Spear Phishing is a harmful cyber-attack facing business and individuals worldwide. Considerable research has been conducted recently into the use of Machine Learning (ML) techniques to detect spear-phishing emails. ML-based solutions may suffer from zero-day attacks; unseen attacks unaccounted for in the training data. As new attacks emerge, classifiers trained on older data are unable to detect these new varieties of attacks resulting in increasingly inaccurate predictions. Spear Phishing detection also faces scalability challenges due to the growth of the required features which is proportional to the number of the senders within a receiver mailbox. This differs from traditional phishing attacks which typically perform only a binary classification between phishing and benign emails. Therefore, we devise a possible solution to these problems, named RAIDER: Reinforcement AIded Spear Phishing DEtectoR. A reinforcement-learning based feature evaluation system that can automatically find the optimum features for detecting different types of attacks. By leveraging a reward and penalty system, RAIDER allows for autonomous features selection. RAIDER also keeps the number of features to a minimum by selecting only the significant features to represent phishing emails and detect spear-phishing attacks. After extensive evaluation of RAIDER over 11,000 emails and across 3 attack scenarios, our results suggest that using reinforcement learning to automatically identify the significant features could reduce the dimensions of the required features by 55% in comparison to existing ML-based systems. It also improves the accuracy of detecting spoofing attacks by 4% from 90% to 94%. In addition, RAIDER demonstrates reasonable detection accuracy even against a sophisticated attack named Known Sender in which spear-phishing emails greatly resemble those of the impersonated sender.

Deploying machine learning models in production may allow adversaries to infer sensitive information about training data. There is a vast literature analyzing different types of inference risks, ranging from membership inference to reconstruction attacks. Inspired by the success of games (i.e., probabilistic experiments) to study security properties in cryptography, some authors describe privacy inference risks in machine learning using a similar game-based style. However, adversary capabilities and goals are often stated in subtly different ways from one presentation to the other, which makes it hard to relate and compose results. In this paper, we present a game-based framework to systematize the body of knowledge on privacy inference risks in machine learning.

A distribution inference attack aims to infer statistical properties of data used to train machine learning models. These attacks are sometimes surprisingly potent, but the factors that impact distribution inference risk are not well understood and demonstrated attacks often rely on strong and unrealistic assumptions such as full knowledge of training environments even in supposedly black-box threat scenarios. To improve understanding of distribution inference risks, we develop a new black-box attack that even outperforms the best known white-box attack in most settings. Using this new attack, we evaluate distribution inference risk while relaxing a variety of assumptions about the adversary's knowledge under black-box access, like known model architectures and label-only access. Finally, we evaluate the effectiveness of previously proposed defenses and introduce new defenses. We find that although noise-based defenses appear to be ineffective, a simple re-sampling defense can be highly effective. Code is available at https://github.com/iamgroot42/dissecting_distribution_inference

As causal inference becomes more widespread the importance of having good tools to test for causal effects increases. In this work we focus on the problem of testing for causal effects that manifest in a difference in distribution for treatment and control. We build on work applying kernel methods to causality, considering the previously introduced Counterfactual Mean Embedding framework (\textsc{CfME}). We improve on this by proposing the \emph{Doubly Robust Counterfactual Mean Embedding} (\textsc{DR-CfME}), which has better theoretical properties than its predecessor by leveraging semiparametric theory. This leads us to propose new kernel based test statistics for distributional effects which are based upon doubly robust estimators of treatment effects. We propose two test statistics, one which is a direct improvement on previous work and one which can be applied even when the support of the treatment arm is a subset of that of the control arm. We demonstrate the validity of our methods on simulated and real-world data, as well as giving an application in off-policy evaluation.

深度强化学习（DRL）是一种仅从演示和经验中学习机器人控制政策的有前途的方法。为了涵盖机器人的整个动态行为，DRL训练是通常在仿真环境中得出的主动探索过程。尽管这种模拟培训廉价且快速，但将DRL算法应用于现实世界的设置很困难。如果对代理进行训练直到它们在模拟中安全执行，则由于模拟动力学和物理机器人之间的差异引起的SIM到真实差距，将其传输到物理系统很困难。在本文中，我们提出了一种在线培训DRL代理的方法，可以使用基于模型的安全主管在实体车辆上自动驾驶。我们的解决方案使用监督系统检查代理选择的操作是安全还是不安全，并确保在车辆上始终采取安全措施。这样，我们可以在安全，快速，有效地训练DRL算法的同时绕过SIM到现实的问题。我们提供各种现实世界实验，在线培训一辆小型实体车辆，可以自动驾驶，没有事先模拟培训。评估结果表明，我们的方法在未崩溃的同时提高了样品效率的训练代理，并且受过训练的代理比在模拟中训练的代理表现出更好的驾驶性能。

ICECUBE是一种用于检测1 GEV和1 PEV之间大气和天体中微子的光学传感器的立方公斤阵列，该阵列已部署1.45 km至2.45 km的南极的冰盖表面以下1.45 km至2.45 km。来自ICE探测器的事件的分类和重建在ICeCube数据分析中起着核心作用。重建和分类事件是一个挑战，这是由于探测器的几何形状，不均匀的散射和冰中光的吸收，并且低于100 GEV的光，每个事件产生的信号光子数量相对较少。为了应对这一挑战，可以将ICECUBE事件表示为点云图形，并将图形神经网络（GNN）作为分类和重建方法。 GNN能够将中微子事件与宇宙射线背景区分开，对不同的中微子事件类型进行分类，并重建沉积的能量，方向和相互作用顶点。基于仿真，我们提供了1-100 GEV能量范围的比较与当前ICECUBE分析中使用的当前最新最大似然技术，包括已知系统不确定性的影响。对于中微子事件分类，与当前的IceCube方法相比，GNN以固定的假阳性速率（FPR）提高了信号效率的18％。另外，GNN在固定信号效率下将FPR的降低超过8（低于半百分比）。对于能源，方向和相互作用顶点的重建，与当前最大似然技术相比，分辨率平均提高了13％-20％。当在GPU上运行时，GNN能够以几乎是2.7 kHz的中位数ICECUBE触发速率的速率处理ICECUBE事件，这打开了在在线搜索瞬态事件中使用低能量中微子的可能性。

模型可以公开有关其培训数据的敏感信息。在属性推理攻击中，对手对某些培训记录有部分知识，并访问了对这些记录进行培训的模型，并渗透了这些记录敏感功能的未知值。我们研究了一种属性推理的细粒变体，我们称为\ emph {敏感值推理}，其中对手的目标是高度置信度识别一些来自候选人集的记录，其中未知属性具有特定的敏感值。我们将属性推断与捕获培训分布统计数据的数据插补进行明确比较，该数据在对对手可用的培训数据的各种假设下进行了比较。我们的主要结论是：（1）以前的属性推理方法并没有比对手可以推断出有关训练数据的训练数据的更多信息，而无需访问训练的模型，而是对培训所需的基础分布相同的知识属性推理攻击； （2）Black-Box属性推理攻击很少学习没有模型的任何东西；但是（3）我们在论文中介绍和评估的白框攻击可以可靠地识别一些具有敏感值属性的记录，而这些记录在不访问模型的情况下无法预测。此外，我们表明提出的防御措施，例如私人培训和从培训中删除脆弱记录不会减轻这种隐私风险。我们的实验代码可在\ url {https://github.com/bargavj/evaluatingdpml}上获得。

尽管表示学习对于机器学习和人工智能的兴起至关重要，但仍有一个关键问题在使学习的表示有意义。为此，典型的方法是通过先前的概率分布正规化学习的表示形式。但是，这样的先验通常不可用或临时。为了解决这个问题，我们提出了一个动态约束的表示学习框架。我们不使用预定义的概率，而是将潜在表示限制为遵循特定的动力学，这是在动态系统中的表示形式学习的更自然的约束。我们的信念源于物理学的基本观察，尽管不同的系统可以具有不同的边缘化概率分布，但它们通常遵守相同的动态，例如牛顿和施罗宾格的方程。我们验证了不同系统的框架，包括真实的荧光DNA电影数据集。我们表明，我们的算法可以唯一识别不相关的，等距和有意义的潜在表示。

对社交媒体上的COVID-19疫苗接种的公众讨论不仅对于解决当前的Covid-19-19大流行，而且对于未来的病原体爆发而言至关重要。我们检查了一个Twitter数据集，其中包含7500万英文推文，讨论2020年3月至2021年3月的Covid-19疫苗接种。我们使用自然语言处理（NLP）技术培训了一种立场检测算法，以将推文分为“反Vax”或“ pro-Vax”或“ Pro-Vax” '，并使用主题建模技术检查话语的主要主题。虽然Pro-Vax推文（3700万）远远超过反VAX推文（1000万），但两种姿态的大多数推文（63％的反VAX和53％的Pro-Vax推文）都来自双稳定的用户，他们都发布了两者在观察期间，亲和反VAX推文。 Pro-Vax推文主要集中在疫苗开发上，而反VAX推文则涵盖了广泛的主题，其中一些主题包括真正的问题，尽管存在很大的虚假性。尽管从相反的角度讨论了这两个立场，但两种立场都是常见的。模因和笑话是最转推消息之一。尽管对反vax话语的两极分化和在线流行的担忧是毫无根据的，但针对虚假的有针对性的反驳很重要。

医学研究人员解决了估计二进制医学诊断测试的敏感性和特异性的问题，而没有黄金标准测试进行比较。该问题与在未标记数据上估算分类器的混淆矩阵相同。本文介绍了如何修改诊断测试解决方案，以估计无标记数据上有监督或无监督的二进制分类器的混淆矩阵和准确性统计信息。