Artificial Intelligence (AI) systems have been increasingly used to make decision-making processes faster, more accurate, and more efficient. However, such systems are also at constant risk of being attacked. While the majority of attacks targeting AI-based applications aim to manipulate classifiers or training data and alter the output of an AI model, recently proposed Sponge Attacks against AI models aim to impede the classifier's execution by consuming substantial resources. In this work, we propose \textit{Dual Denial of Decision (DDoD) attacks against collaborative Human-AI teams}. We discuss how such attacks aim to deplete \textit{both computational and human} resources, and significantly impair decision-making capabilities. We describe DDoD on human and computational resources and present potential risk scenarios in a series of exemplary domains.

Named entity recognition models (NER), are widely used for identifying named entities (e.g., individuals, locations, and other information) in text documents. Machine learning based NER models are increasingly being applied in privacy-sensitive applications that need automatic and scalable identification of sensitive information to redact text for data sharing. In this paper, we study the setting when NER models are available as a black-box service for identifying sensitive information in user documents and show that these models are vulnerable to membership inference on their training datasets. With updated pre-trained NER models from spaCy, we demonstrate two distinct membership attacks on these models. Our first attack capitalizes on unintended memorization in the NER's underlying neural network, a phenomenon NNs are known to be vulnerable to. Our second attack leverages a timing side-channel to target NER models that maintain vocabularies constructed from the training data. We show that different functional paths of words within the training dataset in contrast to words not previously seen have measurable differences in execution time. Revealing membership status of training samples has clear privacy implications, e.g., in text redaction, sensitive words or phrases to be found and removed, are at risk of being detected in the training dataset. Our experimental evaluation includes the redaction of both password and health data, presenting both security risks and privacy/regulatory issues. This is exacerbated by results that show memorization with only a single phrase. We achieved 70% AUC in our first attack on a text redaction use-case. We also show overwhelming success in the timing attack with 99.23% AUC. Finally we discuss potential mitigation approaches to realize the safe use of NER models in light of the privacy and security implications of membership inference attacks.

语言模型既展示了定量的改进，又展示了新的定性功能，随着规模的增加。尽管它们具有潜在的变革性影响，但这些新能力的特征却很差。为了为未来的研究提供信息，为破坏性的新模型能力做准备，并改善社会有害的效果，至关重要的是，我们必须了解目前和近乎未来的能力和语言模型的局限性。为了应对这一挑战，我们介绍了超越模仿游戏基准（Big Bench）。 Big Bench目前由204个任务组成，由132家机构的442位作者贡献。任务主题是多样的，从语言学，儿童发展，数学，常识性推理，生物学，物理学，社会偏见，软件开发等等。 Big-Bench专注于被认为超出当前语言模型的功能的任务。我们评估了OpenAI的GPT型号，Google内部密集变压器体系结构和大型基础上的开关稀疏变压器的行为，跨越了数百万到数十亿个参数。此外，一个人类专家评估者团队执行了所有任务，以提供强大的基准。研究结果包括：模型性能和校准都随规模改善，但绝对的术语（以及与评估者的性能相比）；在模型类中的性能非常相似，尽管带有稀疏性。逐渐和预测的任务通常涉及大量知识或记忆成分，而在临界规模上表现出“突破性”行为的任务通常涉及多个步骤或组成部分或脆性指标；社交偏见通常会随着含糊不清的环境而随着规模而增加，但这可以通过提示来改善。

Large language models (LLMs) have been shown to be able to perform new tasks based on a few demonstrations or natural language instructions. While these capabilities have led to widespread adoption, most LLMs are developed by resource-rich organizations and are frequently kept from the public. As a step towards democratizing this powerful technology, we present BLOOM, a 176B-parameter open-access language model designed and built thanks to a collaboration of hundreds of researchers. BLOOM is a decoder-only Transformer language model that was trained on the ROOTS corpus, a dataset comprising hundreds of sources in 46 natural and 13 programming languages (59 in total). We find that BLOOM achieves competitive performance on a wide variety of benchmarks, with stronger results after undergoing multitask prompted finetuning. To facilitate future research and applications using LLMs, we publicly release our models and code under the Responsible AI License.

成功的点云注册依赖于在强大的描述符上建立的准确对应关系。但是，现有的神经描述符要么利用旋转变化的主链，其性能在较大的旋转下下降，要么编码局部几何形状，而局部几何形状不太明显。为了解决这个问题，我们介绍Riga以学习由设计和全球了解的旋转不变的描述符。从稀疏局部区域的点对特征（PPF）中，旋转不变的局部几何形状被编码为几何描述符。随后，全球对3D结构和几何环境的认识都以旋转不变的方式合并。更具体地说，整个框架的3D结构首先由我们的全球PPF签名表示，从中学到了结构描述符，以帮助几何描述符感知本地区域以外的3D世界。然后将整个场景的几何上下文全局汇总到描述符中。最后，将稀疏区域的描述插值到密集的点描述符，从中提取对应关系进行注册。为了验证我们的方法，我们对对象和场景级数据进行了广泛的实验。在旋转较大的情况下，Riga就模型Net40的相对旋转误差而超过了最先进的方法8 \度，并将特征匹配的回忆提高了3DLOMATCH上的至少5个百分点。

In natural language understanding (NLU) production systems, users' evolving needs necessitate the addition of new features over time, indexed by new symbols added to the meaning representation space. This requires additional training data and results in ever-growing datasets. We present the first systematic investigation of this incremental symbol learning scenario. Our analysis reveals a troubling quirk in building broad-coverage NLU systems: as the training dataset grows, performance on the new symbol often decreases if we do not accordingly increase its training data. This suggests that it becomes more difficult to learn new symbols with a larger training dataset. We show that this trend holds for multiple mainstream models on two common NLU tasks: intent recognition and semantic parsing. Rejecting class imbalance as the sole culprit, we reveal that the trend is closely associated with an effect we call source signal dilution, where strong lexical cues for the new symbol become diluted as the training dataset grows. Selectively dropping training examples to prevent dilution often reverses the trend, showing the over-reliance of mainstream neural NLU models on simple lexical cues. Code, models, and data are available at https://aka.ms/nlu-incremental-symbol-learning

使用X光片级注释（是或否疾病）和细粒病变级注释（病变边界框）开发了两个DL模型，分别为Chexnet和ChexDet。在测试集（n = 2,922）中比较了模型的内部分类性能和病变定位性能，在NIH-Google（n = 4,376）和Padchest（n = 24,536）数据集上比较了外部分类性能，以及外部病变的本地化性能性能在NIH-Chestx-Ray14数据集（n = 880）上进行了比较。还将模型与内部测试集子集的放射学家进行了比较（n = 496）。鉴于足够的训练数据，这两个模型都与放射科医生相当。 CHEXDET对外部分类有了显着改善，例如在NIH-Google上分类（ROC曲线下的ChexDet区域[AUC]：0.67：Chexnet AUC：0.51; P <.001）和PadChest（ChexDet AUC：0.78，Chexnet AUC，Chexnet AUC，Chexnet AUC，Chexnet auc：chexnet auc auc：chexnet auc auc auc：0.78，chexnet auc auc： ：0.55; p <.001）。对于所有数据集的大多数异常，例如在内部集合中检测气胸（Chexdet Jacknife替代自由响应ROC的功绩[JAFROC-FOM]：0.87，0.87，CHEXNET JAFROC-FOM：0.113） ; p <.001）和NIH-Chestx-Ray14（Chexdet Jafroc-fom：0.55，Chexnet Jafroc-fom：0.04; p <.001）。总结，细粒的注释克服了快捷方式学习并启用了DL模型，以识别正确的病变模式，从而改善模型的概括性。

可变形图像注册在医学图像分析的各种任务中起着至关重要的作用。从常规能源优化或深层网络中得出的成功的注册算法需要从计算机专家那里进行巨大努力来井设计注册能源，或者仔细调整特定类型的医疗数据类型的网络架构。为了解决上述问题，本文提出了一种自动学习注册算法（Autoreg），该算法（Autoreg）合作优化了建筑及其相应的培训目标，使非计算机专家，例如医疗/临床用户，以方便地查找现有的注册各种情况的算法。具体而言，我们建立了一个三级框架，以自动搜索机制和合作优化来推导注册网络体系结构和目标。我们对多站点卷数据集和各种注册任务进行图像注册实验。广泛的结果表明，我们的自动化可能会自动学习给定量的最佳深度注册网络并实现最先进的性能，也比主流UNET体系结构显着提高了计算效率（从0.558到0.558至0.270秒，对于3D图像对相同的配置）。

磁共振光谱（MRS）是揭示代谢信息的无创工具。 1H-MRS的一个挑战是低信号噪声比（SNR）。为了改善SNR，一种典型的方法是用M重复样品进行信号平均（SA）。但是，数据采集时间相应地增加了M次，并且在公共环境M = 128时，完整的临床MRS SCAN大约需要10分钟。最近，引入了深度学习以改善SNR，但大多数人将模拟数据用作培训集。这可能会阻碍MRS应用程序，因为某些潜在差异（例如获取系统的缺陷）以及模拟和体内数据之间可能存在生理和心理条件。在这里，我们提出了一种新方案，该方案纯粹使用了现实数据的重复样本。深度学习模型，拒绝长期记忆（RELSTM），旨在学习从低SNR时间域数据（24 SA）到高SNR ONE（128 SA）的映射。对7个健康受试者，2名脑肿瘤患者和1名脑梗塞患者的体内脑光谱进行实验表明，仅使用20％的重复样品，RelstM的DeNoed Spectra可以为128 SA提供可比的代谢物。与最先进的低级别去核法相比，RELSTM在量化某些重要的生物标志物时达到了较低的相对误差和cram \'er-rao下限。总而言之，RELSTM可以在快速获取（24 SA）下对光谱进行高保真降级，这对MRS临床研究很有价值。

As one of the most important psychic stress reactions, micro-expressions (MEs), are spontaneous and transient facial expressions that can reveal the genuine emotions of human beings. Thus, recognizing MEs (MER) automatically is becoming increasingly crucial in the field of affective computing, and provides essential technical support in lie detection, psychological analysis and other areas. However, the lack of abundant ME data seriously restricts the development of cutting-edge data-driven MER models. Despite the recent efforts of several spontaneous ME datasets to alleviate this problem, it is still a tiny amount of work. To solve the problem of ME data hunger, we construct a dynamic spontaneous ME dataset with the largest current ME data scale, called DFME (Dynamic Facial Micro-expressions), which includes 7,526 well-labeled ME videos induced by 671 participants and annotated by more than 20 annotators throughout three years. Afterwards, we adopt four classical spatiotemporal feature learning models on DFME to perform MER experiments to objectively verify the validity of DFME dataset. In addition, we explore different solutions to the class imbalance and key-frame sequence sampling problems in dynamic MER respectively on DFME, so as to provide a valuable reference for future research. The comprehensive experimental results show that our DFME dataset can facilitate the research of automatic MER, and provide a new benchmark for MER. DFME will be published via https://mea-lab-421.github.io.