对网络规模数据进行培训可能需要几个月的时间。但是，在已经学习或不可学习的冗余和嘈杂点上浪费了很多计算和时间。为了加速训练，我们引入了可减少的持有损失选择（Rho-loss），这是一种简单但原则上的技术，它大致选择了这些训练点，最大程度地减少了模型的概括损失。结果，Rho-loss减轻了现有数据选择方法的弱点：优化文献中的技术通常选择“硬损失”（例如，高损失），但是这种点通常是嘈杂的（不可学习）或更少的任务与任务相关。相反，课程学习优先考虑“简单”的积分，但是一旦学习，就不必对这些要点进行培训。相比之下，Rho-Loss选择了可以学习的点，值得学习的，尚未学习。与先前的艺术相比，Rho-loss火车的步骤要少得多，可以提高准确性，并加快对广泛的数据集，超参数和体系结构（MLP，CNNS和BERT）的培训。在大型Web绑带图像数据集服装1M上，与统一的数据改组相比，步骤少18倍，最终精度的速度少2％。

基准测试对于人工智能（AI）的衡量和转向进步至关重要。但是，最近的研究引起了人们对AI基准测试状态的关注，报告了基准过度拟合，基准测试饱和度以及基准数据集创建的集中化等问题。为了促进监测AI基准测试生态系统的健康状况，我们介绍了创建基准创建和饱和全球动力学的凝结图的方法。我们策划了1688个基准测试的数据，涵盖了计算机视觉和自然语言处理的整个领域，并表明很大一部分基准迅速趋向于近乎饱和，许多基准无法找到广泛的利用，并且基准为不同AI的基准性能增长任务容易出现不可预见的爆发。我们分析与基准流行相关的属性，并得出结论，未来的基准应该强调多功能性，广度和现实世界实用程序。

当图像分类器输出错误的类标签时，可以有助于查看图像中的更改会导致正确的分类。这是产生反事实解释的算法。但是，没有易于可扩展的方法来产生这种反应性。我们开发了一种新的算法，为以低计算成本训练的大图像分类器提供了反事实解释。我们经验与文献中的基线进行了对该算法的比较;我们的小说算法一致地找到了更接近原始输入的反事实。与此同时，这些反事实的现实主义与基线相当。所有实验的代码都可以在https://github.com/benedikthoeltgen/deduce提供。

我们介绍了Goldilocks Selection，这是一种用于更快的模型训练的技术，该技术选择了一系列“恰到好处”的训练点。我们提出了一个信息理论采集函数 - 可还原验证损失 - 并使用小的代理模型-GoldiProx进行计算，以有效地选择培训点，以最大程度地提高有关验证集的信息。我们表明，通常在优化文献中选择的“硬”（例如高损失）点通常是嘈杂的，而“简单”（例如低噪声）样本通常优先考虑课程学习提供更少的信息。此外，具有不确定标签的点（通常是由主动学习的目标）往往与任务相关。相比之下，Goldilocks选择选择了“恰到好处”的点，并且从经验上优于上述方法。此外，选定的序列可以转移到其他体系结构。从业者可以共享并重复使用它，而无需重新创建它。

Modeling lies at the core of both the financial and the insurance industry for a wide variety of tasks. The rise and development of machine learning and deep learning models have created many opportunities to improve our modeling toolbox. Breakthroughs in these fields often come with the requirement of large amounts of data. Such large datasets are often not publicly available in finance and insurance, mainly due to privacy and ethics concerns. This lack of data is currently one of the main hurdles in developing better models. One possible option to alleviating this issue is generative modeling. Generative models are capable of simulating fake but realistic-looking data, also referred to as synthetic data, that can be shared more freely. Generative Adversarial Networks (GANs) is such a model that increases our capacity to fit very high-dimensional distributions of data. While research on GANs is an active topic in fields like computer vision, they have found limited adoption within the human sciences, like economics and insurance. Reason for this is that in these fields, most questions are inherently about identification of causal effects, while to this day neural networks, which are at the center of the GAN framework, focus mostly on high-dimensional correlations. In this paper we study the causal preservation capabilities of GANs and whether the produced synthetic data can reliably be used to answer causal questions. This is done by performing causal analyses on the synthetic data, produced by a GAN, with increasingly more lenient assumptions. We consider the cross-sectional case, the time series case and the case with a complete structural model. It is shown that in the simple cross-sectional scenario where correlation equals causation the GAN preserves causality, but that challenges arise for more advanced analyses.

Deep learning models are known to put the privacy of their training data at risk, which poses challenges for their safe and ethical release to the public. Differentially private stochastic gradient descent is the de facto standard for training neural networks without leaking sensitive information about the training data. However, applying it to models for graph-structured data poses a novel challenge: unlike with i.i.d. data, sensitive information about a node in a graph cannot only leak through its gradients, but also through the gradients of all nodes within a larger neighborhood. In practice, this limits privacy-preserving deep learning on graphs to very shallow graph neural networks. We propose to solve this issue by training graph neural networks on disjoint subgraphs of a given training graph. We develop three random-walk-based methods for generating such disjoint subgraphs and perform a careful analysis of the data-generating distributions to provide strong privacy guarantees. Through extensive experiments, we show that our method greatly outperforms the state-of-the-art baseline on three large graphs, and matches or outperforms it on four smaller ones.

Data-driven models such as neural networks are being applied more and more to safety-critical applications, such as the modeling and control of cyber-physical systems. Despite the flexibility of the approach, there are still concerns about the safety of these models in this context, as well as the need for large amounts of potentially expensive data. In particular, when long-term predictions are needed or frequent measurements are not available, the open-loop stability of the model becomes important. However, it is difficult to make such guarantees for complex black-box models such as neural networks, and prior work has shown that model stability is indeed an issue. In this work, we consider an aluminum extraction process where measurements of the internal state of the reactor are time-consuming and expensive. We model the process using neural networks and investigate the role of including skip connections in the network architecture as well as using l1 regularization to induce sparse connection weights. We demonstrate that these measures can greatly improve both the accuracy and the stability of the models for datasets of varying sizes.

Machine learning models are typically evaluated by computing similarity with reference annotations and trained by maximizing similarity with such. Especially in the bio-medical domain, annotations are subjective and suffer from low inter- and intra-rater reliability. Since annotations only reflect the annotation entity's interpretation of the real world, this can lead to sub-optimal predictions even though the model achieves high similarity scores. Here, the theoretical concept of Peak Ground Truth (PGT) is introduced. PGT marks the point beyond which an increase in similarity with the reference annotation stops translating to better Real World Model Performance (RWMP). Additionally, a quantitative technique to approximate PGT by computing inter- and intra-rater reliability is proposed. Finally, three categories of PGT-aware strategies to evaluate and improve model performance are reviewed.

Explainable AI transforms opaque decision strategies of ML models into explanations that are interpretable by the user, for example, identifying the contribution of each input feature to the prediction at hand. Such explanations, however, entangle the potentially multiple factors that enter into the overall complex decision strategy. We propose to disentangle explanations by finding relevant subspaces in activation space that can be mapped to more abstract human-understandable concepts and enable a joint attribution on concepts and input features. To automatically extract the desired representation, we propose new subspace analysis formulations that extend the principle of PCA and subspace analysis to explanations. These novel analyses, which we call principal relevant component analysis (PRCA) and disentangled relevant subspace analysis (DRSA), optimize relevance of projected activations rather than the more traditional variance or kurtosis. This enables a much stronger focus on subspaces that are truly relevant for the prediction and the explanation, in particular, ignoring activations or concepts to which the prediction model is invariant. Our approach is general enough to work alongside common attribution techniques such as Shapley Value, Integrated Gradients, or LRP. Our proposed methods show to be practically useful and compare favorably to the state of the art as demonstrated on benchmarks and three use cases.

Cybercriminals are moving towards zero-day attacks affecting resource-constrained devices such as single-board computers (SBC). Assuming that perfect security is unrealistic, Moving Target Defense (MTD) is a promising approach to mitigate attacks by dynamically altering target attack surfaces. Still, selecting suitable MTD techniques for zero-day attacks is an open challenge. Reinforcement Learning (RL) could be an effective approach to optimize the MTD selection through trial and error, but the literature fails when i) evaluating the performance of RL and MTD solutions in real-world scenarios, ii) studying whether behavioral fingerprinting is suitable for representing SBC's states, and iii) calculating the consumption of resources in SBC. To improve these limitations, the work at hand proposes an online RL-based framework to learn the correct MTD mechanisms mitigating heterogeneous zero-day attacks in SBC. The framework considers behavioral fingerprinting to represent SBCs' states and RL to learn MTD techniques that mitigate each malicious state. It has been deployed on a real IoT crowdsensing scenario with a Raspberry Pi acting as a spectrum sensor. More in detail, the Raspberry Pi has been infected with different samples of command and control malware, rootkits, and ransomware to later select between four existing MTD techniques. A set of experiments demonstrated the suitability of the framework to learn proper MTD techniques mitigating all attacks (except a harmfulness rootkit) while consuming <1 MB of storage and utilizing <55% CPU and <80% RAM.