深度神经网络容易受到对抗的例子，这可以通过添加微妙的扰动来欺骗深层模型。虽然现有的攻击已经取得了有希望的结果，但它仍然在黑盒设置下留下长途来产生可转移的对抗性示例。为此，本文提出提高对抗示例的可转移性，并将双阶段特征级扰动应用于现有模型，以隐式创建一组不同的模型。然后在迭代期间由纵向集合融合这些模型。该方法被称为双级网络侵蚀（DSNE）。我们对非残留和残余网络进行全面的实验，并获得更多可转移的对抗实例，其计算成本类似于最先进的方法。特别地，对于残余网络，通过将残余块信息偏置到跳过连接，可以显着改善对抗性示例的可转移性。我们的工作为神经网络的建筑脆弱性提供了新的见解，并对神经网络的稳健性带来了新的挑战。

我们介绍了三级管道：调整多样化输入（RDIM），多样性集合（DEM）和区域配件，共同产生可转移的对抗性示例。我们首先探讨现有攻击之间的内部关系，并提出能够利用这种关系的RDIM。然后我们提出DEM，多尺度版本的RDIM，生成多尺度梯度。在前两个步骤之后，我们将价值转换为迭代拟合的区域。 RDIM和区域拟合不需要额外的运行时间，这三个步骤可以充分集成到其他攻击中。我们最好的攻击愚弄了六个黑匣子防御，平均成功率为93％，这均高于最先进的基于梯度的攻击。此外，我们重新思考现有的攻击，而不是简单地堆叠在旧的旧方法上以获得更好的性能。预计我们的调查结果将成为探索攻击方法之间内部关系的开始。代码在https://github.com/278287847/DEM中获得。

对象攻击是对象检测的现实世界中可行的。然而，大多数以前的作品都试图学习应用于对象的本地“补丁”到愚蠢的探测器，这在斜视视角变得较低。为了解决这个问题，我们提出了致密的提案攻击（DPA）来学习探测器的单件，物理和针对性的对抗性伪装。伪装是一体的，因为它们是作为一个物体的整体生成的，因为当在任意观点和不同的照明条件下拍摄时，它们保持对抗性，并且由于它们可能导致探测器被定义为特定目标类别的检测器。为了使生成的伪装在物理世界中稳健，我们介绍了改造的组合来模拟物理现象。此外，为了改善攻击，DPA同时攻击固定建议中的所有分类。此外，我们使用Unity Simulation Engine构建虚拟3D场景，以公平地和可重复地评估不同的物理攻击。广泛的实验表明，DPA优于最先进的方法，并且对于任何物体而言，它是通用的，并且对现实世界的广泛性良好，对安全关键的计算机视觉系统构成潜在的威胁。

快速梯度标志攻击系列是用于生成对抗示例的流行方法。然而，基于快速梯度签名系列的大多数方法不能平衡由于基本标志结构的局限性而平衡的无法区分和可转换性。为了解决这个问题，我们提出了一种方法，称为ADAM迭代快速梯度Tanh方法（AI-FGTM），以产生具有高可转换性的无法区分的对抗性示例。此外，还施加较小的核和动态步长，以产生对攻击成功率的进一步提高攻击示例。在想象中兼容的数据集上的广泛实验表明，我们的方法在没有额外运行的时间和资源的情况下，我们的方法产生更加难以区分的对抗性示例并实现更高的攻击成功率。我们最佳的转移攻击Ni-Ti-Di-Aitm可以欺骗六种经典的防御模型，平均成功率为89.3％，三种先进的防御模型，平均成功率为82.7％，其高于国家基于艺术梯度的攻击。此外，我们的方法还可以减少近20％的平均扰动。我们预计我们的方法将作为一种新的基线，用于产生具有更好的转移性和无法区分的对抗性实例。

Graph Neural Networks (GNNs) have shown satisfying performance on various graph learning tasks. To achieve better fitting capability, most GNNs are with a large number of parameters, which makes these GNNs computationally expensive. Therefore, it is difficult to deploy them onto edge devices with scarce computational resources, e.g., mobile phones and wearable smart devices. Knowledge Distillation (KD) is a common solution to compress GNNs, where a light-weighted model (i.e., the student model) is encouraged to mimic the behavior of a computationally expensive GNN (i.e., the teacher GNN model). Nevertheless, most existing GNN-based KD methods lack fairness consideration. As a consequence, the student model usually inherits and even exaggerates the bias from the teacher GNN. To handle such a problem, we take initial steps towards fair knowledge distillation for GNNs. Specifically, we first formulate a novel problem of fair knowledge distillation for GNN-based teacher-student frameworks. Then we propose a principled framework named RELIANT to mitigate the bias exhibited by the student model. Notably, the design of RELIANT is decoupled from any specific teacher and student model structures, and thus can be easily adapted to various GNN-based KD frameworks. We perform extensive experiments on multiple real-world datasets, which corroborates that RELIANT achieves less biased GNN knowledge distillation while maintaining high prediction utility.

In robust Markov decision processes (MDPs), the uncertainty in the transition kernel is addressed by finding a policy that optimizes the worst-case performance over an uncertainty set of MDPs. While much of the literature has focused on discounted MDPs, robust average-reward MDPs remain largely unexplored. In this paper, we focus on robust average-reward MDPs, where the goal is to find a policy that optimizes the worst-case average reward over an uncertainty set. We first take an approach that approximates average-reward MDPs using discounted MDPs. We prove that the robust discounted value function converges to the robust average-reward as the discount factor $\gamma$ goes to $1$, and moreover, when $\gamma$ is large, any optimal policy of the robust discounted MDP is also an optimal policy of the robust average-reward. We further design a robust dynamic programming approach, and theoretically characterize its convergence to the optimum. Then, we investigate robust average-reward MDPs directly without using discounted MDPs as an intermediate step. We derive the robust Bellman equation for robust average-reward MDPs, prove that the optimal policy can be derived from its solution, and further design a robust relative value iteration algorithm that provably finds its solution, or equivalently, the optimal robust policy.

Medical image segmentation (MIS) is essential for supporting disease diagnosis and treatment effect assessment. Despite considerable advances in artificial intelligence (AI) for MIS, clinicians remain skeptical of its utility, maintaining low confidence in such black box systems, with this problem being exacerbated by low generalization for out-of-distribution (OOD) data. To move towards effective clinical utilization, we propose a foundation model named EvidenceCap, which makes the box transparent in a quantifiable way by uncertainty estimation. EvidenceCap not only makes AI visible in regions of uncertainty and OOD data, but also enhances the reliability, robustness, and computational efficiency of MIS. Uncertainty is modeled explicitly through subjective logic theory to gather strong evidence from features. We show the effectiveness of EvidenceCap in three segmentation datasets and apply it to the clinic. Our work sheds light on clinical safe applications and explainable AI, and can contribute towards trustworthiness in the medical domain.

Vertical Federated Learning (VFL) is widely utilized in real-world applications to enable collaborative learning while protecting data privacy and safety. However, previous works show that parties without labels (passive parties) in VFL can infer the sensitive label information owned by the party with labels (active party) or execute backdoor attacks to VFL. Meanwhile, active party can also infer sensitive feature information from passive party. All these pose new privacy and security challenges to VFL systems. We propose a new general defense method which limits the mutual information between private raw data, including both features and labels, and intermediate outputs to achieve a better trade-off between model utility and privacy. We term this defense Mutual Information Regularization Defense (MID). We theoretically and experimentally testify the effectiveness of our MID method in defending existing attacks in VFL, including label inference attacks, backdoor attacks and feature reconstruction attacks.

Video semantic segmentation (VSS) is beneficial for dealing with dynamic scenes due to the continuous property of the real-world environment. On the one hand, some methods alleviate the predicted inconsistent problem between continuous frames. On the other hand, other methods employ the previous frame as the prior information to assist in segmenting the current frame. Although the previous methods achieve superior performances on the independent and identically distributed (i.i.d) data, they can not generalize well on other unseen domains. Thus, we explore a new task, the video generalizable semantic segmentation (VGSS) task that considers both continuous frames and domain generalization. In this paper, we propose a class-wise non-salient region generalized (CNSG) framework for the VGSS task. Concretely, we first define the class-wise non-salient feature, which describes features of the class-wise non-salient region that carry more generalizable information. Then, we propose a class-wise non-salient feature reasoning strategy to select and enhance the most generalized channels adaptively. Finally, we propose an inter-frame non-salient centroid alignment loss to alleviate the predicted inconsistent problem in the VGSS task. We also extend our video-based framework to the image-based generalizable semantic segmentation (IGSS) task. Experiments demonstrate that our CNSG framework yields significant improvement in the VGSS and IGSS tasks.

The stock market prediction has been a traditional yet complex problem researched within diverse research areas and application domains due to its non-linear, highly volatile and complex nature. Existing surveys on stock market prediction often focus on traditional machine learning methods instead of deep learning methods. Deep learning has dominated many domains, gained much success and popularity in recent years in stock market prediction. This motivates us to provide a structured and comprehensive overview of the research on stock market prediction focusing on deep learning techniques. We present four elaborated subtasks of stock market prediction and propose a novel taxonomy to summarize the state-of-the-art models based on deep neural networks from 2011 to 2022. In addition, we also provide detailed statistics on the datasets and evaluation metrics commonly used in the stock market. Finally, we highlight some open issues and point out several future directions by sharing some new perspectives on stock market prediction.