Deep neural networks are vulnerable to adversarial attacks. In this paper, we take the role of investigators who want to trace the attack and identify the source, that is, the particular model which the adversarial examples are generated from. Techniques derived would aid forensic investigation of attack incidents and serve as deterrence to potential attacks. We consider the buyers-seller setting where a machine learning model is to be distributed to various buyers and each buyer receives a slightly different copy with same functionality. A malicious buyer generates adversarial examples from a particular copy $\mathcal{M}_i$ and uses them to attack other copies. From these adversarial examples, the investigator wants to identify the source $\mathcal{M}_i$. To address this problem, we propose a two-stage separate-and-trace framework. The model separation stage generates multiple copies of a model for a same classification task. This process injects unique characteristics into each copy so that adversarial examples generated have distinct and traceable features. We give a parallel structure which embeds a ``tracer'' in each copy, and a noise-sensitive training loss to achieve this goal. The tracing stage takes in adversarial examples and a few candidate models, and identifies the likely source. Based on the unique features induced by the noise-sensitive loss function, we could effectively trace the potential adversarial copy by considering the output logits from each tracer. Empirical results show that it is possible to trace the origin of the adversarial example and the mechanism can be applied to a wide range of architectures and datasets.

Active learning with strong and weak labelers considers a practical setting where we have access to both costly but accurate strong labelers and inaccurate but cheap predictions provided by weak labelers. We study this problem in the streaming setting, where decisions must be taken \textit{online}. We design a novel algorithmic template, Weak Labeler Active Cover (WL-AC), that is able to robustly leverage the lower quality weak labelers to reduce the query complexity while retaining the desired level of accuracy. Prior active learning algorithms with access to weak labelers learn a difference classifier which predicts where the weak labels differ from strong labelers; this requires the strong assumption of realizability of the difference classifier (Zhang and Chaudhuri,2015). WL-AC bypasses this \textit{realizability} assumption and thus is applicable to many real-world scenarios such as random corrupted weak labels and high dimensional family of difference classifiers (\textit{e.g.,} deep neural nets). Moreover, WL-AC cleverly trades off evaluating the quality with full exploitation of weak labelers, which allows to convert any active learning strategy to one that can leverage weak labelers. We provide an instantiation of this template that achieves the optimal query complexity for any given weak labeler, without knowing its accuracy a-priori. Empirically, we propose an instantiation of the WL-AC template that can be efficiently implemented for large-scale models (\textit{e.g}., deep neural nets) and show its effectiveness on the corrupted-MNIST dataset by significantly reducing the number of labels while keeping the same accuracy as in passive learning.

Supervised learning aims to train a classifier under the assumption that training and test data are from the same distribution. To ease the above assumption, researchers have studied a more realistic setting: out-of-distribution (OOD) detection, where test data may come from classes that are unknown during training (i.e., OOD data). Due to the unavailability and diversity of OOD data, good generalization ability is crucial for effective OOD detection algorithms. To study the generalization of OOD detection, in this paper, we investigate the probably approximately correct (PAC) learning theory of OOD detection, which is proposed by researchers as an open problem. First, we find a necessary condition for the learnability of OOD detection. Then, using this condition, we prove several impossibility theorems for the learnability of OOD detection under some scenarios. Although the impossibility theorems are frustrating, we find that some conditions of these impossibility theorems may not hold in some practical scenarios. Based on this observation, we next give several necessary and sufficient conditions to characterize the learnability of OOD detection in some practical scenarios. Lastly, we also offer theoretical supports for several representative OOD detection works based on our OOD theory.

安全的基于多方计算的机器学习（称为MPL）已成为利用来自具有隐私保护的多个政党的数据的重要技术。尽管MPL为计算过程提供了严格的安全保证，但MPL训练的模型仍然容易受到仅依赖于访问模型的攻击。差异隐私可以帮助防御此类攻击。但是，差异隐私和安全多方计算协议的巨大沟通开销带来的准确性损失使得平衡隐私，效率和准确性之间的三通权衡是高度挑战的。在本文中，我们有动力通过提出一种解决方案（称为PEA（私有，高效，准确））来解决上述问题，该解决方案由安全的DPSGD协议和两种优化方法组成。首先，我们提出了一个安全的DPSGD协议，以在基于秘密共享的MPL框架中强制执行DPSGD。其次，为了减少因差异隐私噪声和MPL的巨大通信开销而导致的准确性损失，我们提出了MPL训练过程的两种优化方法：（1）与数据无关的功能提取方法，旨在简化受过训练的模型结构体; （2）基于本地数据的全局模型初始化方法，旨在加快模型训练的收敛性。我们在两个开源MPL框架中实施PEA：TF-Conteded和Queqiao。各种数据集的实验结果证明了PEA的效率和有效性。例如。当$ {\ epsilon} $ = 2时，我们可以在LAN设置下的7分钟内训练CIFAR-10的差异私有分类模型，其精度为88％。这一结果大大优于来自CryptGPU的一个SOTA MPL框架：在CIFAR-10上训练非私有性深神经网络模型的成本超过16小时，其精度相同。

深度学习推荐模型（DLRMS）已广泛应用于互联网公司。DLRM的嵌入表太大，无法完全适合GPU内存。我们通过利用目标数据集的ID频率统计信息来动态管理CPU和GPU内存空间中的嵌入式表的基于GPU的软件缓存方法。我们提出的软件缓存以同步更新方式有效地在GPU上培训整个DLRM。它还与广泛使用的混合平行训练方法相结合，将其缩放到多个GPU。评估我们的原型系统表明，我们只能保留GPU中嵌入参数的1.5％，以获得体面的端到端训练速度。

学习一种潜在的嵌入以了解数据分布的潜在性质，通常是在曲率为零的欧几里得空间中提出的。但是，在嵌入空间中构成的几何约束的成功表明，弯曲空间可能会编码更多的结构信息，从而导致更好的判别能力，从而获得更丰富的表示。在这项工作中，我们研究了弯曲空间的好处，用于分析数据中的异常或分布对象。这是通过通过三个几何约束来考虑嵌入的，即球形几何（具有正曲率），双曲几何形状（具有负曲率）或混合几何形状（具有正曲率和负曲率）。鉴于手头的任务，可以在统一的设计中互换选择三个几何约束。为弯曲空间中的嵌入量身定制，我们还制定功能以计算异常得分。提出了两种类型的几何模块（即，几何模块和两个几何模型）提出了插入原始的欧几里得分类器，并从弯曲的嵌入式中计算出异常分数。我们在各种视觉识别场景中评估所得设计，包括图像检测（多类OOD检测和一级异常检测）和分割（多类异常分段和一级异常分段）。经验结果表明，通过对各种情况的一致改进，我们的提案的有效性。

（源）代码摘要旨在以自然语言的形式自动为给定代码段生成摘要/注释。此类摘要在帮助开发人员理解和维护源代码方面起着关键作用。现有的代码摘要技术可以分类为提取方法和抽象方法。提取方法使用检索技术从代码段中提取重要语句和关键字的子集，并生成一个摘要，该摘要保留了重要语句和关键字中的事实详细信息。但是，这样的子集可能会错过标识符或实体命名，因此，产生的摘要的自然性通常很差。抽象方法可以生成类似人写的摘要，从而利用神经机器翻译域的编码器模型。然而，生成的摘要通常会错过重要的事实细节。为了通过保留的事实细节生成类似人写的摘要，我们提出了一个新颖的提取和吸收框架。框架中的提取模块执行了提取代码摘要的任务，该任务列入了代码段，并预测包含关键事实细节的重要陈述。框架中的抽象模块执行了抽象代码摘要的任务，该任务是在整个代码段和并行的重要陈述中进行的，并生成了简洁而人工写的类似的自然语言摘要。我们通过在涉及六种编程语言的三个数据集上进行广泛的实验来评估称为EACS的有效性。实验结果表明，在所有三种广泛使用的指标（包括BLEU，流星和Rough-l）方面，EACS明显优于最先进的技术。

新闻库中的自动事件检测是开采快速发展的结构化知识的至关重要的任务。由于现实世界事件具有不同的粒度，从顶级主题到关键事件，然后再提及与具体行动相对应的事件，因此通常有两条研究：（1）主题检测从新闻语料库的主要主题中标识（例如，。 ，“ 2019年香港抗议活动”与“ 2020年美国总统大选”），具有非常不同的语义； （2）从一份文件提取的行动提取提取级别的行动（例如，“警察击中抗议者的左臂”），无法理解该事件。在本文中，我们提出了一项新任务，即在中间级别的关键事件检测，目的是从新闻语料库的关键事件（例如，“ 8月12日至14日的HK机场抗议”）中进行检测，每一次都发生在特定时间/位置并专注于同一主题。由于新闻文章的快速发展性质，这项任务可以弥合事件的理解和结构，并且由于关键事件的主题和时间紧密以及标记的数据的稀缺而具有固有的挑战。为了应对这些挑战，我们开发了一个无监督的关键事件检测框架Evmine，（1）使用新颖的TTF-ITF分数提取时间频繁的峰值短语，（2）将峰值短语合并为事件 - 指示特征集，通过从我们的我们检测我们的社区中。设计的峰短语图可以捕获文档的共发生，语义相似性和时间亲密信号，以及（3）迭代地检索与每个关键事件相关的文档，通过训练具有从事件指标特征集中自动生成的伪标签的分类器，并完善该分类器使用检索的文档检测到关键事件。广泛的实验和案例研究表明，Evmine的表现优于所有基线方法及其在两个现实世界新闻机构上的消融。

Establishing the limiting distribution of Chatterjee's rank correlation for a general, possibly non-independent, pair of random variables has been eagerly awaited to many. This paper shows that (a) Chatterjee's rank correlation is asymptotically normal as long as one variable is not a measurable function of the other, (b) the corresponding asymptotic variance is uniformly bounded by 36, and (c) a consistent variance estimator exists. Similar results also hold for Azadkia-Chatterjee's graph-based correlation coefficient, a multivariate analogue of Chatterjee's original proposal. The proof is given by appealing to H\'ajek representation and Chatterjee's nearest-neighbor CLT.

改善磁共振（MR）图像数据的分辨率对于计算机辅助诊断和大脑功能分析至关重要。更高的分辨率有助于捕获更详细的内容，但通常会导致较低的信噪比和更长的扫描时间。为此，MR Image超级分辨率已成为近期广泛利益的主题。现有作品建立了广泛的深层模型，该模型具有基于卷积神经网络（CNN）的常规体系结构。在这项工作中，为了进一步推进该研究领域，我们尽早努力建立一个基于变压器的MR图像超分辨率框架，并仔细设计了探索有价值的领域的先验知识。具体而言，我们考虑了包括高频结构的两倍领域先验和模式间环境，并建立了一种新颖的变压器体系结构，称为跨模式高频变压器（COHF-T），以将此类先验引入超分辨率（LR）MR图像的超级分辨。两个数据集的实验表明COHF-T可以实现新的最新性能。