Search Results for author:
Found 188 papers, 102 papers with code
Adaptive Primal-Dual Hybrid Gradient Methods for Saddle-Point Problems
The Primal-Dual hybrid gradient (PDHG) method is a powerful optimization scheme that breaks complex problems into simple sub-steps.
Numerical Analysis 65K15 G.1.6
The STONE Transform: Multi-Resolution Image Enhancement and Real-Time Compressive Video
Compressed sensing enables the reconstruction of high-resolution signals from under-sampled data.
A Field Guide to Forward-Backward Splitting with a FASTA Implementation
Non-differentiable and constrained optimization play a key role in machine learning, signal and image processing, communications, and beyond.
Numerical Analysis G.1.6
FASTA: A Generalized Implementation of Forward-Backward Splitting
This is a user manual for the software package FASTA.
Mathematical Software Numerical Analysis Numerical Analysis
Unwrapping ADMM: Efficient Distributed Computing via Transpose Reduction
Recent approaches to distributed model fitting rely heavily on consensus ADMM, where each node solves small sub-problems using only local data.
Adaptive Primal-Dual Splitting Methods for Statistical Learning and Image Processing
The alternating direction method of multipliers (ADMM) is an important tool for solving complex optimization problems, but it involves minimization sub-steps that are often difficult to solve efficiently.
Variance Reduction for Distributed Stochastic Gradient Descent
Variance reduction (VR) methods boost the performance of stochastic gradient descent (SGD) by enabling the use of larger, constant stepsizes and preserving linear convergence rates.
Efficient Distributed SGD with Variance Reduction
Stochastic Gradient Descent (SGD) has become one of the most popular optimization methods for training machine learning models on massive datasets.
Estimating Sparse Signals with Smooth Support via Convex Programming and Block Sparsity
We demonstrate the efficacy of our regularizers on a variety of imaging tasks including compressive image recovery, image restoration, and robust PCA.
Training Neural Networks Without Gradients: A Scalable ADMM Approach
With the growing importance of large network models and enormous training datasets, GPUs have become increasingly necessary to train neural networks.
Adaptive ADMM with Spectral Penalty Parameter Selection
The alternating direction method of multipliers (ADMM) is a versatile tool for solving a wide range of constrained optimization problems, with differentiable or non-differentiable objective functions.
Biconvex Relaxation for Semidefinite Programming in Computer Vision
We propose a general framework to approximately solve large-scale semidefinite problems (SDPs) at low complexity.
Big Batch SGD: Automated Inference using Adaptive Batch Sizes
The high fidelity gradients enable automated learning rate selection and do not require stepsize decay.
An Empirical Study of ADMM for Nonconvex Problems
The alternating direction method of multipliers (ADMM) is a common optimization tool for solving constrained and non-differentiable problems.
Non-negative Factorization of the Occurrence Tensor from Financial Contracts
We propose an algorithm for the non-negative factorization of an occurrence tensor built from heterogeneous networks.
Solving Uncalibrated Photometric Stereo Using Fewer Images by Jointly Optimizing Low-rank Matrix Completion and Integrability
We introduce a new, integrated approach to uncalibrated photometric stereo.
A New Rank Constraint on Multi-view Fundamental Matrices, and its Application to Camera Location Recovery
We show that in general, with the selection of proper scale factors, a matrix formed by stacking fundamental matrices between pairs of images has rank 6.
Adaptive Relaxed ADMM: Convergence Theory and Practical Implementation
Relaxed ADMM is a generalization of ADMM that often achieves better performance, but its efficiency depends strongly on algorithm parameters that must be chosen by an expert user.
Stabilizing Adversarial Nets With Prediction Methods
Adversarial neural networks solve many important problems in data science, but are notoriously difficult to train.
Training Quantized Nets: A Deeper Understanding
Currently, deep neural networks are deployed on low-power portable devices by first training a full-precision model using powerful hardware, and then deriving a corresponding low-precision model for efficient inference on such systems.
Adaptive Consensus ADMM for Distributed Optimization
The alternating direction method of multipliers (ADMM) is commonly used for distributed model fitting problems, but its performance and reliability depend strongly on user-defined penalty parameters.
Convex Phase Retrieval without Lifting via PhaseMax
Semidefinite relaxation methods transform a variety of non-convex optimization problems into convex problems, but square the number of variables.
Visualizing the Loss Landscape of Neural Nets
Neural network training relies on our ability to find "good" minimizers of highly non-convex loss functions.
Poison Frogs! Targeted Clean-Label Poisoning Attacks on Neural Networks
The proposed attacks use "clean-labels"; they don't require the attacker to have any control over the labeling of training data.
DCAN: Dual Channel-wise Alignment Networks for Unsupervised Scene Adaptation
In particular, given an image from the source domain and unlabeled samples from the target domain, the generator synthesizes new images on-the-fly to resemble samples from the target domain in appearance and the segmentation network further refines high-level features before predicting semantic maps, both of which leverage feature statistics of sampled images from the target domain.
Stacked U-Nets: A No-Frills Approach to Natural Image Segmentation
Many imaging tasks require global information about all pixels in an image.
Linear Spectral Estimators and an Application to Phase Retrieval
Phase retrieval refers to the problem of recovering real- or complex-valued vectors from magnitude measurements.
Channel Charting: Locating Users within the Radio Environment using Channel State Information
We propose channel charting (CC), a novel framework in which a multi-antenna network element learns a chart of the radio geometry in its surrounding area.
Are adversarial examples inevitable?
Using experiments, we explore the implications of theoretical guarantees for real-world problems and discuss how factors such as dimensionality and image complexity limit a classifier's robustness against adversarial examples.
Universal Adversarial Training
Standard adversarial attacks change the predicted class label of a selected image by adding specially tailored small perturbations to its pixels.
Understanding the (un)interpretability of natural image distributions using generative models
Probability density estimation is a classical and well studied problem, but standard density estimation methods have historically lacked the power to model complex and high-dimensional image distributions.
ACE: Adapting to Changing Environments for Semantic Segmentation
However, neural classifiers are often extremely brittle when confronted with domain shift---changes in the input distribution that occur over time.
The Impact of Neural Network Overparameterization on Gradient Confusion and Stochastic Gradient Descent
Our results show that, for popular initialization techniques, increasing the width of neural networks leads to lower gradient confusion, and thus faster model training.
Adversarial Training for Free!
Adversarial training, in which a network is trained on adversarial examples, is one of the few defenses against adversarial attacks that withstands strong attacks.
Transferable Clean-Label Poisoning Attacks on Deep Neural Nets
Clean-label poisoning attacks inject innocuous looking (and "correctly" labeled) poison images into training data, causing a model to misclassify a targeted image after being trained on this data.
Adversarially robust transfer learning
By training classifiers on top of these feature extractors, we produce new models that inherit the robustness of their parent networks.
Adversarially Robust Distillation
In addition to producing small models with high test accuracy like conventional distillation, ARD also passes the superior robustness of large networks onto the student.
Network Deconvolution
Convolution is a central operation in Convolutional Neural Networks (CNNs), which applies a kernel to overlapping regions shifted across the image.
Understanding Generalization through Visualizations
The power of neural networks lies in their ability to generalize to unseen data, yet the underlying reasons for this phenomenon remain elusive.
Adversarial attacks on Copyright Detection Systems
Our goal is to raise awareness of the threats posed by adversarial examples in this space, and to highlight the importance of hardening copyright detection systems to attacks.
Improving Channel Charting with Representation-Constrained Autoencoders
Channel charting (CC) has been proposed recently to enable logical positioning of user equipments (UEs) in the neighborhood of a multi-antenna base-station solely from channel-state information (CSI).
Improved Training of Certifiably Robust Models
Convex relaxations are effective for training and certifying neural networks against norm-bounded adversarial attacks, but they leave a large gap between certifiable and empirical (PGD) robustness.
The Effect of Neural Net Architecture on Gradient Confusion & Training Performance
Through novel theoretical and experimental results, we show how the neural net architecture affects gradient confusion, and thus the efficiency of training.
FreeLB: Enhanced Adversarial Training for Natural Language Understanding
Adversarial training, which minimizes the maximal risk for label-preserving input perturbations, has proved to be effective for improving the generalization of language models.
Deep k-NN Defense against Clean-label Data Poisoning Attacks
Targeted clean-label data poisoning is a type of adversarial attack on machine learning systems in which an adversary injects a few correctly-labeled, minimally-perturbed samples into the training data, causing a model to misclassify a particular test sample during inference.
Siamese Neural Networks for Wireless Positioning and Channel Charting
In this paper, we propose a unified architecture based on Siamese networks that can be used for supervised UE positioning and unsupervised channel charting.
Truth or Backpropaganda? An Empirical Investigation of Deep Learning Theory
We empirically evaluate common assumptions about neural networks that are widely held by practitioners and theorists alike.
Adversarially Robust Few-Shot Learning: A Meta-Learning Approach
Previous work on adversarially robust neural networks for image classification requires large training sets and computationally expensive training procedures.
Instance adaptive adversarial training: Improved accuracy tradeoffs in neural nets
Adversarial training is by far the most successful strategy for improving robustness of neural networks to adversarial attacks.
Label Smoothing and Logit Squeezing: A Replacement for Adversarial Training?
Adversarial training is one of the strongest defenses against adversarial attacks, but it requires adversarial examples to be generated for every mini-batch during optimization.
Making an Invisibility Cloak: Real World Adversarial Attacks on Object Detectors
We present a systematic study of adversarial attacks on state-of-the-art object detection frameworks.
Certified Data Removal from Machine Learning Models
Good data stewardship requires removal of data at the request of the data's owner.
WITCHcraft: Efficient PGD attacks with random step size
State-of-the-art adversarial attacks on neural networks use expensive iterative methods and numerous random restarts from different initial points.
MSE-Optimal Neural Network Initialization via Layer Fusion
To address this issue, a variety of methods that rely on random parameter initialization or knowledge distillation have been proposed in the past.
Curse of Dimensionality on Randomized Smoothing for Certifiable Robustness
Notably, for $p \geq 2$, this dependence on $d$ is no better than that of the $\ell_p$-radius that can be certified using isotropic Gaussian smoothing, essentially putting a matching lower bound on the robustness radius.
Unraveling Meta-Learning: Understanding Feature Representations for Few-Shot Tasks
In doing so, we introduce and verify several hypotheses for why meta-learned models perform better.
Adversarial Attacks on Machine Learning Systems for High-Frequency Trading
Algorithmic trading systems are often completely automated, and deep learning is increasingly receiving attention in this domain.
Improving the Tightness of Convex Relaxation Bounds for Training Certifiably Robust Classifiers
Convex relaxations are effective for training and certifying neural networks against norm-bounded adversarial attacks, but they leave a large gap between certifiable and empirical robustness.
Certified Defenses for Adversarial Patches
Adversarial patch attacks are among one of the most practical threat models against real-world computer vision systems.
Breaking certified defenses: Semantic adversarial examples with spoofed robustness certificates
To deflect adversarial attacks, a range of "certified" classifiers have been proposed.
MetaPoison: Practical General-purpose Clean-label Data Poisoning
Existing attacks for data poisoning neural networks have relied on hand-crafted heuristics, because solving the poisoning problem directly via bilevel optimization is generally thought of as intractable for deep models.
Headless Horseman: Adversarial Attacks on Transfer Learning Models
We first demonstrate successful transfer attacks against a victim network using \textit{only} its feature extractor.
Exploring Model Robustness with Adaptive Networks and Improved Adversarial Training
Our adaptive networks also outperform larger widened non-adaptive architectures that have 1. 5 times more parameters.
Certifying Strategyproof Auction Networks
We focus on the RegretNet architecture, which can represent auctions with arbitrary numbers of items and participants; it is trained to be empirically strategyproof, but the property is never exactly verified leaving potential loopholes for market participants to exploit.
MaxVA: Fast Adaptation of Step Sizes by Maximizing Observed Variance of Gradients
Adaptive gradient methods such as RMSProp and Adam use exponential moving estimate of the squared gradient to compute adaptive step sizes, achieving better convergence than SGD in face of noisy objectives.
Just How Toxic is Data Poisoning? A Unified Benchmark for Backdoor and Data Poisoning Attacks
Data poisoning and backdoor attacks manipulate training data in order to cause models to fail during inference.
Detection as Regression: Certified Object Detection by Median Smoothing
While adversarial training can improve the empirical robustness of image classifiers, a direct extension to object detection is very expensive.
WrapNet: Neural Net Inference with Ultra-Low-Resolution Arithmetic
Low-resolution neural networks represent both weights and activations with few bits, drastically reducing the multiplication complexity.
Witches' Brew: Industrial Scale Data Poisoning via Gradient Matching
We consider a particularly malicious poisoning attack that is both "from scratch" and "clean label", meaning we analyze an attack that successfully works against new, randomly initialized models, and is nearly imperceptible to humans, all while perturbing only a small fraction of the training data.
High-Bandwidth Spatial Equalization for mmWave Massive MU-MIMO with Processing-In-Memory
All-digital basestation (BS) architectures enable superior spectral efficiency compared to hybrid solutions in massive multi-user MIMO systems.
Certifying Confidence via Randomized Smoothing
It uses the probabilities of predicting the top two most-likely classes around an input point under a smoothing distribution to generate a certified radius for a classifier's prediction.
Encoding Robustness to Image Style via Adversarial Feature Perturbations
We adapt adversarial training by directly perturbing feature statistics, rather than image pixels, to produce models that are robust to various unseen distributional shifts.
Prepare for the Worst: Generalizing across Domain Shifts with Adversarial Batch Normalization
Adversarial training is the industry standard for producing models that are robust to small adversarial perturbations.
An Open Review of OpenReview: A Critical Analysis of the Machine Learning Conference Review Process
Members of the machine learning community are likely to overhear allegations ranging from randomness of acceptance decisions to institutional bias.
Random Network Distillation as a Diversity Metric for Both Image and Text Generation
We validate and deploy this metric on both images and text.
ProportionNet: Balancing Fairness and Revenue for Auction Design with Deep Learning
Inspired by these advances, in this paper, we extend techniques for approximating auctions using deep learning to address concerns of fairness while maintaining high revenue and strong incentive guarantees.
Towards Accurate Quantization and Pruning via Data-free Knowledge Transfer
Further, we demonstrate that the compact structure and corresponding initialization from the Lottery Ticket Hypothesis can also help in data-free training.
Data Augmentation for Meta-Learning
Conventional image classifiers are trained by randomly sampling mini-batches of images.
Robust Optimization as Data Augmentation for Large-scale Graphs
Data augmentation helps neural networks generalize better by enlarging the training set, but it remains an open question how to effectively augment graph data to enhance the performance of GNNs (Graph Neural Networks).
Ranked #1 on
Graph Property Prediction
on ogbg-ppa
Are Adversarial Examples Created Equal? A Learnable Weighted Minimax Risk for Robustness under Non-uniform Attacks
Adversarial Training is proved to be an efficient method to defend against adversarial examples, being one of the few defenses that withstand strong attacks.
Strong Data Augmentation Sanitizes Poisoning and Backdoor Attacks Without an Accuracy Tradeoff
Data poisoning and backdoor attacks manipulate victim models by maliciously modifying training data.
Analyzing the Machine Learning Conference Review Process
Members of the machine learning community are likely to overhear allegations ranging from randomness of acceptance decisions to institutional bias.
Detection as Regression: Certified Object Detection with Median Smoothing
Despite the vulnerability of object detectors to adversarial attacks, very few defenses are known to date.
Dataset Security for Machine Learning: Data Poisoning, Backdoor Attacks, and Defenses
As machine learning systems grow in scale, so do their training data requirements, forcing practitioners to automate and outsource the curation of training data in order to achieve state-of-the-art performance.
WrapNet: Neural Net Inference with Ultra-Low-Precision Arithmetic
Low-precision neural networks represent both weights and activations with few bits, drastically reducing the multiplication complexity.
Driving through the Lens: Improving Generalization of Learning-based Steering using Simulated Adversarial Examples
To ensure the wide adoption and safety of autonomous driving, the vehicles need to be able to drive under various lighting, weather, and visibility conditions in different environments.
Just How Toxic is Data Poisoning? A Benchmark for Backdoor and Data Poisoning Attacks
Data poisoning and backdoor attacks manipulate training data in order to cause models to fail during inference.
Certified Watermarks for Neural Networks
Watermarking is a commonly used strategy to protect creators' rights to digital images, videos and audio.
LowKey: Leveraging Adversarial Attacks to Protect Social Media Users from Facial Recognition
Facial recognition systems are increasingly deployed by private corporations, government agencies, and contractors for consumer services and mass surveillance programs alike.
Technical Challenges for Training Fair Neural Networks
As machine learning algorithms have been widely deployed across applications, many concerns have been raised over the fairness of their predictions, especially in high stakes settings (such as facial recognition and medical imaging).
Preventing Unauthorized Use of Proprietary Data: Poisoning for Secure Dataset Release
Large organizations such as social media companies continually release data, for example user images.
GradInit: Learning to Initialize Neural Networks for Stable and Efficient Training
Innovations in neural architectures have fostered significant breakthroughs in language modeling and computer vision.
Ranked #137 on
Image Classification
on CIFAR-10
Center Smoothing: Certified Robustness for Networks with Structured Outputs
We extend the scope of certifiable robustness to problems with more general and structured outputs like sets, images, language, etc.
The Uncanny Similarity of Recurrence and Depth
It is widely believed that deep neural networks contain layer specialization, wherein neural networks extract hierarchical features representing edges and patterns in shallow layers and complete objects in deeper layers.
What Doesn't Kill You Makes You Robust(er): How to Adversarially Train against Data Poisoning
Data poisoning is a threat model in which a malicious actor tampers with training data to manipulate outcomes at inference time.
Improving Robustness of Learning-based Autonomous Steering Using Adversarial Images
For safety of autonomous driving, vehicles need to be able to drive under various lighting, weather, and visibility conditions in different environments.
DP-InstaHide: Provably Defusing Poisoning and Backdoor Attacks with Differentially Private Data Augmentations
The InstaHide method has recently been proposed as an alternative to DP training that leverages supposed privacy properties of the mixup augmentation, although without rigorous guarantees.
Insta-RS: Instance-wise Randomized Smoothing for Improved Robustness and Accuracy
Randomized smoothing (RS) is an effective and scalable technique for constructing neural network classifiers that are certifiably robust to adversarial perturbations.
Improving Generalization of Transfer Learning Across Domains Using Spatio-Temporal Features in Autonomous Driving
Practical learning-based autonomous driving models must be capable of generalizing learned behaviors from simulated to real domains, and from training data to unseen domains with unusual image properties.
THAT: Two Head Adversarial Training for Improving Robustness at Scale
Many variants of adversarial training have been proposed, with most research focusing on problems with relatively few classes.
The Intrinsic Dimension of Images and Its Impact on Learning
We find that common natural image datasets indeed have very low intrinsic dimension relative to the high number of pixels in the images.
SAINT: Improved Neural Networks for Tabular Data via Row Attention and Contrastive Pre-Training
We devise a hybrid deep learning approach to solving tabular data problems.
Can You Learn an Algorithm? Generalizing from Easy to Hard Problems with Recurrent Networks
In this work, we show that recurrent networks trained to solve simple problems with few recurrent steps can indeed solve much more complex problems simply by performing additional recurrences during inference.
Learning Revenue-Maximizing Auctions With Differentiable Matching
We propose a new architecture to approximately learn incentive compatible, revenue-maximizing auctions from sampled valuations.
Sleeper Agent: Scalable Hidden Trigger Backdoors for Neural Networks Trained from Scratch
In contrast, the Hidden Trigger Backdoor Attack achieves poisoning without placing a trigger into the training data at all.
MetaBalance: High-Performance Neural Networks for Class-Imbalanced Data
Class-imbalanced data, in which some classes contain far more samples than others, is ubiquitous in real-world applications.
Adversarial Examples Make Strong Poisons
The adversarial machine learning literature is largely partitioned into evasion attacks on testing data and poisoning attacks on training data.
Long-Short Transformer: Efficient Transformers for Language and Vision
For instance, Transformer-LS achieves 0. 97 test BPC on enwik8 using half the number of parameters than previous method, while being faster and is able to handle 3x as long sequences compared to its full-attention version on the same hardware.
Ranked #1 on
Language Modelling
on enwik8 dev
Where do Models go Wrong? Parameter-Space Saliency Maps for Explainability
We find that samples which cause similar parameters to malfunction are semantically similar.
Datasets for Studying Generalization from Easy to Hard Examples
We describe new datasets for studying generalization from easy to hard examples.
Robustness Disparities in Commercial Face Detection
Facial detection and analysis systems have been deployed by large companies and critiqued by scholars and activists for the past decade.
Towards Transferable Adversarial Attacks on Vision Transformers
We evaluate the transferability of attacks on state-of-the-art ViTs, CNNs and robustly trained CNNs.
DP-InstaHide: Data Augmentations Provably Enhance Guarantees Against Dataset Manipulations
Data poisoning and backdoor attacks manipulate training data to induce security breaches in a victim model.
Stochastic Training is Not Necessary for Generalization
It is widely believed that the implicit regularization of SGD is fundamental to the impressive generalization behavior we observe in neural networks.
A Flexible Measurement of Diversity in Datasets with Random Network Distillation
We validate and deploy this metric on both images and text.
Protecting Proprietary Data: Poisoning for Secure Dataset Release
These two behaviors can be in conflict as an organization wants to prevent competitors from using their own data to replicate the performance of their proprietary models.
Diurnal or Nocturnal? Federated Learning of Multi-branch Networks from Periodically Shifting Distributions
Federated learning has been deployed to train machine learning models from decentralized client data on mobile devices in practice.
Thinking Deeper With Recurrent Networks: Logical Extrapolation Without Overthinking
Classical machine learning systems perform best when they are trained and tested on the same distribution, and they lack a mechanism to increase model power after training is complete.
A Closer Look at Distribution Shifts and Out-of-Distribution Generalization on Graphs
We observe that in most cases, we need both a suitable domain generalization algorithm and a strong GNN backbone model to optimize out-of-distribution test performance.
Contrastive Learning is Just Meta-Learning
Contrastive learning has recently taken off as a paradigm for learning from unlabeled data.
Convergent Boosted Smoothing for Modeling GraphData with Tabular Node Features
Many practical modeling tasks require making predictions using tabular data composed of heterogeneous feature types (e. g., text-based, categorical, continuous, etc.).
An Investigation into the Role of Author Demographics in ICLR Participation and Review
As machine learning conferences grow rapidly, many are concerned that individuals will be left behind on the basis of traits such as gender and geography.
Comparing Human and Machine Bias in Face Recognition
Much recent research has uncovered and discussed serious concerns of bias in facial analysis technologies, finding performance disparities between groups of people based on perceived gender, skin type, lighting condition, etc.
Robbing the Fed: Directly Obtaining Private Data in Federated Learning with Modified Models
Federated learning has quickly gained popularity with its promises of increased user privacy and efficiency.
A Frequency Perspective of Adversarial Robustness
Our analysis shows that adversarial examples are neither in high-frequency nor in low-frequency components, but are simply dataset dependent.
Does your graph need a confidence boost? Convergent boosted smoothing on graphs with tabular node features
For supervised learning with tabular data, decision tree ensembles produced via boosting techniques generally dominate real-world applications involving iid training/test sets.
VQ-GNN: A Universal Framework to Scale up Graph Neural Networks using Vector Quantization
Our framework avoids the "neighbor explosion" problem of GNNs using quantized representations combined with a low-rank version of the graph convolution matrix.
Ranked #12 on
Node Classification
on Reddit
Active Learning at the ImageNet Scale
Active learning (AL) algorithms aim to identify an optimal subset of data for annotation, such that deep neural networks (DNN) can achieve better performance when trained on this labeled subset.
Gradient-Free Adversarial Training Against Image Corruption for Learning-based Steering
We introduce a simple yet effective framework for improving the robustness of learning algorithms against image corruptions for autonomous driving.
Execute Order 66: Targeted Data Poisoning for Reinforcement Learning
Data poisoning for reinforcement learning has historically focused on general performance degradation, and targeted attacks have been successful via perturbations that involve control of the victim's policy and rewards.
Are Commercial Face Detection Models as Biased as Academic Models?
When we compare the size of these disparities to that of commercial models, we conclude that commercial models - in contrast to their relatively larger development budget and industry-level fairness commitments - are always as biased or more biased than an academic model.
Certifying Model Accuracy under Distribution Shifts
Certified robustness in machine learning has primarily focused on adversarial perturbations of the input with a fixed attack budget for each point in the data distribution.
Decepticons: Corrupted Transformers Breach Privacy in Federated Learning for Language Models
A central tenet of Federated learning (FL), which trains models without centralizing user data, is privacy.
Plug-In Inversion: Model-Agnostic Inversion for Vision with Data Augmentations
Existing techniques for model inversion typically rely on hard-to-tune regularizers, such as total variation or feature regularization, which must be individually calibrated for each network in order to produce adequate images.
Fishing for User Data in Large-Batch Federated Learning via Gradient Magnification
Federated learning (FL) has rapidly risen in popularity due to its promise of privacy and efficiency.
End-to-end Algorithm Synthesis with Recurrent Networks: Logical Extrapolation Without Overthinking
Algorithmic extrapolation can be achieved through recurrent systems, which can be iterated many times to solve difficult reasoning problems.
Can Neural Nets Learn the Same Model Twice? Investigating Reproducibility and Double Descent from the Decision Boundary Perspective
We also use decision boundary methods to visualize double descent phenomena.
A Deep Dive into Dataset Imbalance and Bias in Face Identification
This is an unfortunate omission, as 'imbalance' is a more complex matter in identification; imbalance may arise in not only the training data, but also the testing data, and furthermore may affect the proportion of identities belonging to each demographic group or the number of images belonging to each identity.
Poisons that are learned faster are more effective
We advocate for evaluating poisons in terms of peak test accuracy.
Autoregressive Perturbations for Data Poisoning
Unfortunately, existing methods require knowledge of both the target architecture and the complete dataset so that a surrogate network can be trained, the parameters of which are used to generate the attack.
A Robust Stacking Framework for Training Deep Graph Models with Multifaceted Node Features
Graph Neural Networks (GNNs) with numerical node features and graph structure as inputs have demonstrated superior performance on various supervised learning tasks with graph data.
Transfer Learning with Deep Tabular Models
In this work, we demonstrate that upstream data gives tabular neural networks a decisive advantage over widely used GBDT models.
Certified Neural Network Watermarks with Randomized Smoothing
Watermarking is a commonly used strategy to protect creators' rights to digital images, videos and audio.
Cold Diffusion: Inverting Arbitrary Image Transforms Without Noise
We observe that the generative behavior of diffusion models is not strongly dependent on the choice of image degradation, and in fact an entire family of generative models can be constructed by varying this choice.
Test-Time Prompt Tuning for Zero-Shot Generalization in Vision-Language Models
In evaluating cross-dataset generalization with unseen categories, TPT performs on par with the state-of-the-art approaches that use additional training data.
How Much Data Are Augmentations Worth? An Investigation into Scaling Laws, Invariance, and Implicit Regularization
Despite the clear performance benefits of data augmentations, little is known about why they are so effective.
Thinking Two Moves Ahead: Anticipating Other Users Improves Backdoor Attacks in Federated Learning
Federated learning is particularly susceptible to model poisoning and backdoor attacks because individual users have direct control over the training data and model updates.
Canary in a Coalmine: Better Membership Inference with Ensembled Adversarial Queries
As industrial applications are increasingly automated by machine learning models, enforcing personal data ownership and intellectual property rights requires tracing training data back to their rightful owners.
K-SAM: Sharpness-Aware Minimization at the Speed of SGD
Sharpness-Aware Minimization (SAM) has recently emerged as a robust technique for improving the accuracy of deep neural networks.
Robustness Disparities in Face Detection
Many existing algorithmic audits examine the performance of these systems on later stage elements of facial analysis systems like facial recognition and age, emotion, or perceived gender prediction; however, a core component to these systems has been vastly understudied from a fairness perspective: face detection, sometimes called face localization.
Diffusion Art or Digital Forgery? Investigating Data Replication in Diffusion Models
Cutting-edge diffusion models produce images with high quality and customizability, enabling them to be used for commercial art and graphic design purposes.
What do Vision Transformers Learn? A Visual Exploration
In addition, we show that ViTs maintain spatial information in all layers except the final layer.
Cramming: Training a Language Model on a Single GPU in One Day
Recent trends in language modeling have focused on increasing performance through scaling, and have resulted in an environment where training language models is out of reach for most researchers and practitioners.
A Watermark for Large Language Models
Potential harms of large language models can be mitigated by watermarking model output, i. e., embedding signals into generated text that are invisible to humans but algorithmically detectable from a short span of tokens.
Exploring and Exploiting Decision Boundary Dynamics for Adversarial Robustness
However, it is unclear whether existing robust training methods effectively increase the margin for each vulnerable point during training.
Hard Prompts Made Easy: Gradient-Based Discrete Optimization for Prompt Tuning and Discovery
In the text-to-image setting, the method creates hard prompts for diffusion models, allowing API users to easily generate, discover, and mix and match image concepts without prior knowledge on how to prompt the model.
Universal Guidance for Diffusion Models
Typical diffusion models are trained to accept a particular form of conditioning, most commonly text, and cannot be conditioned on other modalities without retraining.
Neural Auctions Compromise Bidder Information
It has been shown that neural networks can be used to approximate optimal mechanisms while satisfying the constraints that an auction be strategyproof and individually rational.
JPEG Compressed Images Can Bypass Protections Against AI Editing
Recently developed text-to-image diffusion models make it easy to edit or create high-quality images.
A Cookbook of Self-Supervised Learning
Self-supervised learning, dubbed the dark matter of intelligence, is a promising path to advance machine learning.
What Can We Learn from Unlearnable Datasets?
First, it is widely believed that neural networks trained on unlearnable datasets only learn shortcuts, simpler rules that are not useful for generalization.
Tree-Ring Watermarks: Fingerprints for Diffusion Images that are Invisible and Robust
The watermark embeds a pattern into the initial noise vector used for sampling.
Understanding and Mitigating Copying in Diffusion Models
While it is widely believed that duplicated images in the training set are responsible for content replication at inference time, we observe that the text conditioning of the model plays a similarly important role.
InstructZero: Efficient Instruction Optimization for Black-Box Large Language Models
Large language models~(LLMs) are instruction followers, but it can be challenging to find the best instruction for different situations, especially for black-box LLMs on which backpropagation is forbidden.
On the Reliability of Watermarks for Large Language Models
We also consider a range of new detection schemes that are sensitive to short spans of watermarked text embedded inside a large document, and we compare the robustness of watermarking to other kinds of detectors.
Bring Your Own Data! Self-Supervised Evaluation for Large Language Models
With the rise of Large Language Models (LLMs) and their ubiquitous deployment in diverse domains, measuring language model behavior on realistic data is imperative.
On the Exploitability of Instruction Tuning
In this work, we investigate how an adversary can exploit instruction tuning by injecting specific instruction-following examples into the training data that intentionally changes the model's behavior.
Seeing in Words: Learning to Classify through Language Bottlenecks
Neural networks for computer vision extract uninterpretable features despite achieving high accuracy on benchmarks.
Baseline Defenses for Adversarial Attacks Against Aligned Language Models
We find that the weakness of existing discrete optimizers for text, combined with the relatively high costs of optimization, makes standard adaptive attacks more challenging for LLMs.
NEFTune: Noisy Embeddings Improve Instruction Finetuning
We show that language model finetuning can be improved, sometimes dramatically, with a simple augmentation.
Battle of the Backbones: A Large-Scale Comparison of Pretrained Models across Computer Vision Tasks
Battle of the Backbones (BoB) makes this choice easier by benchmarking a diverse suite of pretrained models, including vision-language models, those trained via self-supervised learning, and the Stable Diffusion backbone, across a diverse set of computer vision tasks ranging from classification to object detection to OOD generalization and more.
A Simple and Efficient Baseline for Data Attribution on Images
Our approach serves as a simple and efficient baseline for data attribution on images.
Object Recognition as Next Token Prediction
We present an approach to pose object recognition as next token prediction.
Perspectives on the State and Future of Deep Learning -- 2023
The goal of this series is to chronicle opinions and issues in the field of machine learning as they stand today and as they change over time.
Universal Pyramid Adversarial Training for Improved ViT Performance
Recently, Pyramid Adversarial training (Herrmann et al., 2022) has been shown to be very effective for improving clean accuracy and distribution-shift robustness of vision transformers.
Benchmarking the Robustness of Image Watermarks
We present WAVES (Watermark Analysis Via Enhanced Stress-testing), a novel benchmark for assessing watermark robustness, overcoming the limitations of current evaluation methods. WAVES integrates detection and identification tasks, and establishes a standardized evaluation protocol comprised of a diverse range of stress tests.
Spotting LLMs With Binoculars: Zero-Shot Detection of Machine-Generated Text
Detecting text generated by modern large language models is thought to be hard, as both LLMs and humans can exhibit a wide range of complex behaviors.
Shadowcast: Stealthy Data Poisoning Attacks Against Vision-Language Models
We show that Shadowcast are highly effective in achieving attacker's intentions using as few as 50 poison samples.
ODIN: Disentangled Reward Mitigates Hacking in RLHF
In this work, we study the issue of reward hacking on the response length, a challenge emerging in Reinforcement Learning from Human Feedback (RLHF) on LLMs.
Coercing LLMs to do and reveal (almost) anything
It has recently been shown that adversarial attacks on large language models (LLMs) can "jailbreak" the model into making harmful statements.
What do we learn from inverting CLIP models?
We employ an inversion-based approach to examine CLIP models.
Generating Potent Poisons and Backdoors from Scratch with Guided Diffusion
As a result, we may be able to craft more potent poisons by carefully choosing the base samples.
Measuring Style Similarity in Diffusion Models
We also propose a method to extract style descriptors that can be used to attribute style of a generated image to the images used in the training dataset of a text-to-image model.
Privacy Backdoors: Enhancing Membership Inference through Poisoning Pre-trained Models
In this paper, we unveil a new vulnerability: the privacy backdoor attack.
Benchmarking ChatGPT on Algorithmic Reasoning
We evaluate ChatGPT's ability to solve algorithm problems from the CLRS benchmark suite that is designed for GNNs.
Representation-Constrained Autoencoders and an Application to Wireless Positioning
In a number of practical applications that rely on dimensionality reduction, the dataset or measurement process provides valuable side information that can be incorporated when learning low-dimensional embeddings.
Analyzing the effect of neural network architecture on training performance
Through novel theoretical and experimental results, we show how the neural net architecture affects gradient confusion, and thus the efficiency of training.
