Deep learning models are known to put the privacy of their training data at risk, which poses challenges for their safe and ethical release to the public. Differentially private stochastic gradient descent is the de facto standard for training neural networks without leaking sensitive information about the training data. However, applying it to models for graph-structured data poses a novel challenge: unlike with i.i.d. data, sensitive information about a node in a graph cannot only leak through its gradients, but also through the gradients of all nodes within a larger neighborhood. In practice, this limits privacy-preserving deep learning on graphs to very shallow graph neural networks. We propose to solve this issue by training graph neural networks on disjoint subgraphs of a given training graph. We develop three random-walk-based methods for generating such disjoint subgraphs and perform a careful analysis of the data-generating distributions to provide strong privacy guarantees. Through extensive experiments, we show that our method greatly outperforms the state-of-the-art baseline on three large graphs, and matches or outperforms it on four smaller ones.

神经网络的鲁棒性和异常检测能力是其在现实世界中安全采用的关键主题。此外，最近网络的过度参数伴随着高计算成本，并提出了有关其对稳健性和异常检测的影响的疑问。在这项工作中，我们表明稀疏性可以使网络更强大，更好的异常检测器。为了进一步激励这一点，我们表明，预先训练的神经网络包含在其参数空间内，稀疏的子网络在没有任何进一步培训的情况下在这些任务上更好。我们还表明，结构化的稀疏性极大地有助于降低昂贵的鲁棒性和检测方法的复杂性，同时维持甚至改善其在这些任务上的结果。最后，我们引入了一种新方法Sensnorm，该方法使用从适当的修剪方法得出的权重的灵敏度来检测输入中的异常样品。

修剪是稀疏深神经网络的任务，最近受到了越来越多的关注。尽管最先进的修剪方法提取了高度稀疏的模型，但它们忽略了两个主要挑战：（1）寻找这些稀疏模型的过程通常非常昂贵； （2）非结构化的修剪在GPU记忆，训练时间或碳排放方面没有提供好处。我们提出了通过梯度流量保存（早期CROP）提出的早期压缩，该压缩在训练挑战（1）的培训（1）中有效提取最先进的稀疏模型，并且可以以结构化的方式应用来应对挑战（2）。这使我们能够在商品GPU上训练稀疏的网络，该商品GPU的密集版本太大，从而节省了成本并减少了硬件要求。我们从经验上表明，早期杂交的表现优于许多任务（包括分类，回归）和域（包括计算机视觉，自然语言处理和增强学习）的丰富基线。早期杂交导致准确性与密集训练相当，同时超过修剪基线。

Speech to text models tend to be trained and evaluated against a single target accent. This is especially true for English for which native speakers from the United States became the main benchmark. In this work, we are going to show how two simple methods: pre-trained embeddings and auxiliary classification losses can improve the performance of ASR systems. We are looking for upgrades as universal as possible and therefore we will explore their impact on several models architectures and several languages.

In this paper, we investigate the impact of neural networks (NNs) topology on adversarial robustness. Specifically, we study the graph produced when an input traverses all the layers of a NN, and show that such graphs are different for clean and adversarial inputs. We find that graphs from clean inputs are more centralized around highway edges, whereas those from adversaries are more diffuse, leveraging under-optimized edges. Through experiments on a variety of datasets and architectures, we show that these under-optimized edges are a source of adversarial vulnerability and that they can be used to detect adversarial inputs.

我们提供了证据表明，学到的密度功能理论（``dft'）的力场已准备好进行基态催化剂发现。我们的关键发现是，尽管预测的力与地面真相有很大差异，但使用从超过50 \％的评估系统中使用RPBE功能的能量与使用RPBE功能相似或较低能量的力量的力量与使用RPBE功能相似或较低的力量放松。这具有令人惊讶的含义，即学习的潜力可能已经准备好在挑战性的催化系统中替换DFT，例如在Open Catalyst 2020数据集中发现的电位。此外，我们表明，在局部谐波能量表面上具有与目标DFT能量相同的局部谐波能量表面训练的力场也能够在50 \％的情况下找到较低或相似的能量结构。与在真实能量和力量训练的标准模型相比，这种``简易电位''的收敛步骤更少，这进一步加速了计算。它的成功说明了一个关键：即使模型具有高力误差，学到的电位也可以定位能量最小值。结构优化的主要要求仅仅是学到的电位具有正确的最小值。由于学到的电位与系统大小的速度快速且尺寸为线性，因此我们的结果开辟了快速找到大型系统基础状态的可能性。

在本文中，我们启动了对分类中低维对逆动力（LDAP）现象的严格研究。与经典设置不同，这些扰动仅限于尺寸$ k $的子空间，该子空间比功能空间的尺寸$ d $小得多。 $ k = 1 $的情况对应于所谓的通用对抗扰动（UAPS; Moosavi-Dezfooli等，2017）。首先，我们考虑在通用规律条件（包括RELU网络）下的二进制分类器，并根据任何子空间的愚蠢率计算分析下限。这些界限明确强调了愚蠢率对模型的点缘的依赖性（即，在测试点的输出与其梯度的$ L_2 $ norm的比率），以及给定子空间与该梯度的对齐模型W.R.T.的梯度输入。我们的结果为启发式方法的最新成功提供了有效产生低维对对抗性扰动的严格解释。最后，我们表明，如果决策区域紧凑，那么它将接受通用的对抗性扰动，其$ l_2 $ norm，比典型的$ \ sqrt {d} $倍乘以数据点的典型$ l_2 $ norm。我们的理论结果通过对合成和真实数据的实验证实。

We provide results that exactly quantify how data augmentation affects the convergence rate and variance of estimates. They lead to some unexpected findings: Contrary to common intuition, data augmentation may increase rather than decrease the uncertainty of estimates, such as the empirical prediction risk. Our main theoretical tool is a limit theorem for functions of randomly transformed, high-dimensional random vectors. The proof draws on work in probability on noise stability of functions of many variables. The pathological behavior we identify is not a consequence of complex models, but can occur even in the simplest settings -- one of our examples is a ridge regressor with two parameters. On the other hand, our results also show that data augmentation can have real, quantifiable benefits.

语音情感转换是修改语音话语的感知情绪的任务，同时保留词汇内容和扬声器身份。在这项研究中，我们将情感转换问题作为口语翻译任务。我们将演讲分解为离散和解散的学习表现，包括内容单位，F0，扬声器和情感。首先，我们通过将内容单元转换为目标情绪来修改语音内容，然后基于这些单元预测韵律特征。最后，通过将预测的表示馈送到神经声码器中来生成语音波形。这样的范式允许我们超越信号的光谱和参数变化，以及模型非口头发声，例如笑声插入，打开拆除等。我们客观地和主观地展示所提出的方法在基础上优于基线感知情绪和音频质量。我们严格评估了这种复杂系统的所有组成部分，并通过广泛的模型分析和消融研究结束，以更好地强调建议方法的建筑选择，优势和弱点。示例和代码将在以下链接下公开使用：https://speechbot.github.io/emotion。

Network data are ubiquitous in modern machine learning, with tasks of interest including node classification, node clustering and link prediction. A frequent approach begins by learning an Euclidean embedding of the network, to which algorithms developed for vector-valued data are applied. For large networks, embeddings are learned using stochastic gradient methods where the sub-sampling scheme can be freely chosen. Despite the strong empirical performance of such methods, they are not well understood theoretically. Our work encapsulates representation methods using a subsampling approach, such as node2vec, into a single unifying framework. We prove, under the assumption that the graph is exchangeable, that the distribution of the learned embedding vectors asymptotically decouples. Moreover, we characterize the asymptotic distribution and provided rates of convergence, in terms of the latent parameters, which includes the choice of loss function and the embedding dimension. This provides a theoretical foundation to understand what the embedding vectors represent and how well these methods perform on downstream tasks. Notably, we observe that typically used loss functions may lead to shortcomings, such as a lack of Fisher consistency.