Multi-Exit models (MEMs) use an early-exit strategy to improve the accuracy and efficiency of deep neural networks (DNNs) by allowing samples to exit the network before the last layer. However, the effectiveness of MEMs in the presence of distribution shifts remains largely unexplored. Our work examines how distribution shifts generated by common image corruptions affect the accuracy/efficiency of MEMs. We find that under common corruptions, early-exiting at the first correct exit reduces the inference cost and provides a significant boost in accuracy ( 10%) over exiting at the last layer. However, with realistic early-exit strategies, which do not assume knowledge about the correct exits, MEMs still reduce inference cost but provide a marginal improvement in accuracy (1%) compared to exiting at the last layer. Moreover, the presence of distribution shift widens the gap between an MEM's maximum classification accuracy and realistic early-exit strategies by 5% on average compared with the gap on in-distribution data. Our empirical analysis shows that the lack of calibration due to a distribution shift increases the susceptibility of such early-exit strategies to exit early and increases misclassification rates. Furthermore, the lack of calibration increases the inconsistency in the predictions of the model across exits, leading to both inefficient inference and more misclassifications compared with evaluation on in-distribution data. Finally, we propose two metrics, underthinking and overthinking, that quantify the different behavior of practical early-exit strategy under distribution shifts, and provide insights into improving the practical utility of MEMs.

域的概括（DG）旨在学习通过使用来自多个相关源域的数据，其在测试时间遇到的看不见的域的性能保持较高的模型。许多现有的DG算法降低了表示空间中源分布之间的差异，从而有可能使靠近来源的看不见的域对齐。这是由分析的动机，该分析解释了使用分布距离（例如Wasserstein距离）与来源的分布距离（例如Wasserstein距离）的概括。但是，由于DG目标的开放性，使用一些基准数据集对DG算法进行全面评估是一项挑战。特别是，我们证明了用DG方法训练的模型的准确性在未见的域中，从流行的基准数据集生成的未见域有很大差异。这强调了DG方法在一些基准数据集上的性能可能无法代表其在野外看不见的域上的性能。为了克服这一障碍，我们提出了一个基于分配强大优化（DRO）的通用认证框架，该框架可以有效地证明任何DG方法的最差性能。这使DG方法与基准数据集的经验评估互补的DG方法无关。此外，我们提出了一种培训算法，可以与任何DG方法一起使用，以改善其认证性能。我们的经验评估证明了我们方法在显着改善最严重的损失（即降低野生模型失败的风险）方面的有效性，而不会在基准数据集上产生显着的性能下降。

经过认证的稳健性保证衡量模型对测试时间攻击的稳健性，并且可以评估模型对现实世界中部署的准备情况。在这项工作中，我们批判性地研究了对基于随机平滑的认证方法的对抗鲁棒性如何在遇到配送外（OOD）数据的最先进的鲁棒模型时改变。我们的分析显示了这些模型的先前未知的漏洞，以低频OOD数据，例如与天气相关的损坏，使这些模型不适合在野外部署。为了缓解这个问题，我们提出了一种新的数据增强方案，Fourimix，产生增强以改善训练数据的光谱覆盖范围。此外，我们提出了一种新规范器，鼓励增强数据的噪声扰动的一致预测，以提高平滑模型的质量。我们发现Fouriermix增强有助于消除可认真强大的模型的频谱偏差，使其能够在一系列ood基准上实现明显更好的稳健性保证。我们的评估还在突出模型的光谱偏差时揭示了当前的OOD基准。为此，我们提出了一个全面的基准套件，其中包含来自光谱域中不同区域的损坏。对拟议套件上流行的增强方法培训的模型的评估突出了它们的光谱偏差，并建立了富硫克斯训练型模型在实现整个频谱上变化下的更好认证的鲁棒性担保的优势。

无监督的域适应（UDA）通过将知识从标记的源域传送到与目标的分布不同的标记源域来实现跨域学习。但是，UDA并不总是成功，在文献中报告了几个“负转移”的几个账目。在这项工作中，我们在目标域错误上证明了一个简单的下限，这些错误符合现有的上限。我们的界定显示了最小化源域误差和边际分布不匹配的不足，因为由于可能的诱导标记功能不匹配可能增加，因此由于可能的增加而减少目标域误差。通过同一UDA方法成功，失败的简单分布进一步说明了这种不足，并且可以成功或失败，并且可以使用相同的机会。从此激励，我们提出了新的数据中毒攻击，以欺骗UDA方法进入产生大目标域错误的学习陈述。我们使用基准数据集评估这些攻击对流行的UDA方法的影响，他们以前已经证明是成功的。我们的结果表明，中毒可以显着降低目标域精度，在某些情况下将其降至近0％，在源域中添加了10％中毒数据。这些UDA方法的失败在保证与我们下限符合的跨域泛化时，他们的局限性阐述了它们的局限性。因此，评估诸如数据中毒等对逆势设置中的UDA方法提供了更好的稳健性对UDA不利的数据分布。

We propose an ensemble approach to predict the labels in linear programming word problems. The entity identification and the meaning representation are two types of tasks to be solved in the NL4Opt competition. We propose the ensembleCRF method to identify the named entities for the first task. We found that single models didn't improve for the given task in our analysis. A set of prediction models predict the entities. The generated results are combined to form a consensus result in the ensembleCRF method. We present an ensemble text generator to produce the representation sentences for the second task. We thought of dividing the problem into multiple small tasks due to the overflow in the output. A single model generates different representations based on the prompt. All the generated text is combined to form an ensemble and produce a mathematical meaning of a linear programming problem.

This paper presents a safety-critical locomotion control framework for quadrupedal robots. Our goal is to enable quadrupedal robots to safely navigate in cluttered environments. To tackle this, we introduce exponential Discrete Control Barrier Functions (exponential DCBFs) with duality-based obstacle avoidance constraints into a Nonlinear Model Predictive Control (NMPC) with Whole-Body Control (WBC) framework for quadrupedal locomotion control. This enables us to use polytopes to describe the shapes of the robot and obstacles for collision avoidance while doing locomotion control of quadrupedal robots. Compared to most prior work, especially using CBFs, that utilize spherical and conservative approximation for obstacle avoidance, this work demonstrates a quadrupedal robot autonomously and safely navigating through very tight spaces in the real world. (Our open-source code is available at github.com/HybridRobotics/quadruped_nmpc_dcbf_duality, and the video is available at youtu.be/p1gSQjwXm1Q.)

Transformer-based language models have been shown to be highly effective for several NLP tasks. In this paper, we consider three transformer models, BERT, RoBERTa, and XLNet, in both small and large version, and investigate how faithful their representations are with respect to the semantic content of texts. We formalize a notion of semantic faithfulness, in which the semantic content of a text should causally figure in a model's inferences in question answering. We then test this notion by observing a model's behavior on answering questions about a story after performing two novel semantic interventions -- deletion intervention and negation intervention. While transformer models achieve high performance on standard question answering tasks, we show that they fail to be semantically faithful once we perform these interventions for a significant number of cases (~50% for deletion intervention, and ~20% drop in accuracy for negation intervention). We then propose an intervention-based training regime that can mitigate the undesirable effects for deletion intervention by a significant margin (from ~50% to ~6%). We analyze the inner-workings of the models to better understand the effectiveness of intervention-based training for deletion intervention. But we show that this training does not attenuate other aspects of semantic unfaithfulness such as the models' inability to deal with negation intervention or to capture the predicate-argument structure of texts. We also test InstructGPT, via prompting, for its ability to handle the two interventions and to capture predicate-argument structure. While InstructGPT models do achieve very high performance on predicate-argument structure task, they fail to respond adequately to our deletion and negation interventions.

Deep Neural Networks (DNN) are becoming increasingly more important in assisted and automated driving. Using such entities which are obtained using machine learning is inevitable: tasks such as recognizing traffic signs cannot be developed reasonably using traditional software development methods. DNN however do have the problem that they are mostly black boxes and therefore hard to understand and debug. One particular problem is that they are prone to hidden backdoors. This means that the DNN misclassifies its input, because it considers properties that should not be decisive for the output. Backdoors may either be introduced by malicious attackers or by inappropriate training. In any case, detecting and removing them is important in the automotive area, as they might lead to safety violations with potentially severe consequences. In this paper, we introduce a novel method to remove backdoors. Our method works for both intentional as well as unintentional backdoors. We also do not require prior knowledge about the shape or distribution of backdoors. Experimental evidence shows that our method performs well on several medium-sized examples.

Reinforcement learning (RL) operating on attack graphs leveraging cyber terrain principles are used to develop reward and state associated with determination of surveillance detection routes (SDR). This work extends previous efforts on developing RL methods for path analysis within enterprise networks. This work focuses on building SDR where the routes focus on exploring the network services while trying to evade risk. RL is utilized to support the development of these routes by building a reward mechanism that would help in realization of these paths. The RL algorithm is modified to have a novel warm-up phase which decides in the initial exploration which areas of the network are safe to explore based on the rewards and penalty scale factor.

Real engineering and scientific applications often involve one or more qualitative inputs. Standard Gaussian processes (GPs), however, cannot directly accommodate qualitative inputs. The recently introduced latent variable Gaussian process (LVGP) overcomes this issue by first mapping each qualitative factor to underlying latent variables (LVs), and then uses any standard GP covariance function over these LVs. The LVs are estimated similarly to the other GP hyperparameters through maximum likelihood estimation, and then plugged into the prediction expressions. However, this plug-in approach will not account for uncertainty in estimation of the LVs, which can be significant especially with limited training data. In this work, we develop a fully Bayesian approach for the LVGP model and for visualizing the effects of the qualitative inputs via their LVs. We also develop approximations for scaling up LVGPs and fully Bayesian inference for the LVGP hyperparameters. We conduct numerical studies comparing plug-in inference against fully Bayesian inference over a few engineering models and material design applications. In contrast to previous studies on standard GP modeling that have largely concluded that a fully Bayesian treatment offers limited improvements, our results show that for LVGP modeling it offers significant improvements in prediction accuracy and uncertainty quantification over the plug-in approach.