Prof. Dr. Mario Fritz
Faculty
CISPA Helmholtz Center for Information Security
Professor
Saarland University
Fellow
European Laboratory for Learning and Intelligent Systems (ELLIS)
Google Scholar
Semantic Scholar
We are looking for PhD students and Post-Docs! Please get in touch.
My group is working on Trustworthy Information Processing with a focus on the intersection of AI & Machine Learning with Security & Privacy.
Recent projects and initiatives related to health:
- Leading Scientist
Helmholtz Medical Security, Privacy, and AI Research Center (HMSP) - Coordinator and PI
Trustworthy Federated Data Analytics Project (TFDA) - Coordinator and PI
Protecting Genetic Data with Synthetic Cohorts from Deep Generative Models (PRO-GENE-GEN) - Partner-PI
The German Human Genome-Phenome Archive (GHGA) - Member of working group in “Forum Gesundheit” of BMBF
“AG Nutzbarmachung digitaler Daten für KI-Entwicklungen in der Gesundheitsforschung”
Recent publications:
- IJCAI’21: Beyond the Spectrum: Detecting GAN-generated Images via Re-synthesis
- S&P’21: Adversarial Watermarking Transformer: Towards Tracing Text Provenance with Data Hiding
- CVPR’21: Hijack-GAN: Unintended-Use of Pretrained, Black-Box GANs
- CVPR’21: Convolutional Dynamic Alignment Networks for Interpretable Classifications
- CVPR’21: Euro-PVI: Pedestrian Vehicle Interactions in Dense Urban Centers
- CVPR-W’21: MLCapsule: Guarded Offline Deployment of Machine Learning as a Service
- CVPR-W’21: InfoScrub: Towards Attribute Privacy by Targeted Obfuscation
- WACV’21: Future Moment Assessment for Action Query
- NeurIPS’20: GS-WGAN: A Gradient-Sanitized Approach for Learning Differentially Private Generators
- NeurIPS-W’20: SampleFix: Learning to Correct Programs by Sampling Diverse Fixes
- NeurIPS-W’20: IReEn: Iterative Reverse-Engineering of Black-Box Functions via Neural Program Synthesis
- NeurIPS-W’20: Haar Wavelet based Block Autoregressive Flows for Trajectories
- CCS’20: VisualPhishNet: Zero-Day Phishing Website Detection by Visual Similarity
- CCS’20: GAN-Leaks: A Taxonomy of Membership Inference Attacks against GANs
- S&P’20: Automatically Detecting Bystanders in Photos to Reduce Privacy Risks
- USENIX Security’20: Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning
- ICLR’20: Prediction Poisoning: Utility-Constrained Defenses Against Model Stealing Attacks
- CVPR’20: Towards Causal VQA: Revealing and Reducing Spurious Correlations by Invariant and Covariant Semantic Editing
- CVPR’20: Normalizing Flows with Multi-scale Autoregressive Priors
- ECCV’20: Towards Automated Testing and Robustification by Semantic Adversarial Data Generation
- ECCV’20: Inclusive GAN: Improving Data and Minority Coverage in Generative Models
- ECCV’20: Segmentations-Leak: Membership Inference Attacks and Defenses in Semantic Image Segmentation
- ECCV-W’20: Body Shape Privacy in Images: Understanding Privacy and Preventing Automatic Shape Extraction
- ECCV-W’20: Synthetic Convolutional Features for Improved Semantic Segmentation
- NEUCOM’20: Deep gaze pooling: Inferring and visually decoding search intents from human gaze fixations
- GCPR’20: Semantic Bottlenecks: Quantifying & Improving Inspectability of Deep Representations
- GCPR’20: Long-Tailed Recognition Using Class-Balanced Experts
- GCPR’20: Haar Wavelet based Block Autoregressive Flows for Trajectories
- TPAMI’20: Person Recognition in Personal Photo Collections
- Explainable AI Book: Towards reverse-engineering black-box neural networks
Most recent work on ArXiv:
- ArXiv’21 “What’s in the box?!”: Deflecting Adversarial Attacks by Randomly Deploying Adversarially-Disjoint Models
- ArXiv’21: ML-Doctor: Holistic Risk Assessment of Inference Attacks Against Machine Learning Models
- ArXiv’21: Responsible Disclosure of Generative Models Using Scalable Fingerprinting
- ArXiv’20: CosSGD: Nonlinear Quantization for Communication-efficient Federated Learning
- ArXiv’20: Adversarial Watermarking Transformer: Towards Tracing Text Provenance with Data Hiding
- ArXiv’20: Sampling Attacks: Amplification of Membership Inference Attacks by Repeated Queries
- ArXiv’20: Black-Box Watermarking for Generative Adversarial Networks
- ArXiv’20: InfoScrub: Towards Attribute Privacy by Targeted Obfuscation
News, talks, events:
- Runner-up Inria/CNIL Privacy Protection Prize 2020
S&P’20 paper: “Automatically Detecting Bystanders in Photos to Reduce Privacy Risks” - Co-Organizers of ICLR’21 Workshop on “Synthetic Data Generation – Quality, Privacy, Bias”
- Co-Organizers of CVPR’21 Workshop on “QuoVadis: Interdisciplinary, Socio-Technical Workshop on the Future of Computer Vision and Pattern Recognition (QuoVadis-CVPR)”
- Co-Organizers of CVPR’21 Workshop on “Causality in Vision”
- Founding member of Saarbrücken Artificial Intelligence & Machine Learning (SAM) unit of the European Laboratory of Learning and Intelligent Systems (ELLIS)
- Lecturer at Digital CISPA Summer School 2020
- Co-Organizer of Third International Workshop on The Bright and Dark Sides of Computer Vision: Challenges and Opportunities for Privacy and Security (CV-COPS) at ECCV 2020
- Co-Organizer: 4. ACM Symposium on Computer Science in Cars: Future Challenges in Artificial Intelligence & Security for Autonomous Vehicles CSCS’20
- Keynote at Workshop Machine Learning for Cybersecurity, ECMLPKDD’19
- Talk at Cyber Defense Campus (CYD) Conference on Artificial Intelligence in Defence and Security
- Co-Organizer of Second International Workshop on The Bright and Dark Sides of Computer Vision: Challenges and Opportunities for Privacy and Security (CV-COPS) at CVPR 2019
- Co-Organizer: 3. ACM Symposium on Computer Science in Cars: Future Challenges in Artificial Intelligence & Security for Autonomous Vehicles CSCS’19
- Leading scientist at new Helmholtz Medical Security and Privacy Research Center
- Member of ACM Technical Policy Committee Europe
- Mateusz Malinowski received the DAGM MVTec dissertation award as well as the Dr.-Eduard-Martin award for his PhD
- Associate Editor for IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI)
2019 |
|
Journal Articles |
|
 | MPIIGaze: Real-World Dataset and Deep Appearance-Based Gaze Estimation Journal Article Transactions on Pattern Analysis and Machine Intelligence (TPAMI), 2019. |
2018 |
|
Journal Articles |
|
 | Advanced Steel Microstructural Classification by Deep Learning Methods Journal Article Scientific Reports, 2018. |
 | Reflectance and Natural Illumination from Single-Material Specular Objects Using Deep Learning Journal Article Transactions on Pattern Analysis and Machine Intelligence (TPAMI), 2018. |
Inproceedings |
|
 | Adversarial Scene Editing: Automatic Object Removal from Weak Supervision Inproceedings Neural Information Processing Systems (NIPS), 2018. |
 | Diverse Conditional Image Generation by Stochastic Regression with Latent Drop-Out Codes Inproceedings European Conference on Computer Vision (ECCV), 2018. |
 | A Hybrid Model for Identity Obfuscation by Face Replacement Inproceedings European Conference on Computer Vision, 2018. |
 | Answering Visual What-If Questions: From Actions to Predicted Scene Descriptions Inproceedings Visual Learning and Embodied Agents in Simulation Environments Workshop at European Conference on Computer Vision, 2018. |
 | Sequential Attacks on Agents for Long-Term Adversarial Goals Inproceedings 2. ACM Computer Science in Cars Symposium -- Future Challenges in Artificial Intelligence & Security for Autonomous Vehicles, 2018. |
 | A4NT: Author Attribute Anonymity by Adversarial Training of Neural Machine Translation Inproceedings 27th USENIX Security Symposium (USENIX Security 18), 2018. |
 | Accurate and Diverse Sampling of Sequences based on a “Best of Many” Sample Objective Inproceedings IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2018. |
 | Connecting Pixels to Privacy and Utility: Automatic Redaction of Private Information in Images Inproceedings IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2018. |
 | Natural and Effective Obfuscation by Head Inpainting Inproceedings IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2018. |
 | Disentangled Person Image Generation Inproceedings IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2018. |
 | Long-Term On-Board Prediction of People in Traffic Scenes under Uncertainty Inproceedings IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2018. |
 | Towards Reverse-Engineering Black-Box Neural Networks Inproceedings Internation Conference on Representation Learning (ICLR), 2018, (to appear). |
 | Long-Term Image Boundary Prediction Inproceedings Association for the Advancement of Artificial Intelligence (AAAI), 2018. |
Technical Reports |
|
 | Not Using the Car to See the Sidewalk: Quantifying and Controlling the Effects of Context in Classification and Segmentation Technical Report arXiv:1812.06707, 2018. |
 | Knockoff Nets: Stealing Functionality of Black-Box Models Technical Report arXiv:1812.02766, 2018. |
 | Attributing Fake Images to GANs: Analyzing Fingerprints in Generated Images Technical Report 2018. |
 | MLCapsule: Guarded Offline Deployment of Machine Learning as a Service Technical Report arXiv:1808.00590 [cs.CR], 2018. |
 | Fashion is Taking Shape: Understanding Clothing Preference Based on Body Shape From Online Sources Technical Report arXiv:1807.03235, 2018. |
 | ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models Technical Report arXiv:1806.01246 [cs.CR], 2018. |
| Adversarial Scene Editing: Automatic Object Removal from Weak Supervision Technical Report 2018. |
| Sequential Attacks on Agents for Long-Term Adversarial Goals Technical Report arXiv:1805.12487, 2018. |
 | Understanding and Controlling User Linkability in Decentralized Learning Technical Report arXiv:1805.05838 [cs.CR], 2018. |
 | A Hybrid Model for Identity Obfuscation by Face Replacement Technical Report arXiv:1804.04779 [cs.CV], 2018. |
 | Deep Appearance Maps Technical Report arXiv:1804.00863 [cs.CV], 2018. |