-
Dynamic Domains, Dynamic Solutions: DPCore for Continual Test-Time Adaptation
Authors:
Yunbei Zhang,
Akshay Mehra,
Jihun Hamm
Abstract:
Continual Test-Time Adaptation (TTA) seeks to adapt a source pre-trained model to continually changing, unlabeled target domains. Existing TTA methods are typically designed for environments where domain changes occur gradually and can struggle in more dynamic scenarios. Inspired by the principles of online K-Means, this paper introduces a novel approach to continual TTA through visual prompting.…
▽ More
Continual Test-Time Adaptation (TTA) seeks to adapt a source pre-trained model to continually changing, unlabeled target domains. Existing TTA methods are typically designed for environments where domain changes occur gradually and can struggle in more dynamic scenarios. Inspired by the principles of online K-Means, this paper introduces a novel approach to continual TTA through visual prompting. We propose a Dynamic Prompt Coreset that not only preserves knowledge from previously visited domains but also accommodates learning from new potential domains. This is complemented by a distance-based weight updating mechanism that ensures the coreset remains current and relevant. Our approach employs a fixed model architecture alongside the coreset and an innovative updating system to effectively mitigate challenges such as catastrophic forgetting and error accumulation. Extensive testing across various benchmarks-including ImageNet-C, CIFAR100-C, and CIFAR10-C-demonstrates that our method consistently outperforms state-of-the-art (SOTA) alternatives, particularly excelling in dynamically changing environments.
△ Less
Submitted 15 June, 2024;
originally announced June 2024.
-
Test-time Assessment of a Model's Performance on Unseen Domains via Optimal Transport
Authors:
Akshay Mehra,
Yunbei Zhang,
Jihun Hamm
Abstract:
Gauging the performance of ML models on data from unseen domains at test-time is essential yet a challenging problem due to the lack of labels in this setting. Moreover, the performance of these models on in-distribution data is a poor indicator of their performance on data from unseen domains. Thus, it is essential to develop metrics that can provide insights into the model's performance at test…
▽ More
Gauging the performance of ML models on data from unseen domains at test-time is essential yet a challenging problem due to the lack of labels in this setting. Moreover, the performance of these models on in-distribution data is a poor indicator of their performance on data from unseen domains. Thus, it is essential to develop metrics that can provide insights into the model's performance at test time and can be computed only with the information available at test time (such as their model parameters, the training data or its statistics, and the unlabeled test data). To this end, we propose a metric based on Optimal Transport that is highly correlated with the model's performance on unseen domains and is efficiently computable only using information available at test time. Concretely, our metric characterizes the model's performance on unseen domains using only a small amount of unlabeled data from these domains and data or statistics from the training (source) domain(s). Through extensive empirical evaluation using standard benchmark datasets, and their corruptions, we demonstrate the utility of our metric in estimating the model's performance in various practical applications. These include the problems of selecting the source data and architecture that leads to the best performance on data from an unseen domain and the problem of predicting a deployed model's performance at test time on unseen domains. Our empirical results show that our metric, which uses information from both the source and the unseen domain, is highly correlated with the model's performance, achieving a significantly better correlation than that obtained via the popular prediction entropy-based metric, which is computed solely using the data from the unseen domain.
△ Less
Submitted 2 May, 2024;
originally announced May 2024.
-
Predicting the Performance of Foundation Models via Agreement-on-the-Line
Authors:
Aman Mehra,
Rahul Saxena,
Taeyoun Kim,
Christina Baek,
Zico Kolter,
Aditi Raghunathan
Abstract:
Estimating the out-of-distribution performance in regimes where labels are scarce is critical to safely deploy foundation models. Recently, it was shown that ensembles of neural networks observe the phenomena ``agreement-on-the-line'', which can be leveraged to reliably predict OOD performance without labels. However, in contrast to classical neural networks that are trained on in-distribution dat…
▽ More
Estimating the out-of-distribution performance in regimes where labels are scarce is critical to safely deploy foundation models. Recently, it was shown that ensembles of neural networks observe the phenomena ``agreement-on-the-line'', which can be leveraged to reliably predict OOD performance without labels. However, in contrast to classical neural networks that are trained on in-distribution data from scratch for numerous epochs, foundation models undergo minimal finetuning from heavily pretrained weights, which may reduce the ensemble diversity needed to observe agreement-on-the-line. In our work, we demonstrate that when lightly finetuning multiple runs from a $\textit{single}$ foundation model, the choice of randomness during training (linear head initialization, data ordering, and data subsetting) can lead to drastically different levels of agreement-on-the-line in the resulting ensemble. Surprisingly, only random head initialization is able to reliably induce agreement-on-the-line in finetuned foundation models across vision and language benchmarks. Second, we demonstrate that ensembles of $\textit{multiple}$ foundation models pretrained on different datasets but finetuned on the same task can also show agreement-on-the-line. In total, by careful construction of a diverse ensemble, we can utilize agreement-on-the-line-based methods to predict the OOD performance of foundation models with high precision.
△ Less
Submitted 1 April, 2024;
originally announced April 2024.
-
Comuniqa : Exploring Large Language Models for improving speaking skills
Authors:
Manas Mhasakar,
Shikhar Sharma,
Apurv Mehra,
Utkarsh Venaik,
Ujjwal Singhal,
Dhruv Kumar,
Kashish Mittal
Abstract:
In this paper, we investigate the potential of Large Language Models (LLMs) to improve English speaking skills. This is particularly relevant in countries like India, where English is crucial for academic, professional, and personal communication but remains a non-native language for many. Traditional methods for enhancing speaking skills often rely on human experts, which can be limited in terms…
▽ More
In this paper, we investigate the potential of Large Language Models (LLMs) to improve English speaking skills. This is particularly relevant in countries like India, where English is crucial for academic, professional, and personal communication but remains a non-native language for many. Traditional methods for enhancing speaking skills often rely on human experts, which can be limited in terms of scalability, accessibility, and affordability. Recent advancements in Artificial Intelligence (AI) offer promising solutions to overcome these limitations.
We propose Comuniqa, a novel LLM-based system designed to enhance English speaking skills. We adopt a human-centric evaluation approach, comparing Comuniqa with the feedback and instructions provided by human experts. In our evaluation, we divide the participants in three groups: those who use LLM-based system for improving speaking skills, those guided by human experts for the same task and those who utilize both the LLM-based system as well as the human experts. Using surveys, interviews, and actual study sessions, we provide a detailed perspective on the effectiveness of different learning modalities. Our preliminary findings suggest that while LLM-based systems have commendable accuracy, they lack human-level cognitive capabilities, both in terms of accuracy and empathy. Nevertheless, Comuniqa represents a significant step towards achieving Sustainable Development Goal 4: Quality Education by providing a valuable learning tool for individuals who may not have access to human experts for improving their speaking skills.
△ Less
Submitted 14 May, 2024; v1 submitted 28 January, 2024;
originally announced January 2024.
-
Federated Learning for Wireless Applications: A Prototype
Authors:
Varun Laxman Muttepawar,
Arjun Mehra,
Zubair Shaban,
Ranjitha Prasad,
Harshan Jagadeesh
Abstract:
Wireless embedded edge devices are ubiquitous in our daily lives, enabling them to gather immense data via onboard sensors and mobile applications. This offers an amazing opportunity to train machine learning (ML) models in the realm of wireless devices for decision-making. Training ML models in a wireless setting necessitates transmitting datasets collected at the edge to a cloud parameter server…
▽ More
Wireless embedded edge devices are ubiquitous in our daily lives, enabling them to gather immense data via onboard sensors and mobile applications. This offers an amazing opportunity to train machine learning (ML) models in the realm of wireless devices for decision-making. Training ML models in a wireless setting necessitates transmitting datasets collected at the edge to a cloud parameter server, which is infeasible due to bandwidth constraints, security, and privacy issues. To tackle these challenges, Federated Learning (FL) has emerged as a distributed optimization approach to the decentralization of the model training process. In this work, we present a novel prototype to examine FL's effectiveness over bandwidth-constrained wireless channels. Through a novel design consisting of Zigbee and NI USRP devices, we propose a configuration that allows clients to broadcast synergistically local ML model updates to a central server to obtain a generalized global model. We assess the efficacy of this prototype using metrics such as global model accuracy and time complexity under varying conditions of transmission power, data heterogeneity and local learning.
△ Less
Submitted 13 December, 2023;
originally announced December 2023.
-
DeliverAI: Reinforcement Learning Based Distributed Path-Sharing Network for Food Deliveries
Authors:
Ashman Mehra,
Snehanshu Saha,
Vaskar Raychoudhury,
Archana Mathur
Abstract:
Delivery of items from the producer to the consumer has experienced significant growth over the past decade and has been greatly fueled by the recent pandemic. Amazon Fresh, Shopify, UberEats, InstaCart, and DoorDash are rapidly growing and are sharing the same business model of consumer items or food delivery. Existing food delivery methods are sub-optimal because each delivery is individually op…
▽ More
Delivery of items from the producer to the consumer has experienced significant growth over the past decade and has been greatly fueled by the recent pandemic. Amazon Fresh, Shopify, UberEats, InstaCart, and DoorDash are rapidly growing and are sharing the same business model of consumer items or food delivery. Existing food delivery methods are sub-optimal because each delivery is individually optimized to go directly from the producer to the consumer via the shortest time path. We observe a significant scope for reducing the costs associated with completing deliveries under the current model. We model our food delivery problem as a multi-objective optimization, where consumer satisfaction and delivery costs, both, need to be optimized. Taking inspiration from the success of ride-sharing in the taxi industry, we propose DeliverAI - a reinforcement learning-based path-sharing algorithm. Unlike previous attempts for path-sharing, DeliverAI can provide real-time, time-efficient decision-making using a Reinforcement learning-enabled agent system. Our novel agent interaction scheme leverages path-sharing among deliveries to reduce the total distance traveled while kee** the delivery completion time under check. We generate and test our methodology vigorously on a simulation setup using real data from the city of Chicago. Our results show that DeliverAI can reduce the delivery fleet size by 12\%, the distance traveled by 13%, and achieve 50% higher fleet utilization compared to the baselines.
△ Less
Submitted 11 February, 2024; v1 submitted 3 November, 2023;
originally announced November 2023.
-
On the Fly Neural Style Smoothing for Risk-Averse Domain Generalization
Authors:
Akshay Mehra,
Yunbei Zhang,
Bhavya Kailkhura,
Jihun Hamm
Abstract:
Achieving high accuracy on data from domains unseen during training is a fundamental challenge in domain generalization (DG). While state-of-the-art DG classifiers have demonstrated impressive performance across various tasks, they have shown a bias towards domain-dependent information, such as image styles, rather than domain-invariant information, such as image content. This bias renders them un…
▽ More
Achieving high accuracy on data from domains unseen during training is a fundamental challenge in domain generalization (DG). While state-of-the-art DG classifiers have demonstrated impressive performance across various tasks, they have shown a bias towards domain-dependent information, such as image styles, rather than domain-invariant information, such as image content. This bias renders them unreliable for deployment in risk-sensitive scenarios such as autonomous driving where a misclassification could lead to catastrophic consequences. To enable risk-averse predictions from a DG classifier, we propose a novel inference procedure, Test-Time Neural Style Smoothing (TT-NSS), that uses a "style-smoothed" version of the DG classifier for prediction at test time. Specifically, the style-smoothed classifier classifies a test image as the most probable class predicted by the DG classifier on random re-stylizations of the test image. TT-NSS uses a neural style transfer module to stylize a test image on the fly, requires only black-box access to the DG classifier, and crucially, abstains when predictions of the DG classifier on the stylized test images lack consensus. Additionally, we propose a neural style smoothing (NSS) based training procedure that can be seamlessly integrated with existing DG methods. This procedure enhances prediction consistency, improving the performance of TT-NSS on non-abstained samples. Our empirical results demonstrate the effectiveness of TT-NSS and NSS at producing and improving risk-averse predictions on unseen domains from DG classifiers trained with SOTA training methods on various benchmark datasets and their variations.
△ Less
Submitted 17 July, 2023;
originally announced July 2023.
-
Analysis of Task Transferability in Large Pre-trained Classifiers
Authors:
Akshay Mehra,
Yunbei Zhang,
Jihun Hamm
Abstract:
Transfer learning transfers the knowledge acquired by a model from a source task to multiple downstream target tasks with minimal fine-tuning. The success of transfer learning at improving performance, especially with the use of large pre-trained models has made transfer learning an essential tool in the machine learning toolbox. However, the conditions under which the performance is transferable…
▽ More
Transfer learning transfers the knowledge acquired by a model from a source task to multiple downstream target tasks with minimal fine-tuning. The success of transfer learning at improving performance, especially with the use of large pre-trained models has made transfer learning an essential tool in the machine learning toolbox. However, the conditions under which the performance is transferable to downstream tasks are not understood very well. In this work, we analyze the transfer of performance for classification tasks, when only the last linear layer of the source model is fine-tuned on the target task. We propose a novel Task Transfer Analysis approach that transforms the source distribution (and classifier) by changing the class prior distribution, label, and feature spaces to produce a new source distribution (and classifier) and allows us to relate the loss of the downstream task (i.e., transferability) to that of the source task. Concretely, our bound explains transferability in terms of the Wasserstein distance between the transformed source and downstream task's distribution, conditional entropy between the label distributions of the two tasks, and weighted loss of the source classifier on the source task. Moreover, we propose an optimization problem for learning the transforms of the source task to minimize the upper bound on transferability. We perform a large-scale empirical study by using state-of-the-art pre-trained models and demonstrate the effectiveness of our bound and optimization at predicting transferability. The results of our experiments demonstrate how factors such as task relatedness, pretraining method, and model architecture affect transferability.
△ Less
Submitted 3 July, 2023;
originally announced July 2023.
-
Understanding the Robustness of Multi-Exit Models under Common Corruptions
Authors:
Akshay Mehra,
Skyler Seto,
Navdeep Jaitly,
Barry-John Theobald
Abstract:
Multi-Exit models (MEMs) use an early-exit strategy to improve the accuracy and efficiency of deep neural networks (DNNs) by allowing samples to exit the network before the last layer. However, the effectiveness of MEMs in the presence of distribution shifts remains largely unexplored. Our work examines how distribution shifts generated by common image corruptions affect the accuracy/efficiency of…
▽ More
Multi-Exit models (MEMs) use an early-exit strategy to improve the accuracy and efficiency of deep neural networks (DNNs) by allowing samples to exit the network before the last layer. However, the effectiveness of MEMs in the presence of distribution shifts remains largely unexplored. Our work examines how distribution shifts generated by common image corruptions affect the accuracy/efficiency of MEMs. We find that under common corruptions, early-exiting at the first correct exit reduces the inference cost and provides a significant boost in accuracy ( 10%) over exiting at the last layer. However, with realistic early-exit strategies, which do not assume knowledge about the correct exits, MEMs still reduce inference cost but provide a marginal improvement in accuracy (1%) compared to exiting at the last layer. Moreover, the presence of distribution shift widens the gap between an MEM's maximum classification accuracy and realistic early-exit strategies by 5% on average compared with the gap on in-distribution data. Our empirical analysis shows that the lack of calibration due to a distribution shift increases the susceptibility of such early-exit strategies to exit early and increases misclassification rates. Furthermore, the lack of calibration increases the inconsistency in the predictions of the model across exits, leading to both inefficient inference and more misclassifications compared with evaluation on in-distribution data. Finally, we propose two metrics, underthinking and overthinking, that quantify the different behavior of practical early-exit strategy under distribution shifts, and provide insights into improving the practical utility of MEMs.
△ Less
Submitted 3 December, 2022;
originally announced December 2022.
-
Exploring Hate Speech Detection with HateXplain and BERT
Authors:
Arvind Subramaniam,
Aryan Mehra,
Sayani Kundu
Abstract:
Hate Speech takes many forms to target communities with derogatory comments, and takes humanity a step back in societal progress. HateXplain is a recently published and first dataset to use annotated spans in the form of rationales, along with speech classification categories and targeted communities to make the classification more humanlike, explainable, accurate and less biased. We tune BERT to…
▽ More
Hate Speech takes many forms to target communities with derogatory comments, and takes humanity a step back in societal progress. HateXplain is a recently published and first dataset to use annotated spans in the form of rationales, along with speech classification categories and targeted communities to make the classification more humanlike, explainable, accurate and less biased. We tune BERT to perform this task in the form of rationales and class prediction, and compare our performance on different metrics spanning across accuracy, explainability and bias. Our novelty is threefold. Firstly, we experiment with the amalgamated rationale class loss with different importance values. Secondly, we experiment extensively with the ground truth attention values for the rationales. With the introduction of conservative and lenient attentions, we compare performance of the model on HateXplain and test our hypothesis. Thirdly, in order to improve the unintended bias in our models, we use masking of the target community words and note the improvement in bias and explainability metrics. Overall, we are successful in achieving model explanability, bias removal and several incremental improvements on the original BERT implementation.
△ Less
Submitted 8 August, 2022;
originally announced August 2022.
-
On Certifying and Improving Generalization to Unseen Domains
Authors:
Akshay Mehra,
Bhavya Kailkhura,
Pin-Yu Chen,
Jihun Hamm
Abstract:
Domain Generalization (DG) aims to learn models whose performance remains high on unseen domains encountered at test-time by using data from multiple related source domains. Many existing DG algorithms reduce the divergence between source distributions in a representation space to potentially align the unseen domain close to the sources. This is motivated by the analysis that explains generalizati…
▽ More
Domain Generalization (DG) aims to learn models whose performance remains high on unseen domains encountered at test-time by using data from multiple related source domains. Many existing DG algorithms reduce the divergence between source distributions in a representation space to potentially align the unseen domain close to the sources. This is motivated by the analysis that explains generalization to unseen domains using distributional distance (such as the Wasserstein distance) to the sources. However, due to the openness of the DG objective, it is challenging to evaluate DG algorithms comprehensively using a few benchmark datasets. In particular, we demonstrate that the accuracy of the models trained with DG methods varies significantly across unseen domains, generated from popular benchmark datasets. This highlights that the performance of DG methods on a few benchmark datasets may not be representative of their performance on unseen domains in the wild. To overcome this roadblock, we propose a universal certification framework based on distributionally robust optimization (DRO) that can efficiently certify the worst-case performance of any DG method. This enables a data-independent evaluation of a DG method complementary to the empirical evaluations on benchmark datasets. Furthermore, we propose a training algorithm that can be used with any DG method to provably improve their certified performance. Our empirical evaluation demonstrates the effectiveness of our method at significantly improving the worst-case loss (i.e., reducing the risk of failure of these models in the wild) without incurring a significant performance drop on benchmark datasets.
△ Less
Submitted 24 June, 2022;
originally announced June 2022.
-
Telechain: Bridging Telecom Policy and Blockchain Practice
Authors:
Sudheesh Singanamalla,
Apurv Mehra,
Nishanth Chandran,
Himanshi Lohchab,
Seshanuradha Chava,
Asit Kadayan,
Sunil Bajpai,
Kurtis Heimerl,
Richard Anderson,
Satya Lokam
Abstract:
The use of blockchain in regulatory ecosystems is a promising approach to address challenges of compliance among mutually untrusted entities. In this work, we consider applications of blockchain technologies in telecom regulations. In particular, we address growing concerns around Unsolicited Commercial Communication (UCC aka. spam) sent through text messages (SMS) and phone calls in India. Despit…
▽ More
The use of blockchain in regulatory ecosystems is a promising approach to address challenges of compliance among mutually untrusted entities. In this work, we consider applications of blockchain technologies in telecom regulations. In particular, we address growing concerns around Unsolicited Commercial Communication (UCC aka. spam) sent through text messages (SMS) and phone calls in India. Despite several regulatory measures taken to curb the menace of spam it continues to be a nuisance to subscribers while posing challenges to telecom operators and regulators alike.
In this paper, we present a consortium blockchain based architecture to address the problem of UCC in India. Our solution improves subscriber experiences, improves the efficiency of regulatory processes while also positively impacting all stakeholders in the telecom ecosystem. Unlike previous approaches to the problem of UCC, which are all ex-post, our approach to adherence to the regulations is ex-ante. The proposal described in this paper is a primary contributor to the revision of regulations concerning UCC and spam by the Telecom Regulatory Authority of India (TRAI). The new regulations published in July 2018 were first of a kind in the world and amended the 2010 Telecom Commercial Communication Customer Preference Regulation (TCCCPR), through mandating the use of a blockchain/distributed ledgers in addressing the UCC problem. In this paper, we provide a holistic account of of the projects' evolution from (1) its design and strategy, to (2) regulatory and policy action, (3) country wide implementation and deployment, and (4) evaluation and impact of the work.
△ Less
Submitted 24 May, 2022;
originally announced May 2022.
-
Certified Adversarial Defenses Meet Out-of-Distribution Corruptions: Benchmarking Robustness and Simple Baselines
Authors:
Jiachen Sun,
Akshay Mehra,
Bhavya Kailkhura,
Pin-Yu Chen,
Dan Hendrycks,
Jihun Hamm,
Z. Morley Mao
Abstract:
Certified robustness guarantee gauges a model's robustness to test-time attacks and can assess the model's readiness for deployment in the real world. In this work, we critically examine how the adversarial robustness guarantees from randomized smoothing-based certification methods change when state-of-the-art certifiably robust models encounter out-of-distribution (OOD) data. Our analysis demonst…
▽ More
Certified robustness guarantee gauges a model's robustness to test-time attacks and can assess the model's readiness for deployment in the real world. In this work, we critically examine how the adversarial robustness guarantees from randomized smoothing-based certification methods change when state-of-the-art certifiably robust models encounter out-of-distribution (OOD) data. Our analysis demonstrates a previously unknown vulnerability of these models to low-frequency OOD data such as weather-related corruptions, rendering these models unfit for deployment in the wild. To alleviate this issue, we propose a novel data augmentation scheme, FourierMix, that produces augmentations to improve the spectral coverage of the training data. Furthermore, we propose a new regularizer that encourages consistent predictions on noise perturbations of the augmented data to improve the quality of the smoothed models. We find that FourierMix augmentations help eliminate the spectral bias of certifiably robust models enabling them to achieve significantly better robustness guarantees on a range of OOD benchmarks. Our evaluation also uncovers the inability of current OOD benchmarks at highlighting the spectral biases of the models. To this end, we propose a comprehensive benchmarking suite that contains corruptions from different regions in the spectral domain. Evaluation of models trained with popular augmentation methods on the proposed suite highlights their spectral biases and establishes the superiority of FourierMix trained models at achieving better-certified robustness guarantees under OOD shifts over the entire frequency spectrum.
△ Less
Submitted 1 December, 2021;
originally announced December 2021.
-
Understanding the Limits of Unsupervised Domain Adaptation via Data Poisoning
Authors:
Akshay Mehra,
Bhavya Kailkhura,
Pin-Yu Chen,
Jihun Hamm
Abstract:
Unsupervised domain adaptation (UDA) enables cross-domain learning without target domain labels by transferring knowledge from a labeled source domain whose distribution differs from that of the target. However, UDA is not always successful and several accounts of `negative transfer' have been reported in the literature. In this work, we prove a simple lower bound on the target domain error that c…
▽ More
Unsupervised domain adaptation (UDA) enables cross-domain learning without target domain labels by transferring knowledge from a labeled source domain whose distribution differs from that of the target. However, UDA is not always successful and several accounts of `negative transfer' have been reported in the literature. In this work, we prove a simple lower bound on the target domain error that complements the existing upper bound. Our bound shows the insufficiency of minimizing source domain error and marginal distribution mismatch for a guaranteed reduction in the target domain error, due to the possible increase of induced labeling function mismatch. This insufficiency is further illustrated through simple distributions for which the same UDA approach succeeds, fails, and may succeed or fail with an equal chance. Motivated from this, we propose novel data poisoning attacks to fool UDA methods into learning representations that produce large target domain errors. We evaluate the effect of these attacks on popular UDA methods using benchmark datasets where they have been previously shown to be successful. Our results show that poisoning can significantly decrease the target domain accuracy, drop** it to almost 0% in some cases, with the addition of only 10% poisoned data in the source domain. The failure of these UDA methods demonstrates their limitations at guaranteeing cross-domain generalization consistent with our lower bound. Thus, evaluating UDA methods in adversarial settings such as data poisoning provides a better sense of their robustness to data distributions unfavorable for UDA.
△ Less
Submitted 3 November, 2021; v1 submitted 8 July, 2021;
originally announced July 2021.
-
Machine Learning with Electronic Health Records is vulnerable to Backdoor Trigger Attacks
Authors:
Byunggill Joe,
Akshay Mehra,
Insik Shin,
Jihun Hamm
Abstract:
Electronic Health Records (EHRs) provide a wealth of information for machine learning algorithms to predict the patient outcome from the data including diagnostic information, vital signals, lab tests, drug administration, and demographic information. Machine learning models can be built, for example, to evaluate patients based on their predicted mortality or morbidity and to predict required reso…
▽ More
Electronic Health Records (EHRs) provide a wealth of information for machine learning algorithms to predict the patient outcome from the data including diagnostic information, vital signals, lab tests, drug administration, and demographic information. Machine learning models can be built, for example, to evaluate patients based on their predicted mortality or morbidity and to predict required resources for efficient resource management in hospitals. In this paper, we demonstrate that an attacker can manipulate the machine learning predictions with EHRs easily and selectively at test time by backdoor attacks with the poisoned training data. Furthermore, the poison we create has statistically similar features to the original data making it hard to detect, and can also attack multiple machine learning models without any knowledge of the models. With less than 5% of the raw EHR data poisoned, we achieve average attack success rates of 97% on mortality prediction tasks with MIMIC-III database against Logistic Regression, Multilayer Perceptron, and Long Short-term Memory models simultaneously.
△ Less
Submitted 15 June, 2021;
originally announced June 2021.
-
COVID-19 Tests Gone Rogue: Privacy, Efficacy, Mismanagement and Misunderstandings
Authors:
Manuel Morales,
Rachel Barbar,
Darshan Gandhi,
Sanskruti Landage,
Joseph Bae,
Arpita Vats,
Jil Kothari,
Sheshank Shankar,
Rohan Sukumaran,
Himi Mathur,
Krutika Misra,
Aishwarya Saxena,
Parth Patwa,
Sethuraman T. V.,
Maurizio Arseni,
Shailesh Advani,
Kasia Jakimowicz,
Sunaina Anand,
Priyanshi Katiyar,
Ashley Mehra,
Rohan Iyer,
Srinidhi Murali,
Aryan Mahindra,
Mikhail Dmitrienko,
Saurish Srivastava
, et al. (5 additional authors not shown)
Abstract:
COVID-19 testing, the cornerstone for effective screening and identification of COVID-19 cases, remains paramount as an intervention tool to curb the spread of COVID-19 both at local and national levels. However, the speed at which the pandemic struck and the response was rolled out, the widespread impact on healthcare infrastructure, the lack of sufficient preparation within the public health sys…
▽ More
COVID-19 testing, the cornerstone for effective screening and identification of COVID-19 cases, remains paramount as an intervention tool to curb the spread of COVID-19 both at local and national levels. However, the speed at which the pandemic struck and the response was rolled out, the widespread impact on healthcare infrastructure, the lack of sufficient preparation within the public health system, and the complexity of the crisis led to utter confusion among test-takers. Invasion of privacy remains a crucial concern. The user experience of test takers remains low. User friction affects user behavior and discourages participation in testing programs. Test efficacy has been overstated. Test results are poorly understood resulting in inappropriate follow-up recommendations. Herein, we review the current landscape of COVID-19 testing, identify four key challenges, and discuss the consequences of the failure to address these challenges. The current infrastructure around testing and information propagation is highly privacy-invasive and does not leverage scalable digital components. In this work, we discuss challenges complicating the existing covid-19 testing ecosystem and highlight the need to improve the testing experience for the user and reduce privacy invasions. Digital tools will play a critical role in resolving these challenges.
△ Less
Submitted 7 May, 2021; v1 submitted 5 January, 2021;
originally announced January 2021.
-
Digital Landscape of COVID-19 Testing: Challenges and Opportunities
Authors:
Darshan Gandhi,
Rohan Sukumaran,
Priyanshi Katiyar,
Alex Radunsky,
Sunaina Anand,
Shailesh Advani,
Jil Kothari,
Kasia Jakimowicz,
Sheshank Shankar,
Sethuraman T. V.,
Krutika Misra,
Aishwarya Saxena,
Sanskruti Landage,
Richa Sonker,
Parth Patwa,
Aryan Mahindra,
Mikhail Dmitrienko,
Kanishka Vaish,
Ashley Mehra,
Srinidhi Murali,
Rohan Iyer,
Joseph Bae,
Vivek Sharma,
Abhishek Singh,
Rachel Barbar
, et al. (1 additional authors not shown)
Abstract:
The COVID-19 Pandemic has left a devastating trail all over the world, in terms of loss of lives, economic decline, travel restrictions, trade deficit, and collapsing economy including real-estate, job loss, loss of health benefits, the decline in quality of access to care and services and overall quality of life. Immunization from the anticipated vaccines will not be the stand-alone guideline tha…
▽ More
The COVID-19 Pandemic has left a devastating trail all over the world, in terms of loss of lives, economic decline, travel restrictions, trade deficit, and collapsing economy including real-estate, job loss, loss of health benefits, the decline in quality of access to care and services and overall quality of life. Immunization from the anticipated vaccines will not be the stand-alone guideline that will help surpass the pandemic and return to normalcy. Four pillars of effective public health intervention include diagnostic testing for both asymptomatic and symptomatic individuals, contact tracing, quarantine of individuals with symptoms or who are exposed to COVID-19, and maintaining strict hygiene standards at the individual and community level. Digital technology, currently being used for COVID-19 testing include certain mobile apps, web dashboards, and online self-assessment tools. Herein, we look into various digital solutions adapted by communities across universities, businesses, and other organizations. We summarize the challenges experienced using these tools in terms of quality of information, privacy, and user-centric issues. Despite numerous digital solutions available and being developed, many vary in terms of information being shared in terms of both quality and quantity, which can be overwhelming to the users. Understanding the testing landscape through a digital lens will give a clear insight into the multiple challenges that we face including data privacy, cost, and miscommunication. It is the destiny of digitalization to navigate testing for COVID-19. Block-chain based systems can be used for privacy preservation and ensuring ownership of the data to remain with the user. Another solution involves having digital health passports with relevant and correct information. In this early draft, we summarize the challenges and propose possible solutions to address the same.
△ Less
Submitted 3 December, 2020;
originally announced December 2020.
-
How Robust are Randomized Smoothing based Defenses to Data Poisoning?
Authors:
Akshay Mehra,
Bhavya Kailkhura,
Pin-Yu Chen,
Jihun Hamm
Abstract:
Predictions of certifiably robust classifiers remain constant in a neighborhood of a point, making them resilient to test-time attacks with a guarantee. In this work, we present a previously unrecognized threat to robust machine learning models that highlights the importance of training-data quality in achieving high certified adversarial robustness. Specifically, we propose a novel bilevel optimi…
▽ More
Predictions of certifiably robust classifiers remain constant in a neighborhood of a point, making them resilient to test-time attacks with a guarantee. In this work, we present a previously unrecognized threat to robust machine learning models that highlights the importance of training-data quality in achieving high certified adversarial robustness. Specifically, we propose a novel bilevel optimization-based data poisoning attack that degrades the robustness guarantees of certifiably robust classifiers. Unlike other poisoning attacks that reduce the accuracy of the poisoned models on a small set of target points, our attack reduces the average certified radius (ACR) of an entire target class in the dataset. Moreover, our attack is effective even when the victim trains the models from scratch using state-of-the-art robust training methods such as Gaussian data augmentation\cite{cohen2019certified}, MACER\cite{zhai2020macer}, and SmoothAdv\cite{salman2019provably} that achieve high certified adversarial robustness. To make the attack harder to detect, we use clean-label poisoning points with imperceptible distortions. The effectiveness of the proposed method is evaluated by poisoning MNIST and CIFAR10 datasets and training deep neural networks using previously mentioned training methods and certifying the robustness with randomized smoothing. The ACR of the target class, for models trained on generated poison data, can be reduced by more than 30\%. Moreover, the poisoned data is transferable to models trained with different training methods and models with different architectures.
△ Less
Submitted 30 March, 2021; v1 submitted 2 December, 2020;
originally announced December 2020.
-
Blockene: A High-throughput Blockchain Over Mobile Devices
Authors:
Sambhav Satija,
Apurv Mehra,
Sudheesh Singanamalla,
Karan Grover,
Muthian Sivathanu,
Nishanth Chandran,
Divya Gupta,
Satya Lokam
Abstract:
We introduce Blockene, a blockchain that reduces resource usage at member nodes by orders of magnitude, requiring only a smartphone to participate in block validation and consensus. Despite being lightweight, Blockene provides a high throughput of transactions and scales to a large number of participants. Blockene consumes negligible battery and data in smartphones, enabling millions of users to p…
▽ More
We introduce Blockene, a blockchain that reduces resource usage at member nodes by orders of magnitude, requiring only a smartphone to participate in block validation and consensus. Despite being lightweight, Blockene provides a high throughput of transactions and scales to a large number of participants. Blockene consumes negligible battery and data in smartphones, enabling millions of users to participate in the blockchain without incentives, to secure transactions with their collective honesty. Blockene achieves these properties with a novel split-trust design based on delegating storage and gossip to untrusted nodes.
We show, with a prototype implementation, that Blockene provides throughput of 1045 transactions/sec, and runs with very low resource usage on smartphones, pointing to a new paradigm for building secure, decentralized applications.
△ Less
Submitted 14 October, 2020;
originally announced October 2020.
-
COVID-19 Contact-Tracing Mobile Apps: Evaluation and Assessment for Decision Makers
Authors:
Ramesh Raskar,
Greg Nadeau,
John Werner,
Rachel Barbar,
Ashley Mehra,
Gabriel Harp,
Markus Leopoldseder,
Bryan Wilson,
Derrick Flakoll,
Praneeth Vepakomma,
Deepti Pahwa,
Robson Beaudry,
Emelin Flores,
Maciej Popielarz,
Akanksha Bhatia,
Andrea Nuzzo,
Matt Gee,
Jay Summet,
Rajeev Surati,
Bikram Khastgir,
Francesco Maria Benedetti,
Kristen Vilcans,
Sienna Leis,
Khahlil Louisy
Abstract:
A number of groups, from governments to non-profits, have quickly acted to innovate the contact-tracing process: they are designing, building, and launching contact-tracing apps in response to the COVID-19 crisis. A diverse range of approaches exist, creating challenging choices for officials looking to implement contact-tracing technology in their community and raising concerns about these choice…
▽ More
A number of groups, from governments to non-profits, have quickly acted to innovate the contact-tracing process: they are designing, building, and launching contact-tracing apps in response to the COVID-19 crisis. A diverse range of approaches exist, creating challenging choices for officials looking to implement contact-tracing technology in their community and raising concerns about these choices among citizens asked to participate in contact tracing. We are frequently asked how to evaluate and differentiate between the options for contact-tracing applications. Here, we share the questions we ask about app features and plans when reviewing the many contact-tracing apps appearing on the global stage.
△ Less
Submitted 3 June, 2020;
originally announced June 2020.
-
Black-box Explanation of Object Detectors via Saliency Maps
Authors:
Vitali Petsiuk,
Rajiv Jain,
Varun Manjunatha,
Vlad I. Morariu,
Ashutosh Mehra,
Vicente Ordonez,
Kate Saenko
Abstract:
We propose D-RISE, a method for generating visual explanations for the predictions of object detectors. Utilizing the proposed similarity metric that accounts for both localization and categorization aspects of object detection allows our method to produce saliency maps that show image areas that most affect the prediction. D-RISE can be considered "black-box" in the software testing sense, as it…
▽ More
We propose D-RISE, a method for generating visual explanations for the predictions of object detectors. Utilizing the proposed similarity metric that accounts for both localization and categorization aspects of object detection allows our method to produce saliency maps that show image areas that most affect the prediction. D-RISE can be considered "black-box" in the software testing sense, as it only needs access to the inputs and outputs of an object detector. Compared to gradient-based methods, D-RISE is more general and agnostic to the particular type of object detector being tested, and does not need knowledge of the inner workings of the model. We show that D-RISE can be easily applied to different object detectors including one-stage detectors such as YOLOv3 and two-stage detectors such as Faster-RCNN. We present a detailed analysis of the generated visual explanations to highlight the utilization of context and possible biases learned by object detectors.
△ Less
Submitted 10 June, 2021; v1 submitted 4 June, 2020;
originally announced June 2020.
-
NTIRE 2020 Challenge on NonHomogeneous Dehazing
Authors:
Codruta O. Ancuti,
Cosmin Ancuti,
Florin-Alexandru Vasluianu,
Radu Timofte,
**g Liu,
Haiyan Wu,
Yuan Xie,
Yanyun Qu,
Lizhuang Ma,
Ziling Huang,
Qili Deng,
Ju-Chin Chao,
Tsung-Shan Yang,
Peng-Wen Chen,
Po-Min Hsu,
Tzu-Yi Liao,
Chung-En Sun,
Pei-Yuan Wu,
Jeonghyeok Do,
Jongmin Park,
Munchurl Kim,
Kareem Metwaly,
Xuelu Li,
Tiantong Guo,
Vishal Monga
, et al. (27 additional authors not shown)
Abstract:
This paper reviews the NTIRE 2020 Challenge on NonHomogeneous Dehazing of images (restoration of rich details in hazy image). We focus on the proposed solutions and their results evaluated on NH-Haze, a novel dataset consisting of 55 pairs of real haze free and nonhomogeneous hazy images recorded outdoor. NH-Haze is the first realistic nonhomogeneous haze dataset that provides ground truth images.…
▽ More
This paper reviews the NTIRE 2020 Challenge on NonHomogeneous Dehazing of images (restoration of rich details in hazy image). We focus on the proposed solutions and their results evaluated on NH-Haze, a novel dataset consisting of 55 pairs of real haze free and nonhomogeneous hazy images recorded outdoor. NH-Haze is the first realistic nonhomogeneous haze dataset that provides ground truth images. The nonhomogeneous haze has been produced using a professional haze generator that imitates the real conditions of haze scenes. 168 participants registered in the challenge and 27 teams competed in the final testing phase. The proposed solutions gauge the state-of-the-art in image dehazing.
△ Less
Submitted 7 May, 2020;
originally announced May 2020.
-
Leveraging GANs to Improve Continuous Path Keyboard Input Models
Authors:
Akash Mehra,
Jerome R. Bellegarda,
Ojas Bapat,
Partha Lal,
Xin Wang
Abstract:
Continuous path keyboard input has higher inherent ambiguity than standard tap**, because the path trace may exhibit not only local overshoots/undershoots (as in tap**) but also, depending on the user, substantial mid-path excursions. Deploying a robust solution thus requires a large amount of high-quality training data, which is difficult to collect/annotate. In this work, we address this cha…
▽ More
Continuous path keyboard input has higher inherent ambiguity than standard tap**, because the path trace may exhibit not only local overshoots/undershoots (as in tap**) but also, depending on the user, substantial mid-path excursions. Deploying a robust solution thus requires a large amount of high-quality training data, which is difficult to collect/annotate. In this work, we address this challenge by using GANs to augment our training corpus with user-realistic synthetic data. Experiments show that, even though GAN-generated data does not capture all the characteristics of real user data, it still provides a substantial boost in accuracy at a 5:1 GAN-to-real ratio. GANs therefore inject more robustness in the model through greatly increased word coverage and path diversity.
△ Less
Submitted 6 October, 2020; v1 submitted 6 April, 2020;
originally announced April 2020.
-
Penalty Method for Inversion-Free Deep Bilevel Optimization
Authors:
Akshay Mehra,
Jihun Hamm
Abstract:
Solving a bilevel optimization problem is at the core of several machine learning problems such as hyperparameter tuning, data denoising, meta- and few-shot learning, and training-data poisoning. Different from simultaneous or multi-objective optimization, the steepest descent direction for minimizing the upper-level cost in a bilevel problem requires the inverse of the Hessian of the lower-level…
▽ More
Solving a bilevel optimization problem is at the core of several machine learning problems such as hyperparameter tuning, data denoising, meta- and few-shot learning, and training-data poisoning. Different from simultaneous or multi-objective optimization, the steepest descent direction for minimizing the upper-level cost in a bilevel problem requires the inverse of the Hessian of the lower-level cost. In this work, we propose a novel algorithm for solving bilevel optimization problems based on the classical penalty function approach. Our method avoids computing the Hessian inverse and can handle constrained bilevel problems easily. We prove the convergence of the method under mild conditions and show that the exact hypergradient is obtained asymptotically. Our method's simplicity and small space and time complexities enable us to effectively solve large-scale bilevel problems involving deep neural networks. We present results on data denoising, few-shot learning, and training-data poisoning problems in a large-scale setting. Our results show that our approach outperforms or is comparable to previously proposed methods based on automatic differentiation and approximate inversion in terms of accuracy, run-time, and convergence speed.
△ Less
Submitted 5 October, 2021; v1 submitted 8 November, 2019;
originally announced November 2019.
-
Fast Interactive Image Retrieval using large-scale unlabeled data
Authors:
Akshay Mehra,
Jihun Hamm,
Mikhail Belkin
Abstract:
An interactive image retrieval system learns which images in the database belong to a user's query concept, by analyzing the example images and feedback provided by the user. The challenge is to retrieve the relevant images with minimal user interaction. In this work, we propose to solve this problem by posing it as a binary classification task of classifying all images in the database as being re…
▽ More
An interactive image retrieval system learns which images in the database belong to a user's query concept, by analyzing the example images and feedback provided by the user. The challenge is to retrieve the relevant images with minimal user interaction. In this work, we propose to solve this problem by posing it as a binary classification task of classifying all images in the database as being relevant or irrelevant to the user's query concept. Our method combines active learning with graph-based semi-supervised learning (GSSL) to tackle this problem. Active learning reduces the number of user interactions by querying the labels of the most informative points and GSSL allows to use abundant unlabeled data along with the limited labeled data provided by the user. To efficiently find the most informative point, we use an uncertainty sampling based method that queries the label of the point nearest to the decision boundary of the classifier. We estimate this decision boundary using our heuristic of adaptive threshold. To utilize huge volumes of unlabeled data we use an efficient approximation based method that reduces the complexity of GSSL from $O(n^3)$ to $O(n)$, making GSSL scalable. We make the classifier robust to the diversity and noisy labels associated with images in large databases by incorporating information from multiple modalities such as visual information extracted from deep learning based models and semantic information extracted from the WordNet. High F1 scores within few relevance feedback rounds in our experiments with concepts defined on AnimalWithAttributes and Imagenet (1.2 million images) datasets indicate the effectiveness and scalability of our approach.
△ Less
Submitted 12 February, 2018;
originally announced February 2018.
-
Machine vs Machine: Minimax-Optimal Defense Against Adversarial Examples
Authors:
Jihun Hamm,
Akshay Mehra
Abstract:
Recently, researchers have discovered that the state-of-the-art object classifiers can be fooled easily by small perturbations in the input unnoticeable to human eyes. It is also known that an attacker can generate strong adversarial examples if she knows the classifier parameters. Conversely, a defender can robustify the classifier by retraining if she has access to the adversarial examples. We e…
▽ More
Recently, researchers have discovered that the state-of-the-art object classifiers can be fooled easily by small perturbations in the input unnoticeable to human eyes. It is also known that an attacker can generate strong adversarial examples if she knows the classifier parameters. Conversely, a defender can robustify the classifier by retraining if she has access to the adversarial examples. We explain and formulate this adversarial example problem as a two-player continuous zero-sum game, and demonstrate the fallacy of evaluating a defense or an attack as a static problem. To find the best worst-case defense against whitebox attacks, we propose a continuous minimax optimization algorithm. We demonstrate the minimax defense with two types of attack classes -- gradient-based and neural network-based attacks. Experiments with the MNIST and the CIFAR-10 datasets demonstrate that the defense found by numerical minimax optimization is indeed more robust than non-minimax defenses. We discuss directions for improving the result toward achieving robustness against multiple types of attack classes.
△ Less
Submitted 26 June, 2018; v1 submitted 12 November, 2017;
originally announced November 2017.
-
A Framework for Techniques for Information Technology Enabled Innovation
Authors:
Yajur Chadha,
Aditi Mehra,
Shirley Gregor,
Alex Richardson
Abstract:
Australia is seen as lagging in the innovation that is needed for corporate success and national productivity gains. There is an apparent lack of consistent and integrated advice to managers on how to undertake innovation. Thus, this study aims to develop and investigate a framework that relates innovation practices to the type of innovation outcome, in the context of Information Technology (IT) e…
▽ More
Australia is seen as lagging in the innovation that is needed for corporate success and national productivity gains. There is an apparent lack of consistent and integrated advice to managers on how to undertake innovation. Thus, this study aims to develop and investigate a framework that relates innovation practices to the type of innovation outcome, in the context of Information Technology (IT) enabled innovations. An Innovation Practice Framework was developed based on the Knowledge-Innovation Matrix (KIM) proposed by Gregor and Hevner (2015). Eleven commonly used innovation techniques (practices) were identified and placed in one or more of the quadrants: invention, advancement, exaptation and exploitation. Interviews were conducted with key informants in nine organisations in the Australian Capital Territory. Results showed that the least used techniques were skunk works and crowdsourcing. The most used techniques were traditional market research, brainstorming and design thinking. The Innovation Practice Framework was given some support, with genius grants being related to invention outcomes, design thinking with exaptation, traditional R&D with advancement and managerial scanning with exploitation. The study contributes theoretically with the new Innovation Practice Framework and has the potential to be useful to managers in showing how benefits can be gained from a range of innovation practices. Further work is in progress.
△ Less
Submitted 8 June, 2016;
originally announced June 2016.
-
Scope of cloud computing for SMEs in India
Authors:
Monika Sharma,
Ashwani Mehra,
Haresh Jola,
Anand Kumar,
Madhvendra Misra,
Vijayshri Tiwari
Abstract:
Cloud computing is a set of services that provide infrastructure resources using internet media and data storage on a third party server. SMEs are said to be the lifeblood of any vibrant economy. They are known to be the silent drivers of a nation's economy. SMEs of India are one of the most aggressive adopters of ERP Packages. Most of the Indian SMEs have adopted the traditional ERP Systems and h…
▽ More
Cloud computing is a set of services that provide infrastructure resources using internet media and data storage on a third party server. SMEs are said to be the lifeblood of any vibrant economy. They are known to be the silent drivers of a nation's economy. SMEs of India are one of the most aggressive adopters of ERP Packages. Most of the Indian SMEs have adopted the traditional ERP Systems and have incurred a heavy cost while implementing these systems. This paper presents the cost savings and reduction in the level of difficulty in adopting a cloud computing Service (CCS) enabled ERP system. For the study, IT people from 30 North Indian SMEs were interviewed. In the cloud computing environment the SMEs will not have to own the infrastructure so they can abstain from any capital expenditure and instead they can utilize the resources as a service and pay as per their usage. We consider the results of the paper to be supportive to our proposed research concept.
△ Less
Submitted 21 May, 2010;
originally announced May 2010.
-
Intelligent System for Speaker Identification using Lip features with PCA and ICA
Authors:
Anuj Mehra,
Anupam Shukla,
Mahender Kumawat,
Rajiv Ranjan,
Ritu Tiwari
Abstract:
Biometric authentication techniques are more consistent and efficient than conventional authentication techniques and can be used in monitoring, transaction authentication, information retrieval, access control, forensics, etc. In this paper, we have presented a detailed comparative analysis between Principle Component Analysis (PCA) and Independent Component Analysis (ICA) which are used for feat…
▽ More
Biometric authentication techniques are more consistent and efficient than conventional authentication techniques and can be used in monitoring, transaction authentication, information retrieval, access control, forensics, etc. In this paper, we have presented a detailed comparative analysis between Principle Component Analysis (PCA) and Independent Component Analysis (ICA) which are used for feature extraction on the basis of different Artificial Neural Network (ANN) such as Back Propagation (BP), Radial Basis Function (RBF) and Learning Vector Quantization (LVQ). In this paper, we have chosen "TULIPS1 database, (Movellan, 1995)" which is a small audiovisual database of 12 subjects saying the first 4 digits in English for the incorporation of above methods. The six geometric lip features i.e. height of the outer corners of the mouth, width of the outer corners of the mouth, height of the inner corners of the mouth, width of the inner corners of the mouth, height of the upper lip, and height of the lower lip which extracts the identity relevant information are considered for the research work. After the comprehensive analysis and evaluation a maximum of 91.07% accuracy in speaker recognition is achieved using PCA and RBF and 87.36% accuracy is achieved using ICA and RBF. Speaker identification has a wide scope of applications such as access control, monitoring, transaction authentication, information retrieval, forensics, etc.
△ Less
Submitted 26 April, 2010;
originally announced April 2010.