Deep neural networks are vulnerable to adversarial attacks. In this paper, we take the role of investigators who want to trace the attack and identify the source, that is, the particular model which the adversarial examples are generated from. Techniques derived would aid forensic investigation of attack incidents and serve as deterrence to potential attacks. We consider the buyers-seller setting where a machine learning model is to be distributed to various buyers and each buyer receives a slightly different copy with same functionality. A malicious buyer generates adversarial examples from a particular copy $\mathcal{M}_i$ and uses them to attack other copies. From these adversarial examples, the investigator wants to identify the source $\mathcal{M}_i$. To address this problem, we propose a two-stage separate-and-trace framework. The model separation stage generates multiple copies of a model for a same classification task. This process injects unique characteristics into each copy so that adversarial examples generated have distinct and traceable features. We give a parallel structure which embeds a ``tracer'' in each copy, and a noise-sensitive training loss to achieve this goal. The tracing stage takes in adversarial examples and a few candidate models, and identifies the likely source. Based on the unique features induced by the noise-sensitive loss function, we could effectively trace the potential adversarial copy by considering the output logits from each tracer. Empirical results show that it is possible to trace the origin of the adversarial example and the mechanism can be applied to a wide range of architectures and datasets.

Transforming off-the-shelf deep neural network (DNN) models into dynamic multi-exit architectures can achieve inference and transmission efficiency by fragmenting and distributing a large DNN model in edge computing scenarios (e.g., edge devices and cloud servers). In this paper, we propose a novel backdoor attack specifically on the dynamic multi-exit DNN models. Particularly, we inject a backdoor by poisoning one DNN model's shallow hidden layers targeting not this vanilla DNN model but only its dynamically deployed multi-exit architectures. Our backdoored vanilla model behaves normally on performance and cannot be activated even with the correct trigger. However, the backdoor will be activated when the victims acquire this model and transform it into a dynamic multi-exit architecture at their deployment. We conduct extensive experiments to prove the effectiveness of our attack on three structures (ResNet-56, VGG-16, and MobileNet) with four datasets (CIFAR-10, SVHN, GTSRB, and Tiny-ImageNet) and our backdoor is stealthy to evade multiple state-of-the-art backdoor detection or removal methods.

Image token removal is an efficient augmentation strategy for reducing the cost of computing image features. However, this efficient augmentation strategy has been found to adversely affect the accuracy of CLIP-based training. We hypothesize that removing a large portion of image tokens may improperly discard the semantic content associated with a given text description, thus constituting an incorrect pairing target in CLIP training. To address this issue, we propose an attentive token removal approach for CLIP training, which retains tokens with a high semantic correlation to the text description. The correlation scores are computed in an online fashion using the EMA version of the visual encoder. Our experiments show that the proposed attentive masking approach performs better than the previous method of random token removal for CLIP training. The approach also makes it efficient to apply multiple augmentation views to the image, as well as introducing instance contrastive learning tasks between these views into the CLIP framework. Compared to other CLIP improvements that combine different pre-training targets such as SLIP and MaskCLIP, our method is not only more effective, but also much more efficient. Specifically, using ViT-B and YFCC-15M dataset, our approach achieves $43.9\%$ top-1 accuracy on ImageNet-1K zero-shot classification, as well as $62.7/42.1$ and $38.0/23.2$ I2T/T2I retrieval accuracy on Flickr30K and MS COCO, which are $+1.1\%$, $+5.5/+0.9$, and $+4.4/+1.3$ higher than the SLIP method, while being $2.30\times$ faster. An efficient version of our approach running $1.16\times$ faster than the plain CLIP model achieves significant gains of $+5.3\%$, $+11.3/+8.0$, and $+9.5/+4.9$ on these benchmarks.

Evaluating neural network performance is critical to deep neural network design but a costly procedure. Neural predictors provide an efficient solution by treating architectures as samples and learning to estimate their performance on a given task. However, existing predictors are task-dependent, predominantly estimating neural network performance on image classification benchmarks. They are also search-space dependent; each predictor is designed to make predictions for a specific architecture search space with predefined topologies and set of operations. In this paper, we propose a novel All-in-One Predictor (AIO-P), which aims to pretrain neural predictors on architecture examples from multiple, separate computer vision (CV) task domains and multiple architecture spaces, and then transfer to unseen downstream CV tasks or neural architectures. We describe our proposed techniques for general graph representation, efficient predictor pretraining and knowledge infusion techniques, as well as methods to transfer to downstream tasks/spaces. Extensive experimental results show that AIO-P can achieve Mean Absolute Error (MAE) and Spearman's Rank Correlation (SRCC) below 1% and above 0.5, respectively, on a breadth of target downstream CV tasks with or without fine-tuning, outperforming a number of baselines. Moreover, AIO-P can directly transfer to new architectures not seen during training, accurately rank them and serve as an effective performance estimator when paired with an algorithm designed to preserve performance while reducing FLOPs.

Large language models (LLMs) have been shown to be able to perform new tasks based on a few demonstrations or natural language instructions. While these capabilities have led to widespread adoption, most LLMs are developed by resource-rich organizations and are frequently kept from the public. As a step towards democratizing this powerful technology, we present BLOOM, a 176B-parameter open-access language model designed and built thanks to a collaboration of hundreds of researchers. BLOOM is a decoder-only Transformer language model that was trained on the ROOTS corpus, a dataset comprising hundreds of sources in 46 natural and 13 programming languages (59 in total). We find that BLOOM achieves competitive performance on a wide variety of benchmarks, with stronger results after undergoing multitask prompted finetuning. To facilitate future research and applications using LLMs, we publicly release our models and code under the Responsible AI License.

对于许多下游任务（例如，情感分析，关系检测等），脑电图（EEG）和语言已被广泛探索。研究这两个领域的多模式方法尚未得到很好的探索，即使近年来，多模式学习被认为比单峰对应物更强大。在这项研究中，我们希望探索脑电图与语言之间的关系和依赖性，即一个领域如何反映和代表另一个领域。为了研究表示级别的关系，我们引入了MTAM（一种多模式变压器对准模型），以观察两种模式之间的协调表示，因此采用了转换表示来进行下游应用。我们使用各种关系对齐的寻求对准技术，例如规范相关性分析和Wasserstein距离，作为转化低级语言的损失函数，并将EEG特征转化为高级转化的特征。在下游应用程序，情感分析和关系检测上，我们在两个数据集（Zuco和k-emocon）上实现了新的最新结果。我们的方法在K-Emocon的情感分析中获得了16.5％的F1得分提高，对Zuco的情感分析的26.6％，以及对Zuco的关系检测的31.1％。此外，我们通过以下方式提供对性能改进的解释：（1）可视化原始特征分布和变换的特征分布，显示对齐模块发现和编码脑电图与语言之间的关系的有效性； （2）可视化单词级别和句子级的脑电图对齐权重，显示不同语言语义和脑电图频率特征的影响； （3）可视化大脑地形图，以提供有关大脑区域中脑电图和语言反应的连通性的直观演示。

磁共振图像（MRI）中的脑肿瘤分割（BTS）对于脑肿瘤诊断，癌症管理和研究目的至关重要。随着十年小型挑战的巨大成功以及CNN和Transformer算法的进步，已经提出了许多出色的BTS模型来解决BTS在不同技术方面的困难。但是，现有研究几乎没有考虑如何以合理的方式融合多模式图像。在本文中，我们利用了放射科医生如何从多种MRI模态诊断脑肿瘤的临床知识，并提出了一种称为CKD-TRANSBTS的临床知识驱动的脑肿瘤分割模型。我们没有直接串联所有模式，而是通过根据MRI的成像原理将输入方式分为两组来重新组织输入方式。具有拟议模态相关的跨意义块（MCCA）的双支支混合式编码器旨在提取多模式图像特征。所提出的模型以局部特征表示能力的能力来继承来自变压器和CNN的强度，以提供精确的病变边界和3D体积图像的远程特征提取。为了弥合变压器和CNN功能之间的间隙，我们提出了解码器中的反式和CNN功能校准块（TCFC）。我们将提出的模型与五个基于CNN的模型和六个基于Transformer的模型在Brats 2021挑战数据集上进行了比较。广泛的实验表明，与所有竞争对手相比，所提出的模型可实现最先进的脑肿瘤分割性能。

根据一般静态障碍物检测的要求，本文提出了无人接地车辆局部静态环境的紧凑型矢量化表示方法。首先，通过融合LiDAR和IMU的数据，获得了高频姿势信息。然后，通过二维（2D）障碍物点的生成，提出了具有固定尺寸的网格图维护过程。最后，通过多个凸多边形描述了局部静态环境，该多边形实现了基于双阈值的边界简化和凸多边形分割。我们提出的方法已应用于公园的一个实用无人驾驶项目中，典型场景的定性实验结果验证了有效性和鲁棒性。此外，定量评估表明，与传统的基于网格地图的方法相比，使用较少的点信息（减少约60％）来代表局部静态环境。此外，运行时间（15ms）的性能表明，所提出的方法可用于实时局部静态环境感知。可以在https://github.com/ghm0819/cvr_lse上访问相应的代码。

超声检查是乳腺癌诊断的重要常规检查，这是由于其无创，无辐射和低成本的特性。但是，由于其固有的局限性，乳腺癌的诊断准确性仍然受到限制。如果我们可以通过乳房超声图像（BUS）精确诊断乳腺癌，那将是一个巨大的成功。已经提出了许多基于学习的计算机辅助诊断方法来实现乳腺癌诊断/病变分类。但是，其中大多数需要预定的ROI，然后对ROI内的病变进行分类。常规的分类骨架，例如VGG16和RESNET50，可以在没有ROI要求的情况下获得有希望的分类结果。但是这些模型缺乏解释性，因此限制了它们在临床实践中的使用。在这项研究中，我们提出了一种具有可解释特征表示的超声图像中乳腺癌诊断的新型无ROI模型。我们利用解剖学的先验知识，即恶性肿瘤和良性肿瘤在不同的组织层之间具有不同的空间关系，并提出了悬停转换器来提出这种先验知识。提出的悬停式跨界块水平和垂直地提取层间和层内空间信息。我们进行并释放一个开放的数据集GDPH＆SYSUCC，以用于公共汽车中的乳腺癌诊断。通过与四个基于CNN的模型和两个Vision Transformer模型进行比较，通过五倍的交叉验证来评估所提出的模型。它通过最佳模型可解释性实现最新的分类性能。同时，我们提出的模型在仅给出一张公交图像时，在乳腺癌诊断方面优于两名高级超声检查员。

基于学习的网络入侵检测系统（NIDS）被广泛部署用于捍卫各种网络攻击。现有的基于学习的NID主要使用神经网络（NN）作为依赖于网络图克数据的质量和数量的分类器。这种基于NN的方法也很难解释提高效率和可扩展性。在本文中，我们通过组合可解释的梯度升压决策树（GBDT）和联合学习（FL）框架来设计一个新的本地全局计算范例，基于新的学习的NID。具体地，联合纤维公司由多个客户端组成，该客户端提取用于服务器的本地网络基地数据功能以培训模型和检测入侵。在Fedlorest中还提出了一种隐私增强技术，以进一步击败流动系统的隐私。关于4个网络内人数据集的广泛实验，不同任务表明，联邦纤维公司是有效，高效，可解释和可延伸的。 Fedlorest在中国大学生的协同学习和网络安全竞赛中排名第一。