This paper proposes an easy-to-compute upper bound for the overlap index between two probability distributions without requiring any knowledge of the distribution models. The computation of our bound is time-efficient and memory-efficient and only requires finite samples. The proposed bound shows its value in one-class classification and domain shift analysis. Specifically, in one-class classification, we build a novel one-class classifier by converting the bound into a confidence score function. Unlike most one-class classifiers, the training process is not needed for our classifier. Additionally, the experimental results show that our classifier \textcolor{\colorname}{can be accurate with} only a small number of in-class samples and outperforms many state-of-the-art methods on various datasets in different one-class classification scenarios. In domain shift analysis, we propose a theorem based on our bound. The theorem is useful in detecting the existence of domain shift and inferring data information. The detection and inference processes are both computation-efficient and memory-efficient. Our work shows significant promise toward broadening the applications of overlap-based metrics.

We propose a framework in which multiple entities collaborate to build a machine learning model while preserving privacy of their data. The approach utilizes feature embeddings from shared/per-entity feature extractors transforming data into a feature space for cooperation between entities. We propose two specific methods and compare them with a baseline method. In Shared Feature Extractor (SFE) Learning, the entities use a shared feature extractor to compute feature embeddings of samples. In Locally Trained Feature Extractor (LTFE) Learning, each entity uses a separate feature extractor and models are trained using concatenated features from all entities. As a baseline, in Cooperatively Trained Feature Extractor (CTFE) Learning, the entities train models by sharing raw data. Secure multi-party algorithms are utilized to train models without revealing data or features in plain text. We investigate the trade-offs among SFE, LTFE, and CTFE in regard to performance, privacy leakage (using an off-the-shelf membership inference attack), and computational cost. LTFE provides the most privacy, followed by SFE, and then CTFE. Computational cost is lowest for SFE and the relative speed of CTFE and LTFE depends on network architecture. CTFE and LTFE provide the best accuracy. We use MNIST, a synthetic dataset, and a credit card fraud detection dataset for evaluations.

DNN的成功是由过度参数化网络概括的违反直觉能力驱动的，即使它们完全适合培训数据。实际上，测试误差通常会随着过度参数化的增加而继续减少，称为双重下降。这使从业者可以实例化大型模型，而不必担心过度合适。但是，尽管有好处，但先前的工作表明，过度参数会加剧偏见对少数族裔亚组。已经提出了几种公平约束的DNN培训方法来解决这一问题。在这里，我们对Mindiff进行了严格的研究，这是Tensorflow负责AI工具包中实施的公平约束培训程序，旨在实现机会平等。我们表明，尽管Mindiff改善了参数化不足的模型的公平性，但在过度参数化的制度中可能是无效的。这是因为一个具有零训练损失的过度合适模型在培训数据上是微不足道的，造成了“公平幻想”，因此可以关闭Mindiff的优化（这将适用于任何基于差异的措施，这些措施关心错误或准确性。它不适用于人口统计）。在指定的公平限制内，与参数过度的同行相比，参数化的Mindiff模型甚至可能具有较低的错误（尽管基线过度参数化模型的错误较低）。我们进一步表明，Mindiff优化对在参数不足的制度中的批处理大小非常敏感。因此，使用Mindiff的公平模型培训需要耗时的超参数搜索。最后，我们建议使用先前提出的正则化技术，即。 L2，与Mindiff结合使用的早期停止和洪水训练公平的参数化模型。

深度学习技术在图像压缩中显示出令人鼓舞的结果，并具有竞争性的比特率和图像重建质量。但是，尽管图像压缩已经朝着更高的峰值信噪比（PSNR）和每个像素（BPP）较少的位置发展，但它们对对抗图像的稳健性从未经过审议。在这项工作中，我们首次研究了图像压缩系统的鲁棒性，其中不可察觉的输入图像的扰动会导致其压缩潜在的比特率显着增加。为了表征最先进的图像压缩的鲁棒性，我们安装了白色框和黑框攻击。我们的白框攻击在比特斯流的熵估计中采用快速梯度标志方法作为比特率近似。我们提出了DCT-NET，以建筑简单性和轻量级训练为Black-Box攻击中的替代品，并实现快速的对抗性转移性，以模拟JPEG压缩。我们在六个图像压缩模型上的结果，每个模型具有六个不同的比特率质量（总共36个模型），表明它们令人惊讶地脆弱，其中白盒攻击可达到56.326X和Black-Box 1.947X BPP的变化。为了提高鲁棒性，我们提出了一种新型的压缩体系结构ractatn，它结合了注意模块和一个基本分解的熵模型，从而在对抗性攻击方面的速率延伸性能与鲁棒性之间的有希望的权衡，超过了现有的学术图像压缩机。

私人推论（PI）可以直接对密码安全的数据进行推断。虽然有望解决许多隐私问题，但由于极端的运行时间，它的使用有限。与明文推断不同，在PI非线性函数（即relu）中，延迟是由拖曳支配的，即瓶颈。因此，实用的PI需要新颖的恢复优化。为了减少PI潜伏期，我们提出了一种基于梯度的算法，该算法在维持预测准确性的同时选择性地线性地线性性地线性性地线性性性地线性性地线性性地线性性性地线性性性地线性化。我们评估了几种标准PI基准测试的算法。结果表明，比目前的最新水平（70 \％的ISO-ACCURACY \％），最高$ 4.25 \％$的准确性（ISO-RELU计数为50K）或$ 2.2 \ tims $少于$ $ $ $。 - 准确空间。为了补充经验结果，我们提出了一个“无免费午餐”定理，该定理阐明了如何以及何时进行网络线性化，同时保持预测准确性。公共代码可在\ url {https://github.com/nyu-dice-lab/selective_network_linearization}获得。

由于捕获高角度和时间分辨率测量的能力，毫米波（MMWAVE）带引起了高精度定位应用的显着关注。本文探讨了基于MMWAVE的定位，用于目标本地化问题，其中固定目标广播MMWAVE信号和移动机器人代理尝试侦听信号以定位和导航到目标。提出了三个韵律过程：首先，移动代理使用张量分解方法来检测无线路径及其角度。其次，然后使用机器学习培训的分类器来预测链路状态，这意味着如果最强的路径是视线（LOS）或非LOS（NLO）。对于NLOS案例，链路状态预测器还确定最强路径是否通过一个或多个反射到达。第三，基于链路状态，代理人遵循估计的角度或探索环境。该方法在补充有线跟踪的室内环境的大型数据集上进行了演示，以模拟无线传播。路径估计和链路状态分类也集成到最先进的神经同时定位和映射（SLAM）模块中，以增强相机和基于LIDAR的导航。结果表明，链路状态分类器可以成功地推广到培训集外的完全新环境。另外，具有无线路径估计和链路状态分类器的神经基模块为目标提供快速导航，接近了解目标位置的基线。

本文提出了针对回顾性神经网络（Badnets）的新型两级防御（NNOCULICULE），该案例在响应该字段中遇到的回溯测试输入，修复了预部署和在线的BADNET。在预部署阶段，NNICULICULE与清洁验证输入的随机扰动进行检测，以部分减少后门的对抗影响。部署后，NNOCULICULE通过在原始和预先部署修补网络之间录制分歧来检测和隔离测试输入。然后培训Constcan以学习清洁验证和隔离输入之间的转换;即，它学会添加触发器来清洁验证图像。回顾验证图像以及其正确的标签用于进一步重新培训预修补程序，产生我们的最终防御。关于全面的后门攻击套件的实证评估表明，NNOCLICULE优于所有最先进的防御，以制定限制性假设，并且仅在特定的后门攻击上工作，或者在适应性攻击中失败。相比之下，NNICULICULE使得最小的假设并提供有效的防御，即使在现有防御因攻击者而导致其限制假设而导致的现有防御无效的情况下。

Deep neural networks (DNNs) provide excellent performance across a wide range of classification tasks, but their training requires high computational resources and is often outsourced to third parties. Recent work has shown that outsourced training introduces the risk that a malicious trainer will return a backdoored DNN that behaves normally on most inputs but causes targeted misclassifications or degrades the accuracy of the network when a trigger known only to the attacker is present. In this paper, we provide the first effective defenses against backdoor attacks on DNNs. We implement three backdoor attacks from prior work and use them to investigate two promising defenses, pruning and fine-tuning. We show that neither, by itself, is sufficient to defend against sophisticated attackers. We then evaluate fine-pruning, a combination of pruning and fine-tuning, and show that it successfully weakens or even eliminates the backdoors, i.e., in some cases reducing the attack success rate to 0% with only a 0.4% drop in accuracy for clean (non-triggering) inputs. Our work provides the first step toward defenses against backdoor attacks in deep neural networks.

Learning policies from fixed offline datasets is a key challenge to scale up reinforcement learning (RL) algorithms towards practical applications. This is often because off-policy RL algorithms suffer from distributional shift, due to mismatch between dataset and the target policy, leading to high variance and over-estimation of value functions. In this work, we propose variance regularization for offline RL algorithms, using stationary distribution corrections. We show that by using Fenchel duality, we can avoid double sampling issues for computing the gradient of the variance regularizer. The proposed algorithm for offline variance regularization (OVAR) can be used to augment any existing offline policy optimization algorithms. We show that the regularizer leads to a lower bound to the offline policy optimization objective, which can help avoid over-estimation errors, and explains the benefits of our approach across a range of continuous control domains when compared to existing state-of-the-art algorithms.

The rapid development of remote sensing technologies have gained significant attention due to their ability to accurately localize, classify, and segment objects from aerial images. These technologies are commonly used in unmanned aerial vehicles (UAVs) equipped with high-resolution cameras or sensors to capture data over large areas. This data is useful for various applications, such as monitoring and inspecting cities, towns, and terrains. In this paper, we presented a method for classifying and segmenting city road traffic dashed lines from aerial images using deep learning models such as U-Net and SegNet. The annotated data is used to train these models, which are then used to classify and segment the aerial image into two classes: dashed lines and non-dashed lines. However, the deep learning model may not be able to identify all dashed lines due to poor painting or occlusion by trees or shadows. To address this issue, we proposed a method to add missed lines to the segmentation output. We also extracted the x and y coordinates of each dashed line from the segmentation output, which can be used by city planners to construct a CAD file for digital visualization of the roads.