我们提出了一种数据驱动的电力分配方法，在联邦学习（FL）上的受干扰有限的无线网络中的电力分配。功率策略旨在在通信约束下的流行过程中最大化传输的信息，具有提高全局流动模型的训练精度和效率的最终目标。所提出的功率分配策略使用图形卷积网络进行参数化，并且通过引流 - 双算法解决了相关的约束优化问题。数值实验表明，所提出的方法在传输成功率和流动性能方面优于三种基线方法。

一组广泛建立的无监督节点嵌入方法可以解释为由两个独特的步骤组成：i）基于兴趣图的相似性矩阵的定义，然后是II）ii）该矩阵的明确或隐式因素化。受这个观点的启发，我们提出了框架的两个步骤的改进。一方面，我们建议根据自由能距离编码节点相似性，该自由能距离在最短路径和通勤时间距离之间进行了插值，从而提供了额外的灵活性。另一方面，我们根据损耗函数提出了一种基质分解方法，该方法将Skip-Gram模型的损失函数推广到任意相似性矩阵。与基于广泛使用的$ \ ell_2 $损失的因素化相比，该方法可以更好地保留与较高相似性分数相关的节点对。此外，它可以使用高级自动分化工具包轻松实现，并通过利用GPU资源进行有效计算。在现实世界数据集上的节点聚类，节点分类和链接预测实验证明了与最先进的替代方案相比，合并基于自由能的相似性以及所提出的矩阵分解的有效性。

Machine learning (ML) models, e.g., deep neural networks (DNNs), are vulnerable to adversarial examples: malicious inputs modified to yield erroneous model outputs, while appearing unmodified to human observers. Potential attacks include having malicious content like malware identified as legitimate or controlling vehicle behavior. Yet, all existing adversarial example attacks require knowledge of either the model internals or its training data. We introduce the first practical demonstration of an attacker controlling a remotely hosted DNN with no such knowledge. Indeed, the only capability of our black-box adversary is to observe labels given by the DNN to chosen inputs. Our attack strategy consists in training a local model to substitute for the target DNN, using inputs synthetically generated by an adversary and labeled by the target DNN. We use the local substitute to craft adversarial examples, and find that they are misclassified by the targeted DNN. To perform a real-world and properly-blinded evaluation, we attack a DNN hosted by MetaMind, an online deep learning API. We find that their DNN misclassifies 84.24% of the adversarial examples crafted with our substitute. We demonstrate the general applicability of our strategy to many ML techniques by conducting the same attack against models hosted by Amazon and Google, using logistic regression substitutes. They yield adversarial examples misclassified by Amazon and Google at rates of 96.19% and 88.94%. We also find that this black-box attack strategy is capable of evading defense strategies previously found to make adversarial example crafting harder.

Deep learning takes advantage of large datasets and computationally efficient training algorithms to outperform other approaches at various machine learning tasks. However, imperfections in the training phase of deep neural networks make them vulnerable to adversarial samples: inputs crafted by adversaries with the intent of causing deep neural networks to misclassify. In this work, we formalize the space of adversaries against deep neural networks (DNNs) and introduce a novel class of algorithms to craft adversarial samples based on a precise understanding of the mapping between inputs and outputs of DNNs. In an application to computer vision, we show that our algorithms can reliably produce samples correctly classified by human subjects but misclassified in specific targets by a DNN with a 97% adversarial success rate while only modifying on average 4.02% of the input features per sample. We then evaluate the vulnerability of different sample classes to adversarial perturbations by defining a hardness measure. Finally, we describe preliminary work outlining defenses against adversarial samples by defining a predictive measure of distance between a benign input and a target classification.

Deep learning algorithms have been shown to perform extremely well on many classical machine learning problems. However, recent studies have shown that deep learning, like other machine learning techniques, is vulnerable to adversarial samples: inputs crafted to force a deep neural network (DNN) to provide adversary-selected outputs. Such attacks can seriously undermine the security of the system supported by the DNN, sometimes with devastating consequences. For example, autonomous vehicles can be crashed, illicit or illegal content can bypass content filters, or biometric authentication systems can be manipulated to allow improper access. In this work, we introduce a defensive mechanism called defensive distillation to reduce the effectiveness of adversarial samples on DNNs. We analytically investigate the generalizability and robustness properties granted by the use of defensive distillation when training DNNs. We also empirically study the effectiveness of our defense mechanisms on two DNNs placed in adversarial settings. The study shows that defensive distillation can reduce effectiveness of sample creation from 95% to less than 0.5% on a studied DNN. Such dramatic gains can be explained by the fact that distillation leads gradients used in adversarial sample creation to be reduced by a factor of 10 30 . We also find that distillation increases the average minimum number of features that need to be modified to create adversarial samples by about 800% on one of the DNNs we tested.

计算机视觉中有意义的不确定性量化需要有关语义信息的推理 - 例如，照片中的人的头发颜色或街上汽车的位置。为此，最近在生成建模方面的突破使我们能够在分离的潜在空间中代表语义信息，但是在语义潜在变量上提供不确定性仍然具有挑战性。在这项工作中，我们提供了原则上的不确定性间隔，这些间隔可保证为任何潜在的生成模型包含真正的语义因素。该方法执行以下操作：（1）它使用分位数回归来输出潜在空间中每个元素的启发式不确定性间隔（2）校准了这些不确定性，以使它们包含新的，看不见的输入的潜在值。然后可以通过发电机传播这些校准间隔的终点，以为每个语义因素产生可解释的不确定性可视化。该技术可靠地传达了语义上有意义的，有原则和实例自适应的不确定性，例如图像超分辨率和图像完成。

本文提出了一种用于处理不平衡高光谱图像分类的新型多假进化生成的对抗网络（MFEGAN）。它是一种端到端的方法，其中在发电机网络中考虑了不同的生成目标损失，以改善鉴别器网络的分类性能。因此，通过将分类器网络嵌入识别函数的顶部，相同的鉴别器网络已被用作标准分类器。通过两个高光谱空间光谱数据集验证了所提出的方法的有效性。同样的生成和鉴别者架构已经与两个不同的GAN目标用于与所提出的方法进行公平的性能比较。从实验验证中观察到所提出的方法优于最先进的方法，具有更好的分类性能。

Domain Adaptation is an actively researched problem in Computer Vision. In this work, we propose an approach that leverages unsupervised data to bring the source and target distributions closer in a learned joint feature space. We accomplish this by inducing a symbiotic relationship between the learned embedding and a generative adversarial network. This is in contrast to methods which use the adversarial framework for realistic data generation and retraining deep models with such data. We demonstrate the strength and generality of our approach by performing experiments on three different tasks with varying levels of difficulty: (1) Digit classification (MNIST, SVHN and USPS datasets) (2) Object recognition using OFFICE dataset and (3) Domain adaptation from synthetic to real data. Our method achieves state-of-the art performance in most experimental settings and by far the only GAN-based method that has been shown to work well across different datasets such as OFFICE and DIGITS.