
Prof. Dr. Mario Fritz
Faculty
CISPA Helmholtz Center for Information Security
Professor
Saarland University
Fellow
European Laboratory for Learning and Intelligent Systems (ELLIS)
Google Scholar
Semantic Scholar
We are looking for PhD students and Post-Docs! Please get in touch.
My group is working on Trustworthy Information Processing with a focus on the intersection of AI & Machine Learning with Security & Privacy.
Recent projects and initiatives related to health, privacy, AI:
Recent work on DeepFake detecting, misinformation, attribution,and responsible disclosure:
- CVPR’22: Open-Domain, Content-based, Multi-modal Fact-checking of Out-of-Context Images via Online Resources
- ICLR’22: Responsible Disclosure of Generative Models Using Scalable Fingerprinting
- ICCV’21: Artificial Fingerprinting for Generative Models: Rooting Deepfake Attribution in Training Data
- S&P’21: Adversarial Watermarking Transformer: Towards Tracing Text Provenance with Data Hiding
- IJCAI’21: Beyond the Spectrum: Detecting Deepfakes via Re-Synthesis
- CVPR’21: Hijack-GAN: Unintended-Use of Pretrained, Black-Box GANs
- ICCV’19: Attributing Fake Images to GANs: Learning and Analyzing GAN Fingerprints
Recent publications:
- ICML’22: ProgFed: Effective, Communication, and Computation Efficient Federated Learning by Progressive Training
- CVPR’22: Open-Domain, Content-based, Multi-modal Fact-checking of Out-of-Context Images via Online Resources
- CVPR’22: B-cos Networks: Alignment is All We Need for Interpretability
- CHIL’22: Practical Challenges in Differentially-Private Federated Survival Analysis of Medical Data
- ICLR’22: Responsible Disclosure of Generative Models Using Scalable Fingerprinting
- ICLR’22: RelaxLoss: Defending Membership Inference Attacks without Losing Utility
- Usenix’22: ML-Doctor: Holistic Risk Assessment of Inference Attacks Against Machine Learning Models
- PETS’22: Understanding Utility and Privacy of Demographic Data in Education Technology by Causal Analysis and Adversarial-Censoring
- IJCV’21: Semantic Bottlenecks: Quantifying and Improving Inspectability of Deep Representations
- CCS-W’21: Differential Privacy Defenses and Sampling Attacks for Membership Inference
- CCS-W’21: “What’s in the box?!”: Deflecting Adversarial Attacks by Randomly Deploying Adversarially-Disjoint Models
- PKDD-W’21: IReEn: Reverse-Engineering of Black-Box Functions via Iterative Neural Program Synthesis
- PKDD-W’21: SampleFix: Learning to Generate Functionally Diverse Fixes
- ICCV’21: Artificial Fingerprinting for Generative Models: Rooting Deepfake Attribution in Training Data
- ICCV’21: Dual Contrastive Loss and Attention for GANs
- EXCLI’21: Privacy Considerations for Sharing Genomics Data
- IJCAI’21: Beyond the Spectrum: Detecting Deepfakes via Re-Synthesis
- S&P’21: Adversarial Watermarking Transformer: Towards Tracing Text Provenance with Data Hiding
- CVPR’21: Hijack-GAN: Unintended-Use of Pretrained, Black-Box GANs
- CVPR’21: Convolutional Dynamic Alignment Networks for Interpretable Classifications
- CVPR’21: Euro-PVI: Pedestrian Vehicle Interactions in Dense Urban Centers
- CVPR-W’21: MLCapsule: Guarded Offline Deployment of Machine Learning as a Service
- CVPR-W’21: InfoScrub: Towards Attribute Privacy by Targeted Obfuscation
- WACV’21: Future Moment Assessment for Action Query
Most recent work on ArXiv:
- ArXiv’21: Backdoor Attacks on Network Certification via Data Poisoning
- ArXiv’21: ProgFed: Effective, Communication, and Computation Efficient Federated Learning by Progressive Training
News, talks, events:
2020
Inproceedings
Tribhuvanesh Orekondy; Bernt Schiele; Mario Fritz
Prediction Poisoning: Utility-Constrained Defenses Against Model Stealing Attacks Inproceedings
In: International Conference on Representation Learning (ICLR), 2020.
@inproceedings{orekondy20iclr,
title = {Prediction Poisoning: Utility-Constrained Defenses Against Model Stealing Attacks},
author = {Tribhuvanesh Orekondy and Bernt Schiele and Mario Fritz},
url = {https://arxiv.org/abs/1906.10908
https://arxiv.org/pdf/1906.10908.pdf},
year = {2020},
date = {2020-04-30},
urldate = {2020-04-30},
booktitle = {International Conference on Representation Learning (ICLR)},
type = {arXiv:1906.10908 },
keywords = {2019},
pubstate = {published},
tppubtype = {inproceedings}
}
Technical Reports
Hui-Po Wang; Tribhuvanesh Orekondy; Mario Fritz
InfoScrub: Towards Attribute Privacy by Targeted Obfuscation Technical Report
arXiv:2005.10329 , 2020.
@techreport{wang20arxiv,
title = {InfoScrub: Towards Attribute Privacy by Targeted Obfuscation},
author = {Hui-Po Wang and Tribhuvanesh Orekondy and Mario Fritz},
url = {https://arxiv.org/abs/2005.10329
https://arxiv.org/pdf/2005.10329.pdf
},
year = {2020},
date = {2020-05-20},
type = {arXiv:2005.10329 },
keywords = {2019},
pubstate = {published},
tppubtype = {techreport}
}
Workshops
Hossein Hajipour; Apratim Bhattacharyya; Mario Fritz
SampleFix: Learning to Correct Programs by Sampling Diverse Fixes Workshop
NeurIPS Workshop on Computer-Assisted Programming, 2020.
@workshop{hajipour20neuripscap,
title = {SampleFix: Learning to Correct Programs by Sampling Diverse Fixes},
author = {Hossein Hajipour and Apratim Bhattacharyya and Mario Fritz},
url = {https://arxiv.org/abs/1906.10502
https://arxiv.org/pdf/1906.10502.pdf},
year = {2020},
date = {2020-12-06},
urldate = {2020-12-06},
booktitle = {NeurIPS Workshop on Computer-Assisted Programming},
keywords = {2019, 2020},
pubstate = {published},
tppubtype = {workshop}
}
2019
Journal Articles
Xucong Zhang; Yusuke Sugano; Mario Fritz; Andreas Bulling
MPIIGaze: Real-World Dataset and Deep Appearance-Based Gaze Estimation Journal Article
In: Transactions on Pattern Analysis and Machine Intelligence (TPAMI), 2019.
@article{xucong19tpami,
title = {MPIIGaze: Real-World Dataset and Deep Appearance-Based Gaze Estimation},
author = {Xucong Zhang and Yusuke Sugano and Mario Fritz and Andreas Bulling},
url = {https://arxiv.org/abs/1711.09017
https://arxiv.org/pdf/1711.09017.pdf},
year = {2019},
date = {2019-02-04},
urldate = {2019-02-04},
journal = {Transactions on Pattern Analysis and Machine Intelligence (TPAMI)},
keywords = {2017, 2018, 2019},
pubstate = {published},
tppubtype = {article}
}
Incollections
Seong Joon Oh; Bernt Schiele; Mario Fritz
Towards reverse-engineering black-box neural networks Incollection
In: Explainable AI: Interpreting, Explaining and Visualizing Deep Learning, 2019.
@incollection{oh20xai,
title = {Towards reverse-engineering black-box neural networks},
author = {Seong Joon Oh and Bernt Schiele and Mario Fritz},
url = {https://link.springer.com/chapter/10.1007/978-3-030-28954-6_7},
year = {2019},
date = {2019-09-10},
booktitle = {Explainable AI: Interpreting, Explaining and Visualizing Deep Learning},
keywords = {2019},
pubstate = {published},
tppubtype = {incollection}
}
Inproceedings
Ning Yu; Larry Davis; Mario Fritz
Attributing Fake Images to GANs: Learning and Analyzing GAN Fingerprints Inproceedings
In: International Conference on Computer Vision (ICCV), 2019.
@inproceedings{yu19iccv,
title = {Attributing Fake Images to GANs: Learning and Analyzing GAN Fingerprints},
author = {Ning Yu and Larry Davis and Mario Fritz},
url = {//arxiv.org/abs/1811.08180
//arxiv.org/pdf/1811.08180.pdf
},
year = {2019},
date = {2019-10-30},
urldate = {2019-10-30},
booktitle = {International Conference on Computer Vision (ICCV)},
keywords = {2019},
pubstate = {published},
tppubtype = {inproceedings}
}
Maxim Maximov; Tobias Ritschel; Laura Leal-Taixe; Mario Fritz
Deep Appearance Maps Inproceedings
In: International Conference on Computer Vision (ICCV), 2019.
@inproceedings{maximov19iccv,
title = {Deep Appearance Maps},
author = {Maxim Maximov and Tobias Ritschel and Laura Leal-Taixe and Mario Fritz},
url = {//arxiv.org/abs/1804.00863
//arxiv.org/pdf/1804.00863.pdf},
year = {2019},
date = {2019-10-29},
urldate = {2019-10-29},
booktitle = {International Conference on Computer Vision (ICCV)},
keywords = {2019},
pubstate = {published},
tppubtype = {inproceedings}
}
Tribhuvanesh Orekondy; Bernt Schiele; Mario Fritz
Knockoff Nets: Stealing Functionality of Black-Box Models Inproceedings
In: IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2019.
@inproceedings{orekondy19cvpr,
title = {Knockoff Nets: Stealing Functionality of Black-Box Models },
author = {Tribhuvanesh Orekondy and Bernt Schiele and Mario Fritz},
url = {preliminary version:
https://arxiv.org/abs/1812.02766
https://arxiv.org/pdf/1812.02766},
year = {2019},
date = {2019-06-18},
booktitle = {IEEE Conference on Computer Vision and Pattern Recognition (CVPR)},
keywords = {2019},
pubstate = {published},
tppubtype = {inproceedings}
}
Rakshith Shetty; Bernt Schiele; Mario Fritz
Not Using the Car to See the Sidewalk: Quantifying and Controlling the Effects of Context in Classification and Segmentation Inproceedings
In: IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2019.
@inproceedings{shetty19cvpr,
title = {Not Using the Car to See the Sidewalk: Quantifying and Controlling the Effects of Context in Classification and Segmentation},
author = {Rakshith Shetty and Bernt Schiele and Mario Fritz},
url = {preliminary version:
https://arxiv.org/abs/1812.06707
https://arxiv.org/pdf/1812.06707.pdf},
year = {2019},
date = {2019-06-17},
booktitle = {IEEE Conference on Computer Vision and Pattern Recognition (CVPR)},
keywords = {2019},
pubstate = {published},
tppubtype = {inproceedings}
}
Qiuhong Ke; Mario Fritz; Bernt Schiele
Time-Conditioned Action Anticipation in One Shot Inproceedings
In: IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2019.
@inproceedings{ke19cvpr,
title = {Time-Conditioned Action Anticipation in One Shot},
author = {Qiuhong Ke and Mario Fritz and Bernt Schiele},
year = {2019},
date = {2019-06-16},
booktitle = {IEEE Conference on Computer Vision and Pattern Recognition (CVPR)},
keywords = {2019},
pubstate = {published},
tppubtype = {inproceedings}
}
Apratim Bhattacharyya; Mario Fritz; Bernt Schiele
Bayesian Prediction of Future Street Scenes using Synthetic Likelihoods Inproceedings
In: International Conference on Representation Learning (ICLR), 2019.
@inproceedings{apratim19iclr,
title = {Bayesian Prediction of Future Street Scenes using Synthetic Likelihoods},
author = {Apratim Bhattacharyya and Mario Fritz and Bernt Schiele},
url = {https://arxiv.org/abs/1810.00746
https://arxiv.org/pdf/1810.00746.pdf},
year = {2019},
date = {2019-05-06},
booktitle = {International Conference on Representation Learning (ICLR)},
keywords = {2019},
pubstate = {published},
tppubtype = {inproceedings}
}
Ahmed Salem; Yang Zhang; Mathias Humbert; Mario Fritz; Michael Backes
ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models Inproceedings
In: Annual Network and Distributed System Security Symposium (NDSS), 2019, (to appear).
@inproceedings{ndss19salem,
title = {ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models},
author = {Ahmed Salem and Yang Zhang and Mathias Humbert and Mario Fritz and Michael Backes},
url = {preliminary:
https://arxiv.org/abs/1806.01246
https://arxiv.org/pdf/1806.01246.pdf
},
year = {2019},
date = {2019-02-24},
booktitle = {Annual Network and Distributed System Security Symposium (NDSS)},
note = {to appear},
keywords = {2019},
pubstate = {published},
tppubtype = {inproceedings}
}
Hosnieh Sattar; Gerard Pons-Moll; Mario Fritz
Fashion is Taking Shape: Understanding Clothing Preference Based on Body Shape From Online Sources Inproceedings
In: IEEE Winter Conference on Applications of Computer Vision (WACV), 2019, (to appear).
@inproceedings{sattar19wacv,
title = {Fashion is Taking Shape: Understanding Clothing Preference Based on Body Shape From Online Sources },
author = {Hosnieh Sattar and Gerard Pons-Moll and Mario Fritz},
url = {preliminary:
//arxiv.org/abs/1807.03235
//arxiv.org/pdf/1807.03235.pdf},
year = {2019},
date = {2019-01-08},
urldate = {2019-01-08},
booktitle = {IEEE Winter Conference on Applications of Computer Vision (WACV)},
note = {to appear},
keywords = {2019},
pubstate = {published},
tppubtype = {inproceedings}
}
Technical Reports
Yang He; Shadi Rahimian; Bernt Schiele; Mario Fritz
Segmentations-Leak: Membership Inference Attacks and Defenses in Semantic Image Segmentation Technical Report
arXiv:1912.09685, 2019.
@techreport{he19arxiv,
title = {Segmentations-Leak: Membership Inference Attacks and Defenses in Semantic Image Segmentation},
author = {Yang He and Shadi Rahimian and Bernt Schiele and Mario Fritz},
url = {https://arxiv.org/abs/1912.09685
https://arxiv.org/pdf/1912.09685.pdf},
year = {2019},
date = {2019-12-19},
type = {arXiv:1912.09685},
keywords = {2019, 2020},
pubstate = {published},
tppubtype = {techreport}
}
Vedika Agarwal; Rakshith Shetty; Mario Fritz
Towards Causal VQA: Revealing and Reducing Spurious Correlations by Invariant and Covariant Semantic Editing Technical Report
2019.
@techreport{agarwal19arxiv,
title = {Towards Causal VQA: Revealing and Reducing Spurious Correlations by Invariant and Covariant Semantic Editing},
author = {Vedika Agarwal and Rakshith Shetty and Mario Fritz
},
url = {https://arxiv.org/abs/1912.07538
https://arxiv.org/pdf/1912.07538.pdf},
year = {2019},
date = {2019-12-16},
keywords = {2019, 2020},
pubstate = {published},
tppubtype = {techreport}
}
Apratim Bhattacharyya; Mario Fritz; Bernt Schiele
"Best-of-Many-Samples" Distribution Matching Technical Report
arXiv:1909.12598, 2019.
@techreport{bhattacharyya19arxivb,
title = {"Best-of-Many-Samples" Distribution Matching},
author = {Apratim Bhattacharyya and Mario Fritz and Bernt Schiele},
url = {//arxiv.org/abs/1909.12598
//arxiv.org/pdf/1909.12598.pdf},
year = {2019},
date = {2019-09-27},
urldate = {2019-09-27},
type = {arXiv:1909.12598},
keywords = {2019},
pubstate = {published},
tppubtype = {techreport}
}
Dingfan Chen; Ning Yu; Yang Zhang; Mario Fritz
GAN-Leaks: A Taxonomy of Membership Inference Attacks against GANs Technical Report
arXiv:1909.03935, 2019.
@techreport{chen19arxiv,
title = {GAN-Leaks: A Taxonomy of Membership Inference Attacks against GANs},
author = {Dingfan Chen and Ning Yu and Yang Zhang and Mario Fritz},
url = {https://arxiv.org/abs/1909.03935
https://arxiv.org/pdf/1909.03935.pdf},
year = {2019},
date = {2019-09-09},
urldate = {2019-09-09},
type = {arXiv:1909.03935},
keywords = {2019},
pubstate = {published},
tppubtype = {techreport}
}
Sahar Abdelnabi; Katharina Krombholz; Mario Fritz
WhiteNet: Phishing Website Detection by Visual Whitelists Technical Report
arXiv:1909.00300, 2019.
@techreport{abdelnabi19arxiv,
title = {WhiteNet: Phishing Website Detection by Visual Whitelists},
author = {Sahar Abdelnabi and Katharina Krombholz and Mario Fritz},
url = {https://arxiv.org/abs/1909.00300
https://arxiv.org/pdf/1909.00300.pdf},
year = {2019},
date = {2019-09-01},
urldate = {2019-09-01},
type = {arXiv:1909.00300},
keywords = {2019},
pubstate = {published},
tppubtype = {techreport}
}
Apratim Bhattacharyya; Michael Hanselmann; Mario Fritz; Bernt Schiele; Christoph-Nikolas Straehle
Conditional Flow Variational Autoencoders for Structured Sequence Prediction Technical Report
arXiv:1908.09008, 2019.
@techreport{bhattacharyya19arxiv,
title = {Conditional Flow Variational Autoencoders for Structured Sequence Prediction},
author = {Apratim Bhattacharyya and Michael Hanselmann and Mario Fritz and Bernt Schiele and Christoph-Nikolas Straehle},
url = {https://arxiv.org/abs/1908.09008
https://arxiv.org/pdf/1908.09008.pdf},
year = {2019},
date = {2019-08-24},
urldate = {2019-08-24},
type = {arXiv:1908.09008},
keywords = {2019},
pubstate = {published},
tppubtype = {techreport}
}
Max Losch; Mario Fritz; Bernt Schiele
Interpretability Beyond Classification Output: Semantic Bottleneck Networks Technical Report
arXiv:1907.10882 , 2019.
@techreport{losch19arxiv,
title = {Interpretability Beyond Classification Output: Semantic Bottleneck Networks},
author = {Max Losch and Mario Fritz and Bernt Schiele},
url = {//arxiv.org/abs/1907.10882
//arxiv.org/pdf/1907.10882.pdf},
year = {2019},
date = {2019-07-25},
urldate = {2019-07-25},
type = {arXiv:1907.10882 },
keywords = {2019},
pubstate = {published},
tppubtype = {techreport}
}
Tribhuvanesh Orekondy; Bernt Schiele; Mario Fritz
Prediction Poisoning: Utility-Constrained Defenses Against Model Stealing Attacks Technical Report
2019.
@techreport{orekondy19arxiv,
title = {Prediction Poisoning: Utility-Constrained Defenses Against Model Stealing Attacks},
author = {Tribhuvanesh Orekondy and Bernt Schiele and Mario Fritz},
url = {https://arxiv.org/abs/1906.10908
https://arxiv.org/pdf/1906.10908.pdf},
year = {2019},
date = {2019-06-26},
urldate = {2019-06-26},
keywords = {2019},
pubstate = {published},
tppubtype = {techreport}
}
Hossein Hajipour; Apratim Bhattacharyya; Mario Fritz
SampleFix: Learning to Correct Programs by Sampling Diverse Fixes Technical Report
arXiv:1906.10502, 2019.
@techreport{hajipour19arxiv,
title = {SampleFix: Learning to Correct Programs by Sampling Diverse Fixes},
author = {Hossein Hajipour and Apratim Bhattacharyya and Mario Fritz},
url = {//arxiv.org/abs/1906.10502
//arxiv.org/pdf/1906.10502.pdf},
year = {2019},
date = {2019-06-24},
urldate = {2019-06-24},
type = {arXiv:1906.10502},
keywords = {2019},
pubstate = {published},
tppubtype = {techreport}
}
Hosnieh Sattar; Katharina Krombholz; Gerard Pons-Moll; Mario Fritz
Shape Evasion: Preventing Body Shape Inference of Multi-Stage Approaches Technical Report
arXiv:1905.11503 , 2019.
@techreport{sattar19arxiv,
title = {Shape Evasion: Preventing Body Shape Inference of Multi-Stage Approaches},
author = {Hosnieh Sattar and Katharina Krombholz and Gerard Pons-Moll and Mario Fritz},
url = {//arxiv.org/abs/1905.11503
//arxiv.org/pdf/1905.11503.pdf},
year = {2019},
date = {2019-05-30},
urldate = {2019-05-30},
type = {arXiv:1905.11503 },
keywords = {2019},
pubstate = {published},
tppubtype = {techreport}
}
Wenbin Li; Ales Leonardis; Jeannette Bohg; Mario Fritz
Learning Manipulation under Physics Constraints with Visual Perception Technical Report
2019.
@techreport{li19arxiv,
title = {Learning Manipulation under Physics Constraints with Visual Perception},
author = {Wenbin Li and Ales Leonardis and Jeannette Bohg and Mario Fritz},
url = {//arxiv.org/abs/1904.09860
//arxiv.org/pdf/1904.09860.pdf
},
year = {2019},
date = {2019-04-19},
urldate = {2019-04-19},
keywords = {2019},
pubstate = {published},
tppubtype = {techreport}
}
Ahmed Salem; Apratim Bhattacharyya; Michael Backes; Mario Fritz; Yang Zhang
Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning Technical Report
2019.
@techreport{salem19arxiv,
title = {Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning},
author = {Ahmed Salem and Apratim Bhattacharyya and Michael Backes and Mario Fritz and Yang Zhang},
url = {//arxiv.org/abs/1904.01067
//arxiv.org/pdf/1904.01067.pdf},
year = {2019},
date = {2019-04-03},
journal = {arXiv:1904.01067},
keywords = {2019},
pubstate = {published},
tppubtype = {techreport}
}
Workshops
Shadi Rahimian; Tribhuvanesh Orekondy; Mario Fritz
Differential Privacy Defenses and Sampling Attacks for Membership Inference Workshop
NeurIPS Workshop on Privacy in Machine Learning (PRIML), 2019.
@workshop{Rahimian19priml,
title = {Differential Privacy Defenses and Sampling Attacks for Membership Inference},
author = {Shadi Rahimian and Tribhuvanesh Orekondy and Mario Fritz},
url = {https://priml-workshop.github.io/priml2019/papers/PriML2019_paper_47.pdf},
year = {2019},
date = {2019-12-14},
booktitle = {NeurIPS Workshop on Privacy in Machine Learning (PRIML)},
keywords = {2019},
pubstate = {published},
tppubtype = {workshop}
}
Ahmed Salem; Apratim Bhattacharyya; Michael Backes; Mario Fritz; Yang Zhang
Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning Workshop
Hot Topics in Privacy Enhancing Technologies (HotPETs), 2019.
@workshop{salem19hotpet,
title = {Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning},
author = {Ahmed Salem and Apratim Bhattacharyya and Michael Backes and Mario Fritz and Yang Zhang},
url = {https://arxiv.org/abs/1904.01067
https://arxiv.org/pdf/1904.01067.pdf},
year = {2019},
date = {2019-07-19},
urldate = {2019-07-19},
booktitle = {Hot Topics in Privacy Enhancing Technologies (HotPETs)},
keywords = {2019},
pubstate = {published},
tppubtype = {workshop}
}
Rakibul Hasan; David Crandall; Mario Fritz; Apu Kapadia
Understanding and Recognizing Bystanders in Images for Privacy Protection Workshop
Privacy, Usability, and Transparency (PUT) @ PETs, 2019.
@workshop{hasan19put,
title = {Understanding and Recognizing Bystanders in Images for Privacy Protection},
author = {Rakibul Hasan and David Crandall and Mario Fritz and Apu Kapadia},
url = {https://petsymposium.org/2019/files/workshop/abstracts/PUT_2019_paper_15.pdf},
year = {2019},
date = {2019-07-15},
urldate = {2019-07-15},
booktitle = {Privacy, Usability, and Transparency (PUT) @ PETs},
keywords = {2019},
pubstate = {published},
tppubtype = {workshop}
}