Large language models are shown to present privacy risks through memorization of training data, and several recent works have studied such risks for the pre-training phase. Little attention, however, has been given to the fine-tuning phase and it is not well understood how different fine-tuning methods (such as fine-tuning the full model, the model head, and adapter) compare in terms of memorization risk. This presents increasing concern as the "pre-train and fine-tune" paradigm proliferates. In this paper, we empirically study memorization of fine-tuning methods using membership inference and extraction attacks, and show that their susceptibility to attacks is very different. We observe that fine-tuning the head of the model has the highest susceptibility to attacks, whereas fine-tuning smaller adapters appears to be less vulnerable to known extraction attacks.
translated by 谷歌翻译
The wide adoption and application of Masked language models~(MLMs) on sensitive data (from legal to medical) necessitates a thorough quantitative investigation into their privacy vulnerabilities -- to what extent do MLMs leak information about their training data? Prior attempts at measuring leakage of MLMs via membership inference attacks have been inconclusive, implying the potential robustness of MLMs to privacy attacks. In this work, we posit that prior attempts were inconclusive because they based their attack solely on the MLM's model score. We devise a stronger membership inference attack based on likelihood ratio hypothesis testing that involves an additional reference MLM to more accurately quantify the privacy risks of memorization in MLMs. We show that masked language models are extremely susceptible to likelihood ratio membership inference attacks: Our empirical results, on models trained on medical notes, show that our attack improves the AUC of prior membership inference attacks from 0.66 to an alarmingly high 0.90 level, with a significant improvement in the low-error region: at 1% false positive rate, our attack is 51X more powerful than prior work.
translated by 谷歌翻译
Topological data analysis (TDA) is a branch of computational mathematics, bridging algebraic topology and data science, that provides compact, noise-robust representations of complex structures. Deep neural networks (DNNs) learn millions of parameters associated with a series of transformations defined by the model architecture, resulting in high-dimensional, difficult-to-interpret internal representations of input data. As DNNs become more ubiquitous across multiple sectors of our society, there is increasing recognition that mathematical methods are needed to aid analysts, researchers, and practitioners in understanding and interpreting how these models' internal representations relate to the final classification. In this paper, we apply cutting edge techniques from TDA with the goal of gaining insight into the interpretability of convolutional neural networks used for image classification. We use two common TDA approaches to explore several methods for modeling hidden-layer activations as high-dimensional point clouds, and provide experimental evidence that these point clouds capture valuable structural information about the model's process. First, we demonstrate that a distance metric based on persistent homology can be used to quantify meaningful differences between layers, and we discuss these distances in the broader context of existing representational similarity metrics for neural network interpretability. Second, we show that a mapper graph can provide semantic insight into how these models organize hierarchical class knowledge at each layer. These observations demonstrate that TDA is a useful tool to help deep learning practitioners unlock the hidden structures of their models.
translated by 谷歌翻译
Duckiebots是低成本的移动机器人,在研究和教育领域广泛使用。尽管Duckietown平台有现有的自动驾驶算法,但它们要么太复杂,要么表现太差,无法导航多车道轨道。此外,必须将内存和计算资源提供给Duckiebot,以便它可以执行其他任务,例如分布式输入检测。为了满足这些约束,我们构建了一种低成本的自主驾驶算法,能够在两车道轨道上驾驶。该算法使用传统的计算机视觉技术来识别轨道上的中央车道并获得相关的转向角度。然后,转向由PID控制器控制,该PID控制器使Duckiebot的运动平滑。将算法的性能与Neurips 2018 AI驾驶奥运会(AIDO)决赛入围者进行了比较,并且除了一名决赛选手以外,它的表现优于所有球员。我们算法的两个主要贡献是其低计算要求和非常快速的设置,并持续努力使其更加可靠。
translated by 谷歌翻译
translated by 谷歌翻译
translated by 谷歌翻译
近年来,与私人数据的分散学习领域有很大进展。联合学习(FL)和分裂学习(SL)是两个拥有其优点和缺点的矛头,并分别适用于许多用户客户和大型型号。为了享受这两个好处,斯普利特这样的混合方法已经出现了迟到,但他们的基本面仍然是虚幻的。在这项工作中,我们首先识别SL的基本瓶颈,从而提出可伸缩的SL框架,被卷曲的SGLR。 SGLR下的服务器在分裂层上广播了平均的公共梯度,在没有横跨客户端的情况下仿真FL而没有任何额外的通信。同时,SGLR将学习率分解为服务器端和客户端速率,并单独调整它们以支持许多客户端。仿真结果证实了SGLR实现比其他基线SL方法更高的精度,包括分裂,这甚至是与耗能更高的能量和通信成本的影响。作为次要结果,我们通过使用SLGR通过基线通过相互信息观察更大的敏感信息泄漏。
translated by 谷歌翻译
translated by 谷歌翻译
近年来,在自然语言处理中的伯特等变压器模型越来越多地采用了越来越多的采用,甚至在计算机视觉中。然而,由于大小,在资源受限的计算环境中,在资源受限的计算环境中采用了有限的采用本文提出了通过消除冗余注意头来压缩变压器模型的新颖修剪算法。我们应用A *搜索算法,以获得最小精度保证的修剪模型。我们的结果表明,该方法可以消除BERT变压器模型中的40%的注意力头,几乎没有精确损失。
translated by 谷歌翻译
最佳决策要求分类器产生与其经验准确性一致的不确定性估计。然而,深度神经网络通常在他们的预测中受到影响或过度自信。因此,已经开发了方法,以改善培训和后HOC期间的预测性不确定性的校准。在这项工作中,我们提出了可分解的损失,以改善基于频流校准误差估计底层的钻孔操作的软(连续)版本的校准。当纳入训练时,这些软校准损耗在多个数据集中实现最先进的单一模型ECE,精度低于1%的数量。例如,我们观察到ECE的82%(相对于HOC后射出ECE 70%),以换取相对于CIFAR-100上的交叉熵基线的准确性0.7%的相对降低。在培训后结合时,基于软合成的校准误差目标会改善温度缩放,一种流行的重新校准方法。总体而言,跨损失和数据集的实验表明,使用校准敏感程序在数据集移位下产生更好的不确定性估计,而不是使用跨熵损失和后HOC重新校准方法的标准做法。
translated by 谷歌翻译