In this work, we devise robust and efficient learning protocols for orchestrating a Federated Learning (FL) process for the Federated Tumor Segmentation Challenge (FeTS 2022). Enabling FL for FeTS setup is challenging mainly due to data heterogeneity among collaborators and communication cost of training. To tackle these challenges, we propose Robust Learning Protocol (RoLePRO) which is a combination of server-side adaptive optimisation (e.g., server-side Adam) and judicious parameter (weights) aggregation schemes (e.g., adaptive weighted aggregation). RoLePRO takes a two-phase approach, where the first phase consists of vanilla Federated Averaging, while the second phase consists of a judicious aggregation scheme that uses a sophisticated reweighting, all in the presence of an adaptive optimisation algorithm at the server. We draw insights from extensive experimentation to tune learning rates for the two phases.

由于隐私立法赋予用户有权被遗忘的权利，因此使模型忘记其某些培训数据已经成为必不可少的。我们探讨了删除任何客户在联邦学习（FL）中的贡献的问题。在FL回合中，每个客户都进行本地培训，以学习一个模型，以最大程度地减少其私人数据的经验损失。我们建议通过逆转学习过程，即训练模型\ emph {最大化}局部经验损失来对客户（将要删除）进行学习。 In particular, we formulate the unlearning problem as a constrained maximization problem by restricting to an $\ell_2$-norm ball around a suitably chosen reference model to help retain some knowledge learnt from the other clients' data.这使客户可以使用投影的梯度下降来执行学习。该方法确实不需要全局访问用于培训的数据，也不需要由聚合器（服务器）或任何客户端存​​储的参数更新历史记录。 MNIST数据集的实验表明，所提出的未学习方法是有效的。

Machine Unering是指删除培训数据子集的任务，从而删除其对训练有素的模型的贡献。近似学习是该任务的一类方法，避免了需要在保留数据上从头开始重新研究模型。贝叶斯的规则可用于将近似学习作为推理问题，其中目的是通过划分删除数据的可能性来获得更新后的后部。但是，这有自己的挑战集，因为人们通常无法访问模型参数的确切后验。在这项工作中，我们检查了拉普拉斯近似和变异推理的使用以获得更新的后验。通过对指导示例进行回归任务的神经网络培训，我们在实践场景中就贝叶斯学习的适用性进行了见解。

在联合学习（FL）中，已经开发出强大的聚合方案来防止恶意客户。许多强大的聚合方案依赖于某些数量的良性客户端存在于工人的仲裁中。当客户端可以加入WILL或基于空闲系统状态等因素时，这可能很难保证，并连接到电源和WiFi。我们解决在犯罪者可能完全恶意时，解决对抗对抗训练的保护的场景。我们模拟了一种攻击者，攻击模型将弱点插入对抗培训，使得该模型显示出明显的对抗性鲁棒性，而攻击者可以利用插入的弱点来绕过对抗性训练并强迫模型错误分类对抗性示例。我们使用抽象的解释技术来检测此类隐秘攻击并阻止损坏的模型更新。我们表明，即使对适应性攻击者，这种防御也可以保持对抗性鲁棒性。

Deep Generative Models (DGMs) are a popular class of deep learning models which find widespread use because of their ability to synthesize data from complex, high-dimensional manifolds. However, even with their increasing industrial adoption, they haven't been subject to rigorous security and privacy analysis. In this work we examine one such aspect, namely backdoor attacks on DGMs which can significantly limit the applicability of pre-trained models within a model supply chain and at the very least cause massive reputation damage for companies outsourcing DGMs form third parties. While similar attacks scenarios have been studied in the context of classical prediction models, their manifestation in DGMs hasn't received the same attention. To this end we propose novel training-time attacks which result in corrupted DGMs that synthesize regular data under normal operations and designated target outputs for inputs sampled from a trigger distribution. These attacks are based on an adversarial loss function that combines the dual objectives of attack stealth and fidelity. We systematically analyze these attacks, and show their effectiveness for a variety of approaches like Generative Adversarial Networks (GANs) and Variational Autoencoders (VAEs), as well as different data domains including images and audio. Our experiments show that - even for large-scale industry-grade DGMs (like StyleGAN) - our attacks can be mounted with only modest computational effort. We also motivate suitable defenses based on static/dynamic model and output inspections, demonstrate their usefulness, and prescribe a practical and comprehensive defense strategy that paves the way for safe usage of DGMs.

Learning classifiers using skewed or imbalanced datasets can occasionally lead to classification issues; this is a serious issue. In some cases, one class contains the majority of examples while the other, which is frequently the more important class, is nevertheless represented by a smaller proportion of examples. Using this kind of data could make many carefully designed machine-learning systems ineffective. High training fidelity was a term used to describe biases vs. all other instances of the class. The best approach to all possible remedies to this issue is typically to gain from the minority class. The article examines the most widely used methods for addressing the problem of learning with a class imbalance, including data-level, algorithm-level, hybrid, cost-sensitive learning, and deep learning, etc. including their advantages and limitations. The efficiency and performance of the classifier are assessed using a myriad of evaluation metrics.

Large language models (LLMs) have led to a series of breakthroughs in natural language processing (NLP), owing to their excellent understanding and generation abilities. Remarkably, what further sets these models apart is the massive amounts of world knowledge they internalize during pretraining. While many downstream applications provide the model with an informational context to aid its performance on the underlying task, how the model's world knowledge interacts with the factual information presented in the context remains under explored. As a desirable behavior, an LLM should give precedence to the context whenever it contains task-relevant information that conflicts with the model's memorized knowledge. This enables model predictions to be grounded in the context, which can then be used to update or correct specific model predictions without frequent retraining. By contrast, when the context is irrelevant to the task, the model should ignore it and fall back on its internal knowledge. In this paper, we undertake a first joint study of the aforementioned two properties, namely controllability and robustness, in the context of LLMs. We demonstrate that state-of-the-art T5 and PaLM (both pretrained and finetuned) could exhibit poor controllability and robustness, which do not scale with increasing model size. As a solution, we propose a novel method - Knowledge Aware FineTuning (KAFT) - to strengthen both controllability and robustness by incorporating counterfactual and irrelevant contexts to standard supervised datasets. Our comprehensive evaluation showcases the utility of KAFT across model architectures and sizes.

随着网络攻击和网络间谍活动的增长，如今需要更好，更强大的入侵检测系统（IDS）的需求更加有必要。 ID的基本任务是在检测Internet的攻击方面充当第一道防线。随着入侵者的入侵策略变得越来越复杂且难以检测，研究人员已经开始应用新颖的机器学习（ML）技术来有效地检测入侵者，从而保留互联网用户对整个互联网网络安全的信息和整体信任。在过去的十年中，基于ML和深度学习（DL）架构的侵入检测技术的爆炸激增，这些架构在各种基于网络安全的数据集上，例如DARPA，KDDCUP'99，NSL-KDD，CAIDA，CAIDA，CTU--- 13，UNSW-NB15。在这项研究中，我们回顾了当代文献，并提供了对不同类型的入侵检测技术的全面调查，该技术将支持向量机（SVMS）算法作为分类器。我们仅专注于在网络安全中对两个最广泛使用的数据集进行评估的研究，即KDDCUP'99和NSL-KDD数据集。我们提供了每种方法的摘要，确定了SVMS分类器的作用以及研究中涉及的所有其他算法。此外，我们以表格形式对每种方法进行了批判性综述，突出了所调查的每种方法的性能指标，优势和局限性。

半监督域适应性（SSDA）中的主要挑战之一是标记源和目标样本数量之间的偏差比，导致该模型偏向源域。 SSDA中的最新作品表明，仅将标记的目标样品与源样本对齐可能导致目标域与源域的不完全域对齐。在我们的方法中，为了使两个域对齐，我们利用对比的损失，使用来自两个域的监督样本学习语义上有意义的域不可知特征空间。为了减轻偏斜标签比率引起的挑战，我们通过将其特征表示形式与来自源和目标域的标记样品的特征表示形式进行比较，为未标记的目标样本进行了伪造。此外，为了增加目标域的支持，在训练过程中，这些潜在的嘈杂的伪标签逐渐被逐渐注入标记的目标数据集中。具体而言，我们使用温度缩放的余弦相似性度量将软伪标签分配给未标记的目标样品。此外，我们计算每个未标记样品的软伪标签的指数移动平均值。这些伪标签逐渐注入或删除）（从）基于置信阈值（以补充源和目标分布的比对）（从）中（从）中。最后，我们在标记和伪标记的数据集上使用有监督的对比损失来对齐源和目标分布。使用我们提出的方法，我们在SSDA基准测试中展示了最先进的性能-Office-Home，Domainnet和Office-31。

大型预估计模型（例如GPT-3）取得了显着的性能，在训练过程中暴露于大量数据上。类似地，将如此大型模型提炼成紧凑的模型以进行有效的部署，也需要大量（标记或未标记的）培训数据。在本文中，我们提出了培训高质量紧凑型模型的教师指导培训（TGT）框架，该模型利用了预验证的生成模型获得的知识，同时避免了大量数据的需求。 TGT利用了教师获得基础数据域的良好表示的事实，该事实通常对应于比输入空间要低得多的尺寸歧管。此外，我们可以使用老师通过采样或基于梯度的方法来更有效地探索输入空间。因此，使TGT对于有限的数据或长尾设置特别有吸引力。我们正式在我们的概括范围内正式捕获了所提出的数据域探索的好处。我们发现TGT可以提高几个图像分类基准以及一系列文本分类和检索任务的准确性。