The security of artificial intelligence (AI) is an important research area towards safe, reliable, and trustworthy AI systems. To accelerate the research on AI security, the Artificial Intelligence Security Competition (AISC) was organized by the Zhongguancun Laboratory, China Industrial Control Systems Cyber Emergency Response Team, Institute for Artificial Intelligence, Tsinghua University, and RealAI as part of the Zhongguancun International Frontier Technology Innovation Competition (https://www.zgc-aisc.com/en). The competition consists of three tracks, including Deepfake Security Competition, Autonomous Driving Security Competition, and Face Recognition Security Competition. This report will introduce the competition rules of these three tracks and the solutions of top-ranking teams in each track.

The success of deep learning is partly attributed to the availability of massive data downloaded freely from the Internet. However, it also means that users' private data may be collected by commercial organizations without consent and used to train their models. Therefore, it's important and necessary to develop a method or tool to prevent unauthorized data exploitation. In this paper, we propose ConfounderGAN, a generative adversarial network (GAN) that can make personal image data unlearnable to protect the data privacy of its owners. Specifically, the noise produced by the generator for each image has the confounder property. It can build spurious correlations between images and labels, so that the model cannot learn the correct mapping from images to labels in this noise-added dataset. Meanwhile, the discriminator is used to ensure that the generated noise is small and imperceptible, thereby remaining the normal utility of the encrypted image for humans. The experiments are conducted in six image classification datasets, consisting of three natural object datasets and three medical datasets. The results demonstrate that our method not only outperforms state-of-the-art methods in standard settings, but can also be applied to fast encryption scenarios. Moreover, we show a series of transferability and stability experiments to further illustrate the effectiveness and superiority of our method.

As the COVID-19 pandemic puts pressure on healthcare systems worldwide, the computed tomography image based AI diagnostic system has become a sustainable solution for early diagnosis. However, the model-wise vulnerability under adversarial perturbation hinders its deployment in practical situation. The existing adversarial training strategies are difficult to generalized into medical imaging field challenged by complex medical texture features. To overcome this challenge, we propose a Contour Attention Preserving (CAP) method based on lung cavity edge extraction. The contour prior features are injected to attention layer via a parameter regularization and we optimize the robust empirical risk with hybrid distance metric. We then introduce a new cross-nation CT scan dataset to evaluate the generalization capability of the adversarial robustness under distribution shift. Experimental results indicate that the proposed method achieves state-of-the-art performance in multiple adversarial defense and generalization tasks. The code and dataset are available at https://github.com/Quinn777/CAP.

Offline multi-agent reinforcement learning (MARL) aims to learn effective multi-agent policies from pre-collected datasets, which is an important step toward the deployment of multi-agent systems in real-world applications. However, in practice, each individual behavior policy that generates multi-agent joint trajectories usually has a different level of how well it performs. e.g., an agent is a random policy while other agents are medium policies. In the cooperative game with global reward, one agent learned by existing offline MARL often inherits this random policy, jeopardizing the performance of the entire team. In this paper, we investigate offline MARL with explicit consideration on the diversity of agent-wise trajectories and propose a novel framework called Shared Individual Trajectories (SIT) to address this problem. Specifically, an attention-based reward decomposition network assigns the credit to each agent through a differentiable key-value memory mechanism in an offline manner. These decomposed credits are then used to reconstruct the joint offline datasets into prioritized experience replay with individual trajectories, thereafter agents can share their good trajectories and conservatively train their policies with a graph attention network (GAT) based critic. We evaluate our method in both discrete control (i.e., StarCraft II and multi-agent particle environment) and continuous control (i.e, multi-agent mujoco). The results indicate that our method achieves significantly better results in complex and mixed offline multi-agent datasets, especially when the difference of data quality between individual trajectories is large.

We present a strong object detector with encoder-decoder pretraining and finetuning. Our method, called Group DETR v2, is built upon a vision transformer encoder ViT-Huge~\cite{dosovitskiy2020image}, a DETR variant DINO~\cite{zhang2022dino}, and an efficient DETR training method Group DETR~\cite{chen2022group}. The training process consists of self-supervised pretraining and finetuning a ViT-Huge encoder on ImageNet-1K, pretraining the detector on Object365, and finally finetuning it on COCO. Group DETR v2 achieves $\textbf{64.5}$ mAP on COCO test-dev, and establishes a new SoTA on the COCO leaderboard https://paperswithcode.com/sota/object-detection-on-coco

Human conversations of recommendation naturally involve the shift of interests which can align the recommendation actions and conversation process to make accurate recommendations with rich explanations. However, existing conversational recommendation systems (CRS) ignore the advantage of user interest shift in connecting recommendation and conversation, which leads to an ineffective loose coupling structure of CRS. To address this issue, by modeling the recommendation actions as recommendation paths in a knowledge graph (KG), we propose DICR (Dual Imitation for Conversational Recommendation), which designs a dual imitation to explicitly align the recommendation paths and user interest shift paths in a recommendation module and a conversation module, respectively. By exchanging alignment signals, DICR achieves bidirectional promotion between recommendation and conversation modules and generates high-quality responses with accurate recommendations and coherent explanations. Experiments demonstrate that DICR outperforms the state-of-the-art models on recommendation and conversation performance with automatic, human, and novel explainability metrics.

步态冻结（FOG）是帕金森氏病的最常见症状之一，这是中枢神经系统的神经退行性疾病，影响了世界各地数百万的人。为了满足提高雾的治疗质量的紧迫需求，设计雾计算机辅助检测和量化工具的需求越来越重要。作为一种用于收集运动模式的非侵入性技术，从压力敏感步态垫中获得的脚步压力序列为评估诊所和家庭环境中的雾气提供了绝佳的机会。在这项研究中，提出了雾检测为一项顺序建模任务，并提出了一种新颖的深度学习结构，即对对抗性时空网络（ASTN），提出了跨多个级别的雾模式。引入了一种新型的对抗训练方案，并具有多级主题鉴别器，以获得独立的雾代表示，这有助于降低由于高主体间方差而导致的过度拟合风险。结果，对于看不见的受试者，可以实现强大的雾检测。拟议的计划还阐明了从其他场景中改善主题级临床研究，因为它可以与许多现有的深层建筑集成在一起。据我们所知，这是基于脚步压力的雾检测的最早研究之一，利用ASTN的方法是追求独立于主题的表示形式的第一个深神经网络架构。从21名受试者收集的393次试验的实验结果表明，AUC 0.85的雾检测提出的ASTN表现令人鼓舞。

紧张的机器人由刚性杆和柔性电缆组成，表现出高强度对重的比率和极端变形，使它们能够驾驭非结构化的地形，甚至可以在严酷的冲击力上生存。但是，由于其高维，复杂的动态和耦合体系结构，它们很难控制。基于物理学的仿真是制定运动策略的途径，然后可以将其转移到真实的机器人中，但是建模时态机器人是一项复杂的任务，因此模拟会经历大量的SIM2REAL间隙。为了解决这个问题，本文介绍了台词机器人的真实2SIM2REAL策略。该策略是基于差异物理引擎的，可以在真正的机器人（即离线测量和一个随机轨迹）中进行有限的数据进行训练，并达到足够高的精度以发现可转移的运动策略。除了整体管道之外，这项工作的主要贡献包括在接触点处计算非零梯度，损失函数和轨迹分割技术，该技术避免了训练期间梯度评估的冲突。在实际的3杆张力机器人上证明并评估了所提出的管道。

在移动设备上部署机器学习模型已引起越来越多的关注。为了解决设备上硬件资源的局限性解决模型概括问题，设备模型需要通过诸如云模型的模型压缩等技术轻量级。但是，改善设备模型概括的主要障碍是云数据和设备模型数据之间的分布变化，因为设备模型上的数据分布通常会随着时间而变化（例如，用户在建议系统中可能具有不同的偏好）。尽管实时微调和蒸馏方法考虑到了这种情况，但这些方法需要进行设备训练，由于计算能力较低和设备上缺乏实时标记样品，因此实际上是不可行的。在本文中，我们提出了一个名为Metanetwork的新型任务无关框架，用于从云中生成自适应设备模型参数，而无需进行设备训练。具体而言，我们的元网络部署在云上，由元培养剂和转移器模块组成。 Metagenerator旨在学习从样本到模型参数的映射函数，并且可以根据从设备上传到云的样本生成和传递自适应参数到设备。转移剂旨在减少元烯剂的振荡，加速收敛并在训练和推理过程中提高模型性能。我们使用三个数据集评估了两个任务的方法。广泛的实验表明，元网可以以不同的方式实现竞争性能。

ICECUBE是一种用于检测1 GEV和1 PEV之间大气和天体中微子的光学传感器的立方公斤阵列，该阵列已部署1.45 km至2.45 km的南极的冰盖表面以下1.45 km至2.45 km。来自ICE探测器的事件的分类和重建在ICeCube数据分析中起着核心作用。重建和分类事件是一个挑战，这是由于探测器的几何形状，不均匀的散射和冰中光的吸收，并且低于100 GEV的光，每个事件产生的信号光子数量相对较少。为了应对这一挑战，可以将ICECUBE事件表示为点云图形，并将图形神经网络（GNN）作为分类和重建方法。 GNN能够将中微子事件与宇宙射线背景区分开，对不同的中微子事件类型进行分类，并重建沉积的能量，方向和相互作用顶点。基于仿真，我们提供了1-100 GEV能量范围的比较与当前ICECUBE分析中使用的当前最新最大似然技术，包括已知系统不确定性的影响。对于中微子事件分类，与当前的IceCube方法相比，GNN以固定的假阳性速率（FPR）提高了信号效率的18％。另外，GNN在固定信号效率下将FPR的降低超过8（低于半百分比）。对于能源，方向和相互作用顶点的重建，与当前最大似然技术相比，分辨率平均提高了13％-20％。当在GPU上运行时，GNN能够以几乎是2.7 kHz的中位数ICECUBE触发速率的速率处理ICECUBE事件，这打开了在在线搜索瞬态事件中使用低能量中微子的可能性。