在低标签制度中，解决图像的多标签识别（MLR）是许多现实世界应用的一项艰巨任务。最近的工作学会了文本和视觉空间之间的一致性，以补偿图像标签不足，但由于可用的MLR注释量有限，因此失去了准确性。在这项工作中，我们利用数百万辅助图像文本对预测的文本和视觉特征的牢固对齐，并提出双背景优化（dualCoop）作为部分标签MLR和零发射MLR的统一框架。 DualCoop用类名来编码正面和负面的上下文，作为语言输入的一部分（即提示）。由于DualCoop仅在验证的视觉语言框架上引入了非常轻松的开销，因此它可以迅速适应具有有限的注释甚至看不见的类别的多标签识别任务。对两个挑战性低标签设置的标准多标签识别基准测试的实验证明了我们方法比最新方法的优势。

As acquiring manual labels on data could be costly, unsupervised domain adaptation (UDA), which transfers knowledge learned from a rich-label dataset to the unlabeled target dataset, is gaining increasing popularity. While extensive studies have been devoted to improving the model accuracy on target domain, an important issue of model robustness is neglected. To make things worse, conventional adversarial training (AT) methods for improving model robustness are inapplicable under UDA scenario since they train models on adversarial examples that are generated by supervised loss function. In this paper, we present a new meta self-training pipeline, named SRoUDA, for improving adversarial robustness of UDA models. Based on self-training paradigm, SRoUDA starts with pre-training a source model by applying UDA baseline on source labeled data and taraget unlabeled data with a developed random masked augmentation (RMA), and then alternates between adversarial target model training on pseudo-labeled target data and finetuning source model by a meta step. While self-training allows the direct incorporation of AT in UDA, the meta step in SRoUDA further helps in mitigating error propagation from noisy pseudo labels. Extensive experiments on various benchmark datasets demonstrate the state-of-the-art performance of SRoUDA where it achieves significant model robustness improvement without harming clean accuracy. Code is available at https://github.com/Vision.

Federated Learning (FL) is pervasive in privacy-focused IoT environments since it enables avoiding privacy leakage by training models with gradients instead of data. Recent works show the uploaded gradients can be employed to reconstruct data, i.e., gradient leakage attacks, and several defenses are designed to alleviate the risk by tweaking the gradients. However, these defenses exhibit weak resilience against threatening attacks, as the effectiveness builds upon the unrealistic assumptions that deep neural networks are simplified as linear models. In this paper, without such unrealistic assumptions, we present a novel defense, called Refiner, instead of perturbing gradients, which refines ground-truth data to craft robust data that yields sufficient utility but with the least amount of privacy information, and then the gradients of robust data are uploaded. To craft robust data, Refiner promotes the gradients of critical parameters associated with robust data to close ground-truth ones while leaving the gradients of trivial parameters to safeguard privacy. Moreover, to exploit the gradients of trivial parameters, Refiner utilizes a well-designed evaluation network to steer robust data far away from ground-truth data, thereby alleviating privacy leakage risk. Extensive experiments across multiple benchmark datasets demonstrate the superior defense effectiveness of Refiner at defending against state-of-the-art threats.

When presented with a data stream of two statistically dependent variables, predicting the future of one of the variables (the target stream) can benefit from information about both its history and the history of the other variable (the source stream). For example, fluctuations in temperature at a weather station can be predicted using both temperatures and barometric readings. However, a challenge when modelling such data is that it is easy for a neural network to rely on the greatest joint correlations within the target stream, which may ignore a crucial but small information transfer from the source to the target stream. As well, there are often situations where the target stream may have previously been modelled independently and it would be useful to use that model to inform a new joint model. Here, we develop an information bottleneck approach for conditional learning on two dependent streams of data. Our method, which we call Transfer Entropy Bottleneck (TEB), allows one to learn a model that bottlenecks the directed information transferred from the source variable to the target variable, while quantifying this information transfer within the model. As such, TEB provides a useful new information bottleneck approach for modelling two statistically dependent streams of data in order to make predictions about one of them.

在不同模型中，对抗性示例（AES）的可传递性对于黑盒对抗攻击至关重要，在黑框对抗攻击中，攻击者无法访问有关黑盒模型的信息。但是，制作的AE总是表现出差的可转移性。在本文中，通过将AES作为模型的概括能力的可传递性，我们揭示了Vanilla Black-Box攻击通过解决最大似然估计（MLE）问题来制作AES。对于MLE，结果可能是特定于模型的本地最佳最佳，当可用数据较小时，即限制了AE的可传递性。相比之下，我们将可转移的AES重新构建为最大化后验概率估计问题，这是一种有效的方法，可以提高结果有限的结果的概括。由于贝叶斯后推断通常很棘手，因此开发了一种简单而有效的方法称为MaskBlock以近似估计。此外，我们表明该配方框架是各种攻击方法的概括版本。广泛的实验说明了面具可以显着提高制作的对抗性例子的可转移性，最多可以提高20％。

神经网络的不透明度导致其脆弱性发生后门攻击，其中触发了感染神经元的隐藏注意力，以覆盖对攻击者选择的神经元的正常预测。在本文中，我们提出了一种新型的后门防御方法，以标记和净化后门神经网络中受感染的神经元。具体来说，我们首先定义了一个名为良性显着性的新指标。通过将一阶梯度组合以保持神经元之间的连接，良性显着性可以鉴定出比后门防御中常用度量的高精度的感染神经元。然后，提出了一种新的自适应正则化（AR）机制，以通过微调来帮助净化这些被鉴定的感染神经元。由于能够适应不同参数幅度的能力，与神经元纯化中的共同正则化机制相比，AR可以提供更快，更稳定的收敛性。广泛的实验结果表明，我们的方法可以消除具有可忽略的性能降解的神经网络中的后门。

为了应对对抗性实例的威胁，对抗性培训提供了一种有吸引力的选择，可以通过在线增强的对抗示例中的培训模型提高模型稳健性。然而，大多数现有的对抗训练方法通过强化对抗性示例来侧重于提高鲁棒的准确性，但忽略了天然数据和对抗性实施例之间的增加，导致自然精度急剧下降。为了维持自然和强大的准确性之间的权衡，我们从特征适应的角度缓解了转变，并提出了一种特征自适应对抗训练（FAAT），这些培训（FAAT）跨越自然数据和对抗示例优化类条件特征适应。具体而言，我们建议纳入一类条件鉴别者，以鼓励特征成为（1）类鉴别的和（2）不变导致对抗性攻击的变化。新型的FAAT框架通过在天然和对抗数据中产生具有类似分布的特征来实现自然和强大的准确性之间的权衡，并实现从类鉴别特征特征中受益的更高的整体鲁棒性。在各种数据集上的实验表明，FAAT产生更多辨别特征，并对最先进的方法表现有利。代码在https://github.com/visionflow/faat中获得。

目的：深度神经网络（DNN）已被广泛应用于医学图像分类中，从其在医学图像中的强大映射能力中受益。但是，这些现有的基于深度学习的方法取决于大量精心标记的图像。同时，标记过程中不可避免地引入噪声，从而降低了模型的性能。因此，制定强大的培训策略以减轻医学图像分类任务中的标签噪声是很重要的。方法：在这项工作中，我们提出了一种新颖的贝叶斯统计数据指导标签翻新机制（BLRM），以防止过度适合嘈杂的图像。 BLRM利用贝叶斯统计数据和指定时间加权技术中的最大后验概率（MAP）来选择性地纠正嘈杂图像的标签。激活BLRM时，训练时期逐渐纯化训练图像，从而进一步改善分类性能。结果：关于合成噪声图像（公共OCT和Messidor数据集）和现实世界嘈杂图像（Animal-10N）的全面实验表明，BLRM选择性地翻新了噪声标签，从而凝结了噪声数据的不良影响。同样，与DNN集成的抗噪声BLRM在不同的噪声比下有效，并且独立于骨干DNN架构。此外，BLRM优于抗噪声的最新比较方法。结论：这些研究表明，所提出的BLRM能够缓解医学图像分类任务中的标签噪声。

In this paper, we propose a robust 3D detector, named Cross Modal Transformer (CMT), for end-to-end 3D multi-modal detection. Without explicit view transformation, CMT takes the image and point clouds tokens as inputs and directly outputs accurate 3D bounding boxes. The spatial alignment of multi-modal tokens is performed implicitly, by encoding the 3D points into multi-modal features. The core design of CMT is quite simple while its performance is impressive. CMT obtains 73.0% NDS on nuScenes benchmark. Moreover, CMT has a strong robustness even if the LiDAR is missing. Code will be released at https://github.com/junjie18/CMT.

Given the increasingly intricate forms of partial differential equations (PDEs) in physics and related fields, computationally solving PDEs without analytic solutions inevitably suffers from the trade-off between accuracy and efficiency. Recent advances in neural operators, a kind of mesh-independent neural-network-based PDE solvers, have suggested the dawn of overcoming this challenge. In this emerging direction, Koopman neural operator (KNO) is a representative demonstration and outperforms other state-of-the-art alternatives in terms of accuracy and efficiency. Here we present KoopmanLab, a self-contained and user-friendly PyTorch module of the Koopman neural operator family for solving partial differential equations. Beyond the original version of KNO, we develop multiple new variants of KNO based on different neural network architectures to improve the general applicability of our module. These variants are validated by mesh-independent and long-term prediction experiments implemented on representative PDEs (e.g., the Navier-Stokes equation and the Bateman-Burgers equation) and ERA5 (i.e., one of the largest high-resolution data sets of global-scale climate fields). These demonstrations suggest the potential of KoopmanLab to be considered in diverse applications of partial differential equations.