A major direction in differentially private machine learning is differentially private fine-tuning: pretraining a model on a source of "public data" and transferring the extracted features to downstream tasks. This is an important setting because many industry deployments fine-tune publicly available feature extractors on proprietary data for downstream tasks. In this paper, we use features extracted from state-of-the-art open source models to solve benchmark tasks in computer vision and natural language processing using differentially private fine-tuning. Our key insight is that by accelerating training, we can quickly drive the model parameters to regions in parameter space where the impact of noise is minimized. In doing so, we recover the same performance as non-private fine-tuning for realistic values of epsilon in [0.01, 1.0] on benchmark image classification datasets including CIFAR100.

在本文中，我们询问视觉变形金刚（VIT）是否可以作为改善机器学习模型对抗逃避攻击的对抗性鲁棒性的基础结构。尽管较早的作品集中在改善卷积神经网络上，但我们表明VIT也非常适合对抗训练以实现竞争性能。我们使用自定义的对抗训练配方实现了这一目标，该配方是在Imagenet数据集的一部分上使用严格的消融研究发现的。与卷积相比，VIT的规范培训配方建议强大的数据增强，部分是为了补偿注意力模块的视力归纳偏置。我们表明，该食谱在用于对抗训练时可实现次优性能。相比之下，我们发现省略所有重型数据增强，并添加一些额外的零件（$ \ varepsilon $ -Warmup和更大的重量衰减），从而大大提高了健壮的Vits的性能。我们表明，我们的配方在完整的Imagenet-1k上概括了不同类别的VIT体系结构和大规模模型。此外，调查了模型鲁棒性的原因，我们表明，在使用我们的食谱时，在训练过程中产生强烈的攻击更加容易，这会在测试时提高鲁棒性。最后，我们通过提出一种量化对抗性扰动的语义性质并强调其与模型的鲁棒性的相关性来进一步研究对抗训练的结果。总体而言，我们建议社区应避免将VIT的规范培训食谱转换为在对抗培训的背景下进行强大的培训和重新思考常见的培训选择。

最近的作品表明，深度学习模型容易受到后门中毒攻击的影响，在这些攻击中，这些攻击灌输了与外部触发模式或物体（例如贴纸，太阳镜等）的虚假相关性。我们发现这种外部触发信号是不必要的，因为可以使用基于旋转的图像转换轻松插入高效的后门。我们的方法通过旋转有限数量的对象并将其标记错误来构建中毒数据集；一旦接受过培训，受害者的模型将在运行时间推理期间做出不良的预测。它表现出明显的攻击成功率，同时通过有关图像分类和对象检测任务的全面实证研究来保持清洁绩效。此外，我们评估了标准数据增强技术和针对我们的攻击的四种不同的后门防御措施，发现它们都无法作为一致的缓解方法。正如我们在图像分类和对象检测应用程序中所示，我们的攻击只能在现实世界中轻松部署在现实世界中。总体而言，我们的工作突出了一个新的，简单的，物理上可实现的，高效的矢量，用于后门攻击。我们的视频演示可在https://youtu.be/6jif8wnx34m上找到。

代表学习，即对下游应用有用的表示形式的产生，是一项基本重要性的任务，它是深层神经网络（DNNS）成功的基础。最近，对对抗性例子的鲁棒性已成为DNNS的理想特性，促进了解释对抗性例子的强大训练方法的发展。在本文中，我们旨在了解通过鲁棒培训所学的表示的特性与从标准的，非运动培训获得的培训的特性不同。这对于诊断稳健网络中的众多显着陷阱至关重要，例如，良性输入的性能降解，鲁棒性的概括不良以及过度拟合的增加。我们利用一组强大的工具在三个视觉数据集中被称为表示相似性指标，以获得具有不同体系结构，培训程序和对抗性约束的稳健和非稳健DNN之间的层次比较。我们的实验突出显示了迄今为止稳健表示的属性，我们认为，这是强大网络的行为差异的基础。我们发现在强大的网络的表示中缺乏专业化以及“块结构”的消失。我们还发现在强大的训练中过度拟合会在很大程度上影响更深的层。这些以及其他发现还为更好的健壮网络的设计和培训提出了前进的方向。

我们的工作重点是解决公共图像数据集中数据歧管低密度区域的样本缺陷。我们利用基于扩散过程的生成模型来合成来自低密度区域的新图像。我们观察到来自扩散模型的均匀采样主要是来自数据歧管高密度区域的样品。因此，我们修改采样过程以将其引导到低密度区域，同时保持合成数据的保真度。我们严格地证明我们的过程成功地生成了来自低密度区域的新型高保真样品。我们进一步检查了生成的样品，并表明该模型不会记住低密度数据，并且确实学会了从低密度区域生成新样本。

作为研究界，我们仍然缺乏对对抗性稳健性的进展的系统理解，这通常使得难以识别训练强大模型中最有前途的想法。基准稳健性的关键挑战是，其评估往往是出错的导致鲁棒性高估。我们的目标是建立对抗性稳健性的标准化基准，尽可能准确地反映出考虑在合理的计算预算范围内所考虑的模型的稳健性。为此，我们首先考虑图像分类任务并在允许的型号上引入限制（可能在将来宽松）。我们评估了与AutoAtrack的对抗鲁棒性，白和黑箱攻击的集合，最近在大规模研究中显示，与原始出版物相比，改善了几乎所有稳健性评估。为防止对自动攻击进行新防御的过度适应，我们欢迎基于自适应攻击的外部评估，特别是在自动攻击稳健性潜在高估的地方。我们的排行榜，托管在https://robustbench.github.io/，包含120多个模型的评估，并旨在反映在$ \ ell_ \ infty $的一套明确的任务上的图像分类中的当前状态 - 和$ \ ell_2 $ -Threat模型和共同腐败，未来可能的扩展。此外，我们开源源是图书馆https://github.com/robustbench/robustbench，可以提供对80多个强大模型的统一访问，以方便他们的下游应用程序。最后，根据收集的模型，我们分析了稳健性对分布换档，校准，分配检测，公平性，隐私泄漏，平滑度和可转移性的影响。

Artificial Intelligence (AI) has become commonplace to solve routine everyday tasks. Because of the exponential growth in medical imaging data volume and complexity, the workload on radiologists is steadily increasing. We project that the gap between the number of imaging exams and the number of expert radiologist readers required to cover this increase will continue to expand, consequently introducing a demand for AI-based tools that improve the efficiency with which radiologists can comfortably interpret these exams. AI has been shown to improve efficiency in medical-image generation, processing, and interpretation, and a variety of such AI models have been developed across research labs worldwide. However, very few of these, if any, find their way into routine clinical use, a discrepancy that reflects the divide between AI research and successful AI translation. To address the barrier to clinical deployment, we have formed MONAI Consortium, an open-source community which is building standards for AI deployment in healthcare institutions, and developing tools and infrastructure to facilitate their implementation. This report represents several years of weekly discussions and hands-on problem solving experience by groups of industry experts and clinicians in the MONAI Consortium. We identify barriers between AI-model development in research labs and subsequent clinical deployment and propose solutions. Our report provides guidance on processes which take an imaging AI model from development to clinical implementation in a healthcare institution. We discuss various AI integration points in a clinical Radiology workflow. We also present a taxonomy of Radiology AI use-cases. Through this report, we intend to educate the stakeholders in healthcare and AI (AI researchers, radiologists, imaging informaticists, and regulators) about cross-disciplinary challenges and possible solutions.

Complex and contact-rich robotic manipulation tasks, particularly those that involve multi-fingered hands and underactuated object manipulation, present a significant challenge to any control method. Methods based on reinforcement learning offer an appealing choice for such settings, as they can enable robots to learn to delicately balance contact forces and dexterously reposition objects without strong modeling assumptions. However, running reinforcement learning on real-world dexterous manipulation systems often requires significant manual engineering. This negates the benefits of autonomous data collection and ease of use that reinforcement learning should in principle provide. In this paper, we describe a system for vision-based dexterous manipulation that provides a "programming-free" approach for users to define new tasks and enable robots with complex multi-fingered hands to learn to perform them through interaction. The core principle underlying our system is that, in a vision-based setting, users should be able to provide high-level intermediate supervision that circumvents challenges in teleoperation or kinesthetic teaching which allow a robot to not only learn a task efficiently but also to autonomously practice. Our system includes a framework for users to define a final task and intermediate sub-tasks with image examples, a reinforcement learning procedure that learns the task autonomously without interventions, and experimental results with a four-finger robotic hand learning multi-stage object manipulation tasks directly in the real world, without simulation, manual modeling, or reward engineering.

We propose an approach for semantic imitation, which uses demonstrations from a source domain, e.g. human videos, to accelerate reinforcement learning (RL) in a different target domain, e.g. a robotic manipulator in a simulated kitchen. Instead of imitating low-level actions like joint velocities, our approach imitates the sequence of demonstrated semantic skills like "opening the microwave" or "turning on the stove". This allows us to transfer demonstrations across environments (e.g. real-world to simulated kitchen) and agent embodiments (e.g. bimanual human demonstration to robotic arm). We evaluate on three challenging cross-domain learning problems and match the performance of demonstration-accelerated RL approaches that require in-domain demonstrations. In a simulated kitchen environment, our approach learns long-horizon robot manipulation tasks, using less than 3 minutes of human video demonstrations from a real-world kitchen. This enables scaling robot learning via the reuse of demonstrations, e.g. collected as human videos, for learning in any number of target domains.

Developing robots that are capable of many skills and generalization to unseen scenarios requires progress on two fronts: efficient collection of large and diverse datasets, and training of high-capacity policies on the collected data. While large datasets have propelled progress in other fields like computer vision and natural language processing, collecting data of comparable scale is particularly challenging for physical systems like robotics. In this work, we propose a framework to bridge this gap and better scale up robot learning, under the lens of multi-task, multi-scene robot manipulation in kitchen environments. Our framework, named CACTI, has four stages that separately handle data collection, data augmentation, visual representation learning, and imitation policy training. In the CACTI framework, we highlight the benefit of adapting state-of-the-art models for image generation as part of the augmentation stage, and the significant improvement of training efficiency by using pretrained out-of-domain visual representations at the compression stage. Experimentally, we demonstrate that 1) on a real robot setup, CACTI enables efficient training of a single policy capable of 10 manipulation tasks involving kitchen objects, and robust to varying layouts of distractor objects; 2) in a simulated kitchen environment, CACTI trains a single policy on 18 semantic tasks across up to 50 layout variations per task. The simulation task benchmark and augmented datasets in both real and simulated environments will be released to facilitate future research.