机器学习模型容易记住敏感数据，使它们容易受到会员推理攻击的攻击，其中对手的目的是推断是否使用输入样本来训练模型。在过去的几年中，研究人员产生了许多会员推理攻击和防御。但是，这些攻击和防御采用各种策略，并在不同的模型和数据集中进行。但是，缺乏全面的基准意味着我们不了解现有攻击和防御的优势和劣势。我们通过对不同的会员推理攻击和防御措施进行大规模测量来填补这一空白。我们通过研究九项攻击和六项防御措施来系统化成员的推断，并在整体评估中衡量不同攻击和防御的性能。然后，我们量化威胁模型对这些攻击结果的影响。我们发现，威胁模型的某些假设，例如相同架构和阴影和目标模型之间的相同分布是不必要的。我们也是第一个对从Internet收集的现实世界数据而不是实验室数据集进行攻击的人。我们进一步研究是什么决定了会员推理攻击的表现，并揭示了通常认为过度拟合水平不足以成功攻击。取而代之的是，成员和非成员样本之间的熵/横向熵的詹森 - 香农距离与攻击性能的相关性更好。这为我们提供了一种新的方法，可以在不进行攻击的情况下准确预测会员推理风险。最后，我们发现数据增强在更大程度上降低了现有攻击的性能，我们提出了使用增强作用的自适应攻击来训练阴影和攻击模型，以改善攻击性能。

现有的对抗示例研究重点是在现有自然图像数据集之上进行数字插入的扰动。这种对抗性例子的构造是不现实的，因为攻击者由于感应和环境影响而在现实世界中部署这种攻击可能是困难的，甚至是不可能的。为了更好地理解针对网络物理系统的对抗性示例，我们提出了通过模拟近似现实世界的。在本文中，我们描述了我们的合成数据集生成工具，该工具可以可扩展收集具有现实的对抗示例的合成数据集。我们使用Carla模拟器收集此类数据集并演示与现实世界图像相同的环境变换和处理的模拟攻击。我们的工具已用于收集数据集以帮助评估对抗性示例的功效，并可以在https://github.com/carla-simulator/carla/pull/4992上找到。

Topological data analysis (TDA) is an expanding field that leverages principles and tools from algebraic topology to quantify structural features of data sets or transform them into more manageable forms. As its theoretical foundations have been developed, TDA has shown promise in extracting useful information from high-dimensional, noisy, and complex data such as those used in biomedicine. To operate efficiently, these techniques may employ landmark samplers, either random or heuristic. The heuristic maxmin procedure obtains a roughly even distribution of sample points by implicitly constructing a cover comprising sets of uniform radius. However, issues arise with data that vary in density or include points with multiplicities, as are common in biomedicine. We propose an analogous procedure, "lastfirst" based on ranked distances, which implies a cover comprising sets of uniform cardinality. We first rigorously define the procedure and prove that it obtains landmarks with desired properties. We then perform benchmark tests and compare its performance to that of maxmin, on feature detection and class prediction tasks involving simulated and real-world biomedical data. Lastfirst is more general than maxmin in that it can be applied to any data on which arbitrary (and not necessarily symmetric) pairwise distances can be computed. Lastfirst is more computationally costly, but our implementation scales at the same rate as maxmin. We find that lastfirst achieves comparable performance on prediction tasks and outperforms maxmin on homology detection tasks. Where the numerical values of similarity measures are not meaningful, as in many biomedical contexts, lastfirst sampling may also improve interpretability.

The number of international benchmarking competitions is steadily increasing in various fields of machine learning (ML) research and practice. So far, however, little is known about the common practice as well as bottlenecks faced by the community in tackling the research questions posed. To shed light on the status quo of algorithm development in the specific field of biomedical imaging analysis, we designed an international survey that was issued to all participants of challenges conducted in conjunction with the IEEE ISBI 2021 and MICCAI 2021 conferences (80 competitions in total). The survey covered participants' expertise and working environments, their chosen strategies, as well as algorithm characteristics. A median of 72% challenge participants took part in the survey. According to our results, knowledge exchange was the primary incentive (70%) for participation, while the reception of prize money played only a minor role (16%). While a median of 80 working hours was spent on method development, a large portion of participants stated that they did not have enough time for method development (32%). 25% perceived the infrastructure to be a bottleneck. Overall, 94% of all solutions were deep learning-based. Of these, 84% were based on standard architectures. 43% of the respondents reported that the data samples (e.g., images) were too large to be processed at once. This was most commonly addressed by patch-based training (69%), downsampling (37%), and solving 3D analysis tasks as a series of 2D tasks. K-fold cross-validation on the training set was performed by only 37% of the participants and only 50% of the participants performed ensembling based on multiple identical models (61%) or heterogeneous models (39%). 48% of the respondents applied postprocessing steps.

Human speech can be characterized by different components, including semantic content, speaker identity and prosodic information. Significant progress has been made in disentangling representations for semantic content and speaker identity in Automatic Speech Recognition (ASR) and speaker verification tasks respectively. However, it is still an open challenging research question to extract prosodic information because of the intrinsic association of different attributes, such as timbre and rhythm, and because of the need for unsupervised training schemes to achieve robust large-scale and speaker-independent ASR. The aim of this paper is to address the disentanglement of emotional prosody from speech based on unsupervised reconstruction. Specifically, we identify, design, implement and integrate three crucial components in our proposed speech reconstruction model Prosody2Vec: (1) a unit encoder that transforms speech signals into discrete units for semantic content, (2) a pretrained speaker verification model to generate speaker identity embeddings, and (3) a trainable prosody encoder to learn prosody representations. We first pretrain the Prosody2Vec representations on unlabelled emotional speech corpora, then fine-tune the model on specific datasets to perform Speech Emotion Recognition (SER) and Emotional Voice Conversion (EVC) tasks. Both objective and subjective evaluations on the EVC task suggest that Prosody2Vec effectively captures general prosodic features that can be smoothly transferred to other emotional speech. In addition, our SER experiments on the IEMOCAP dataset reveal that the prosody features learned by Prosody2Vec are complementary and beneficial for the performance of widely used speech pretraining models and surpass the state-of-the-art methods when combining Prosody2Vec with HuBERT representations. Some audio samples can be found on our demo website.

The task of emotion recognition in conversations (ERC) benefits from the availability of multiple modalities, as offered, for example, in the video-based MELD dataset. However, only a few research approaches use both acoustic and visual information from the MELD videos. There are two reasons for this: First, label-to-video alignments in MELD are noisy, making those videos an unreliable source of emotional speech data. Second, conversations can involve several people in the same scene, which requires the detection of the person speaking the utterance. In this paper we demonstrate that by using recent automatic speech recognition and active speaker detection models, we are able to realign the videos of MELD, and capture the facial expressions from uttering speakers in 96.92% of the utterances provided in MELD. Experiments with a self-supervised voice recognition model indicate that the realigned MELD videos more closely match the corresponding utterances offered in the dataset. Finally, we devise a model for emotion recognition in conversations trained on the face and audio information of the MELD realigned videos, which outperforms state-of-the-art models for ERC based on vision alone. This indicates that active speaker detection is indeed effective for extracting facial expressions from the uttering speakers, and that faces provide more informative visual cues than the visual features state-of-the-art models have been using so far.

科学家经常使用观察时间序列数据来研究从气候变化到民间冲突再到大脑活动的复杂自然过程。但是对这些数据的回归分析通常假定简单的动态。深度学习的最新进展使从语音理解到核物理学再到竞争性游戏的复杂过程模型的表现实现了令人震惊的改进。但是深度学习通常不用于科学分析。在这里，我们通过证明可以使用深度学习，不仅可以模仿，而且可以分析复杂的过程，在保留可解释性的同时提供灵活的功能近似。我们的方法 - 连续时间反向逆转回归神经网络（CDRNN） - 放宽标准简化的假设（例如，线性，平稳性和同质性）对于许多自然系统来说是不可信的，并且可能会严重影响数据的解释。我们评估CDRNNS对人类语言处理，这是一个具有复杂连续动态的领域。我们证明了行为和神经影像数据中预测可能性的显着改善，我们表明CDRNN可以在探索性分析中灵活发现新型模式，在确认分析中对可能的混杂性提供强有力的控制，并打开否则就可以使用这些问题来进行研究，这些问题否则就可以使用这些问题来进行研究，而这些问题否则就可以使用这些问题进行研究，而这些问题否则就可以使用这些问题进行研究。观察数据。

随着卷积神经网络（CNN）在物体识别方面变得更加准确，它们的表示与灵长类动物的视觉系统越来越相似。这一发现激发了我们和其他研究人员询问该含义是否也以另一种方式运行：如果CNN表示更像大脑，网络会变得更加准确吗？以前解决这个问题的尝试显示出非常适中的准确性，部分原因是正则化方法的局限性。为了克服这些局限性，我们开发了一种新的CNN神经数据正常化程序，该数据正常化程序使用深层规范相关分析（DCCA）来优化CNN图像表示与猴子视觉皮层的相似之处。使用这种新的神经数据正常化程序，与先前的最新神经数据正则化器相比，我们看到分类准确性和少级精度的性能提高得多。这些网络对对抗性攻击也比未注册的攻击更强大。这些结果共同证实，神经数据正则化可以提高CNN的性能，并引入了一种获得更大性能提升的新方法。

声音是现实世界中最有用，最丰富的方式之一，同时可以通过可以放置在移动设备上的小型和便宜的传感器来感知不接触。尽管深度学习能够从多个感官输入中提取信息，但很少有声音控制和学习机器人动作。对于无监督的强化学习，预计代理人将积极地收集经验，并以一种自制的方式共同学习代表和政策。我们使用基于物理的声音模拟来构建逼真的机器人操作场景，并提出内在的好奇模块（ISCM）。 ISCM向加强学习者提供反馈，以学习强大的表示并奖励更有效的探索行为。我们在适应过程中对启用声音进行了启用的声音实验，并表明ISCM所学的表示形式优于仅视力基线的基本线和预训练的策略，可以在应用于下游任务时加速学习过程。

我们的运输世界正在迅速转变，自治水平不断提高。但是，为了获得全自动车辆的许可以供广泛的公众使用，有必要确保整个系统的安全性，这仍然是一个挑战。这尤其适用于基于AI的感知系统，这些系统必须处理各种环境条件和道路使用者，与此同时，应强调地检测所有相关的对象（即不应发生检测失误）。然而，有限的培训和验证数据可以证明无故障操作几乎无法实现，因为感知系统可能会暴露于公共道路上的新事物或未知的物体或条件。因此，需要针对基于AI的感知系统的新安全方法。因此，我们在本文中提出了一种新型的层次监视方法，能够从主要感知系统验证对象列表，可以可靠地检测检测失误，同时具有非常低的错误警报率。