When analyzing confidential data through a privacy filter, a data scientist often needs to decide which queries will best support their intended analysis. For example, an analyst may wish to study noisy two-way marginals in a dataset produced by a mechanism M1. But, if the data are relatively sparse, the analyst may choose to examine noisy one-way marginals, produced by a mechanism M2 instead. Since the choice of whether to use M1 or M2 is data-dependent, a typical differentially private workflow is to first split the privacy loss budget rho into two parts: rho1 and rho2, then use the first part rho1 to determine which mechanism to use, and the remainder rho2 to obtain noisy answers from the chosen mechanism. In a sense, the first step seems wasteful because it takes away part of the privacy loss budget that could have been used to make the query answers more accurate. In this paper, we consider the question of whether the choice between M1 and M2 can be performed without wasting any privacy loss budget. For linear queries, we propose a method for decomposing M1 and M2 into three parts: (1) a mechanism M* that captures their shared information, (2) a mechanism M1' that captures information that is specific to M1, (3) a mechanism M2' that captures information that is specific to M2. Running M* and M1' together is completely equivalent to running M1 (both in terms of query answer accuracy and total privacy cost rho). Similarly, running M* and M2' together is completely equivalent to running M2. Since M* will be used no matter what, the analyst can use its output to decide whether to subsequently run M1'(thus recreating the analysis supported by M1) or M2'(recreating the analysis supported by M2), without wasting privacy loss budget.

We conduct a systematic study of backdoor vulnerabilities in normally trained Deep Learning models. They are as dangerous as backdoors injected by data poisoning because both can be equally exploited. We leverage 20 different types of injected backdoor attacks in the literature as the guidance and study their correspondences in normally trained models, which we call natural backdoor vulnerabilities. We find that natural backdoors are widely existing, with most injected backdoor attacks having natural correspondences. We categorize these natural backdoors and propose a general detection framework. It finds 315 natural backdoors in the 56 normally trained models downloaded from the Internet, covering all the different categories, while existing scanners designed for injected backdoors can at most detect 65 backdoors. We also study the root causes and defense of natural backdoors.

深度学习大大提高了单眼深度估计（MDE）的性能，这是完全基于视觉的自主驾驶（AD）系统（例如特斯拉和丰田）的关键组成部分。在这项工作中，我们对基于学习的MDE产生了攻击。特别是，我们使用基于优化的方法系统地生成隐形的物理对象贴片来攻击深度估计。我们通过面向对象的对抗设计，敏感的区域定位和自然风格的伪装来平衡攻击的隐身和有效性。使用现实世界的驾驶场景，我们评估了对并发MDE模型的攻击和AD的代表下游任务（即3D对象检测）。实验结果表明，我们的方法可以为不同的目标对象和模型生成隐形，有效和健壮的对抗贴片，并在物体检测中以1/1/的斑点检测到超过6米的平均深度估计误差和93％的攻击成功率（ASR）车辆后部9个。具有实际车辆的三个不同驾驶路线上的现场测试表明，在连续视频帧中，我们导致超过6米的平均深度估计误差，并将对象检测率从90.70％降低到5.16％。

普遍的后门是由动态和普遍的输入扰动触发的。它们可以被攻击者故意注射，也可以自然存在于经过正常训练的模型中。它们的性质与传统的静态和局部后门不同，可以通过扰动带有一些固定图案的小输入区域来触发，例如带有纯色的贴片。现有的防御技术对于传统后门非常有效。但是，它们可能对普遍的后门无法正常工作，尤其是在后门去除和模型硬化方面。在本文中，我们提出了一种针对普遍的后门，包括天然和注射后门的新型模型硬化技术。我们基于通过特殊转换层增强的编码器架构来开发一般的普遍攻击。该攻击可以对现有的普遍后门攻击进行建模，并通过类距离进行量化。因此，使用我们在对抗训练中攻击的样品可以使模型与这些后门漏洞相比。我们对9个具有15个模型结构的9个数据集的评估表明，我们的技术可以平均扩大阶级距离59.65％，精度降解且没有稳健性损失，超过了五种硬化技术，例如对抗性训练，普遍的对抗训练，Moth，Moth等， 。它可以将六次普遍后门攻击的攻击成功率从99.06％降低到1.94％，超过七种最先进的后门拆除技术。

（源）代码摘要旨在以自然语言的形式自动为给定代码段生成摘要/注释。此类摘要在帮助开发人员理解和维护源代码方面起着关键作用。现有的代码摘要技术可以分类为提取方法和抽象方法。提取方法使用检索技术从代码段中提取重要语句和关键字的子集，并生成一个摘要，该摘要保留了重要语句和关键字中的事实详细信息。但是，这样的子集可能会错过标识符或实体命名，因此，产生的摘要的自然性通常很差。抽象方法可以生成类似人写的摘要，从而利用神经机器翻译域的编码器模型。然而，生成的摘要通常会错过重要的事实细节。为了通过保留的事实细节生成类似人写的摘要，我们提出了一个新颖的提取和吸收框架。框架中的提取模块执行了提取代码摘要的任务，该任务列入了代码段，并预测包含关键事实细节的重要陈述。框架中的抽象模块执行了抽象代码摘要的任务，该任务是在整个代码段和并行的重要陈述中进行的，并生成了简洁而人工写的类似的自然语言摘要。我们通过在涉及六种编程语言的三个数据集上进行广泛的实验来评估称为EACS的有效性。实验结果表明，在所有三种广泛使用的指标（包括BLEU，流星和Rough-l）方面，EACS明显优于最先进的技术。

物联网设备正在迅速扩展并产生大量数据。越来越需要探索从这些设备收集的数据。协作学习为物联网设置提供了战略解决方案，但也引起了公众对数据隐私的关注。近年来，根据安全的多方计算和差异隐私开发了大量隐私技术。协作学习的主要挑战是平衡披露风险和数据实用性，同时保持高计算效率。在本文中，我们提出了使用矩阵加密方法保存逻辑回归模型的隐私。安全方案对所选的明文攻击，已知的明文攻击和勾结攻击具有弹性，该攻击可能会损害协作学习中的任何机构。加密的模型估计值被解密以提供真正的模型结果，没有准确性降解。实施验证阶段以检查机构之间的不诚实行为。实验评估证明了拟议方案的快速收敛速率和高效率。

科学合作受益于分布式来源的协作学习，但在数据敏感时仍然难以实现。近年来，已经广泛研究了隐私保护技术，以分析不同机构的分布数据，同时保护敏感信息。大多数现有的隐私保存技术旨在抵抗半冬季对手，并需要进行密集的计算来执行数据分析。对于可能偏离安全协议的恶意对手的存在，安全的协作学习非常困难。另一个挑战是通过隐私保护保持较高的计算效率。在本文中，矩阵加密应用于加密数据，以使安全方案反对恶意对手，包括选择的明文攻击，已知的明文攻击和勾结攻击。加密方案还实现了当地的差异隐私。此外，研究了交叉验证以防止过度拟合，而无需额外的沟通成本。现实世界数据集的经验实验表明，与现有针对恶意对手和半honest模型的现有技术相比，所提出的方案在计算上是有效的。

In this paper, we propose a robust 3D detector, named Cross Modal Transformer (CMT), for end-to-end 3D multi-modal detection. Without explicit view transformation, CMT takes the image and point clouds tokens as inputs and directly outputs accurate 3D bounding boxes. The spatial alignment of multi-modal tokens is performed implicitly, by encoding the 3D points into multi-modal features. The core design of CMT is quite simple while its performance is impressive. CMT obtains 73.0% NDS on nuScenes benchmark. Moreover, CMT has a strong robustness even if the LiDAR is missing. Code will be released at https://github.com/junjie18/CMT.

Knowledge graphs (KG) have served as the key component of various natural language processing applications. Commonsense knowledge graphs (CKG) are a special type of KG, where entities and relations are composed of free-form text. However, previous works in KG completion and CKG completion suffer from long-tail relations and newly-added relations which do not have many know triples for training. In light of this, few-shot KG completion (FKGC), which requires the strengths of graph representation learning and few-shot learning, has been proposed to challenge the problem of limited annotated data. In this paper, we comprehensively survey previous attempts on such tasks in the form of a series of methods and applications. Specifically, we first introduce FKGC challenges, commonly used KGs, and CKGs. Then we systematically categorize and summarize existing works in terms of the type of KGs and the methods. Finally, we present applications of FKGC models on prediction tasks in different areas and share our thoughts on future research directions of FKGC.

Few Shot Instance Segmentation (FSIS) requires models to detect and segment novel classes with limited several support examples. In this work, we explore a simple yet unified solution for FSIS as well as its incremental variants, and introduce a new framework named Reference Twice (RefT) to fully explore the relationship between support/query features based on a Transformer-like framework. Our key insights are two folds: Firstly, with the aid of support masks, we can generate dynamic class centers more appropriately to re-weight query features. Secondly, we find that support object queries have already encoded key factors after base training. In this way, the query features can be enhanced twice from two aspects, i.e., feature-level and instance-level. In particular, we firstly design a mask-based dynamic weighting module to enhance support features and then propose to link object queries for better calibration via cross-attention. After the above steps, the novel classes can be improved significantly over our strong baseline. Additionally, our new framework can be easily extended to incremental FSIS with minor modification. When benchmarking results on the COCO dataset for FSIS, gFSIS, and iFSIS settings, our method achieves a competitive performance compared to existing approaches across different shots, e.g., we boost nAP by noticeable +8.2/+9.4 over the current state-of-the-art FSIS method for 10/30-shot. We further demonstrate the superiority of our approach on Few Shot Object Detection. Code and model will be available.