联合学习（FL）已成为解决数据筒仓问题的实用解决方案，而不会损害用户隐私。它的一种变体垂直联合学习（VFL）最近引起了人们的关注，因为VFL与企业对利用更有价值的功能的需求相匹配，以构建更好的机器学习模型，同时保留用户隐私。当前在VFL中的工作集中于为特定VFL算法开发特定的保护或攻击机制。在这项工作中，我们提出了一个评估框架，该框架提出了隐私 - 私人评估问题。然后，我们将此框架作为指南，以全面评估针对三种广泛依据的VFL算法的大多数最先进的隐私攻击的广泛保护机制。这些评估可以帮助FL从业人员在特定要求下选择适当的保护机制。我们的评估结果表明：模型反转和大多数标签推理攻击可能会因现有保护机制而挫败；很难防止模型完成（MC）攻击，这需要更高级的MC靶向保护机制。根据我们的评估结果，我们为提高VFL系统的隐私保护能力提供具体建议。

联合学习（FL）使参与方能够在不公开私人数据信息的情况下协作建立一个全球模型。必须采用适当的保护机制，以满足保留\ textit {privacy}并维护高模型\ textit {utility}的相反要求。此外，为了实现大规模的模型培训和部署，联合学习系统实现高\ textit {效率}是一项任务。我们提出了一个统一的联合学习框架，可以调和水平和垂直的联合学习。基于此框架，我们制定和量化了隐私泄漏，公用事业损失和降低效率之间的权衡，这使我们成为了联合学习系统的无午餐定理（NFL）定理。 NFL表示，期望FL算法同时在某些情况下同时提供出色的隐私，实用性和效率是不现实的。然后，我们分析了几种广泛补习的保护机制的隐私泄漏，效用损失和效率降低的下限，包括\ textit {Randomization}，\ textIt {同粒子加密}，\ textit {secretit {secret {sertial {sertion {sertion {compression} {Compression}。我们的分析可以作为选择保护参数以满足特定要求的指南。

在联邦学习方案中，多方共同从其各自的数据中学习模型，有两个相互矛盾的目标是选择适当的算法。一方面，必须在存在\ textit {semi-honest}合作伙伴的情况下尽可能保持私人和敏感的培训数据，而另一方面，必须在不同方之间交换一定数量的信息学习实用程序。这样的挑战要求采用隐私的联合学习解决方案，该解决方案最大程度地提高了学习模型的效用，并维护参与各方的私人数据的可证明的隐私保证。本文说明了一个一般框架，即a）从统一信息理论的角度来制定隐私损失和效用损失之间的权衡，而b）在包括随机化，包括随机性，包括随机的机制，包括随机性，，包括随机性，，包括随机性，，包括随机性，，包括随机性，，包括随机性，，包括随机性，，包括随机性，包括随机性，，使用稀疏性和同态加密。结果表明，一般而言\ textit {没有免费的午餐来进行隐私 - 私人权衡取舍}，并且必须用一定程度的降级效用进行保存隐私。本文中说明的定量分析可以作为实用联合学习算法设计的指导。

我们暴露了在离线多代理增强学习（MARL）中奖励中毒的危险，从而使攻击者可以在离线数据集中对不同学习者的奖励向量修改，同时又产生了中毒成本。基于中毒的数据集，所有使用一些基于信心的MARL算法的理性学习者将推断出，目标政策 - 攻击者选择的目标政策最初是解决方案概念 - 是马尔可夫的完美主要策略，用于基础马尔可夫游戏因此，他们将来将采用这种潜在的破坏目标政策。我们表征了攻击者可以安装目标策略的确切条件。我们进一步展示了攻击者如何制定线性程序以最大程度地减少其中毒成本。我们的工作表明需要强大的泥土反对对抗攻击。

分布（OOD）检测是在开放世界中部署机器学习模型的关键任务。基于距离的方法已经证明了有望，如果测试样品离分布（ID）数据相对遥远，则将测试样品视为OOD。但是，先前的方法对基础特征空间施加了强有力的分布假设，这可能并不总是存在。在本文中，我们探讨了非参数最近邻居距离的疗效，以检测OOD，这在文献中很大程度上被忽略了。与先前的工作不同，我们的方法不会施加任何分布假设，因此提供了更强的灵活性和一般性。我们证明了在几个基准测试中基于邻元的OOD检测的有效性，并建立了卓越的性能。在对Imagenet-1K训练的同一模型下，我们的方法将假阳性率（FPR@tpr95）降低了24.77％，与强大的基线SSD+相比，使用参数方法Mahalanobis在检测中。可用代码：https：//github.com/deeplearning-wisc/knn-ood。

Masked image modeling (MIM) performs strongly in pre-training large vision Transformers (ViTs). However, small models that are critical for real-world applications cannot or only marginally benefit from this pre-training approach. In this paper, we explore distillation techniques to transfer the success of large MIM-based pre-trained models to smaller ones. We systematically study different options in the distillation framework, including distilling targets, losses, input, network regularization, sequential distillation, etc, revealing that: 1) Distilling token relations is more effective than CLS token- and feature-based distillation; 2) An intermediate layer of the teacher network as target perform better than that using the last layer when the depth of the student mismatches that of the teacher; 3) Weak regularization is preferred; etc. With these findings, we achieve significant fine-tuning accuracy improvements over the scratch MIM pre-training on ImageNet-1K classification, using all the ViT-Tiny, ViT-Small, and ViT-base models, with +4.2%/+2.4%/+1.4% gains, respectively. Our TinyMIM model of base size achieves 52.2 mIoU in AE20K semantic segmentation, which is +4.1 higher than the MAE baseline. Our TinyMIM model of tiny size achieves 79.6% top-1 accuracy on ImageNet-1K image classification, which sets a new record for small vision models of the same size and computation budget. This strong performance suggests an alternative way for developing small vision Transformer models, that is, by exploring better training methods rather than introducing inductive biases into architectures as in most previous works. Code is available at https://github.com/OliverRensu/TinyMIM.

In this paper, we propose a robust 3D detector, named Cross Modal Transformer (CMT), for end-to-end 3D multi-modal detection. Without explicit view transformation, CMT takes the image and point clouds tokens as inputs and directly outputs accurate 3D bounding boxes. The spatial alignment of multi-modal tokens is performed implicitly, by encoding the 3D points into multi-modal features. The core design of CMT is quite simple while its performance is impressive. CMT obtains 73.0% NDS on nuScenes benchmark. Moreover, CMT has a strong robustness even if the LiDAR is missing. Code will be released at https://github.com/junjie18/CMT.

Dataset distillation has emerged as a prominent technique to improve data efficiency when training machine learning models. It encapsulates the knowledge from a large dataset into a smaller synthetic dataset. A model trained on this smaller distilled dataset can attain comparable performance to a model trained on the original training dataset. However, the existing dataset distillation techniques mainly aim at achieving the best trade-off between resource usage efficiency and model utility. The security risks stemming from them have not been explored. This study performs the first backdoor attack against the models trained on the data distilled by dataset distillation models in the image domain. Concretely, we inject triggers into the synthetic data during the distillation procedure rather than during the model training stage, where all previous attacks are performed. We propose two types of backdoor attacks, namely NAIVEATTACK and DOORPING. NAIVEATTACK simply adds triggers to the raw data at the initial distillation phase, while DOORPING iteratively updates the triggers during the entire distillation procedure. We conduct extensive evaluations on multiple datasets, architectures, and dataset distillation techniques. Empirical evaluation shows that NAIVEATTACK achieves decent attack success rate (ASR) scores in some cases, while DOORPING reaches higher ASR scores (close to 1.0) in all cases. Furthermore, we conduct a comprehensive ablation study to analyze the factors that may affect the attack performance. Finally, we evaluate multiple defense mechanisms against our backdoor attacks and show that our attacks can practically circumvent these defense mechanisms.

Blind image quality assessment (BIQA) remains challenging due to the diversity of distortion and image content variation, which complicate the distortion patterns crossing different scales and aggravate the difficulty of the regression problem for BIQA. However, existing BIQA methods often fail to consider multi-scale distortion patterns and image content, and little research has been done on learning strategies to make the regression model produce better performance. In this paper, we propose a simple yet effective Progressive Multi-Task Image Quality Assessment (PMT-IQA) model, which contains a multi-scale feature extraction module (MS) and a progressive multi-task learning module (PMT), to help the model learn complex distortion patterns and better optimize the regression issue to align with the law of human learning process from easy to hard. To verify the effectiveness of the proposed PMT-IQA model, we conduct experiments on four widely used public datasets, and the experimental results indicate that the performance of PMT-IQA is superior to the comparison approaches, and both MS and PMT modules improve the model's performance.

Automatic music generation with artificial intelligence typically requires a large amount of data which is hard to obtain for many less common genres and musical instruments. To tackle this issue, we present ongoing work and preliminary findings on the possibility for deep models to transfer knowledge from language to music, by finetuning large language models pre-trained on a massive text corpus on only hundreds of MIDI files of drum performances. We show that by doing so, one of the largest, state-of-the-art models (GPT3) is capable of generating reasonable drum grooves, while models that are not pre-trained (Transformer) shows no such ability beyond naive repetition. Evaluating generated music is a challenging task, more so is evaluating drum grooves with little precedence in literature. Hence, we propose a tailored structural evaluation method and analyze drum grooves produced by GPT3 compared to those played by human professionals, exposing the strengths and weaknesses of such generation by language-to-music transfer. Our findings suggest that language-to-music transfer learning with large language models is viable and promising.