量化监督学习模型的不确定性在制定更可靠的预测方面发挥着重要作用。认知不确定性，通常是由于对模型的知识不足，可以通过收集更多数据或精炼学习模型来减少。在过去的几年里，学者提出了许多认识的不确定性处理技术，这些技术可以大致分为两类，即贝叶斯和集合。本文对过去五年来提供了对监督学习的认识性不确定性学习技术的全面综述。因此，我们首先，将认知不确定性分解为偏见和方差术语。然后，介绍了认知不确定性学习技术以及其代表模型的分层分类。此外，提出了几种应用，例如计算机视觉（CV）和自然语言处理（NLP），然后讨论研究差距和可能的未来研究方向。

广义零射击学习（GZSL）旨在培训一个模型，以在某些输出类别在监督学习过程中未知的情况下对数据样本进行分类。为了解决这一具有挑战性的任务，GZSL利用可见的（源）和看不见的（目标）类的语义信息来弥合所见类和看不见的类之间的差距。自引入以来，已经制定了许多GZSL模型。在这篇评论论文中，我们介绍了有关GZSL的全面评论。首先，我们提供了GZSL的概述，包括问题和挑战。然后，我们为GZSL方法介绍了分层分类，并讨论了每个类别中的代表性方法。此外，我们讨论了GZSL的可用基准数据集和应用程序，以及有关研究差距和未来研究方向的讨论。

Driven by improved architectures and better representation learning frameworks, the field of visual recognition has enjoyed rapid modernization and performance boost in the early 2020s. For example, modern ConvNets, represented by ConvNeXt, have demonstrated strong performance in various scenarios. While these models were originally designed for supervised learning with ImageNet labels, they can also potentially benefit from self-supervised learning techniques such as masked autoencoders (MAE). However, we found that simply combining these two approaches leads to subpar performance. In this paper, we propose a fully convolutional masked autoencoder framework and a new Global Response Normalization (GRN) layer that can be added to the ConvNeXt architecture to enhance inter-channel feature competition. This co-design of self-supervised learning techniques and architectural improvement results in a new model family called ConvNeXt V2, which significantly improves the performance of pure ConvNets on various recognition benchmarks, including ImageNet classification, COCO detection, and ADE20K segmentation. We also provide pre-trained ConvNeXt V2 models of various sizes, ranging from an efficient 3.7M-parameter Atto model with 76.7% top-1 accuracy on ImageNet, to a 650M Huge model that achieves a state-of-the-art 88.9% accuracy using only public training data.

Imitation learning (IL) is a simple and powerful way to use high-quality human driving data, which can be collected at scale, to identify driving preferences and produce human-like behavior. However, policies based on imitation learning alone often fail to sufficiently account for safety and reliability concerns. In this paper, we show how imitation learning combined with reinforcement learning using simple rewards can substantially improve the safety and reliability of driving policies over those learned from imitation alone. In particular, we use a combination of imitation and reinforcement learning to train a policy on over 100k miles of urban driving data, and measure its effectiveness in test scenarios grouped by different levels of collision risk. To our knowledge, this is the first application of a combined imitation and reinforcement learning approach in autonomous driving that utilizes large amounts of real-world human driving data.

Backdoor attacks represent one of the major threats to machine learning models. Various efforts have been made to mitigate backdoors. However, existing defenses have become increasingly complex and often require high computational resources or may also jeopardize models' utility. In this work, we show that fine-tuning, one of the most common and easy-to-adopt machine learning training operations, can effectively remove backdoors from machine learning models while maintaining high model utility. Extensive experiments over three machine learning paradigms show that fine-tuning and our newly proposed super-fine-tuning achieve strong defense performance. Furthermore, we coin a new term, namely backdoor sequela, to measure the changes in model vulnerabilities to other attacks before and after the backdoor has been removed. Empirical evaluation shows that, compared to other defense methods, super-fine-tuning leaves limited backdoor sequela. We hope our results can help machine learning model owners better protect their models from backdoor threats. Also, it calls for the design of more advanced attacks in order to comprehensively assess machine learning models' backdoor vulnerabilities.

The dissemination of hateful memes online has adverse effects on social media platforms and the real world. Detecting hateful memes is challenging, one of the reasons being the evolutionary nature of memes; new hateful memes can emerge by fusing hateful connotations with other cultural ideas or symbols. In this paper, we propose a framework that leverages multimodal contrastive learning models, in particular OpenAI's CLIP, to identify targets of hateful content and systematically investigate the evolution of hateful memes. We find that semantic regularities exist in CLIP-generated embeddings that describe semantic relationships within the same modality (images) or across modalities (images and text). Leveraging this property, we study how hateful memes are created by combining visual elements from multiple images or fusing textual information with a hateful image. We demonstrate the capabilities of our framework for analyzing the evolution of hateful memes by focusing on antisemitic memes, particularly the Happy Merchant meme. Using our framework on a dataset extracted from 4chan, we find 3.3K variants of the Happy Merchant meme, with some linked to specific countries, persons, or organizations. We envision that our framework can be used to aid human moderators by flagging new variants of hateful memes so that moderators can manually verify them and mitigate the problem of hateful content online.

Performing 3D dense captioning and visual grounding requires a common and shared understanding of the underlying multimodal relationships. However, despite some previous attempts on connecting these two related tasks with highly task-specific neural modules, it remains understudied how to explicitly depict their shared nature to learn them simultaneously. In this work, we propose UniT3D, a simple yet effective fully unified transformer-based architecture for jointly solving 3D visual grounding and dense captioning. UniT3D enables learning a strong multimodal representation across the two tasks through a supervised joint pre-training scheme with bidirectional and seq-to-seq objectives. With a generic architecture design, UniT3D allows expanding the pre-training scope to more various training sources such as the synthesized data from 2D prior knowledge to benefit 3D vision-language tasks. Extensive experiments and analysis demonstrate that UniT3D obtains significant gains for 3D dense captioning and visual grounding.

测试时间培训通过使用自学意义的每个测试输入优化模型，可以随时适应新的测试分布。在本文中，我们将蒙版的自动编码器用于这个单样本学习问题。从经验上讲，我们的简单方法改善了许多视觉基准的概括，以进行分配变化。从理论上讲，我们根据偏见变化权衡取得的改进来表征。

依赖于并非所有输入都需要相同数量的计算来产生自信的预测的事实，多EXIT网络正在引起人们的注意，这是推动有效部署限制的重要方法。多EXIT网络赋予了具有早期退出的骨干模型，从而可以在模型的中间层获得预测，从而节省计算时间和/或能量。但是，当前的多种exit网络的各种设计仅被认为是为了实现资源使用效率和预测准确性之间的最佳权衡，从未探索过来自它们的隐私风险。这促使需要全面调查多EXIT网络中的隐私风险。在本文中，我们通过会员泄漏的镜头对多EXIT网络进行了首次隐私分析。特别是，我们首先利用现有的攻击方法来量化多exit网络对成员泄漏的脆弱性。我们的实验结果表明，多EXIT网络不太容易受到会员泄漏的影响，而在骨干模型上附加的退出（数字和深度）与攻击性能高度相关。此外，我们提出了一种混合攻击，该攻击利用退出信息以提高现有攻击的性能。我们评估了由三种不同的对手设置下的混合攻击造成的成员泄漏威胁，最终到达了无模型和无数据的对手。这些结果清楚地表明，我们的混合攻击非常广泛地适用，因此，相应的风险比现有的会员推理攻击所显示的要严重得多。我们进一步提出了一种专门针对多EXIT网络的TimeGuard的防御机制，并表明TimeGuard完美地减轻了新提出的攻击。

机器学习模型容易记住敏感数据，使它们容易受到会员推理攻击的攻击，其中对手的目的是推断是否使用输入样本来训练模型。在过去的几年中，研究人员产生了许多会员推理攻击和防御。但是，这些攻击和防御采用各种策略，并在不同的模型和数据集中进行。但是，缺乏全面的基准意味着我们不了解现有攻击和防御的优势和劣势。我们通过对不同的会员推理攻击和防御措施进行大规模测量来填补这一空白。我们通过研究九项攻击和六项防御措施来系统化成员的推断，并在整体评估中衡量不同攻击和防御的性能。然后，我们量化威胁模型对这些攻击结果的影响。我们发现，威胁模型的某些假设，例如相同架构和阴影和目标模型之间的相同分布是不必要的。我们也是第一个对从Internet收集的现实世界数据而不是实验室数据集进行攻击的人。我们进一步研究是什么决定了会员推理攻击的表现，并揭示了通常认为过度拟合水平不足以成功攻击。取而代之的是，成员和非成员样本之间的熵/横向熵的詹森 - 香农距离与攻击性能的相关性更好。这为我们提供了一种新的方法，可以在不进行攻击的情况下准确预测会员推理风险。最后，我们发现数据增强在更大程度上降低了现有攻击的性能，我们提出了使用增强作用的自适应攻击来训练阴影和攻击模型，以改善攻击性能。