大量工作表明，机器学习（ML）模型可以泄漏有关其培训数据的敏感或机密信息。最近，由于分布推断（或属性推断）攻击引起的泄漏正在引起人们的注意。在此攻击中，对手的目标是推断有关培训数据的分配信息。到目前为止，对分布推理的研究集中在证明成功的攻击上，而很少注意确定泄漏的潜在原因和提出缓解。为了弥合这一差距，作为我们的主要贡献，我们从理论和经验上分析了信息泄漏的来源，这使对手能够进行分布推理攻击。我们确定泄漏的三个来源：（1）记住有关$ \ mathbb {e} [y | x] $（给定特征值的预期标签）的特定信息，（（2）模型的错误归纳偏置，以及（3）培训数据的有限性。接下来，根据我们的分析，我们提出了针对分配推理攻击的原则缓解技术。具体而言，我们证明了因果学习技术比相关学习方法更适合特定类型的分布推理所谓的分配构件推理。最后，我们提出了分布推断的形式化，该推论允许对比以前更多的一般对手进行推理。

能够替换人类判断的自动评估指标对于允许快速开发新方法至关重要。因此，许多研究工作集中在制定此类指标上。在这项工作中，我们退后一步，通过比较现有的自动指标和人类指标的身体来分析最近的进度。由于指标是根据它们的排名系统的方式使用的，因此我们比较系统排名空间中的指标。我们广泛的统计分析揭示了令人惊讶的发现：自动指标 - 新老 - 与彼此相比，比人类更相似。自动指标不是互补的，等级系统也类似。令人惊讶的是，人类指标彼此相互预测要比所有用于预测人类指标的自动指标的组合要好得多。令人惊讶的是，人类指标通常被设计为独立，以捕获质量的不同方面，例如内容保真度或可读性。我们对这些发现和建议进行讨论，以在评估领域的未来工作。

机器学习（ML）模型通常是针对给定数据集的精度进行优化的。但是，此预测标准很少捕获模型的所有理想属性，特别是它与域专家对任务的理解的匹配程度。指定的是指多种模型的存在，这些模型在其内域准确性上是无法区分的，即使它们在其他期望的属性（例如分布（OOD）性能）上有所不同。确定这些情况对于评估ML模型的可靠性至关重要。我们正式化了指定的概念，并提出了一种识别和部分解决它的方法。我们训练多个模型具有独立约束，迫使他们实施不同的功能。他们发现了预测性特征，否则标准经验风险最小化（ERM）忽略了这些特征，然后我们将其提炼成具有出色OOD性能的全球模型。重要的是，我们限制了模型以与数据歧管保持一致，以确保它们发现有意义的功能。我们在计算机视觉（拼贴，wild-camelyon17，gqa）中演示了多个数据集的方法，并讨论了指定规定的一般含义。最值得注意的是，没有其他假设，内域性能无法用于OOD模型选择。

文本的结构化和接地表示通常是通过封闭信息提取形式化的，提取与从知识库模式的预定义实体集合和关系一致的穷举集（主题，关系，对象）三元组的问题。大多数现有的作品是管道容易出错的累积，所有方法都仅适用于不切实际的少数实体和关系。我们介绍了Genie（生成信息提取），第一端到最终的归属化闭合信息提取。 Genie自然地通过自动生成文本形式的关系和实体来利用预先训练的变压器的语言知识。由于新的双层约束生成策略，仅生产与预定义知识库模式一致的三胞胎。我们的实验表明，Genie在封闭信息提取时是最先进的，从较少的训练数据点广泛地推广到基线，并缩放到以前无管理数量的实体和关系。通过这项工作，封闭的信息提取在现实情景中变得实用，为下游任务提供了新的机会。最后，这项工作为信息提取的核心任务铺平了统一的端到端方法。在https://github.com/epfl-dlab/genie提供的代码和模型。

Making histopathology image classifiers robust to a wide range of real-world variability is a challenging task. Here, we describe a candidate deep learning solution for the Mitosis Domain Generalization Challenge 2022 (MIDOG) to address the problem of generalization for mitosis detection in images of hematoxylin-eosin-stained histology slides under high variability (scanner, tissue type and species variability). Our approach consists in training a rotation-invariant deep learning model using aggressive data augmentation with a training set enriched with hard negative examples and automatically selected negative examples from the unlabeled part of the challenge dataset. To optimize the performance of our models, we investigated a hard negative mining regime search procedure that lead us to train our best model using a subset of image patches representing 19.6% of our training partition of the challenge dataset. Our candidate model ensemble achieved a F1-score of .697 on the final test set after automated evaluation on the challenge platform, achieving the third best overall score in the MIDOG 2022 Challenge.

As more and more conversational and translation systems are deployed in production, it is essential to implement and to develop effective control mechanisms guaranteeing their proper functioning and security. An essential component to ensure safe system behavior is out-of-distribution (OOD) detection, which aims at detecting whether an input sample is statistically far from the training distribution. Although OOD detection is a widely covered topic in classification tasks, it has received much less attention in text generation. This paper addresses the problem of OOD detection for machine translation and dialog generation from an operational perspective. Our contributions include: (i) RAINPROOF a Relative informAItioN Projection ODD detection framework; and (ii) a more operational evaluation setting for OOD detection. Surprisingly, we find that OOD detection is not necessarily aligned with task-specific measures. The OOD detector may filter out samples that are well processed by the model and keep samples that are not, leading to weaker performance. Our results show that RAINPROOF breaks this curse and achieve good results in OOD detection while increasing performance.

Underwater images are altered by the physical characteristics of the medium through which light rays pass before reaching the optical sensor. Scattering and strong wavelength-dependent absorption significantly modify the captured colors depending on the distance of observed elements to the image plane. In this paper, we aim to recover the original colors of the scene as if the water had no effect on them. We propose two novel methods that rely on different sets of inputs. The first assumes that pixel intensities in the restored image are normally distributed within each color channel, leading to an alternative optimization of the well-known \textit{Sea-thru} method which acts on single images and their distance maps. We additionally introduce SUCRe, a new method that further exploits the scene's 3D Structure for Underwater Color Restoration. By following points in multiple images and tracking their intensities at different distances to the sensor we constrain the optimization of the image formation model parameters. When compared to similar existing approaches, SUCRe provides clear improvements in a variety of scenarios ranging from natural light to deep-sea environments. The code for both approaches is publicly available at https://github.com/clementinboittiaux/sucre .

Vulnerability to adversarial attacks is a well-known weakness of Deep Neural Networks. While most of the studies focus on natural images with standardized benchmarks like ImageNet and CIFAR, little research has considered real world applications, in particular in the medical domain. Our research shows that, contrary to previous claims, robustness of chest x-ray classification is much harder to evaluate and leads to very different assessments based on the dataset, the architecture and robustness metric. We argue that previous studies did not take into account the peculiarity of medical diagnosis, like the co-occurrence of diseases, the disagreement of labellers (domain experts), the threat model of the attacks and the risk implications for each successful attack. In this paper, we discuss the methodological foundations, review the pitfalls and best practices, and suggest new methodological considerations for evaluating the robustness of chest xray classification models. Our evaluation on 3 datasets, 7 models, and 18 diseases is the largest evaluation of robustness of chest x-ray classification models.

We introduce submodel co-training, a regularization method related to co-training, self-distillation and stochastic depth. Given a neural network to be trained, for each sample we implicitly instantiate two altered networks, ``submodels'', with stochastic depth: we activate only a subset of the layers. Each network serves as a soft teacher to the other, by providing a loss that complements the regular loss provided by the one-hot label. Our approach, dubbed cosub, uses a single set of weights, and does not involve a pre-trained external model or temporal averaging. Experimentally, we show that submodel co-training is effective to train backbones for recognition tasks such as image classification and semantic segmentation. Our approach is compatible with multiple architectures, including RegNet, ViT, PiT, XCiT, Swin and ConvNext. Our training strategy improves their results in comparable settings. For instance, a ViT-B pretrained with cosub on ImageNet-21k obtains 87.4% top-1 acc. @448 on ImageNet-val.

Named Entity Recognition (NER) involves the identification and classification of named entities in unstructured text into predefined classes. NER in languages with limited resources, like French, is still an open problem due to the lack of large, robust, labelled datasets. In this paper, we propose a transformer-based NER approach for French using adversarial adaptation to similar domain or general corpora for improved feature extraction and better generalization. We evaluate our approach on three labelled datasets and show that our adaptation framework outperforms the corresponding non-adaptive models for various combinations of transformer models, source datasets and target corpora.