深度神经网络（DNN）越来越多地应用于恶意软件检测中，其鲁棒性已广泛争论。传统上，对抗性示例生成方案依赖于详细的模型信息（基于梯度的方法）或许多样本来训练替代模型，在大多数情况下都无法使用。我们提出了基于实例的攻击的概念。我们的方案是可解释的，可以在黑箱环境中起作用。给定一个特定的二进制示例和恶意软件分类器，我们使用数据增强策略来生成足够的数据，我们可以从中训练一个简单的可解释模型。我们通过显示特定二进制的不同部分的重量来解释检测模型。通过分析解释，我们发现数据小节在Windows PE恶意软件检测中起重要作用。我们提出了一个新函数，以保存可以应用于数据子分校的转换算法。通过采用我们提出的二进制多样化技术，我们消除了最加权零件对产生对抗性例子的影响。在某些情况下，我们的算法可以欺骗DNN，成功率接近100 \％。我们的方法的表现优于最新方法。最重要的方面是我们的方法在黑框设置中运行，并且可以通过域知识来验证结果。我们的分析模型可以帮助人们改善恶意软件探测器的鲁棒性。

基于DNN的框架插值从两个连续的帧中生成中间帧，通常取决于具有大量功能的模型体系结构，从而阻止其在具有有限资源的系统（例如移动设备）上部署。我们提出了一种用于框架插值的压缩驱动的网络设计，该设计通过稀疏性诱导优化来利用模型，以大大降低模型大小，同时达到更高的性能。具体而言，我们首先压缩了最近提出的ADACOF模型，并证明了10次压缩ADACOF的性能类似于其原始对应物，在各种超参数设置下，对使用layerwise稀疏信息作为指导的不同策略进行了全面研究。然后，我们通过引入一个多分辨率翘曲模块来增强这种压缩模型，从而提高了视觉一致性，并通过多层次的细节来提高视觉一致性。结果，我们通过原始AdaCof的四分之一获得了可观的性能增长。此外，我们的模型在各种数据集上对其他最先进的方法都表现出色。我们注意到，建议的压缩驱动框​​架是通用的，可以轻松地传输到其他基于DNN的框架插值算法中。源代码可在https://github.com/tding1/cdfi上获得。

很少的识别涉及训练图像分类器，以使用几个示例（Shot）在测试时间区分新颖概念。现有方法通常假定测试时间的射击号是事先知道的。这是不现实的，当火车和测试射击不匹配时，流行和基础方法的性能已被证明会受到影响。我们对该现象进行了系统的经验研究。与先前的工作一致，我们发现射击灵敏度在基于度量的几个学习者中广泛存在，但是与先前的工作相反，较大的神经体系结构为变化的测试拍摄提供了一定程度的内置鲁棒性。更重要的是，通过消除对样品噪声的敏感性，一种基于余弦距离的简单，以前已知但非常忽略了一类方法，可以极大地改善对射击变化的鲁​​棒性。我们为流行和最近的几个弹药分类器提供了余弦替代品，从而扩大了它们对现实环境的适用性。这些余弦模型一致地提高了射击力，超越先前的射击状态，并在一系列基准和架构上提供竞争精度，包括在非常低的射击方案中取得的显着增长。

当前的Modus Operandi在改编预训练的模型中涉及更新所有骨干参数，即，完整的微调。本文介绍了视觉及时调整（VPT），作为视觉中大规模变压器模型的全面微调的有效替代方案。VPT从最近有效地调整大型语言模型的最新进展中汲取灵感，在输入空间中仅引入了少量的可训练参数（少于模型参数），同时保持模型骨架冻结。通过对各种下游识别任务的广泛实验，我们表明VPT与其他参数有效调整协议相比获得了显着的性能增长。最重要的是，在许多情况下，VPT甚至在模型能力和培训数据量表的许多情况下都胜过全面的微调，同时降低了每任务的存储成本。

结构化修剪是一种常用的技术，用于将深神经网络（DNN）部署到资源受限的设备上。但是，现有的修剪方法通常是启发式，任务指定的，并且需要额外的微调过程。为了克服这些限制，我们提出了一个框架，将DNN压缩成纤薄的架构，具有竞争性表现，并且仅通过列车 - 一次（OTO）减少重大拖车。 OTO包含两个键：（i）我们将DNN的参数分区为零不变组，使我们能够修剪零组而不影响输出; （ii）促进零群，我们制定了结构性稀疏优化问题，提出了一种新颖的优化算法，半空间随机投影梯度（HSPG），以解决它，这优于组稀疏性探索的标准近端方法和保持可比的收敛性。为了展示OTO的有效性，我们从划痕上同时培训和压缩全模型，而无需微调推理加速和参数减少，并且在CIFAR10的VGG16实现最先进的结果，为CIFAR10和Squad的BERT为BERT竞争结果在resnet50上为想象成。源代码可在https://github.com/tianyic/only_train_once上获得。

Dataset distillation has emerged as a prominent technique to improve data efficiency when training machine learning models. It encapsulates the knowledge from a large dataset into a smaller synthetic dataset. A model trained on this smaller distilled dataset can attain comparable performance to a model trained on the original training dataset. However, the existing dataset distillation techniques mainly aim at achieving the best trade-off between resource usage efficiency and model utility. The security risks stemming from them have not been explored. This study performs the first backdoor attack against the models trained on the data distilled by dataset distillation models in the image domain. Concretely, we inject triggers into the synthetic data during the distillation procedure rather than during the model training stage, where all previous attacks are performed. We propose two types of backdoor attacks, namely NAIVEATTACK and DOORPING. NAIVEATTACK simply adds triggers to the raw data at the initial distillation phase, while DOORPING iteratively updates the triggers during the entire distillation procedure. We conduct extensive evaluations on multiple datasets, architectures, and dataset distillation techniques. Empirical evaluation shows that NAIVEATTACK achieves decent attack success rate (ASR) scores in some cases, while DOORPING reaches higher ASR scores (close to 1.0) in all cases. Furthermore, we conduct a comprehensive ablation study to analyze the factors that may affect the attack performance. Finally, we evaluate multiple defense mechanisms against our backdoor attacks and show that our attacks can practically circumvent these defense mechanisms.

Blind image quality assessment (BIQA) remains challenging due to the diversity of distortion and image content variation, which complicate the distortion patterns crossing different scales and aggravate the difficulty of the regression problem for BIQA. However, existing BIQA methods often fail to consider multi-scale distortion patterns and image content, and little research has been done on learning strategies to make the regression model produce better performance. In this paper, we propose a simple yet effective Progressive Multi-Task Image Quality Assessment (PMT-IQA) model, which contains a multi-scale feature extraction module (MS) and a progressive multi-task learning module (PMT), to help the model learn complex distortion patterns and better optimize the regression issue to align with the law of human learning process from easy to hard. To verify the effectiveness of the proposed PMT-IQA model, we conduct experiments on four widely used public datasets, and the experimental results indicate that the performance of PMT-IQA is superior to the comparison approaches, and both MS and PMT modules improve the model's performance.

The development of social media user stance detection and bot detection methods rely heavily on large-scale and high-quality benchmarks. However, in addition to low annotation quality, existing benchmarks generally have incomplete user relationships, suppressing graph-based account detection research. To address these issues, we propose a Multi-Relational Graph-Based Twitter Account Detection Benchmark (MGTAB), the first standardized graph-based benchmark for account detection. To our knowledge, MGTAB was built based on the largest original data in the field, with over 1.55 million users and 130 million tweets. MGTAB contains 10,199 expert-annotated users and 7 types of relationships, ensuring high-quality annotation and diversified relations. In MGTAB, we extracted the 20 user property features with the greatest information gain and user tweet features as the user features. In addition, we performed a thorough evaluation of MGTAB and other public datasets. Our experiments found that graph-based approaches are generally more effective than feature-based approaches and perform better when introducing multiple relations. By analyzing experiment results, we identify effective approaches for account detection and provide potential future research directions in this field. Our benchmark and standardized evaluation procedures are freely available at: https://github.com/GraphDetec/MGTAB.

Given the increasingly intricate forms of partial differential equations (PDEs) in physics and related fields, computationally solving PDEs without analytic solutions inevitably suffers from the trade-off between accuracy and efficiency. Recent advances in neural operators, a kind of mesh-independent neural-network-based PDE solvers, have suggested the dawn of overcoming this challenge. In this emerging direction, Koopman neural operator (KNO) is a representative demonstration and outperforms other state-of-the-art alternatives in terms of accuracy and efficiency. Here we present KoopmanLab, a self-contained and user-friendly PyTorch module of the Koopman neural operator family for solving partial differential equations. Beyond the original version of KNO, we develop multiple new variants of KNO based on different neural network architectures to improve the general applicability of our module. These variants are validated by mesh-independent and long-term prediction experiments implemented on representative PDEs (e.g., the Navier-Stokes equation and the Bateman-Burgers equation) and ERA5 (i.e., one of the largest high-resolution data sets of global-scale climate fields). These demonstrations suggest the potential of KoopmanLab to be considered in diverse applications of partial differential equations.

A recent study has shown a phenomenon called neural collapse in that the within-class means of features and the classifier weight vectors converge to the vertices of a simplex equiangular tight frame at the terminal phase of training for classification. In this paper, we explore the corresponding structures of the last-layer feature centers and classifiers in semantic segmentation. Based on our empirical and theoretical analysis, we point out that semantic segmentation naturally brings contextual correlation and imbalanced distribution among classes, which breaks the equiangular and maximally separated structure of neural collapse for both feature centers and classifiers. However, such a symmetric structure is beneficial to discrimination for the minor classes. To preserve these advantages, we introduce a regularizer on feature centers to encourage the network to learn features closer to the appealing structure in imbalanced semantic segmentation. Experimental results show that our method can bring significant improvements on both 2D and 3D semantic segmentation benchmarks. Moreover, our method ranks 1st and sets a new record (+6.8% mIoU) on the ScanNet200 test leaderboard. Code will be available at https://github.com/dvlab-research/Imbalanced-Learning.