Arrow Research search

Author name cluster

Jaewook Lee

Possible papers associated with this exact author name in Arrow. This page groups case-insensitive exact name matches and is not a full identity disambiguation profile.

13 papers
2 author rows

Possible papers

13

EAAI Journal 2026 Journal Article

Differentially private upsampling for enhanced anomaly detection in imbalanced data

  • Yujin Choi
  • Jinseong Park
  • Youngjoo Park
  • Jaewook Lee
  • Junyoung Byun

In real-world applications, anomaly detection tasks are critically important. For example, fraud detection for the financial domains and the diagnosis of diseases for the medical domains require highly accurate predictions, as errors can lead to severe consequences. These tasks often rely on sensitive personal data, making it necessary to apply privacy-preserving techniques. However, applying privacy-preserving techniques directly degrades performance. To mitigate this issue, the minority class in an imbalanced dataset can be upsampled to improve balance. In this paper, we propose a differentially private upsampling method using a kernel-based support function for imbalanced datasets. The proposed method employs kernel support vector domain description to estimate the distribution of minority class data under differential privacy constraints, generating synthetic instances based on gradient methods. Additionally, we propose a filtering process that leverages the support function of the majority class data to refine the generated samples without additional privacy loss. Experimental results on real-world datasets demonstrate that the proposed method maintains robust privacy guarantees and achieves superior performance in minority class metrics, comparable to non-private methods.

Details DOI

IROS Conference 2025 Conference Paper

Inverse Kinematics for Robot Arm Using Minimum Mean Square Error

  • Changeui Shin
  • Junho Park
  • Woong Jeong
  • Jaewook Lee
  • YoungJun Joo
  • HoSeong Kwak

This paper considers the inverse kinematics problem of a robotic arm applying minimum mean square error with variance-based control. The proposed algorithm achieves optimal results by minimizing the average error, even when considering variance calculations. Its performance is comparable to that of the algorithm that utilizes optimally tuned singular value decomposition (SVD). The calculated variance values are added to the diagonal terms of the matrix as in the damped least squares method in the inverse matrix operation. This indicates that optimal performance can be achieved even when a Moore-Penrose pseudo-inverse matrix is employed instead of SVD. The effectiveness of the proposed method is validated with seven-degree-of-freedom (7-DoF) (1 rail + 6-DoF arm) and 6-DoF robots. By introducing practical error control methods, this paper contributes to enhancing the overall comprehension of error-related algorithms.

Details

NeurIPS Conference 2025 Conference Paper

Multi-Class Support Vector Machine with Differential Privacy

  • Jinseong Park
  • Yujin Choi
  • Jaewook Lee

With the increasing need to safeguard data privacy in machine learning models, differential privacy (DP) is one of the major frameworks to build privacy-preserving models. Support Vector Machines (SVMs) are widely used traditional machine learning models due to their robust margin guarantees and strong empirical performance in binary classification. However, applying DP to multi-class SVMs is inadequate, as the standard one-versus-rest (OvR) and one-versus-one (OvO) approaches repeatedly query each data sample when building multiple binary classifiers, thus consuming the privacy budget proportionally to the number of classes. To overcome this limitation, we explore all-in-one SVM approaches for DP, which access each data sample only once to construct multi-class SVM boundaries with margin maximization properties. We propose a novel differentially Private Multi-class SVM (PMSVM) with weight and gradient perturbation methods, providing rigorous sensitivity and convergence analyses to ensure DP in all-in-one SVMs. Empirical results demonstrate that our approach surpasses existing DP-SVM methods in multi-class scenarios.

PDF Details

EAAI Journal 2025 Journal Article

Temporal Consistency Ensemble Empirical Mode Decomposition for forecasting practical metal price

  • Yujin Choi
  • Dongbin Kim
  • Jaewook Lee

Accurately forecasting metal prices is critical to economic, industrial, and energy markets. However, traditional time series models often rely on future data, limiting their real-world applicability. This study found that decomposition methods utilizing future data inflate model performance, and the high accuracy of forecasting models is mainly due to these unrealistic assumptions. In this paper, we propose a novel Temporal Consistency Ensemble Empirical Mode Decomposition (TC-EEMD) method designed for rolling scenarios for practical forecasting models. The performance of the method was evaluated using Support Vector Regression (SVR), Long Short-Term Memory (LSTM) networks, and Transformer on real precious metal price data. The results show that TC-EEMD and hybrid approaches improve forecast accuracy and robustness, mitigating noise dependence and stabilizing forecasts across different industrial applications.

Details DOI

NeurIPS Conference 2024 Conference Paper

Are Self-Attentions Effective for Time Series Forecasting?

  • Dongbin Kim
  • Jinseong Park
  • Jaewook Lee
  • Hoki Kim

Time series forecasting is crucial for applications across multiple domains and various scenarios. Although Transformers have dramatically advanced the landscape of forecasting, their effectiveness remains debated. Recent findings have indicated that simpler linear models might outperform complex Transformer-based approaches, highlighting the potential for more streamlined architectures. In this paper, we shift the focus from evaluating the overall Transformer architecture to specifically examining the effectiveness of self-attention for time series forecasting. To this end, we introduce a new architecture, Cross-Attention-only Time Series transformer (CATS), that rethinks the traditional transformer framework by eliminating self-attention and leveraging cross-attention mechanisms instead. By establishing future horizon-dependent parameters as queries and enhanced parameter sharing, our model not only improves long-term forecasting accuracy but also reduces the number of parameters and memory usage. Extensive experiment across various datasets demonstrates that our model achieves superior performance with the lowest mean squared error and uses fewer parameters compared to existing models. The implementation of our model is available at: https: //github. com/dongbeank/CATS.

PDF Details DOI

EAAI Journal 2024 Journal Article

Evaluating practical adversarial robustness of fault diagnosis systems via spectrogram-aware ensemble method

  • Hoki Kim
  • Sangho Lee
  • Jaewook Lee
  • Woojin Lee
  • Youngdoo Son

While machine learning models have shown superior performance in fault diagnosis systems, researchers have revealed their vulnerability to subtle noises generated by adversarial attacks. Given that this vulnerability can lead to misdiagnosis or unnecessary maintenance, the assessment of the practical robustness of fault diagnosis models is crucial for their deployment and use in real-world scenarios. However, research on the practical adversarial robustness of fault diagnosis models remains limited. In this work, we present a comprehensive analysis on rotating machinery diagnostics and discover that existing attacks often over-estimate the robustness of these models in practical settings. In order to precisely estimate the practical robustness of models, we propose a novel method that unveils the hidden risks of fault diagnosis models by manipulating the spectrum of signal frequencies—an area that has been rarely explored in the domain of adversarial attacks. Our proposed attack, Spectrogram-Aware Ensemble Method (SAEM), the hidden vulnerability of fault diagnosis systems through achieving a higher attack performance in practical black-box settings. Through experiments, we reveal the potential dangers of employing non-robust fault diagnosis models in real-world applications and suggest directions for future research in industrial applications.

Details DOI

AAAI Conference 2024 Conference Paper

Fair Sampling in Diffusion Models through Switching Mechanism

  • Yujin Choi
  • Jinseong Park
  • Hoki Kim
  • Jaewook Lee
  • Saerom Park

Diffusion models have shown their effectiveness in generation tasks by well-approximating the underlying probability distribution. However, diffusion models are known to suffer from an amplified inherent bias from the training data in terms of fairness. While the sampling process of diffusion models can be controlled by conditional guidance, previous works have attempted to find empirical guidance to achieve quantitative fairness. To address this limitation, we propose a fairness-aware sampling method called \textit{attribute switching} mechanism for diffusion models. Without additional training, the proposed sampling can obfuscate sensitive attributes in generated data without relying on classifiers. We mathematically prove and experimentally demonstrate the effectiveness of the proposed method on two key aspects: (i) the generation of fair data and (ii) the preservation of the utility of the generated data.

PDF Details DOI

NeurIPS Conference 2023 Conference Paper

Fantastic Robustness Measures: The Secrets of Robust Generalization

  • Hoki Kim
  • Jinseong Park
  • Yujin Choi
  • Jaewook Lee

Adversarial training has become the de-facto standard method for improving the robustness of models against adversarial examples. However, robust overfitting remains a significant challenge, leading to a large gap between the robustness on the training and test datasets. To understand and improve robust generalization, various measures have been developed, including margin, smoothness, and flatness-based measures. In this study, we present a large-scale analysis of robust generalization to empirically verify whether the relationship between these measures and robust generalization remains valid in diverse settings. We demonstrate when and how these measures effectively capture the robust generalization gap by comparing over 1, 300 models trained on CIFAR-10 under the $L_\infty$ norm and further validate our findings through an evaluation of more than 100 models from RobustBench across CIFAR-10, CIFAR-100, and ImageNet. We hope this work can help the community better understand adversarial robustness and motivate the development of more robust defense methods against adversarial attacks.

PDF Details

IJCAI Conference 2023 Conference Paper

Fast and Differentially Private Fair Clustering

  • Junyoung Byun
  • Jaewook Lee

This study presents the first differentially private and fair clustering method, built on the recently proposed density-based fair clustering approach. The method addresses the limitations of fair clustering algorithms that necessitate the use of sensitive personal information during training or inference phases. Two novel solutions, the Gaussian mixture density function and Voronoi cell, are proposed to enhance the method's performance in terms of privacy, fairness, and utility compared to previous methods. The experimental results on both synthetic and real-world data confirm the compatibility of the proposed method with differential privacy, achieving a better fairness-utility trade-off than existing methods when privacy is not considered. Moreover, the proposed method requires significantly less computation time, being at least 3. 7 times faster than the state-of-the-art.

PDF Details DOI

NeurIPS Conference 2021 Conference Paper

Parameter-free HE-friendly Logistic Regression

  • Junyoung Byun
  • Woojin Lee
  • Jaewook Lee

Privacy in machine learning has been widely recognized as an essential ethical and legal issue, because the data used for machine learning may contain sensitive information. Homomorphic encryption has recently attracted attention as a key solution to preserve privacy in machine learning applications. However, current approaches on the training of encrypted machine learning have relied heavily on hyperparameter selection, which should be avoided owing to the extreme difficulty of conducting validation on encrypted data. In this study, we propose an effective privacy-preserving logistic regression method that is free from the approximation of the sigmoid function and hyperparameter selection. In our framework, a logistic regression model can be transformed into the corresponding ridge regression for the logit function. We provide a theoretical background for our framework by suggesting a new generalization error bound on the encrypted data. Experiments on various real-world data show that our framework achieves better classification results while reducing latency by $\sim68\%$, compared to the previous models.

PDF Details

NeurIPS Conference 2021 Conference Paper

Towards Better Understanding of Training Certifiably Robust Models against Adversarial Examples

  • Sungyoon Lee
  • Woojin Lee
  • Jinseong Park
  • Jaewook Lee

We study the problem of training certifiably robust models against adversarial examples. Certifiable training minimizes an upper bound on the worst-case loss over the allowed perturbation, and thus the tightness of the upper bound is an important factor in building certifiably robust models. However, many studies have shown that Interval Bound Propagation (IBP) training uses much looser bounds but outperforms other models that use tighter bounds. We identify another key factor that influences the performance of certifiable training: \textit{smoothness of the loss landscape}. We find significant differences in the loss landscapes across many linear relaxation-based methods, and that the current state-of-the-arts method often has a landscape with favorable optimization properties. Moreover, to test the claim, we design a new certifiable training method with the desired properties. With the tightness and the smoothness, the proposed method achieves a decent performance under a wide range of perturbations, while others with only one of the two factors can perform well only for a specific range of perturbations. Our code is available at \url{https: //github. com/sungyoon-lee/LossLandscapeMatters}.

PDF Details

AAAI Conference 2021 Conference Paper

Understanding Catastrophic Overfitting in Single-step Adversarial Training

  • Hoki Kim
  • Woojin Lee
  • Jaewook Lee

Although fast adversarial training has demonstrated both robustness and efficiency, the problem of “catastrophic overfitting” has been observed. This is a phenomenon in which, during single-step adversarial training, robust accuracy against projected gradient descent (PGD) suddenly decreases to 0% after a few epochs, whereas robust accuracy against fast gradient sign method (FGSM) increases to 100%. In this paper, we demonstrate that catastrophic overfitting is very closely related to the characteristic of single-step adversarial training which uses only adversarial examples with the maximum perturbation, and not all adversarial examples in the adversarial direction, which leads to decision boundary distortion and a highly curved loss surface. Based on this observation, we propose a simple method that not only prevents catastrophic overfitting, but also overrides the belief that it is difficult to prevent multi-step adversarial attacks with single-step adversarial training.

PDF Details

NeurIPS Conference 2020 Conference Paper

Lipschitz-Certifiable Training with a Tight Outer Bound

  • Sungyoon Lee
  • Jaewook Lee
  • Saerom Park

Verifiable training is a promising research direction for training a robust network. However, most verifiable training methods are slow or lack scalability. In this study, we propose a fast and scalable certifiable training algorithm based on Lipschitz analysis and interval arithmetic. Our certifiable training algorithm provides a tight propagated outer bound by introducing the box constraint propagation (BCP), and it efficiently computes the worst logit over the outer bound. In the experiments, we show that BCP achieves a tighter outer bound than the global Lipschitz-based outer bound. Moreover, our certifiable training algorithm is over 12 times faster than the state-of-the-art dual relaxation-based method; however, it achieves comparable or better verification performance, improving natural accuracy. Our fast certifiable training algorithm with the tight outer bound can scale to Tiny ImageNet with verification accuracy of 20. 1\% ($\ell_2$-perturbation of $\epsilon=36/255$). Our code is available at \url{https: //github. com/sungyoon-lee/bcp}.

PDF Details