机器学习模型被证明是面对模型提取攻击的严重威胁，其中服务提供商拥有的训练有素的私人模型可以被假装作为客户端的攻击者窃取。不幸的是，先前的作品侧重于欧几里德空间训练的模型，例如图像和文本，而如何提取包含图形结构的GNN模型，则尚未探索节点功能。本文首次全面调查并开发针对GNN模型的模型提取攻击。我们首先通过考虑由攻击者获得的节点的不同背景知识，将对冲威胁分类为七种类别的威胁建模并将对抗性威胁分类为七个类别。然后我们展示了利用每种威胁中的可访问知识来实现​​攻击的详细方法。通过评估三个现实世界数据集，我们的攻击显示有效提取重复模型，即目标域中的84％ - 89％的输入具有与受害者模型相同的输出预测。

We propose a new neural network design paradigm Reversible Column Network (RevCol). The main body of RevCol is composed of multiple copies of subnetworks, named columns respectively, between which multi-level reversible connections are employed. Such architectural scheme attributes RevCol very different behavior from conventional networks: during forward propagation, features in RevCol are learned to be gradually disentangled when passing through each column, whose total information is maintained rather than compressed or discarded as other network does. Our experiments suggest that CNN-style RevCol models can achieve very competitive performances on multiple computer vision tasks such as image classification, object detection and semantic segmentation, especially with large parameter budget and large dataset. For example, after ImageNet-22K pre-training, RevCol-XL obtains 88.2% ImageNet-1K accuracy. Given more pre-training data, our largest model RevCol-H reaches 90.0% on ImageNet-1K, 63.8% APbox on COCO detection minival set, 61.0% mIoU on ADE20k segmentation. To our knowledge, it is the best COCO detection and ADE20k segmentation result among pure (static) CNN models. Moreover, as a general macro architecture fashion, RevCol can also be introduced into transformers or other neural networks, which is demonstrated to improve the performances in both computer vision and NLP tasks. We release code and models at https://github.com/megvii-research/RevCol

最近，蒙面图像建模（MIM）在自我监视的视觉识别方面取得了巨大的成功。但是，作为一个基于重建的框架，了解MIM的工作原理仍然是一个悬而未决的问题，因为MIM与以前研究过的暹罗方法（例如对比度学习）有很大不同。在本文中，我们提出了一个新的观点：MIM隐含地学习咬合不变特征，这与其他暹罗方法类似，而后者则学习其他不变性。通过将MIM公式放松为等效的暹罗形式，可以用常规方法在统一框架中解释MIM方法，其中只有a）数据转换，即学习什么不变性，b）相似性测量是不同的。此外，以Mae（He等）为MIM的一个代表性示例，我们从经验上发现MIM模型的成功与选择相似性功能的选择有点联系，但是蒙面图像引入了学习的咬合不变特征 - 事实证明对于视觉变压器来说，这是一个受欢迎的初始化，即使学习的功能可能不太语义。我们希望我们的发现能够激发研究人员在计算机视觉社区中开发更强大的自我监督方法。

我们专注于更好地理解增强不变代表性学习的关键因素。我们重新访问moco v2和byol，并试图证明以下假设的真实性：不同的框架即使具有相同的借口任务也会带来不同特征的表示。我们建立了MoCo V2和BYOL之间公平比较的第一个基准，并观察：（i）复杂的模型配置使得可以更好地适应预训练数据集； （ii）从实现竞争性转移表演中获得的预训练和微调阻碍模型的优化策略不匹配。鉴于公平的基准，我们进行进一步的研究并发现网络结构的不对称性赋予对比框架在线性评估协议下正常工作，同时可能会损害长尾分类任务的转移性能。此外，负样本并不能使模型更明智地选择数据增强，也不会使不对称网络结构结构。我们相信我们的发现为将来的工作提供了有用的信息。

很少有语义细分旨在识别一个看不见类别的对象区域，只有几个带注释的示例作为监督。几次分割的关键是在支持图像和查询图像之间建立牢固的语义关系，并防止过度拟合。在本文中，我们提出了一个有效的多相似性超关联网络（MSHNET），以解决几个射击语义分割问题。在MSHNET中，我们提出了一种新的生成原型相似性（GPS），与余弦相似性可以在支持图像和查询图像之间建立牢固的语义关系。基于全局特征的本地生成的原型相似性在逻辑上与基于本地特征的全局余弦相似性互补，并且可以通过同时使用两个相似性来更全面地表达查询图像和受支持图像之间的关系。此外，我们提出了MSHNET中的对称合并块（SMB），以有效合并多层，多弹射和多相似性超相关特征。 MSHNET是基于相似性而不是特定类别特征而构建的，这些特征可以实现更一般的统一性并有效地减少过度拟合。在两个基准的语义分割数据集Pascal-5i和Coco-20i上，MSHNET在1次和5次语义分段任务上实现了新的最先进的表演。

知识图（KGS）代表作为三元组的事实已被广泛采用在许多应用中。 LIGHT预测和规则感应等推理任务对于KG的开发很重要。已经提出了知识图形嵌入式（KGES）将kg的实体和kg与持续向量空间的关系进行了建议，以获得这些推理任务，并被证明是有效和强大的。但在实际应用中申请和部署KGE的合理性和可行性尚未探索。在本文中，我们讨论并报告我们在真实域应用程序中部署KGE的经验：电子商务。我们首先为电子商务KG系统提供三个重要的探索者：1）注意推理，推理几个目标关系更为关注而不是全部; 2）解释，提供预测的解释，帮助用户和业务运营商理解为什么预测; 3）可转让规则，生成可重用的规则，以加速将千克部署到新系统。虽然非现有KGE可以满足所有这些DesiderATA，但我们提出了一种新颖的一种，可说明的知识图表注意网络，通过建模三元组之间的相关性而不是纯粹依赖于其头实体，关系和尾部实体嵌入来预测。它可以自动选择预测的注意力三倍，并同时记录它们的贡献，从该解释可以很容易地提供，可以有效地生产可转移规则。我们经验表明，我们的方法能够在我们的电子商务应用程序中满足所有三个DesiderATA，并从实际域应用程序中倾斜于数据集的典型基线。

Dataset distillation has emerged as a prominent technique to improve data efficiency when training machine learning models. It encapsulates the knowledge from a large dataset into a smaller synthetic dataset. A model trained on this smaller distilled dataset can attain comparable performance to a model trained on the original training dataset. However, the existing dataset distillation techniques mainly aim at achieving the best trade-off between resource usage efficiency and model utility. The security risks stemming from them have not been explored. This study performs the first backdoor attack against the models trained on the data distilled by dataset distillation models in the image domain. Concretely, we inject triggers into the synthetic data during the distillation procedure rather than during the model training stage, where all previous attacks are performed. We propose two types of backdoor attacks, namely NAIVEATTACK and DOORPING. NAIVEATTACK simply adds triggers to the raw data at the initial distillation phase, while DOORPING iteratively updates the triggers during the entire distillation procedure. We conduct extensive evaluations on multiple datasets, architectures, and dataset distillation techniques. Empirical evaluation shows that NAIVEATTACK achieves decent attack success rate (ASR) scores in some cases, while DOORPING reaches higher ASR scores (close to 1.0) in all cases. Furthermore, we conduct a comprehensive ablation study to analyze the factors that may affect the attack performance. Finally, we evaluate multiple defense mechanisms against our backdoor attacks and show that our attacks can practically circumvent these defense mechanisms.

Blind image quality assessment (BIQA) remains challenging due to the diversity of distortion and image content variation, which complicate the distortion patterns crossing different scales and aggravate the difficulty of the regression problem for BIQA. However, existing BIQA methods often fail to consider multi-scale distortion patterns and image content, and little research has been done on learning strategies to make the regression model produce better performance. In this paper, we propose a simple yet effective Progressive Multi-Task Image Quality Assessment (PMT-IQA) model, which contains a multi-scale feature extraction module (MS) and a progressive multi-task learning module (PMT), to help the model learn complex distortion patterns and better optimize the regression issue to align with the law of human learning process from easy to hard. To verify the effectiveness of the proposed PMT-IQA model, we conduct experiments on four widely used public datasets, and the experimental results indicate that the performance of PMT-IQA is superior to the comparison approaches, and both MS and PMT modules improve the model's performance.

The development of social media user stance detection and bot detection methods rely heavily on large-scale and high-quality benchmarks. However, in addition to low annotation quality, existing benchmarks generally have incomplete user relationships, suppressing graph-based account detection research. To address these issues, we propose a Multi-Relational Graph-Based Twitter Account Detection Benchmark (MGTAB), the first standardized graph-based benchmark for account detection. To our knowledge, MGTAB was built based on the largest original data in the field, with over 1.55 million users and 130 million tweets. MGTAB contains 10,199 expert-annotated users and 7 types of relationships, ensuring high-quality annotation and diversified relations. In MGTAB, we extracted the 20 user property features with the greatest information gain and user tweet features as the user features. In addition, we performed a thorough evaluation of MGTAB and other public datasets. Our experiments found that graph-based approaches are generally more effective than feature-based approaches and perform better when introducing multiple relations. By analyzing experiment results, we identify effective approaches for account detection and provide potential future research directions in this field. Our benchmark and standardized evaluation procedures are freely available at: https://github.com/GraphDetec/MGTAB.

Given the increasingly intricate forms of partial differential equations (PDEs) in physics and related fields, computationally solving PDEs without analytic solutions inevitably suffers from the trade-off between accuracy and efficiency. Recent advances in neural operators, a kind of mesh-independent neural-network-based PDE solvers, have suggested the dawn of overcoming this challenge. In this emerging direction, Koopman neural operator (KNO) is a representative demonstration and outperforms other state-of-the-art alternatives in terms of accuracy and efficiency. Here we present KoopmanLab, a self-contained and user-friendly PyTorch module of the Koopman neural operator family for solving partial differential equations. Beyond the original version of KNO, we develop multiple new variants of KNO based on different neural network architectures to improve the general applicability of our module. These variants are validated by mesh-independent and long-term prediction experiments implemented on representative PDEs (e.g., the Navier-Stokes equation and the Bateman-Burgers equation) and ERA5 (i.e., one of the largest high-resolution data sets of global-scale climate fields). These demonstrations suggest the potential of KoopmanLab to be considered in diverse applications of partial differential equations.