Deep neural networks have been shown to be vulnerable to small perturbations of their inputs, known as adversarial attacks.
With the increasing amount of available data and advances in computing capabilities, deep neural networks (DNNs) have been successfully employed to solve challenging tasks in various areas, including healthcare, climate, and finance.
Finally, with experiments on several text classification architectures, we show that TEA consistently outperforms current state-of-the-art AR estimators, yielding perturbations that alter explanations to a greater extent while being more fluent and less perceptible.
However, these UDA solutions just yield unsatisfactory 3D detection results when there is a severe domain shift, e. g., from Waymo (64-beam) to nuScenes (32-beam).
In this paper, we propose a personalized seizure detection and classification framework that quickly adapts to a specific patient from limited seizure samples.
Deep Neural Networks are being extensively used in communication systems and Automatic Modulation Classification (AMC) in particular.
In Multi-Task Learning, tasks may compete and limit the performance achieved on each other rather than guiding the optimization trajectory to a common solution, superior to its single-task counterparts.
Additionally, the model automatically determines the number of atoms in the linker and its attachment points to the input fragments.
Convolutional neural networks (CNNs) have achieved superhuman performance in multiple vision tasks, especially image classification.
This work introduces DiGress, a discrete denoising diffusion model for generating graphs with categorical node and edge attributes.
Despite clear computational advantages in building robust neural networks, adversarial training (AT) using single-step methods is unstable as it suffers from catastrophic overfitting (CO): Networks gain non-trivial robustness during the first stages of adversarial training, but suddenly reach a breaking point where they quickly lose all robustness in just a few iterations.
TEF can significantly decrease the correlation between unchanged and perturbed input attributions, which shows that all models and explanation methods are susceptible to TEF perturbations.
Specifically, adaptive spherical wavelets are learned with a lifting structure that consists of trainable lifting operators (i. e., update and predict operators).
There are continuous attempts to use features of the human visual system to improve the robustness of neural networks to data perturbations.
Optimizing resource utilization in target platforms is key to achieving high performance during DNN inference.
In this work, we study three key pillars in multi-pod systolic array designs, namely array granularity, interconnect, and tiling.
To that end, we present Adversarial Knowledge Distillation (AKD), a new framework to improve a model's robust performance, consisting on adversarially training a student on a mixture of the original labels and the teacher outputs.
Recently, it has been shown that, in spite of the significant performance of deep neural networks in different fields, those are vulnerable to adversarial examples.
We address the problem of distribution shifts in test-time data with a principled data augmentation scheme for the task of content-level classification.
Despite their impressive performance on image classification tasks, deep networks have a hard time generalizing to unforeseen corruptions of their data.
Ranked #19 on Domain Generalization on ImageNet-C
We propose here a novel distributed graph learning algorithm, which permits to infer a graph from signal observations on the nodes under the assumption that the data is smooth on the target graph.
Leveraging results from harmonic analysis and deep learning theory, we show that most INR families are analogous to structured signal dictionaries whose atoms are integer harmonics of the set of initial mapping frequencies.
This work addresses one-shot set and graph generation, and, more specifically, the parametrization of probabilistic decoders that map a vector-shaped prior to a distribution over sets or graphs.
However, a combination of additive and non-additive attacks can still manipulate these explanations, which reveals shortcomings in their robustness properties.
Graph convolutional networks have been a powerful tool in representation learning of networked data.
We tackle the problem of graph alignment by computing graph permutations that minimise our new filter distances, which implicitly solves the graph comparison problem.
To ensure that the learned graph representations are invariant to node permutations, a layer is employed at the input of the networks to reorder the nodes according to their local topology information.
State-of-the-art 2D image compression schemes rely on the power of convolutional neural networks (CNNs).
Also, in contrast with the previous optical privacy-preserving methods that cannot be trained, our method is data-driven and optimized for the specific application at hand.
Furthermore, each filter in the spectral domain corresponds to a message passing scheme, and diverse schemes are implemented via the filter bank.
For certain infinitely-wide neural networks, the neural tangent kernel (NTK) theory fully characterizes generalization, but for the networks used in practice, the empirical NTK only provides a rough first-order approximation.
We propose to use adversarial training, which consists of fine-tuning the model with adversarial perturbations, to increase the robustness of automatic modulation recognition (AMC) models.
In this work, we propose to study this problem from a geometric perspective with the aim to understand two key characteristics of neural network solutions in underspecified settings: how is the geometry of the learned function related to the data representation?
Multivariate time series forecasting poses challenges as the variables are intertwined in time and space, like in the case of traffic signals.
Ranked #5 on Traffic Prediction on PEMS-BAY (RMSE metric)
To do so, we propose to learn a clustering-friendly embedding of the graph nodes by solving an optimization problem that involves a fidelity term to the layers of a given multilayer graph, and a regularization on the (single-layer) graph induced by the embedding.
When analyzing these vulnerable models we found that adversarial perturbations do not shift the symbols towards the nearest classes in constellation space.
We investigate the problem of classifying - from a single image - the level of content in a cup or a drinking glass.
Current methods for Black-Box NLP interpretability, like LIME or SHAP, are based on altering the text to interpret by removing words and modeling the Black-Box response.
NLP Interpretability aims to increase trust in model predictions.
In this paper, we aim at analyzing multilayer graphs by properly combining the information provided by individual layers, while preserving the specific structure that allows us to eventually identify communities or clusters that are crucial in the analysis of graph data.
We cast a new optimisation problem that minimises the Wasserstein distance between the distribution of the signal observations and the filtered signal distribution model.
In this article, we provide an in-depth review of the field of adversarial robustness in deep learning, and give a self-contained introduction to its main notions.
Therefore, we define a novel generic framework for attributional robustness (FAR) as general problem formulation for training models with robust attributions.
Current state of the art algorithms for recommender systems are mainly based on collaborative filtering, which exploits user ratings to discover latent factors in the data.
In the decoder, the node connectivity descriptors are reconstructed as Wasserstein barycenters of the graph structural patterns.
The effective representation, processing, analysis, and visualization of large-scale structured data, especially those related to complex domains such as networks and graphs, are one of the key questions in modern machine learning.
Autonomous Vehicles rely on accurate and robust sensor observations for safety critical decision-making in a variety of conditions.
We address this problem and propose a powerful and equivariant message-passing framework based on two ideas: first, we propagate a one-hot encoding of the nodes, in addition to the features, in order to learn a local context matrix around each node.
In this paper, we propose a novel graph pooling strategy that leverages node proximity to improve the hierarchical representation learning of graph data with their multi-hop topology.
We propose a geometric framework to generate adversarial examples in one of the most challenging black-box settings where the adversary can only generate a small number of queries, each of them returning the top-$1$ label of the classifier.
We propose a novel method for comparing non-aligned graphs of different sizes, based on the Wasserstein distance between graph signal distributions induced by the respective graph Laplacian matrices.
In this work, we borrow tools from the field of adversarial robustness, and propose a new perspective that relates dataset features to the distance of samples to the decision boundary.
Depth estimation is an essential component in understanding the 3D geometry of a scene, with numerous applications in urban and indoor settings.
The 3D localisation of an object and the estimation of its properties, such as shape and dimensions, are challenging under varying degrees of transparency and lighting conditions.
Seminal works on graph neural networks have primarily targeted semi-supervised node classification problems with few observed labels and high-dimensional signals.
Security of machine learning models is a concern as they may face adversarial attacks for unwarranted advantageous decisions.
Experiments show that the proposed method leads to a significant improvement in terms of speed and performance with respect to the state of the art for domain adaptation on a continually rotating distribution coming from the standard two moon dataset.
In this paper, we propose a parameter-free pooling operator, called iPool, that permits to retain the most informative features in arbitrary graphs.
We present a novel framework based on optimal transport for the challenging problem of comparing graphs.
In particular we propose an algorithm that adapts convolutional layers, which often serve as a core building block of a CNN, to the properties of omnidirectional images.
The qFool method can drastically reduce the number of queries compared to previous decision-based attacks while reaching the same quality of adversarial examples.
Graph inference methods have recently attracted a great interest from the scientific community, due to the large value they bring in data interpretation and analysis.
In this paper, we propose a scalable algorithm for spectral embedding.
In presence of sparse noise we propose kernel regression for predicting output vectors which are smooth over a given graph.
Deep Neural Networks have achieved extraordinary results on image classification tasks, but have been shown to be vulnerable to attacks with carefully crafted perturbations of the input data.
We propose in this paper to extend the node clustering problem, that commonly considers only the network information, to a problem where both the network information and the node features are considered together for learning a clustering-friendly representation of the feature space.
In this work we present a novel Transformation Invariant Graph-based Network (TIGraNet), which learns graph-based features that are inherently invariant to isometric transformations such as rotation and translation of input images.
The construction of a meaningful graph topology plays a crucial role in the effective representation, processing, analysis and visualization of structured data.
We specifically study the topology of classification regions created by deep networks, as well as their associated decision boundary.
First, we propose a measurement to estimate the effect of parameter quantization errors in individual layers on the overall model prediction accuracy.
Research in Graph Signal Processing (GSP) aims to develop tools for processing data defined on irregular graph domains.
We propose a generalization of convolutional neural networks (CNNs) to irregular domains, through the use of a translation operator on a graph structure.
Omnidirectional cameras are widely used in such areas as robotics and virtual reality as they provide a wide field of view.
Deep networks have recently been shown to be vulnerable to universal perturbations: there exist very small image-agnostic perturbations that cause most natural images to be misclassified by such classifiers.
The goal of this paper is to analyze the geometric properties of deep neural network classifiers in the input space.
We adopt a multi-frame alike super-resolution approach, where the complementary information in the different light field views is used to augment the spatial resolution of the whole light field.
Effective information analysis generally boils down to properly identifying the structure or geometry of the data, which is often represented by a graph.
Given a state-of-the-art deep neural network classifier, we show the existence of a universal (image-agnostic) and very small perturbation vector that causes natural images to be misclassified with high probability.
Moreover, we quantify the robustness of classifiers in terms of the subspace dimension in the semi-random noise regime, and show that our bounds remarkably interpolate between the worst-case and random noise regimes.
The analysis of large collections of image data is still a challenging problem due to the difficulty of capturing the true concepts in visual data.
State-of-the-art deep neural networks have achieved impressive results on many image classification tasks.
This paper addresses the problem of compression of 3D point cloud sequences that are characterized by moving 3D positions and color attributes.
Additive models form a widely popular class of regression models which represent the relation between covariates and response variables as the sum of low-dimensional transfer functions.
To the best of our knowledge, our results provide the first theoretical work that addresses the phenomenon of adversarial instability recently observed for deep networks.
We show that the Gaussian prior leads to an efficient representation that favors the smoothness property of the graph signals.
In this paper, we propose a novel approach towards multiscale event detection using social media data, which takes into account different temporal and spatial scales of events in the data.
The dictionary learning problem, which jointly learns the dictionary and linear classifier, is cast as a difference of convex (DC) program and solved efficiently with an iterative DC solver.
As theoretical studies about the tangent distance algorithm have been largely overlooked, we present in this work a detailed performance analysis of this useful algorithm, which can eventually help its implementation.
In sparse signal representation, the choice of a dictionary often involves a tradeoff between two desirable properties -- the ability to adapt to specific signal data and a fast implementation of the dictionary.
We show that the area of this neighborhood increases at least quadratically with the smoothing filter size, which justifies the use of a smoothing step in image registration with local optimizers such as gradient descent.
We examine in this paper the problem of image registration from the new perspective where images are given by sparse approximations in parametric dictionaries of geometric functions.
In applications such as social, energy, transportation, sensor, and neuronal networks, high-dimensional data naturally reside on the vertices of weighted graphs.
In this paper, we propose a novel multiview data representation that permits to satisfy bandwidth and storage constraints in an interactive multiview streaming system.