由于存在对抗性攻击，因此在安全至关重要系统中使用神经网络需要安全，可靠的模型。了解任何输入X的最小对抗扰动，或等效地知道X与分类边界的距离，可以评估分类鲁棒性，从而提供可认证的预测。不幸的是，计算此类距离的最新技术在计算上很昂贵，因此不适合在线应用程序。这项工作提出了一个新型的分类器家族，即签名的距离分类器（SDC），从理论的角度来看，它直接输出X与分类边界的确切距离，而不是概率分数（例如SoftMax）。 SDC代表一个强大的设计分类器家庭。为了实际解决SDC的理论要求，提出了一种名为Unitary级别神经网络的新型网络体系结构。实验结果表明，所提出的体系结构近似于签名的距离分类器，因此允许以单个推断为代价对X进行在线认证分类。

这项工作提出了Z-Mask，这是一种强大而有效的策略，旨在改善卷积网络的对抗性鲁棒性，以防止具有物理变化的对抗性攻击。提出的防御依赖于对内部网络特征进行的特定Z分析分析来检测和掩盖与输入图像中对抗对象相对应的像素。为此，在浅层和深层中检查了空间连续的激活，以暗示潜在的对抗区域。然后，通过多端保留机制汇总此类建议。通过对语义分割和对象检测进行的模型进行了广泛的实验，评估了Z面具的有效性。评估均使用两个数字补丁添加到现实世界中的输入图像和印刷补丁。获得的结果证实，就检测准确性和在攻击中的网络的总体性能而言，Z mask优于最先进的方法。其他实验表明，Z面具对可能的防御感知攻击也很强大。

尽管深度神经网络（DNN）在感知和控制任务中表现出令人难以置信的性能，但几个值得信赖的问题仍然是开放的。其中一个最讨论的主题是存在对抗扰动的存在，它在能够量化给定输入的稳健性的可提供技术上开辟了一个有趣的研究线。在这方面，来自分类边界的输入的欧几里德距离表示良好被证明的鲁棒性评估，作为最小的经济适用的逆势扰动。不幸的是，由于NN的非凸性质，计算如此距离非常复杂。尽管已经提出了几种方法来解决这个问题，但据我们所知，没有提出可证明的结果来估计和绑定承诺的错误。本文通过提出两个轻量级策略来寻找最小的对抗扰动来解决这个问题。不同于现有技术，所提出的方法允许与理论上的近似距离的误差估计理论配制。最后，据报道，据报道了大量实验来评估算法的性能并支持理论发现。所获得的结果表明，该策略近似于靠近分类边界的样品的理论距离，导致可提供对任何对抗攻击的鲁棒性保障。

Recent years have seen a proliferation of research on adversarial machine learning. Numerous papers demonstrate powerful algorithmic attacks against a wide variety of machine learning (ML) models, and numerous other papers propose defenses that can withstand most attacks. However, abundant real-world evidence suggests that actual attackers use simple tactics to subvert ML-driven systems, and as a result security practitioners have not prioritized adversarial ML defenses. Motivated by the apparent gap between researchers and practitioners, this position paper aims to bridge the two domains. We first present three real-world case studies from which we can glean practical insights unknown or neglected in research. Next we analyze all adversarial ML papers recently published in top security conferences, highlighting positive trends and blind spots. Finally, we state positions on precise and cost-driven threat modeling, collaboration between industry and academia, and reproducible research. We believe that our positions, if adopted, will increase the real-world impact of future endeavours in adversarial ML, bringing both researchers and practitioners closer to their shared goal of improving the security of ML systems.

When simulating soft robots, both their morphology and their controllers play important roles in task performance. This paper introduces a new method to co-evolve these two components in the same process. We do that by using the hyperNEAT algorithm to generate two separate neural networks in one pass, one responsible for the design of the robot body structure and the other for the control of the robot. The key difference between our method and most existing approaches is that it does not treat the development of the morphology and the controller as separate processes. Similar to nature, our method derives both the "brain" and the "body" of an agent from a single genome and develops them together. While our approach is more realistic and doesn't require an arbitrary separation of processes during evolution, it also makes the problem more complex because the search space for this single genome becomes larger and any mutation to the genome affects "brain" and the "body" at the same time. Additionally, we present a new speciation function that takes into consideration both the genotypic distance, as is the standard for NEAT, and the similarity between robot bodies. By using this function, agents with very different bodies are more likely to be in different species, this allows robots with different morphologies to have more specialized controllers since they won't crossover with other robots that are too different from them. We evaluate the presented methods on four tasks and observe that even if the search space was larger, having a single genome makes the evolution process converge faster when compared to having separated genomes for body and control. The agents in our population also show morphologies with a high degree of regularity and controllers capable of coordinating the voxels to produce the necessary movements.

Filming sport videos from an aerial view has always been a hard and an expensive task to achieve, especially in sports that require a wide open area for its normal development or the ones that put in danger human safety. Recently, a new solution arose for aerial filming based on the use of Unmanned Aerial Vehicles (UAVs), which is substantially cheaper than traditional aerial filming solutions that require conventional aircrafts like helicopters or complex structures for wide mobility. In this paper, we describe the design process followed for building a customized UAV suitable for sports aerial filming. The process includes the requirements definition, technical sizing and selection of mechanical, hardware and software technologies, as well as the whole integration and operation settings. One of the goals is to develop technologies allowing to build low cost UAVs and to manage them for a wide range of usage scenarios while achieving high levels of flexibility and automation. This work also shows some technical issues found during the development of the UAV as well as the solutions implemented.

We describe a Physics-Informed Neural Network (PINN) that simulates the flow induced by the astronomical tide in a synthetic port channel, with dimensions based on the Santos - S\~ao Vicente - Bertioga Estuarine System. PINN models aim to combine the knowledge of physical systems and data-driven machine learning models. This is done by training a neural network to minimize the residuals of the governing equations in sample points. In this work, our flow is governed by the Navier-Stokes equations with some approximations. There are two main novelties in this paper. First, we design our model to assume that the flow is periodic in time, which is not feasible in conventional simulation methods. Second, we evaluate the benefit of resampling the function evaluation points during training, which has a near zero computational cost and has been verified to improve the final model, especially for small batch sizes. Finally, we discuss some limitations of the approximations used in the Navier-Stokes equations regarding the modeling of turbulence and how it interacts with PINNs.

How would you fairly evaluate two multi-object tracking algorithms (i.e. trackers), each one employing a different object detector? Detectors keep improving, thus trackers can make less effort to estimate object states over time. Is it then fair to compare a new tracker employing a new detector with another tracker using an old detector? In this paper, we propose a novel performance measure, named Tracking Effort Measure (TEM), to evaluate trackers that use different detectors. TEM estimates the improvement that the tracker does with respect to its input data (i.e. detections) at frame level (intra-frame complexity) and sequence level (inter-frame complexity). We evaluate TEM over well-known datasets, four trackers and eight detection sets. Results show that, unlike conventional tracking evaluation measures, TEM can quantify the effort done by the tracker with a reduced correlation on the input detections. Its implementation is publicly available online at https://github.com/vpulab/MOT-evaluation.

Reinforcement learning allows machines to learn from their own experience. Nowadays, it is used in safety-critical applications, such as autonomous driving, despite being vulnerable to attacks carefully crafted to either prevent that the reinforcement learning algorithm learns an effective and reliable policy, or to induce the trained agent to make a wrong decision. The literature about the security of reinforcement learning is rapidly growing, and some surveys have been proposed to shed light on this field. However, their categorizations are insufficient for choosing an appropriate defense given the kind of system at hand. In our survey, we do not only overcome this limitation by considering a different perspective, but we also discuss the applicability of state-of-the-art attacks and defenses when reinforcement learning algorithms are used in the context of autonomous driving.

This paper describes a prototype software and hardware platform to provide support to field operators during the inspection of surface defects of non-metallic pipes. Inspection is carried out by video filming defects created on the same surface in real-time using a "smart" helmet device and other mobile devices. The work focuses on the detection and recognition of the defects which appears as colored iridescence of reflected light caused by the diffraction effect arising from the presence of internal stresses in the inspected material. The platform allows you to carry out preliminary analysis directly on the device in offline mode, and, if a connection to the network is established, the received data is transmitted to the server for post-processing to extract information about possible defects that were not detected at the previous stage. The paper presents a description of the stages of design, formal description, and implementation details of the platform. It also provides descriptions of the models used to recognize defects and examples of the result of the work.