Google Scholar 
Semantic Scholar

My group is working on Trustworthy Information Processing with a focus on the intersection of AI & Machine Learning with Security & Privacy.

Recent projects and initiatives related to health, privacy, AI:

• Leading Scientist
  Helmholtz Medical Security, Privacy, and AI Research Center (HMSP)
• Coordinator and PI
  Trustworthy Federated Data Analytics Project (TFDA)
• Coordinator and PI
  Protecting Genetic Data with Synthetic Cohorts from Deep Generative Models (PRO-GENE-GEN)
• Partner-PI
  The German Human Genome-Phenome Archive (GHGA)
• Member of working group in “Forum Gesundheit” of BMBF
  “AG Nutzbarmachung digitaler Daten für KI-Entwicklungen in der Gesundheitsforschung”

Recent work on DeepFake detecting, attribution, watermarking and responsible disclosure:

• ArXiv’21: Responsible Disclosure of Generative Models Using Scalable Fingerprinting
• ICCV’21: Artificial Fingerprinting for Generative Models: Rooting Deepfake Attribution in Training Data
• S&P’21: Adversarial Watermarking Transformer: Towards Tracing Text Provenance with Data Hiding
• IJCAI’21: Beyond the Spectrum: Detecting Deepfakes via Re-Synthesis
• CVPR’21: Hijack-GAN: Unintended-Use of Pretrained, Black-Box GANs
• ICCV’19: Attributing Fake Images to GANs: Learning and Analyzing GAN Fingerprints

Recent publications:

• IJCV’21: Semantic Bottlenecks: Quantifying and Improving Inspectability of Deep Representations
• CCS-W’21: Differential Privacy Defenses and Sampling Attacks for Membership Inference
• CCS-W’21: “What’s in the box?!”: Deflecting Adversarial Attacks by Randomly Deploying Adversarially-Disjoint Models
• PKDD-W’21: IReEn: Reverse-Engineering of Black-Box Functions via Iterative Neural Program Synthesis
• PKDD-W’21: SampleFix: Learning to Generate Functionally Diverse Fixes
• ICCV’21: Artificial Fingerprinting for Generative Models: Rooting Deepfake Attribution in Training Data
• ICCV’21: Dual Contrastive Loss and Attention for GANs
• EXCLI’21: Privacy Considerations for Sharing Genomics Data
• IJCAI’21: Beyond the Spectrum: Detecting Deepfakes via Re-Synthesis
• S&P’21: Adversarial Watermarking Transformer: Towards Tracing Text Provenance with Data Hiding
• CVPR’21: Hijack-GAN: Unintended-Use of Pretrained, Black-Box GANs
• CVPR’21: Convolutional Dynamic Alignment Networks for Interpretable Classifications
• CVPR’21: Euro-PVI: Pedestrian Vehicle Interactions in Dense Urban Centers
• CVPR-W’21: MLCapsule: Guarded Offline Deployment of Machine Learning as a Service
• CVPR-W’21: InfoScrub: Towards Attribute Privacy by Targeted Obfuscation
• WACV’21: Future Moment Assessment for Action Query

• NeurIPS’20: GS-WGAN: A Gradient-Sanitized Approach for Learning Differentially Private Generators
• NeurIPS-W’20: SampleFix: Learning to Correct Programs by Sampling Diverse Fixes
• NeurIPS-W’20: IReEn: Iterative Reverse-Engineering of Black-Box Functions via Neural Program Synthesis
• NeurIPS-W’20: Haar Wavelet based Block Autoregressive Flows for Trajectories
• CCS’20: VisualPhishNet: Zero-Day Phishing Website Detection by Visual Similarity
• CCS’20: GAN-Leaks: A Taxonomy of Membership Inference Attacks against GANs
• S&P’20: Automatically Detecting Bystanders in Photos to Reduce Privacy Risks
• USENIX Security’20: Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning
• ICLR’20: Prediction Poisoning: Utility-Constrained Defenses Against Model Stealing Attacks
• CVPR’20: Towards Causal VQA: Revealing and Reducing Spurious Correlations by Invariant and Covariant Semantic Editing
• CVPR’20: Normalizing Flows with Multi-scale Autoregressive Priors
• ECCV’20: Towards Automated Testing and Robustification by Semantic Adversarial Data Generation
• ECCV’20: Inclusive GAN: Improving Data and Minority Coverage in Generative Models
• ECCV’20: Segmentations-Leak: Membership Inference Attacks and Defenses in Semantic Image Segmentation
• ECCV-W’20: Body Shape Privacy in Images: Understanding Privacy and Preventing Automatic Shape Extraction
• ECCV-W’20: Synthetic Convolutional Features for Improved Semantic Segmentation
• NEUCOM’20: Deep gaze pooling: Inferring and visually decoding search intents from human gaze fixations
• GCPR’20: Semantic Bottlenecks: Quantifying & Improving Inspectability of Deep Representations
• GCPR’20: Long-Tailed Recognition Using Class-Balanced Experts
• GCPR’20: Haar Wavelet based Block Autoregressive Flows for Trajectories
• TPAMI’20: Person Recognition in Personal Photo Collections
• Explainable AI Book: Towards reverse-engineering black-box neural networks

Most recent work on ArXiv:

• ArXiv’21: Backdoor Attacks on Network Certification via Data Poisoning
• ArXiv’21: ML-Doctor: Holistic Risk Assessment of Inference Attacks Against Machine Learning Models
• ArXiv’21: Responsible Disclosure of Generative Models Using Scalable Fingerprinting
• ArXiv’20: CosSGD: Nonlinear Quantization for Communication-efficient Federated Learning

News, talks, events:

• Recent program committees: ICML’21, NeurIPS’22, S&P’22, EuroS&P’22, CVPR’22 (AC)
• Runner-up Inria/CNIL Privacy Protection Prize 2020
  S&P’20 paper: “Automatically Detecting Bystanders in Photos to Reduce Privacy Risks”
• Co-Organizers of ICLR’21 Workshop on “Synthetic Data Generation – Quality, Privacy, Bias”
• Co-Organizers of CVPR’21 Workshop on “QuoVadis: Interdisciplinary, Socio-Technical Workshop on the Future of Computer Vision and Pattern Recognition (QuoVadis-CVPR)”
• Co-Organizers of CVPR’21 Workshop on “Causality in Vision”
• Founding member of Saarbrücken Artificial Intelligence & Machine Learning (SAM) unit of the European Laboratory of Learning and Intelligent Systems (ELLIS)
• Lecturer at Digital CISPA Summer School 2020
• Co-Organizer of Third International Workshop on The Bright and Dark Sides of Computer Vision: Challenges and Opportunities for Privacy and Security (CV-COPS) at ECCV 2020
• Co-Organizer: 4. ACM Symposium on Computer Science in Cars: Future Challenges in Artificial Intelligence & Security for Autonomous Vehicles CSCS’20
• Keynote at Workshop Machine Learning for Cybersecurity, ECMLPKDD’19
• Talk at Cyber Defense Campus (CYD) Conference on Artificial Intelligence in Defence and Security
• Co-Organizer of Second International Workshop on The Bright and Dark Sides of Computer Vision: Challenges and Opportunities for Privacy and Security (CV-COPS) at CVPR 2019
• Co-Organizer: 3. ACM Symposium on Computer Science in Cars: Future Challenges in Artificial Intelligence & Security for Autonomous Vehicles CSCS’19
• Leading scientist at new Helmholtz Medical Security and Privacy Research Center
• Member of ACM Technical Policy Committee Europe
• Mateusz Malinowski received the DAGM MVTec dissertation award as well as the Dr.-Eduard-Martin award for his PhD
• Associate Editor for IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI)

Show all

2021
Journal Articles
	Max Losch; Mario Fritz; Bernt Schiele Semantic Bottlenecks: Quantifying and Improving Inspectability of Deep Representations Journal Article International Journal of Computer Vision (IJCV), 2021. Links | BibTeX | Tags: 2021 @article{losch21ijcv, title = {Semantic Bottlenecks: Quantifying and Improving Inspectability of Deep Representations}, author = {Max Losch and Mario Fritz and Bernt Schiele}, url = {https://link.springer.com/content/pdf/10.1007/s11263-021-01498-0.pdf}, year = {2021}, date = {2021-09-14}, journal = {International Journal of Computer Vision (IJCV)}, keywords = {2021}, pubstate = {published}, tppubtype = {article} } Close https://link.springer.com/content/pdf/10.1007/s11263-021-01498-0.pdf Close
	Marie Oestreich; Dingfan Chen; Joachim L. Schultze; Mario Fritz; Matthias Becker Privacy considerations for sharing genomics data Journal Article EXCLI Journal, 2021. Links | BibTeX | Tags: 2021 @article{oestreich21excli, title = {Privacy considerations for sharing genomics data}, author = {Marie Oestreich and Dingfan Chen and Joachim L. Schultze and Mario Fritz and Matthias Becker}, url = {https://www.excli.de/index.php/excli/article/view/4002 https://www.excli.de/index.php/excli/article/view/4002/3892}, year = {2021}, date = {2021-07-16}, journal = {EXCLI Journal}, keywords = {2021}, pubstate = {published}, tppubtype = {article} } Close https://www.excli.de/index.php/excli/article/view/4002 https://www.excli.de/index.php/excli/article/view/4002/3892 Close
Inproceedings
	Ning Yu; Vladislav Skripniuk; Sahar Abdelnabi; Mario Fritz Artificial Fingerprinting for Generative Models: Rooting Deepfake Attribution in Training Data Inproceedings International Conference on Computer Vision (ICCV), 2021. Links | BibTeX | Tags: 2021 @inproceedings{ning21iccv1, title = {Artificial Fingerprinting for Generative Models: Rooting Deepfake Attribution in Training Data}, author = {Ning Yu and Vladislav Skripniuk and Sahar Abdelnabi and Mario Fritz}, url = {preliminary version: https://arxiv.org/abs/2007.08457 https://arxiv.org/pdf/2007.08457.pdf}, year = {2021}, date = {2021-10-12}, booktitle = {International Conference on Computer Vision (ICCV)}, keywords = {2021}, pubstate = {published}, tppubtype = {inproceedings} } Close preliminary version: https://arxiv.org/abs/2007.08457 https://arxiv.org/pdf/2007.08457.pdf Close
	Ning Yu; Guilin Liu; Aysegul Dundar; Andrew Tao; Bryan Catanzaro; Larry Davis; Mario Fritz Dual Contrastive Loss and Attention for GANs Inproceedings International Conference on Computer Vision (ICCV), 2021. Links | BibTeX | Tags: 2021 @inproceedings{ning21iccv2, title = {Dual Contrastive Loss and Attention for GANs}, author = {Ning Yu and Guilin Liu and Aysegul Dundar and Andrew Tao and Bryan Catanzaro and Larry Davis and Mario Fritz }, url = {preliminary version: https://arxiv.org/abs/2103.16748 https://arxiv.org/pdf/2103.16748.pdf}, year = {2021}, date = {2021-10-11}, booktitle = {International Conference on Computer Vision (ICCV)}, keywords = {2021}, pubstate = {published}, tppubtype = {inproceedings} } Close preliminary version: https://arxiv.org/abs/2103.16748 https://arxiv.org/pdf/2103.16748.pdf Close
	Yang He; Ning Yu; Margret Keuper; Mario Fritz Beyond the Spectrum: Detecting Deepfakes via Re-Synthesis Inproceedings 30th International Joint Conference on Artificial Intelligence (IJCAI), 2021. Links | BibTeX | Tags: 2021 @inproceedings{he21ijcai, title = {Beyond the Spectrum: Detecting Deepfakes via Re-Synthesis}, author = {Yang He and Ning Yu and Margret Keuper and Mario Fritz}, url = {https://cispa.saarland/group/fritz/wp-content/blogs.dir/13/files/2021/05/ijcai21.pdf}, year = {2021}, date = {2021-08-21}, booktitle = {30th International Joint Conference on Artificial Intelligence (IJCAI)}, keywords = {2021}, pubstate = {published}, tppubtype = {inproceedings} } Close https://cispa.saarland/group/fritz/wp-content/blogs.dir/13/files/2021/05/ijcai21[...] Close
	Moritz Bohle, Mario Fritz, Bernt Schiele Convolutional Dynamic Alignment Networks for Interpretable Classifications Inproceedings IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2021. Links | BibTeX | Tags: 2021 @inproceedings{moritz21cvpr, title = {Convolutional Dynamic Alignment Networks for Interpretable Classifications}, author = {Moritz Bohle, Mario Fritz, Bernt Schiele}, url = {https://openaccess.thecvf.com/content/CVPR2021/papers/Bohle_Convolutional_Dynamic_Alignment_Networks_for_Interpretable_Classifications_CVPR_2021_paper.pdf}, year = {2021}, date = {2021-06-22}, booktitle = {IEEE Conference on Computer Vision and Pattern Recognition (CVPR)}, keywords = {2021}, pubstate = {published}, tppubtype = {inproceedings} } Close https://openaccess.thecvf.com/content/CVPR2021/papers/Bohle_Convolutional_Dynami[...] Close
	Apratim Bhattacharyya; Daniel Olmeda Reino; Mario Fritz; Bernt Schiele Euro-PVI: Pedestrian Vehicle Interactions in Dense Urban Centers Inproceedings IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2021. Links | BibTeX | Tags: 2021 @inproceedings{apratim21cvpr, title = {Euro-PVI: Pedestrian Vehicle Interactions in Dense Urban Centers}, author = {Apratim Bhattacharyya and Daniel Olmeda Reino and Mario Fritz and Bernt Schiele}, url = {https://openaccess.thecvf.com/content/CVPR2021/papers/Bhattacharyya_Euro-PVI_Pedestrian_Vehicle_Interactions_in_Dense_Urban_Centers_CVPR_2021_paper.pdf}, year = {2021}, date = {2021-06-21}, booktitle = {IEEE Conference on Computer Vision and Pattern Recognition (CVPR)}, keywords = {2021}, pubstate = {published}, tppubtype = {inproceedings} } Close https://openaccess.thecvf.com/content/CVPR2021/papers/Bhattacharyya_Euro-PVI_Ped[...] Close
	Hui-Po Wang; Ning Yu; Mario Fritz Hijack-GAN: Unintended-Use of Pretrained, Black-Box GANs Inproceedings IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2021. Links | BibTeX | Tags: 2021 @inproceedings{wang21cvpr, title = {Hijack-GAN: Unintended-Use of Pretrained, Black-Box GANs}, author = {Hui-Po Wang and Ning Yu and Mario Fritz}, url = {https://arxiv.org/abs/2011.14107 https://arxiv.org/pdf/2011.14107.pdf}, year = {2021}, date = {2021-06-19}, booktitle = {IEEE Conference on Computer Vision and Pattern Recognition (CVPR)}, keywords = {2021}, pubstate = {published}, tppubtype = {inproceedings} } Close https://arxiv.org/abs/2011.14107 https://arxiv.org/pdf/2011.14107.pdf Close
	Sahar Abdelnabi; Mario Fritz Adversarial Watermarking Transformer: Towards Tracing Text Provenance with Data Hiding Inproceedings IEEE Symposium on Security and Privacy (S&P), 2021. Links | BibTeX | Tags: 2021 @inproceedings{abdelnabi21oakland, title = {Adversarial Watermarking Transformer: Towards Tracing Text Provenance with Data Hiding}, author = {Sahar Abdelnabi and Mario Fritz}, url = {https://arxiv.org/abs/2009.03015 https://arxiv.org/pdf/2009.03015.pdf https://github.com/S-Abdelnabi/awt short video: https://www.youtube.com/watch?v=_Wc2OLVfD7Q long video: https://www.youtube.com/watch?v=3wvgds9bYg4}, year = {2021}, date = {2021-05-21}, booktitle = {IEEE Symposium on Security and Privacy (S&P)}, keywords = {2021}, pubstate = {published}, tppubtype = {inproceedings} } Close https://arxiv.org/abs/2009.03015 https://arxiv.org/pdf/2009.03015.pdf https://github.com/S-Abdelnabi/awt short video: https://www.youtube.com/watch?v=_Wc2OLVfD7Q long video: https://www.youtube.com/watch?v=3wvgds9bYg4 Close
	Qiuhong Ke; Mario Fritz; Bernt Schiele Future Moment Assessment for Action Query Inproceedings IEEE Winter Conference on Applications of Computer Vision (WACV ’20), 2021. Links | BibTeX | Tags: 2021 @inproceedings{wacv21ke, title = {Future Moment Assessment for Action Query}, author = {Qiuhong Ke and Mario Fritz and Bernt Schiele}, url = {https://openaccess.thecvf.com/content/WACV2021/html/Ke_Future_Moment_Assessment_for_Action_Query_WACV_2021_paper.html https://openaccess.thecvf.com/content/WACV2021/papers/Ke_Future_Moment_Assessment_for_Action_Query_WACV_2021_paper.pdf}, year = {2021}, date = {2021-01-05}, booktitle = {IEEE Winter Conference on Applications of Computer Vision (WACV ’20)}, keywords = {2021}, pubstate = {published}, tppubtype = {inproceedings} } Close https://openaccess.thecvf.com/content/WACV2021/html/Ke_Future_Moment_Assessment_[...] https://openaccess.thecvf.com/content/WACV2021/papers/Ke_Future_Moment_Assessmen[...] Close
Technical Reports
	Tobias Lorenz; Marta Kwiatkowska; Mario Fritz Backdoor Attacks on Network Certification via Data Poisoning Technical Report arXiv:2108.11299, 2021. Links | BibTeX | Tags: 2021 @techreport{lorenz21arxiv, title = {Backdoor Attacks on Network Certification via Data Poisoning}, author = {Tobias Lorenz and Marta Kwiatkowska and Mario Fritz}, url = {https://arxiv.org/abs/2108.11299 https://arxiv.org/pdf/2108.11299.pdf}, year = {2021}, date = {2021-08-25}, type = {arXiv:2108.11299}, keywords = {2021}, pubstate = {published}, tppubtype = {techreport} } Close https://arxiv.org/abs/2108.11299 https://arxiv.org/pdf/2108.11299.pdf Close
	Yugeng Liu; Rui Wen; Xinlei He; Ahmed Salem; Zhikun Zhang; Michael Backes; Emiliano De Cristofaro; Mario Fritz; Yang Zhang ML-Doctor: Holistic Risk Assessment of Inference Attacks Against Machine Learning Models Technical Report arXiv:2102.02551, 2021. Links | BibTeX | Tags: 2021 @techreport{liu21arxiv, title = {ML-Doctor: Holistic Risk Assessment of Inference Attacks Against Machine Learning Models}, author = {Yugeng Liu and Rui Wen and Xinlei He and Ahmed Salem and Zhikun Zhang and Michael Backes and Emiliano De Cristofaro and Mario Fritz and Yang Zhang}, url = {https://arxiv.org/abs/2102.02551 https://arxiv.org/pdf/2102.02551.pdf}, year = {2021}, date = {2021-02-09}, type = {arXiv:2102.02551}, keywords = {2021}, pubstate = {published}, tppubtype = {techreport} } Close https://arxiv.org/abs/2102.02551 https://arxiv.org/pdf/2102.02551.pdf Close
Workshops
	Sahar Abdelnabi; Mario Fritz "What's in the box?!": Deflecting Adversarial Attacks by Randomly Deploying Adversarially-Disjoint Models Workshop Moving Target Defense Workshop in conjuncture with CCS, 2021. Links | BibTeX | Tags: 2021 @workshop{abdelnabi21ccsw, title = {"What's in the box?!": Deflecting Adversarial Attacks by Randomly Deploying Adversarially-Disjoint Models}, author = {Sahar Abdelnabi and Mario Fritz}, url = {https://arxiv.org/abs/2102.05104 https://arxiv.org/pdf/2102.05104.pdf}, year = {2021}, date = {2021-11-15}, booktitle = {Moving Target Defense Workshop in conjuncture with CCS}, keywords = {2021}, pubstate = {published}, tppubtype = {workshop} } Close https://arxiv.org/abs/2102.05104 https://arxiv.org/pdf/2102.05104.pdf Close
	Hossein Hajipour; Apratim Bhattacharyya; Cristian-Alexandru Staicu; Mario Fritz SampleFix: Learning to Generate Functionally Diverse Fixes Workshop 1st International Workshop on Machine Learning in Software Engineering in conjuncture with ECML PKDD, Springer, 2021. Links | BibTeX | Tags: 2021 @workshop{hajipour20pkddw, title = {SampleFix: Learning to Generate Functionally Diverse Fixes}, author = {Hossein Hajipour and Apratim Bhattacharyya and Cristian-Alexandru Staicu and Mario Fritz}, url = {https://arxiv.org/abs/1906.10502 https://arxiv.org/pdf/1906.10502.pdf}, year = {2021}, date = {2021-09-17}, booktitle = {1st International Workshop on Machine Learning in Software Engineering in conjuncture with ECML PKDD}, publisher = {Springer}, keywords = {2021}, pubstate = {published}, tppubtype = {workshop} } Close https://arxiv.org/abs/1906.10502 https://arxiv.org/pdf/1906.10502.pdf Close
	Hossein Hajipour; Mateusz Malinowski; Mario Fritz IReEn: Iterative Reverse-Engineering of Black-Box Functions via Neural Program Synthesis Workshop 1st International Workshop on Machine Learning in Software Engineering in conjuncture with ECML PKDD, Springer, 2021. Links | BibTeX | Tags: 2021 @workshop{hajipour21pkddw, title = {IReEn: Iterative Reverse-Engineering of Black-Box Functions via Neural Program Synthesis}, author = {Hossein Hajipour and Mateusz Malinowski and Mario Fritz}, url = {https://arxiv.org/abs/2006.10720 https://arxiv.org/pdf/2006.10720.pdf}, year = {2021}, date = {2021-09-17}, booktitle = {1st International Workshop on Machine Learning in Software Engineering in conjuncture with ECML PKDD}, publisher = {Springer}, keywords = {2021}, pubstate = {published}, tppubtype = {workshop} } Close https://arxiv.org/abs/2006.10720 https://arxiv.org/pdf/2006.10720.pdf Close
	Hui-Po Wang; Tribhuvanesh Orekondy; Mario Fritz InfoScrub: Towards Attribute Privacy by Targeted Obfuscation Workshop CVPR Workshop on Fair, Data-Efficient, and Trusted Computer Vision (TCV), 2021. Links | BibTeX | Tags: 2021 @workshop{wang21cvprs, title = {InfoScrub: Towards Attribute Privacy by Targeted Obfuscation}, author = {Hui-Po Wang and Tribhuvanesh Orekondy and Mario Fritz}, url = {https://arxiv.org/abs/2005.10329 https://arxiv.org/pdf/2005.10329.pdf}, year = {2021}, date = {2021-06-21}, booktitle = {CVPR Workshop on Fair, Data-Efficient, and Trusted Computer Vision (TCV)}, keywords = {2021}, pubstate = {published}, tppubtype = {workshop} } Close https://arxiv.org/abs/2005.10329 https://arxiv.org/pdf/2005.10329.pdf Close
	Lucjan Hanzlik; Yang Zhang; Kathrin Grosse; Ahmed Salem; Max Augustin; Michael Backes; Mario Fritz MLCapsule: Guarded Offline Deployment of Machine Learning as a Service Workshop CVPR Workshop on Fair, Data-Efficient, and Trusted Computer Vision (TCV), 2021. Links | BibTeX | Tags: 2021 @workshop{hanzlik21cvprw, title = {MLCapsule: Guarded Offline Deployment of Machine Learning as a Service}, author = {Lucjan Hanzlik and Yang Zhang and Kathrin Grosse and Ahmed Salem and Max Augustin and Michael Backes and Mario Fritz}, url = {https://cispa.saarland/group/fritz/wp-content/blogs.dir/13/files/2021/06/mlcapsul_TCV_CR-4.pdf}, year = {2021}, date = {2021-06-20}, booktitle = {CVPR Workshop on Fair, Data-Efficient, and Trusted Computer Vision (TCV)}, keywords = {2021}, pubstate = {published}, tppubtype = {workshop} } Close https://cispa.saarland/group/fritz/wp-content/blogs.dir/13/files/2021/06/mlcapsu[...] Close