Deep neural networks have strong capabilities of memorizing the underlying training data, which can be a serious privacy concern. An effective solution to this problem is to train models with differential privacy, which provides rigorous privacy guarantees by injecting random noise to the gradients. This paper focuses on the scenario where sensitive data are distributed among multiple participants, who jointly train a model through federated learning (FL), using both secure multiparty computation (MPC) to ensure the confidentiality of each gradient update, and differential privacy to avoid data leakage in the resulting model. A major challenge in this setting is that common mechanisms for enforcing DP in deep learning, which inject real-valued noise, are fundamentally incompatible with MPC, which exchanges finite-field integers among the participants. Consequently, most existing DP mechanisms require rather high noise levels, leading to poor model utility. Motivated by this, we propose Skellam mixture mechanism (SMM), an approach to enforce DP on models built via FL. Compared to existing methods, SMM eliminates the assumption that the input gradients must be integer-valued, and, thus, reduces the amount of noise injected to preserve DP. Further, SMM allows tight privacy accounting due to the nice composition and sub-sampling properties of the Skellam distribution, which are key to accurate deep learning with DP. The theoretical analysis of SMM is highly non-trivial, especially considering (i) the complicated math of differentially private deep learning in general and (ii) the fact that the mixture of two Skellam distributions is rather complex, and to our knowledge, has not been studied in the DP literature. Extensive experiments on various practical settings demonstrate that SMM consistently and significantly outperforms existing solutions in terms of the utility of the resulting model.

Data-driven modeling has become a key building block in computational science and engineering. However, data that are available in science and engineering are typically scarce, often polluted with noise and affected by measurement errors and other perturbations, which makes learning the dynamics of systems challenging. In this work, we propose to combine data-driven modeling via operator inference with the dynamic training via roll outs of neural ordinary differential equations. Operator inference with roll outs inherits interpretability, scalability, and structure preservation of traditional operator inference while leveraging the dynamic training via roll outs over multiple time steps to increase stability and robustness for learning from low-quality and noisy data. Numerical experiments with data describing shallow water waves and surface quasi-geostrophic dynamics demonstrate that operator inference with roll outs provides predictive models from training trajectories even if data are sampled sparsely in time and polluted with noise of up to 10%.

The 1$^{\text{st}}$ Workshop on Maritime Computer Vision (MaCVi) 2023 focused on maritime computer vision for Unmanned Aerial Vehicles (UAV) and Unmanned Surface Vehicle (USV), and organized several subchallenges in this domain: (i) UAV-based Maritime Object Detection, (ii) UAV-based Maritime Object Tracking, (iii) USV-based Maritime Obstacle Segmentation and (iv) USV-based Maritime Obstacle Detection. The subchallenges were based on the SeaDronesSee and MODS benchmarks. This report summarizes the main findings of the individual subchallenges and introduces a new benchmark, called SeaDronesSee Object Detection v2, which extends the previous benchmark by including more classes and footage. We provide statistical and qualitative analyses, and assess trends in the best-performing methodologies of over 130 submissions. The methods are summarized in the appendix. The datasets, evaluation code and the leaderboard are publicly available at https://seadronessee.cs.uni-tuebingen.de/macvi.

Large language models (LLMs) have been shown to be able to perform new tasks based on a few demonstrations or natural language instructions. While these capabilities have led to widespread adoption, most LLMs are developed by resource-rich organizations and are frequently kept from the public. As a step towards democratizing this powerful technology, we present BLOOM, a 176B-parameter open-access language model designed and built thanks to a collaboration of hundreds of researchers. BLOOM is a decoder-only Transformer language model that was trained on the ROOTS corpus, a dataset comprising hundreds of sources in 46 natural and 13 programming languages (59 in total). We find that BLOOM achieves competitive performance on a wide variety of benchmarks, with stronger results after undergoing multitask prompted finetuning. To facilitate future research and applications using LLMs, we publicly release our models and code under the Responsible AI License.

深度学习技术在图像压缩中显示出令人鼓舞的结果，并具有竞争性的比特率和图像重建质量。但是，尽管图像压缩已经朝着更高的峰值信噪比（PSNR）和每个像素（BPP）较少的位置发展，但它们对对抗图像的稳健性从未经过审议。在这项工作中，我们首次研究了图像压缩系统的鲁棒性，其中不可察觉的输入图像的扰动会导致其压缩潜在的比特率显着增加。为了表征最先进的图像压缩的鲁棒性，我们安装了白色框和黑框攻击。我们的白框攻击在比特斯流的熵估计中采用快速梯度标志方法作为比特率近似。我们提出了DCT-NET，以建筑简单性和轻量级训练为Black-Box攻击中的替代品，并实现快速的对抗性转移性，以模拟JPEG压缩。我们在六个图像压缩模型上的结果，每个模型具有六个不同的比特率质量（总共36个模型），表明它们令人惊讶地脆弱，其中白盒攻击可达到56.326X和Black-Box 1.947X BPP的变化。为了提高鲁棒性，我们提出了一种新型的压缩体系结构ractatn，它结合了注意模块和一个基本分解的熵模型，从而在对抗性攻击方面的速率延伸性能与鲁棒性之间的有希望的权衡，超过了现有的学术图像压缩机。

我们提出了一种雷达惯性内径测量的方法，其使用连续时间框架来熔断来自多个汽车雷达的熔丝测量和惯性测量单元（IMU）。不利的天气条件对雷达传感器的操作性能不同，与相机和激光器传感器不同，对雷达传感器的操作性能没有显着影响。雷达在这种情况下的鲁棒性和乘客车辆雷达的普遍普遍激励我们来看看雷达用于自我运动估计。连续时间轨迹表示不仅应用于实现异构和异步多传感器融合的框架，还应用于通过能够计算封闭形式的姿势及其衍生物来实现高效优化，并且在任何特定时间沿着弹道。我们将我们的连续时间估计与来自离散时间雷达 - 惯性内径型方法的方法进行比较，并表明我们的连续时间方法优于离散时间方法。据我们所知，这是第一次将连续时间框架应用于雷达惯性内径术。

人类开发人员可以使用网络安全缺陷生产代码。可以新兴'智能'代码完成工具有助于修复这些缺点吗？在这项工作中，我们研究了对零拍摄漏洞修复的代码（如Openai的Codex和AI21的侏罗纪J-1）使用大型语言模型（如Openai的Codex和AI21的J-1）。我们调查设计方面的挑战，提示将Coax LLMS进入生成不安全代码的修复版本。由于许多方法来短语和句法 - 具有自然语言，这很困难。通过对四个商业，黑盒子，“现成的”典型的模型进行大规模研究，以及局部训练的模型，在合成，手工制作和现实世界的安全错误场景的混合中，我们的实验表明，LLMS可以共同修复100％的综合生成和手工制作的情景，以及58％的脆弱性，在真实的开源项目中的历史错误中选择。

我们介绍了一个简单而直观的自我实施任务，自然合成异常（NSA），用于训练仅使用正常培训数据的端到端模型，以实现异常检测和定位。NSA将Poisson图像编辑整合到来自单独图像的各种尺寸的无缝混合缩放贴片。这会产生广泛的合成异常，与以前的自我监督异常检测的数据 - 启发策略相比，它们更像自然的子图像不规则。我们使用天然和医学图像评估提出的方法。我们对MVTEC AD数据集进行的实验表明，经过训练的用于本地NSA异常的模型可以很好地概括地检测现实世界中的先验未知类型的制造缺陷。我们的方法实现了97.2的总检测AUROC，优于所有以前的方法，这些方法在不使用其他数据集的情况下学习。可在https://github.com/hmsch/natural-synthetic-anomalies上获得代码。

在设计基于AI的系统中，有蓬勃发展的兴趣，以帮助人类设计计算系统，包括自动生成计算机代码的工具。这些最值得注意的是，以第一个自我描述的“Ai对程序员”，GitHub Copilot，一种在开源GitHub代码上培训的语言模型。但是，代码通常包含错误 - 因此，鉴于Copilot处理的大量未曝避代码，肯定是语言模型将从可利用的错误代码中学到。这提出了对Copilot代码捐助的安全的担忧。在这项工作中，我们系统地调查了可能导致Github CopIlot推荐不安全代码的普遍存在和条件。为了执行此分析，我们提示CopIlot在与高风险CWE相关的方案中生成代码（例如，从吉利的“前25名”列表中的方案）。我们探索了三个不同代码生成轴上的Copilot的表现 - 检查它如何表现为特定的弱点多样性，提示的多样性以及域的多样性。总共生产89个不同的Copilot方案，以完成，生产1,689个计划。其中，我们发现大约40％的脆弱。

本文提出了针对回顾性神经网络（Badnets）的新型两级防御（NNOCULICULE），该案例在响应该字段中遇到的回溯测试输入，修复了预部署和在线的BADNET。在预部署阶段，NNICULICULE与清洁验证输入的随机扰动进行检测，以部分减少后门的对抗影响。部署后，NNOCULICULE通过在原始和预先部署修补网络之间录制分歧来检测和隔离测试输入。然后培训Constcan以学习清洁验证和隔离输入之间的转换;即，它学会添加触发器来清洁验证图像。回顾验证图像以及其正确的标签用于进一步重新培训预修补程序，产生我们的最终防御。关于全面的后门攻击套件的实证评估表明，NNOCLICULE优于所有最先进的防御，以制定限制性假设，并且仅在特定的后门攻击上工作，或者在适应性攻击中失败。相比之下，NNICULICULE使得最小的假设并提供有效的防御，即使在现有防御因攻击者而导致其限制假设而导致的现有防御无效的情况下。