In the scenario of black-box adversarial attack, the target model's parameters are unknown, and the attacker aims to find a successful adversarial perturbation based on query feedback under a query budget. Due to the limited feedback information, existing query-based black-box attack methods often require many queries for attacking each benign example. To reduce query cost, we propose to utilize the feedback information across historical attacks, dubbed example-level adversarial transferability. Specifically, by treating the attack on each benign example as one task, we develop a meta-learning framework by training a meta-generator to produce perturbations conditioned on benign examples. When attacking a new benign example, the meta generator can be quickly fine-tuned based on the feedback information of the new task as well as a few historical attacks to produce effective perturbations. Moreover, since the meta-train procedure consumes many queries to learn a generalizable generator, we utilize model-level adversarial transferability to train the meta-generator on a white-box surrogate model, then transfer it to help the attack against the target model. The proposed framework with the two types of adversarial transferability can be naturally combined with any off-the-shelf query-based attack methods to boost their performance, which is verified by extensive experiments.

Recently, a surge of high-quality 3D-aware GANs have been proposed, which leverage the generative power of neural rendering. It is natural to associate 3D GANs with GAN inversion methods to project a real image into the generator's latent space, allowing free-view consistent synthesis and editing, referred as 3D GAN inversion. Although with the facial prior preserved in pre-trained 3D GANs, reconstructing a 3D portrait with only one monocular image is still an ill-pose problem. The straightforward application of 2D GAN inversion methods focuses on texture similarity only while ignoring the correctness of 3D geometry shapes. It may raise geometry collapse effects, especially when reconstructing a side face under an extreme pose. Besides, the synthetic results in novel views are prone to be blurry. In this work, we propose a novel method to promote 3D GAN inversion by introducing facial symmetry prior. We design a pipeline and constraints to make full use of the pseudo auxiliary view obtained via image flipping, which helps obtain a robust and reasonable geometry shape during the inversion process. To enhance texture fidelity in unobserved viewpoints, pseudo labels from depth-guided 3D warping can provide extra supervision. We design constraints aimed at filtering out conflict areas for optimization in asymmetric situations. Comprehensive quantitative and qualitative evaluations on image reconstruction and editing demonstrate the superiority of our method.

High-fidelity facial avatar reconstruction from a monocular video is a significant research problem in computer graphics and computer vision. Recently, Neural Radiance Field (NeRF) has shown impressive novel view rendering results and has been considered for facial avatar reconstruction. However, the complex facial dynamics and missing 3D information in monocular videos raise significant challenges for faithful facial reconstruction. In this work, we propose a new method for NeRF-based facial avatar reconstruction that utilizes 3D-aware generative prior. Different from existing works that depend on a conditional deformation field for dynamic modeling, we propose to learn a personalized generative prior, which is formulated as a local and low dimensional subspace in the latent space of 3D-GAN. We propose an efficient method to construct the personalized generative prior based on a small set of facial images of a given individual. After learning, it allows for photo-realistic rendering with novel views and the face reenactment can be realized by performing navigation in the latent space. Our proposed method is applicable for different driven signals, including RGB images, 3DMM coefficients, and audios. Compared with existing works, we obtain superior novel view synthesis results and faithfully face reenactment performance.

Deep neural networks are vulnerable to adversarial attacks. Ideally, a robust model shall perform well on both the perturbed training data and the unseen perturbed test data. It is found empirically that fitting perturbed training data is not hard, but generalizing to perturbed test data is quite difficult. To better understand adversarial generalization, it is of great interest to study the adversarial Rademacher complexity (ARC) of deep neural networks. However, how to bound ARC in multi-layers cases is largely unclear due to the difficulty of analyzing adversarial loss in the definition of ARC. There have been two types of attempts of ARC. One is to provide the upper bound of ARC in linear and one-hidden layer cases. However, these approaches seem hard to extend to multi-layer cases. Another is to modify the adversarial loss and provide upper bounds of Rademacher complexity on such surrogate loss in multi-layer cases. However, such variants of Rademacher complexity are not guaranteed to be bounds for meaningful robust generalization gaps (RGG). In this paper, we provide a solution to this unsolved problem. Specifically, we provide the first bound of adversarial Rademacher complexity of deep neural networks. Our approach is based on covering numbers. We provide a method to handle the robustify function classes of DNNs such that we can calculate the covering numbers. Finally, we provide experiments to study the empirical implication of our bounds and provide an analysis of poor adversarial generalization.

Image super-resolution is a common task on mobile and IoT devices, where one often needs to upscale and enhance low-resolution images and video frames. While numerous solutions have been proposed for this problem in the past, they are usually not compatible with low-power mobile NPUs having many computational and memory constraints. In this Mobile AI challenge, we address this problem and propose the participants to design an efficient quantized image super-resolution solution that can demonstrate a real-time performance on mobile NPUs. The participants were provided with the DIV2K dataset and trained INT8 models to do a high-quality 3X image upscaling. The runtime of all models was evaluated on the Synaptics VS680 Smart Home board with a dedicated edge NPU capable of accelerating quantized neural networks. All proposed solutions are fully compatible with the above NPU, demonstrating an up to 60 FPS rate when reconstructing Full HD resolution images. A detailed description of all models developed in the challenge is provided in this paper.

最近的研究表明，即使在攻击者无法访问模型信息的黑匣子场景中，基于深模型的检测器也容易受到对抗示例的影响。大多数现有的攻击方法旨在最大程度地减少真正的积极速率，这通常显示出较差的攻击性能，因为在受攻击的边界框中可以检测到另一个最佳的边界框成为新的真实积极的框架。为了解决这一挑战，我们建议最大程度地降低真实的正速率并最大化误报率，这可以鼓励更多的假阳性对象阻止新的真实正面边界框的产生。它被建模为多目标优化（MOP）问题，通用算法可以搜索帕累托最佳选择。但是，我们的任务具有超过200万个决策变量，导致搜索效率较低。因此，我们将标准的遗传算法扩展到了随机子集选择和称为GARSDC的分裂和矛盾，从而显着提高了效率。此外，为了减轻通用算法中人口质量的敏感性，我们利用具有相似骨架的不同检测器之间的可转移性产生了梯度优先人口。与最先进的攻击方法相比，GARSDC在地图中平均减少12.0，在广泛的实验中查询约1000倍。我们的代码可以在https://github.com/liangsiyuan21/ garsdc找到。

本文旨在探讨如何合成对其进行训练的现有视频脱毛模型的近距离模糊，可以很好地推广到现实世界中的模糊视频。近年来，基于深度学习的方法已在视频Deblurring任务上取得了希望的成功。但是，对现有合成数据集培训的模型仍然遭受了与现实世界中的模糊场景的概括问题。造成故障的因素仍然未知。因此，我们重新审视经典的模糊综合管道，并找出可能的原因，包括拍摄参数，模糊形成空间和图像信号处理器〜（ISP）。为了分析这些潜在因素的效果，我们首先收集一个超高帧速率（940 fps）原始视频数据集作为数据基础，以综合各种模糊。然后，我们提出了一种新颖的现实模糊合成管道，该管道通过利用模糊形成线索称为原始爆炸。通过大量实验，我们证明了在原始空间中的合成模糊并采用与现实世界测试数据相同的ISP可以有效消除合成数据的负面影响。此外，合成的模糊视频的拍摄参数，例如，曝光时间和框架速率在改善脱毛模型的性能中起着重要作用。令人印象深刻的是，与在现有合成模糊数据集中训练的训练的模型合成的模糊数据训练的模型可以获得超过5DB PSNR的增益。我们认为，新颖的现实合成管道和相应的原始视频数据集可以帮助社区轻松构建自定义的Blur数据集，以改善现实世界的视频DeBlurring性能，而不是费力地收集真实的数据对。

图像检索已成为一种越来越有吸引力的技术，具有广泛的多媒体应用前景，在该技术中，深层哈希是朝着低存储和有效检索的主要分支。在本文中，我们对深度学习中的度量学习进行了深入的研究，以在多标签场景中建立强大的度量空间，在多标签场景中，两人的损失遭受了高度计算的开销和汇聚难度，而代理损失理论上是无法表达的。深刻的标签依赖性和在构造的超球场空间中表现出冲突。为了解决这些问题，我们提出了一个新颖的度量学习框架，该框架具有混合代理损失（hyt $^2 $损失），该框架构建了具有高效训练复杂性W.R.T.的表现力度量空间。整个数据集。拟议的催眠$^2 $损失着重于通过可学习的代理和发掘无关的数据与数据相关性来优化超晶体空间，这整合了基于成对方法的足够数据对应关系以及基于代理方法的高效效率。在四个标准的多标签基准上进行的广泛实验证明，所提出的方法优于最先进的方法，在不同的哈希片中具有强大的功能，并且以更快，更稳定的收敛速度实现了显着的性能增长。我们的代码可从https://github.com/jerryxu0129/hyp2-loss获得。

作为自然语言处理领域的后起之秀，在各行各业中，问答系统（问答系统）被广泛使用。与其他方案相比，在Q＆A系统的可追溯性和解释性方面，财务方案的应用程序有很强的要求。此外，由于对人工智能技术的需求已从最初的计算智能转变为认知智能，因此这项研究主要集中于财务数值推理数据集-FinQA。在共享任务中，目标是根据包含文本和表的给定财务报告生成推理程序和最终答案。我们使用基于Deberta预训练的语言模型的方法，并采用其他优化方法，包括在此基础上进行多模型融合，训练集组合。我们最终获得了68.99的执行精度和64.53的程序精度，在2022 FinQA挑战中排名第4。

Twitter机器人检测已成为打击错误信息，促进社交媒体节制并保持在线话语的完整性的越来越重要的任务。最先进的机器人检测方法通常利用Twitter网络的图形结构，在面对传统方法无法检测到的新型Twitter机器人时，它们表现出令人鼓舞的性能。但是，现有的Twitter机器人检测数据集很少是基于图形的，即使这些基于图形的数据集也遭受有限的数据集量表，不完整的图形结构以及低注释质量。实际上，缺乏解决这些问题的大规模基于图的Twitter机器人检测基准，严重阻碍了基于图形的机器人检测方法的开发和评估。在本文中，我们提出了Twibot-22，这是一个综合基于图的Twitter机器人检测基准，它显示了迄今为止最大的数据集，在Twitter网络上提供了多元化的实体和关系，并且与现有数据集相比具有更好的注释质量。此外，我们重新实施35代表性的Twitter机器人检测基线，并在包括Twibot-22在内的9个数据集上进行评估，以促进对模型性能和对研究进度的整体了解的公平比较。为了促进进一步的研究，我们将所有实施的代码和数据集巩固到Twibot-22评估框架中，研究人员可以在其中始终如一地评估新的模型和数据集。 Twibot-22 Twitter机器人检测基准和评估框架可在https://twibot22.github.io/上公开获得。