As automated face recognition applications tend towards ubiquity, there is a growing need to secure the sensitive face data used within these systems. This paper presents a survey of biometric template protection (BTP) methods proposed for securing face templates (images/features) in neural-network-based face recognition systems. The BTP methods are categorised into two types: Non-NN and NN-learned. Non-NN methods use a neural network (NN) as a feature extractor, but the BTP part is based on a non-NN algorithm, whereas NN-learned methods employ a NN to learn a protected template from the unprotected template. We present examples of Non-NN and NN-learned face BTP methods from the literature, along with a discussion of their strengths and weaknesses. We also investigate the techniques used to evaluate these methods in terms of the three most common BTP criteria: recognition accuracy, irreversibility, and renewability/unlinkability. The recognition accuracy of protected face recognition systems is generally evaluated using the same (empirical) techniques employed for evaluating standard (unprotected) biometric systems. However, most irreversibility and renewability/unlinkability evaluations are found to be based on theoretical assumptions/estimates or verbal implications, with a lack of empirical validation in a practical face recognition context. So, we recommend a greater focus on empirical evaluations to provide more concrete insights into the irreversibility and renewability/unlinkability of face BTP methods in practice. Additionally, an exploration of the reproducibility of the studied BTP works, in terms of the public availability of their implementation code and evaluation datasets/procedures, suggests that it would be difficult to faithfully replicate most of the reported findings. So, we advocate for a push towards reproducibility, in the hope of advancing face BTP research.

本文提出了一种保护用于代表基于神经网络的面部验证系统中的人面的敏感面嵌入的方法。 PolyProtect使用基于由用户特定系数和指数参数参数化的多变量多项式的映射将映射变换为更安全的模板。在这项工作中，在合作用户移动面验证上下文中的两个开源面部识别系统中，在最艰难的威胁模型中对PolyProtect进行评估，该模型具有完全通知的攻击者，具有完全了解系统和其所有参数。结果表明，可以调整聚类以在多保护面部验证系统的识别准确性和多保护模板的不可逆转之间实现令人满意的权衡。此外，示出了聚保模板可有效地解释，特别是如果以非天真的方式选择在聚类映射中使用的用户特定参数。评估使用实用方法进行了实用方法，以在实践中将方法的鲁棒性展示在该方法的侵略性保护方案中。使用公开可用的代码，此工作完全可再现：https://gitlab.idiap.ch/bob/bob.paper.polyprotect_2021。

Deep Neural Networks (DNN) are becoming increasingly more important in assisted and automated driving. Using such entities which are obtained using machine learning is inevitable: tasks such as recognizing traffic signs cannot be developed reasonably using traditional software development methods. DNN however do have the problem that they are mostly black boxes and therefore hard to understand and debug. One particular problem is that they are prone to hidden backdoors. This means that the DNN misclassifies its input, because it considers properties that should not be decisive for the output. Backdoors may either be introduced by malicious attackers or by inappropriate training. In any case, detecting and removing them is important in the automotive area, as they might lead to safety violations with potentially severe consequences. In this paper, we introduce a novel method to remove backdoors. Our method works for both intentional as well as unintentional backdoors. We also do not require prior knowledge about the shape or distribution of backdoors. Experimental evidence shows that our method performs well on several medium-sized examples.

Large language models (LLMs) have been shown to be able to perform new tasks based on a few demonstrations or natural language instructions. While these capabilities have led to widespread adoption, most LLMs are developed by resource-rich organizations and are frequently kept from the public. As a step towards democratizing this powerful technology, we present BLOOM, a 176B-parameter open-access language model designed and built thanks to a collaboration of hundreds of researchers. BLOOM is a decoder-only Transformer language model that was trained on the ROOTS corpus, a dataset comprising hundreds of sources in 46 natural and 13 programming languages (59 in total). We find that BLOOM achieves competitive performance on a wide variety of benchmarks, with stronger results after undergoing multitask prompted finetuning. To facilitate future research and applications using LLMs, we publicly release our models and code under the Responsible AI License.

估计平均因果效应的理想回归（如果有）是什么？我们在离散协变量的设置中研究了这个问题，从而得出了各种分层估计器的有限样本方差的表达式。这种方法阐明了许多广泛引用的结果的基本统计现象。我们的博览会结合了研究因果效应估计的三种不同的方法论传统的见解：潜在结果，因果图和具有加性误差的结构模型。

确定对特定干预措施（医疗或政策）响应特别好（或不良）的亚组，需要专门针对因果推理量身定制的新监督学习方法。贝叶斯因果森林（BCF）是一种最近的方法，已被记录在数据生成过程中，具有强烈混杂的方法，这种方法在许多应用中都具有合理的方式。本文开发了一种用于拟合BCF模型的新型算法，该算法比先前可用的Gibbs采样器更有效。新算法可用于初始化现有Gibbs采样器的独立链，从而使模拟研究中相关间隔估计值的后验探索和覆盖率更好。通过模拟研究和经验分析将新算法与相关方法进行比较。

Shap是一种衡量机器学习模型中可变重要性的流行方法。在本文中，我们研究了用于估计外形评分的算法，并表明它是功能性方差分析分解的转换。我们使用此连接表明，在Shap近似中的挑战主要与选择功能分布的选择以及估计的$ 2^p $ ANOVA条款的数量有关。我们认为，在这种情况下，机器学习解释性和敏感性分析之间的联系是有照明的，但是直接的实际后果并不明显，因为这两个领域面临着不同的约束。机器学习的解释性问题模型可评估，但通常具有数百个（即使不是数千个）功能。敏感性分析通常处理物理或工程的模型，这些模型可能非常耗时，但在相对较小的输入空间上运行。

尽管进行了多年的研究，但跨域的概括仍然是深层网络的语义分割的关键弱点。先前的研究取决于静态模型的假设，即训练过程完成后，模型参数在测试时间保持固定。在这项工作中，我们通过一种自适应方法来挑战这一前提，用于语义分割，将推理过程调整为每个输入样本。自我适应在两个级别上运行。首先，它采用了自我监督的损失，该损失将网络中卷积层的参数定制为输入图像。其次，在批准层中，自适应近似于整个测试数据的平均值和方差，这是不可用的。它通过在训练和从单个测试样本得出的参考分布之间进行插值来实现这一目标。为了凭经验分析我们的自适应推理策略，我们制定并遵循严格的评估协议，以解决先前工作的严重局限性。我们的广泛分析得出了一个令人惊讶的结论：使用标准训练程序，自我适应大大优于强大的基准，并在多域基准测试方面设定了新的最先进的准确性。我们的研究表明，自适应推断可以补充培训时间的既定模型正规化实践，以改善深度网络的概括到异域数据。

基于仿真的推理（SBI）正在迅速将自己确立为一种标准的机器学习技术，用于分析宇宙学调查中的数据。尽管通过学习模型对密度估计的质量持续改进，但这种技术对真实数据的应用完全依赖于远远超出培训分布的神经网络的概括能力，这主要是不受限制的。由于科学家创建的模拟的不完美，以及产生所有可能参数组合的巨大计算费用，因此，宇宙学中的SBI方法很容易受到此类概括性问题的影响。在这里，我们讨论了这两个问题的效果，并展示如何使用贝叶斯神经网络框架进行训练SBI可以减轻偏见，并在培训集外产生更可靠的推理。我们介绍了CosmosWag，这是平均随机重量的首次应用，并将其应用于经过训练的SBI，以推断宇宙微波背景。

欧文（Owen）和霍伊特（Hoyt）最近表明，有效维度提供了有关人工神经网络基础的投入输出映射的关键结构信息。沿着这一研究，这项工作提出了一个估算过程，该过程允许从给定数据集计算平均维度，而无需重新采样外部分布。当功能独立时，当特征相关时，设计会产生总索引。我们表明，这种变体具有零独立性。使用合成数据集，我们分析了平均维度如何按一层演化，以及激活函数如何影响相互作用的幅度。然后，我们使用平均维度来研究一些用于图像识别的最广泛使用的卷积架构（Lenet，Resnet，Densenet）。为了说明像素相关性，我们建议在添加逆PCA层后计算平均尺寸，该层允许人们在无关的PCA转换功能上工作，而无需重新训练神经网络。我们使用广义的总索引来生产热图用于事后解释，并且我们在PCA转换特征上采用了平均维度来进行人工神经网络结构的交叉比较。结果提供了有关架构之间相互作用幅度差异的几个见解，以及有关训练过程中平均维度如何演变的指示。