People
Isabel Valera
Saarland Informatics Campus
Building E1 1, R. 225
For administrative services, contact ml-office@lists.saarland-informatics-campus.de
To apply for PhD/PostDoc/HiWi/Thesis, see the information on the “Positions” page for the correct e-mail to use.
Otherwise, contact ivalera@cs.uni-saarland.de.
About me
I am a full Professor on Machine Learning at the Department of Computer Science of Saarland University (Saarbrücken, Germany), and Adjunct Faculty at MPI for Software Systems in Saarbrücken (Saarbrücken, Germany).
I am a fellow of the European Laboratory for Learning and Intelligent Systems (ELLIS), where I am part of the Robust Machine Learning Program and of the Saarbrücken Artificial Intelligence & Machine learning (Sam) Unit.
Prior to this, I was an independent group leader at the MPI for Intelligent Systems in Tübingen (Germany) until the end of the year. I have held a German Humboldt Post-Doctoral Fellowship, and a “Minerva fast track” fellowship from the Max Planck Society. I obtained my PhD in 2014 and MSc degree in 2012 from the University Carlos III in Madrid (Spain), and worked as postdoctoral researcher at the MPI for Software Systems (Germany) and at the University of Cambridge (UK).
Publications
2026
Majumdar, Ayan; Kanubala, Deborah Dormah; Gupta, Kavya; Valera, Isabel
A Causal Framework to Measure and Mitigate Non-binary Treatment Discrimination Journal Article
In: CoRR, vol. abs/2503.22454, 2026.
Abstract | Links | BibTeX | Tags: ayanm, deborah, isabel, kavya
@article{DBLP:journals/corr/abs-2503-22454,
title = {A Causal Framework to Measure and Mitigate Non-binary Treatment Discrimination},
author = {Ayan Majumdar and Deborah Dormah Kanubala and Kavya Gupta and Isabel Valera},
url = {https://doi.org/10.48550/arXiv.2503.22454},
doi = {10.48550/ARXIV.2503.22454},
year = {2026},
date = {2026-03-19},
urldate = {2026-03-19},
journal = {CoRR},
volume = {abs/2503.22454},
abstract = {Fairness studies of algorithmic decision-making systems often simplify complex decision processes, such as bail or lending decisions, into binary classification tasks (e.g., approve or not approve). However, these approaches overlook that such decisions are not inherently binary; they also involve non-binary treatment decisions (e.g., loan or bail terms) that can influence the downstream outcomes (e.g., loan repayment or reoffending). We argue that treatment decisions are integral to the decision-making process and, therefore, should be central to fairness analyses. Consequently, we propose a causal framework that extends and complements existing fairness notions by explicitly distinguishing between decision-subjects’ covariates and the treatment decisions. Our framework leverages path-specific counterfactual reasoning to: (i) measure treatment disparity and its downstream effects in historical data; and (ii) mitigate the impact of past unfair treatment decisions when automating decision-making. We use our framework to empirically analyze four widely used loan approval datasets to reveal potential disparity in non-binary treatment decisions and their discriminatory impact on outcomes, highlighting the need to incorporate treatment decisions in fairness assessments. Finally, by intervening in treatment decisions, we show that our framework effectively mitigates treatment discrimination from historical loan approval data to ensure fair risk score estimation and (non-binary) decision-making processes that benefit all stakeholders.},
keywords = {ayanm, deborah, isabel, kavya},
pubstate = {published},
tppubtype = {article}
}
Fairness studies of algorithmic decision-making systems often simplify complex decision processes, such as bail or lending decisions, into binary classification tasks (e.g., approve or not approve). However, these approaches overlook that such decisions are not inherently binary; they also involve non-binary treatment decisions (e.g., loan or bail terms) that can influence the downstream outcomes (e.g., loan repayment or reoffending). We argue that treatment decisions are integral to the decision-making process and, therefore, should be central to fairness analyses. Consequently, we propose a causal framework that extends and complements existing fairness notions by explicitly distinguishing between decision-subjects’ covariates and the treatment decisions. Our framework leverages path-specific counterfactual reasoning to: (i) measure treatment disparity and its downstream effects in historical data; and (ii) mitigate the impact of past unfair treatment decisions when automating decision-making. We use our framework to empirically analyze four widely used loan approval datasets to reveal potential disparity in non-binary treatment decisions and their discriminatory impact on outcomes, highlighting the need to incorporate treatment decisions in fairness assessments. Finally, by intervening in treatment decisions, we show that our framework effectively mitigates treatment discrimination from historical loan approval data to ensure fair risk score estimation and (non-binary) decision-making processes that benefit all stakeholders.
2025
Kalampalikis, Nektarios; Gupta, Kavya; Vitanov, Georgi; Valera, Isabel
Towards Reasonable Concept Bottleneck Models Journal Article
In: CoRR, vol. abs/2506.05014, 2025.
Abstract | Links | BibTeX | Tags: isabel, kavya, nektarios
@article{DBLP:journals/corr/abs-2506-05014,
title = {Towards Reasonable Concept Bottleneck Models},
author = {Nektarios Kalampalikis and Kavya Gupta and Georgi Vitanov and Isabel Valera},
url = {https://doi.org/10.48550/arXiv.2506.05014},
doi = {10.48550/ARXIV.2506.05014},
year = {2025},
date = {2025-01-01},
urldate = {2025-01-01},
journal = {CoRR},
volume = {abs/2506.05014},
abstract = {In this paper, we propose textbf{C}oncept textbf{REA}soning textbf{M}odels (CREAM), a novel family of Concept Bottleneck Models (CBMs) that: (i) explicitly encodes concept-concept ({texttt{C-C}}) and concept-task ({texttt{C$rightarrow$Y}}) relationships to enforce a desired model reasoning; and (ii) use a regularized side-channel to achieve competitive task performance, while keeping high concept importance. Specifically, CREAM architecturally embeds (bi)directed concept-concept, and concept to task relationships specified by a human expert, while severing undesired information flows (e.g., to handle mutually exclusive concepts). Moreover, CREAM integrates a black-box side-channel that is regularized to encourage task predictions to be grounded in the relevant concepts, thereby utilizing the side-channel only when necessary to enhance performance. Our experiments show that: (i) CREAM mainly relies on concepts while achieving task performance on par with black-box models; and (ii) the embedded {texttt{C-C}} and {texttt{C$rightarrow$Y}} relationships ease model interventions and mitigate concept leakage.},
keywords = {isabel, kavya, nektarios},
pubstate = {published},
tppubtype = {article}
}
In this paper, we propose textbf{C}oncept textbf{REA}soning textbf{M}odels (CREAM), a novel family of Concept Bottleneck Models (CBMs) that: (i) explicitly encodes concept-concept ({texttt{C-C}}) and concept-task ({texttt{C$rightarrow$Y}}) relationships to enforce a desired model reasoning; and (ii) use a regularized side-channel to achieve competitive task performance, while keeping high concept importance. Specifically, CREAM architecturally embeds (bi)directed concept-concept, and concept to task relationships specified by a human expert, while severing undesired information flows (e.g., to handle mutually exclusive concepts). Moreover, CREAM integrates a black-box side-channel that is regularized to encourage task predictions to be grounded in the relevant concepts, thereby utilizing the side-channel only when necessary to enhance performance. Our experiments show that: (i) CREAM mainly relies on concepts while achieving task performance on par with black-box models; and (ii) the embedded {texttt{C-C}} and {texttt{C$rightarrow$Y}} relationships ease model interventions and mitigate concept leakage.
2024
Kanubala, Deborah Dormah; Valera, Isabel; Gupta, Kavya
Fairness Beyond Binary Decisions: a Case Study on German Credit Proceedings Article
In: Cerrato, Mattia; Coronel, Alesia Vallenas; Ahrweiler, Petra; Loi, Michele; Pechenizkiy, Mykola; Tamò-Larrieux, Aurelia (Ed.): Proceedings of the 3rd European Workshop on Algorithmic Fairness, Mainz, Germany, July 1st to 3rd, 2024, CEUR-WS.org, 2024.
Abstract | Links | BibTeX | Tags: deborah, isabel, kavya
@inproceedings{DBLP:conf/ewaf/KanubalaVG24,
title = {Fairness Beyond Binary Decisions: a Case Study on German Credit},
author = {Deborah Dormah Kanubala and Isabel Valera and Kavya Gupta},
editor = {Mattia Cerrato and Alesia Vallenas Coronel and Petra Ahrweiler and Michele Loi and Mykola Pechenizkiy and Aurelia Tamò-Larrieux},
url = {https://ceur-ws.org/Vol-3908/paper_15.pdf},
year = {2024},
date = {2024-01-01},
urldate = {2024-01-01},
booktitle = {Proceedings of the 3rd European Workshop on Algorithmic Fairness,
Mainz, Germany, July 1st to 3rd, 2024},
volume = {3908},
publisher = {CEUR-WS.org},
series = {CEUR Workshop Proceedings},
abstract = {Data-driven approaches are increasingly used to (partially) automate decision-making in credit scoring
by predicting whether an applicant is “creditworthy or not” based on a set of features about the applicant,
such as age and income, along with what we refer here to as treatment decisions, e.g., loan amount and
duration. Existing data-driven approaches for automating and evaluating the accuracy and fairness of
such credit decisions ignore that treatment decisions (here, loan terms) are part of the decision and
thus may be subject to discrimination. This discrimination can propagate to the final outcome (repaid
or not) of positive decisions (granted loans). In this extended abstract, we rely on causal reasoning
and a broadly studied fair machine-learning dataset, the German credit, to i) show that the current fair
data-driven approach neglects discrimination in treatment decisions (i.e., loan terms) and its downstream
consequences on the decision outcome (i.e., ability to repay); and ii) argue for the need to move beyond
binary decisions in fair data-driven decision-making in consequential settings like credit scoring},
keywords = {deborah, isabel, kavya},
pubstate = {published},
tppubtype = {inproceedings}
}
Data-driven approaches are increasingly used to (partially) automate decision-making in credit scoring
by predicting whether an applicant is “creditworthy or not” based on a set of features about the applicant,
such as age and income, along with what we refer here to as treatment decisions, e.g., loan amount and
duration. Existing data-driven approaches for automating and evaluating the accuracy and fairness of
such credit decisions ignore that treatment decisions (here, loan terms) are part of the decision and
thus may be subject to discrimination. This discrimination can propagate to the final outcome (repaid
or not) of positive decisions (granted loans). In this extended abstract, we rely on causal reasoning
and a broadly studied fair machine-learning dataset, the German credit, to i) show that the current fair
data-driven approach neglects discrimination in treatment decisions (i.e., loan terms) and its downstream
consequences on the decision outcome (i.e., ability to repay); and ii) argue for the need to move beyond
binary decisions in fair data-driven decision-making in consequential settings like credit scoring
by predicting whether an applicant is “creditworthy or not” based on a set of features about the applicant,
such as age and income, along with what we refer here to as treatment decisions, e.g., loan amount and
duration. Existing data-driven approaches for automating and evaluating the accuracy and fairness of
such credit decisions ignore that treatment decisions (here, loan terms) are part of the decision and
thus may be subject to discrimination. This discrimination can propagate to the final outcome (repaid
or not) of positive decisions (granted loans). In this extended abstract, we rely on causal reasoning
and a broadly studied fair machine-learning dataset, the German credit, to i) show that the current fair
data-driven approach neglects discrimination in treatment decisions (i.e., loan terms) and its downstream
consequences on the decision outcome (i.e., ability to repay); and ii) argue for the need to move beyond
binary decisions in fair data-driven decision-making in consequential settings like credit scoring
2023
Gupta, Kavya
University of Paris-Saclay, France, 2023.
Abstract | Links | BibTeX | Tags: kavya
@phdthesis{DBLP:phd/hal/Gupta23,
title = {Stability Quantification of Neural Networks. (Quantification de la stabilité des réseaux de neurones)},
author = {Kavya Gupta},
url = {https://tel.archives-ouvertes.fr/tel-04047901},
year = {2023},
date = {2023-01-01},
urldate = {2023-01-01},
school = {University of Paris-Saclay, France},
abstract = {Artificial neural networks are at the core of recent advances in Artificial Intelligence. One of the main challenges faced today, especially by companies likeThales designing advanced industrial systems is to ensure the safety of newgenerations of products using these technologies. In 2013 in a key observation, neural networks were shown to be sensitive to adversarial perturbations, raising serious concerns about their applicability in critically safe environments. In the last years, publications studying the various aspects of this robustness of neural networks, and rising questions such as "Why adversarial attacks occur?", "How can we make the neural network more robust to adversarial noise?", "How to generate stronger attacks?" etc., have grown exponentially. The contributions of this thesis aim to tackle such problems. The adversarial machine learning community concentrates majorly on classification scenarios, whereas studies on regression tasks are scarce. Our contributions bridge this significant gap between adversarial machine learning and regression applications.The first contribution in Chapter 3 proposes a white-box attackers designed to attack regression models. The presented adversarial attacker is derived from the algebraic properties of the Jacobian of the network. We show that our attacker successfully fools the neural network and measure its effectiveness in reducing the estimation performance. We present our results on various open-source and real industrial tabular datasets. Our analysis relies on the quantification of the fooling error as well as different error metrics. Another noteworthy feature of our attacker is that it allows us to optimally attack a subset of inputs, which may help to analyze the sensitivity of some specific inputs. We also, show the effect of this attacker on spectrally normalised trained models which are known to be more robust in handling attacks.The second contribution of this thesis (Chapter 4) presents a multivariate Lipschitz constant analysis of neural networks. The Lipschitz constant is widely used in the literature to study the internal properties of neural networks. But most works do a single parametric analysis, which do not allow to quantify the effect of individual inputs on the output. We propose a multivariate Lipschitz constant-based stability analysis of fully connected neural networks allowing us to capture the influence of each input or group of inputs on the neural network stability. Our approach relies on a suitable re-normalization of the input space, intending to perform a more precise analysis than the one provided by a global Lipschitz constant. We display the results of this analysis by a new representation designed for machine learning practitioners and safety engineers termed as a Lipschitz star. We perform experiments on various open-access tabular datasets and an actual Thales Air Mobility industrial application subject to certification requirements.The use of spectral normalization in designing a stability control loop is discussed in Chapter 5. A critical part of the optimal model is to behave according to specified performance and stability targets while in operation. But imposing tight Lipschitz constant constraints while training the models usually leads to a reduction of their accuracy. Hence, we design an algorithm to train "stable-by-design" neural network models using our spectral normalization approach, which optimizes the model by taking into account both performance and stability targets. We focus on Small Unmanned Aerial Vehicles (UAVs). More specifically, we present a novel application of neural networks to detect in real-time elevon positioning faults to allow the remote pilot to take necessary actions to ensure safety.},
keywords = {kavya},
pubstate = {published},
tppubtype = {phdthesis}
}
Artificial neural networks are at the core of recent advances in Artificial Intelligence. One of the main challenges faced today, especially by companies likeThales designing advanced industrial systems is to ensure the safety of newgenerations of products using these technologies. In 2013 in a key observation, neural networks were shown to be sensitive to adversarial perturbations, raising serious concerns about their applicability in critically safe environments. In the last years, publications studying the various aspects of this robustness of neural networks, and rising questions such as "Why adversarial attacks occur?", "How can we make the neural network more robust to adversarial noise?", "How to generate stronger attacks?" etc., have grown exponentially. The contributions of this thesis aim to tackle such problems. The adversarial machine learning community concentrates majorly on classification scenarios, whereas studies on regression tasks are scarce. Our contributions bridge this significant gap between adversarial machine learning and regression applications.The first contribution in Chapter 3 proposes a white-box attackers designed to attack regression models. The presented adversarial attacker is derived from the algebraic properties of the Jacobian of the network. We show that our attacker successfully fools the neural network and measure its effectiveness in reducing the estimation performance. We present our results on various open-source and real industrial tabular datasets. Our analysis relies on the quantification of the fooling error as well as different error metrics. Another noteworthy feature of our attacker is that it allows us to optimally attack a subset of inputs, which may help to analyze the sensitivity of some specific inputs. We also, show the effect of this attacker on spectrally normalised trained models which are known to be more robust in handling attacks.The second contribution of this thesis (Chapter 4) presents a multivariate Lipschitz constant analysis of neural networks. The Lipschitz constant is widely used in the literature to study the internal properties of neural networks. But most works do a single parametric analysis, which do not allow to quantify the effect of individual inputs on the output. We propose a multivariate Lipschitz constant-based stability analysis of fully connected neural networks allowing us to capture the influence of each input or group of inputs on the neural network stability. Our approach relies on a suitable re-normalization of the input space, intending to perform a more precise analysis than the one provided by a global Lipschitz constant. We display the results of this analysis by a new representation designed for machine learning practitioners and safety engineers termed as a Lipschitz star. We perform experiments on various open-access tabular datasets and an actual Thales Air Mobility industrial application subject to certification requirements.The use of spectral normalization in designing a stability control loop is discussed in Chapter 5. A critical part of the optimal model is to behave according to specified performance and stability targets while in operation. But imposing tight Lipschitz constant constraints while training the models usually leads to a reduction of their accuracy. Hence, we design an algorithm to train "stable-by-design" neural network models using our spectral normalization approach, which optimizes the model by taking into account both performance and stability targets. We focus on Small Unmanned Aerial Vehicles (UAVs). More specifically, we present a novel application of neural networks to detect in real-time elevon positioning faults to allow the remote pilot to take necessary actions to ensure safety.
Gupta, Kavya; Verma, Sagar
CertViT: Certified Robustness of Pre-Trained Vision Transformers Journal Article
In: CoRR, vol. abs/2302.10287, 2023.
Abstract | Links | BibTeX | Tags: kavya
@article{DBLP:journals/corr/abs-2302-10287,
title = {CertViT: Certified Robustness of Pre-Trained Vision Transformers},
author = {Kavya Gupta and Sagar Verma},
url = {https://doi.org/10.48550/arXiv.2302.10287},
doi = {10.48550/ARXIV.2302.10287},
year = {2023},
date = {2023-01-01},
urldate = {2023-01-01},
journal = {CoRR},
volume = {abs/2302.10287},
abstract = {Lipschitz bounded neural networks are certifiably robust and have a good trade-off between clean and certified accuracy. Existing Lipschitz bounding methods train from scratch and are limited to moderately sized networks (< 6M parameters). They require a fair amount of hyper-parameter tuning and are computationally prohibitive for large networks like Vision Transformers (5M to 660M parameters). Obtaining certified robustness of transformers is not feasible due to the non-scalability and inflexibility of the current methods. This work presents CertViT, a two-step proximal-projection method to achieve certified robustness from pre-trained weights. The proximal step tries to lower the Lipschitz bound and the projection step tries to maintain the clean accuracy of pre-trained weights. We show that CertViT networks have better certified accuracy than state-of-the-art Lipschitz trained networks. We apply CertViT on several variants of pre-trained vision transformers and show adversarial robustness using standard attacks},
keywords = {kavya},
pubstate = {published},
tppubtype = {article}
}
Lipschitz bounded neural networks are certifiably robust and have a good trade-off between clean and certified accuracy. Existing Lipschitz bounding methods train from scratch and are limited to moderately sized networks (< 6M parameters). They require a fair amount of hyper-parameter tuning and are computationally prohibitive for large networks like Vision Transformers (5M to 660M parameters). Obtaining certified robustness of transformers is not feasible due to the non-scalability and inflexibility of the current methods. This work presents CertViT, a two-step proximal-projection method to achieve certified robustness from pre-trained weights. The proximal step tries to lower the Lipschitz bound and the projection step tries to maintain the clean accuracy of pre-trained weights. We show that CertViT networks have better certified accuracy than state-of-the-art Lipschitz trained networks. We apply CertViT on several variants of pre-trained vision transformers and show adversarial robustness using standard attacks
2022
Gupta, Kavya; Kaakai, Fateh; Pesquet-Popescu, Béatrice; Pesquet, Jean-Christophe
Safe Design of Stable Neural Networks for Fault Detection in Small UAVs Proceedings Article
In: Trapp, Mario; Schoitsch, Erwin; Guiochet, Jérémie; Bitsch, Friedemann (Ed.): Computer Safety, Reliability, and Security. SAFECOMP 2022 Workshops - DECSoS, DepDevOps, SASSUR, SENSEI, USDAI, and WAISE, Munich, Germany, September 6-9, 2022, Proceedings, pp. 263–275, Springer, 2022.
Abstract | Links | BibTeX | Tags: kavya
@inproceedings{DBLP:conf/safecomp/GuptaKPP22,
title = {Safe Design of Stable Neural Networks for Fault Detection in Small UAVs},
author = {Kavya Gupta and Fateh Kaakai and Béatrice Pesquet-Popescu and Jean-Christophe Pesquet},
editor = {Mario Trapp and Erwin Schoitsch and Jérémie Guiochet and Friedemann Bitsch},
url = {https://doi.org/10.1007/978-3-031-14862-0_19},
doi = {10.1007/978-3-031-14862-0_19},
year = {2022},
date = {2022-01-01},
urldate = {2022-01-01},
booktitle = {Computer Safety, Reliability, and Security. SAFECOMP 2022 Workshops
- DECSoS, DepDevOps, SASSUR, SENSEI, USDAI, and WAISE, Munich, Germany,
September 6-9, 2022, Proceedings},
volume = {13415},
pages = {263–275},
publisher = {Springer},
series = {Lecture Notes in Computer Science},
abstract = {Stability of a machine learning model is the extent to which a model can continue to operate correctly despite small perturbations in its inputs. A formal method to measure stability is the Lipschitz constant of the model which allows to evaluate how small perturbations in the inputs impact the output variations. Variations in the outputs may lead to high errors for regression tasks or unintended changes in the classes for classification tasks. Verification of the stability of ML models is crucial in many industrial domains such as aeronautics, space, automotive etc. It has been recognized that data-driven models are intrinsically extremely sensitive to small perturbation of the inputs. Therefore, the need to design methods for verifying the stability of ML models is of importance for manufacturers developing safety critical products.
In this work, we focus on Small Unmanned Aerial Vehicles (UAVs) which are in the frontage of new technology solutions for intelligent systems. However, real-time fault detection/diagnosis in such UAVs remains a challenge from data collection to prediction tasks. This work presents application of neural networks to detect in real-time elevon positioning faults. We show the efficiency of a formal method based on the Lipschitz constant for quantifying the stability of neural network models. We also present how this method can be coupled with spectral normalization constraints at the design phase to control the internal parameters of the model and make it more stable while keeping a high level of performance (accuracy-stability trade-off).},
keywords = {kavya},
pubstate = {published},
tppubtype = {inproceedings}
}
Stability of a machine learning model is the extent to which a model can continue to operate correctly despite small perturbations in its inputs. A formal method to measure stability is the Lipschitz constant of the model which allows to evaluate how small perturbations in the inputs impact the output variations. Variations in the outputs may lead to high errors for regression tasks or unintended changes in the classes for classification tasks. Verification of the stability of ML models is crucial in many industrial domains such as aeronautics, space, automotive etc. It has been recognized that data-driven models are intrinsically extremely sensitive to small perturbation of the inputs. Therefore, the need to design methods for verifying the stability of ML models is of importance for manufacturers developing safety critical products.
In this work, we focus on Small Unmanned Aerial Vehicles (UAVs) which are in the frontage of new technology solutions for intelligent systems. However, real-time fault detection/diagnosis in such UAVs remains a challenge from data collection to prediction tasks. This work presents application of neural networks to detect in real-time elevon positioning faults. We show the efficiency of a formal method based on the Lipschitz constant for quantifying the stability of neural network models. We also present how this method can be coupled with spectral normalization constraints at the design phase to control the internal parameters of the model and make it more stable while keeping a high level of performance (accuracy-stability trade-off).
In this work, we focus on Small Unmanned Aerial Vehicles (UAVs) which are in the frontage of new technology solutions for intelligent systems. However, real-time fault detection/diagnosis in such UAVs remains a challenge from data collection to prediction tasks. This work presents application of neural networks to detect in real-time elevon positioning faults. We show the efficiency of a formal method based on the Lipschitz constant for quantifying the stability of neural network models. We also present how this method can be coupled with spectral normalization constraints at the design phase to control the internal parameters of the model and make it more stable while keeping a high level of performance (accuracy-stability trade-off).
Gupta, Kavya; Kaakai, Fateh; Pesquet-Popescu, Beatrice; Pesquet, Jean-Christophe; Malliaros, Fragkiskos D.
Multivariate Lipschitz Analysis of the Stability of Neural Networks Journal Article
In: Frontiers in Signal Processing, vol. Volume 2 - 2022, 2022, ISSN: 2673-8198.
Abstract | Links | BibTeX | Tags: kavya
@article{10.3389/frsip.2022.794469,
title = {Multivariate Lipschitz Analysis of the Stability of Neural Networks},
author = {Kavya Gupta and Fateh Kaakai and Beatrice Pesquet-Popescu and Jean-Christophe Pesquet and Fragkiskos D. Malliaros},
url = {https://www.frontiersin.org/journals/signal-processing/articles/10.3389/frsip.2022.794469},
doi = {10.3389/frsip.2022.794469},
issn = {2673-8198},
year = {2022},
date = {2022-01-01},
urldate = {2022-01-01},
journal = {Frontiers in Signal Processing},
volume = {Volume 2 - 2022},
abstract = {The stability of neural networks with respect to adversarial perturbations has been extensively studied. One of the main strategies consist of quantifying the Lipschitz regularity of neural networks. In this paper, we introduce a multivariate Lipschitz constant-based stability analysis of fully connected neural networks allowing us to capture the influence of each input or group of inputs on the neural network stability. Our approach relies on a suitable re-normalization of the input space, with the objective to perform a more precise analysis than the one provided by a global Lipschitz constant. We investigate the mathematical properties of the proposed multivariate Lipschitz analysis and show its usefulness in better understanding the sensitivity of the neural network with regard to groups of inputs. We display the results of this analysis by a new representation designed for machine learning practitioners and safety engineers termed as a Lipschitz star. The Lipschitz star is a graphical and practical tool to analyze the sensitivity of a neural network model during its development, with regard to different combinations of inputs. By leveraging this tool, we show that it is possible to build robust-by-design models using spectral normalization techniques for controlling the stability of a neural network, given a safety Lipschitz target. Thanks to our multivariate Lipschitz analysis, we can also measure the efficiency of adversarial training in inference tasks. We perform experiments on various open access tabular datasets, and also on a real Thales Air Mobility industrial application subject to certification requirements.},
keywords = {kavya},
pubstate = {published},
tppubtype = {article}
}
The stability of neural networks with respect to adversarial perturbations has been extensively studied. One of the main strategies consist of quantifying the Lipschitz regularity of neural networks. In this paper, we introduce a multivariate Lipschitz constant-based stability analysis of fully connected neural networks allowing us to capture the influence of each input or group of inputs on the neural network stability. Our approach relies on a suitable re-normalization of the input space, with the objective to perform a more precise analysis than the one provided by a global Lipschitz constant. We investigate the mathematical properties of the proposed multivariate Lipschitz analysis and show its usefulness in better understanding the sensitivity of the neural network with regard to groups of inputs. We display the results of this analysis by a new representation designed for machine learning practitioners and safety engineers termed as a Lipschitz star. The Lipschitz star is a graphical and practical tool to analyze the sensitivity of a neural network model during its development, with regard to different combinations of inputs. By leveraging this tool, we show that it is possible to build robust-by-design models using spectral normalization techniques for controlling the stability of a neural network, given a safety Lipschitz target. Thanks to our multivariate Lipschitz analysis, we can also measure the efficiency of adversarial training in inference tasks. We perform experiments on various open access tabular datasets, and also on a real Thales Air Mobility industrial application subject to certification requirements.
2021
Lassau, Nathalie; Ammari, Samy; Chouzenoux, Emilie; Gortais, Hugo; Herent, Paul; Devilder, Matthieu; Soliman, Samer; Meyrignac, Olivier; Talabard, Marie-Pauline; Lamarque, Jean-Philippe; Dubois, Remy; Loiseau, Nicolas; Trichelair, Paul; Bendjebbar, Etienne; Garcia, Gabriel; Balleyguier, Corinne; Merad, Mansouria; Stoclin, Annabelle; Jegou, Simon; Griscelli, Franck; Tetelboum, Nicolas; Li, Yingping; Verma, Sagar; Terris, Matthieu; Dardouri, Tasnim; Gupta, Kavya; Neacsu, Ana; Chemouni, Frank; Sefta, Meriem; Jehanno, Paul; Bousaid, Imad; Boursin, Yannick; Planchet, Emmanuel; Azoulay, Mikael; Dachary, Jocelyn; Brulport, Fabien; Gonzalez, Adrian; Dehaene, Olivier; Schiratti, Jean-Baptiste; Schutte, Kathryn; Pesquet, Jean-Christophe; Talbot, Hugues; Pronier, Elodie; Wainrib, Gilles; Clozel, Thomas; Barlesi, Fabrice; Bellin, Marie-France; Blum, Michael G. B.
Integrating deep learning CT-scan model, biological and clinical variables to predict severity of COVID-19 patients Journal Article
In: Nat Commun, vol. 12, no. 1, 2021, ISSN: 2041-1723.
Abstract | Links | BibTeX | Tags: kavya
@article{Lassau2021,
title = {Integrating deep learning CT-scan model, biological and clinical variables to predict severity of COVID-19 patients},
author = {Nathalie Lassau and Samy Ammari and Emilie Chouzenoux and Hugo Gortais and Paul Herent and Matthieu Devilder and Samer Soliman and Olivier Meyrignac and Marie-Pauline Talabard and Jean-Philippe Lamarque and Remy Dubois and Nicolas Loiseau and Paul Trichelair and Etienne Bendjebbar and Gabriel Garcia and Corinne Balleyguier and Mansouria Merad and Annabelle Stoclin and Simon Jegou and Franck Griscelli and Nicolas Tetelboum and Yingping Li and Sagar Verma and Matthieu Terris and Tasnim Dardouri and Kavya Gupta and Ana Neacsu and Frank Chemouni and Meriem Sefta and Paul Jehanno and Imad Bousaid and Yannick Boursin and Emmanuel Planchet and Mikael Azoulay and Jocelyn Dachary and Fabien Brulport and Adrian Gonzalez and Olivier Dehaene and Jean-Baptiste Schiratti and Kathryn Schutte and Jean-Christophe Pesquet and Hugues Talbot and Elodie Pronier and Gilles Wainrib and Thomas Clozel and Fabrice Barlesi and Marie-France Bellin and Michael G. B. Blum},
doi = {10.1038/s41467-020-20657-4},
issn = {2041-1723},
year = {2021},
date = {2021-12-00},
urldate = {2021-12-00},
journal = {Nat Commun},
volume = {12},
number = {1},
publisher = {Springer Science and Business Media LLC},
abstract = {The SARS-COV-2 pandemic has put pressure on intensive care units, so that identifying predictors of disease severity is a priority. We collect 58 clinical and biological variables, and chest CT scan data, from 1003 coronavirus-infected patients from two French hospitals. We train a deep learning model based on CT scans to predict severity. We then construct the multimodal AI-severity score that includes 5 clinical and biological variables (age, sex, oxygenation, urea, platelet) in addition to the deep learning model. We show that neural network analysis of CT-scans brings unique prognosis information, although it is correlated with other markers of severity (oxygenation, LDH, and CRP) explaining the measurable but limited 0.03 increase of AUC obtained when adding CT-scan information to clinical variables. Here, we show that when comparing AI-severity with 11 existing severity scores, we find significantly improved prognosis performance; AI-severity can therefore rapidly become a reference scoring approach.},
keywords = {kavya},
pubstate = {published},
tppubtype = {article}
}
The SARS-COV-2 pandemic has put pressure on intensive care units, so that identifying predictors of disease severity is a priority. We collect 58 clinical and biological variables, and chest CT scan data, from 1003 coronavirus-infected patients from two French hospitals. We train a deep learning model based on CT scans to predict severity. We then construct the multimodal AI-severity score that includes 5 clinical and biological variables (age, sex, oxygenation, urea, platelet) in addition to the deep learning model. We show that neural network analysis of CT-scans brings unique prognosis information, although it is correlated with other markers of severity (oxygenation, LDH, and CRP) explaining the measurable but limited 0.03 increase of AUC obtained when adding CT-scan information to clinical variables. Here, we show that when comparing AI-severity with 11 existing severity scores, we find significantly improved prognosis performance; AI-severity can therefore rapidly become a reference scoring approach.
Gupta, Kavya; Pesquet-Popescu, Béatrice; Kaakai, Fateh; Pesquet, Jean-Christophe
A Quantitative Analysis Of The Robustness Of Neural Networks For Tabular Data Proceedings Article
In: IEEE International Conference on Acoustics, Speech and Signal Processing, ICASSP 2021, Toronto, ON, Canada, June 6-11, 2021, pp. 8057–8061, IEEE, 2021.
Abstract | Links | BibTeX | Tags: kavya
@inproceedings{DBLP:conf/icassp/GuptaPKP21,
title = {A Quantitative Analysis Of The Robustness Of Neural Networks For Tabular Data},
author = {Kavya Gupta and Béatrice Pesquet-Popescu and Fateh Kaakai and Jean-Christophe Pesquet},
url = {https://doi.org/10.1109/ICASSP39728.2021.9413858},
doi = {10.1109/ICASSP39728.2021.9413858},
year = {2021},
date = {2021-01-01},
urldate = {2021-01-01},
booktitle = {IEEE International Conference on Acoustics, Speech and Signal Processing,
ICASSP 2021, Toronto, ON, Canada, June 6-11, 2021},
pages = {8057–8061},
publisher = {IEEE},
abstract = {This paper presents a quantitative approach to demonstrate the robustness of neural networks for tabular data. These data form the backbone of the data structures found in most industrial applications. We analyse the effect of various widely used techniques we encounter in neural network practice, such as regularization of weights, addition of noise to the data, and positivity constraints. This analysis is performed by using three state-of-the-art techniques, which provide mathematical proofs of robustness in terms of Lipschitz constant for feed-forward networks. The experiments are carried out on two prediction tasks and one classification task. Our work brings insights into building robust neural network architectures for safety critical systems that require certification or approval from a competent authority.},
keywords = {kavya},
pubstate = {published},
tppubtype = {inproceedings}
}
This paper presents a quantitative approach to demonstrate the robustness of neural networks for tabular data. These data form the backbone of the data structures found in most industrial applications. We analyse the effect of various widely used techniques we encounter in neural network practice, such as regularization of weights, addition of noise to the data, and positivity constraints. This analysis is performed by using three state-of-the-art techniques, which provide mathematical proofs of robustness in terms of Lipschitz constant for feed-forward networks. The experiments are carried out on two prediction tasks and one classification task. Our work brings insights into building robust neural network architectures for safety critical systems that require certification or approval from a competent authority.
Gupta, Kavya; Pesquet, Jean-Christophe; Pesquet-Popescu, Béatrice; Kaakai, Fateh; Malliaros, Fragkiskos D.
An Adversarial Attacker for Neural Networks in Regression Problems Proceedings Article
In: Espinoza, Huáscar; McDermid, John A.; Huang, Xiaowei; Castillo-Effen, Mauricio; Chen, Xin Cynthia; Hernández-Orallo, José; hÉigeartaigh, Seán Ó; Mallah, Richard; Pedroza, Gabriel (Ed.): Proceedings of the Workshop on Artificial Intelligence Safety 2021 co-located with the Thirtieth International Joint Conference on Artificial Intelligence (IJCAI 2021), Virtual, August, 2021, CEUR-WS.org, 2021.
Abstract | Links | BibTeX | Tags: kavya
@inproceedings{DBLP:conf/ijcai/GuptaPPKM21,
title = {An Adversarial Attacker for Neural Networks in Regression Problems},
author = {Kavya Gupta and Jean-Christophe Pesquet and Béatrice Pesquet-Popescu and Fateh Kaakai and Fragkiskos D. Malliaros},
editor = {Huáscar Espinoza and John A. McDermid and Xiaowei Huang and Mauricio Castillo-Effen and Xin Cynthia Chen and José Hernández-Orallo and Seán Ó hÉigeartaigh and Richard Mallah and Gabriel Pedroza},
url = {https://ceur-ws.org/Vol-2916/paper_17.pdf},
year = {2021},
date = {2021-01-01},
urldate = {2021-01-01},
booktitle = {Proceedings of the Workshop on Artificial Intelligence Safety 2021
co-located with the Thirtieth International Joint Conference on Artificial
Intelligence (IJCAI 2021), Virtual, August, 2021},
volume = {2916},
publisher = {CEUR-WS.org},
series = {CEUR Workshop Proceedings},
abstract = {Adversarial attacks against neural networks and their defenses have been mostly investigated in classification scenarios. However, adversarial attacks in a regression setting remain understudied, although they play a critical role in a large portion of safety-critical applications. In this work, we present an adversarial attacker for regression tasks, derived from the algebraic properties of the Jacobian of the network. We show that our attacker successfully fools the neural network, and we measure its effectiveness in reducing the estimation performance. We present a white-box adversarial attacker to support engineers in designing safety-critical regression machine learning models. We present our results on various open-source and real industrial tabular datasets. In particular, the proposed adversarial attacker outperforms attackers based on random perturbations of the inputs. Our analysis relies on the quantification of the fooling error as well as various error metrics. A noteworthy feature of our attacker is that it allows us to optimally attack a subset of inputs, which may be helpful to analyse the sensitivity of some specific inputs.},
keywords = {kavya},
pubstate = {published},
tppubtype = {inproceedings}
}
Adversarial attacks against neural networks and their defenses have been mostly investigated in classification scenarios. However, adversarial attacks in a regression setting remain understudied, although they play a critical role in a large portion of safety-critical applications. In this work, we present an adversarial attacker for regression tasks, derived from the algebraic properties of the Jacobian of the network. We show that our attacker successfully fools the neural network, and we measure its effectiveness in reducing the estimation performance. We present a white-box adversarial attacker to support engineers in designing safety-critical regression machine learning models. We present our results on various open-source and real industrial tabular datasets. In particular, the proposed adversarial attacker outperforms attackers based on random perturbations of the inputs. Our analysis relies on the quantification of the fooling error as well as various error metrics. A noteworthy feature of our attacker is that it allows us to optimally attack a subset of inputs, which may be helpful to analyse the sensitivity of some specific inputs.