随着深度学习模型逐渐成为时间序列预测的主要主力，因此，对抗性攻击下对预测和决策系统的潜在脆弱性已成为近年来的主要问题。尽管对单变量时间序列的预测开始研究这种行为和防御机制，但关于多变量预测的研究仍然很少，由于其在不同时间序列之间编码相关性的能力，通常是优选的。在这项工作中，我们考虑到攻击预算约束和多个时间序列之间的相关结构，研究和设计对多元概率预测模型的对抗性攻击。具体而言，我们研究了稀疏的间接攻击，该攻击仅通过攻击少数其他项目的历史来节省攻击成本，从而损害了项目（时间序列）的预测（时间序列）。为了打击这些攻击，我们还制定了两种防御策略。首先，我们采用随机平滑度到多元时间序列方案，并通过经验实验验证其有效性。其次，我们利用稀疏的攻击者来实现端到端的对抗训练，从而提供强大的概率预测者。对REAL数据集进行的广泛实验证实，与其他基线防御机制相比，我们的攻击方案具有强大的功能，并且我们的防御算法更有效。

基础模型正在成为主要的深度学习技术。由于模型参数和训练数据集的大规模，预处理基础模型始终耗时。除了计算密集型外，培训过程还非常密集和沟通密集。这些功能使得需要应用3D并行性，该平行性整合数据并行性，管道模型并行性和张量模型并行性，以实现高训练效率。为了实现这一目标，开发了一些自定义软件框架，例如Megatron-LM和DeepSpeed。但是，当前的3D平行框架仍然符合两个问题：i）它们对模型开发人员不透明，这些开发人员需要手动修改模型以并行化培训。 ii）它们对计算，GPU存储器和网络带宽的利用不足。我们提出了Merak，这是一个自动化的3D并行性深度学习培训框架，并具有高度资源利用。 Merak会自动使用自动模型分区仪部署，该分区仪在模型的代理表示上使用图形sharding算法。 Merak还提出了非侵入性的API，用于通过最小的代码修改来扩展基础模型培训。此外，我们在Merak设计了高性能的3D平行运行时引擎。它使用多种技术来利用可用的培训资源，包括移动的关键路径管道时间表，该计划带来了更高的计算利用率，阶段感知的重新计算，可利用空闲工作者的记忆以及子额定张量的模型并行性，这些模型并联与通信和计算重叠。 64 GPU的实验显示，Merak可以加快在最新的3D平行性框架上，具有1.5、2.5、8.3和20亿的模型框架，最高可达1.42x，1.39x，1.43x和1.61 x分别。

有限的GPU记忆资源阻碍了深度神经网络的进一步发展。因此，高度要求GPU内存资源的优化。通常应用交换和重新计算，以更好地利用GPU记忆。但是，作为一个新兴领域，仍然存在一些挑战：1）静态和动态方法的重新计算效率受到限制。 2）交换需要手动卸载参数，这会产生巨大的时间成本。 3）没有这种动态和细粒的方法，涉及张量与当今的张量重新组件一起交换。为了纠正上述问题，我们提出了一个名为Delta（动态张量卸载和重新组件）的新型调度程序经理。据我们所知，我们是第一个在没有用户监督的情况下进行张量交换和张量重新组合的合理的动态运行时间调度程序。在Delta中，我们提出了一种过滤器算法，以选择要从GPU内存中释放出来的最佳张量，并提出导演算法，以选择每个张量的适当动作。此外，故意考虑预取和重叠以克服交换和重新计算张量引起的时间成本。实验结果表明，DELTA不仅节省了40％-70％的GPU记忆，从而超过了最新方法，而且还获得了可比的收敛结果，并获得了可接受的时间延迟。此外，与基准相比，当训练Resnet-101训练Resnet-101时，Delta在训练Resnet-50和2.25 $ \ times $时获得2.04 $ \ times $最大批量。此外，我们实验中的交换成本和重新计算成本之间的比较表明，在张量交换和张量重新计算上制定合理的动态调度程序的重要性，这在某些相关工作中反驳了交换应该是第一个也是最好的选择。

Detecting abnormal crowd motion emerging from complex interactions of individuals is paramount to ensure the safety of crowds. Crowd-level abnormal behaviors (CABs), e.g., counter flow and crowd turbulence, are proven to be the crucial causes of many crowd disasters. In the recent decade, video anomaly detection (VAD) techniques have achieved remarkable success in detecting individual-level abnormal behaviors (e.g., sudden running, fighting and stealing), but research on VAD for CABs is rather limited. Unlike individual-level anomaly, CABs usually do not exhibit salient difference from the normal behaviors when observed locally, and the scale of CABs could vary from one scenario to another. In this paper, we present a systematic study to tackle the important problem of VAD for CABs with a novel crowd motion learning framework, multi-scale motion consistency network (MSMC-Net). MSMC-Net first captures the spatial and temporal crowd motion consistency information in a graph representation. Then, it simultaneously trains multiple feature graphs constructed at different scales to capture rich crowd patterns. An attention network is used to adaptively fuse the multi-scale features for better CAB detection. For the empirical study, we consider three large-scale crowd event datasets, UMN, Hajj and Love Parade. Experimental results show that MSMC-Net could substantially improve the state-of-the-art performance on all the datasets.

In this paper, we propose a robust 3D detector, named Cross Modal Transformer (CMT), for end-to-end 3D multi-modal detection. Without explicit view transformation, CMT takes the image and point clouds tokens as inputs and directly outputs accurate 3D bounding boxes. The spatial alignment of multi-modal tokens is performed implicitly, by encoding the 3D points into multi-modal features. The core design of CMT is quite simple while its performance is impressive. CMT obtains 73.0% NDS on nuScenes benchmark. Moreover, CMT has a strong robustness even if the LiDAR is missing. Code will be released at https://github.com/junjie18/CMT.

Dataset distillation has emerged as a prominent technique to improve data efficiency when training machine learning models. It encapsulates the knowledge from a large dataset into a smaller synthetic dataset. A model trained on this smaller distilled dataset can attain comparable performance to a model trained on the original training dataset. However, the existing dataset distillation techniques mainly aim at achieving the best trade-off between resource usage efficiency and model utility. The security risks stemming from them have not been explored. This study performs the first backdoor attack against the models trained on the data distilled by dataset distillation models in the image domain. Concretely, we inject triggers into the synthetic data during the distillation procedure rather than during the model training stage, where all previous attacks are performed. We propose two types of backdoor attacks, namely NAIVEATTACK and DOORPING. NAIVEATTACK simply adds triggers to the raw data at the initial distillation phase, while DOORPING iteratively updates the triggers during the entire distillation procedure. We conduct extensive evaluations on multiple datasets, architectures, and dataset distillation techniques. Empirical evaluation shows that NAIVEATTACK achieves decent attack success rate (ASR) scores in some cases, while DOORPING reaches higher ASR scores (close to 1.0) in all cases. Furthermore, we conduct a comprehensive ablation study to analyze the factors that may affect the attack performance. Finally, we evaluate multiple defense mechanisms against our backdoor attacks and show that our attacks can practically circumvent these defense mechanisms.

Few Shot Instance Segmentation (FSIS) requires models to detect and segment novel classes with limited several support examples. In this work, we explore a simple yet unified solution for FSIS as well as its incremental variants, and introduce a new framework named Reference Twice (RefT) to fully explore the relationship between support/query features based on a Transformer-like framework. Our key insights are two folds: Firstly, with the aid of support masks, we can generate dynamic class centers more appropriately to re-weight query features. Secondly, we find that support object queries have already encoded key factors after base training. In this way, the query features can be enhanced twice from two aspects, i.e., feature-level and instance-level. In particular, we firstly design a mask-based dynamic weighting module to enhance support features and then propose to link object queries for better calibration via cross-attention. After the above steps, the novel classes can be improved significantly over our strong baseline. Additionally, our new framework can be easily extended to incremental FSIS with minor modification. When benchmarking results on the COCO dataset for FSIS, gFSIS, and iFSIS settings, our method achieves a competitive performance compared to existing approaches across different shots, e.g., we boost nAP by noticeable +8.2/+9.4 over the current state-of-the-art FSIS method for 10/30-shot. We further demonstrate the superiority of our approach on Few Shot Object Detection. Code and model will be available.

This paper focuses on designing efficient models with low parameters and FLOPs for dense predictions. Even though CNN-based lightweight methods have achieved stunning results after years of research, trading-off model accuracy and constrained resources still need further improvements. This work rethinks the essential unity of efficient Inverted Residual Block in MobileNetv2 and effective Transformer in ViT, inductively abstracting a general concept of Meta-Mobile Block, and we argue that the specific instantiation is very important to model performance though sharing the same framework. Motivated by this phenomenon, we deduce a simple yet efficient modern \textbf{I}nverted \textbf{R}esidual \textbf{M}obile \textbf{B}lock (iRMB) for mobile applications, which absorbs CNN-like efficiency to model short-distance dependency and Transformer-like dynamic modeling capability to learn long-distance interactions. Furthermore, we design a ResNet-like 4-phase \textbf{E}fficient \textbf{MO}del (EMO) based only on a series of iRMBs for dense applications. Massive experiments on ImageNet-1K, COCO2017, and ADE20K benchmarks demonstrate the superiority of our EMO over state-of-the-art methods, \eg, our EMO-1M/2M/5M achieve 71.5, 75.1, and 78.4 Top-1 that surpass \textbf{SoTA} CNN-/Transformer-based models, while trading-off the model accuracy and efficiency well.

Benefiting from the intrinsic supervision information exploitation capability, contrastive learning has achieved promising performance in the field of deep graph clustering recently. However, we observe that two drawbacks of the positive and negative sample construction mechanisms limit the performance of existing algorithms from further improvement. 1) The quality of positive samples heavily depends on the carefully designed data augmentations, while inappropriate data augmentations would easily lead to the semantic drift and indiscriminative positive samples. 2) The constructed negative samples are not reliable for ignoring important clustering information. To solve these problems, we propose a Cluster-guided Contrastive deep Graph Clustering network (CCGC) by mining the intrinsic supervision information in the high-confidence clustering results. Specifically, instead of conducting complex node or edge perturbation, we construct two views of the graph by designing special Siamese encoders whose weights are not shared between the sibling sub-networks. Then, guided by the high-confidence clustering information, we carefully select and construct the positive samples from the same high-confidence cluster in two views. Moreover, to construct semantic meaningful negative sample pairs, we regard the centers of different high-confidence clusters as negative samples, thus improving the discriminative capability and reliability of the constructed sample pairs. Lastly, we design an objective function to pull close the samples from the same cluster while pushing away those from other clusters by maximizing and minimizing the cross-view cosine similarity between positive and negative samples. Extensive experimental results on six datasets demonstrate the effectiveness of CCGC compared with the existing state-of-the-art algorithms.

As one of the prevalent methods to achieve automation systems, Imitation Learning (IL) presents a promising performance in a wide range of domains. However, despite the considerable improvement in policy performance, the corresponding research on the explainability of IL models is still limited. Inspired by the recent approaches in explainable artificial intelligence methods, we proposed a model-agnostic explaining framework for IL models called R2RISE. R2RISE aims to explain the overall policy performance with respect to the frames in demonstrations. It iteratively retrains the black-box IL model from the randomized masked demonstrations and uses the conventional evaluation outcome environment returns as the coefficient to build an importance map. We also conducted experiments to investigate three major questions concerning frames' importance equality, the effectiveness of the importance map, and connections between importance maps from different IL models. The result shows that R2RISE successfully distinguishes important frames from the demonstrations.