对对抗攻击的脆弱性是在安全至关重要应用中采用深度学习的主要障碍之一。尽管做出了巨大的努力，但无论是实用还是理论上的，培训深度学习模型对对抗性攻击仍然是一个悬而未决的问题。在本文中，我们分析了大数据，贝叶斯神经网络（BNNS）中的对抗性攻击的几何形状。我们表明，在限制下，由于数据分布的堕落而产生了基于梯度的攻击的脆弱性，即当数据位于环境空间的较低维度的亚策略上时。直接结果，我们证明，在此限制下，BNN后代对基于梯度的对抗性攻击是强大的。至关重要的是，我们证明，即使从后部采样的每个神经网络都很容易受到基于梯度的攻击，因此相对于BNN后验分布的预期损失梯度正在消失。 MNIST，时尚MNIST和半卫星数据集的实验结果，代表有限的数据制度，并接受了汉密尔顿蒙特卡洛和变异推理的BNN，支持这一论点，表明BNN可以在清洁数据和稳健性上表现出很高的精度对基于梯度和无梯度的对抗性攻击。

神经网络（NNS）已成功地用于代表复杂动力学系统的状态演变。这样的模型，称为NN动态模型（NNDMS），使用NN的迭代噪声预测来估计随时间推移系统轨迹的分布。尽管它们的准确性，但对NNDMS的安全分析仍然是一个具有挑战性的问题，并且在很大程度上尚未探索。为了解决这个问题，在本文中，我们介绍了一种为NNDM提供安全保证的方法。我们的方法基于随机屏障函数，其与安全性的关系类似于Lyapunov功能的稳定性。我们首先展示了通过凸优化问题合成NNDMS随机屏障函数的方法，该问题又为系统的安全概率提供了下限。我们方法中的一个关键步骤是，NNS的最新凸近似结果的利用是找到零件线性边界，这允许将屏障函数合成问题作为一个方形优化程序的制定。如果获得的安全概率高于所需的阈值，则该系统将获得认证。否则，我们引入了一种生成控制系统的方法，该系统以最小的侵入性方式稳健地最大化安全概率。我们利用屏障函数的凸属性来提出最佳控制合成问题作为线性程序。实验结果说明了该方法的功效。即，他们表明该方法可以扩展到具有多层和数百个神经元的多维NNDM，并且控制器可以显着提高安全性概率。

地震的预测和预测有很长的时间，在某些情况下有肮脏的历史，但是最近的工作重新点燃了基于预警的进步，诱发地震性的危害评估以及对实验室地震的成功预测。在实验室中，摩擦滑移事件为地震和地震周期提供了类似物。 Labquakes是机器学习（ML）的理想目标，因为它们可以在受控条件下以长序列生产。最近的作品表明，ML可以使用断层区的声学排放来预测实验室的几个方面。在这里，我们概括了这些结果，并探索了Labquake预测和自动回归（AR）预测的深度学习（DL）方法。 DL改善了现有的Labquake预测方法。 AR方法允许通过迭代预测在未来的视野中进行预测。我们证明，基于长期任期内存（LSTM）和卷积神经网络的DL模型可以预测在几种条件下实验室，并且可以以忠诚度预测断层区应力，证实声能是断层区应力的指纹。我们还预测了实验室的失败开始（TTSF）和失败结束（TTEF）的时间。有趣的是，在所有地震循环中都可以成功预测TTEF，而TTSF的预测随preseismisic断层蠕变的数量而变化。我们报告了使用三个序列建模框架：LSTM，时间卷积网络和变压器网络预测故障应力演变的AR方法。 AR预测与现有的预测模型不同，该模型仅在特定时间预测目标变量。超出单个地震周期的预测结果有限，但令人鼓舞。我们的ML/DL模型优于最先进的模型，我们的自回归模型代表了一个新颖的框架，可以增强当前的地震预测方法。

在安全关键方案中利用自主系统需要在存在影响系统动态的不确定性和黑匣子组件存在下验证其行为。在本文中，我们开发了一个框架，用于验证部分可观察到的离散时间动态系统，从给定的输入输出数据集中具有针对时间逻辑规范的未暗模式可分散的动态系统。验证框架采用高斯进程（GP）回归，以了解数据集中的未知动态，并将连续空间系统抽象为有限状态，不确定的马尔可夫决策过程（MDP）。这种抽象依赖于通过使用可重复的内核Hilbert空间分析以及通过离散化引起的不确定性来捕获由于GP回归中的错误而捕获不确定性的过渡概率间隔。该框架利用现有的模型检查工具来验证对给定时间逻辑规范的不确定MDP抽象。我们建立将验证结果扩展到潜在部分可观察系统的抽象结果的正确性。我们表明框架的计算复杂性在数据集和离散抽象的大小中是多项式。复杂性分析说明了验证结果质量与处理较大数据集和更精细抽象的计算负担之间的权衡。最后，我们展示了我们的学习和验证框架在具有线性，非线性和切换动力系统的几种案例研究中的功效。

Graph Neural Networks (GNNs) achieve state-of-the-art performance on graph-structured data across numerous domains. Their underlying ability to represent nodes as summaries of their vicinities has proven effective for homophilous graphs in particular, in which same-type nodes tend to connect. On heterophilous graphs, in which different-type nodes are likely connected, GNNs perform less consistently, as neighborhood information might be less representative or even misleading. On the other hand, GNN performance is not inferior on all heterophilous graphs, and there is a lack of understanding of what other graph properties affect GNN performance. In this work, we highlight the limitations of the widely used homophily ratio and the recent Cross-Class Neighborhood Similarity (CCNS) metric in estimating GNN performance. To overcome these limitations, we introduce 2-hop Neighbor Class Similarity (2NCS), a new quantitative graph structural property that correlates with GNN performance more strongly and consistently than alternative metrics. 2NCS considers two-hop neighborhoods as a theoretically derived consequence of the two-step label propagation process governing GCN's training-inference process. Experiments on one synthetic and eight real-world graph datasets confirm consistent improvements over existing metrics in estimating the accuracy of GCN- and GAT-based architectures on the node classification task.

Neuromorphic systems require user-friendly software to support the design and optimization of experiments. In this work, we address this need by presenting our development of a machine learning-based modeling framework for the BrainScaleS-2 neuromorphic system. This work represents an improvement over previous efforts, which either focused on the matrix-multiplication mode of BrainScaleS-2 or lacked full automation. Our framework, called hxtorch.snn, enables the hardware-in-the-loop training of spiking neural networks within PyTorch, including support for auto differentiation in a fully-automated hardware experiment workflow. In addition, hxtorch.snn facilitates seamless transitions between emulating on hardware and simulating in software. We demonstrate the capabilities of hxtorch.snn on a classification task using the Yin-Yang dataset employing a gradient-based approach with surrogate gradients and densely sampled membrane observations from the BrainScaleS-2 hardware system.

Generalisation to unseen contexts remains a challenge for embodied navigation agents. In the context of semantic audio-visual navigation (SAVi) tasks, the notion of generalisation should include both generalising to unseen indoor visual scenes as well as generalising to unheard sounding objects. However, previous SAVi task definitions do not include evaluation conditions on truly novel sounding objects, resorting instead to evaluating agents on unheard sound clips of known objects; meanwhile, previous SAVi methods do not include explicit mechanisms for incorporating domain knowledge about object and region semantics. These weaknesses limit the development and assessment of models' abilities to generalise their learned experience. In this work, we introduce the use of knowledge-driven scene priors in the semantic audio-visual embodied navigation task: we combine semantic information from our novel knowledge graph that encodes object-region relations, spatial knowledge from dual Graph Encoder Networks, and background knowledge from a series of pre-training tasks -- all within a reinforcement learning framework for audio-visual navigation. We also define a new audio-visual navigation sub-task, where agents are evaluated on novel sounding objects, as opposed to unheard clips of known objects. We show improvements over strong baselines in generalisation to unseen regions and novel sounding objects, within the Habitat-Matterport3D simulation environment, under the SoundSpaces task.

Multi-document summarization (MDS) has traditionally been studied assuming a set of ground-truth topic-related input documents is provided. In practice, the input document set is unlikely to be available a priori and would need to be retrieved based on an information need, a setting we call open-domain MDS. We experiment with current state-of-the-art retrieval and summarization models on several popular MDS datasets extended to the open-domain setting. We find that existing summarizers suffer large reductions in performance when applied as-is to this more realistic task, though training summarizers with retrieved inputs can reduce their sensitivity retrieval errors. To further probe these findings, we conduct perturbation experiments on summarizer inputs to study the impact of different types of document retrieval errors. Based on our results, we provide practical guidelines to help facilitate a shift to open-domain MDS. We release our code and experimental results alongside all data or model artifacts created during our investigation.

We consider the problem of two active particles in 2D complex flows with the multi-objective goals of minimizing both the dispersion rate and the energy consumption of the pair. We approach the problem by means of Multi Objective Reinforcement Learning (MORL), combining scalarization techniques together with a Q-learning algorithm, for Lagrangian drifters that have variable swimming velocity. We show that MORL is able to find a set of trade-off solutions forming an optimal Pareto frontier. As a benchmark, we show that a set of heuristic strategies are dominated by the MORL solutions. We consider the situation in which the agents cannot update their control variables continuously, but only after a discrete (decision) time, $\tau$. We show that there is a range of decision times, in between the Lyapunov time and the continuous updating limit, where Reinforcement Learning finds strategies that significantly improve over heuristics. In particular, we discuss how large decision times require enhanced knowledge of the flow, whereas for smaller $\tau$ all a priori heuristic strategies become Pareto optimal.

Post-hoc explanation methods are used with the intent of providing insights about neural networks and are sometimes said to help engender trust in their outputs. However, popular explanations methods have been found to be fragile to minor perturbations of input features or model parameters. Relying on constraint relaxation techniques from non-convex optimization, we develop a method that upper-bounds the largest change an adversary can make to a gradient-based explanation via bounded manipulation of either the input features or model parameters. By propagating a compact input or parameter set as symbolic intervals through the forwards and backwards computations of the neural network we can formally certify the robustness of gradient-based explanations. Our bounds are differentiable, hence we can incorporate provable explanation robustness into neural network training. Empirically, our method surpasses the robustness provided by previous heuristic approaches. We find that our training method is the only method able to learn neural networks with certificates of explanation robustness across all six datasets tested.