, despite lower overall performance, successfully detected areas overlooked by manual annotation. Moreover, it demonstrated enhanced mask precision for larger debris pieces, hinting at potentially superior practical performance in certain scenarios. This nuanced finding underscores the importance of considering specific application requirements when selecting a detection model, as the bottleneck transformer may offer unique advantages in certain contexts.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Marine debris poses a critical threat to environmental ecosystems, necessitating effective methods for its detection and localization. This study addresses the existing limitations in the literature by proposing an innovative approach that combines the instance segmentation capabilities of YOLOv7 with various attention mechanisms to enhance efficiency and broaden applicability. The primary contribution lies in the exploration and comparison of three attentional models: lightweight coordinate attention, combining spatial and channel focus (CBAM), and bottleneck transformer based on self-attention. Leveraging a meticulously labeled dataset of satellite images containing ocean debris, the study conducts a comprehensive assessment of box detection and mask evaluation. The results demonstrate that CBAM emerges as the standout performer, achieving the highest F1 score (77%) in box detection, surpassing coordinate attention (71%) and YOLOv7/bottleneck transformer (both around 66%). In mask evaluation, CBAM continues to lead with an F1 score of 73%, while coordinate attention and YOLOv7 exhibit comparable performances (around F1 scores of 68% and 69%), and bottleneck transformer lags behind at an F1 score of 56%. This compelling evidence underscores CBAM's superior suitability for detecting marine debris compared to existing methods. Notably, the study reveals an intriguing aspect of the bottleneck transformer, which, despite lower overall performance, successfully detected areas overlooked by manual annotation. Moreover, it demonstrated enhanced mask precision for larger debris pieces, hinting at potentially superior practical performance in certain scenarios. This nuanced finding underscores the importance of considering specific application requirements when selecting a detection model, as the bottleneck transformer may offer unique advantages in certain contexts.
Baader, Maximilian; Mueller, Mark Niklas; Mao, Yuhao; Vechev, Martin
Expressivity of ReLU-Networks under Convex Relaxations Proceedings Article
In: The Twelfth International Conference on Learning Representations, 2024.
@inproceedings{baader2024expressivity,
title = {Expressivity of ReLU-Networks under Convex Relaxations},
author = {Maximilian Baader and Mark Niklas Mueller and Yuhao Mao and Martin Vechev},
url = {https://openreview.net/forum?id=awHTL3Hpto},
year = {2024},
date = {2024-01-01},
booktitle = {The Twelfth International Conference on Learning Representations},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Räisä, Ossi; Jälkö, Joonas; Honkela, Antti
Subsampling is not magic: why large batch sizes work for differentially private stochastic optimisation Proceedings Article
In: Proceedings of the 41st International Conference on Machine Learning, JMLR.org, Vienna, Austria, 2024.
@inproceedings{10.5555/3692070.3693776,
title = {Subsampling is not magic: why large batch sizes work for differentially private stochastic optimisation},
author = {Ossi Räisä and Joonas Jälkö and Antti Honkela},
year = {2024},
date = {2024-01-01},
urldate = {2024-01-01},
booktitle = {Proceedings of the 41st International Conference on Machine Learning},
publisher = {JMLR.org},
address = {Vienna, Austria},
series = {ICML'24},
abstract = {We study how the batch size affects the total gradient variance in differentially private stochastic gradient descent (DP-SGD), seeking a theoretical explanation for the usefulness of large batch sizes. As DP-SGD is the basis of modern DP deep learning, its properties have been widely studied, and recent works have empirically found large batch sizes to be beneficial. However, theoretical explanations of this benefit are currently heuristic at best. We first observe that the total gradient variance in DP-SGD can be decomposed into subsampling-induced and noise-induced variances. We then prove that in the limit of an infinite number of iterations, the effective noise-induced variance is invariant to the batch size. The remaining subsampling-induced variance decreases with larger batch sizes, so large batches reduce the effective total gradient variance. We confirm numerically that the asymptotic regime is relevant in practical settings when the batch size is not small, and find that outside the asymptotic regime, the total gradient variance decreases even more with large batch sizes. We also find a sufficient condition that implies that large batch sizes similarly reduce effective DP noise variance for one iteration of DP-SGD.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
We study how the batch size affects the total gradient variance in differentially private stochastic gradient descent (DP-SGD), seeking a theoretical explanation for the usefulness of large batch sizes. As DP-SGD is the basis of modern DP deep learning, its properties have been widely studied, and recent works have empirically found large batch sizes to be beneficial. However, theoretical explanations of this benefit are currently heuristic at best. We first observe that the total gradient variance in DP-SGD can be decomposed into subsampling-induced and noise-induced variances. We then prove that in the limit of an infinite number of iterations, the effective noise-induced variance is invariant to the batch size. The remaining subsampling-induced variance decreases with larger batch sizes, so large batches reduce the effective total gradient variance. We confirm numerically that the asymptotic regime is relevant in practical settings when the batch size is not small, and find that outside the asymptotic regime, the total gradient variance decreases even more with large batch sizes. We also find a sufficient condition that implies that large batch sizes similarly reduce effective DP noise variance for one iteration of DP-SGD.
Sheth, Ivaxi; Abdelnabi, Sahar; Fritz, Mario
Hypothesizing Missing Causal Variables with LLMs Miscellaneous
2024.
@misc{sheth2024hypothesizingmissingcausalvariables,
title = {Hypothesizing Missing Causal Variables with LLMs},
author = {Ivaxi Sheth and Sahar Abdelnabi and Mario Fritz},
url = {https://arxiv.org/abs/2409.02604},
year = {2024},
date = {2024-01-01},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
Garcia-Bordils, Sergi; Karatzas, Dimosthenis; Rusiñol, Marçal
STEP – Towards Structured Scene-Text Spotting Proceedings Article
In: 2024 IEEE/CVF Winter Conference on Applications of Computer Vision (WACV), pp. 872-881, 2024.
@inproceedings{10483597,
title = {STEP - Towards Structured Scene-Text Spotting},
author = {Sergi Garcia-Bordils and Dimosthenis Karatzas and Marçal Rusiñol},
doi = {10.1109/WACV57701.2024.00093},
year = {2024},
date = {2024-01-01},
booktitle = {2024 IEEE/CVF Winter Conference on Applications of Computer Vision (WACV)},
pages = {872-881},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Zhang, Yuchong; Kassem, Khaled; Gong, Zhengya; Mo, Fan; Ma, Yong; Kirjavainen, Emma; Häkkilä, Jonna
Human-centered AI Technologies in Human-robot Interaction for Social Settings Proceedings Article
In: Proceedings of the International Conference on Mobile and Ubiquitous Multimedia, pp. 501–505, Association for Computing Machinery, New York, NY, USA, 2024, ISBN: 9798400712838.
@inproceedings{10.1145/3701571.3701610,
title = {Human-centered AI Technologies in Human-robot Interaction for Social Settings},
author = {Yuchong Zhang and Khaled Kassem and Zhengya Gong and Fan Mo and Yong Ma and Emma Kirjavainen and Jonna Häkkilä},
url = {https://doi.org/10.1145/3701571.3701610},
doi = {10.1145/3701571.3701610},
isbn = {9798400712838},
year = {2024},
date = {2024-01-01},
urldate = {2024-01-01},
booktitle = {Proceedings of the International Conference on Mobile and Ubiquitous Multimedia},
pages = {501–505},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
series = {MUM '24},
abstract = {The increasing integration of human-robot interaction (HRI) into social settings demands the development of human-centered AI technologies that prioritize intuitive, ethical, and empathetic interactions. As robots become more prevalent in everyday life—ranging from assistive devices in healthcare to educational tools in classrooms and customer service agents in retail—it is essential to ensure they can communicate and collaborate with humans in ways that are not only effective but also socially appropriate and meaningful. This workshop aims to explore cutting-edge advancements and interdisciplinary approaches to building AI-driven systems that facilitate effective, meaningful, and socially appropriate interactions between robots and humans across various environments such as healthcare, education, and customer service. We will primarily focus on several key themes, such as human-centered contextual AI, AI-driven intelligent robotics, ethical and responsible AI, and real-world applications. This workshop invites contributions from researchers, practitioners, and developers who are working on AI systems that empower robots to operate effectively in human-centered environments. By addressing challenges such as interpreting human emotions, understanding social cues, and adhering to ethical standards, and by sharing advancements in human-centered AI, we aim to shape the future of HRI. Our goal is to ensure that robots enrich human social experiences, fostering interactions that are not only efficient but also enhance the quality of life. By uniting efforts from various disciplines, we aspire to create robots that seamlessly integrate into society, ultimately contributing to a more harmonious coexistence between humans and robotic systems.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
The increasing integration of human-robot interaction (HRI) into social settings demands the development of human-centered AI technologies that prioritize intuitive, ethical, and empathetic interactions. As robots become more prevalent in everyday life—ranging from assistive devices in healthcare to educational tools in classrooms and customer service agents in retail—it is essential to ensure they can communicate and collaborate with humans in ways that are not only effective but also socially appropriate and meaningful. This workshop aims to explore cutting-edge advancements and interdisciplinary approaches to building AI-driven systems that facilitate effective, meaningful, and socially appropriate interactions between robots and humans across various environments such as healthcare, education, and customer service. We will primarily focus on several key themes, such as human-centered contextual AI, AI-driven intelligent robotics, ethical and responsible AI, and real-world applications. This workshop invites contributions from researchers, practitioners, and developers who are working on AI systems that empower robots to operate effectively in human-centered environments. By addressing challenges such as interpreting human emotions, understanding social cues, and adhering to ethical standards, and by sharing advancements in human-centered AI, we aim to shape the future of HRI. Our goal is to ensure that robots enrich human social experiences, fostering interactions that are not only efficient but also enhance the quality of life. By uniting efforts from various disciplines, we aspire to create robots that seamlessly integrate into society, ultimately contributing to a more harmonious coexistence between humans and robotic systems.
Kangin, Dmitry; Angelov, Plamen P.
Unsupervised Domain Adaptation within Deep Foundation Latent Spaces Journal Article
In: ArXiv, vol. abs/2402.14976, 2024.
@article{Kangin2024UnsupervisedDA,
title = {Unsupervised Domain Adaptation within Deep Foundation Latent Spaces},
author = {Dmitry Kangin and Plamen P. Angelov},
url = {https://api.semanticscholar.org/CorpusID:267897989},
year = {2024},
date = {2024-01-01},
journal = {ArXiv},
volume = {abs/2402.14976},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Li, Yi; Angelov, Plamen P; Suri, Neeraj
Robust Self-Supervised Learning for Adversarial Attack Detection Proceedings Article
In: NeurIPS 2024 Workshop: Self-Supervised Learning – Theory and Practice, 2024.
@inproceedings{li2024robust,
title = {Robust Self-Supervised Learning for Adversarial Attack Detection},
author = {Yi Li and Plamen P Angelov and Neeraj Suri},
url = {https://openreview.net/forum?id=VSYnG9s2mo},
year = {2024},
date = {2024-01-01},
booktitle = {NeurIPS 2024 Workshop: Self-Supervised Learning - Theory and Practice},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Zhang, Xiyue; Wang, Zifan; Gao, Yulong; Romao, Licio; Abate, Alessandro; Kwiatkowska, Marta
Risk-Averse Certification of Bayesian Neural Networks Miscellaneous
2024.
@misc{zhang2024riskaversecertificationbayesianneural,
title = {Risk-Averse Certification of Bayesian Neural Networks},
author = {Xiyue Zhang and Zifan Wang and Yulong Gao and Licio Romao and Alessandro Abate and Marta Kwiatkowska},
url = {https://arxiv.org/abs/2411.19729},
year = {2024},
date = {2024-01-01},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
Lorenz, T; Kwiatkowska, M; Fritz, M
FullCert: deterministic end-to-end certification for training and inference of neural networks Proceedings Article
In: Springer, 2024.
@inproceedings{lorenz2024a,
title = {FullCert: deterministic end-to-end certification for training and inference of neural networks},
author = {T Lorenz and M Kwiatkowska and M Fritz},
year = {2024},
date = {2024-01-01},
publisher = {Springer},
series = {Lecture Notes in Computer Science},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Guo, Wei; Demontis, Ambra; Pintor, Maura; Chan, Patrick P. K.; Biggio, Battista
LFPD: Local-Feature-Powered Defense Against Adaptive Backdoor Attacks Proceedings Article
In: International Conference on Machine Learning and Cybernetics, pp. 607-612, IEEE, 2024.
@inproceedings{guo24-icmlc,
title = {LFPD: Local-Feature-Powered Defense Against Adaptive Backdoor Attacks},
author = {Wei Guo and Ambra Demontis and Maura Pintor and Patrick P. K. Chan and Battista Biggio},
doi = {10.1109/ICMLC63072.2024.10935153},
year = {2024},
date = {2024-01-01},
urldate = {2024-01-01},
booktitle = {International Conference on Machine Learning and Cybernetics},
pages = {607-612},
publisher = {IEEE},
series = {ICMLC},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Borlino, Francesco Cappio; Lu, Lorenzo; Tommasi, Tatiana
Foundation Models and Fine-Tuning: A Benchmark for Out of Distribution Detection Journal Article
In: IEEE Access, vol. 12, pp. 79401-79414, 2024, ISSN: 2169-3536.
@article{10547247,
title = {Foundation Models and Fine-Tuning: A Benchmark for Out of Distribution Detection},
author = {Francesco Cappio Borlino and Lorenzo Lu and Tatiana Tommasi},
doi = {10.1109/ACCESS.2024.3409587},
issn = {2169-3536},
year = {2024},
date = {2024-01-01},
journal = {IEEE Access},
volume = {12},
pages = {79401-79414},
abstract = {The rise of foundation models is pushing Computer Vision research towards a paradigm shift, in the wake of what already happened in the Natural Language Processing field. These models, trained at scale on huge data collections, provide high-quality representations that generalize well enough to be applied directly to downstream tasks, often outperforming task-specific models. The Out Of Distribution (OOD) detection problem, which involves the ability to recognize when test samples come from a previously unseen semantic category, represents one of the research fields in which this paradigm shift could have the greatest impact. However, existing testbeds are limited in scale and scope and get easily saturated when adopting foundation-based pretrainings. With this work, we introduce a new benchmark covering realistic yet harder OOD detection tasks to properly assess the performance of large pretrained models. We design an experimental framework to analyze specific choices in the model learning and use (which dataset, pretraining objective, OOD scoring function) and extensively evaluate the comparison to standard approaches that leverage a training phase on the available In Distribution (ID) data. The results highlight the actual performance benefits of leveraging foundation models in this context without any further learning effort, and identify situations where task-specific fine-tuning remains the best choice.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The rise of foundation models is pushing Computer Vision research towards a paradigm shift, in the wake of what already happened in the Natural Language Processing field. These models, trained at scale on huge data collections, provide high-quality representations that generalize well enough to be applied directly to downstream tasks, often outperforming task-specific models. The Out Of Distribution (OOD) detection problem, which involves the ability to recognize when test samples come from a previously unseen semantic category, represents one of the research fields in which this paradigm shift could have the greatest impact. However, existing testbeds are limited in scale and scope and get easily saturated when adopting foundation-based pretrainings. With this work, we introduce a new benchmark covering realistic yet harder OOD detection tasks to properly assess the performance of large pretrained models. We design an experimental framework to analyze specific choices in the model learning and use (which dataset, pretraining objective, OOD scoring function) and extensively evaluate the comparison to standard approaches that leverage a training phase on the available In Distribution (ID) data. The results highlight the actual performance benefits of leveraging foundation models in this context without any further learning effort, and identify situations where task-specific fine-tuning remains the best choice.
Ogun, Sewade; Owodunni, Abraham T.; Olatunji, Tobi; Alese, Eniola; Oladimeji, Babatunde; Afonja, Tejumade; Olaleye, Kayode; Etori, Naome A.; Adewumi, Tosin
1000 African Voices: Advancing inclusive multi-speaker multi-accent speech synthesis Proceedings Article
In: Interspeech 2024, pp. 1855–1859, 2024, ISSN: 2958-1796.
@inproceedings{ogun24_interspeech,
title = {1000 African Voices: Advancing inclusive multi-speaker multi-accent speech synthesis},
author = {Sewade Ogun and Abraham T. Owodunni and Tobi Olatunji and Eniola Alese and Babatunde Oladimeji and Tejumade Afonja and Kayode Olaleye and Naome A. Etori and Tosin Adewumi},
doi = {10.21437/Interspeech.2024-2281},
issn = {2958-1796},
year = {2024},
date = {2024-01-01},
booktitle = {Interspeech 2024},
pages = {1855–1859},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Räisä, Ossi; Honkela, Antti
A Bias-Variance Decomposition for Ensembles over Multiple Synthetic Datasets Journal Article
In: ArXiv, vol. abs/2402.03985, 2024.
@article{Ris2024ABD,
title = {A Bias-Variance Decomposition for Ensembles over Multiple Synthetic Datasets},
author = {Ossi Räisä and Antti Honkela},
url = {https://api.semanticscholar.org/CorpusID:267500003},
year = {2024},
date = {2024-01-01},
urldate = {2024-01-01},
journal = {ArXiv},
volume = {abs/2402.03985},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Iurada, Leonardo; Ciccone, Marco; Tommasi, Tatiana
Finding Lottery Tickets in Vision Models via Data-Driven Spectral Foresight Pruning Journal Article
In: 2024 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pp. 16142-16151, 2024.
@article{Iurada2024FindingLT,
title = {Finding Lottery Tickets in Vision Models via Data-Driven Spectral Foresight Pruning},
author = {Leonardo Iurada and Marco Ciccone and Tatiana Tommasi},
url = {https://api.semanticscholar.org/CorpusID:270226621},
year = {2024},
date = {2024-01-01},
journal = {2024 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR)},
pages = {16142-16151},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Haastregt, Jonne; Welle, Michael C.; Zhang, Yuchong; Kragic, Danica
Puppeteer Your Robot: Augmented Reality Leader-Follower Teleoperation Journal Article
In: 2024 IEEE-RAS 23rd International Conference on Humanoid Robots (Humanoids), pp. 1019-1026, 2024.
@article{Haastregt2024PuppeteerYR,
title = {Puppeteer Your Robot: Augmented Reality Leader-Follower Teleoperation},
author = {Jonne Haastregt and Michael C. Welle and Yuchong Zhang and Danica Kragic},
url = {https://api.semanticscholar.org/CorpusID:271218112},
year = {2024},
date = {2024-01-01},
journal = {2024 IEEE-RAS 23rd International Conference on Humanoid Robots (Humanoids)},
pages = {1019-1026},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Wang, Hui-Po; Chen, Dingfan; Kerkouche, Raouf; Fritz, Mario
FedLAP-DP: Federated Learning by Sharing Differentially Private Loss Approximations Miscellaneous
2024.
@misc{wang2024fedlapdpfederatedlearningsharing,
title = {FedLAP-DP: Federated Learning by Sharing Differentially Private Loss Approximations},
author = {Hui-Po Wang and Dingfan Chen and Raouf Kerkouche and Mario Fritz},
url = {https://arxiv.org/abs/2302.01068},
year = {2024},
date = {2024-01-01},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
Chen, Dingfan; Kerkouche, Raouf; Fritz, Mario
A Unified View of Differentially Private Deep Generative Modeling Journal Article
In: Transactions on Machine Learning Research, 2024, ISSN: 2835-8856, (Survey Certification).
@article{chen2024a,
title = {A Unified View of Differentially Private Deep Generative Modeling},
author = {Dingfan Chen and Raouf Kerkouche and Mario Fritz},
url = {https://openreview.net/forum?id=YgmBD2c9qX},
issn = {2835-8856},
year = {2024},
date = {2024-01-01},
journal = {Transactions on Machine Learning Research},
note = {Survey Certification},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Chen, Jialuo; Wang, Jingyi; Zhang, Xiyue; Sun, Youcheng; Kwiatkowska, Marta; Chen, Jiming; Cheng, Peng
FAST: Boosting Uncertainty-based Test Prioritization Methods for Neural Networks via Feature Selection Proceedings Article
In: Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering, pp. 895–906, Association for Computing Machinery, Sacramento, CA, USA, 2024, ISBN: 9798400712487.
@inproceedings{10.1145/3691620.3695472,
title = {FAST: Boosting Uncertainty-based Test Prioritization Methods for Neural Networks via Feature Selection},
author = {Jialuo Chen and Jingyi Wang and Xiyue Zhang and Youcheng Sun and Marta Kwiatkowska and Jiming Chen and Peng Cheng},
url = {https://doi.org/10.1145/3691620.3695472},
doi = {10.1145/3691620.3695472},
isbn = {9798400712487},
year = {2024},
date = {2024-01-01},
booktitle = {Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering},
pages = {895–906},
publisher = {Association for Computing Machinery},
address = {Sacramento, CA, USA},
series = {ASE '24},
abstract = {Due to the vast testing space, the increasing demand for effective and efficient testing of deep neural networks (DNNs) has led to the development of various DNN test case prioritization techniques. However, the fact that DNNs can deliver high-confidence predictions for incorrectly predicted examples, known as the over-confidence problem, causes these methods to fail to reveal high-confidence errors. To address this limitation, in this work, we propose FAST, a method that boosts existing prioritization methods through guided FeAture SelecTion. FAST is based on the insight that certain features may introduce noise that affects the model's output confidence, thereby contributing to high-confidence errors. It quantifies the importance of each feature for the model's correct predictions, and then dynamically prunes the information from the noisy features during inference to derive a new probability vector for the uncertainty estimation. With the help of FAST, the high-confidence errors and correctly classified examples become more distinguishable, resulting in higher APFD (Average Percentage of Fault Detection) values for test prioritization, and higher generalization ability for model enhancement. We conduct extensive experiments to evaluate FAST across a diverse set of model structures on multiple benchmark datasets to validate the effectiveness, efficiency, and scalability of FAST compared to the state-of-the-art prioritization techniques.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Due to the vast testing space, the increasing demand for effective and efficient testing of deep neural networks (DNNs) has led to the development of various DNN test case prioritization techniques. However, the fact that DNNs can deliver high-confidence predictions for incorrectly predicted examples, known as the over-confidence problem, causes these methods to fail to reveal high-confidence errors. To address this limitation, in this work, we propose FAST, a method that boosts existing prioritization methods through guided FeAture SelecTion. FAST is based on the insight that certain features may introduce noise that affects the model’s output confidence, thereby contributing to high-confidence errors. It quantifies the importance of each feature for the model’s correct predictions, and then dynamically prunes the information from the noisy features during inference to derive a new probability vector for the uncertainty estimation. With the help of FAST, the high-confidence errors and correctly classified examples become more distinguishable, resulting in higher APFD (Average Percentage of Fault Detection) values for test prioritization, and higher generalization ability for model enhancement. We conduct extensive experiments to evaluate FAST across a diverse set of model structures on multiple benchmark datasets to validate the effectiveness, efficiency, and scalability of FAST compared to the state-of-the-art prioritization techniques.
Minnei, Luca; Eddoubi, Hicham; Sotgiu, Angelo; Pintor, Maura; Demontis, Ambra; Biggio, Battista
Data Drift in Android Malware Detection Proceedings Article
In: International Conference on Machine Learning and Cybernetics, IEEE, 2024.
@inproceedings{minnei24-icmlc,
title = {Data Drift in Android Malware Detection},
author = {Luca Minnei and Hicham Eddoubi and Angelo Sotgiu and Maura Pintor and Ambra Demontis and Battista Biggio},
url = {https://ieeexplore.ieee.org/abstract/document/10935015},
year = {2024},
date = {2024-01-01},
urldate = {2024-01-01},
booktitle = {International Conference on Machine Learning and Cybernetics},
publisher = {IEEE},
series = {ICMLC},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Iurada, Leonardo; Bucci, Silvia; Hospedales, Timothy M.; Tommasi, Tatiana
Fairness Meets Cross-Domain Learning: A Benchmark of Models and Metrics Journal Article
In: IEEE Access, vol. 12, pp. 47854-47867, 2024, ISSN: 2169-3536.
@article{10487929,
title = {Fairness Meets Cross-Domain Learning: A Benchmark of Models and Metrics},
author = {Leonardo Iurada and Silvia Bucci and Timothy M. Hospedales and Tatiana Tommasi},
doi = {10.1109/ACCESS.2024.3383841},
issn = {2169-3536},
year = {2024},
date = {2024-01-01},
journal = {IEEE Access},
volume = {12},
pages = {47854-47867},
abstract = {Deep learning-based recognition systems are deployed at scale for real-world applications that inevitably involve our social life. Although of great support when making complex decisions, they might capture spurious data correlations and leverage sensitive attributes (e.g., age, gender, ethnicity). How to factor out this information while maintaining high performance is a problem with several open questions, many of which are shared with those of the domain adaptation and generalization literature which aims at avoiding visual domain biases. In this work, we propose an in-depth study of the relationship between cross-domain learning (CD) and model fairness, by experimentally evaluating 14 CD approaches together with 3 state-of-the-art fairness algorithms on 5 datasets of faces and medical images spanning several demographic groups. We consider attribute classification and landmark detection tasks: the latter is introduced here for the first time in the fairness literature, showing how keypoint localization may be affected by sensitive attribute biases. To assess the analyzed methods, we adopt widely used evaluation metrics while also presenting their limits with a detailed review. Moreover, we propose a new Harmonic Fairness (HF) score that can ease unfairness mitigation model comparisons. Overall, our work shows how CD approaches can outperform state-of-the-art fairness algorithms and defines a framework with dataset and metrics as well as a code suite to pave the way for a more systematic analysis of fairness problems in computer vision (Code available at: https://github.com/iurada/fairness_crossdomain).},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Deep learning-based recognition systems are deployed at scale for real-world applications that inevitably involve our social life. Although of great support when making complex decisions, they might capture spurious data correlations and leverage sensitive attributes (e.g., age, gender, ethnicity). How to factor out this information while maintaining high performance is a problem with several open questions, many of which are shared with those of the domain adaptation and generalization literature which aims at avoiding visual domain biases. In this work, we propose an in-depth study of the relationship between cross-domain learning (CD) and model fairness, by experimentally evaluating 14 CD approaches together with 3 state-of-the-art fairness algorithms on 5 datasets of faces and medical images spanning several demographic groups. We consider attribute classification and landmark detection tasks: the latter is introduced here for the first time in the fairness literature, showing how keypoint localization may be affected by sensitive attribute biases. To assess the analyzed methods, we adopt widely used evaluation metrics while also presenting their limits with a detailed review. Moreover, we propose a new Harmonic Fairness (HF) score that can ease unfairness mitigation model comparisons. Overall, our work shows how CD approaches can outperform state-of-the-art fairness algorithms and defines a framework with dataset and metrics as well as a code suite to pave the way for a more systematic analysis of fairness problems in computer vision (Code available at: https://github.com/iurada/fairness_crossdomain).
Franco, Danilo; D’Amato, Vincenzo Stefano; Pasa, Luca; Navarin, Nicolò; Oneto, Luca
Fair graph representation learning: Empowering NIFTY via Biased Edge Dropout and Fair Attribute Preprocessing Journal Article
In: Neurocomputing, vol. 563, pp. 126948, 2024, ISSN: 0925-2312.
@article{FRANCO2024126948,
title = {Fair graph representation learning: Empowering NIFTY via Biased Edge Dropout and Fair Attribute Preprocessing},
author = {Danilo Franco and Vincenzo Stefano D’Amato and Luca Pasa and Nicolò Navarin and Luca Oneto},
url = {https://www.sciencedirect.com/science/article/pii/S0925231223010718},
doi = {https://doi.org/10.1016/j.neucom.2023.126948},
issn = {0925-2312},
year = {2024},
date = {2024-01-01},
journal = {Neurocomputing},
volume = {563},
pages = {126948},
abstract = {The increasing complexity and amount of data available in modern applications strongly demand Trustworthy Learning algorithms that can be fed directly with complex and large graphs data. In fact, on one hand, machine learning models must meet high technical standards (e.g., high accuracy with limited computational requirements), but, at the same time, they must be sure not to discriminate against subgroups of the population (e.g., based on gender or ethnicity). Graph Neural Networks (GNNs) are currently the most effective solution to meet the technical requirements, even if it has been demonstrated that they inherit and amplify the biases contained in the data as a reflection of societal inequities. In fact, when dealing with graph data, these biases can be hidden not only in the node attributes but also in the connections between entities. Several Fair GNNs have been proposed in the literature, with uNIfying Fairness and stabiliTY (NIFTY) (Agarwal et al., 2021) being one of the most effective. In this paper, we will empower NIFTY’s fairness with two new strategies. The first one is a Biased Edge Dropout, namely, we drop graph edges to balance homophilous and heterophilous sensitive connections, mitigating the bias induced by subgroup node cardinality. The second one is Attributes Preprocessing, which is the process of learning a fair transformation of the original node attributes. The effectiveness of our proposal will be tested on a series of datasets with increasingly challenging scenarios. These scenarios will deal with different levels of knowledge about the entire graph, i.e., how many portions of the graph are known and which sub-portion is labelled at the training and forward phases.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
The increasing complexity and amount of data available in modern applications strongly demand Trustworthy Learning algorithms that can be fed directly with complex and large graphs data. In fact, on one hand, machine learning models must meet high technical standards (e.g., high accuracy with limited computational requirements), but, at the same time, they must be sure not to discriminate against subgroups of the population (e.g., based on gender or ethnicity). Graph Neural Networks (GNNs) are currently the most effective solution to meet the technical requirements, even if it has been demonstrated that they inherit and amplify the biases contained in the data as a reflection of societal inequities. In fact, when dealing with graph data, these biases can be hidden not only in the node attributes but also in the connections between entities. Several Fair GNNs have been proposed in the literature, with uNIfying Fairness and stabiliTY (NIFTY) (Agarwal et al., 2021) being one of the most effective. In this paper, we will empower NIFTY’s fairness with two new strategies. The first one is a Biased Edge Dropout, namely, we drop graph edges to balance homophilous and heterophilous sensitive connections, mitigating the bias induced by subgroup node cardinality. The second one is Attributes Preprocessing, which is the process of learning a fair transformation of the original node attributes. The effectiveness of our proposal will be tested on a series of datasets with increasingly challenging scenarios. These scenarios will deal with different levels of knowledge about the entire graph, i.e., how many portions of the graph are known and which sub-portion is labelled at the training and forward phases.
Cesa-Bianchi, Nicolò; Cesari, Tommaso; Vecchia, Riccardo Della
Cooperative Online Learning with Feedback Graphs Journal Article
In: Transactions on Machine Learning Research, 2024, ISSN: 2835-8856.
@article{cesa-bianchi2024cooperative,
title = {Cooperative Online Learning with Feedback Graphs},
author = {Nicolò Cesa-Bianchi and Tommaso Cesari and Riccardo Della Vecchia},
url = {https://openreview.net/forum?id=PtNyIboDIG},
issn = {2835-8856},
year = {2024},
date = {2024-01-01},
journal = {Transactions on Machine Learning Research},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Zhang, Xiyue; Wang, Benjie; Kwiatkowska, Marta
Provable Preimage Under-Approximation for Neural Networks Proceedings Article
In: Finkbeiner, Bernd; Kovács, Laura (Ed.): Tools and Algorithms for the Construction and Analysis of Systems, pp. 3–23, Springer Nature Switzerland, Cham, 2024, ISBN: 978-3-031-57256-2.
@inproceedings{10.1007/978-3-031-57256-2_1,
title = {Provable Preimage Under-Approximation for Neural Networks},
author = {Xiyue Zhang and Benjie Wang and Marta Kwiatkowska},
editor = {Bernd Finkbeiner and Laura Kovács},
isbn = {978-3-031-57256-2},
year = {2024},
date = {2024-01-01},
booktitle = {Tools and Algorithms for the Construction and Analysis of Systems},
pages = {3–23},
publisher = {Springer Nature Switzerland},
address = {Cham},
abstract = {Neural network verification mainly focuses on local robustness properties, which can be checked by bounding the image (set of outputs) of a given input set. However, often it is important to know whether a given property holds globally for the input domain, and if not then for what proportion of the input the property is true. To analyze such properties requires computing preimage abstractions of neural networks. In this work, we propose an efficient anytime algorithm for generating symbolic under-approximations of the preimage of any polyhedron output set for neural networks. Our algorithm combines a novel technique for cheaply computing polytope preimage under-approximations using linear relaxation, with a carefully-designed refinement procedure that iteratively partitions the input region into subregions using input and ReLU splitting in order to improve the approximation. Empirically, we validate the efficacy of our method across a range of domains, including a high-dimensional MNIST classification task beyond the reach of existing preimage computation methods. Finally, as use cases, we showcase the application to quantitative verification and robustness analysis. We present a sound and complete algorithm for the former, which exploits our disjoint union of polytopes representation to provide formal guarantees. For the latter, we find that our method can provide useful quantitative information even when standard verifiers cannot verify a robustness property.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Neural network verification mainly focuses on local robustness properties, which can be checked by bounding the image (set of outputs) of a given input set. However, often it is important to know whether a given property holds globally for the input domain, and if not then for what proportion of the input the property is true. To analyze such properties requires computing preimage abstractions of neural networks. In this work, we propose an efficient anytime algorithm for generating symbolic under-approximations of the preimage of any polyhedron output set for neural networks. Our algorithm combines a novel technique for cheaply computing polytope preimage under-approximations using linear relaxation, with a carefully-designed refinement procedure that iteratively partitions the input region into subregions using input and ReLU splitting in order to improve the approximation. Empirically, we validate the efficacy of our method across a range of domains, including a high-dimensional MNIST classification task beyond the reach of existing preimage computation methods. Finally, as use cases, we showcase the application to quantitative verification and robustness analysis. We present a sound and complete algorithm for the former, which exploits our disjoint union of polytopes representation to provide formal guarantees. For the latter, we find that our method can provide useful quantitative information even when standard verifiers cannot verify a robustness property.
Abdelnabi, Sahar; Gomaa, Amr; Sivaprasad, Sarath; Schönherr, Lea; Fritz, Mario
Cooperation, Competition, and Maliciousness: LLM-Stakeholders Interactive Negotiation Miscellaneous
2024.
@misc{abdelnabi2024cooperationcompetitionmaliciousnessllmstakeholders,
title = {Cooperation, Competition, and Maliciousness: LLM-Stakeholders Interactive Negotiation},
author = {Sahar Abdelnabi and Amr Gomaa and Sarath Sivaprasad and Lea Schönherr and Mario Fritz},
url = {https://arxiv.org/abs/2309.17234},
year = {2024},
date = {2024-01-01},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
Shamsabadi, Ali Shahin; Tan, Gefei; Cebere, Tudor Ioan; Bellet, Aurélien; Haddadi, Hamed; Papernot, Nicolas; Wang, Xiao; Weller, Adrian
Confidential-DPproof: Confidential Proof of Differentially Private Training Proceedings Article
In: The Twelfth International Conference on Learning Representations, 2024.
@inproceedings{shamsabadi2024confidentialdpproof,
title = {Confidential-DPproof: Confidential Proof of Differentially Private Training},
author = {Ali Shahin Shamsabadi and Gefei Tan and Tudor Ioan Cebere and Aurélien Bellet and Hamed Haddadi and Nicolas Papernot and Xiao Wang and Adrian Weller},
url = {https://openreview.net/forum?id=PQY2v6VtGe},
year = {2024},
date = {2024-01-01},
booktitle = {The Twelfth International Conference on Learning Representations},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Zverev, Egor; Abdelnabi, Sahar; Fritz, Mario; Lampert, Christoph H.
Can LLMs Separate Instructions From Data? And What Do We Even Mean By That? Proceedings Article
In: ICLR 2024 Workshop on Secure and Trustworthy Large Language Models, 2024.
@inproceedings{zverev2024can,
title = {Can LLMs Separate Instructions From Data? And What Do We Even Mean By That?},
author = {Egor Zverev and Sahar Abdelnabi and Mario Fritz and Christoph H. Lampert},
url = {https://openreview.net/forum?id=32eytC1Nt1},
year = {2024},
date = {2024-01-01},
booktitle = {ICLR 2024 Workshop on Secure and Trustworthy Large Language Models},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}