联合学习（FL）是一项广泛采用的分布式学习范例，在实践中，打算在利用所有参与者的整个数据集进行培训的同时保护用户的数据隐私。在FL中，多种型号在用户身上独立培训，集中聚合以在迭代过程中更新全局模型。虽然这种方法在保护隐私方面是优异的，但FL仍然遭受攻击或拜占庭故障等质量问题。最近的一些尝试已经解决了对FL的强大聚集技术的这种质量挑战。然而，最先进的（SOTA）强大的技术的有效性尚不清楚并缺乏全面的研究。因此，为了更好地了解这些SOTA流域的当前质量状态和挑战在存在攻击和故障的情况下，我们进行了大规模的实证研究，以研究SOTA FL的质量，从多个攻击角度，模拟故障（通过突变运算符）和聚合（防御）方法。特别是，我们对两个通用图像数据集和一个现实世界联邦医学图像数据集进行了研究。我们还系统地调查了攻击用户和独立和相同分布的（IID）因子，每个数据集的攻击/故障的分布对鲁棒性结果的影响。经过496个配置进行大规模分析后，我们发现每个用户的大多数突变者对最终模型具有可忽略不计的影响。此外，选择最强大的FL聚合器取决于攻击和数据集。最后，我们说明了可以实现几乎在所有攻击和配置上的任何单个聚合器以及具有简单集合模型的所有攻击和配置的常用解决方案的通用解决方案。

深度神经网络（DNNS）在训练过程中容易受到后门攻击的影响。该模型以这种方式损坏正常起作用，但是当输入中的某些模式触发时，会产生预定义的目标标签。现有防御通常依赖于通用后门设置的假设，其中有毒样品共享相同的均匀扳机。但是，最近的高级后门攻击表明，这种假设在动态后门中不再有效，在动态后门中，触发者因输入而异，从而击败了现有的防御。在这项工作中，我们提出了一种新颖的技术BEATRIX（通过革兰氏矩阵检测）。 BEATRIX利用革兰氏矩阵不仅捕获特征相关性，还可以捕获表示形式的适当高阶信息。通过从正常样本的激活模式中学习类条件统计，BEATRIX可以通过捕获激活模式中的异常来识别中毒样品。为了进一步提高识别目标标签的性能，BEATRIX利用基于内核的测试，而无需对表示分布进行任何先前的假设。我们通过与最先进的防御技术进行了广泛的评估和比较来证明我们的方法的有效性。实验结果表明，我们的方法在检测动态后门时达到了91.1％的F1得分，而最新技术只能达到36.9％。

随着视频数量的越来越多，对技术的需求很大，可以帮助人们迅速导航到他们感兴趣的视频片段。但是，当前的视频理解主要理解主要是视频内容摘要，而几乎没有努力，而对探索视频的结构。受文本轮廓生成的启发，我们介绍了一项新颖的视频理解任务，即视频大纲生成（VOG）。该任务定义为包含两个子任务：（1）首先根据内容结构对视频进行分割，然后（2）为每个段生成一个标题。要学习和评估VOG，我们注释了一个10K+数据集，称为Duvog。具体来说，我们使用OCR工具来识别视频的字幕。然后，要求注释者将字幕分为章节，并将每个章节分为标题。在视频中，突出显示的文本往往是标题，因为它更有可能引起人们的注意。因此，我们提出了一个视觉字幕功能增强的视频大纲生成模型（VSENET），该模型将文本字幕及其视觉字体大小和位置作为输入。我们将VOG任务视为一个序列标记问题，该问题提取了跨标题的位置，然后将其重写以形成最终大纲。此外，基于视频概述和文本概述之间的相似性，我们使用大量文章带有章节标题来预先我们的模型。 Duvog上的实验表明，我们的模型在很大程度上胜过其他基线方法，对于视频分割水平达到了77.1的F1得分，对于标题生成级别的Rouge-L_F0.5的85.0。

每时每刻都生产出许多不同质量的物品，因此将这些数据筛选为质量文章并将其投入到社交媒体上是一项非常紧迫的任务。值得注意的是，高质量的文章具有许多特征，例如相关性，文本质量，直接，多面，背景，新颖性和情感。因此，纯粹使用文章的内容来识别其质量是不够的。因此，我们计划使用外部知识互动来完善性能，并根据百度百科全书提出知识图增强文章质量标识数据集（KGEA）。我们通过7个维度量化了这些文章，并使用文章和百度百科全书之间实体的同时出现，以构建每篇文章的知识图。我们还比较了一些文本分类基线，发现外部知识可以将文章引导到与图神经网络更具竞争力的分类。

Video classification systems are vulnerable to adversarial attacks, which can create severe security problems in video verification. Current black-box attacks need a large number of queries to succeed, resulting in high computational overhead in the process of attack. On the other hand, attacks with restricted perturbations are ineffective against defenses such as denoising or adversarial training. In this paper, we focus on unrestricted perturbations and propose StyleFool, a black-box video adversarial attack via style transfer to fool the video classification system. StyleFool first utilizes color theme proximity to select the best style image, which helps avoid unnatural details in the stylized videos. Meanwhile, the target class confidence is additionally considered in targeted attacks to influence the output distribution of the classifier by moving the stylized video closer to or even across the decision boundary. A gradient-free method is then employed to further optimize the adversarial perturbations. We carry out extensive experiments to evaluate StyleFool on two standard datasets, UCF-101 and HMDB-51. The experimental results demonstrate that StyleFool outperforms the state-of-the-art adversarial attacks in terms of both the number of queries and the robustness against existing defenses. Moreover, 50% of the stylized videos in untargeted attacks do not need any query since they can already fool the video classification model. Furthermore, we evaluate the indistinguishability through a user study to show that the adversarial samples of StyleFool look imperceptible to human eyes, despite unrestricted perturbations.

A recent trojan attack on deep neural network (DNN) models is one insidious variant of data poisoning attacks. Trojan attacks exploit an effective backdoor created in a DNN model by leveraging the difficulty in interpretability of the learned model to misclassify any inputs signed with the attacker's chosen trojan trigger. Since the trojan trigger is a secret guarded and exploited by the attacker, detecting such trojan inputs is a challenge, especially at run-time when models are in active operation. This work builds STRong Intentional Perturbation (STRIP) based run-time trojan attack detection system and focuses on vision system. We intentionally perturb the incoming input, for instance by superimposing various image patterns, and observe the randomness of predicted classes for perturbed inputs from a given deployed model-malicious or benign. A low entropy in predicted classes violates the input-dependence property of a benign model and implies the presence of a malicious input-a characteristic of a trojaned input. The high efficacy of our method is validated through case studies on three popular and contrasting datasets: MNIST, CIFAR10 and GTSRB. We achieve an overall false acceptance rate (FAR) of less than 1%, given a preset false rejection rate (FRR) of 1%, for different types of triggers. Using CIFAR10 and GTSRB, we have empirically achieved result of 0% for both FRR and FAR. We have also evaluated STRIP robustness against a number of trojan attack variants and adaptive attacks.

Benefiting from the intrinsic supervision information exploitation capability, contrastive learning has achieved promising performance in the field of deep graph clustering recently. However, we observe that two drawbacks of the positive and negative sample construction mechanisms limit the performance of existing algorithms from further improvement. 1) The quality of positive samples heavily depends on the carefully designed data augmentations, while inappropriate data augmentations would easily lead to the semantic drift and indiscriminative positive samples. 2) The constructed negative samples are not reliable for ignoring important clustering information. To solve these problems, we propose a Cluster-guided Contrastive deep Graph Clustering network (CCGC) by mining the intrinsic supervision information in the high-confidence clustering results. Specifically, instead of conducting complex node or edge perturbation, we construct two views of the graph by designing special Siamese encoders whose weights are not shared between the sibling sub-networks. Then, guided by the high-confidence clustering information, we carefully select and construct the positive samples from the same high-confidence cluster in two views. Moreover, to construct semantic meaningful negative sample pairs, we regard the centers of different high-confidence clusters as negative samples, thus improving the discriminative capability and reliability of the constructed sample pairs. Lastly, we design an objective function to pull close the samples from the same cluster while pushing away those from other clusters by maximizing and minimizing the cross-view cosine similarity between positive and negative samples. Extensive experimental results on six datasets demonstrate the effectiveness of CCGC compared with the existing state-of-the-art algorithms.

To generate high quality rendering images for real time applications, it is often to trace only a few samples-per-pixel (spp) at a lower resolution and then supersample to the high resolution. Based on the observation that the rendered pixels at a low resolution are typically highly aliased, we present a novel method for neural supersampling based on ray tracing 1/4-spp samples at the high resolution. Our key insight is that the ray-traced samples at the target resolution are accurate and reliable, which makes the supersampling an interpolation problem. We present a mask-reinforced neural network to reconstruct and interpolate high-quality image sequences. First, a novel temporal accumulation network is introduced to compute the correlation between current and previous features to significantly improve their temporal stability. Then a reconstruct network based on a multi-scale U-Net with skip connections is adopted for reconstruction and generation of the desired high-resolution image. Experimental results and comparisons have shown that our proposed method can generate higher quality results of supersampling, without increasing the total number of ray-tracing samples, over current state-of-the-art methods.

Temporal sentence grounding (TSG) aims to identify the temporal boundary of a specific segment from an untrimmed video by a sentence query. All existing works first utilize a sparse sampling strategy to extract a fixed number of video frames and then conduct multi-modal interactions with query sentence for reasoning. However, we argue that these methods have overlooked two indispensable issues: 1) Boundary-bias: The annotated target segment generally refers to two specific frames as corresponding start and end timestamps. The video downsampling process may lose these two frames and take the adjacent irrelevant frames as new boundaries. 2) Reasoning-bias: Such incorrect new boundary frames also lead to the reasoning bias during frame-query interaction, reducing the generalization ability of model. To alleviate above limitations, in this paper, we propose a novel Siamese Sampling and Reasoning Network (SSRN) for TSG, which introduces a siamese sampling mechanism to generate additional contextual frames to enrich and refine the new boundaries. Specifically, a reasoning strategy is developed to learn the inter-relationship among these frames and generate soft labels on boundaries for more accurate frame-query reasoning. Such mechanism is also able to supplement the absent consecutive visual semantics to the sampled sparse frames for fine-grained activity understanding. Extensive experiments demonstrate the effectiveness of SSRN on three challenging datasets.

Representing and synthesizing novel views in real-world dynamic scenes from casual monocular videos is a long-standing problem. Existing solutions typically approach dynamic scenes by applying geometry techniques or utilizing temporal information between several adjacent frames without considering the underlying background distribution in the entire scene or the transmittance over the ray dimension, limiting their performance on static and occlusion areas. Our approach $\textbf{D}$istribution-$\textbf{D}$riven neural radiance fields offers high-quality view synthesis and a 3D solution to $\textbf{D}$etach the background from the entire $\textbf{D}$ynamic scene, which is called $\text{D}^4$NeRF. Specifically, it employs a neural representation to capture the scene distribution in the static background and a 6D-input NeRF to represent dynamic objects, respectively. Each ray sample is given an additional occlusion weight to indicate the transmittance lying in the static and dynamic components. We evaluate $\text{D}^4$NeRF on public dynamic scenes and our urban driving scenes acquired from an autonomous-driving dataset. Extensive experiments demonstrate that our approach outperforms previous methods in rendering texture details and motion areas while also producing a clean static background. Our code will be released at https://github.com/Luciferbobo/D4NeRF.