Dataset distillation has emerged as a prominent technique to improve data efficiency when training machine learning models. It encapsulates the knowledge from a large dataset into a smaller synthetic dataset. A model trained on this smaller distilled dataset can attain comparable performance to a model trained on the original training dataset. However, the existing dataset distillation techniques mainly aim at achieving the best trade-off between resource usage efficiency and model utility. The security risks stemming from them have not been explored. This study performs the first backdoor attack against the models trained on the data distilled by dataset distillation models in the image domain. Concretely, we inject triggers into the synthetic data during the distillation procedure rather than during the model training stage, where all previous attacks are performed. We propose two types of backdoor attacks, namely NAIVEATTACK and DOORPING. NAIVEATTACK simply adds triggers to the raw data at the initial distillation phase, while DOORPING iteratively updates the triggers during the entire distillation procedure. We conduct extensive evaluations on multiple datasets, architectures, and dataset distillation techniques. Empirical evaluation shows that NAIVEATTACK achieves decent attack success rate (ASR) scores in some cases, while DOORPING reaches higher ASR scores (close to 1.0) in all cases. Furthermore, we conduct a comprehensive ablation study to analyze the factors that may affect the attack performance. Finally, we evaluate multiple defense mechanisms against our backdoor attacks and show that our attacks can practically circumvent these defense mechanisms.

Vision Transformers have shown great promise recently for many vision tasks due to the insightful architecture design and attention mechanism. By revisiting the self-attention responses in Transformers, we empirically observe two interesting issues. First, Vision Transformers present a queryirrelevant behavior at deep layers, where the attention maps exhibit nearly consistent contexts in global scope, regardless of the query patch position (also head-irrelevant). Second, the attention maps are intrinsically sparse, few tokens dominate the attention weights; introducing the knowledge from ConvNets would largely smooth the attention and enhance the performance. Motivated by above observations, we generalize self-attention formulation to abstract a queryirrelevant global context directly and further integrate the global context into convolutions. The resulting model, a Fully Convolutional Vision Transformer (i.e., FCViT), purely consists of convolutional layers and firmly inherits the merits of both attention mechanism and convolutions, including dynamic property, weight sharing, and short- and long-range feature modeling, etc. Experimental results demonstrate the effectiveness of FCViT. With less than 14M parameters, our FCViT-S12 outperforms related work ResT-Lite by 3.7% top1 accuracy on ImageNet-1K. When scaling FCViT to larger models, we still perform better than previous state-of-the-art ConvNeXt with even fewer parameters. FCViT-based models also demonstrate promising transferability to downstream tasks, like object detection, instance segmentation, and semantic segmentation. Codes and models are made available at: https://github.com/ma-xu/FCViT.

Large language models (LLMs) have been shown to be able to perform new tasks based on a few demonstrations or natural language instructions. While these capabilities have led to widespread adoption, most LLMs are developed by resource-rich organizations and are frequently kept from the public. As a step towards democratizing this powerful technology, we present BLOOM, a 176B-parameter open-access language model designed and built thanks to a collaboration of hundreds of researchers. BLOOM is a decoder-only Transformer language model that was trained on the ROOTS corpus, a dataset comprising hundreds of sources in 46 natural and 13 programming languages (59 in total). We find that BLOOM achieves competitive performance on a wide variety of benchmarks, with stronger results after undergoing multitask prompted finetuning. To facilitate future research and applications using LLMs, we publicly release our models and code under the Responsible AI License.

The task of Compositional Zero-Shot Learning (CZSL) is to recognize images of novel state-object compositions that are absent during the training stage. Previous methods of learning compositional embedding have shown effectiveness in closed-world CZSL. However, in Open-World CZSL (OW-CZSL), their performance tends to degrade significantly due to the large cardinality of possible compositions. Some recent works separately predict simple primitives (i.e., states and objects) to reduce cardinality. However, they consider simple primitives as independent probability distributions, ignoring the heavy dependence between states, objects, and compositions. In this paper, we model the dependence of compositions via feasibility and contextuality. Feasibility-dependence refers to the unequal feasibility relations between simple primitives, e.g., \textit{hairy} is more feasible with \textit{cat} than with \textit{building} in the real world. Contextuality-dependence represents the contextual variance in images, e.g., \textit{cat} shows diverse appearances under the state of \textit{dry} and \textit{wet}. We design Semantic Attention (SA) and generative Knowledge Disentanglement (KD) to learn the dependence of feasibility and contextuality, respectively. SA captures semantics in compositions to alleviate impossible predictions, driven by the visual similarity between simple primitives. KD disentangles images into unbiased feature representations, easing contextual bias in predictions. Moreover, we complement the current compositional probability model with feasibility and contextuality in a compatible format. Finally, we conduct comprehensive experiments to analyze and validate the superior or competitive performance of our model, Semantic Attention and knowledge Disentanglement guided Simple Primitives (SAD-SP), on three widely-used benchmark OW-CZSL datasets.

Artificial Intelligence (AI) is having a tremendous impact across most areas of science. Applications of AI in healthcare have the potential to improve our ability to detect, diagnose, prognose, and intervene on human disease. For AI models to be used clinically, they need to be made safe, reproducible and robust, and the underlying software framework must be aware of the particularities (e.g. geometry, physiology, physics) of medical data being processed. This work introduces MONAI, a freely available, community-supported, and consortium-led PyTorch-based framework for deep learning in healthcare. MONAI extends PyTorch to support medical data, with a particular focus on imaging, and provide purpose-specific AI model architectures, transformations and utilities that streamline the development and deployment of medical AI models. MONAI follows best practices for software-development, providing an easy-to-use, robust, well-documented, and well-tested software framework. MONAI preserves the simple, additive, and compositional approach of its underlying PyTorch libraries. MONAI is being used by and receiving contributions from research, clinical and industrial teams from around the world, who are pursuing applications spanning nearly every aspect of healthcare.

Spatial autocorrelation and spatial heterogeneity widely exist in spatial data, which make the traditional machine learning model perform badly. Spatial domain generalization is a spatial extension of domain generalization, which can generalize to unseen spatial domains in continuous 2D space. Specifically, it learns a model under varying data distributions that generalizes to unseen domains. Although tremendous success has been achieved in domain generalization, there exist very few works on spatial domain generalization. The advancement of this area is challenged by: 1) Difficulty in characterizing spatial heterogeneity, and 2) Difficulty in obtaining predictive models for unseen locations without training data. To address these challenges, this paper proposes a generic framework for spatial domain generalization. Specifically, We develop the spatial interpolation graph neural network that handles spatial data as a graph and learns the spatial embedding on each node and their relationships. The spatial interpolation graph neural network infers the spatial embedding of an unseen location during the test phase. Then the spatial embedding of the target location is used to decode the parameters of the downstream-task model directly on the target location. Finally, extensive experiments on thirteen real-world datasets demonstrate the proposed method's strength.

我们设计和分析了量子变压器，扩展了最先进的经典变压器神经网络体系结构，已知在自然语言处理和图像分析中表现出色。在先前用于数据加载和正交神经层的参数化量子电路的工作的基础上，我们引入了三种量子注意机制，包括基于复合矩阵的量子变压器。这些量子体系结构可以使用浅量子电路构建，并可以提供定性不同的分类模型。与最佳的经典变压器和其他经典基准相比，我们对标准医疗图像数据集进行了量子变压器的广泛模拟，这些量子变压器表现出竞争力，有时表现更好。与经典算法相对于分类图像的大小，我们的量子注意层的计算复杂性被证明是有利的。与拥有数百万参数的最佳经典方法相比，我们的量子体系结构具有数千个参数。最后，我们在超导量子计算机上实施了量子变压器，并获得了多达六个量子实验的令人鼓舞的结果。

关于神经体系结构搜索（NAS）的现有研究主要集中于有效地搜索具有更好性能的网络体系结构。几乎没有取得进展，以系统地了解NAS搜索的架构是否对隐私攻击是强大的，而丰富的工作已经表明，人类设计的架构容易受到隐私攻击。在本文中，我们填补了这一空白，并系统地衡量了NAS体系结构的隐私风险。利用我们的测量研究中的见解，我们进一步探索了基于细胞的NAS架构的细胞模式，并评估细胞模式如何影响NAS搜索架构的隐私风险。通过广泛的实验，我们阐明了如何针对隐私攻击设计强大的NAS体系结构，还提供了一种通用方法，以了解NAS搜索的体系结构与其他隐私风险之间的隐藏相关性。

经过标准的横向损失训练的深度神经网络更容易记住嘈杂的标签，从而降低了其性能。当嘈杂的标签干预时，使用互补标签的负面学习更加健壮，但模型收敛速度极慢。在本文中，我们首先引入了双向学习方案，在这种方案中，积极的学习可确保收敛速度，而负面学习则可以与标签噪声保持稳健的应对。此外，提出了一种动态样本重新加权策略，以通过利用负面学习对样本概率分布的出色歧视能力来削弱噪声标记样品的影响。此外，我们结合了自我鉴定，以进一步提高模型性能。该代码可在\ url {https://github.com/chenchenzong/bldr}中获得。

最近的研究证明，图形神经网络容易受到对抗性攻击的影响。攻击者可以仅依靠培训标签来破坏Edge扰动不可知论受害者模型的性能。研究人员观察到，基于显着性的攻击者倾向于添加边缘而不是删除它们，这是通过以下事实来解释的：添加边缘通过聚集来污染节点的特征，同时删除边缘只会导致一些信息丢失。在本文中，我们进一步证明了攻击者通过添加类间边缘来扰动图，这也表现为降低扰动图的同层。从这个角度来看，基于显着的攻击者仍然有提高能力和不可识别的空间。基于GNN的替代模型的消息传递导致通过类间边缘连接的节点的过度厚度，从而阻止了攻击者获得节点特征的独特性。为了解决此问题，我们引入了一个多跳的汇总消息传递，以保留节点之间的属性差异。此外，我们提出了一个正规化术语来限制同质方差，以增强攻击不可识别。实验验证我们提出的替代模型改善了攻击者的多功能性，正则化项有助于限制扰动图的同质性。