对应用深神网络自动解释和分析12铅心电图（ECG）的兴趣增加了。机器学习方法的当前范例通常受到标记数据量的限制。对于临床上的数据，这种现象尤其有问题，在该数据中，根据所需的专业知识和人类努力，规模标签可能是耗时且昂贵的。此外，深度学习分类器可能容易受到对抗性例子和扰动的影响，例如在医疗，临床试验或保险索赔的背景下应用时，可能会带来灾难性的后果。在本文中，我们提出了一种受生理启发的数据增强方法，以提高性能并根据ECG信号提高心脏病检测的鲁棒性。我们通过将数据分布驱动到瓦斯坦斯坦空间中的大地测量中的其他类别来获得增强样品。为了更好地利用领域特定的知识，我们设计了一个基础指标，该指标识别基于生理确定的特征的ECG信号之间的差异。从12铅ECG信号中学习，我们的模型能够区分五种心脏条件。我们的结果表明，准确性和鲁棒性的提高，反映了我们数据增强方法的有效性。

对抗性可转移性是一种有趣的性质 - 针对一个模型制作的对抗性扰动也是对另一个模型有效的，而这些模型来自不同的模型家庭或培训过程。为了更好地保护ML系统免受对抗性攻击，提出了几个问题：对抗性转移性的充分条件是什么，以及如何绑定它？有没有办法降低对抗的转移性，以改善合奏ML模型的鲁棒性？为了回答这些问题，在这项工作中，我们首先在理论上分析和概述了模型之间的对抗性可转移的充分条件;然后提出一种实用的算法，以减少集合内基础模型之间的可转换，以提高其鲁棒性。我们的理论分析表明，只有促进基础模型梯度之间的正交性不足以确保低可转移性;与此同时，模型平滑度是控制可转移性的重要因素。我们还在某些条件下提供了对抗性可转移性的下界和上限。灵感来自我们的理论分析，我们提出了一种有效的可转让性，减少了平滑（TRS）集合培训策略，以通过实施基础模型之间的梯度正交性和模型平滑度来培训具有低可转换性的强大集成。我们对TRS进行了广泛的实验，并与6个最先进的集合基线进行比较，防止不同数据集的8个白箱攻击，表明所提出的TRS显着优于所有基线。

最近已经采取了密集的算法努力来实现复杂ML模型的认证鲁棒性快速改善。但是，当前的鲁棒性认证方法只能在有限的扰动半径下进行认证。鉴于现有的纯数据驱动的统计方法已经达到了瓶颈，因此我们建议将统计ML模型与知识（以逻辑规则表示为逻辑规则）作为使用Markov Logic Networks（MLN（MLN）（以进一步提高）的推理组件，以进一步改善总体认证的鲁棒性。这为证明这种范式的鲁棒性，尤其是推理组成部分（例如MLN）开辟了新的研究问题。作为理解这些问题的第一步，我们首先证明了证明MLN鲁棒性的计算复杂性是＃p-hard。在这种硬度结果的指导下，我们通过仔细分析不同的模型制度来得出第一个用于MLN的认证鲁棒性。最后，我们对五个数据集进行了广泛的实验，包括高维图像和自然语言文本，以及自然语言文本，以及我们表明，具有基于知识的逻辑推理的经认证的鲁棒性确实胜过了T。心。

机器学习的最新进展主要受益于大规模的可访问培训数据。但是，大规模的数据共享提出了极大的隐私问题。在这项工作中，我们提出了一种基于PAINE框架（G-PATE）的新型隐私保留数据生成模型，旨在训练可缩放的差异私有数据生成器，其保留高生成的数据实用程序。我们的方法利用生成的对抗性网来产生数据，与不同鉴别者之间的私人聚集相结合，以确保强烈的隐私保障。与现有方法相比，G-PATE显着提高了隐私预算的使用。特别是，我们用教师鉴别者的集合训练学生数据发生器，并提出一种新颖的私人梯度聚合机制，以确保对从教师鉴别者流到学生发电机的所有信息的差异隐私。另外，通过随机投影和梯度离散化，所提出的梯度聚合机制能够有效地处理高维梯度向量。从理论上讲，我们证明了G-PATE确保了数据发生器的差异隐私。经验上，我们通过广泛的实验证明了G-PAIN的优越性。我们展示了G-PATE是第一个能够在限量隐私预算下产生高数据实用程序的高维图像数据（$ \ epsilon \ LE 1 $）。我们的代码可在https://github.com/ai-secure/gate上获得。

虽然许多基于图类的聚类方法尝试在其目标中模拟静止扩散状态，但它们对使用预定义的图形的性能限制。我们认为静止扩散状态的估计可以通过神经网络梯度下降来实现。我们专门设计静止扩散状态神经估计（SDSNE）以利用共同监督学习的多视图结构图信息。我们探索如何专门为无监视的多视图学习设计一个图形神经网络，并将多个图形集成到统一的自我注意力模块中。视图共享的自我注意模块利用图形结构来学习视图 - 一致的全局图。同时，而不是在大多数无监督的学习图形神经网络中使用自动编码器，SDSNE使用具有结构信息的共同监督策略来监督模型学习。作为损失函数指导SDSNE实现静止状态的共同监督策略。在丢失和自我注意模块的帮助下，我们学习获得一个图表，其中每个连接的组件中的节点完全连接到相同的重量。几种多视图数据集的实验证明了六种聚类评估指标的SDSNE的有效性。

Dataset distillation has emerged as a prominent technique to improve data efficiency when training machine learning models. It encapsulates the knowledge from a large dataset into a smaller synthetic dataset. A model trained on this smaller distilled dataset can attain comparable performance to a model trained on the original training dataset. However, the existing dataset distillation techniques mainly aim at achieving the best trade-off between resource usage efficiency and model utility. The security risks stemming from them have not been explored. This study performs the first backdoor attack against the models trained on the data distilled by dataset distillation models in the image domain. Concretely, we inject triggers into the synthetic data during the distillation procedure rather than during the model training stage, where all previous attacks are performed. We propose two types of backdoor attacks, namely NAIVEATTACK and DOORPING. NAIVEATTACK simply adds triggers to the raw data at the initial distillation phase, while DOORPING iteratively updates the triggers during the entire distillation procedure. We conduct extensive evaluations on multiple datasets, architectures, and dataset distillation techniques. Empirical evaluation shows that NAIVEATTACK achieves decent attack success rate (ASR) scores in some cases, while DOORPING reaches higher ASR scores (close to 1.0) in all cases. Furthermore, we conduct a comprehensive ablation study to analyze the factors that may affect the attack performance. Finally, we evaluate multiple defense mechanisms against our backdoor attacks and show that our attacks can practically circumvent these defense mechanisms.

Blind image quality assessment (BIQA) remains challenging due to the diversity of distortion and image content variation, which complicate the distortion patterns crossing different scales and aggravate the difficulty of the regression problem for BIQA. However, existing BIQA methods often fail to consider multi-scale distortion patterns and image content, and little research has been done on learning strategies to make the regression model produce better performance. In this paper, we propose a simple yet effective Progressive Multi-Task Image Quality Assessment (PMT-IQA) model, which contains a multi-scale feature extraction module (MS) and a progressive multi-task learning module (PMT), to help the model learn complex distortion patterns and better optimize the regression issue to align with the law of human learning process from easy to hard. To verify the effectiveness of the proposed PMT-IQA model, we conduct experiments on four widely used public datasets, and the experimental results indicate that the performance of PMT-IQA is superior to the comparison approaches, and both MS and PMT modules improve the model's performance.

The development of social media user stance detection and bot detection methods rely heavily on large-scale and high-quality benchmarks. However, in addition to low annotation quality, existing benchmarks generally have incomplete user relationships, suppressing graph-based account detection research. To address these issues, we propose a Multi-Relational Graph-Based Twitter Account Detection Benchmark (MGTAB), the first standardized graph-based benchmark for account detection. To our knowledge, MGTAB was built based on the largest original data in the field, with over 1.55 million users and 130 million tweets. MGTAB contains 10,199 expert-annotated users and 7 types of relationships, ensuring high-quality annotation and diversified relations. In MGTAB, we extracted the 20 user property features with the greatest information gain and user tweet features as the user features. In addition, we performed a thorough evaluation of MGTAB and other public datasets. Our experiments found that graph-based approaches are generally more effective than feature-based approaches and perform better when introducing multiple relations. By analyzing experiment results, we identify effective approaches for account detection and provide potential future research directions in this field. Our benchmark and standardized evaluation procedures are freely available at: https://github.com/GraphDetec/MGTAB.

Given the increasingly intricate forms of partial differential equations (PDEs) in physics and related fields, computationally solving PDEs without analytic solutions inevitably suffers from the trade-off between accuracy and efficiency. Recent advances in neural operators, a kind of mesh-independent neural-network-based PDE solvers, have suggested the dawn of overcoming this challenge. In this emerging direction, Koopman neural operator (KNO) is a representative demonstration and outperforms other state-of-the-art alternatives in terms of accuracy and efficiency. Here we present KoopmanLab, a self-contained and user-friendly PyTorch module of the Koopman neural operator family for solving partial differential equations. Beyond the original version of KNO, we develop multiple new variants of KNO based on different neural network architectures to improve the general applicability of our module. These variants are validated by mesh-independent and long-term prediction experiments implemented on representative PDEs (e.g., the Navier-Stokes equation and the Bateman-Burgers equation) and ERA5 (i.e., one of the largest high-resolution data sets of global-scale climate fields). These demonstrations suggest the potential of KoopmanLab to be considered in diverse applications of partial differential equations.

A recent study has shown a phenomenon called neural collapse in that the within-class means of features and the classifier weight vectors converge to the vertices of a simplex equiangular tight frame at the terminal phase of training for classification. In this paper, we explore the corresponding structures of the last-layer feature centers and classifiers in semantic segmentation. Based on our empirical and theoretical analysis, we point out that semantic segmentation naturally brings contextual correlation and imbalanced distribution among classes, which breaks the equiangular and maximally separated structure of neural collapse for both feature centers and classifiers. However, such a symmetric structure is beneficial to discrimination for the minor classes. To preserve these advantages, we introduce a regularizer on feature centers to encourage the network to learn features closer to the appealing structure in imbalanced semantic segmentation. Experimental results show that our method can bring significant improvements on both 2D and 3D semantic segmentation benchmarks. Moreover, our method ranks 1st and sets a new record (+6.8% mIoU) on the ScanNet200 test leaderboard. Code will be available at https://github.com/dvlab-research/Imbalanced-Learning.