Publications
At ELSA, we aim to inspire and share knowledge within our network and beyond. The collection of publications below provides an overview of both the network’s own output and research we support. Labels distinguish the categories.
Please note that this list makes no claims of being complete. If you have published a paper which is related to ELSA and should be listed, please reach out to our Press and Communications team.
2023
Quinzan, Francesco; Soleymani, Ashkan; Jaillet, Patrick; Rojas, Cristian R.; Bauer, Stefan
DRCFS: doubly robust causal feature selection Proceedings Article
In: Proceedings of the 40th International Conference on Machine Learning, JMLR.org, Honolulu, Hawaii, USA, 2023.
@inproceedings{10.5555/3618408.3619589,
title = {DRCFS: doubly robust causal feature selection},
author = {Francesco Quinzan and Ashkan Soleymani and Patrick Jaillet and Cristian R. Rojas and Stefan Bauer},
year = {2023},
date = {2023-01-01},
booktitle = {Proceedings of the 40th International Conference on Machine Learning},
publisher = {JMLR.org},
address = {Honolulu, Hawaii, USA},
series = {ICML'23},
abstract = {Knowing the features of a complex system that are highly relevant to a particular target variable is of fundamental interest in many areas of science. Existing approaches are often limited to linear settings, sometimes lack guarantees, and in most cases, do not scale to the problem at hand, in particular to images. We propose DRCFS, a doubly robust feature selection method for identifying the causal features even in nonlinear and high dimensional settings. We provide theoretical guarantees, illustrate necessary conditions for our assumptions, and perform extensive experiments across a wide range of simulated and semi-synthetic datasets. DRCFS significantly outperforms existing state-of-the-art methods, selecting robust features even in challenging highly nonlinear and high-dimensional problems.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Knowing the features of a complex system that are highly relevant to a particular target variable is of fundamental interest in many areas of science. Existing approaches are often limited to linear settings, sometimes lack guarantees, and in most cases, do not scale to the problem at hand, in particular to images. We propose DRCFS, a doubly robust feature selection method for identifying the causal features even in nonlinear and high dimensional settings. We provide theoretical guarantees, illustrate necessary conditions for our assumptions, and perform extensive experiments across a wide range of simulated and semi-synthetic datasets. DRCFS significantly outperforms existing state-of-the-art methods, selecting robust features even in challenging highly nonlinear and high-dimensional problems.
Jälkö, Joonas; Prediger, Lukas; Honkela, Antti; Kaski, Samuel
DPVIm: Differentially Private Variational Inference Improved Journal Article
In: Transactions on Machine Learning Research, 2023, ISSN: 2835-8856, (Expert Certification).
@article{<LineBreak>j,
title = {DPVIm: Differentially Private Variational Inference Improved},
author = {Joonas Jälkö and Lukas Prediger and Antti Honkela and Samuel Kaski},
url = {https://openreview.net/forum?id=GlhM6XX1wv},
issn = {2835-8856},
year = {2023},
date = {2023-01-01},
urldate = {2023-01-01},
journal = {Transactions on Machine Learning Research},
note = {Expert Certification},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Tiboni, Gabriele; Protopapa, Andrea; Tommasi, Tatiana; Averta, Giuseppe
Domain Randomization for Robust, Affordable and Effective Closed-loop Control of Soft Robots Miscellaneous
2023.
@misc{tiboni2023dr_soro,
title = {Domain Randomization for Robust, Affordable and Effective Closed-loop Control of Soft Robots},
author = {Gabriele Tiboni and Andrea Protopapa and Tatiana Tommasi and Giuseppe Averta},
doi = {10.48550/ARXIV.2303.04136},
year = {2023},
date = {2023-01-01},
publisher = {arXiv},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
Yeung, Karen
Dispelling the Digital Enchantment: how can we move beyond its destructive influence and reclaim our right to an open future? Journal Article
In: Prometheus, vol. 39, no. 1, pp. 8-27, 2023.
@article{yeung2023dispelling,
title = {Dispelling the Digital Enchantment: how can we move beyond its destructive influence and reclaim our right to an open future?},
author = {Karen Yeung},
doi = {10.13169/prometheus.39.1.0008},
year = {2023},
date = {2023-01-01},
journal = {Prometheus},
volume = {39},
number = {1},
pages = {8-27},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Heikkilä, Mikko; Ashman, Matthew; Swaroop, Siddharth; Turner, Richard E; Honkela, Antti
Differentially private partitioned variational inference Journal Article
In: Transactions on Machine Learning Research, 2023, ISSN: 2835-8856.
@article{543fd19d85bc43e89794ff33978a064e,
title = {Differentially private partitioned variational inference},
author = {Mikko Heikkilä and Matthew Ashman and Siddharth Swaroop and Richard E Turner and Antti Honkela},
url = {https://openreview.net/forum?id=55BcghgicI},
issn = {2835-8856},
year = {2023},
date = {2023-01-01},
journal = {Transactions on Machine Learning Research},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Mao, Yuhao; Müller, Mark; Fischer, Marc; Vechev, Martin
Connecting Certified and Adversarial Training Proceedings Article
In: Oh, A.; Naumann, T.; Globerson, A.; Saenko, K.; Hardt, M.; Levine, S. (Ed.): Advances in Neural Information Processing Systems, pp. 73422–73440, Curran Associates, Inc., 2023.
@inproceedings{NEURIPS2023_e8b0c97b,
title = {Connecting Certified and Adversarial Training},
author = {Yuhao Mao and Mark Müller and Marc Fischer and Martin Vechev},
editor = {A. Oh and T. Naumann and A. Globerson and K. Saenko and M. Hardt and S. Levine},
url = {https://proceedings.neurips.cc/paper_files/paper/2023/file/e8b0c97b34fdaf58b2f48f8cca85e76a-Paper-Conference.pdf},
year = {2023},
date = {2023-01-01},
urldate = {2023-01-01},
booktitle = {Advances in Neural Information Processing Systems},
volume = {36},
pages = {73422–73440},
publisher = {Curran Associates, Inc.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Shamsabadi, Ali Shahin; Wyllie, Sierra Calanda; Franzese, Nicholas; Dullerud, Natalie; Gambs, Sébastien; Papernot, Nicolas; Wang, Xiao; Weller, Adrian
Confidential-PROFITT: Confidential PROof of FaIr Training of Trees Proceedings Article
In: The Eleventh International Conference on Learning Representations, 2023.
@inproceedings{shamsabadi2023confidentialprofitt,
title = {Confidential-PROFITT: Confidential PROof of FaIr Training of Trees},
author = {Ali Shahin Shamsabadi and Sierra Calanda Wyllie and Nicholas Franzese and Natalie Dullerud and Sébastien Gambs and Nicolas Papernot and Xiao Wang and Adrian Weller},
url = {https://openreview.net/forum?id=iIfDQVyuFD},
year = {2023},
date = {2023-01-01},
booktitle = {The Eleventh International Conference on Learning Representations},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Fan, Dongyang; Mendler-Dünner, Celestine; Jaggi, Martin
Collaborative learning via prediction consensus Proceedings Article
In: Proceedings of the 37th International Conference on Neural Information Processing Systems, Curran Associates Inc., New Orleans, LA, USA, 2023.
@inproceedings{10.5555/3666122.3666218,
title = {Collaborative learning via prediction consensus},
author = {Dongyang Fan and Celestine Mendler-Dünner and Martin Jaggi},
year = {2023},
date = {2023-01-01},
urldate = {2023-01-01},
booktitle = {Proceedings of the 37th International Conference on Neural Information Processing Systems},
publisher = {Curran Associates Inc.},
address = {New Orleans, LA, USA},
series = {NIPS '23},
abstract = {We consider a collaborative learning setting where the goal of each agent is to improve their own model by leveraging the expertise of collaborators, in addition to their own training data. To facilitate the exchange of expertise among agents, we propose a distillation-based method leveraging shared unlabeled auxiliary data, which is pseudo-labeled by the collective. Central to our method is a trust weighting scheme that serves to adaptively weigh the influence of each collaborator on the pseudo-labels until a consensus on how to label the auxiliary data is reached. We demonstrate empirically that our collaboration scheme is able to significantly boost individual models' performance in the target domain from which the auxiliary data is sampled. At the same time, it can provably mitigate the negative impact of bad models on the collective. By design, our method adeptly accommodates heterogeneity in model architectures and substantially reduces communication overhead compared to typical collaborative learning methods.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
We consider a collaborative learning setting where the goal of each agent is to improve their own model by leveraging the expertise of collaborators, in addition to their own training data. To facilitate the exchange of expertise among agents, we propose a distillation-based method leveraging shared unlabeled auxiliary data, which is pseudo-labeled by the collective. Central to our method is a trust weighting scheme that serves to adaptively weigh the influence of each collaborator on the pseudo-labels until a consensus on how to label the auxiliary data is reached. We demonstrate empirically that our collaboration scheme is able to significantly boost individual models' performance in the target domain from which the auxiliary data is sampled. At the same time, it can provably mitigate the negative impact of bad models on the collective. By design, our method adeptly accommodates heterogeneity in model architectures and substantially reduces communication overhead compared to typical collaborative learning methods.
Prediger, Lukas; Jälkö, Joonas; Honkela, Antti; Kaski, Samuel
Collaborative Learning From Distributed Data With Differentially Private Synthetic Twin Data Miscellaneous
2023.
@misc{prediger2023collaborativelearningdistributeddata,
title = {Collaborative Learning From Distributed Data With Differentially Private Synthetic Twin Data},
author = {Lukas Prediger and Joonas Jälkö and Antti Honkela and Samuel Kaski},
url = {https://arxiv.org/abs/2308.04755},
year = {2023},
date = {2023-01-01},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
Kerkouche, Raouf; Ács, Gergely; Fritz, Mario
Client-specific Property Inference against Secure Aggregation in Federated Learning Proceedings Article
In: Proceedings of the 22nd Workshop on Privacy in the Electronic Society, pp. 45–60, Association for Computing Machinery, Copenhagen, Denmark, 2023, ISBN: 9798400702358.
@inproceedings{10.1145/3603216.3624964,
title = {Client-specific Property Inference against Secure Aggregation in Federated Learning},
author = {Raouf Kerkouche and Gergely Ács and Mario Fritz},
url = {https://doi.org/10.1145/3603216.3624964},
doi = {10.1145/3603216.3624964},
isbn = {9798400702358},
year = {2023},
date = {2023-01-01},
booktitle = {Proceedings of the 22nd Workshop on Privacy in the Electronic Society},
pages = {45–60},
publisher = {Association for Computing Machinery},
address = {Copenhagen, Denmark},
series = {WPES '23},
abstract = {Federated learning has become a widely used paradigm for collaboratively training a common model among different participants with the help of a central server that coordinates the training. Although only the model parameters or other model updates are exchanged during the federated training instead of the participant's data, many attacks have shown that it is still possible to infer sensitive information or to reconstruct participant data. Although differential privacy is considered an effective solution to protect against privacy attacks, it is also criticized for its negative effect on utility. Another possible defense is to use secure aggregation, which allows the server to only access the aggregated update instead of each individual one, and it is often more appealing because it does not degrade the model quality. However, combining only the aggregated updates, which are generated by a different composition of clients in every round, may still allow the inference of some client-specific information. In this paper, we show that simple linear models can effectively capture client-specific properties only from the aggregated model updates due to the linearity of aggregation. We formulate an optimization problem across different rounds in order to infer a tested property of every client from the output of the linear models, for example, whether they have a specific sample in their training data (membership inference) or whether they misbehave and attempt to degrade the performance of the common model by poisoning attacks. Our reconstruction technique is completely passive and undetectable. We demonstrate the efficacy of our approach on several scenarios, showing that secure aggregation provides very limited privacy guarantees in practice.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Federated learning has become a widely used paradigm for collaboratively training a common model among different participants with the help of a central server that coordinates the training. Although only the model parameters or other model updates are exchanged during the federated training instead of the participant’s data, many attacks have shown that it is still possible to infer sensitive information or to reconstruct participant data. Although differential privacy is considered an effective solution to protect against privacy attacks, it is also criticized for its negative effect on utility. Another possible defense is to use secure aggregation, which allows the server to only access the aggregated update instead of each individual one, and it is often more appealing because it does not degrade the model quality. However, combining only the aggregated updates, which are generated by a different composition of clients in every round, may still allow the inference of some client-specific information. In this paper, we show that simple linear models can effectively capture client-specific properties only from the aggregated model updates due to the linearity of aggregation. We formulate an optimization problem across different rounds in order to infer a tested property of every client from the output of the linear models, for example, whether they have a specific sample in their training data (membership inference) or whether they misbehave and attempt to degrade the performance of the common model by poisoning attacks. Our reconstruction technique is completely passive and undetectable. We demonstrate the efficacy of our approach on several scenarios, showing that secure aggregation provides very limited privacy guarantees in practice.
Lorenz, Tobias; Kwiatkowska, Marta; Fritz, Mario
Certifiers Make Neural Networks Vulnerable to Availability Attacks Proceedings Article
In: Proceedings of the 16th ACM Workshop on Artificial Intelligence and Security, pp. 67–78, Association for Computing Machinery, Copenhagen, Denmark, 2023, ISBN: 9798400702600.
@inproceedings{10.1145/3605764.3623917b,
title = {Certifiers Make Neural Networks Vulnerable to Availability Attacks},
author = {Tobias Lorenz and Marta Kwiatkowska and Mario Fritz},
url = {https://doi.org/10.1145/3605764.3623917},
doi = {10.1145/3605764.3623917},
isbn = {9798400702600},
year = {2023},
date = {2023-01-01},
booktitle = {Proceedings of the 16th ACM Workshop on Artificial Intelligence and Security},
pages = {67–78},
publisher = {Association for Computing Machinery},
address = {Copenhagen, Denmark},
series = {AISec '23},
abstract = {To achieve reliable, robust, and safe AI systems, it is vital to implement fallback strategies when AI predictions cannot be trusted. Certifiers for neural networks are a reliable way to check the robustness of these predictions. They guarantee for some predictions that a certain class of manipulations or attacks could not have changed the outcome. For the remaining predictions without guarantees, the method abstains from making a prediction, and a fallback strategy needs to be invoked, which typically incurs additional costs, can require a human operator, or even fail to provide any prediction. While this is a key concept towards safe and secure AI, we show for the first time that this approach comes with its own security risks, as such fallback strategies can be deliberately triggered by an adversary. In addition to naturally occurring abstains for some inputs and perturbations, the adversary can use training-time attacks to deliberately trigger the fallback with high probability. This transfers the main system load onto the fallback, reducing the overall system's integrity and/or availability. We design two novel availability attacks, which show the practical relevance of these threats. For example, adding 1% poisoned data during training is sufficient to trigger the fallback and hence make the model unavailable for up to 100% of all inputs by inserting the trigger. Our extensive experiments across multiple datasets, model architectures, and certifiers demonstrate the broad applicability of these attacks. An initial investigation into potential defenses shows that current approaches are insufficient to mitigate the issue, highlighting the need for new, specific solutions.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
To achieve reliable, robust, and safe AI systems, it is vital to implement fallback strategies when AI predictions cannot be trusted. Certifiers for neural networks are a reliable way to check the robustness of these predictions. They guarantee for some predictions that a certain class of manipulations or attacks could not have changed the outcome. For the remaining predictions without guarantees, the method abstains from making a prediction, and a fallback strategy needs to be invoked, which typically incurs additional costs, can require a human operator, or even fail to provide any prediction. While this is a key concept towards safe and secure AI, we show for the first time that this approach comes with its own security risks, as such fallback strategies can be deliberately triggered by an adversary. In addition to naturally occurring abstains for some inputs and perturbations, the adversary can use training-time attacks to deliberately trigger the fallback with high probability. This transfers the main system load onto the fallback, reducing the overall system’s integrity and/or availability. We design two novel availability attacks, which show the practical relevance of these threats. For example, adding 1% poisoned data during training is sufficient to trigger the fallback and hence make the model unavailable for up to 100% of all inputs by inserting the trigger. Our extensive experiments across multiple datasets, model architectures, and certifiers demonstrate the broad applicability of these attacks. An initial investigation into potential defenses shows that current approaches are insufficient to mitigate the issue, highlighting the need for new, specific solutions.
Mueller, Mark Niklas; Eckert, Franziska; Fischer, Marc; Vechev, Martin
Certified Training: Small Boxes are All You Need Proceedings Article
In: The Eleventh International Conference on Learning Representations, 2023.
@inproceedings{mueller2023certified,
title = {Certified Training: Small Boxes are All You Need},
author = {Mark Niklas Mueller and Franziska Eckert and Marc Fischer and Martin Vechev},
url = {https://openreview.net/forum?id=7oFuxtJtUMH},
year = {2023},
date = {2023-01-01},
booktitle = {The Eleventh International Conference on Learning Representations},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Losch, Max; Stutz, David; Schiele, Bernt; Fritz, Mario
Certified Robust Models with Slack Control and Large Lipschitz Constants Miscellaneous
2023.
@misc{losch2023certifiedrobustmodelsslack,
title = {Certified Robust Models with Slack Control and Large Lipschitz Constants},
author = {Max Losch and David Stutz and Bernt Schiele and Mario Fritz},
url = {https://arxiv.org/abs/2309.06166},
year = {2023},
date = {2023-01-01},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
Wicker, Matthew; Piratia, Vihari; Weller, Adrian
Certification of Distributional Individual Fairness Miscellaneous
2023.
@misc{wicker2023certificationdistributionalindividualfairness,
title = {Certification of Distributional Individual Fairness},
author = {Matthew Wicker and Vihari Piratia and Adrian Weller},
url = {https://arxiv.org/abs/2311.11911},
year = {2023},
date = {2023-01-01},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
Grazzi, Riccardo; Pontil, Massimiliano; Salzo, Saverio
Bilevel optimization with a lower-level contraction: optimal sample complexity without warm-start Journal Article
In: J. Mach. Learn. Res., vol. 24, no. 1, 2023, ISSN: 1532-4435.
@article{10.5555/3648699.3648866,
title = {Bilevel optimization with a lower-level contraction: optimal sample complexity without warm-start},
author = {Riccardo Grazzi and Massimiliano Pontil and Saverio Salzo},
issn = {1532-4435},
year = {2023},
date = {2023-01-01},
journal = {J. Mach. Learn. Res.},
volume = {24},
number = {1},
publisher = {JMLR.org},
abstract = {We analyse a general class of bilevel problems, in which the upper-level problem consists in the minimization of a smooth objective function and the lower-level problem is to find the fixed point of a smooth contraction map. This type of problems include instances of meta-learning, equilibrium models, hyperparameter optimization and data poisoning adversarial attacks. Several recent works have proposed algorithms which warm-start the lower-level problem, i.e. they use the previous lower-level approximate solution as a staring point for the lower-level solver. This warm-start procedure allows one to improve the sample complexity in both the stochastic and deterministic settings, achieving in some cases the order-wise optimal sample complexity. However, there are situations, e.g., meta learning and equilibrium models, in which the warm-start procedure is not well-suited or ineffective. In this work we show that without warm-start, it is still possible to achieve order-wise (near) optimal sample complexity. In particular, we propose a simple method which uses (stochastic) fixed point iterations at the lower-level and projected inexact gradient descent at the upper-level, that reaches an ε-stationary point using O(ε-2) and Õ(ε-1) samples for the stochastic and the deterministic setting, respectively. Finally, compared to methods using warm-start, our approach yields a simpler analysis that does not need to study the coupled interactions between the upper-level and lower-level iterates.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
We analyse a general class of bilevel problems, in which the upper-level problem consists in the minimization of a smooth objective function and the lower-level problem is to find the fixed point of a smooth contraction map. This type of problems include instances of meta-learning, equilibrium models, hyperparameter optimization and data poisoning adversarial attacks. Several recent works have proposed algorithms which warm-start the lower-level problem, i.e. they use the previous lower-level approximate solution as a staring point for the lower-level solver. This warm-start procedure allows one to improve the sample complexity in both the stochastic and deterministic settings, achieving in some cases the order-wise optimal sample complexity. However, there are situations, e.g., meta learning and equilibrium models, in which the warm-start procedure is not well-suited or ineffective. In this work we show that without warm-start, it is still possible to achieve order-wise (near) optimal sample complexity. In particular, we propose a simple method which uses (stochastic) fixed point iterations at the lower-level and projected inexact gradient descent at the upper-level, that reaches an ε-stationary point using O(ε-2) and Õ(ε-1) samples for the stochastic and the deterministic setting, respectively. Finally, compared to methods using warm-start, our approach yields a simpler analysis that does not need to study the coupled interactions between the upper-level and lower-level iterates.
Peychev, Momchil; Müller, Mark; Fischer, Marc; Vechev, Martin
Automated Classification of Model Errors on ImageNet Proceedings Article
In: Oh, A.; Naumann, T.; Globerson, A.; Saenko, K.; Hardt, M.; Levine, S. (Ed.): Advances in Neural Information Processing Systems, pp. 36826–36885, Curran Associates, Inc., 2023.
@inproceedings{NEURIPS2023_7480ed13,
title = {Automated Classification of Model Errors on ImageNet},
author = {Momchil Peychev and Mark Müller and Marc Fischer and Martin Vechev},
editor = {A. Oh and T. Naumann and A. Globerson and K. Saenko and M. Hardt and S. Levine},
url = {https://proceedings.neurips.cc/paper_files/paper/2023/file/7480ed13740773505262791131c12b89-Paper-Conference.pdf},
year = {2023},
date = {2023-01-01},
urldate = {2023-01-01},
booktitle = {Advances in Neural Information Processing Systems},
volume = {36},
pages = {36826–36885},
publisher = {Curran Associates, Inc.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Navarin, Nicolò; Pasa, Luca; Oneto, Luca; Sperduti, Alessandro
An Empirical Study of Over-Parameterized Neural Models based on Graph Random Features Proceedings Article
In: pp. 17-22, 2023.
@inproceedings{inproceedingse,
title = {An Empirical Study of Over-Parameterized Neural Models based on Graph Random Features},
author = {Nicolò Navarin and Luca Pasa and Luca Oneto and Alessandro Sperduti},
doi = {10.14428/esann/2023.ES2023-145},
year = {2023},
date = {2023-01-01},
pages = {17-22},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Inuwa-Dutse, Isa; Toniolo, Alice; Weller, Adrian; Bhatt, Umang
Algorithmic loafing and mitigation strategies in Human-AI teams Journal Article
In: Computers in Human Behavior: Artificial Humans, vol. 1, no. 2, pp. 100024, 2023, ISSN: 2949-8821.
@article{INUWADUTSE2023100024,
title = {Algorithmic loafing and mitigation strategies in Human-AI teams},
author = {Isa Inuwa-Dutse and Alice Toniolo and Adrian Weller and Umang Bhatt},
url = {https://www.sciencedirect.com/science/article/pii/S2949882123000245},
doi = {https://doi.org/10.1016/j.chbah.2023.100024},
issn = {2949-8821},
year = {2023},
date = {2023-01-01},
journal = {Computers in Human Behavior: Artificial Humans},
volume = {1},
number = {2},
pages = {100024},
abstract = {Exercising social loafing – exerting minimal effort by an individual in a group setting – in human-machine teams could critically degrade performance, especially in high-stakes domains where human judgement is essential. Akin to social loafing in human interaction, algorithmic loafing may occur when humans mindlessly adhere to machine recommendations due to reluctance to engage analytically with AI recommendations and explanations. We consider how algorithmic loafing could emerge and how to mitigate it. Specifically, we posit that algorithmic loafing can be induced through repeated encounters with correct decisions from the AI and transparency may combat it. As a form of transparency, explanation is offered for reasons that include justification, control, and discovery. However, algorithmic loafing is further reinforced by the perceived competence that an explanation provides. In this work, we explored these ideas via human subject experiments (n = 239). We also study how improving decision transparency through validation by an external human approver affects performance. Using eight experimental conditions in a high-stakes criminal justice context, we find that decision accuracy is typically unaffected by multiple forms of transparency but there is a significant difference in performance when the machine errs. Participants who saw explanations alone are better at overriding incorrect decisions; however, those under induced algorithmic loafing exhibit poor performance with variation in decision time. We conclude with recommendations on curtailing algorithmic loafing and achieving social facilitation, where task visibility motivates individuals to perform better.},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Exercising social loafing – exerting minimal effort by an individual in a group setting – in human-machine teams could critically degrade performance, especially in high-stakes domains where human judgement is essential. Akin to social loafing in human interaction, algorithmic loafing may occur when humans mindlessly adhere to machine recommendations due to reluctance to engage analytically with AI recommendations and explanations. We consider how algorithmic loafing could emerge and how to mitigate it. Specifically, we posit that algorithmic loafing can be induced through repeated encounters with correct decisions from the AI and transparency may combat it. As a form of transparency, explanation is offered for reasons that include justification, control, and discovery. However, algorithmic loafing is further reinforced by the perceived competence that an explanation provides. In this work, we explored these ideas via human subject experiments (n = 239). We also study how improving decision transparency through validation by an external human approver affects performance. Using eight experimental conditions in a high-stakes criminal justice context, we find that decision accuracy is typically unaffected by multiple forms of transparency but there is a significant difference in performance when the machine errs. Participants who saw explanations alone are better at overriding incorrect decisions; however, those under induced algorithmic loafing exhibit poor performance with variation in decision time. We conclude with recommendations on curtailing algorithmic loafing and achieving social facilitation, where task visibility motivates individuals to perform better.
Demontis, Ambra; Pintor, Maura; Demetrio, Luca; Sotgiu, Angelo; Angioni, Daniele; Piras, Giorgio; Gupta, Srishti; Biggio, Battista; Roli, Fabio
AI Security and Safety: The PRALab Research Experience Proceedings Article
In: Ital-IA, pp. 324–328, CEUR-WS.org, 2023.
@inproceedings{demontis23-ital-ia,
title = {AI Security and Safety: The PRALab Research Experience},
author = {Ambra Demontis and Maura Pintor and Luca Demetrio and Angelo Sotgiu and Daniele Angioni and Giorgio Piras and Srishti Gupta and Battista Biggio and Fabio Roli},
year = {2023},
date = {2023-01-01},
urldate = {2023-01-01},
booktitle = {Ital-IA},
volume = {3486},
pages = {324–328},
publisher = {CEUR-WS.org},
series = {CEUR Workshop Proceedings},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Pintor, Maura; Orrù, Giulia; Maiorca, Davide; Demontis, Ambra; Demetrio, Luca; Marcialis, Gian Luca; Biggio, Battista; Roli, Fabio
Cybersecurity and AI: The PRALab Research Experience Proceedings Article
In: Ital-IA, pp. 426–431, CEUR-WS.org, 2023.
@inproceedings{pintor23-ital-ia,
title = {Cybersecurity and AI: The PRALab Research Experience},
author = {Maura Pintor and Giulia Orrù and Davide Maiorca and Ambra Demontis and Luca Demetrio and Gian Luca Marcialis and Battista Biggio and Fabio Roli},
year = {2023},
date = {2023-01-01},
booktitle = {Ital-IA},
volume = {3486},
pages = {426–431},
publisher = {CEUR-WS.org},
series = {CEUR Workshop Proceedings},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
2022
Cavagnero, Niccolò; Santos, Fernando Dos; Ciccone, Marco; Averta, Giuseppe; Tommasi, Tatiana; Rech, Paolo
Transient-Fault-Aware Design and Training to Enhance DNNs Reliability with Zero-Overhead Proceedings Article
In: 2022 IEEE 28th International Symposium on On-Line Testing and Robust System Design (IOLTS), pp. 1-7, 2022, ISSN: 1942-9401.
@inproceedings{9897813,
title = {Transient-Fault-Aware Design and Training to Enhance DNNs Reliability with Zero-Overhead},
author = {Niccolò Cavagnero and Fernando Dos Santos and Marco Ciccone and Giuseppe Averta and Tatiana Tommasi and Paolo Rech},
doi = {10.1109/IOLTS56730.2022.9897813},
issn = {1942-9401},
year = {2022},
date = {2022-09-01},
booktitle = {2022 IEEE 28th International Symposium on On-Line Testing and Robust System Design (IOLTS)},
pages = {1-7},
abstract = {Deep Neural Networks (DNNs) enable a wide series of technological advancements, ranging from clinical imaging, to predictive industrial maintenance and autonomous driving. However, recent findings indicate that transient hardware faults may corrupt the models prediction dramatically. For instance, the radiation-induced misprediction probability can be so high to impede a safe deployment of DNNs models at scale, urging the need for efficient and effective hardening solutions. In this work, we propose to tackle the reliability issue both at training and model design time. First, we show that vanilla models are highly affected by transient faults, that can induce a performances drop up to 37%. Hence, we provide three zero-overhead solutions, based on DNN re-design and re-train, that can improve DNNs reliability to transient faults up to one order of magnitude. We complement our work with extensive ablation studies to quantify the gain in performances of each hardening component.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Deep Neural Networks (DNNs) enable a wide series of technological advancements, ranging from clinical imaging, to predictive industrial maintenance and autonomous driving. However, recent findings indicate that transient hardware faults may corrupt the models prediction dramatically. For instance, the radiation-induced misprediction probability can be so high to impede a safe deployment of DNNs models at scale, urging the need for efficient and effective hardening solutions. In this work, we propose to tackle the reliability issue both at training and model design time. First, we show that vanilla models are highly affected by transient faults, that can induce a performances drop up to 37%. Hence, we provide three zero-overhead solutions, based on DNN re-design and re-train, that can improve DNNs reliability to transient faults up to one order of magnitude. We complement our work with extensive ablation studies to quantify the gain in performances of each hardening component.
Koskela, Antti; Heikkilä, Mikko A.; Honkela, Antti
Tight Accounting in the Shuffle Model of Differential Privacy Online
2022.
@online{nokey,
title = {Tight Accounting in the Shuffle Model of Differential Privacy},
author = {Antti Koskela and Mikko A. Heikkilä and Antti Honkela},
url = {https://doi.org/10.48550/arXiv.2106.00477},
year = {2022},
date = {2022-01-31},
keywords = {},
pubstate = {published},
tppubtype = {online}
}
Babaei, Mahmoudreza; Mirzasoleiman, Baharan; Joo, Jungseock; Weller, Adrian
Towards Balanced Information Propagation in Social Media Journal Article
In: ACM conference on Equity and Access in Algorithms, Mechanisms, and Optimization (EAAMO), 2022.
@article{babaeitowards,
title = {Towards Balanced Information Propagation in Social Media},
author = {Mahmoudreza Babaei and Baharan Mirzasoleiman and Jungseock Joo and Adrian Weller},
year = {2022},
date = {2022-01-01},
journal = {ACM conference on Equity and Access in Algorithms, Mechanisms, and Optimization (EAAMO)},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Kwiatkowska, M
Robustness guarantees for Bayesian neural networks (invited extended abstract of a keynote speaker) Proceedings Article
In: pp. xi-xiv, Springer, 2022.
@inproceedings{kwiatkowska2022a,
title = {Robustness guarantees for Bayesian neural networks (invited extended abstract of a keynote speaker)},
author = {M Kwiatkowska},
year = {2022},
date = {2022-01-01},
pages = {xi-xiv},
publisher = {Springer},
series = {Lecture Notes in Computer Science},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Wicker, Matthew; Heo, Juyeon; Costabello, Luca; Weller, Adrian
Robust Explanation Constraints for Neural Networks Miscellaneous
2022.
@misc{wicker2022robustexplanationconstraintsneural,
title = {Robust Explanation Constraints for Neural Networks},
author = {Matthew Wicker and Juyeon Heo and Luca Costabello and Adrian Weller},
url = {https://arxiv.org/abs/2212.08507},
year = {2022},
date = {2022-01-01},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
Chen, Dingfan; Kerkouche, Raouf; Fritz, Mario
Private set generation with discriminative information Proceedings Article
In: Proceedings of the 36th International Conference on Neural Information Processing Systems, Curran Associates Inc., New Orleans, LA, USA, 2022, ISBN: 9781713871088.
@inproceedings{10.5555/3600270.3601337,
title = {Private set generation with discriminative information},
author = {Dingfan Chen and Raouf Kerkouche and Mario Fritz},
isbn = {9781713871088},
year = {2022},
date = {2022-01-01},
booktitle = {Proceedings of the 36th International Conference on Neural Information Processing Systems},
publisher = {Curran Associates Inc.},
address = {New Orleans, LA, USA},
series = {NIPS '22},
abstract = {Differentially private data generation techniques have become a promising solution to the data privacy challenge — it enables sharing of data while complying with rigorous privacy guarantees, which is essential for scientific progress in sensitive domains. Unfortunately, restricted by the inherent complexity of modeling high-dimensional distributions, existing private generative models are struggling with the utility of synthetic samples. In contrast to existing works that aim at fitting the complete data distribution, we directly optimize for a small set of samples that are representative of the distribution under the supervision of discriminative information from downstream tasks, which is generally an easier task and more suitable for private training. Our work provides an alternative view for differentially private generation of high-dimensional data and introduces a simple yet effective method that greatly improves the sample utility of state-of-the-art approaches.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Differentially private data generation techniques have become a promising solution to the data privacy challenge — it enables sharing of data while complying with rigorous privacy guarantees, which is essential for scientific progress in sensitive domains. Unfortunately, restricted by the inherent complexity of modeling high-dimensional distributions, existing private generative models are struggling with the utility of synthetic samples. In contrast to existing works that aim at fitting the complete data distribution, we directly optimize for a small set of samples that are representative of the distribution under the supervision of discriminative information from downstream tasks, which is generally an easier task and more suitable for private training. Our work provides an alternative view for differentially private generation of high-dimensional data and introduces a simple yet effective method that greatly improves the sample utility of state-of-the-art approaches.
Chen, Valerie; Bhatt, Umang; Heidari, Hoda; Weller, Adrian; Talwalkar, Ameet
Perspectives on Incorporating Expert Feedback into Model Updates Miscellaneous
2022.
@misc{chen2022perspectives,
title = {Perspectives on Incorporating Expert Feedback into Model Updates},
author = {Valerie Chen and Umang Bhatt and Hoda Heidari and Adrian Weller and Ameet Talwalkar},
year = {2022},
date = {2022-01-01},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
R””ais””a, Ossi; J””alk””o, Joonas; Honkela, Antti; Kaski, Samuel
Noise-Aware Statistical Inference with Differentially Private Synthetic Data Proceedings Article
In: NeurIPS 2022 Workshop on Synthetic Data for Empowering ML Research, 2022.
@inproceedings{r""ais""a2022noiseaware,
title = {Noise-Aware Statistical Inference with Differentially Private Synthetic Data},
author = {Ossi R""ais""a and Joonas J""alk""o and Antti Honkela and Samuel Kaski},
url = {https://openreview.net/forum?id=BjPAuPVx8B},
year = {2022},
date = {2022-01-01},
booktitle = {NeurIPS 2022 Workshop on Synthetic Data for Empowering ML Research},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Koskela, Antti; Tobaben, Marlon; Honkela, Antti
Individual Privacy Accounting with Gaussian Differential Privacy Journal Article
In: ArXiv, vol. abs/2209.15596, 2022.
@article{Koskela2022IndividualPA,
title = {Individual Privacy Accounting with Gaussian Differential Privacy},
author = {Antti Koskela and Marlon Tobaben and Antti Honkela},
url = {https://api.semanticscholar.org/CorpusID:252668508},
year = {2022},
date = {2022-01-01},
journal = {ArXiv},
volume = {abs/2209.15596},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Grazzi, Riccardo; Akhavan, Arya; Falk, John Isak Texas; Cella, Leonardo; Pontil, Massimiliano
Group meritocratic fairness in linear contextual bandits Proceedings Article
In: Proceedings of the 36th International Conference on Neural Information Processing Systems, Curran Associates Inc., New Orleans, LA, USA, 2022, ISBN: 9781713871088.
@inproceedings{10.5555/3600270.3602041,
title = {Group meritocratic fairness in linear contextual bandits},
author = {Riccardo Grazzi and Arya Akhavan and John Isak Texas Falk and Leonardo Cella and Massimiliano Pontil},
isbn = {9781713871088},
year = {2022},
date = {2022-01-01},
booktitle = {Proceedings of the 36th International Conference on Neural Information Processing Systems},
publisher = {Curran Associates Inc.},
address = {New Orleans, LA, USA},
series = {NIPS '22},
abstract = {We study the linear contextual bandit problem where an agent has to select one candidate from a pool and each candidate belongs to a sensitive group. In this setting, candidates' rewards may not be directly comparable between groups, for example when the agent is an employer hiring candidates from different ethnic groups and some groups have a lower reward due to discriminatory bias and/or social injustice. We propose a notion of fairness that states that the agent's policy is fair when it selects a candidate with highest relative rank, which measures how good the reward is when compared to candidates from the same group. This is a very strong notion of fairness, since the relative rank is not directly observed by the agent and depends on the underlying reward model and on the distribution of rewards. Thus we study the problem of learning a policy which approximates a fair policy under the condition that the contexts are independent between groups and the distribution of rewards of each group is absolutely continuous. In particular, we design a greedy policy which at each round constructs a ridge regression estimate from the observed context-reward pairs, and then computes an estimate of the relative rank of each candidate using the empirical cumulative distribution function. We prove that, despite its simplicity and the lack of an initial exploration phase, the greedy policy achieves, up to log factors and with high probability, a fair pseudoregret of order √dT after T rounds, where d is the dimension of the context vectors. The policy also satisfies demographic parity at each round when averaged over all possible information available before the selection. Finally, we use simulated settings and experiments on the US census data to show that our policy achieves sub-linear fair pseudo-regret also in practice.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
We study the linear contextual bandit problem where an agent has to select one candidate from a pool and each candidate belongs to a sensitive group. In this setting, candidates’ rewards may not be directly comparable between groups, for example when the agent is an employer hiring candidates from different ethnic groups and some groups have a lower reward due to discriminatory bias and/or social injustice. We propose a notion of fairness that states that the agent’s policy is fair when it selects a candidate with highest relative rank, which measures how good the reward is when compared to candidates from the same group. This is a very strong notion of fairness, since the relative rank is not directly observed by the agent and depends on the underlying reward model and on the distribution of rewards. Thus we study the problem of learning a policy which approximates a fair policy under the condition that the contexts are independent between groups and the distribution of rewards of each group is absolutely continuous. In particular, we design a greedy policy which at each round constructs a ridge regression estimate from the observed context-reward pairs, and then computes an estimate of the relative rank of each candidate using the empirical cumulative distribution function. We prove that, despite its simplicity and the lack of an initial exploration phase, the greedy policy achieves, up to log factors and with high probability, a fair pseudoregret of order √dT after T rounds, where d is the dimension of the context vectors. The policy also satisfies demographic parity at each round when averaged over all possible information available before the selection. Finally, we use simulated settings and experiments on the US census data to show that our policy achieves sub-linear fair pseudo-regret also in practice.
Poklukar, Petra; Miguel, Vasco; Yin, Hang; Melo, Francisco S.; Paiva, Ana; Kragic, Danica
GMC – Geometric Multimodal Contrastive Representation Learning Proceedings Article
In: :, 2022, (QC 20220614).
@inproceedings{Poklukar1659731,
title = {GMC - Geometric Multimodal Contrastive Representation Learning},
author = {Petra Poklukar and Vasco Miguel and Hang Yin and Francisco S. Melo and Ana Paiva and Danica Kragic},
year = {2022},
date = {2022-01-01},
booktitle = {:},
institution = {KTH, Centre for Autonomous Systems, CAS},
abstract = {Learning representations of multimodal data that are both informative and robust to missing modalities at test time remains a challenging problem due to the inherent heterogeneity of data obtained from different channels. To address it, we present a novel Geometric Multimodal Contrastive (GMC) representation learning method comprised of two main components: i) a two level architecture consisting of modality-specific base encoder, allowing to process an arbitrary number of modalities to an intermediate representation of fixed dimensionality, and a shared projection head, mapping the intermediate representations to a latent representation space; ii) a multimodal contrastive loss function that encourages the geometric alignment of the learned representations. We experimentally demonstrate that GMC representations are semantically rich and achieve state-of-the-art performance with missing modality information on three different learning problems including prediction and reinforcement learning tasks.},
note = {QC 20220614},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Learning representations of multimodal data that are both informative and robust to missing modalities at test time remains a challenging problem due to the inherent heterogeneity of data obtained from different channels. To address it, we present a novel Geometric Multimodal Contrastive (GMC) representation learning method comprised of two main components: i) a two level architecture consisting of modality-specific base encoder, allowing to process an arbitrary number of modalities to an intermediate representation of fixed dimensionality, and a shared projection head, mapping the intermediate representations to a latent representation space; ii) a multimodal contrastive loss function that encourages the geometric alignment of the learned representations. We experimentally demonstrate that GMC representations are semantically rich and achieve state-of-the-art performance with missing modality information on three different learning problems including prediction and reinforcement learning tasks.
Zeqiri, Mustafa; Mueller, Mark Niklas; Fischer, Marc; Vechev, Martin
Efficient Robustness Verification of Neural Ordinary Differential Equations Proceedings Article
In: The Symbiosis of Deep Learning and Differential Equations II, 2022.
@inproceedings{zeqiri2022efficient,
title = {Efficient Robustness Verification of Neural Ordinary Differential Equations},
author = {Mustafa Zeqiri and Mark Niklas Mueller and Marc Fischer and Martin Vechev},
url = {https://openreview.net/forum?id=hC2_w2d2DY},
year = {2022},
date = {2022-01-01},
booktitle = {The Symbiosis of Deep Learning and Differential Equations II},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Alliegro, Antonio; Borlino, Francesco Cappio; Tommasi, Tatiana
3DOS: Towards 3D Open Set Learning – Benchmarking and Understanding Semantic Novelty Detection on Point Clouds Proceedings Article
In: Koyejo, S.; Mohamed, S.; Agarwal, A.; Belgrave, D.; Cho, K.; Oh, A. (Ed.): Advances in Neural Information Processing Systems, pp. 21228–21240, Curran Associates, Inc., 2022.
@inproceedings{NEURIPS2022_85b6841e,
title = {3DOS: Towards 3D Open Set Learning - Benchmarking and Understanding Semantic Novelty Detection on Point Clouds},
author = {Antonio Alliegro and Francesco Cappio Borlino and Tatiana Tommasi},
editor = {S. Koyejo and S. Mohamed and A. Agarwal and D. Belgrave and K. Cho and A. Oh},
url = {https://proceedings.neurips.cc/paper_files/paper/2022/file/85b6841eaf79327b1777f9e64af3835d-Paper-Datasets_and_Benchmarks.pdf},
year = {2022},
date = {2022-01-01},
booktitle = {Advances in Neural Information Processing Systems},
volume = {35},
pages = {21228–21240},
publisher = {Curran Associates, Inc.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Pintor, Maura; Demetrio, Luca; Sotgiu, Angelo; Demontis, Ambra; Carlini, Nicholas; Biggio, Battista; Roli, Fabio
Indicators of Attack Failure: Debugging and Improving Optimization of Adversarial Examples Proceedings Article
In: Koyejo, S.; Mohamed, S.; Agarwal, A.; Belgrave, D.; Cho, K.; Oh, A. (Ed.): Advances in Neural Information Processing Systems, pp. 23063–23076, Curran Associates, Inc., 2022.
@inproceedings{pintor22-neurips,
title = {Indicators of Attack Failure: Debugging and Improving Optimization of Adversarial Examples},
author = {Maura Pintor and Luca Demetrio and Angelo Sotgiu and Ambra Demontis and Nicholas Carlini and Battista Biggio and Fabio Roli},
editor = {S. Koyejo and S. Mohamed and A. Agarwal and D. Belgrave and K. Cho and A. Oh},
year = {2022},
date = {2022-01-01},
booktitle = {Advances in Neural Information Processing Systems},
volume = {35},
pages = {23063–23076},
publisher = {Curran Associates, Inc.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
2021
Liu, Yugeng; Wen, Rui; He, Xinlei; Salem, Ahmed; Zhang, Zhikun; Backes, Michael; Cristofaro, Emiliano De; Fritz, Mario; Zhang, Yang
ML-Doctor: Holistic Risk Assessment of Inference Attacks Against Machine Learning Models Miscellaneous
2021.
@misc{liu2021mldoctorholisticriskassessment,
title = {ML-Doctor: Holistic Risk Assessment of Inference Attacks Against Machine Learning Models},
author = {Yugeng Liu and Rui Wen and Xinlei He and Ahmed Salem and Zhikun Zhang and Michael Backes and Emiliano De Cristofaro and Mario Fritz and Yang Zhang},
url = {https://arxiv.org/abs/2102.02551},
year = {2021},
date = {2021-01-01},
keywords = {},
pubstate = {published},
tppubtype = {misc}
}
Jung, Kangsoo; Biswas, Sayan; Palamidessi, Catuscia
Establishing the Price of Privacy in Federated Data Trading Journal Article
In: CoRR, vol. abs/2111.15415, 2021.
@article{DBLP:journals/corr/abs-2111-15415,
title = {Establishing the Price of Privacy in Federated Data Trading},
author = {Kangsoo Jung and Sayan Biswas and Catuscia Palamidessi},
url = {https://arxiv.org/abs/2111.15415},
year = {2021},
date = {2021-01-01},
journal = {CoRR},
volume = {abs/2111.15415},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
0000
Zhang, Yuchong; Vasco, Miguel; Björkman, Mårten; Kragic, Danica
Will You Participate? Exploring the Potential of Robotics Competitions on Human-Centric Topics Proceedings Article
In: "Kurosu, Masaaki; Hashizume, Ayako" (Ed.): Human-Computer Interaction, 0000.
@inproceedings{10.1007/978-3-031-60412-6_18,
title = {Will You Participate? Exploring the Potential of Robotics Competitions on Human-Centric Topics},
author = {Yuchong Zhang and Miguel Vasco and Mårten Björkman and Danica Kragic},
editor = {Masaaki "Kurosu and Ayako" Hashizume},
booktitle = {Human-Computer Interaction},
abstract = {"This paper presents findings from an exploratory needfinding study investigating the research current status and potential participation of the competitions on the robotics community towards four human-centric topics: safety, privacy, explainability, and federated learning. We conducted a survey with 34 participants across three distinguished European robotics consortia, nearly 60% of whom possessed over five years of research experience in robotics. Our qualitative and quantitative analysis revealed that current mainstream robotic researchers prioritize safety and explainability, expressing a greater willingness to invest in further research in these areas. Conversely, our results indicate that privacy and federated learning garner less attention and are perceived to have lower potential. Additionally, the study suggests a lack of enthusiasm within the robotics community for participating in competitions related to these topics. Based on these findings, we recommend targeting other communities, such as the machine learning community, for future competitions related to these four human-centric topics."},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
"This paper presents findings from an exploratory needfinding study investigating the research current status and potential participation of the competitions on the robotics community towards four human-centric topics: safety, privacy, explainability, and federated learning. We conducted a survey with 34 participants across three distinguished European robotics consortia, nearly 60% of whom possessed over five years of research experience in robotics. Our qualitative and quantitative analysis revealed that current mainstream robotic researchers prioritize safety and explainability, expressing a greater willingness to invest in further research in these areas. Conversely, our results indicate that privacy and federated learning garner less attention and are perceived to have lower potential. Additionally, the study suggests a lack of enthusiasm within the robotics community for participating in competitions related to these topics. Based on these findings, we recommend targeting other communities, such as the machine learning community, for future competitions related to these four human-centric topics."
Cocchi, Federico; Baraldi, Lorenzo; Poppi, Samuele; Cornia, Marcella; Baraldi, Lorenzo; Cucchiara, Rita
Unveiling the Impact of Image Transformations on Deepfake Detection: An Experimental Analysis Proceedings Article
In: Foresti, Gian Luca; Fusiello, Andrea; Hancock, Edwin (Ed.): Image Analysis and Processing – ICIAP 2023, 0000.
@inproceedings{10.1007/978-3-031-43153-1_29,
title = {Unveiling the Impact of Image Transformations on Deepfake Detection: An Experimental Analysis},
author = {Federico Cocchi and Lorenzo Baraldi and Samuele Poppi and Marcella Cornia and Lorenzo Baraldi and Rita Cucchiara},
editor = {Gian Luca Foresti and Andrea Fusiello and Edwin Hancock},
booktitle = {Image Analysis and Processing – ICIAP 2023},
abstract = {"With the recent explosion of interest in visual Generative AI, the field of deepfake detection has gained a lot of attention. In fact, deepfake detection might be the only measure to counter the potential proliferation of generated media in support of fake news and its consequences. While many of the available works limit the detection to a pure and direct classification of fake versus real, this does not translate well to a real-world scenario. Indeed, malevolent users can easily apply post-processing techniques to generated content, changing the underlying distribution of fake data. In this work, we provide an in-depth analysis of the robustness of a deepfake detection pipeline, considering different image augmentations, transformations, and other pre-processing steps. These transformations are only applied in the evaluation phase, thus simulating a practical situation in which the detector is not trained on all the possible augmentations that can be used by the attacker. In particular, we analyze the performance of a $$k$$-NN and a linear probe detector on the COCOFake dataset, using image features extracted from pre-trained models, like CLIP and DINO. Our results demonstrate that while the CLIP visual backbone outperforms DINO in deepfake detection with no augmentation, its performance varies significantly in presence of any transformation, favoring the robustness of DINO."},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
"With the recent explosion of interest in visual Generative AI, the field of deepfake detection has gained a lot of attention. In fact, deepfake detection might be the only measure to counter the potential proliferation of generated media in support of fake news and its consequences. While many of the available works limit the detection to a pure and direct classification of fake versus real, this does not translate well to a real-world scenario. Indeed, malevolent users can easily apply post-processing techniques to generated content, changing the underlying distribution of fake data. In this work, we provide an in-depth analysis of the robustness of a deepfake detection pipeline, considering different image augmentations, transformations, and other pre-processing steps. These transformations are only applied in the evaluation phase, thus simulating a practical situation in which the detector is not trained on all the possible augmentations that can be used by the attacker. In particular, we analyze the performance of a $$k$$-NN and a linear probe detector on the COCOFake dataset, using image features extracted from pre-trained models, like CLIP and DINO. Our results demonstrate that while the CLIP visual backbone outperforms DINO in deepfake detection with no augmentation, its performance varies significantly in presence of any transformation, favoring the robustness of DINO."
Biswas, Sayan; Jung, Kangsoo; Palamidessi, Catuscia
Tight Differential Privacy Guarantees for the Shuffle Model with k-Randomized Response Proceedings Article
In: Mosbah, Mohamed; Sèdes, Florence; Tawbi, Nadia; Ahmed, Toufik; Boulahia-Cuppens, Nora; Garcia-Alfaro, Joaquin (Ed.): Foundations and Practice of Security, 0000.
@inproceedings{10.1007/978-3-031-57537-2_27,
title = {Tight Differential Privacy Guarantees for the Shuffle Model with k-Randomized Response},
author = {Sayan Biswas and Kangsoo Jung and Catuscia Palamidessi},
editor = {Mohamed Mosbah and Florence Sèdes and Nadia Tawbi and Toufik Ahmed and Nora Boulahia-Cuppens and Joaquin Garcia-Alfaro},
booktitle = {Foundations and Practice of Security},
abstract = {"Most differentially private algorithms assume a central model in which a reliable third party inserts noise to queries made on datasets, or a local model where the data owners directly perturb their data. However, the central model is vulnerable via a single point of failure, and the local model has the disadvantage that the utility of the data deteriorates significantly. The recently proposed shuffle model is an intermediate framework between the central and local paradigms. In the shuffle model, data owners send their locally privatized data to a server where messages are shuffled randomly, making it impossible to trace the link between a privatized message and the corresponding sender. In this paper, we theoretically derive the tightest known differential privacy guarantee for the shuffle models with k-Randomized Response (k-RR) local randomizers, under histogram queries, and we denoise the histogram produced by the shuffle model using the matrix inversion method to evaluate the utility of the privacy mechanism. We perform experiments on both synthetic and real data to compare the privacy-utility trade-off of the shuffle model with that of the central one privatized by adding the state-of-the-art Gaussian noise to each bin. We see that the difference in statistical utilities between the central and the shuffle models shows that they are almost comparable under the same level of differential privacy protection."},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
"Most differentially private algorithms assume a central model in which a reliable third party inserts noise to queries made on datasets, or a local model where the data owners directly perturb their data. However, the central model is vulnerable via a single point of failure, and the local model has the disadvantage that the utility of the data deteriorates significantly. The recently proposed shuffle model is an intermediate framework between the central and local paradigms. In the shuffle model, data owners send their locally privatized data to a server where messages are shuffled randomly, making it impossible to trace the link between a privatized message and the corresponding sender. In this paper, we theoretically derive the tightest known differential privacy guarantee for the shuffle models with k-Randomized Response (k-RR) local randomizers, under histogram queries, and we denoise the histogram produced by the shuffle model using the matrix inversion method to evaluate the utility of the privacy mechanism. We perform experiments on both synthetic and real data to compare the privacy-utility trade-off of the shuffle model with that of the central one privatized by adding the state-of-the-art Gaussian noise to each bin. We see that the difference in statistical utilities between the central and the shuffle models shows that they are almost comparable under the same level of differential privacy protection."
Caffagni, Davide; Barraco, Manuele; Cornia, Marcella; Baraldi, Lorenzo; Cucchiara, Rita
SynthCap: Augmenting Transformers with Synthetic Data for Image Captioning Proceedings Article
In: Foresti, Gian Luca; Fusiello, Andrea; Hancock, Edwin (Ed.): Image Analysis and Processing – ICIAP 2023, 0000.
@inproceedings{10.1007/978-3-031-43148-7_10,
title = {SynthCap: Augmenting Transformers with Synthetic Data for Image Captioning},
author = {Davide Caffagni and Manuele Barraco and Marcella Cornia and Lorenzo Baraldi and Rita Cucchiara},
editor = {Gian Luca Foresti and Andrea Fusiello and Edwin Hancock},
booktitle = {Image Analysis and Processing – ICIAP 2023},
abstract = {"Image captioning is a challenging task that combines Computer Vision and Natural Language Processing to generate descriptive and accurate textual descriptions for input images. Research efforts in this field mainly focus on developing novel architectural components to extend image captioning models and using large-scale image-text datasets crawled from the web to boost final performance. In this work, we explore an alternative to web-crawled data and augment the training dataset with synthetic images generated by a latent diffusion model. In particular, we propose a simple yet effective synthetic data augmentation framework that is capable of significantly improving the quality of captions generated by a standard Transformer-based model, leading to competitive results on the COCO dataset."},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
"Image captioning is a challenging task that combines Computer Vision and Natural Language Processing to generate descriptive and accurate textual descriptions for input images. Research efforts in this field mainly focus on developing novel architectural components to extend image captioning models and using large-scale image-text datasets crawled from the web to boost final performance. In this work, we explore an alternative to web-crawled data and augment the training dataset with synthetic images generated by a latent diffusion model. In particular, we propose a simple yet effective synthetic data augmentation framework that is capable of significantly improving the quality of captions generated by a standard Transformer-based model, leading to competitive results on the COCO dataset."
Hajipour, Hossein; Yu, Ning; Staicu, Cristian-Alexandru; Fritz, Mario
SimSCOOD: Systematic Analysis of Out-of-Distribution Generalization in Fine-tuned Source Code Models Proceedings Article
In: Duh, Kevin; Gomez, Helena; Bethard, Steven (Ed.): Findings of the Association for Computational Linguistics: NAACL 2024, 0000.
@inproceedings{hajipour-etal-2024-simscood,
title = {SimSCOOD: Systematic Analysis of Out-of-Distribution Generalization in Fine-tuned Source Code Models},
author = {Hossein Hajipour and Ning Yu and Cristian-Alexandru Staicu and Mario Fritz},
editor = {Kevin Duh and Helena Gomez and Steven Bethard},
url = {"https://aclanthology.org/2024.findings-naacl.90/"},
booktitle = {Findings of the Association for Computational Linguistics: NAACL 2024},
abstract = {"Large code datasets have become increasingly accessible for pre-training source code models. However, for the fine-tuning phase, obtaining representative training data that fully covers the code distribution for specific downstream tasks remains challenging due to the task-specific nature and limited labeling resources. These lead to out-of-distribution (OOD) generalization issues with unexpected model inference behaviors that have not been systematically studied yet.In this paper, we contribute the first systematic approach that simulates various OOD scenarios along different dimensions of source code data properties and study the fine-tuned model behaviors in such scenarios. We investigate the behaviors of models under different fine-tuning methodologies, including full fine-tuning and Low-Rank Adaptation (LoRA) fine-tuning methods. Our comprehensive analysis, conducted on four state-of-the-art pretrained models and applied to two code generation tasks, exposes multiple failure modes attributed to OOD generalization issues."},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
"Large code datasets have become increasingly accessible for pre-training source code models. However, for the fine-tuning phase, obtaining representative training data that fully covers the code distribution for specific downstream tasks remains challenging due to the task-specific nature and limited labeling resources. These lead to out-of-distribution (OOD) generalization issues with unexpected model inference behaviors that have not been systematically studied yet.In this paper, we contribute the first systematic approach that simulates various OOD scenarios along different dimensions of source code data properties and study the fine-tuned model behaviors in such scenarios. We investigate the behaviors of models under different fine-tuning methodologies, including full fine-tuning and Low-Rank Adaptation (LoRA) fine-tuning methods. Our comprehensive analysis, conducted on four state-of-the-art pretrained models and applied to two code generation tasks, exposes multiple failure modes attributed to OOD generalization issues."
Li, Yi; Angelov, Plamen; Suri, Neeraj
Self-supervised Representation Learning for Adversarial Attack Detection Proceedings Article
In: Leonardis, Aleš; Ricci, Elisa; Roth, Stefan; Russakovsky, Olga; Sattler, Torsten; Varol, Gül (Ed.): Computer Vision – ECCV 2024, 0000.
@inproceedings{10.1007/978-3-031-73027-6_14,
title = {Self-supervised Representation Learning for Adversarial Attack Detection},
author = {Yi Li and Plamen Angelov and Neeraj Suri},
editor = {Aleš Leonardis and Elisa Ricci and Stefan Roth and Olga Russakovsky and Torsten Sattler and Gül Varol},
booktitle = {Computer Vision – ECCV 2024},
abstract = {"Supervised learning-based adversarial attack detection methods rely on a large number of labeled data and suffer significant performance degradation when applying the trained model to new domains. In this paper, we propose a self-supervised representation learning framework for the adversarial attack detection task to address this drawback. Firstly, we map the pixels of augmented input images into an embedding space. Then, we employ the prototype-wise contrastive estimation loss to cluster prototypes as latent variables. Additionally, drawing inspiration from the concept of memory banks, we introduce a discrimination bank to distinguish and learn representations for each individual instance that shares the same or a similar prototype, establishing a connection between instances and their associated prototypes. We propose a parallel axial-attention (PAA)-based encoder to facilitate the training process by parallel training over height- and width-axis of attention maps. Experimental results show that, compared to various benchmark self-supervised vision learning models and supervised adversarial attack detection methods, the proposed model achieves state-of-the-art performance on the adversarial attack detection task across a wide range of images."},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
"Supervised learning-based adversarial attack detection methods rely on a large number of labeled data and suffer significant performance degradation when applying the trained model to new domains. In this paper, we propose a self-supervised representation learning framework for the adversarial attack detection task to address this drawback. Firstly, we map the pixels of augmented input images into an embedding space. Then, we employ the prototype-wise contrastive estimation loss to cluster prototypes as latent variables. Additionally, drawing inspiration from the concept of memory banks, we introduce a discrimination bank to distinguish and learn representations for each individual instance that shares the same or a similar prototype, establishing a connection between instances and their associated prototypes. We propose a parallel axial-attention (PAA)-based encoder to facilitate the training process by parallel training over height- and width-axis of attention maps. Experimental results show that, compared to various benchmark self-supervised vision learning models and supervised adversarial attack detection methods, the proposed model achieves state-of-the-art performance on the adversarial attack detection task across a wide range of images."
Loiseau, Thibaut; Vu, Tuan-Hung; Chen, Mickael; Pérez, Patrick; Cord, Matthieu
Reliability in Semantic Segmentation: Can We Use Synthetic Data? Proceedings Article
In: Leonardis, Aleš; Ricci, Elisa; Roth, Stefan; Russakovsky, Olga; Sattler, Torsten; Varol, Gül (Ed.): Computer Vision – ECCV 2024, 0000.
@inproceedings{10.1007/978-3-031-73337-6_25,
title = {Reliability in Semantic Segmentation: Can We Use Synthetic Data?},
author = {Thibaut Loiseau and Tuan-Hung Vu and Mickael Chen and Patrick Pérez and Matthieu Cord},
editor = {Aleš Leonardis and Elisa Ricci and Stefan Roth and Olga Russakovsky and Torsten Sattler and Gül Varol},
booktitle = {Computer Vision – ECCV 2024},
abstract = {"Assessing the robustness of perception models to covariate shifts and their ability to detect out-of-distribution (OOD) inputs is crucial for safety-critical applications such as autonomous vehicles. By nature of such applications, however, the relevant data is difficult to collect and annotate. In this paper, we show for the first time how synthetic data can be specifically generated to assess comprehensively the real-world reliability of semantic segmentation models. By fine-tuning Stable Diffusion [31] with only in-domain data, we perform zero-shot generation of visual scenes in OOD domains or inpainted with OOD objects. This synthetic data is employed to evaluate the robustness of pretrained segmenters, thereby offering insights into their performance when confronted with real edge cases. Through extensive experiments, we demonstrate a high correlation between the performance of models when evaluated on our synthetic OOD data and when evaluated on real OOD inputs, showing the relevance of such virtual testing. Furthermore, we demonstrate how our approach can be utilized to enhance the calibration and OOD detection capabilities of segmenters. Code and dataare made public."},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
"Assessing the robustness of perception models to covariate shifts and their ability to detect out-of-distribution (OOD) inputs is crucial for safety-critical applications such as autonomous vehicles. By nature of such applications, however, the relevant data is difficult to collect and annotate. In this paper, we show for the first time how synthetic data can be specifically generated to assess comprehensively the real-world reliability of semantic segmentation models. By fine-tuning Stable Diffusion [31] with only in-domain data, we perform zero-shot generation of visual scenes in OOD domains or inpainted with OOD objects. This synthetic data is employed to evaluate the robustness of pretrained segmenters, thereby offering insights into their performance when confronted with real edge cases. Through extensive experiments, we demonstrate a high correlation between the performance of models when evaluated on our synthetic OOD data and when evaluated on real OOD inputs, showing the relevance of such virtual testing. Furthermore, we demonstrate how our approach can be utilized to enhance the calibration and OOD detection capabilities of segmenters. Code and dataare made public."
Tito, Rubèn; Nguyen, Khanh; Tobaben, Marlon; Kerkouche, Raouf; Souibgui, Mohamed Ali; Jung, Kangsoo; Jälkö, Joonas; D'Andecy, Vincent Poulain; Joseph, Aurelie; Kang, Lei; Valveny, Ernest; Honkela, Antti; Fritz, Mario; Karatzas, Dimosthenis
Privacy-Aware Document Visual Question Answering Proceedings Article
In: Smith, Elisa H. Barney; Liwicki, Marcus; Peng, Liangrui (Ed.): Document Analysis and Recognition – ICDAR 2024, 0000.
@inproceedings{10.1007/978-3-031-70552-6_12,
title = {Privacy-Aware Document Visual Question Answering},
author = {Rubèn Tito and Khanh Nguyen and Marlon Tobaben and Raouf Kerkouche and Mohamed Ali Souibgui and Kangsoo Jung and Joonas Jälkö and Vincent Poulain D'Andecy and Aurelie Joseph and Lei Kang and Ernest Valveny and Antti Honkela and Mario Fritz and Dimosthenis Karatzas},
editor = {Elisa H. Barney Smith and Marcus Liwicki and Liangrui Peng},
booktitle = {Document Analysis and Recognition - ICDAR 2024},
abstract = {Document Visual Question Answering (DocVQA) has quickly grown into a central task of document understanding. But despite the fact that documents contain sensitive or copyrighted information, none of the current DocVQA methods offers strong privacy guarantees.},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Document Visual Question Answering (DocVQA) has quickly grown into a central task of document understanding. But despite the fact that documents contain sensitive or copyrighted information, none of the current DocVQA methods offers strong privacy guarantees.
Zhu, Derui; Chen, Dingfan; Li, Qing; Chen, Zongxiong; Ma, Lei; Grossklags, Jens; Fritz, Mario
PoLLMgraph: Unraveling Hallucinations in Large Language Models via State Transition Dynamics Proceedings Article
In: Duh, Kevin; Gomez, Helena; Bethard, Steven (Ed.): Findings of the Association for Computational Linguistics: NAACL 2024, 0000.
@inproceedings{zhu-etal-2024-pollmgraph,
title = {PoLLMgraph: Unraveling Hallucinations in Large Language Models via State Transition Dynamics},
author = {Derui Zhu and Dingfan Chen and Qing Li and Zongxiong Chen and Lei Ma and Jens Grossklags and Mario Fritz},
editor = {Kevin Duh and Helena Gomez and Steven Bethard},
url = {"https://aclanthology.org/2024.findings-naacl.294/"},
booktitle = {Findings of the Association for Computational Linguistics: NAACL 2024},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
Kang, Lei; Tito, Rubèn; Valveny, Ernest; Karatzas, Dimosthenis
Multi-page Document Visual Question Answering Using Self-attention Scoring Mechanism Proceedings Article
In: Smith, Elisa H. Barney; Liwicki, Marcus; Peng, Liangrui (Ed.): Document Analysis and Recognition – ICDAR 2024, 0000.
@inproceedings{10.1007/978-3-031-70552-6_13,
title = {Multi-page Document Visual Question Answering Using Self-attention Scoring Mechanism},
author = {Lei Kang and Rubèn Tito and Ernest Valveny and Dimosthenis Karatzas},
editor = {Elisa H. Barney Smith and Marcus Liwicki and Liangrui Peng},
booktitle = {Document Analysis and Recognition - ICDAR 2024},
abstract = {"Documents are 2-dimensional carriers of written communication, and as such their interpretation requires a multi-modal approach where textual and visual information are efficiently combined. Document Visual Question Answering (Document VQA), due to this multi-modal nature, has garnered significant interest from both the document understanding and natural language processing communities. The state-of-the-art single-page Document VQA methods show impressive performance, yet in multi-page scenarios, these methods struggle. They have to concatenate all pages into one large page for processing, demanding substantial GPU resources, even for evaluation. In this work, we propose a novel method and efficient training strategy for multi-page Document VQA tasks. In particular, we employ a visual-only document representation, leveraging the encoder from a document understanding model, Pix2Struct. Our approach utilizes a self-attention scoring mechanism to generate relevance scores for each document page, enabling the retrieval of pertinent pages. This adaptation allows us to extend single-page Document VQA models to multi-page scenarios without constraints on the number of pages during evaluation, all with minimal demand for GPU resources. Our extensive experiments demonstrate not only achieving state-of-the-art performance without the need for Optical Character Recognition (OCR), but also sustained performance in scenarios extending to documents of nearly 800 pages compared to a maximum of 20 pages in the MP-DocVQA dataset. Our code is publicly available at https://github.com/leitro/SelfAttnScoring-MPDocVQA."},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
"Documents are 2-dimensional carriers of written communication, and as such their interpretation requires a multi-modal approach where textual and visual information are efficiently combined. Document Visual Question Answering (Document VQA), due to this multi-modal nature, has garnered significant interest from both the document understanding and natural language processing communities. The state-of-the-art single-page Document VQA methods show impressive performance, yet in multi-page scenarios, these methods struggle. They have to concatenate all pages into one large page for processing, demanding substantial GPU resources, even for evaluation. In this work, we propose a novel method and efficient training strategy for multi-page Document VQA tasks. In particular, we employ a visual-only document representation, leveraging the encoder from a document understanding model, Pix2Struct. Our approach utilizes a self-attention scoring mechanism to generate relevance scores for each document page, enabling the retrieval of pertinent pages. This adaptation allows us to extend single-page Document VQA models to multi-page scenarios without constraints on the number of pages during evaluation, all with minimal demand for GPU resources. Our extensive experiments demonstrate not only achieving state-of-the-art performance without the need for Optical Character Recognition (OCR), but also sustained performance in scenarios extending to documents of nearly 800 pages compared to a maximum of 20 pages in the MP-DocVQA dataset. Our code is publicly available at https://github.com/leitro/SelfAttnScoring-MPDocVQA."
Afonja, Tejumade; Chen, Dingfan; Fritz, Mario
MargCTGAN: A "Marginally" Better CTGAN for the Low Sample Regime Journal Article
In: 0000.
@article{Afonja2023,
title = {MargCTGAN: A "Marginally" Better CTGAN for the Low Sample Regime},
author = {Tejumade Afonja and Dingfan Chen and Mario Fritz},
url = {https://publications.cispa.de/articles/journal_contribution/MargCTGAN_A_Marginally_Better_CTGAN_for_the_Low_Sample_Regime/25233076},
keywords = {},
pubstate = {published},
tppubtype = {article}
}
Kang, Lei; Souibgui, Mohamed Ali; Yang, Fei; Gomez, Lluis; Valveny, Ernest; Karatzas, Dimosthenis
Machine Unlearning for Document Classification Proceedings Article
In: Smith, Elisa H. Barney; Liwicki, Marcus; Peng, Liangrui (Ed.): Document Analysis and Recognition – ICDAR 2024, 0000.
@inproceedings{10.1007/978-3-031-70546-5_6,
title = {Machine Unlearning for Document Classification},
author = {Lei Kang and Mohamed Ali Souibgui and Fei Yang and Lluis Gomez and Ernest Valveny and Dimosthenis Karatzas},
editor = {Elisa H. Barney Smith and Marcus Liwicki and Liangrui Peng},
booktitle = {Document Analysis and Recognition - ICDAR 2024},
abstract = {"Document understanding models have recently demonstrated remarkable performance by leveraging extensive collections of user documents. However, since documents often contain large amounts of personal data, their usage can pose a threat to user privacy and weaken the bonds of trust between humans and AI services. In response to these concerns, legislation advocating ``the right to be forgotten'' has recently been proposed, allowing users to request the removal of private information from computer systems and neural network models. A novel approach, known as machine unlearning, has emerged to make AI models forget about a particular class of data. In our research, we explore machine unlearning for document classification problems, representing, to the best of our knowledge, the first investigation into this area. Specifically, we consider a realistic scenario where a remote server houses a well-trained model and possesses only a small portion of training data. This setup is designed for efficient forgetting manipulation. This work represents a pioneering step towards the development of machine unlearning methods aimed at addressing privacy concerns in document analysis applications. Our code is publicly available at https://github.com/leitro/MachineUnlearning-DocClassification."},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
"Document understanding models have recently demonstrated remarkable performance by leveraging extensive collections of user documents. However, since documents often contain large amounts of personal data, their usage can pose a threat to user privacy and weaken the bonds of trust between humans and AI services. In response to these concerns, legislation advocating “the right to be forgotten'' has recently been proposed, allowing users to request the removal of private information from computer systems and neural network models. A novel approach, known as machine unlearning, has emerged to make AI models forget about a particular class of data. In our research, we explore machine unlearning for document classification problems, representing, to the best of our knowledge, the first investigation into this area. Specifically, we consider a realistic scenario where a remote server houses a well-trained model and possesses only a small portion of training data. This setup is designed for efficient forgetting manipulation. This work represents a pioneering step towards the development of machine unlearning methods aimed at addressing privacy concerns in document analysis applications. Our code is publicly available at https://github.com/leitro/MachineUnlearning-DocClassification."
Heo, Juyeon; Piratla, Vihari; Lee, Kyunghyun; Joh, Hyonkeun; Weller, Adrian
LLMs on interactive feature collections with implicit dynamic decision strategy Proceedings Article
In: Rambow, Owen; Wanner, Leo; Apidianaki, Marianna; Al-Khalifa, Hend; Eugenio, Barbara Di; Schockaert, Steven (Ed.): Proceedings of the 31st International Conference on Computational Linguistics, 0000.
@inproceedings{heo-etal-2025-llms,
title = {LLMs on interactive feature collections with implicit dynamic decision strategy},
author = {Juyeon Heo and Vihari Piratla and Kyunghyun Lee and Hyonkeun Joh and Adrian Weller},
editor = {Owen Rambow and Leo Wanner and Marianna Apidianaki and Hend Al-Khalifa and Barbara Di Eugenio and Steven Schockaert},
url = {"https://aclanthology.org/2025.coling-main.53/"},
booktitle = {Proceedings of the 31st International Conference on Computational Linguistics},
abstract = {"In real-world contexts such as medical diagnosis and business consulting, effective problem-solving often requires gathering relevant information through interactions and targeted questioning to pinpoint the root cause of a problem. However, Large Language Models (LLMs) often struggle to efficiently narrow down the search space, leading to either missing key information or asking redundant questions when guided by implicit methods like Chain-of-Thought (CoT). Some approaches employ external engineered systems to guide reasoning paths, but these methods may not fully utilize the inherent problem-solving capabilities of LLMs and often require multiple expensive API calls. This study explores how we can implicitly guide LLMs to enhance their interactive feature collection abilities within a single prompt. Instead of employing explicit search algorithms or step-by-step external guidance, we provide high-level guidelines that allow LLMs to dynamically adjust their strategies and iteratively refine their decision-making processes independently. Evaluations on synthetic 20-Questions games and real-world scenarios, including business and medical diagnosis cases, demonstrate that LLMs guided by these strategies perform more effective interactive feature collection, asking fewer and more strategic questions and achieving better problem-solving efficiency."},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
"In real-world contexts such as medical diagnosis and business consulting, effective problem-solving often requires gathering relevant information through interactions and targeted questioning to pinpoint the root cause of a problem. However, Large Language Models (LLMs) often struggle to efficiently narrow down the search space, leading to either missing key information or asking redundant questions when guided by implicit methods like Chain-of-Thought (CoT). Some approaches employ external engineered systems to guide reasoning paths, but these methods may not fully utilize the inherent problem-solving capabilities of LLMs and often require multiple expensive API calls. This study explores how we can implicitly guide LLMs to enhance their interactive feature collection abilities within a single prompt. Instead of employing explicit search algorithms or step-by-step external guidance, we provide high-level guidelines that allow LLMs to dynamically adjust their strategies and iteratively refine their decision-making processes independently. Evaluations on synthetic 20-Questions games and real-world scenarios, including business and medical diagnosis cases, demonstrate that LLMs guided by these strategies perform more effective interactive feature collection, asking fewer and more strategic questions and achieving better problem-solving efficiency."
Gupta, Akash; Sheth, Ivaxi; Raina, Vyas; Gales, Mark; Fritz, Mario
LLM Task Interference: An Initial Study on the Impact of Task-Switch in Conversational History Proceedings Article
In: Al-Onaizan, Yaser; Bansal, Mohit; Chen, Yun-Nung (Ed.): Proceedings of the 2024 Conference on Empirical Methods in Natural Language Processing, 0000.
@inproceedings{gupta-etal-2024-llm,
title = {LLM Task Interference: An Initial Study on the Impact of Task-Switch in Conversational History},
author = {Akash Gupta and Ivaxi Sheth and Vyas Raina and Mark Gales and Mario Fritz},
editor = {Yaser Al-Onaizan and Mohit Bansal and Yun-Nung Chen},
url = {"https://aclanthology.org/2024.emnlp-main.811/"},
booktitle = {Proceedings of the 2024 Conference on Empirical Methods in Natural Language Processing},
abstract = {"With the recent emergence of powerful instruction-tuned large language models (LLMs), various helpful conversational Artificial Intelligence (AI) systems have been deployed across many applications. When prompted by users, these AI systems successfully perform a wide range of tasks as part of a conversation. To provide some sort of memory and context, such approaches typically condition their output on the entire conversational history. Although this sensitivity to the conversational history can often lead to improved performance on subsequent tasks, we find that performance can in fact also be negatively impacted, if there is a _task-switch_. To the best of our knowledge, our work makes the first attempt to formalize the study of such vulnerabilities and interference of tasks in conversational LLMs caused by task-switches in the conversational history. Our experiments across 5 datasets with 15 task switches using popular LLMs reveal that many of the task-switches can lead to significant performance degradation."},
keywords = {},
pubstate = {published},
tppubtype = {inproceedings}
}
"With the recent emergence of powerful instruction-tuned large language models (LLMs), various helpful conversational Artificial Intelligence (AI) systems have been deployed across many applications. When prompted by users, these AI systems successfully perform a wide range of tasks as part of a conversation. To provide some sort of memory and context, such approaches typically condition their output on the entire conversational history. Although this sensitivity to the conversational history can often lead to improved performance on subsequent tasks, we find that performance can in fact also be negatively impacted, if there is a _task-switch_. To the best of our knowledge, our work makes the first attempt to formalize the study of such vulnerabilities and interference of tasks in conversational LLMs caused by task-switches in the conversational history. Our experiments across 5 datasets with 15 task switches using popular LLMs reveal that many of the task-switches can lead to significant performance degradation."