在过去几年中，神经网络的性能在越来越多的浮点操作（拖鞋）的成本上显着提高。但是，当计算资源有限时，更多的拖鞋可能是一个问题。作为解决这个问题的尝试，修剪过滤器是一种常见的解决方案，但大多数现有的修剪方法不有效地保持模型精度，因此需要大量的芬降时期。在本文中，我们提出了一种自动修剪方法，该方法学习保存的神经元以保持模型精度，同时将絮凝到预定目标。为了完成这项任务，我们介绍了一种可训练的瓶颈，只需要一个单一的单一时期，只需要一个数据集的25.6％（Cifar-10）或7.49％（ILSVRC2012）来了解哪些过滤器。在各种架构和数据集上的实验表明，该方法不仅可以在修剪后保持精度，而且在FineTuning之后也优越现有方法。我们在Reset-50上达到了52.00％的拖鞋，在ILSVRC2012上的灌溉后的前1个精度为47.51％，最先进的（SOTA）精度为76.63％。代码可用（链接匿名审核）。

当模型向人们提供决定时，分销转移可能会造成不当差异。但是，由于模型及其训练集通常是专有的，因此外部实体很难检查分配变化。在本文中，我们介绍并研究了一种黑盒审计方法，以检测分配转移案例，从而导致跨人口组的模型差异。通过扩展在成员资格和属性推理攻击中使用的技术（旨在暴露于学习模型中的私人信息），我们证明了外部审核员可以仅通过查询模型来获取这些分配所需的信息，以识别这些分布的变化。我们对现实世界数据集的实验结果表明，这种方法是有效的，在检测培训集中人口统计组不足的转移方面达到了80--100％的AUC-ROC。研究人员和调查记者可以使用我们的工具对专有模型进行非授权审核，并在培训数据集中暴露出不足的案例。

Machine learning algorithms, when applied to sensitive data, pose a distinct threat to privacy. A growing body of prior work demonstrates that models produced by these algorithms may leak specific private information in the training data to an attacker, either through the models' structure or their observable behavior. However, the underlying cause of this privacy risk is not well understood beyond a handful of anecdotal accounts that suggest overfitting and influence might play a role.This paper examines the effect that overfitting and influence have on the ability of an attacker to learn information about the training data from machine learning models, either through training set membership inference or attribute inference attacks. Using both formal and empirical analyses, we illustrate a clear relationship between these factors and the privacy risk that arises in several popular machine learning algorithms. We find that overfitting is sufficient to allow an attacker to perform membership inference and, when the target attribute meets certain conditions about its influence, attribute inference attacks. Interestingly, our formal analysis also shows that overfitting is not necessary for these attacks and begins to shed light on what other factors may be in play. Finally, we explore the connection between membership inference and attribute inference, showing that there are deep connections between the two that lead to effective new attacks.