机器学习模型表现出两个看似矛盾的现象：训练数据记忆和各种遗忘形式。在记忆中，模型过于适合特定的培训示例，并容易受到隐私攻击的影响。在忘记时，最终忘记了在培训初期出现的例子。在这项工作中，我们将这些现象联系起来。我们提出了一种技术，以衡量训练示例的细节在多大程度上``忘记''，从而不易受到他们最近未曾见过的示例的隐私攻击的影响。我们表明，尽管非凸性可以防止在最坏的情况下忘记发生，但标准图像和语音模型在经验上确实会随着时间的流逝而忘记示例。我们将非确定性识别为潜在的解释，表明经过确定性训练的模型不会忘记。我们的结果表明，当使用极大的数据集培训（例如用于预训练模型的示例）时，早期看到的例子可能会观察到隐私益处，而牺牲了后来看到的示例。

员额推理攻击允许对训练的机器学习模型进行对手以预测模型的训练数据集中包含特定示例。目前使用平均案例的“精度”度量来评估这些攻击，该攻击未能表征攻击是否可以自信地识别培训集的任何成员。我们认为，应该通过计算其低（例如<0.1％）假阳性率来计算攻击来评估攻击，并在以这种方式评估时发现大多数事先攻击差。为了解决这一问题，我们开发了一个仔细结合文献中多种想法的似然比攻击（Lira）。我们的攻击是低于虚假阳性率的10倍，并且在攻击现有度量的情况下也严格占主导地位。

神经解码在大脑和外部世界之间的相互作用中起着至关重要的作用。在本文中，我们基于猕媚的神经信号直接解码手指的运动轨道。监督的回归方法可能会过度符合噪声包含的实际标签，并且需要高标签成本，而无监督的方法通常具有不令人满意的准确性。此外，空间和时间信息通常被忽略或不充分利用这些作品。这使我们提出了一种稳健的弱监管方法，用于神经解码的VIF-SD2E。特别地，VIF-SD2E由空间分割（SD）模块和探索开发（2E）策略组成，以有效利用外部世界的空间信息和神经活动的时间信息，其中SD2E输出进行了比较随着弱的0/1视觉反馈（VIF）标签进行培训。广泛的实验证明了我们方法的有效性，有时可能与监督对应物相当。

我们重新审视使​​用公共数据来改善差异私有（DP）模型培训的隐私/实用权折衷的问题。在这里，公共数据是指没有隐私问题的辅助数据集。我们考虑与私人培训数据相同的分发的公共数据。对于凸损失，我们表明镜子血清的变体提供了与模型的维度（$ p $）的人口风险保证。具体地，我们将镜像血液应用于由公共数据生成的丢失作为镜像映射，并使用私有（敏感）数据生成的丢失的DP梯度。为了获得维度独立性，我们需要$ g_q ^ 2 \ leq p $公共数据样本，其中$ g_q $是损失功能各向同性的量度。我们进一步表明，我们的算法具有天然的“噪音稳定性”属性：如果围绕当前迭代公共损失，请以$ V $的方向满足$ \ alpha_v $ -strong凸性，然后使用嘈杂的渐变而不是确切的渐变偏移我们的下一次迭代$ v $ v $比例为$ 1 / alpha_v $（与DP-SGD相比，换档是各向同性的）。在前作品中的类似结果必须使用预处理器矩阵形式的公共数据明确地学习几何图形。我们的方法也适用于非凸损失，因为它不依赖于凸起假设以确保DP保证。我们通过显示线性回归，深度学习基准数据集（Wikitext-2，Cifar-10和Emnist）以及联合学习（StackOverflow）来证明我们的算法的经验效果。我们表明，我们的算法不仅显着改善了传统的DP-SGD和DP-FedAVG，它没有访问公共数据，而且还可以改善DP-SGD和DP-FedAVG对已与公众预先培训的模型数据开始。

我们考虑使用迷你批量梯度进行差异隐私（DP）的培训模型。现有的最先进的差异私有随机梯度下降（DP-SGD）需要通过采样或洗机来获得最佳隐私/准确性/计算权衡的隐私放大。不幸的是，在重要的实际情况下，精确采样和洗牌的精确要求可能很难获得，特别是联邦学习（FL）。我们设计和分析跟随 - 正规的领导者（DP-FTRL）的DP变体，其比较（理论上和经验地）与放大的DP-SGD相比，同时允许更灵活的数据访问模式。DP-FTRL不使用任何形式的隐私放大。该代码可在https://github.com/google-Research/federated/tree/master/dp_ftrl和https://github.com/google-reesearch/dp-ftrl处获得。

Learning on Graphs (LoG) is widely used in multi-client systems when each client has insufficient local data, and multiple clients have to share their raw data to learn a model of good quality. One scenario is to recommend items to clients with limited historical data and sharing similar preferences with other clients in a social network. On the other hand, due to the increasing demands for the protection of clients' data privacy, Federated Learning (FL) has been widely adopted: FL requires models to be trained in a multi-client system and restricts sharing of raw data among clients. The underlying potential data-sharing conflict between LoG and FL is under-explored and how to benefit from both sides is a promising problem. In this work, we first formulate the Graph Federated Learning (GFL) problem that unifies LoG and FL in multi-client systems and then propose sharing hidden representation instead of the raw data of neighbors to protect data privacy as a solution. To overcome the biased gradient problem in GFL, we provide a gradient estimation method and its convergence analysis under the non-convex objective. In experiments, we evaluate our method in classification tasks on graphs. Our experiment shows a good match between our theory and the practice.

Unsupervised pre-training on millions of digital-born or scanned documents has shown promising advances in visual document understanding~(VDU). While various vision-language pre-training objectives are studied in existing solutions, the document textline, as an intrinsic granularity in VDU, has seldom been explored so far. A document textline usually contains words that are spatially and semantically correlated, which can be easily obtained from OCR engines. In this paper, we propose Wukong-Reader, trained with new pre-training objectives to leverage the structural knowledge nested in document textlines. We introduce textline-region contrastive learning to achieve fine-grained alignment between the visual regions and texts of document textlines. Furthermore, masked region modeling and textline-grid matching are also designed to enhance the visual and layout representations of textlines. Experiments show that our Wukong-Reader has superior performance on various VDU tasks such as information extraction. The fine-grained alignment over textlines also empowers Wukong-Reader with promising localization ability.

The security of artificial intelligence (AI) is an important research area towards safe, reliable, and trustworthy AI systems. To accelerate the research on AI security, the Artificial Intelligence Security Competition (AISC) was organized by the Zhongguancun Laboratory, China Industrial Control Systems Cyber Emergency Response Team, Institute for Artificial Intelligence, Tsinghua University, and RealAI as part of the Zhongguancun International Frontier Technology Innovation Competition (https://www.zgc-aisc.com/en). The competition consists of three tracks, including Deepfake Security Competition, Autonomous Driving Security Competition, and Face Recognition Security Competition. This report will introduce the competition rules of these three tracks and the solutions of top-ranking teams in each track.

Both goal-agnostic and goal-oriented tasks have practical value for robotic grasping: goal-agnostic tasks target all objects in the workspace, while goal-oriented tasks aim at grasping pre-assigned goal objects. However, most current grasping methods are only better at coping with one task. In this work, we propose a bifunctional push-grasping synergistic strategy for goal-agnostic and goal-oriented grasping tasks. Our method integrates pushing along with grasping to pick up all objects or pre-assigned goal objects with high action efficiency depending on the task requirement. We introduce a bifunctional network, which takes in visual observations and outputs dense pixel-wise maps of Q values for pushing and grasping primitive actions, to increase the available samples in the action space. Then we propose a hierarchical reinforcement learning framework to coordinate the two tasks by considering the goal-agnostic task as a combination of multiple goal-oriented tasks. To reduce the training difficulty of the hierarchical framework, we design a two-stage training method to train the two types of tasks separately. We perform pre-training of the model in simulation, and then transfer the learned model to the real world without any additional real-world fine-tuning. Experimental results show that the proposed approach outperforms existing methods in task completion rate and grasp success rate with less motion number. Supplementary material is available at https: //github.com/DafaRen/Learning_Bifunctional_Push-grasping_Synergistic_Strategy_for_Goal-agnostic_and_Goal-oriented_Tasks

Stairs are common building structures in urban environment, and stair detection is an important part of environment perception for autonomous mobile robots. Most existing algorithms have difficulty combining the visual information from binocular sensors effectively and ensuring reliable detection at night and in the case of extremely fuzzy visual clues. To solve these problems, we propose a neural network architecture with inputs of both RGB map and depth map. Specifically, we design the selective module which can make the network learn the complementary relationship between RGB map and depth map and effectively combine the information from RGB map and depth map in different scenes. In addition, we also design a line clustering algorithm for the post-processing of detection results, which can make full use of the detection results to obtain the geometric parameters of stairs. Experiments on our dataset show that our method can achieve better accuracy and recall compared with the previous state-of-the-art deep learning method, which are 5.64% and 7.97%, respectively. Our method also has extremely fast detection speed, and a lightweight version can achieve 300 + frames per second with the same resolution, which can meet the needs of most real-time detection scenes.