由于存在对抗性攻击，因此在安全至关重要系统中使用神经网络需要安全，可靠的模型。了解任何输入X的最小对抗扰动，或等效地知道X与分类边界的距离，可以评估分类鲁棒性，从而提供可认证的预测。不幸的是，计算此类距离的最新技术在计算上很昂贵，因此不适合在线应用程序。这项工作提出了一个新型的分类器家族，即签名的距离分类器（SDC），从理论的角度来看，它直接输出X与分类边界的确切距离，而不是概率分数（例如SoftMax）。 SDC代表一个强大的设计分类器家庭。为了实际解决SDC的理论要求，提出了一种名为Unitary级别神经网络的新型网络体系结构。实验结果表明，所提出的体系结构近似于签名的距离分类器，因此允许以单个推断为代价对X进行在线认证分类。

对抗性示例代表了对几个应用程序域中深层神经网络的严重威胁，并且已经产生了大量工作来调查它们并减轻其效果。然而，没有太多的工作专门用于专门设计的数据集来评估神经模型的对抗性鲁棒性。本文介绍了Carla-Gear，这是一种自动生成照片真实合成数据集的工具，可用于系统评估神经模型的对抗性鲁棒性，以防止身体对抗斑块，并比较不同的对抗防御的性能/检测方法。该工具是在Carla模拟器上构建的，使用其Python API，并允许在自动驾驶的背景下生成有关几个视觉任务的数据集。生成的数据集中包含的对抗贴片连接到广告牌或卡车的背面，并通过使用最先进的白色盒子攻击策略来制作，以最大程度地提高测试模型的预测错误。最后，本文提出了一项实验研究，以评估某些防御方法针对此类攻击的性能，以表明如何在将来的工作中使用Carla-Gear生成的数据集作为现实世界中对抗性防御的基准。本文中使用的所有代码和数据集可在http://carlagear.retis.santannapisa.it上获得。

这项工作提出了Z-Mask，这是一种强大而有效的策略，旨在改善卷积网络的对抗性鲁棒性，以防止具有物理变化的对抗性攻击。提出的防御依赖于对内部网络特征进行的特定Z分析分析来检测和掩盖与输入图像中对抗对象相对应的像素。为此，在浅层和深层中检查了空间连续的激活，以暗示潜在的对抗区域。然后，通过多端保留机制汇总此类建议。通过对语义分割和对象检测进行的模型进行了广泛的实验，评估了Z面具的有效性。评估均使用两个数字补丁添加到现实世界中的输入图像和印刷补丁。获得的结果证实，就检测准确性和在攻击中的网络的总体性能而言，Z mask优于最先进的方法。其他实验表明，Z面具对可能的防御感知攻击也很强大。

现实世界的对抗例（通常以补丁形式）对安全关键计算机视觉任务中的深度学习模型（如在自动驾驶中的视觉感知）中使用深度学习模型构成严重威胁。本文涉及用不同类型的对抗性斑块攻击时，对语义分割模型的稳健性进行了广泛的评价，包括数字，模拟和物理。提出了一种新的损失功能，提高攻击者在诱导像素错误分类方面的能力。此外，提出了一种新的攻击策略，提高了在场景中放置补丁的转换方法的期望。最后，首先扩展用于检测对抗性补丁的最先进的方法以应对语义分割模型，然后改进以获得实时性能，并最终在现实世界场景中进行评估。实验结果表明，尽管具有数字和真实攻击的对抗效果，其影响通常在空间上限制在补丁周围的图像区域。这将打开关于实时语义分段模型的空间稳健性的进一步疑问。

尽管深度神经网络（DNN）在感知和控制任务中表现出令人难以置信的性能，但几个值得信赖的问题仍然是开放的。其中一个最讨论的主题是存在对抗扰动的存在，它在能够量化给定输入的稳健性的可提供技术上开辟了一个有趣的研究线。在这方面，来自分类边界的输入的欧几里德距离表示良好被证明的鲁棒性评估，作为最小的经济适用的逆势扰动。不幸的是，由于NN的非凸性质，计算如此距离非常复杂。尽管已经提出了几种方法来解决这个问题，但据我们所知，没有提出可证明的结果来估计和绑定承诺的错误。本文通过提出两个轻量级策略来寻找最小的对抗扰动来解决这个问题。不同于现有技术，所提出的方法允许与理论上的近似距离的误差估计理论配制。最后，据报道，据报道了大量实验来评估算法的性能并支持理论发现。所获得的结果表明，该策略近似于靠近分类边界的样品的理论距离，导致可提供对任何对抗攻击的鲁棒性保障。

机器学习算法和深度神经网络在几种感知和控制任务中的卓越性能正在推动该行业在安全关键应用中采用这种技术，作为自治机器人和自动驾驶车辆。然而，目前，需要解决几个问题，以使深入学习方法更可靠，可预测，安全，防止对抗性攻击。虽然已经提出了几种方法来提高深度神经网络的可信度，但大多数都是针对特定类的对抗示例量身定制的，因此未能检测到其他角落案件或不安全的输入，这些输入大量偏离训练样本。本文介绍了基于覆盖范式的轻量级监控架构，以增强针对不同不安全输入的模型鲁棒性。特别是，在用于评估多种检测逻辑的架构中提出并测试了四种覆盖分析方法。实验结果表明，该方法有效地检测强大的对抗性示例和分销外输入，引入有限的执行时间和内存要求。

Accurate uncertainty quantification is necessary to enhance the reliability of deep learning models in real-world applications. In the case of regression tasks, prediction intervals (PIs) should be provided along with the deterministic predictions of deep learning models. Such PIs are useful or "high-quality'' as long as they are sufficiently narrow and capture most of the probability density. In this paper, we present a method to learn prediction intervals for regression-based neural networks automatically in addition to the conventional target predictions. In particular, we train two companion neural networks: one that uses one output, the target estimate, and another that uses two outputs, the upper and lower bounds of the corresponding PI. Our main contribution is the design of a loss function for the PI-generation network that takes into account the output of the target-estimation network and has two optimization objectives: minimizing the mean prediction interval width and ensuring the PI integrity using constraints that maximize the prediction interval probability coverage implicitly. Both objectives are balanced within the loss function using a self-adaptive coefficient. Furthermore, we apply a Monte Carlo-based approach that evaluates the model uncertainty in the learned PIs. Experiments using a synthetic dataset, six benchmark datasets, and a real-world crop yield prediction dataset showed that our method was able to maintain a nominal probability coverage and produce narrower PIs without detriment to its target estimation accuracy when compared to those PIs generated by three state-of-the-art neural-network-based methods.

A quantitative assessment of the global importance of an agent in a team is as valuable as gold for strategists, decision-makers, and sports coaches. Yet, retrieving this information is not trivial since in a cooperative task it is hard to isolate the performance of an individual from the one of the whole team. Moreover, it is not always clear the relationship between the role of an agent and his personal attributes. In this work we conceive an application of the Shapley analysis for studying the contribution of both agent policies and attributes, putting them on equal footing. Since the computational complexity is NP-hard and scales exponentially with the number of participants in a transferable utility coalitional game, we resort to exploiting a-priori knowledge about the rules of the game to constrain the relations between the participants over a graph. We hence propose a method to determine a Hierarchical Knowledge Graph of agents' policies and features in a Multi-Agent System. Assuming a simulator of the system is available, the graph structure allows to exploit dynamic programming to assess the importances in a much faster way. We test the proposed approach in a proof-of-case environment deploying both hardcoded policies and policies obtained via Deep Reinforcement Learning. The proposed paradigm is less computationally demanding than trivially computing the Shapley values and provides great insight not only into the importance of an agent in a team but also into the attributes needed to deploy the policy at its best.

In recent years there has been growing attention to interpretable machine learning models which can give explanatory insights on their behavior. Thanks to their interpretability, decision trees have been intensively studied for classification tasks, and due to the remarkable advances in mixed-integer programming (MIP), various approaches have been proposed to formulate the problem of training an Optimal Classification Tree (OCT) as a MIP model. We present a novel mixed-integer quadratic formulation for the OCT problem, which exploits the generalization capabilities of Support Vector Machines for binary classification. Our model, denoted as Margin Optimal Classification Tree (MARGOT), encompasses the use of maximum margin multivariate hyperplanes nested in a binary tree structure. To enhance the interpretability of our approach, we analyse two alternative versions of MARGOT, which include feature selection constraints inducing local sparsity of the hyperplanes. First, MARGOT has been tested on non-linearly separable synthetic datasets in 2-dimensional feature space to provide a graphical representation of the maximum margin approach. Finally, the proposed models have been tested on benchmark datasets from the UCI repository. The MARGOT formulation turns out to be easier to solve than other OCT approaches, and the generated tree better generalizes on new observations. The two interpretable versions are effective in selecting the most relevant features and maintaining good prediction quality.

Hierarchical time series are common in several applied fields. Forecasts are required to be coherent, that is, to satisfy the constraints given by the hierarchy. The most popular technique to enforce coherence is called reconciliation, which adjusts the base forecasts computed for each time series. However, recent works on probabilistic reconciliation present several limitations. In this paper, we propose a new approach based on conditioning to reconcile any type of forecast distribution. We then introduce a new algorithm, called Bottom-Up Importance Sampling, to efficiently sample from the reconciled distribution. It can be used for any base forecast distribution: discrete, continuous, or in the form of samples, providing a major speedup compared to the current methods. Experiments on several temporal hierarchies show a significant improvement over base probabilistic forecasts.