Localizing anatomical landmarks are important tasks in medical image analysis. However, the landmarks to be localized often lack prominent visual features. Their locations are elusive and easily confused with the background, and thus precise localization highly depends on the context formed by their surrounding areas. In addition, the required precision is usually higher than segmentation and object detection tasks. Therefore, localization has its unique challenges different from segmentation or detection. In this paper, we propose a zoom-in attentive network (ZIAN) for anatomical landmark localization in ocular images. First, a coarse-to-fine, or "zoom-in" strategy is utilized to learn the contextualized features in different scales. Then, an attentive fusion module is adopted to aggregate multi-scale features, which consists of 1) a co-attention network with a multiple regions-of-interest (ROIs) scheme that learns complementary features from the multiple ROIs, 2) an attention-based fusion module which integrates the multi-ROIs features and non-ROI features. We evaluated ZIAN on two open challenge tasks, i.e., the fovea localization in fundus images and scleral spur localization in AS-OCT images. Experiments show that ZIAN achieves promising performances and outperforms state-of-the-art localization methods. The source code and trained models of ZIAN are available at https://github.com/leixiaofeng-astar/OMIA9-ZIAN.

Named entity recognition models (NER), are widely used for identifying named entities (e.g., individuals, locations, and other information) in text documents. Machine learning based NER models are increasingly being applied in privacy-sensitive applications that need automatic and scalable identification of sensitive information to redact text for data sharing. In this paper, we study the setting when NER models are available as a black-box service for identifying sensitive information in user documents and show that these models are vulnerable to membership inference on their training datasets. With updated pre-trained NER models from spaCy, we demonstrate two distinct membership attacks on these models. Our first attack capitalizes on unintended memorization in the NER's underlying neural network, a phenomenon NNs are known to be vulnerable to. Our second attack leverages a timing side-channel to target NER models that maintain vocabularies constructed from the training data. We show that different functional paths of words within the training dataset in contrast to words not previously seen have measurable differences in execution time. Revealing membership status of training samples has clear privacy implications, e.g., in text redaction, sensitive words or phrases to be found and removed, are at risk of being detected in the training dataset. Our experimental evaluation includes the redaction of both password and health data, presenting both security risks and privacy/regulatory issues. This is exacerbated by results that show memorization with only a single phrase. We achieved 70% AUC in our first attack on a text redaction use-case. We also show overwhelming success in the timing attack with 99.23% AUC. Finally we discuss potential mitigation approaches to realize the safe use of NER models in light of the privacy and security implications of membership inference attacks.

本文的重点是具有属性操作的图像检索问题。我们所提出的工作能够在维护其它属性时操纵查询图像的所需属性。例如，查询图像的套环属性可以从圆形到V-N颈改变，以从大型数据集中检索类似的图像。电子商务中的一个关键挑战是图像具有多个属性，用户希望操纵，并且重要的是估计每个属性的判别特征表示。所提出的fashionsearchnet-v2架构能够通过利用其弱监管的本地化模块来学习属性特定表示，该模块忽略了特征空间中属性的不相关特征，从而提高了相似度学习。网络与属性分类和三联排名损失的组合进行了联合培训，以估计本地表示。然后，基于所指的属性操纵，这些本地表示被合并成单个全局表示，其中可以通过距离度量来检索期望的图像。该方法还提供了可解释性，以帮助提供有关网络注意的额外信息。在几个数据集上执行的实验，该数据集在属性的数量方面表明FashionSearchNet-V2优于其他最先进的属性操作技术。与我们之前的工作（FashionsearchNet）不同，我们提出了几种改进了学习程序，并表明所提出的FashionsearchNet-V2可以概括为除了时尚之外的不同域。