Online personalized recommendation services are generally hosted in the cloud where users query the cloud-based model to receive recommended input such as merchandise of interest or news feed. State-of-the-art recommendation models rely on sparse and dense features to represent users' profile information and the items they interact with. Although sparse features account for 99% of the total model size, there was not enough attention paid to the potential information leakage through sparse features. These sparse features are employed to track users' behavior, e.g., their click history, object interactions, etc., potentially carrying each user's private information. Sparse features are represented as learned embedding vectors that are stored in large tables, and personalized recommendation is performed by using a specific user's sparse feature to index through the tables. Even with recently-proposed methods that hides the computation happening in the cloud, an attacker in the cloud may be able to still track the access patterns to the embedding tables. This paper explores the private information that may be learned by tracking a recommendation model's sparse feature access patterns. We first characterize the types of attacks that can be carried out on sparse features in recommendation models in an untrusted cloud, followed by a demonstration of how each of these attacks leads to extracting users' private information or tracking users by their behavior over time.

拆分学习和推理建议运行跨客户设备和云的大型模型的培训/推理。但是，这样的模型拆分引起了隐私问题，因为流过拆分层的激活可能会泄漏有关客户端私人输入数据的信息。当前，没有一个好方法可以量化通过分层泄漏多少私人信息，也没有一种将隐私提高到所需级别的好方法。在这项工作中，我们建议将Fisher信息用作隐私指标来衡量和控制信息泄漏。我们表明，Fisher信息可以直观地理解以无偏重建攻击者的限制的错误形式通过拆分层泄漏了多少私人信息。然后，我们提出了一种增强隐私的技术REFIL，可以在拆分层上强制使用用户呈现的Fisher信息泄漏，以实现高隐私，同时保持合理的实用程序。

联合学习（FL）旨在对多个数据所有者持有的分布式数据执行隐私的机器学习。为此，FL要求数据所有者在本地执行培训，并与中央服务器共享梯度更新（而不是私人输入），然后将其安全地汇总在多个数据所有者上。尽管汇总本身并不能证明提供隐私保护，但先前的工作表明，如果批处理大小足够大，则足够了。在本文中，我们提出了鸡尾酒会攻击（CPA），与先前的信念相反，能够从汇总的渐变中恢复私人输入，这是批量较大的大小。 CPA利用了至关重要的见解，即来自完全连接的层的总梯度是其输入的线性组合，这使我们将梯度反演作为盲源分离（BSS）问题（非正式地称为鸡尾酒会问题）。我们适应独立的组件分析（ICA） - BSS问题的经典解决方案 - 恢复针对完全连接和卷积网络的私人输入，并表明CPA明显优于先前的梯度反转攻击，对成像网的输入量表，并表现出Imagenet大小的输入的范围最高可达1024的大批量。

神经网络稳健性近年来已成为机器学习中的核心主题。大多数培训算法，提高模型对抗对抗和共同腐败的鲁棒性也引入了大的计算开销，需要向前和后向往的数量和后向往的多达十倍以便收敛。为了打击这种低效率，我们提出了Bullettrain $ - $界限示例挖掘技术，以大大降低强大培训的计算成本。我们的主要观察是，只有一小部分的例子是有利于改善稳健性的有益。Bullettrain动态预测了这些重要的例子，并优化了强大的培训算法，专注于重要例子。我们将技术应用于几个现有的强大培训算法，在CiFar-10和Cifar-10-C和CiFar上的Augmix上获得了2.1美元\ Times $ 10.7 $ \ times $ Scase-Up。100-C没有任何清洁和稳健的准确性。

With an ever-growing number of parameters defining increasingly complex networks, Deep Learning has led to several breakthroughs surpassing human performance. As a result, data movement for these millions of model parameters causes a growing imbalance known as the memory wall. Neuromorphic computing is an emerging paradigm that confronts this imbalance by performing computations directly in analog memories. On the software side, the sequential Backpropagation algorithm prevents efficient parallelization and thus fast convergence. A novel method, Direct Feedback Alignment, resolves inherent layer dependencies by directly passing the error from the output to each layer. At the intersection of hardware/software co-design, there is a demand for developing algorithms that are tolerable to hardware nonidealities. Therefore, this work explores the interrelationship of implementing bio-plausible learning in-situ on neuromorphic hardware, emphasizing energy, area, and latency constraints. Using the benchmarking framework DNN+NeuroSim, we investigate the impact of hardware nonidealities and quantization on algorithm performance, as well as how network topologies and algorithm-level design choices can scale latency, energy and area consumption of a chip. To the best of our knowledge, this work is the first to compare the impact of different learning algorithms on Compute-In-Memory-based hardware and vice versa. The best results achieved for accuracy remain Backpropagation-based, notably when facing hardware imperfections. Direct Feedback Alignment, on the other hand, allows for significant speedup due to parallelization, reducing training time by a factor approaching N for N-layered networks.

The SINDy algorithm has been successfully used to identify the governing equations of dynamical systems from time series data. In this paper, we argue that this makes SINDy a potentially useful tool for causal discovery and that existing tools for causal discovery can be used to dramatically improve the performance of SINDy as tool for robust sparse modeling and system identification. We then demonstrate empirically that augmenting the SINDy algorithm with tools from causal discovery can provides engineers with a tool for learning causally robust governing equations.

When testing conditions differ from those represented in training data, so-called out-of-distribution (OOD) inputs can mar the reliability of black-box learned components in the modern robot autonomy stack. Therefore, coping with OOD data is an important challenge on the path towards trustworthy learning-enabled open-world autonomy. In this paper, we aim to demystify the topic of OOD data and its associated challenges in the context of data-driven robotic systems, drawing connections to emerging paradigms in the ML community that study the effect of OOD data on learned models in isolation. We argue that as roboticists, we should reason about the overall system-level competence of a robot as it performs tasks in OOD conditions. We highlight key research questions around this system-level view of OOD problems to guide future research toward safe and reliable learning-enabled autonomy.

The success of deep learning is largely due to the availability of large amounts of training data that cover a wide range of examples of a particular concept or meaning. In the field of medicine, having a diverse set of training data on a particular disease can lead to the development of a model that is able to accurately predict the disease. However, despite the potential benefits, there have not been significant advances in image-based diagnosis due to a lack of high-quality annotated data. This article highlights the importance of using a data-centric approach to improve the quality of data representations, particularly in cases where the available data is limited. To address this "small-data" issue, we discuss four methods for generating and aggregating training data: data augmentation, transfer learning, federated learning, and GANs (generative adversarial networks). We also propose the use of knowledge-guided GANs to incorporate domain knowledge in the training data generation process. With the recent progress in large pre-trained language models, we believe it is possible to acquire high-quality knowledge that can be used to improve the effectiveness of knowledge-guided generative methods.

Object detection models commonly deployed on uncrewed aerial systems (UAS) focus on identifying objects in the visible spectrum using Red-Green-Blue (RGB) imagery. However, there is growing interest in fusing RGB with thermal long wave infrared (LWIR) images to increase the performance of object detection machine learning (ML) models. Currently LWIR ML models have received less research attention, especially for both ground- and air-based platforms, leading to a lack of baseline performance metrics evaluating LWIR, RGB and LWIR-RGB fused object detection models. Therefore, this research contributes such quantitative metrics to the literature .The results found that the ground-based blended RGB-LWIR model exhibited superior performance compared to the RGB or LWIR approaches, achieving a mAP of 98.4%. Additionally, the blended RGB-LWIR model was also the only object detection model to work in both day and night conditions, providing superior operational capabilities. This research additionally contributes a novel labelled training dataset of 12,600 images for RGB, LWIR, and RGB-LWIR fused imagery, collected from ground-based and air-based platforms, enabling further multispectral machine-driven object detection research.

We present an update on the current architecture of the Zoea knowledge-based, Composable Inductive Programming system. The Zoea compiler is built using a modern variant of the black-board architecture. Zoea integrates a large number of knowledge sources that encode different aspects of programming language and software development expertise. We describe the use of synthetic test cases as a ubiquitous form of knowledge and hypothesis representation that sup-ports a variety of reasoning strategies. Some future plans are also outlined.