The security of artificial intelligence (AI) is an important research area towards safe, reliable, and trustworthy AI systems. To accelerate the research on AI security, the Artificial Intelligence Security Competition (AISC) was organized by the Zhongguancun Laboratory, China Industrial Control Systems Cyber Emergency Response Team, Institute for Artificial Intelligence, Tsinghua University, and RealAI as part of the Zhongguancun International Frontier Technology Innovation Competition (https://www.zgc-aisc.com/en). The competition consists of three tracks, including Deepfake Security Competition, Autonomous Driving Security Competition, and Face Recognition Security Competition. This report will introduce the competition rules of these three tracks and the solutions of top-ranking teams in each track.

Transformer-based language models have become the standard approach to solving natural language processing tasks. However, industry adoption usually requires the maximum throughput to comply with certain latency constraints that prevents Transformer models from being used in production. To address this gap, model compression techniques such as quantization and pruning may be used to improve inference efficiency. However, these compression techniques require specialized software to apply and deploy at scale. In this work, we propose a new pipeline for creating and running Fast Transformer models on CPUs, utilizing hardware-aware pruning, knowledge distillation, quantization, and our own Transformer inference runtime engine with optimized kernels for sparse and quantized operators. We demonstrate the efficiency of our pipeline by creating a Fast DistilBERT model showing minimal accuracy loss on the question-answering SQuADv1.1 benchmark, and throughput results under typical production constraints and environments. Our results outperform existing state-of-the-art Neural Magic's DeepSparse runtime performance by up to 50% and up to 4.1x performance speedup over ONNX Runtime. Source code is publicly available at https://github.com/intel/intel-extension-for-transformers.

由于遮挡引起的严重观察，基于手动对象相互作用的单个基于手动对象相互作用的重建具有挑战性。本文提出了一种基于物理的方法，以更好地解决重建中的歧义。它首先提出了一个基于力的动力学模型，该模型不仅恢复了未观察到的触点，而且还解决了合理的接触力。接下来，提出了一种基于置信的幻灯片预防方案，该方案将运动学上的信心和接触力都结合在一起，共同模拟静态和滑动接触运动。定性和定量实验表明，该提出的技术在物理上可行，更准确的手动相互作用，并使用单个RGBD传感器实时估计可见的接触力。

同时传输和反射可重构的智能表面（星际摩托车）是一种有前途的被动装置，通过同时传输和反映入射信号，从而有助于全空间覆盖。作为无线通信的新范式，如何分析星际轮胎的覆盖范围和能力性能变得至关重要，但具有挑战性。为了解决星际辅助网络中的覆盖范围和容量优化（CCO）问题，提出了多目标近端策略优化（MO-PPO）算法来处理长期利益，而不是传统优化算法。为了在每个目标之间取得平衡，MO-PPO算法提供了一组最佳解决方案，以形成Pareto前部（PF），其中PF上的任何解决方案都被视为最佳结果。此外，研究了为了提高MO-PPO算法的性能，两种更新策略，即基于动作值的更新策略（AVU）和基于损失功能的更新策略（LFUS）。对于AVU，改进的点是整合覆盖范围和容量的动作值，然后更新损失函数。对于LFU，改进的点仅是为覆盖范围和容量损失函数分配动态权重，而权重在每个更新时由最小值求解器计算出来。数值结果表明，调查的更新策略在不同情况下的固定权重优化算法优于MO优化算法，其中包括不同数量的样品网格，星轮的数量，星轮中的元素数量和大小星际船。此外，星际辅助网络比没有星际轮胎的传统无线网络获得更好的性能。此外，具有相同的带宽，毫米波能够提供比低6 GHz更高的容量，但覆盖率较小。

提出了一种新型可重构智能表面辅助的多机器人网络，其中多个移动机器人通过非正交多重访问（NOMA）提供了多个移动机器人（AP）。目的是通过共同优化机器人的轨迹和NOMA解码顺序，RIS的相移系数以及AP的功率分配，从而最大化多机器人系统的整个轨迹的总和率机器人的位置和每个机器人的服务质量（QoS）。为了解决这个问题，提出了一个集成的机器学习（ML）方案，该方案结合了长期记忆（LSTM） - 自动进取的集成移动平均线（ARIMA）模型和Duel Duel Double Deep Q-network（D $^{3} $ QN）算法。对于机器人的初始和最终位置预测，LSTM-ARIMA能够克服非平稳和非线性数据序列的梯度销售问题。为了共同确定相移矩阵和机器人的轨迹，调用D $^{3} $ qn用于解决动作值高估的问题。基于提议的方案，每个机器人都基于整个轨迹的最大总和率持有全局最佳轨迹，该轨迹揭示了机器人为整个轨迹设计追求长期福利。数值结果表明：1）LSTM-ARIMA模型提供了高精度预测模型； 2）提出的d $^{3} $ qn算法可以实现快速平均收敛; 3）具有较高分辨率位的RI提供的轨迹比率比低分辨率比特更大； 4）与RIS AID的正交对应物相比，RIS-NOMA网络的网络性能卓越。

This work targets designing a principled and unified training-free framework for Neural Architecture Search (NAS), with high performance, low cost, and in-depth interpretation. NAS has been explosively studied to automate the discovery of top-performer neural networks, but suffers from heavy resource consumption and often incurs search bias due to truncated training or approximations. Recent NAS works start to explore indicators that can predict a network's performance without training. However, they either leveraged limited properties of deep networks, or the benefits of their training-free indicators are not applied to more extensive search methods. By rigorous correlation analysis, we present a unified framework to understand and accelerate NAS, by disentangling "TEG" characteristics of searched networks - Trainability, Expressivity, Generalization - all assessed in a training-free manner. The TEG indicators could be scaled up and integrated with various NAS search methods, including both supernet and single-path approaches. Extensive studies validate the effective and efficient guidance from our TEG-NAS framework, leading to both improved search accuracy and over 56% reduction in search time cost. Moreover, we visualize search trajectories on three landscapes of "TEG" characteristics, observing that while a good local minimum is easier to find on NAS-Bench-201 given its simple topology, balancing "TEG" characteristics is much harder on the DARTS search space due to its complex landscape geometry. Our code is available at https://github.com/VITA-Group/TEGNAS.

Biological systems in nature have evolved for millions of years to adapt and survive the environment. Many features they developed can be inspirational and beneficial for solving technical problems in modern industries. This leads to a specific form of design-by-analogy called bio-inspired design (BID). Although BID as a design method has been proven beneficial, the gap between biology and engineering continuously hinders designers from effectively applying the method. Therefore, we explore the recent advance of artificial intelligence (AI) for a data-driven approach to bridge the gap. This paper proposes a generative design approach based on the generative pre-trained language model (PLM) to automatically retrieve and map biological analogy and generate BID in the form of natural language. The latest generative pre-trained transformer, namely GPT-3, is used as the base PLM. Three types of design concept generators are identified and fine-tuned from the PLM according to the looseness of the problem space representation. Machine evaluators are also fine-tuned to assess the mapping relevancy between the domains within the generated BID concepts. The approach is evaluated and then employed in a real-world project of designing light-weighted flying cars during its conceptual design phase The results show our approach can generate BID concepts with good performance.

With the ever-growing model size and the limited availability of labeled training data, transfer learning has become an increasingly popular approach in many science and engineering domains. For classification problems, this work delves into the mystery of transfer learning through an intriguing phenomenon termed neural collapse (NC), where the last-layer features and classifiers of learned deep networks satisfy: (i) the within-class variability of the features collapses to zero, and (ii) the between-class feature means are maximally and equally separated. Through the lens of NC, our findings for transfer learning are the following: (i) when pre-training models, preventing intra-class variability collapse (to a certain extent) better preserves the intrinsic structures of the input data, so that it leads to better model transferability; (ii) when fine-tuning models on downstream tasks, obtaining features with more NC on downstream data results in better test accuracy on the given task. The above results not only demystify many widely used heuristics in model pre-training (e.g., data augmentation, projection head, self-supervised learning), but also leads to more efficient and principled fine-tuning method on downstream tasks that we demonstrate through extensive experimental results.

The robustness of Text-to-SQL parsers against adversarial perturbations plays a crucial role in delivering highly reliable applications. Previous studies along this line primarily focused on perturbations in the natural language question side, neglecting the variability of tables. Motivated by this, we propose the Adversarial Table Perturbation (ATP) as a new attacking paradigm to measure the robustness of Text-to-SQL models. Following this proposition, we curate ADVETA, the first robustness evaluation benchmark featuring natural and realistic ATPs. All tested state-of-the-art models experience dramatic performance drops on ADVETA, revealing models' vulnerability in real-world practices. To defend against ATP, we build a systematic adversarial training example generation framework tailored for better contextualization of tabular data. Experiments show that our approach not only brings the best robustness improvement against table-side perturbations but also substantially empowers models against NL-side perturbations. We release our benchmark and code at: https://github.com/microsoft/ContextualSP.

Label smoothing is a regularization technique widely used in supervised learning to improve the generalization of models on various tasks, such as image classification and machine translation. However, the effectiveness of label smoothing in multi-hop question answering (MHQA) has yet to be well studied. In this paper, we systematically analyze the role of label smoothing on various modules of MHQA and propose F1 smoothing, a novel label smoothing technique specifically designed for machine reading comprehension (MRC) tasks. We evaluate our method on the HotpotQA dataset and demonstrate its superiority over several strong baselines, including models that utilize complex attention mechanisms. Our results suggest that label smoothing can be effective in MHQA, but the choice of smoothing strategy can significantly affect performance.