Monumental advancements in artificial intelligence (AI) have lured the interest of doctors, lenders, judges, and other professionals. While these high-stakes decision-makers are optimistic about the technology, those familiar with AI systems are wary about the lack of transparency of its decision-making processes. Perturbation-based post hoc explainers offer a model agnostic means of interpreting these systems while only requiring query-level access. However, recent work demonstrates that these explainers can be fooled adversarially. This discovery has adverse implications for auditors, regulators, and other sentinels. With this in mind, several natural questions arise - how can we audit these black box systems? And how can we ascertain that the auditee is complying with the audit in good faith? In this work, we rigorously formalize this problem and devise a defense against adversarial attacks on perturbation-based explainers. We propose algorithms for the detection (CAD-Detect) and defense (CAD-Defend) of these attacks, which are aided by our novel conditional anomaly detection approach, KNN-CAD. We demonstrate that our approach successfully detects whether a black box system adversarially conceals its decision-making process and mitigates the adversarial attack on real-world data for the prevalent explainers, LIME and SHAP.

深度学习的巨大进步导致了跨越众多领域的前所未有的成就。虽然深度神经网络的性能是可培制的，但这种模型的架构设计和可解释性是非竞争的。已经引入了通过神经结构搜索（NAS）自动化神经网络架构的设计。最近的进展通过利用分布式计算和新颖的优化算法，这些方法更加务实。但是，在优化架构以获得可解释性的情况下几乎没有作用。为此，我们提出了一种多目标分布式NAS框架，可针对任务性能和内省进行优化。我们利用非主导的分类遗传算法（NSGA-II）并说明可以通过人类更好地理解的造成架构的AI（XAI）技术。框架在几个图像分类数据集上进行评估。我们展示了对内省能力和任务错误的联合优化，导致更具脱屑的体系结构，可在可容忍的错误中执行。

评估模型健身是许多问题的重要一步。模型通常通过最大程度地减少损失函数（例如正方形或负模样）来训练数据，并且自然希望对未来数据造成低损失。这封信考虑使用测试数据集来表征模型的样本外损失。我们提出了一个简单的模型诊断工具，该工具在弱假设下提供有限样本保证。该工具在计算上是有效的，可以解释为经验分位数。提出了几个数值实验，以显示所提出的方法如何量化分布移位的影响，有助于回归分析，并实现模型选择以及超参数调整。

监督的学习任务，例如GigaiPixel全幻灯片图像（WSIS）等癌症存活预测是计算病理学中的关键挑战，需要对肿瘤微环境的复杂特征进行建模。这些学习任务通常通过不明确捕获肿瘤内异质性的深层多企业学习（MIL）模型来解决。我们开发了一种新颖的差异池体系结构，使MIL模型能够将肿瘤内异质性纳入其预测中。说明了基于代表性补丁的两个可解释性工具，以探测这些模型捕获的生物学信号。一项针对癌症基因组图集的4,479吉普像素WSI的实证研究表明，在MIL框架上增加方差汇总可改善五种癌症类型的生存预测性能。

我们考虑通过网络攻击者生成对抗性恶意软件的问题，其中攻击者的任务是在现有二进制恶意软件文件中战略性地修改某些字节，以便修改的文件能够避免恶意软件检测器，例如基于机器学习的恶意软件分类器。我们使用从单个公开可用的恶意软件数据集绘制的二进制恶意软件样本进行了评估了三个最近的对抗恶意软件生成技术，并将其进行了比较了它们的性能，以逃避称为MALCONV的基于机器学习的恶意软件分类器。我们的结果表明，在比较技术中，最有效的技术是战略性地修改二进制标题中字节的技术。我们通过讨论对对抗对抗恶意软件生成主题的经验教训和未来的研究方向来结束。

An increasingly important data analytic challenge is understanding the relationships between subpopulations. Various visualization methods that provide many useful insights into those relationships are popular, especially in bioinformatics. This paper proposes a novel and rigorous approach to quantifying subpopulation relationships called the Population Difference Criterion (PDC). PDC is simultaneously a quantitative and visual approach to showing separation of subpopulations. It uses subpopulation centers, the respective variation about those centers and the relative subpopulation sizes. This is accomplished by drawing motivation for the PDC from classical permutation based hypothesis testing, while taking that type of idea into non-standard conceptual territory. In particular, the domain of very small P values is seen to seem to provide useful comparisons of data sets. Simulated permutation variation is carefully investigated, and we found that a balanced permutation approach is more informative in high signal (i.e large subpopulation difference) contexts, than conventional approaches based on all permutations. This result is quite surprising in view of related work done in low signal contexts, which came to the opposite conclusion. This issue is resolved by the proposal of an appropriate adjustment. Permutation variation is also quantified by a proposed bootstrap confidence interval, and demonstrated to be useful in understanding subpopulation relationships with cancer data.