深度学习的进步已导致计算机视觉的稳定进步，并提高了对象检测和语义细分等任务的准确性。然而，深度神经网络容易受到对抗攻击的影响，因此在可靠的部署中提出了挑战。 3D场景对机器人技术和高级驱动辅助系统的理解中的两个突出任务是单眼的深度和姿势估计，通常以无监督的方式一起学习。尽管存在评估对抗性攻击对单眼深度估计的影响的研究，但缺乏对对抗性扰动对姿势估计的系统性证明和分析。我们展示了加性不可感知的扰动不仅可以改变预测以增加轨迹漂移，还可以改变其几何形状。我们还研究了针对单眼深度和姿势估计网络的对抗性扰动之间的关系，以及将扰动转移到具有不同架构和损失的其他网络之间的关系。我们的实验表明，生成的扰动如何导致相对旋转和翻译预测的显着错误以及阐明网络的漏洞。

Deep learning models are being increasingly applied to imbalanced data in high stakes fields such as medicine, autonomous driving, and intelligence analysis. Imbalanced data compounds the black-box nature of deep networks because the relationships between classes may be highly skewed and unclear. This can reduce trust by model users and hamper the progress of developers of imbalanced learning algorithms. Existing methods that investigate imbalanced data complexity are geared toward binary classification, shallow learning models and low dimensional data. In addition, current eXplainable Artificial Intelligence (XAI) techniques mainly focus on converting opaque deep learning models into simpler models (e.g., decision trees) or mapping predictions for specific instances to inputs, instead of examining global data properties and complexities. Therefore, there is a need for a framework that is tailored to modern deep networks, that incorporates large, high dimensional, multi-class datasets, and uncovers data complexities commonly found in imbalanced data (e.g., class overlap, sub-concepts, and outlier instances). We propose a set of techniques that can be used by both deep learning model users to identify, visualize and understand class prototypes, sub-concepts and outlier instances; and by imbalanced learning algorithm developers to detect features and class exemplars that are key to model performance. Our framework also identifies instances that reside on the border of class decision boundaries, which can carry highly discriminative information. Unlike many existing XAI techniques which map model decisions to gray-scale pixel locations, we use saliency through back-propagation to identify and aggregate image color bands across entire classes. Our framework is publicly available at \url{https://github.com/dd1github/XAI_for_Imbalanced_Learning}

We can protect user data privacy via many approaches, such as statistical transformation or generative models. However, each of them has critical drawbacks. On the one hand, creating a transformed data set using conventional techniques is highly time-consuming. On the other hand, in addition to long training phases, recent deep learning-based solutions require significant computational resources. In this paper, we propose PrivateSMOTE, a technique designed for competitive effectiveness in protecting cases at maximum risk of re-identification while requiring much less time and computational resources. It works by synthetic data generation via interpolation to obfuscate high-risk cases while minimizing data utility loss of the original data. Compared to multiple conventional and state-of-the-art privacy-preservation methods on 20 data sets, PrivateSMOTE demonstrates competitive results in re-identification risk. Also, it presents similar or higher predictive performance than the baselines, including generative adversarial networks and variational autoencoders, reducing their energy consumption and time requirements by a minimum factor of 9 and 12, respectively.

Adversarial training has been empirically shown to be more prone to overfitting than standard training. The exact underlying reasons still need to be fully understood. In this paper, we identify one cause of overfitting related to current practices of generating adversarial samples from misclassified samples. To address this, we propose an alternative approach that leverages the misclassified samples to mitigate the overfitting problem. We show that our approach achieves better generalization while having comparable robustness to state-of-the-art adversarial training methods on a wide range of computer vision, natural language processing, and tabular tasks.

Link prediction is a crucial problem in graph-structured data. Due to the recent success of graph neural networks (GNNs), a variety of GNN-based models were proposed to tackle the link prediction task. Specifically, GNNs leverage the message passing paradigm to obtain node representation, which relies on link connectivity. However, in a link prediction task, links in the training set are always present while ones in the testing set are not yet formed, resulting in a discrepancy of the connectivity pattern and bias of the learned representation. It leads to a problem of dataset shift which degrades the model performance. In this paper, we first identify the dataset shift problem in the link prediction task and provide theoretical analyses on how existing link prediction methods are vulnerable to it. We then propose FakeEdge, a model-agnostic technique, to address the problem by mitigating the graph topological gap between training and testing sets. Extensive experiments demonstrate the applicability and superiority of FakeEdge on multiple datasets across various domains.

Adversarial training is widely acknowledged as the most effective defense against adversarial attacks. However, it is also well established that achieving both robustness and generalization in adversarially trained models involves a trade-off. The goal of this work is to provide an in depth comparison of different approaches for adversarial training in language models. Specifically, we study the effect of pre-training data augmentation as well as training time input perturbations vs. embedding space perturbations on the robustness and generalization of BERT-like language models. Our findings suggest that better robustness can be achieved by pre-training data augmentation or by training with input space perturbation. However, training with embedding space perturbation significantly improves generalization. A linguistic correlation analysis of neurons of the learned models reveal that the improved generalization is due to `more specialized' neurons. To the best of our knowledge, this is the first work to carry out a deep qualitative analysis of different methods of generating adversarial examples in adversarial training of language models.

尽管图神经网络（GNNS）已经证明了它们在处理非欧国人结构数据方面的功效，但由于多跳数据依赖性施加的可伸缩性约束，因此很难将它们部署在实际应用中。现有方法试图通过使用训练有素的GNN的标签训练多层感知器（MLP）来解决此可伸缩性问题。即使可以显着改善MLP的性能，但两个问题仍能阻止MLP的表现优于GNN并在实践中使用：图形结构信息的无知和对节点功能噪声的敏感性。在本文中，我们建议在图（NOSMOG）上学习噪声稳定结构感知的MLP，以克服挑战。具体而言，我们首先将节点内容与位置功能进行补充，以帮助MLP捕获图形结构信息。然后，我们设计了一种新颖的表示相似性蒸馏策略，以将结构节点相似性注入MLP。最后，我们介绍了对抗性功能的扩展，以确保稳定的学习能力噪声，并进一步提高性能。广泛的实验表明，在七个数据集中，NOSMOG在转导和归纳环境中均优于GNN和最先进的方法，同时保持竞争性推理效率。

生成的自我监督学习（SSL），尤其是蒙面自动编码器，已成为最令人兴奋的学习范式之一，并且在处理图形数据方面表现出了巨大的潜力。但是，现实世界图总是异质的，它提出了现有方法忽略的三个关键挑战：1）如何捕获复杂的图形结构？ 2）如何合并各种节点属性？ 3）如何编码不同的节点位置？鉴于此，我们研究了异质图上生成SSL的问题，并提出了HGMAE，这是一种新型的异质图掩盖自动编码器模型，以应对这些挑战。 HGMAE通过两种创新的掩蔽技术和三种独特的培训策略捕获了全面的图形信息。特别是，我们首先使用动态掩模速率开发Metapath掩盖和自适应属性掩蔽，以实现在异质图上有效和稳定的学习。然后，我们设计了几种培训策略，包括基于Metapath的边缘重建，以采用复杂的结构信息，目标属性恢复以结合各种节点属性，以及位置特征预测以编码节点位置信息。广泛的实验表明，HGMAE在多个数据集上的几个任务上均优于对比度和生成的最新基准。

必须密切监控网络物理系统（CPS），以识别并潜在地缓解其常规操作期间出现的新兴问题。但是，他们通常产生的多元时间序列数据可能很复杂，可以理解和分析。虽然正式的产品文档通常会提供诊断建议的示例数据图，但属性，关键阈值和数据交互的纯粹多样性可能会使非专家们不知所措，他们随后从讨论论坛中寻求帮助来解释其数据日志。深度学习模型，例如长期记忆（LSTM）网络，可用于自动化这些任务，并提供对实时多元数据流中检测到的各种异常的明确解释。在本文中，我们介绍了RESAM，该过程是一项需求过程，该过程旨在整合领域专家，讨论论坛和正式产品文档的知识，以以时间序列属性的形式发现和指定需求和设计定义，这些属性有助于构建有效的深度学习异常检测器。我们提出了一个基于针对小型无空天空系统的飞行控制系统的案例研究，并证明其使用指导有效的异常检测模型的构建，同时还为解释性提供了基本支持。 RESAM与开放或关闭的在线论坛为日志分析提供讨论支持的域相关。

机器学习（ML）在渲染影响社会各个群体的决策中起着越来越重要的作用。 ML模型为刑事司法的决定，银行业中的信贷延长以及公司的招聘做法提供了信息。这提出了模型公平性的要求，这表明自动化的决策对于受保护特征（例如，性别，种族或年龄）通常是公平的，这些特征通常在数据中代表性不足。我们假设这个代表性不足的问题是数据学习不平衡问题的必然性。此类不平衡通常反映在两个类别和受保护的功能中。例如，一个班级（那些获得信用的班级）对于另一个班级（未获得信用的人）可能会过分代表，而特定组（女性）（女性）的代表性可能与另一组（男性）有关。相对于受保护组的算法公平性的关键要素是同时减少了基础培训数据中的类和受保护的群体失衡，这促进了模型准确性和公平性的提高。我们通过展示这些领域中的关键概念如何重叠和相互补充，讨论弥合失衡学习和群体公平的重要性；并提出了一种新颖的过采样算法，即公平的过采样，该算法既解决偏斜的类别分布和受保护的特征。我们的方法：（i）可以用作标准ML算法的有效预处理算法，以共同解决不平衡和群体权益； （ii）可以与公平感知的学习算法结合使用，以提高其对不同水平不平衡水平的稳健性。此外，我们迈出了一步，将公平和不平衡学习之间的差距与新的公平实用程序之间的差距弥合，从而将平衡的准确性与公平性结合在一起。