Arrow Research search

Author name cluster

Chaim Baskin

Possible papers associated with this exact author name in Arrow. This page groups case-insensitive exact name matches and is not a full identity disambiguation profile.

9 papers
2 author rows

Possible papers

9

TMLR Journal 2026 Journal Article

Adversarial Attacks in Weight-Space Classifiers

  • Tamir Shor
  • Ethan Fetaya
  • Chaim Baskin
  • Alex M. Bronstein

Implicit Neural Representations (INRs) have been recently garnering increasing interest in various research fields, mainly due to their ability to represent large, complex data in a compact and continuous manner. Past work further showed that numerous popular downstream tasks can be performed directly in the INR parameter-space. Doing so can substantially reduce the computational resources required to process the represented data in their native domain. A major difficulty in using modern machine-learning approaches, is their high susceptibility to adversarial attacks, which have been shown to greatly limit the reliability and applicability of such methods in a wide range of settings. In this work, we show that parameter-space models trained for classification are inherently robust to adversarial attacks – without the need of any robust training. To support our claims, we develop a novel suite of adversarial attacks targeting parameter-space classifiers, and furthermore analyze practical considerations of such attacks.

PDF Details

TMLR Journal 2026 Journal Article

On Adversarial Attacks In Acoustic Localization

  • Tamir Shor
  • Chaim Baskin
  • Alex M. Bronstein

Multi-rotor aerial vehicles (drones) are increasingly deployed across diverse domains, where accurate navigation is critical. The limitations of vision-based methods under poor lighting and occlusions have driven growing interest in acoustic sensing as an alternative. However, the security of acoustic-based localization has not been examined. Adversarial attacks pose a serious threat, potentially leading to mission-critical failures and safety risks. While prior research has explored adversarial attacks on vision-based systems, no work has addressed the acoustic setting. In this paper, we present the first comprehensive study of adversarial robustness in acoustic drone localization. We formulate white-box projected gradient descent (PGD) attacks from an external sound source and show their significant impact on localization accuracy. Furthermore, we propose a novel defense algorithm based on rotor phase modulation, capable of effectively recovering clean signals and mitigating adversarial degradation. Our results highlight both the vulnerability of acoustic localization and the potential for robust defense strategies.

PDF Details

IROS Conference 2024 Conference Paper

Active propulsion noise shaping for multi-rotor aircraft localization

  • Gabriele Serussi
  • Tamir Shor
  • Tom Hirshberg
  • Chaim Baskin
  • Alex M. Bronstein

Multi-rotor aerial autonomous vehicles (MAVs) primarily rely on vision for navigation purposes. However, visual localization and odometry techniques suffer from poor performance in low or direct sunlight, a limited field of view, and vulnerability to occlusions. Acoustic sensing can serve as a complementary or even alternative modality for vision in many situations, and it also has the added benefits of lower system cost and energy footprint, which is especially important for micro aircraft. This paper proposes actively controlling and shaping the aircraft propulsion noise generated by the rotors to benefit localization tasks, rather than considering it a harmful nuisance. We present a neural network architecture for self-noise-based localization in a known environment. We show that training it simultaneously with learning time-varying rotor phase modulation achieves accurate and robust localization. The proposed methods are evaluated using a computationally affordable simulation of MAV rotor noise in 2D acoustic environments that is fitted to real recordings of rotor pressure fields. Code 3 and data 4 are accompanied.

Details

TMLR Journal 2024 Journal Article

Semi-Supervised Semantic Segmentation via Marginal Contextual Information

  • Moshe Kimhi
  • Shai Kimhi
  • Evgenii Zheltonozhskii
  • Or Litany
  • Chaim Baskin

We present a novel confidence refinement scheme that enhances pseudo-labels in semi-supervised semantic segmentation. Unlike existing methods, which filter pixels with low-confidence predictions in isolation, our approach leverages the spatial correlation of labels in segmentation maps by grouping neighboring pixels and considering their pseudo-labels collectively. With this contextual information, our method, named S4MC, increases the amount of unlabeled data used during training while maintaining the quality of the pseudo-labels, all with negligible computational overhead. Through extensive experiments on standard benchmarks, we demonstrate that S4MC outperforms existing state-of-the-art semi-supervised learning approaches, offering a promising solution for reducing the cost of acquiring dense annotations. For example, S4MC achieves a 1.39 mIoU improvement over the prior art on PASCAL VOC 12 with 366 annotated images. The code to reproduce our experiments is available at https://s4mcontext.github.io/

PDF Details

NeurIPS Conference 2024 Conference Paper

Sequential Signal Mixing Aggregation for Message Passing Graph Neural Networks

  • Mitchell Keren Taraday
  • Almog David
  • Chaim Baskin

Message Passing Graph Neural Networks (MPGNNs) have emerged as the preferred method for modeling complex interactions across diverse graph entities. While the theory of such models is well understood, their aggregation module has not received sufficient attention. Sum-based aggregators have solid theoretical foundations regarding their separation capabilities. However, practitioners often prefer using more complex aggregations and mixtures of diverse aggregations. In this work, we unveil a possible explanation for this gap. We claim that sum-based aggregators fail to "mix" features belonging to distinct neighbors, preventing them from succeeding at downstream tasks. To this end, we introduce Sequential Signal Mixing Aggregation (SSMA), a novel plug-and-play aggregation for MPGNNs. SSMA treats the neighbor features as 2D discrete signals and sequentially convolves them, inherently enhancing the ability to mix features attributed to distinct neighbors. By performing extensive experiments, we show that when combining SSMA with well-established MPGNN architectures, we achieve substantial performance gains across various benchmarks, achieving new state-of-the-art results in many settings. We published our code at https: //almogdavid. github. io/SSMA/.

PDF Details DOI

TMLR Journal 2024 Journal Article

Single Image Test-Time Adaptation for Segmentation

  • Klara Janouskova
  • Tamir Shor
  • Chaim Baskin
  • Jiri Matas

Test-Time Adaptation methods improve domain shift robustness of deep neural networks. We explore the adaptation of segmentation models to a single unlabelled image with no other data available at test time. This allows individual sample performance analysis while excluding orthogonal factors such as weight restart strategies. We propose two new segmentation \ac{tta} methods and compare them to established baselines and recent state-of-the-art. The methods are first validated on synthetic domain shifts and then tested on real-world datasets. The analysis highlights that simple modifications such as the choice of the loss function can greatly improve the performance of standard baselines and that different methods and hyper-parameters are optimal for different kinds of domain shift, hindering the development of fully general methods applicable in situations where no prior knowledge about the domain shift is assumed.

PDF Details

ICLR Conference 2023 Conference Paper

Strategic Classification with Graph Neural Networks

  • Itay Eilat
  • Ben Finkelshtein
  • Chaim Baskin
  • Nir Rosenfeld

Strategic classification studies learning in settings where users can modify their features to obtain favorable predictions. Most current works focus on simple classifiers that trigger independent user responses. Here we examine the implications of learning with more elaborate models that break the independence assumption. Motivated by the idea that applications of strategic classification are often social in nature, we focus on graph neural networks, which make use of social relations between users to improve predictions. Using a graph for learning introduces inter-user dependencies in prediction; our key point is that strategic users can exploit these to promote their goals. As we show through analysis and simulation, this can work either against the system---or for it. Based on this, we propose a differentiable framework for strategically-robust learning of graph-based classifiers. Experiments on several real networked datasets demonstrate the utility of our approach.

Details

TMLR Journal 2023 Journal Article

Weisfeiler and Leman Go Infinite: Spectral and Combinatorial Pre-Colorings

  • Or Feldman
  • Amit Boyarski
  • Shai Feldman
  • Dani Kogan
  • Avi Mendelson
  • Chaim Baskin

The limit in the expressivity of Message Passing Graph Neural Networks (MPGNNs) has recently led to the development of end-to-end learning GNN architectures. These advanced GNNs usually generalize existing notions in the GNN architecture or suggest new ones that break the limit of the existing, relatively simple MPGNNs. In this paper, we focus on a different solution, the two-phase approach (or pre-coloring), which enables to use of the same simple MPGNNs while improving their expressivity. We prove that using pre-colorings could strictly increase the expressivity of MPGNNs ad infinitum. We also suggest new pre-coloring based on the spectral decomposition of the graph Laplacian and prove that it strictly improves the expressivity of standard MPGNNs. An extensive evaluation of the proposed method with different MPGNN models on various graph classification and node property prediction datasets consistently outperforms previous pre-coloring strategies. The code to reproduce our experiments is available at \url{https://github.com/TPFI22/Spectral-and-Combinatorial}.

PDF Details

JMLR Journal 2021 Journal Article

CAT: Compression-Aware Training for bandwidth reduction

  • Chaim Baskin
  • Brian Chmiel
  • Evgenii Zheltonozhskii
  • Ron Banner
  • Alex M. Bronstein
  • Avi Mendelson

One major obstacle hindering the ubiquitous use of CNNs for inference is their relatively high memory bandwidth requirements, which can be the primary energy consumer and throughput bottleneck in hardware accelerators. Inspired by quantization-aware training approaches, we propose a compression-aware training (CAT) method that involves training the model to allow better compression of weights and feature maps during neural network deployment. Our method trains the model to achieve low-entropy feature maps, enabling efficient compression at inference time using classical transform coding methods. CAT significantly improves the state-of-the-art results reported for quantization evaluated on various vision and NLP tasks, such as image classification (ImageNet), image detection (Pascal VOC), sentiment analysis (CoLa), and textual entailment (MNLI). For example, on ResNet-18, we achieve near baseline ImageNet accuracy with an average representation of only 1.5 bits per value with 5-bit quantization. Moreover, we show that entropy reduction of weights and activations can be applied together, further improving bandwidth reduction. Reference implementation is available. [abs] [ pdf ][ bib ] [ code ] &copy JMLR 2021. ( edit, beta )

PDF Details