深度神经网络（DNNS）的广泛应用要求越来越多的关注对其现实世界的鲁棒性，即DNN是否抵抗黑盒对抗性攻击，其中包括基于得分的查询攻击（SQA）是最威胁性的。由于它们的实用性和有效性：攻击者只需要在模型输出上进行数十个查询即可严重伤害受害者网络。针对SQA的防御需要对用户的服务目的而略有但巧妙的输出变化，这些用户与攻击者共享相同的输出信息。在本文中，我们提出了一种称为统一梯度（UNIG）的现实世界防御，以统一不同数据的梯度，以便攻击者只能探究不同样本相似的较弱的攻击方向。由于这种普遍的攻击扰动的验证与投入特定的扰动相比，Unig通过指示攻击者一个扭曲且信息不足的攻击方向来保护现实世界中的DNN。为了增强Unig在现实世界应用中的实际意义，我们将其实现为Hadamard产品模块，该模块具有计算效率且很容易插入任何模型。根据对5个SQA和4个防御基线的广泛实验，Unig显着改善了现实世界的鲁棒性，而不会伤害CIFAR10和Imagenet上的清洁准确性。例如，Unig在2500 Query Square攻击下保持了77.80％精度的CIFAR-10模型，而最先进的对手训练的模型仅在CIFAR10上具有67.34％的速度。同时，Unig在清洁精度和输出的修改程度上大大超过了所有基准。代码将发布。

文本逻辑推理，尤其是具有逻辑推理的问题答案（QA）任务，需要对特定逻辑结构的认识。段落级别的逻辑关系代表了命题单位之间的必要或矛盾（例如，结论性句子）。但是，由于当前的质量检查系统专注于基于实体的关系，因此无法探索此类结构。在这项工作中，我们提出了逻辑结构构成建模，以解决逻辑推理质量质量质量质量质量质量质量质量质量质量质量质量质量质量质量质量质量质量质量质量质量质量质量质量质量请参见。网络执行两个过程：（1）利用在线话语连接以及通用逻辑理论的逻辑图构造，（2）通过图形网络学习产生结构性逻辑特征的逻辑表示。该管道应用于一般编码器，其基本功能与高级逻辑功能相结合，以进行答案预测。在三个文本逻辑推理数据集上进行的实验证明了dagns内置的逻辑结构的合理性以及学到的逻辑特征的有效性。此外，零射传输结果显示了特征的通用性，可看不见的逻辑文本。

单步逆势培训（AT）受到了广泛的关注，因为它被证明是有效和健壮的。然而，存在严重的灾难性过度问题，即反对投影梯度下降（PGD）攻击的强劲准确性突然下降到培训期间的0.5美元。在本文中，我们从优化的新角度来看，首先揭示每个样品和过度装箱的快速增长梯度之间的密切联系，这也可以应用于了解多步骤中的稳健的过度拟合现象。为了控制培训期间梯度的增长，我们提出了一种新的方法，子空间对抗训练（子AT），限制了仔细提取的子空间。它成功地解决了两种过度装备，因此显着提高了鲁棒性。在子空间中，我们还允许单步合并较大的步骤和更大的半径，从而进一步提高了鲁棒性性能。因此，我们实现了最先进的单步性能：我们的纯单步可以达到超过$ \ mathbf {51} \％$鲁棒准确性，反对强大的PGD-50攻击以半径8美元/ CiFar-10上的255美元，甚至超过了标准的多步PGD-10，具有巨大的计算优势。代码已释放$ \脚注{\ url {https://github.com/nblt/sub -at}} $。

随机傅里叶功能（RFFS）为频谱案例中的内核学习提供了有希望的方式。基于RFFS的内核学习方法通​​常以两级方式工作。在第一阶段的过程中，学习最佳特征图通常被配制为目标对齐问题，该问题旨在将学习内核与预定义的目标内核（通常是理想的内核对齐。在第二阶段过程中，相对于映射的随机特征进行线性学习者。然而，目标对齐中的预定义内核不一定是线性学习者的泛化的最佳。相反，在本文中，我们考虑了一个阶段过程，将内核学习和线性学习者融入统一框架中。具体而言，设计通过RFF的生成网络，以隐式地学习内核，然后是参数化为全连接层的线性分类器。然后通过解决经验风险最小化（ERM）问题来实现一阶段解决方案来联合培训生成网络和分类器。这种端到端的方案自然允许更深入的特征，同时对多层结构相对应，并且在真实的自我分类任务中对基于古典的两阶段的基于RFF的方法进行了卓越的泛化性能。此外，通过所提出的方法的随机重采采样机制的启发，研究了其增强的对抗性鲁棒性并进行了实验验证。

Benefiting from the intrinsic supervision information exploitation capability, contrastive learning has achieved promising performance in the field of deep graph clustering recently. However, we observe that two drawbacks of the positive and negative sample construction mechanisms limit the performance of existing algorithms from further improvement. 1) The quality of positive samples heavily depends on the carefully designed data augmentations, while inappropriate data augmentations would easily lead to the semantic drift and indiscriminative positive samples. 2) The constructed negative samples are not reliable for ignoring important clustering information. To solve these problems, we propose a Cluster-guided Contrastive deep Graph Clustering network (CCGC) by mining the intrinsic supervision information in the high-confidence clustering results. Specifically, instead of conducting complex node or edge perturbation, we construct two views of the graph by designing special Siamese encoders whose weights are not shared between the sibling sub-networks. Then, guided by the high-confidence clustering information, we carefully select and construct the positive samples from the same high-confidence cluster in two views. Moreover, to construct semantic meaningful negative sample pairs, we regard the centers of different high-confidence clusters as negative samples, thus improving the discriminative capability and reliability of the constructed sample pairs. Lastly, we design an objective function to pull close the samples from the same cluster while pushing away those from other clusters by maximizing and minimizing the cross-view cosine similarity between positive and negative samples. Extensive experimental results on six datasets demonstrate the effectiveness of CCGC compared with the existing state-of-the-art algorithms.

As one of the prevalent methods to achieve automation systems, Imitation Learning (IL) presents a promising performance in a wide range of domains. However, despite the considerable improvement in policy performance, the corresponding research on the explainability of IL models is still limited. Inspired by the recent approaches in explainable artificial intelligence methods, we proposed a model-agnostic explaining framework for IL models called R2RISE. R2RISE aims to explain the overall policy performance with respect to the frames in demonstrations. It iteratively retrains the black-box IL model from the randomized masked demonstrations and uses the conventional evaluation outcome environment returns as the coefficient to build an importance map. We also conducted experiments to investigate three major questions concerning frames' importance equality, the effectiveness of the importance map, and connections between importance maps from different IL models. The result shows that R2RISE successfully distinguishes important frames from the demonstrations.

Increasing research interests focus on sequential recommender systems, aiming to model dynamic sequence representation precisely. However, the most commonly used loss function in state-of-the-art sequential recommendation models has essential limitations. To name a few, Bayesian Personalized Ranking (BPR) loss suffers the vanishing gradient problem from numerous negative sampling and predictionbiases; Binary Cross-Entropy (BCE) loss subjects to negative sampling numbers, thereby it is likely to ignore valuable negative examples and reduce the training efficiency; Cross-Entropy (CE) loss only focuses on the last timestamp of the training sequence, which causes low utilization of sequence information and results in inferior user sequence representation. To avoid these limitations, in this paper, we propose to calculate Cumulative Cross-Entropy (CCE) loss over the sequence. CCE is simple and direct, which enjoys the virtues of painless deployment, no negative sampling, and effective and efficient training. We conduct extensive experiments on five benchmark datasets to demonstrate the effectiveness and efficiency of CCE. The results show that employing CCE loss on three state-of-the-art models GRU4Rec, SASRec, and S3-Rec can reach 125.63%, 69.90%, and 33.24% average improvement of full ranking NDCG@5, respectively. Using CCE, the performance curve of the models on the test data increases rapidly with the wall clock time, and is superior to that of other loss functions in almost the whole process of model training.

Face Anti-spoofing (FAS) is essential to secure face recognition systems from various physical attacks. However, recent research generally focuses on short-distance applications (i.e., phone unlocking) while lacking consideration of long-distance scenes (i.e., surveillance security checks). In order to promote relevant research and fill this gap in the community, we collect a large-scale Surveillance High-Fidelity Mask (SuHiFiMask) dataset captured under 40 surveillance scenes, which has 101 subjects from different age groups with 232 3D attacks (high-fidelity masks), 200 2D attacks (posters, portraits, and screens), and 2 adversarial attacks. In this scene, low image resolution and noise interference are new challenges faced in surveillance FAS. Together with the SuHiFiMask dataset, we propose a Contrastive Quality-Invariance Learning (CQIL) network to alleviate the performance degradation caused by image quality from three aspects: (1) An Image Quality Variable module (IQV) is introduced to recover image information associated with discrimination by combining the super-resolution network. (2) Using generated sample pairs to simulate quality variance distributions to help contrastive learning strategies obtain robust feature representation under quality variation. (3) A Separate Quality Network (SQN) is designed to learn discriminative features independent of image quality. Finally, a large number of experiments verify the quality of the SuHiFiMask dataset and the superiority of the proposed CQIL.

Due to their ability to offer more comprehensive information than data from a single view, multi-view (multi-source, multi-modal, multi-perspective, etc.) data are being used more frequently in remote sensing tasks. However, as the number of views grows, the issue of data quality becomes more apparent, limiting the potential benefits of multi-view data. Although recent deep neural network (DNN) based models can learn the weight of data adaptively, a lack of research on explicitly quantifying the data quality of each view when fusing them renders these models inexplicable, performing unsatisfactorily and inflexible in downstream remote sensing tasks. To fill this gap, in this paper, evidential deep learning is introduced to the task of aerial-ground dual-view remote sensing scene classification to model the credibility of each view. Specifically, the theory of evidence is used to calculate an uncertainty value which describes the decision-making risk of each view. Based on this uncertainty, a novel decision-level fusion strategy is proposed to ensure that the view with lower risk obtains more weight, making the classification more credible. On two well-known, publicly available datasets of aerial-ground dual-view remote sensing images, the proposed approach achieves state-of-the-art results, demonstrating its effectiveness. The code and datasets of this article are available at the following address: https://github.com/gaopiaoliang/Evidential.

Unsupervised domain adaptation (UDA) via deep learning has attracted appealing attention for tackling domain-shift problems caused by distribution discrepancy across different domains. Existing UDA approaches highly depend on the accessibility of source domain data, which is usually limited in practical scenarios due to privacy protection, data storage and transmission cost, and computation burden. To tackle this issue, many source-free unsupervised domain adaptation (SFUDA) methods have been proposed recently, which perform knowledge transfer from a pre-trained source model to unlabeled target domain with source data inaccessible. A comprehensive review of these works on SFUDA is of great significance. In this paper, we provide a timely and systematic literature review of existing SFUDA approaches from a technical perspective. Specifically, we categorize current SFUDA studies into two groups, i.e., white-box SFUDA and black-box SFUDA, and further divide them into finer subcategories based on different learning strategies they use. We also investigate the challenges of methods in each subcategory, discuss the advantages/disadvantages of white-box and black-box SFUDA methods, conclude the commonly used benchmark datasets, and summarize the popular techniques for improved generalizability of models learned without using source data. We finally discuss several promising future directions in this field.