在过去的几十年里，机器和深度学习界在挑战性的任务中庆祝了巨大成就，如图像分类。人工神经网络的深度建筑与可用数据的宽度一起使得可以描述高度复杂的关系。然而，仍然不可能完全捕捉深度学习模型已经了解到的深度学习模型并验证它公平，而不会产生偏见，特别是在临界任务中，例如在医学领域产生的问题。这样的任务的一个示例是检测面部图像中的不同面部表情，称为动作单位。考虑到这项特定任务，我们的研究旨在为偏见提供透明度，具体与性别和肤色有关。我们训练一个神经网络进行动作单位分类，并根据其准确性和基于热量的定性分析其性能。对我们的结果的结构化审查表明我们能够检测到偏见。尽管我们不能从我们的结果得出结论，但较低的分类表现完全来自性别和肤色偏差，这些偏差必须得到解决，这就是为什么我们通过提出关于如何避免检测到的偏差的建议。

Many real-world applications of language models (LMs), such as code autocomplete and writing assistance, involve human-LM interaction, but the main LM benchmarks are non-interactive, where a system produces output without human intervention. To evaluate human-LM interaction, we develop a framework, Human-AI Language-based Interaction Evaluation (H-LINE), that expands non-interactive evaluation along three dimensions, capturing (i) the interactive process, not only the final output; (ii) the first-person subjective experience, not just a third-party assessment; and (iii) notions of preference beyond quality. We then design five tasks ranging from goal-oriented to open-ended to capture different forms of interaction. On four state-of-the-art LMs (three variants of OpenAI's GPT-3 and AI21's J1-Jumbo), we find that non-interactive performance does not always result in better human-LM interaction and that first-person and third-party metrics can diverge, suggesting the importance of examining the nuances of human-LM interaction.

With the rise of AI in recent years and the increase in complexity of the models, the growing demand in computational resources is starting to pose a significant challenge. The need for higher compute power is being met with increasingly more potent accelerators and the use of large compute clusters. However, the gain in prediction accuracy from large models trained on distributed and accelerated systems comes at the price of a substantial increase in energy demand, and researchers have started questioning the environmental friendliness of such AI methods at scale. Consequently, energy efficiency plays an important role for AI model developers and infrastructure operators alike. The energy consumption of AI workloads depends on the model implementation and the utilized hardware. Therefore, accurate measurements of the power draw of AI workflows on different types of compute nodes is key to algorithmic improvements and the design of future compute clusters and hardware. To this end, we present measurements of the energy consumption of two typical applications of deep learning models on different types of compute nodes. Our results indicate that 1. deriving energy consumption directly from runtime is not accurate, but the consumption of the compute node needs to be considered regarding its composition; 2. neglecting accelerator hardware on mixed nodes results in overproportional inefficiency regarding energy consumption; 3. energy consumption of model training and inference should be considered separately - while training on GPUs outperforms all other node types regarding both runtime and energy consumption, inference on CPU nodes can be comparably efficient. One advantage of our approach is that the information on energy consumption is available to all users of the supercomputer, enabling an easy transfer to other workloads alongside a raise in user-awareness of energy consumption.

Federated Learning (FL) is a scheme for collaboratively training Deep Neural Networks (DNNs) with multiple data sources from different clients. Instead of sharing the data, each client trains the model locally, resulting in improved privacy. However, recently so-called targeted poisoning attacks have been proposed that allow individual clients to inject a backdoor into the trained model. Existing defenses against these backdoor attacks either rely on techniques like Differential Privacy to mitigate the backdoor, or analyze the weights of the individual models and apply outlier detection methods that restricts these defenses to certain data distributions. However, adding noise to the models' parameters or excluding benign outliers might also reduce the accuracy of the collaboratively trained model. Additionally, allowing the server to inspect the clients' models creates a privacy risk due to existing knowledge extraction methods. We propose CrowdGuard, a model filtering defense, that mitigates backdoor attacks by leveraging the clients' data to analyze the individual models before the aggregation. To prevent data leaks, the server sends the individual models to secure enclaves, running in client-located Trusted Execution Environments. To effectively distinguish benign and poisoned models, even if the data of different clients are not independently and identically distributed (non-IID), we introduce a novel metric called HLBIM to analyze the outputs of the DNN's hidden layers. We show that the applied significance-based detection algorithm combined can effectively detect poisoned models, even in non-IID scenarios. We show in our extensive evaluation that CrowdGuard can effectively mitigate targeted poisoning attacks and achieve in various scenarios a True-Positive-Rate of 100% and a True-Negative-Rate of 100%.

传统上，无监督的情感分析是通过计算存储在情感词典中的文本中的这些词，然后根据注册正面和否定词的比例分配标签的文字来执行的。尽管这些“计数”方法被认为是有益的，因为它们确定性地对文本进行评分，但当分析的文本简短或词汇与词典认为默认值的情况不同时，它们的分类率降低。本文提出的称为LEX2SENT的模型是一种无监督的情感分析方法，用于改善情感词典方法的分类。为此，对DOC2VEC模型进行了训练，以确定嵌入文档嵌入与情感词典正面和负部分的嵌入之间的距离。然后对这些距离进行评估，以在重新采样文档上多次执行DOC2VEC，并进行平均以执行分类任务。对于本文考虑的三个基准数据集，拟议的LEX2SENT优于每个评估的词典，包括Vader等最先进的词典或分类率的意见词典。

最近一年带来了电动汽车（EV）和相关基础设施/通信的大幅进步。入侵检测系统（ID）被广泛部署在此类关键基础架构中的异常检测。本文提出了一个可解释的异常检测系统（RX-ADS），用于在电动汽车中的CAN协议中进行入侵检测。贡献包括：1）基于窗口的特征提取方法； 2）基于深度自动编码器的异常检测方法； 3）基于对抗机器学习的解释生成方法。在两个基准CAN数据集上测试了提出的方法：OTID和汽车黑客。将RX-ADS的异常检测性能与这些数据集的最新方法进行了比较：HID和GID。 RX-ADS方法提出的性能与HIDS方法（OTIDS数据集）相当，并且具有超出HID和GID方法（CAR HACKING DATASET）的表现。此外，所提出的方法能够为因各种侵入而引起的异常行为产生解释。这些解释后来通过域专家使用的信息来检测异常来验证。 RX-ADS的其他优点包括：1）该方法可以在未标记的数据上进行培训； 2）解释有助于专家理解异常和根课程分析，并有助于AI模型调试和诊断，最终改善了对AI系统的用户信任。

鉴于HEP研究的核心，数据科学（DS）和机器学习（ML）在高能量物理学（HEP）中的作用增长良好和相关。此外，利用物理数据固有的对称性激发了物理信息的ML作为计算机科学研究的充满活力的子场。 HEP研究人员从广泛使用的材料中受益匪浅，可用于教育，培训和劳动力开发。他们还为这些材料做出了贡献，并为DS/ML相关的字段提供软件。物理部门越来越多地在DS，ML和物理学的交集上提供课程，通常使用HEP研究人员开发的课程，并涉及HEP中使用的开放软件和数据。在这份白皮书中，我们探讨了HEP研究与DS/ML教育之间的协同作用，讨论了此交叉路口的机会和挑战，并提出了将是互惠互利的社区活动。

磁共振成像（MRI）是中风成像的中心方式。它被用来接受患者的治疗决定，例如选择患者进行静脉溶栓或血管内治疗。随后在住院期间使用MRI来通过可视化梗塞核心大小和位置来预测结果。此外，它可以用来表征中风病因，例如（心脏） - 栓塞和非胚胎中风之间的区分。基于计算机的自动医疗图像处理越来越多地进入临床常规。缺血性中风病变分割（ISLE）挑战的先前迭代有助于生成鉴定急性和急性缺血性中风病变分割的基准方法。在这里，我们介绍了一个专家注册的多中心MRI数据集，以分割急性到亚急性中风病变。该数据集包括400个多供应商MRI案例，中风病变大小，数量和位置的可变性很高。它分为n = 250的训练数据集和n = 150的测试数据集。所有培训数据将公开可用。测试数据集将仅用于模型验证，并且不会向公众发布。该数据集是Isles 2022挑战的基础，目的是找到算法方法，以实现缺血性中风的稳健和准确分割算法的开发和基准测试。

Foundation Models (FMs) are models trained on large corpora of data that, at very large scale, can generalize to new tasks without any task-specific finetuning. As these models continue to grow in size, innovations continue to push the boundaries of what these models can do on language and image tasks. This paper aims to understand an underexplored area of FMs: classical data tasks like cleaning and integration. As a proof-of-concept, we cast five data cleaning and integration tasks as prompting tasks and evaluate the performance of FMs on these tasks. We find that large FMs generalize and achieve SoTA performance on data cleaning and integration tasks, even though they are not trained for these data tasks. We identify specific research challenges and opportunities that these models present, including challenges with private and domain specific data, and opportunities to make data management systems more accessible to non-experts. We make our code and experiments publicly available at: https://github.com/HazyResearch/fm_data_tasks.

联合学习（FL）允许多个客户端在私人数据上协作训练神经网络（NN）模型，而不会显示数据。最近，已经介绍了针对FL的几种针对性的中毒攻击。这些攻击将后门注入到所产生的模型中，允许对抗控制的输入被错误分类。抵抗后门攻击的现有对策效率低，并且通常仅旨在排除偏离聚合的偏离模型。然而，这种方法还删除了具有偏离数据分布的客户端的良性模型，导致聚合模型对这些客户端执行不佳。为了解决这个问题，我们提出了一种深入的模型过滤方法，用于减轻后门攻击。它基于三种新颖的技术，允许表征用于培训模型更新的数据的分布，并寻求测量NNS内部结构和输出中的细粒度差异。使用这些技术，DeepSight可以识别可疑的模型更新。我们还开发了一种可以准确集群模型更新的方案。结合两个组件的结果，DeepSight能够识别和消除含有高攻击模型的模型集群，具有高攻击影响。我们还表明，可以通过现有的基于重量剪切的防御能力减轻可能未被发现的中毒模型的后门贡献。我们评估了深度的性能和有效性，并表明它可以减轻最先进的后门攻击，对模型对良性数据的性能的影响忽略不计。