由于存在对抗性攻击，因此在安全至关重要系统中使用神经网络需要安全，可靠的模型。了解任何输入X的最小对抗扰动，或等效地知道X与分类边界的距离，可以评估分类鲁棒性，从而提供可认证的预测。不幸的是，计算此类距离的最新技术在计算上很昂贵，因此不适合在线应用程序。这项工作提出了一个新型的分类器家族，即签名的距离分类器（SDC），从理论的角度来看，它直接输出X与分类边界的确切距离，而不是概率分数（例如SoftMax）。 SDC代表一个强大的设计分类器家庭。为了实际解决SDC的理论要求，提出了一种名为Unitary级别神经网络的新型网络体系结构。实验结果表明，所提出的体系结构近似于签名的距离分类器，因此允许以单个推断为代价对X进行在线认证分类。

对抗性示例代表了对几个应用程序域中深层神经网络的严重威胁，并且已经产生了大量工作来调查它们并减轻其效果。然而，没有太多的工作专门用于专门设计的数据集来评估神经模型的对抗性鲁棒性。本文介绍了Carla-Gear，这是一种自动生成照片真实合成数据集的工具，可用于系统评估神经模型的对抗性鲁棒性，以防止身体对抗斑块，并比较不同的对抗防御的性能/检测方法。该工具是在Carla模拟器上构建的，使用其Python API，并允许在自动驾驶的背景下生成有关几个视觉任务的数据集。生成的数据集中包含的对抗贴片连接到广告牌或卡车的背面，并通过使用最先进的白色盒子攻击策略来制作，以最大程度地提高测试模型的预测错误。最后，本文提出了一项实验研究，以评估某些防御方法针对此类攻击的性能，以表明如何在将来的工作中使用Carla-Gear生成的数据集作为现实世界中对抗性防御的基准。本文中使用的所有代码和数据集可在http://carlagear.retis.santannapisa.it上获得。

这项工作提出了Z-Mask，这是一种强大而有效的策略，旨在改善卷积网络的对抗性鲁棒性，以防止具有物理变化的对抗性攻击。提出的防御依赖于对内部网络特征进行的特定Z分析分析来检测和掩盖与输入图像中对抗对象相对应的像素。为此，在浅层和深层中检查了空间连续的激活，以暗示潜在的对抗区域。然后，通过多端保留机制汇总此类建议。通过对语义分割和对象检测进行的模型进行了广泛的实验，评估了Z面具的有效性。评估均使用两个数字补丁添加到现实世界中的输入图像和印刷补丁。获得的结果证实，就检测准确性和在攻击中的网络的总体性能而言，Z mask优于最先进的方法。其他实验表明，Z面具对可能的防御感知攻击也很强大。

现实世界的对抗例（通常以补丁形式）对安全关键计算机视觉任务中的深度学习模型（如在自动驾驶中的视觉感知）中使用深度学习模型构成严重威胁。本文涉及用不同类型的对抗性斑块攻击时，对语义分割模型的稳健性进行了广泛的评价，包括数字，模拟和物理。提出了一种新的损失功能，提高攻击者在诱导像素错误分类方面的能力。此外，提出了一种新的攻击策略，提高了在场景中放置补丁的转换方法的期望。最后，首先扩展用于检测对抗性补丁的最先进的方法以应对语义分割模型，然后改进以获得实时性能，并最终在现实世界场景中进行评估。实验结果表明，尽管具有数字和真实攻击的对抗效果，其影响通常在空间上限制在补丁周围的图像区域。这将打开关于实时语义分段模型的空间稳健性的进一步疑问。

尽管深度神经网络（DNN）在感知和控制任务中表现出令人难以置信的性能，但几个值得信赖的问题仍然是开放的。其中一个最讨论的主题是存在对抗扰动的存在，它在能够量化给定输入的稳健性的可提供技术上开辟了一个有趣的研究线。在这方面，来自分类边界的输入的欧几里德距离表示良好被证明的鲁棒性评估，作为最小的经济适用的逆势扰动。不幸的是，由于NN的非凸性质，计算如此距离非常复杂。尽管已经提出了几种方法来解决这个问题，但据我们所知，没有提出可证明的结果来估计和绑定承诺的错误。本文通过提出两个轻量级策略来寻找最小的对抗扰动来解决这个问题。不同于现有技术，所提出的方法允许与理论上的近似距离的误差估计理论配制。最后，据报道，据报道了大量实验来评估算法的性能并支持理论发现。所获得的结果表明，该策略近似于靠近分类边界的样品的理论距离，导致可提供对任何对抗攻击的鲁棒性保障。

机器学习算法和深度神经网络在几种感知和控制任务中的卓越性能正在推动该行业在安全关键应用中采用这种技术，作为自治机器人和自动驾驶车辆。然而，目前，需要解决几个问题，以使深入学习方法更可靠，可预测，安全，防止对抗性攻击。虽然已经提出了几种方法来提高深度神经网络的可信度，但大多数都是针对特定类的对抗示例量身定制的，因此未能检测到其他角落案件或不安全的输入，这些输入大量偏离训练样本。本文介绍了基于覆盖范式的轻量级监控架构，以增强针对不同不安全输入的模型鲁棒性。特别是，在用于评估多种检测逻辑的架构中提出并测试了四种覆盖分析方法。实验结果表明，该方法有效地检测强大的对抗性示例和分销外输入，引入有限的执行时间和内存要求。

Graph Neural Networks (GNNs) achieve state-of-the-art performance on graph-structured data across numerous domains. Their underlying ability to represent nodes as summaries of their vicinities has proven effective for homophilous graphs in particular, in which same-type nodes tend to connect. On heterophilous graphs, in which different-type nodes are likely connected, GNNs perform less consistently, as neighborhood information might be less representative or even misleading. On the other hand, GNN performance is not inferior on all heterophilous graphs, and there is a lack of understanding of what other graph properties affect GNN performance. In this work, we highlight the limitations of the widely used homophily ratio and the recent Cross-Class Neighborhood Similarity (CCNS) metric in estimating GNN performance. To overcome these limitations, we introduce 2-hop Neighbor Class Similarity (2NCS), a new quantitative graph structural property that correlates with GNN performance more strongly and consistently than alternative metrics. 2NCS considers two-hop neighborhoods as a theoretically derived consequence of the two-step label propagation process governing GCN's training-inference process. Experiments on one synthetic and eight real-world graph datasets confirm consistent improvements over existing metrics in estimating the accuracy of GCN- and GAT-based architectures on the node classification task.

In this work, we devise robust and efficient learning protocols for orchestrating a Federated Learning (FL) process for the Federated Tumor Segmentation Challenge (FeTS 2022). Enabling FL for FeTS setup is challenging mainly due to data heterogeneity among collaborators and communication cost of training. To tackle these challenges, we propose Robust Learning Protocol (RoLePRO) which is a combination of server-side adaptive optimisation (e.g., server-side Adam) and judicious parameter (weights) aggregation schemes (e.g., adaptive weighted aggregation). RoLePRO takes a two-phase approach, where the first phase consists of vanilla Federated Averaging, while the second phase consists of a judicious aggregation scheme that uses a sophisticated reweighting, all in the presence of an adaptive optimisation algorithm at the server. We draw insights from extensive experimentation to tune learning rates for the two phases.

The study proposes and tests a technique for automated emotion recognition through mouth detection via Convolutional Neural Networks (CNN), meant to be applied for supporting people with health disorders with communication skills issues (e.g. muscle wasting, stroke, autism, or, more simply, pain) in order to recognize emotions and generate real-time feedback, or data feeding supporting systems. The software system starts the computation identifying if a face is present on the acquired image, then it looks for the mouth location and extracts the corresponding features. Both tasks are carried out using Haar Feature-based Classifiers, which guarantee fast execution and promising performance. If our previous works focused on visual micro-expressions for personalized training on a single user, this strategy aims to train the system also on generalized faces data sets.

To analyze this characteristic of vulnerability, we developed an automated deep learning method for detecting microvessels in intravascular optical coherence tomography (IVOCT) images. A total of 8,403 IVOCT image frames from 85 lesions and 37 normal segments were analyzed. Manual annotation was done using a dedicated software (OCTOPUS) previously developed by our group. Data augmentation in the polar (r,{\theta}) domain was applied to raw IVOCT images to ensure that microvessels appear at all possible angles. Pre-processing methods included guidewire/shadow detection, lumen segmentation, pixel shifting, and noise reduction. DeepLab v3+ was used to segment microvessel candidates. A bounding box on each candidate was classified as either microvessel or non-microvessel using a shallow convolutional neural network. For better classification, we used data augmentation (i.e., angle rotation) on bounding boxes with a microvessel during network training. Data augmentation and pre-processing steps improved microvessel segmentation performance significantly, yielding a method with Dice of 0.71+/-0.10 and pixel-wise sensitivity/specificity of 87.7+/-6.6%/99.8+/-0.1%. The network for classifying microvessels from candidates performed exceptionally well, with sensitivity of 99.5+/-0.3%, specificity of 98.8+/-1.0%, and accuracy of 99.1+/-0.5%. The classification step eliminated the majority of residual false positives, and the Dice coefficient increased from 0.71 to 0.73. In addition, our method produced 698 image frames with microvessels present, compared to 730 from manual analysis, representing a 4.4% difference. When compared to the manual method, the automated method improved microvessel continuity, implying improved segmentation performance. The method will be useful for research purposes as well as potential future treatment planning.