We conduct a systematic study of backdoor vulnerabilities in normally trained Deep Learning models. They are as dangerous as backdoors injected by data poisoning because both can be equally exploited. We leverage 20 different types of injected backdoor attacks in the literature as the guidance and study their correspondences in normally trained models, which we call natural backdoor vulnerabilities. We find that natural backdoors are widely existing, with most injected backdoor attacks having natural correspondences. We categorize these natural backdoors and propose a general detection framework. It finds 315 natural backdoors in the 56 normally trained models downloaded from the Internet, covering all the different categories, while existing scanners designed for injected backdoors can at most detect 65 backdoors. We also study the root causes and defense of natural backdoors.

普遍的后门是由动态和普遍的输入扰动触发的。它们可以被攻击者故意注射，也可以自然存在于经过正常训练的模型中。它们的性质与传统的静态和局部后门不同，可以通过扰动带有一些固定图案的小输入区域来触发，例如带有纯色的贴片。现有的防御技术对于传统后门非常有效。但是，它们可能对普遍的后门无法正常工作，尤其是在后门去除和模型硬化方面。在本文中，我们提出了一种针对普遍的后门，包括天然和注射后门的新型模型硬化技术。我们基于通过特殊转换层增强的编码器架构来开发一般的普遍攻击。该攻击可以对现有的普遍后门攻击进行建模，并通过类距离进行量化。因此，使用我们在对抗训练中攻击的样品可以使模型与这些后门漏洞相比。我们对9个具有15个模型结构的9个数据集的评估表明，我们的技术可以平均扩大阶级距离59.65％，精度降解且没有稳健性损失，超过了五种硬化技术，例如对抗性训练，普遍的对抗训练，Moth，Moth等， 。它可以将六次普遍后门攻击的攻击成功率从99.06％降低到1.94％，超过七种最先进的后门拆除技术。

在部署非视线（NLOS）成像系统中，越来越兴趣，以恢复障碍物背后的物体。现有解决方案通常在扫描隐藏对象之前预先校准系统。在封堵器，对象和扫描模式的现场调整需要重新校准。我们提出了一种在线校准技术，直接将所获取的瞬态扫描到LOS和隐藏组件中的所获取的瞬态耦合。我们使用前者直接（RE）在场景/障碍配置，扫描区域和扫描模式的变化时校准系统，而后者通过空间，频率或基于学习的技术恢复后者。我们的技术避免使用辅助校准设备，例如镜子或棋盘，并支持实验室验证和现实世界部署。

学习模当融合的表示和处理未对准的多模式序列在多式联情绪识别中是有意义的，具有挑战性。现有方法使用定向成对注意力或消息中心到熔丝语言，视觉和音频模态。然而，这些方法在融合特征时介绍信息冗余，并且在不考虑方式的互补性的情况下效率低效。在本文中，我们提出了一种高效的神经网络，以学习与CB变压器（LMR-CBT）的模型融合表示，用于从未对准的多模式序列进行多峰情绪识别。具体地，我们首先为三种方式执行特征提取，以获得序列的局部结构。然后，我们设计具有跨模块块（CB变压器）的新型变压器，其能够实现不同模式的互补学习，主要分为局部时间学习，跨模型特征融合和全球自我关注表示。此外，我们将融合功能与原始特征拼接以对序列的情绪进行分类。最后，我们在三个具有挑战性的数据集，IEMocap，CMU-MOSI和CMU-MOSEI进行词语对齐和未对准的实验。实验结果表明我们在两个设置中提出的方法的优势和效率。与主流方法相比，我们的方法以最小数量的参数达到最先进的。

有条件的生成模型旨在学习数据和标签的基础联合分布，以实现有条件的数据生成。其中，辅助分类器生成的对抗网络（AC-GAN）已被广泛使用，但遭受了生成样品的阶层内多样性的问题。本文指出的基本原因是，AC-GAN的分类器是生成器 - 静脉器，因此不能为发电机提供接近联合分布的信息指导，从而最小化条件熵，从而减少了阶级内的阶级。多样性。在这种理解的推动下，我们提出了一个具有辅助判别分类器（ADC-GAN）的新型条件gan，以解决上述问题。具体而言，提出的辅助判别分类器通过识别真实数据的类标签和生成的数据而成为生成器感知。我们的理论分析表明，即使没有原始歧视者，发电机也可以忠实地学习联合分布，从而使拟议的ADC-GAN可靠，可适应该系数超参数的价值和GAN损失的选择，并在训练过程中稳定。关于合成和现实世界数据集的广泛实验结果表明，与基于最新的分类器和基于基于投影的条件gan相比，有条件生成建模中ADC-GAN的优势。

Dataset distillation has emerged as a prominent technique to improve data efficiency when training machine learning models. It encapsulates the knowledge from a large dataset into a smaller synthetic dataset. A model trained on this smaller distilled dataset can attain comparable performance to a model trained on the original training dataset. However, the existing dataset distillation techniques mainly aim at achieving the best trade-off between resource usage efficiency and model utility. The security risks stemming from them have not been explored. This study performs the first backdoor attack against the models trained on the data distilled by dataset distillation models in the image domain. Concretely, we inject triggers into the synthetic data during the distillation procedure rather than during the model training stage, where all previous attacks are performed. We propose two types of backdoor attacks, namely NAIVEATTACK and DOORPING. NAIVEATTACK simply adds triggers to the raw data at the initial distillation phase, while DOORPING iteratively updates the triggers during the entire distillation procedure. We conduct extensive evaluations on multiple datasets, architectures, and dataset distillation techniques. Empirical evaluation shows that NAIVEATTACK achieves decent attack success rate (ASR) scores in some cases, while DOORPING reaches higher ASR scores (close to 1.0) in all cases. Furthermore, we conduct a comprehensive ablation study to analyze the factors that may affect the attack performance. Finally, we evaluate multiple defense mechanisms against our backdoor attacks and show that our attacks can practically circumvent these defense mechanisms.

Few Shot Instance Segmentation (FSIS) requires models to detect and segment novel classes with limited several support examples. In this work, we explore a simple yet unified solution for FSIS as well as its incremental variants, and introduce a new framework named Reference Twice (RefT) to fully explore the relationship between support/query features based on a Transformer-like framework. Our key insights are two folds: Firstly, with the aid of support masks, we can generate dynamic class centers more appropriately to re-weight query features. Secondly, we find that support object queries have already encoded key factors after base training. In this way, the query features can be enhanced twice from two aspects, i.e., feature-level and instance-level. In particular, we firstly design a mask-based dynamic weighting module to enhance support features and then propose to link object queries for better calibration via cross-attention. After the above steps, the novel classes can be improved significantly over our strong baseline. Additionally, our new framework can be easily extended to incremental FSIS with minor modification. When benchmarking results on the COCO dataset for FSIS, gFSIS, and iFSIS settings, our method achieves a competitive performance compared to existing approaches across different shots, e.g., we boost nAP by noticeable +8.2/+9.4 over the current state-of-the-art FSIS method for 10/30-shot. We further demonstrate the superiority of our approach on Few Shot Object Detection. Code and model will be available.

Nowadays, time-stamped web documents related to a general news query floods spread throughout the Internet, and timeline summarization targets concisely summarizing the evolution trajectory of events along the timeline. Unlike traditional document summarization, timeline summarization needs to model the time series information of the input events and summarize important events in chronological order. To tackle this challenge, in this paper, we propose a Unified Timeline Summarizer (UTS) that can generate abstractive and extractive timeline summaries in time order. Concretely, in the encoder part, we propose a graph-based event encoder that relates multiple events according to their content dependency and learns a global representation of each event. In the decoder part, to ensure the chronological order of the abstractive summary, we propose to extract the feature of event-level attention in its generation process with sequential information remained and use it to simulate the evolutionary attention of the ground truth summary. The event-level attention can also be used to assist in extracting summary, where the extracted summary also comes in time sequence. We augment the previous Chinese large-scale timeline summarization dataset and collect a new English timeline dataset. Extensive experiments conducted on these datasets and on the out-of-domain Timeline 17 dataset show that UTS achieves state-of-the-art performance in terms of both automatic and human evaluations.

Due to their ability to offer more comprehensive information than data from a single view, multi-view (multi-source, multi-modal, multi-perspective, etc.) data are being used more frequently in remote sensing tasks. However, as the number of views grows, the issue of data quality becomes more apparent, limiting the potential benefits of multi-view data. Although recent deep neural network (DNN) based models can learn the weight of data adaptively, a lack of research on explicitly quantifying the data quality of each view when fusing them renders these models inexplicable, performing unsatisfactorily and inflexible in downstream remote sensing tasks. To fill this gap, in this paper, evidential deep learning is introduced to the task of aerial-ground dual-view remote sensing scene classification to model the credibility of each view. Specifically, the theory of evidence is used to calculate an uncertainty value which describes the decision-making risk of each view. Based on this uncertainty, a novel decision-level fusion strategy is proposed to ensure that the view with lower risk obtains more weight, making the classification more credible. On two well-known, publicly available datasets of aerial-ground dual-view remote sensing images, the proposed approach achieves state-of-the-art results, demonstrating its effectiveness. The code and datasets of this article are available at the following address: https://github.com/gaopiaoliang/Evidential.

In this tutorial paper, we look into the evolution and prospect of network architecture and propose a novel conceptual architecture for the 6th generation (6G) networks. The proposed architecture has two key elements, i.e., holistic network virtualization and pervasive artificial intelligence (AI). The holistic network virtualization consists of network slicing and digital twin, from the aspects of service provision and service demand, respectively, to incorporate service-centric and user-centric networking. The pervasive network intelligence integrates AI into future networks from the perspectives of networking for AI and AI for networking, respectively. Building on holistic network virtualization and pervasive network intelligence, the proposed architecture can facilitate three types of interplay, i.e., the interplay between digital twin and network slicing paradigms, between model-driven and data-driven methods for network management, and between virtualization and AI, to maximize the flexibility, scalability, adaptivity, and intelligence for 6G networks. We also identify challenges and open issues related to the proposed architecture. By providing our vision, we aim to inspire further discussions and developments on the potential architecture of 6G.