We are looking for PhD students and Post-Docs! Please get in touch.
My group is working on Trustworthy Information Processing with a focus on the intersection of AI & Machine Learning with Security & Privacy.
Recent projects and initiatives related to trustworthy AI/ML, health, privacy:
Recent work on DeepFake detecting, misinformation, attribution,and responsible disclosure:
- Usenix’23: UnGANable: Defending Against GAN-based Face Manipulation
- ArXiv’22: Fact-Saboteurs: A Taxonomy of Evidence Manipulation Attacks against Fact-Verification Systems
- CVPR’22: Open-Domain, Content-based, Multi-modal Fact-checking of Out-of-Context Images via Online Resources
- ICLR’22: Responsible Disclosure of Generative Models Using Scalable Fingerprinting
- ICCV’21: Artificial Fingerprinting for Generative Models: Rooting Deepfake Attribution in Training Data
- S&P’21: Adversarial Watermarking Transformer: Towards Tracing Text Provenance with Data Hiding
- IJCAI’21: Beyond the Spectrum: Detecting Deepfakes via Re-Synthesis
- CVPR’21: Hijack-GAN: Unintended-Use of Pretrained, Black-Box GANs
- ICCV’19: Attributing Fake Images to GANs: Learning and Analyzing GAN Fingerprints
Recent publications:
- Usenix’23: UnGANable: Defending Against GAN-based Face Manipulation
- NeurIPS’22: Private Set Generation with Discriminative Information
- ICML’22: ProgFed: Effective, Communication, and Computation Efficient Federated Learning by Progressive Training
- CVPR’22: Open-Domain, Content-based, Multi-modal Fact-checking of Out-of-Context Images via Online Resources
- CVPR’22: B-cos Networks: Alignment is All We Need for Interpretability
- CHIL’22: Practical Challenges in Differentially-Private Federated Survival Analysis of Medical Data
- ICLR’22: Responsible Disclosure of Generative Models Using Scalable Fingerprinting
- ICLR’22: RelaxLoss: Defending Membership Inference Attacks without Losing Utility
- Usenix’22: ML-Doctor: Holistic Risk Assessment of Inference Attacks Against Machine Learning Models
- PETS’22: Understanding Utility and Privacy of Demographic Data in Education Technology by Causal Analysis and Adversarial-Censoring
- IJCV’21: Semantic Bottlenecks: Quantifying and Improving Inspectability of Deep Representations
- CCS-W’21: Differential Privacy Defenses and Sampling Attacks for Membership Inference
- CCS-W’21: “What’s in the box?!”: Deflecting Adversarial Attacks by Randomly Deploying Adversarially-Disjoint Models
- PKDD-W’21: IReEn: Reverse-Engineering of Black-Box Functions via Iterative Neural Program Synthesis
- PKDD-W’21: SampleFix: Learning to Generate Functionally Diverse Fixes
- ICCV’21: Artificial Fingerprinting for Generative Models: Rooting Deepfake Attribution in Training Data
- ICCV’21: Dual Contrastive Loss and Attention for GANs
- EXCLI’21: Privacy Considerations for Sharing Genomics Data
- IJCAI’21: Beyond the Spectrum: Detecting Deepfakes via Re-Synthesis
- S&P’21: Adversarial Watermarking Transformer: Towards Tracing Text Provenance with Data Hiding
- CVPR’21: Hijack-GAN: Unintended-Use of Pretrained, Black-Box GANs
- CVPR’21: Convolutional Dynamic Alignment Networks for Interpretable Classifications
- CVPR’21: Euro-PVI: Pedestrian Vehicle Interactions in Dense Urban Centers
- CVPR-W’21: MLCapsule: Guarded Offline Deployment of Machine Learning as a Service
- CVPR-W’21: InfoScrub: Towards Attribute Privacy by Targeted Obfuscation
- WACV’21: Future Moment Assessment for Action Query
News, talks, events:
2020
Inproceedings
Tribhuvanesh Orekondy; Bernt Schiele; Mario Fritz
Prediction Poisoning: Utility-Constrained Defenses Against Model Stealing Attacks Inproceedings
In: International Conference on Representation Learning (ICLR), 2020.
@inproceedings{orekondy20iclr,
title = {Prediction Poisoning: Utility-Constrained Defenses Against Model Stealing Attacks},
author = {Tribhuvanesh Orekondy and Bernt Schiele and Mario Fritz},
url = {https://arxiv.org/abs/1906.10908
https://arxiv.org/pdf/1906.10908.pdf},
year = {2020},
date = {2020-04-30},
urldate = {2020-04-30},
booktitle = {International Conference on Representation Learning (ICLR)},
type = {arXiv:1906.10908 },
keywords = {2019},
pubstate = {published},
tppubtype = {inproceedings}
}
Technical Reports
Hui-Po Wang; Tribhuvanesh Orekondy; Mario Fritz
InfoScrub: Towards Attribute Privacy by Targeted Obfuscation Technical Report
arXiv:2005.10329 , 2020.
@techreport{wang20arxiv,
title = {InfoScrub: Towards Attribute Privacy by Targeted Obfuscation},
author = {Hui-Po Wang and Tribhuvanesh Orekondy and Mario Fritz},
url = {https://arxiv.org/abs/2005.10329
https://arxiv.org/pdf/2005.10329.pdf
},
year = {2020},
date = {2020-05-20},
type = {arXiv:2005.10329 },
keywords = {2019},
pubstate = {published},
tppubtype = {techreport}
}
Workshops
Hossein Hajipour; Apratim Bhattacharyya; Mario Fritz
SampleFix: Learning to Correct Programs by Sampling Diverse Fixes Workshop
NeurIPS Workshop on Computer-Assisted Programming, 2020.
@workshop{hajipour20neuripscap,
title = {SampleFix: Learning to Correct Programs by Sampling Diverse Fixes},
author = {Hossein Hajipour and Apratim Bhattacharyya and Mario Fritz},
url = {https://arxiv.org/abs/1906.10502
https://arxiv.org/pdf/1906.10502.pdf},
year = {2020},
date = {2020-12-06},
urldate = {2020-12-06},
booktitle = {NeurIPS Workshop on Computer-Assisted Programming},
keywords = {2019, 2020},
pubstate = {published},
tppubtype = {workshop}
}
2019
Journal Articles
Xucong Zhang; Yusuke Sugano; Mario Fritz; Andreas Bulling
MPIIGaze: Real-World Dataset and Deep Appearance-Based Gaze Estimation Journal Article
In: Transactions on Pattern Analysis and Machine Intelligence (TPAMI), 2019.
@article{xucong19tpami,
title = {MPIIGaze: Real-World Dataset and Deep Appearance-Based Gaze Estimation},
author = {Xucong Zhang and Yusuke Sugano and Mario Fritz and Andreas Bulling},
url = {https://arxiv.org/abs/1711.09017
https://arxiv.org/pdf/1711.09017.pdf},
year = {2019},
date = {2019-02-04},
urldate = {2019-02-04},
journal = {Transactions on Pattern Analysis and Machine Intelligence (TPAMI)},
keywords = {2017, 2018, 2019},
pubstate = {published},
tppubtype = {article}
}
Incollections
Seong Joon Oh; Bernt Schiele; Mario Fritz
Towards reverse-engineering black-box neural networks Incollection
In: Explainable AI: Interpreting, Explaining and Visualizing Deep Learning, 2019.
@incollection{oh20xai,
title = {Towards reverse-engineering black-box neural networks},
author = {Seong Joon Oh and Bernt Schiele and Mario Fritz},
url = {https://link.springer.com/chapter/10.1007/978-3-030-28954-6_7},
year = {2019},
date = {2019-09-10},
booktitle = {Explainable AI: Interpreting, Explaining and Visualizing Deep Learning},
keywords = {2019},
pubstate = {published},
tppubtype = {incollection}
}
Inproceedings
Ning Yu; Larry Davis; Mario Fritz
Attributing Fake Images to GANs: Learning and Analyzing GAN Fingerprints Inproceedings
In: International Conference on Computer Vision (ICCV), 2019.
@inproceedings{yu19iccv,
title = {Attributing Fake Images to GANs: Learning and Analyzing GAN Fingerprints},
author = {Ning Yu and Larry Davis and Mario Fritz},
url = {//arxiv.org/abs/1811.08180
//arxiv.org/pdf/1811.08180.pdf
},
year = {2019},
date = {2019-10-30},
urldate = {2019-10-30},
booktitle = {International Conference on Computer Vision (ICCV)},
keywords = {2019},
pubstate = {published},
tppubtype = {inproceedings}
}
Maxim Maximov; Tobias Ritschel; Laura Leal-Taixe; Mario Fritz
Deep Appearance Maps Inproceedings
In: International Conference on Computer Vision (ICCV), 2019.
@inproceedings{maximov19iccv,
title = {Deep Appearance Maps},
author = {Maxim Maximov and Tobias Ritschel and Laura Leal-Taixe and Mario Fritz},
url = {//arxiv.org/abs/1804.00863
//arxiv.org/pdf/1804.00863.pdf},
year = {2019},
date = {2019-10-29},
urldate = {2019-10-29},
booktitle = {International Conference on Computer Vision (ICCV)},
keywords = {2019},
pubstate = {published},
tppubtype = {inproceedings}
}
Tribhuvanesh Orekondy; Bernt Schiele; Mario Fritz
Knockoff Nets: Stealing Functionality of Black-Box Models Inproceedings
In: IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2019.
@inproceedings{orekondy19cvpr,
title = {Knockoff Nets: Stealing Functionality of Black-Box Models },
author = {Tribhuvanesh Orekondy and Bernt Schiele and Mario Fritz},
url = {preliminary version:
https://arxiv.org/abs/1812.02766
https://arxiv.org/pdf/1812.02766},
year = {2019},
date = {2019-06-18},
booktitle = {IEEE Conference on Computer Vision and Pattern Recognition (CVPR)},
keywords = {2019},
pubstate = {published},
tppubtype = {inproceedings}
}
Rakshith Shetty; Bernt Schiele; Mario Fritz
Not Using the Car to See the Sidewalk: Quantifying and Controlling the Effects of Context in Classification and Segmentation Inproceedings
In: IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2019.
@inproceedings{shetty19cvpr,
title = {Not Using the Car to See the Sidewalk: Quantifying and Controlling the Effects of Context in Classification and Segmentation},
author = {Rakshith Shetty and Bernt Schiele and Mario Fritz},
url = {preliminary version:
https://arxiv.org/abs/1812.06707
https://arxiv.org/pdf/1812.06707.pdf},
year = {2019},
date = {2019-06-17},
booktitle = {IEEE Conference on Computer Vision and Pattern Recognition (CVPR)},
keywords = {2019},
pubstate = {published},
tppubtype = {inproceedings}
}
Qiuhong Ke; Mario Fritz; Bernt Schiele
Time-Conditioned Action Anticipation in One Shot Inproceedings
In: IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2019.
@inproceedings{ke19cvpr,
title = {Time-Conditioned Action Anticipation in One Shot},
author = {Qiuhong Ke and Mario Fritz and Bernt Schiele},
year = {2019},
date = {2019-06-16},
booktitle = {IEEE Conference on Computer Vision and Pattern Recognition (CVPR)},
keywords = {2019},
pubstate = {published},
tppubtype = {inproceedings}
}
Apratim Bhattacharyya; Mario Fritz; Bernt Schiele
Bayesian Prediction of Future Street Scenes using Synthetic Likelihoods Inproceedings
In: International Conference on Representation Learning (ICLR), 2019.
@inproceedings{apratim19iclr,
title = {Bayesian Prediction of Future Street Scenes using Synthetic Likelihoods},
author = {Apratim Bhattacharyya and Mario Fritz and Bernt Schiele},
url = {https://arxiv.org/abs/1810.00746
https://arxiv.org/pdf/1810.00746.pdf},
year = {2019},
date = {2019-05-06},
booktitle = {International Conference on Representation Learning (ICLR)},
keywords = {2019},
pubstate = {published},
tppubtype = {inproceedings}
}
Ahmed Salem; Yang Zhang; Mathias Humbert; Mario Fritz; Michael Backes
ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models Inproceedings
In: Annual Network and Distributed System Security Symposium (NDSS), 2019.
@inproceedings{ndss19salem,
title = {ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models},
author = {Ahmed Salem and Yang Zhang and Mathias Humbert and Mario Fritz and Michael Backes},
url = {preliminary:
https://arxiv.org/abs/1806.01246
https://arxiv.org/pdf/1806.01246.pdf
},
year = {2019},
date = {2019-02-24},
urldate = {2019-02-24},
booktitle = {Annual Network and Distributed System Security Symposium (NDSS)},
keywords = {2019},
pubstate = {published},
tppubtype = {inproceedings}
}
Hosnieh Sattar; Gerard Pons-Moll; Mario Fritz
Fashion is Taking Shape: Understanding Clothing Preference Based on Body Shape From Online Sources Inproceedings
In: IEEE Winter Conference on Applications of Computer Vision (WACV), 2019.
@inproceedings{sattar19wacv,
title = {Fashion is Taking Shape: Understanding Clothing Preference Based on Body Shape From Online Sources },
author = {Hosnieh Sattar and Gerard Pons-Moll and Mario Fritz},
url = {preliminary:
//arxiv.org/abs/1807.03235
//arxiv.org/pdf/1807.03235.pdf},
year = {2019},
date = {2019-01-08},
urldate = {2019-01-08},
booktitle = {IEEE Winter Conference on Applications of Computer Vision (WACV)},
keywords = {2019},
pubstate = {published},
tppubtype = {inproceedings}
}
Technical Reports
Yang He; Shadi Rahimian; Bernt Schiele; Mario Fritz
Segmentations-Leak: Membership Inference Attacks and Defenses in Semantic Image Segmentation Technical Report
arXiv:1912.09685, 2019.
@techreport{he19arxiv,
title = {Segmentations-Leak: Membership Inference Attacks and Defenses in Semantic Image Segmentation},
author = {Yang He and Shadi Rahimian and Bernt Schiele and Mario Fritz},
url = {https://arxiv.org/abs/1912.09685
https://arxiv.org/pdf/1912.09685.pdf},
year = {2019},
date = {2019-12-19},
type = {arXiv:1912.09685},
keywords = {2019, 2020},
pubstate = {published},
tppubtype = {techreport}
}
Vedika Agarwal; Rakshith Shetty; Mario Fritz
Towards Causal VQA: Revealing and Reducing Spurious Correlations by Invariant and Covariant Semantic Editing Technical Report
2019.
@techreport{agarwal19arxiv,
title = {Towards Causal VQA: Revealing and Reducing Spurious Correlations by Invariant and Covariant Semantic Editing},
author = {Vedika Agarwal and Rakshith Shetty and Mario Fritz
},
url = {https://arxiv.org/abs/1912.07538
https://arxiv.org/pdf/1912.07538.pdf},
year = {2019},
date = {2019-12-16},
keywords = {2019, 2020},
pubstate = {published},
tppubtype = {techreport}
}
Apratim Bhattacharyya; Mario Fritz; Bernt Schiele
"Best-of-Many-Samples" Distribution Matching Technical Report
arXiv:1909.12598, 2019.
@techreport{bhattacharyya19arxivb,
title = {"Best-of-Many-Samples" Distribution Matching},
author = {Apratim Bhattacharyya and Mario Fritz and Bernt Schiele},
url = {//arxiv.org/abs/1909.12598
//arxiv.org/pdf/1909.12598.pdf},
year = {2019},
date = {2019-09-27},
urldate = {2019-09-27},
type = {arXiv:1909.12598},
keywords = {2019},
pubstate = {published},
tppubtype = {techreport}
}
Dingfan Chen; Ning Yu; Yang Zhang; Mario Fritz
GAN-Leaks: A Taxonomy of Membership Inference Attacks against GANs Technical Report
arXiv:1909.03935, 2019.
@techreport{chen19arxiv,
title = {GAN-Leaks: A Taxonomy of Membership Inference Attacks against GANs},
author = {Dingfan Chen and Ning Yu and Yang Zhang and Mario Fritz},
url = {https://arxiv.org/abs/1909.03935
https://arxiv.org/pdf/1909.03935.pdf},
year = {2019},
date = {2019-09-09},
urldate = {2019-09-09},
type = {arXiv:1909.03935},
keywords = {2019},
pubstate = {published},
tppubtype = {techreport}
}
Sahar Abdelnabi; Katharina Krombholz; Mario Fritz
WhiteNet: Phishing Website Detection by Visual Whitelists Technical Report
arXiv:1909.00300, 2019.
@techreport{abdelnabi19arxiv,
title = {WhiteNet: Phishing Website Detection by Visual Whitelists},
author = {Sahar Abdelnabi and Katharina Krombholz and Mario Fritz},
url = {https://arxiv.org/abs/1909.00300
https://arxiv.org/pdf/1909.00300.pdf},
year = {2019},
date = {2019-09-01},
urldate = {2019-09-01},
type = {arXiv:1909.00300},
keywords = {2019},
pubstate = {published},
tppubtype = {techreport}
}
Apratim Bhattacharyya; Michael Hanselmann; Mario Fritz; Bernt Schiele; Christoph-Nikolas Straehle
Conditional Flow Variational Autoencoders for Structured Sequence Prediction Technical Report
arXiv:1908.09008, 2019.
@techreport{bhattacharyya19arxiv,
title = {Conditional Flow Variational Autoencoders for Structured Sequence Prediction},
author = {Apratim Bhattacharyya and Michael Hanselmann and Mario Fritz and Bernt Schiele and Christoph-Nikolas Straehle},
url = {https://arxiv.org/abs/1908.09008
https://arxiv.org/pdf/1908.09008.pdf},
year = {2019},
date = {2019-08-24},
urldate = {2019-08-24},
type = {arXiv:1908.09008},
keywords = {2019},
pubstate = {published},
tppubtype = {techreport}
}
Max Losch; Mario Fritz; Bernt Schiele
Interpretability Beyond Classification Output: Semantic Bottleneck Networks Technical Report
arXiv:1907.10882 , 2019.
@techreport{losch19arxiv,
title = {Interpretability Beyond Classification Output: Semantic Bottleneck Networks},
author = {Max Losch and Mario Fritz and Bernt Schiele},
url = {//arxiv.org/abs/1907.10882
//arxiv.org/pdf/1907.10882.pdf},
year = {2019},
date = {2019-07-25},
urldate = {2019-07-25},
type = {arXiv:1907.10882 },
keywords = {2019},
pubstate = {published},
tppubtype = {techreport}
}
Tribhuvanesh Orekondy; Bernt Schiele; Mario Fritz
Prediction Poisoning: Utility-Constrained Defenses Against Model Stealing Attacks Technical Report
2019.
@techreport{orekondy19arxiv,
title = {Prediction Poisoning: Utility-Constrained Defenses Against Model Stealing Attacks},
author = {Tribhuvanesh Orekondy and Bernt Schiele and Mario Fritz},
url = {https://arxiv.org/abs/1906.10908
https://arxiv.org/pdf/1906.10908.pdf},
year = {2019},
date = {2019-06-26},
urldate = {2019-06-26},
keywords = {2019},
pubstate = {published},
tppubtype = {techreport}
}
Hossein Hajipour; Apratim Bhattacharyya; Mario Fritz
SampleFix: Learning to Correct Programs by Sampling Diverse Fixes Technical Report
arXiv:1906.10502, 2019.
@techreport{hajipour19arxiv,
title = {SampleFix: Learning to Correct Programs by Sampling Diverse Fixes},
author = {Hossein Hajipour and Apratim Bhattacharyya and Mario Fritz},
url = {//arxiv.org/abs/1906.10502
//arxiv.org/pdf/1906.10502.pdf},
year = {2019},
date = {2019-06-24},
urldate = {2019-06-24},
type = {arXiv:1906.10502},
keywords = {2019},
pubstate = {published},
tppubtype = {techreport}
}
Hosnieh Sattar; Katharina Krombholz; Gerard Pons-Moll; Mario Fritz
Shape Evasion: Preventing Body Shape Inference of Multi-Stage Approaches Technical Report
arXiv:1905.11503 , 2019.
@techreport{sattar19arxiv,
title = {Shape Evasion: Preventing Body Shape Inference of Multi-Stage Approaches},
author = {Hosnieh Sattar and Katharina Krombholz and Gerard Pons-Moll and Mario Fritz},
url = {//arxiv.org/abs/1905.11503
//arxiv.org/pdf/1905.11503.pdf},
year = {2019},
date = {2019-05-30},
urldate = {2019-05-30},
type = {arXiv:1905.11503 },
keywords = {2019},
pubstate = {published},
tppubtype = {techreport}
}
Wenbin Li; Ales Leonardis; Jeannette Bohg; Mario Fritz
Learning Manipulation under Physics Constraints with Visual Perception Technical Report
2019.
@techreport{li19arxiv,
title = {Learning Manipulation under Physics Constraints with Visual Perception},
author = {Wenbin Li and Ales Leonardis and Jeannette Bohg and Mario Fritz},
url = {//arxiv.org/abs/1904.09860
//arxiv.org/pdf/1904.09860.pdf
},
year = {2019},
date = {2019-04-19},
urldate = {2019-04-19},
keywords = {2019},
pubstate = {published},
tppubtype = {techreport}
}
Ahmed Salem; Apratim Bhattacharyya; Michael Backes; Mario Fritz; Yang Zhang
Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning Technical Report
2019.
@techreport{salem19arxiv,
title = {Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning},
author = {Ahmed Salem and Apratim Bhattacharyya and Michael Backes and Mario Fritz and Yang Zhang},
url = {//arxiv.org/abs/1904.01067
//arxiv.org/pdf/1904.01067.pdf},
year = {2019},
date = {2019-04-03},
journal = {arXiv:1904.01067},
keywords = {2019},
pubstate = {published},
tppubtype = {techreport}
}
Workshops
Shadi Rahimian; Tribhuvanesh Orekondy; Mario Fritz
Differential Privacy Defenses and Sampling Attacks for Membership Inference Workshop
NeurIPS Workshop on Privacy in Machine Learning (PRIML), 2019.
@workshop{Rahimian19priml,
title = {Differential Privacy Defenses and Sampling Attacks for Membership Inference},
author = {Shadi Rahimian and Tribhuvanesh Orekondy and Mario Fritz},
url = {https://priml-workshop.github.io/priml2019/papers/PriML2019_paper_47.pdf},
year = {2019},
date = {2019-12-14},
booktitle = {NeurIPS Workshop on Privacy in Machine Learning (PRIML)},
keywords = {2019},
pubstate = {published},
tppubtype = {workshop}
}
Ahmed Salem; Apratim Bhattacharyya; Michael Backes; Mario Fritz; Yang Zhang
Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning Workshop
Hot Topics in Privacy Enhancing Technologies (HotPETs), 2019.
@workshop{salem19hotpet,
title = {Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning},
author = {Ahmed Salem and Apratim Bhattacharyya and Michael Backes and Mario Fritz and Yang Zhang},
url = {https://arxiv.org/abs/1904.01067
https://arxiv.org/pdf/1904.01067.pdf},
year = {2019},
date = {2019-07-19},
urldate = {2019-07-19},
booktitle = {Hot Topics in Privacy Enhancing Technologies (HotPETs)},
keywords = {2019},
pubstate = {published},
tppubtype = {workshop}
}
Rakibul Hasan; David Crandall; Mario Fritz; Apu Kapadia
Understanding and Recognizing Bystanders in Images for Privacy Protection Workshop
Privacy, Usability, and Transparency (PUT) @ PETs, 2019.
@workshop{hasan19put,
title = {Understanding and Recognizing Bystanders in Images for Privacy Protection},
author = {Rakibul Hasan and David Crandall and Mario Fritz and Apu Kapadia},
url = {https://petsymposium.org/2019/files/workshop/abstracts/PUT_2019_paper_15.pdf},
year = {2019},
date = {2019-07-15},
urldate = {2019-07-15},
booktitle = {Privacy, Usability, and Transparency (PUT) @ PETs},
keywords = {2019},
pubstate = {published},
tppubtype = {workshop}
}
