Differentially private data generation techniques have become a promising solution to the data privacy challenge -- it enables sharing of data while complying with rigorous privacy guarantees, which is essential for scientific progress in sensitive domains. Unfortunately, restricted by the inherent complexity of modeling high-dimensional distributions, existing private generative models are struggling with the utility of synthetic samples. In contrast to existing works that aim at fitting the complete data distribution, we directly optimize for a small set of samples that are representative of the distribution under the supervision of discriminative information from downstream tasks, which is generally an easier task and more suitable for private training. Our work provides an alternative view for differentially private generation of high-dimensional data and introduces a simple yet effective method that greatly improves the sample utility of state-of-the-art approaches.

现在，错误和虚假信息已成为我们安全和安全的全球威胁。为了应对在线错误信息的规模，一个可行的解决方案是通过检索和验证相关证据来自动对索赔进行事实检查。尽管在推动自动事实验证方面取得了最新进展，但仍缺乏对可能针对此类系统的攻击向量的全面评估。特别是，自动化事实验证过程可能容易受到其试图打击的确切虚假信息。在这项工作中，我们假设一个对手可以自动使用在线证据擦洗，以通过伪装相关证据或种植误导性的证据来破坏事实检查模型。我们首先提出了探索性分类法，该分类法涵盖了这两个目标和不同的威胁模型维度。在此指导下，我们设计并提出了几种潜在的攻击方法。我们表明，除了产生多样化和索赔一致的证据之外，还可以在证据中巧妙地修改索赔空位段。结果，我们在分类法的许多不同排列中高度降低了事实检查的表现。这些攻击也对索赔后的事后修改也很强大。我们的分析进一步暗示了在面对矛盾的证据时，模型推断的潜在局限性。我们强调，这些攻击可能会对此类模型的可检查和人类使用情况产生有害的影响，我们通过讨论未来防御的挑战和方向来得出结论。

作为对培训数据隐私的长期威胁，会员推理攻击（MIA）在机器学习模型中无处不在。现有作品证明了培训的区分性与测试损失分布与模型对MIA的脆弱性之间的密切联系。在现有结果的激励下，我们提出了一个基于轻松损失的新型培训框架，并具有更可实现的学习目标，从而导致概括差距狭窄和隐私泄漏减少。 RelaseLoss适用于任何分类模型，具有易于实施和可忽略不计的开销的额外好处。通过对具有不同方式（图像，医疗数据，交易记录）的五个数据集进行广泛的评估，我们的方法始终优于针对MIA和模型效用的韧性，以最先进的防御机制优于最先进的防御机制。我们的防御是第一个可以承受广泛攻击的同时，同时保存（甚至改善）目标模型的效用。源代码可从https://github.com/dingfanchen/relaxloss获得

误导现在是由于其核心民主和社会价值观和订单的潜在高风险导致的主要问题。外观的错误信息是对病毒假故事进行的对手使用的最简单有效的方法之一。在这种威胁中，通过歪曲其上下文和/或元素来重新设计真实的图像以支持其他叙述。互联网被用作使用不同来源和模态的信息来验证信息。我们的目标是一种可防止的方法，通过使用Web证据来检查图像标题配对来自动实现这一耗时和推理的密集流程。要从两种方式集成证据和提示，我们介绍了“多模态周期 - 一致性检查”的概念;从图像/标题开始，我们收集文本/视觉证据，将分别与其他配对的字幕/图像进行比较。此外，我们提出了一种新颖的架构，一致性检查网络（CCN），其模拟了相同和不同的方式的分层人工理学：标题与文本证据，图像与视觉证据和图像与标题。我们的工作为开放式，基于内容，多模态事实检查提供的第一步和基准，并且显着优于未杠杆效率的基准。

联合学习是一种强大的分布式学习方案，它允许许多边缘设备在不共享数据的情况下协作训练模型。但是，培训是边缘设备的资源密集型，而有限的网络带宽通常是主要的瓶颈。先前的工作通常通过将模型或消息凝结成紧凑的格式（例如，通过梯度压缩或蒸馏）来克服约束。相比之下，我们提出了Progfered，这是第一个渐进式培训框架，用于有效有效的联盟学习。它固有地降低了计算和双向通信成本，同时保持最终模型的强劲性能。从理论上讲，我们证明了渐进式的渐近率与完整模型上的标准培训相同。在包括CNN（VGG，Resnet，Convnets）和U-Nets在内的广泛体系结构以及从简单分类到医疗图像细分的各种任务的广泛结果表明，我们的高效培训方法可节省高达$ 20 \％的计算至$ 63 \％$ $汇聚型号的通信成本。由于我们的方法也与先前的压缩工作相称，因此我们可以通过结合这些技术来实现广泛的权衡，显示出最高$ 50 \ times $的通信仅为$ 0.1 \％\％$ $ $ $。代码可从https://github.com/a514514772/progfed获得。

Machine Learning (ML) models are increasingly deployed in the wild to perform a wide range of tasks. In this work, we ask to what extent can an adversary steal functionality of such "victim" models based solely on blackbox interactions: image in, predictions out. In contrast to prior work, we present an adversary lacking knowledge of train/test data used by the model, its internals, and semantics over model outputs. We formulate model functionality stealing as a two-step approach: (i) querying a set of input images to the blackbox model to obtain predictions; and (ii) training a "knockoff" with queried image-prediction pairs. We make multiple remarkable observations: (a) querying random images from a different distribution than that of the blackbox training data results in a well-performing knockoff; (b) this is possible even when the knockoff is represented using a different architecture; and (c) our reinforcement learning approach additionally improves query sample efficiency in certain settings and provides performance gains. We validate model functionality stealing on a range of datasets and tasks, as well as on a popular image analysis API where we create a reasonable knockoff for as little as $30.

Machine learning (ML) has become a core component of many real-world applications and training data is a key factor that drives current progress. This huge success has led Internet companies to deploy machine learning as a service (MLaaS). Recently, the first membership inference attack has shown that extraction of information on the training set is possible in such MLaaS settings, which has severe security and privacy implications.However, the early demonstrations of the feasibility of such attacks have many assumptions on the adversary, such as using multiple so-called shadow models, knowledge of the target model structure, and having a dataset from the same distribution as the target model's training data. We relax all these key assumptions, thereby showing that such attacks are very broadly applicable at low cost and thereby pose a more severe risk than previously thought. We present the most comprehensive study so far on this emerging and developing threat using eight diverse datasets which show the viability of the proposed attacks across domains.In addition, we propose the first effective defense mechanisms against such broader class of membership inference attacks that maintain a high level of utility of the ML model.

In the era of digital healthcare, the huge volumes of textual information generated every day in hospitals constitute an essential but underused asset that could be exploited with task-specific, fine-tuned biomedical language representation models, improving patient care and management. For such specialized domains, previous research has shown that fine-tuning models stemming from broad-coverage checkpoints can largely benefit additional training rounds over large-scale in-domain resources. However, these resources are often unreachable for less-resourced languages like Italian, preventing local medical institutions to employ in-domain adaptation. In order to reduce this gap, our work investigates two accessible approaches to derive biomedical language models in languages other than English, taking Italian as a concrete use-case: one based on neural machine translation of English resources, favoring quantity over quality; the other based on a high-grade, narrow-scoped corpus natively written in Italian, thus preferring quality over quantity. Our study shows that data quantity is a harder constraint than data quality for biomedical adaptation, but the concatenation of high-quality data can improve model performance even when dealing with relatively size-limited corpora. The models published from our investigations have the potential to unlock important research opportunities for Italian hospitals and academia. Finally, the set of lessons learned from the study constitutes valuable insights towards a solution to build biomedical language models that are generalizable to other less-resourced languages and different domain settings.

Modeling perception sensors is key for simulation based testing of automated driving functions. Beyond weather conditions themselves, sensors are also subjected to object dependent environmental influences like tire spray caused by vehicles moving on wet pavement. In this work, a novel modeling approach for spray in lidar data is introduced. The model conforms to the Open Simulation Interface (OSI) standard and is based on the formation of detection clusters within a spray plume. The detections are rendered with a simple custom ray casting algorithm without the need of a fluid dynamics simulation or physics engine. The model is subsequently used to generate training data for object detection algorithms. It is shown that the model helps to improve detection in real-world spray scenarios significantly. Furthermore, a systematic real-world data set is recorded and published for analysis, model calibration and validation of spray effects in active perception sensors. Experiments are conducted on a test track by driving over artificially watered pavement with varying vehicle speeds, vehicle types and levels of pavement wetness. All models and data of this work are available open source.

In recent years, image and video delivery systems have begun integrating deep learning super-resolution (SR) approaches, leveraging their unprecedented visual enhancement capabilities while reducing reliance on networking conditions. Nevertheless, deploying these solutions on mobile devices still remains an active challenge as SR models are excessively demanding with respect to workload and memory footprint. Despite recent progress on on-device SR frameworks, existing systems either penalize visual quality, lead to excessive energy consumption or make inefficient use of the available resources. This work presents NAWQ-SR, a novel framework for the efficient on-device execution of SR models. Through a novel hybrid-precision quantization technique and a runtime neural image codec, NAWQ-SR exploits the multi-precision capabilities of modern mobile NPUs in order to minimize latency, while meeting user-specified quality constraints. Moreover, NAWQ-SR selectively adapts the arithmetic precision at run time to equip the SR DNN's layers with wider representational power, improving visual quality beyond what was previously possible on NPUs. Altogether, NAWQ-SR achieves an average speedup of 7.9x, 3x and 1.91x over the state-of-the-art on-device SR systems that use heterogeneous processors (MobiSR), CPU (SplitSR) and NPU (XLSR), respectively. Furthermore, NAWQ-SR delivers an average of 3.2x speedup and 0.39 dB higher PSNR over status-quo INT8 NPU designs, but most importantly mitigates the negative effects of quantization on visual quality, setting a new state-of-the-art in the attainable quality of NPU-based SR.