Prof. Dr. Mario Fritz
Faculty
CISPA Helmholtz Center for Information Security
Professor
Saarland University
Fellow
European Laboratory for Learning and Intelligent Systems (ELLIS)
Google Scholar
Semantic Scholar
We are looking for PhD students and Post-Docs! Please get in touch.
My group is working on Trustworthy Information Processing with a focus on the intersection of AI & Machine Learning with Security & Privacy.
Recent projects and initiatives related to health, privacy, AI:
- Leading Scientist: Helmholtz Medical Security, Privacy, and AI Research Center (HMSP)
- Coordinator and PI: Trustworthy Federated Data Analytics Project (TFDA)
- Coordinator and PI: Protecting Genetic Data with Synthetic Cohorts from Deep Generative Models (PRO-GENE-GEN)
- PI: Integrated Early Warning System for Local Recognition, Prevention, and Control for Epidemic Outbreaks (LOKI)
- Partner-PI: The German Human Genome-Phenome Archive (GHGA)
- Member of working group in “Forum Gesundheit” of BMBF: “AG Nutzbarmachung digitaler Daten für KI-Entwicklungen in der Gesundheitsforschung”
Recent work on DeepFake detecting, misinformation, attribution,and responsible disclosure:
- ICLR’22: Responsible Disclosure of Generative Models Using Scalable Fingerprinting
- ArXiv’21: Open-Domain, Content-based, Multi-modal Fact-checking of Out-of-Context Images via Online Resources
- ICCV’21: Artificial Fingerprinting for Generative Models: Rooting Deepfake Attribution in Training Data
- S&P’21: Adversarial Watermarking Transformer: Towards Tracing Text Provenance with Data Hiding
- IJCAI’21: Beyond the Spectrum: Detecting Deepfakes via Re-Synthesis
- CVPR’21: Hijack-GAN: Unintended-Use of Pretrained, Black-Box GANs
- ICCV’19: Attributing Fake Images to GANs: Learning and Analyzing GAN Fingerprints
Recent publications:
- ICLR’22: Responsible Disclosure of Generative Models Using Scalable Fingerprinting
- ICLR’22: RelaxLoss: Defending Membership Inference Attacks without Losing Utility
- Usenix’22: ML-Doctor: Holistic Risk Assessment of Inference Attacks Against Machine Learning Models
- PETS’22: Understanding Utility and Privacy of Demographic Data in Education Technology by Causal Analysis and Adversarial-Censoring
- IJCV’21: Semantic Bottlenecks: Quantifying and Improving Inspectability of Deep Representations
- CCS-W’21: Differential Privacy Defenses and Sampling Attacks for Membership Inference
- CCS-W’21: “What’s in the box?!”: Deflecting Adversarial Attacks by Randomly Deploying Adversarially-Disjoint Models
- PKDD-W’21: IReEn: Reverse-Engineering of Black-Box Functions via Iterative Neural Program Synthesis
- PKDD-W’21: SampleFix: Learning to Generate Functionally Diverse Fixes
- ICCV’21: Artificial Fingerprinting for Generative Models: Rooting Deepfake Attribution in Training Data
- ICCV’21: Dual Contrastive Loss and Attention for GANs
- EXCLI’21: Privacy Considerations for Sharing Genomics Data
- IJCAI’21: Beyond the Spectrum: Detecting Deepfakes via Re-Synthesis
- S&P’21: Adversarial Watermarking Transformer: Towards Tracing Text Provenance with Data Hiding
- CVPR’21: Hijack-GAN: Unintended-Use of Pretrained, Black-Box GANs
- CVPR’21: Convolutional Dynamic Alignment Networks for Interpretable Classifications
- CVPR’21: Euro-PVI: Pedestrian Vehicle Interactions in Dense Urban Centers
- CVPR-W’21: MLCapsule: Guarded Offline Deployment of Machine Learning as a Service
- CVPR-W’21: InfoScrub: Towards Attribute Privacy by Targeted Obfuscation
- WACV’21: Future Moment Assessment for Action Query
- NeurIPS’20: GS-WGAN: A Gradient-Sanitized Approach for Learning Differentially Private Generators
- NeurIPS-W’20: SampleFix: Learning to Correct Programs by Sampling Diverse Fixes
- NeurIPS-W’20: IReEn: Iterative Reverse-Engineering of Black-Box Functions via Neural Program Synthesis
- NeurIPS-W’20: Haar Wavelet based Block Autoregressive Flows for Trajectories
- CCS’20: VisualPhishNet: Zero-Day Phishing Website Detection by Visual Similarity
- CCS’20: GAN-Leaks: A Taxonomy of Membership Inference Attacks against GANs
- S&P’20: Automatically Detecting Bystanders in Photos to Reduce Privacy Risks
- USENIX Security’20: Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning
- ICLR’20: Prediction Poisoning: Utility-Constrained Defenses Against Model Stealing Attacks
- CVPR’20: Towards Causal VQA: Revealing and Reducing Spurious Correlations by Invariant and Covariant Semantic Editing
- CVPR’20: Normalizing Flows with Multi-scale Autoregressive Priors
- ECCV’20: Towards Automated Testing and Robustification by Semantic Adversarial Data Generation
- ECCV’20: Inclusive GAN: Improving Data and Minority Coverage in Generative Models
- ECCV’20: Segmentations-Leak: Membership Inference Attacks and Defenses in Semantic Image Segmentation
- ECCV-W’20: Body Shape Privacy in Images: Understanding Privacy and Preventing Automatic Shape Extraction
- ECCV-W’20: Synthetic Convolutional Features for Improved Semantic Segmentation
- NEUCOM’20: Deep gaze pooling: Inferring and visually decoding search intents from human gaze fixations
- GCPR’20: Semantic Bottlenecks: Quantifying & Improving Inspectability of Deep Representations
- GCPR’20: Long-Tailed Recognition Using Class-Balanced Experts
- GCPR’20: Haar Wavelet based Block Autoregressive Flows for Trajectories
- TPAMI’20: Person Recognition in Personal Photo Collections
- Explainable AI Book: Towards reverse-engineering black-box neural networks
Most recent work on ArXiv:
- ArXiv’21: Open-Domain, Content-based, Multi-modal Fact-checking of Out-of-Context Images via Online Resources
- ArXiv’21: Backdoor Attacks on Network Certification via Data Poisoning
- ArXiv’21: Responsible Disclosure of Generative Models Using Scalable Fingerprinting
- ArXiv’20: CosSGD: Nonlinear Quantization for Communication-efficient Federated Learning
News, talks, events:
- Recent program committees: ICML’21, NeurIPS’21, S&P’22, EuroS&P’22, CVPR’22 (AC); CCS’22
- Runner-up Inria/CNIL Privacy Protection Prize 2020
S&P’20 paper: “Automatically Detecting Bystanders in Photos to Reduce Privacy Risks” - Co-Organizers of ICLR’21 Workshop on “Synthetic Data Generation – Quality, Privacy, Bias”
- Co-Organizers of CVPR’21 Workshop on “QuoVadis: Interdisciplinary, Socio-Technical Workshop on the Future of Computer Vision and Pattern Recognition (QuoVadis-CVPR)”
- Co-Organizers of CVPR’21 Workshop on “Causality in Vision”
- Founding member of Saarbrücken Artificial Intelligence & Machine Learning (SAM) unit of the European Laboratory of Learning and Intelligent Systems (ELLIS)
- Lecturer at Digital CISPA Summer School 2020
- Co-Organizer of Third International Workshop on The Bright and Dark Sides of Computer Vision: Challenges and Opportunities for Privacy and Security (CV-COPS) at ECCV 2020
- Co-Organizer: 4. ACM Symposium on Computer Science in Cars: Future Challenges in Artificial Intelligence & Security for Autonomous Vehicles CSCS’20
- Keynote at Workshop Machine Learning for Cybersecurity, ECMLPKDD’19
- Talk at Cyber Defense Campus (CYD) Conference on Artificial Intelligence in Defence and Security
- Co-Organizer of Second International Workshop on The Bright and Dark Sides of Computer Vision: Challenges and Opportunities for Privacy and Security (CV-COPS) at CVPR 2019
- Co-Organizer: 3. ACM Symposium on Computer Science in Cars: Future Challenges in Artificial Intelligence & Security for Autonomous Vehicles CSCS’19
- Leading scientist at new Helmholtz Medical Security and Privacy Research Center
- Member of ACM Technical Policy Committee Europe
- Mateusz Malinowski received the DAGM MVTec dissertation award as well as the Dr.-Eduard-Martin award for his PhD
- Associate Editor for IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI)
2015
Journal Articles
Learning to detect visual grasp affordance Journal Article
In: IEEE Transactions on Automation Science and Engineering (TASE), 2015.
Inproceedings
Ask Your Neurons: A Neural-based Approach to Answering Questions about Images Inproceedings
In: IEEE International Conference on Computer Vision (ICCV), 2015, (oral).
See the Difference: Direct Pre-Image Reconstruction and Pose Estimation by Differentiating HOG Inproceedings
In: IEEE International Conference on Computer Vision (ICCV), 2015.
Person Recognition in Personal Photo Collections Inproceedings
In: IEEE International Conference on Computer Vision (ICCV), 2015.
Teaching Robots the Use of Human Tools from Demonstration with Non-Dexterous End-Effectors Inproceedings
In: IEEE RAS International Conference on Humanoid Robots (HUMANOIDS), 2015, (to appear).
Appearance-based gaze estimation in the wild Inproceedings
In: IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2015.
Prediction of search targets from fixations in open-world settings Inproceedings
In: IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2015.
Hard to Cheat: A Turing Test based on Answering Questions about Images Inproceedings
In: AAAI Workshop Beyond The Turing Test, 2015.
Masters Theses
Contextual Media Retrieval Using Natural Language Queries Masters Thesis
Saarland University, 2015.
Miscellaneous
Bridging the Gap Between Synthetic and Real Data Miscellaneous
Machine Learning with Interdependent and Non-identically Distributed Data (Dagstuhl Seminar 15152), 2015, (to appear).
Technical Reports
Deep Reflectance Maps Technical Report
arXiv:1511.04384 [cs.CV], 2015.
Person Recognition in Personal Photo Collections Technical Report
arXiv:1509.03502 [cs.CV], 2015.
Appearance-based gaze estimation in the wild Technical Report
arXiv:1504.02863, 2015.
Prediction of search targets from fixations in open-world settings Technical Report
arXiv:1502.05137 [cs.CV], 2015.
Ask Your Neurons: A Neural-based Approach to Answering Questions about Images Technical Report
arXiv:1505.01121, 2015.
See the Difference: Direct Pre-Image Reconstruction and Pose Estimation by Differentiating HOG Technical Report
arXiv:1505.00663 [cs.CV], 2015.
GazeDPM: Early Integration of Gaze Information in Deformable Part Models Technical Report
arXiv:1505.05753 [cs.CV], 2015.