Search Results for author:
Found 41 papers, 20 papers with code
Dialogue Policies for Learning Board Games through Multimodal Communication
During policy training, we control for the simulated dialogue partner’s level of informativeness in responding to questions.
Object Detectors in the Open Environment: Challenges, Solutions, and Outlook
This paper aims to bridge this gap by conducting a comprehensive review and analysis of object detectors in open environments.
VL-Trojan: Multimodal Instruction Backdoor Attacks against Autoregressive Visual Language Models
Nevertheless, the frozen visual encoder in autoregressive VLMs imposes constraints on the learning of conventional image triggers.
Semantic Mirror Jailbreak: Genetic Algorithm Based Jailbreak Prompts Against Open-source LLMs
Large Language Models (LLMs), used in creative writing, code generation, and translation, generate text based on input sequences but are vulnerable to jailbreak attacks, where crafted prompts induce harmful outputs.
Poisoned Forgery Face: Towards Backdoor Attacks on Face Forgery Detection
However, this paper introduces a novel and previously unrecognized threat in face forgery detection scenarios caused by backdoor attack.
Pre-trained Trojan Attacks for Visual Recognition
This paper aims to raise awareness of the potential threats associated with applying PVMs in practical scenarios.
BadCLIP: Dual-Embedding Guided Backdoor Attack on Multimodal Contrastive Learning
This paper reveals the threats in this practical scenario that backdoor attacks can remain effective even after defenses and introduces the \emph{\toolns} attack, which is resistant to backdoor detection and model fine-tuning defenses.
Adversarial Examples in the Physical World: A Survey
However, current research on physical adversarial examples (PAEs) lacks a comprehensive understanding of their unique characteristics, leading to limited significance and understanding.
MIR2: Towards Provably Robust Multi-Agent Reinforcement Learning by Mutual Information Regularization
Existing max-min optimization techniques in robust MARL seek to enhance resilience by training agents against worst-case adversaries, but this becomes intractable as the number of agents grows, leading to exponentially increasing worst-case scenarios.
Face Encryption via Frequency-Restricted Identity-Agnostic Attacks
As for the weak black-box scenario feasibility, we obverse that representations of the average feature in multiple face recognition models are similar, thus we propose to utilize the average feature via the crawled dataset from the Internet as the target to guide the generation, which is also agnostic to identities of unknown face recognition systems; in nature, the low-frequency perturbations are more visually perceptible by the human vision system.
RobustMQ: Benchmarking Robustness of Quantized Models
Quantization has emerged as an essential technique for deploying deep neural networks (DNNs) on devices with limited resources.
Isolation and Induction: Training Robust Deep Neural Networks against Model Stealing Attacks
However, these defenses are now suffering problems of high inference computational overheads and unfavorable trade-offs between benign accuracy and stealing robustness, which challenges the feasibility of deployed models in practice.
SysNoise: Exploring and Benchmarking Training-Deployment System Inconsistency
Extensive studies have shown that deep learning models are vulnerable to adversarial and natural noises, yet little is known about model robustness on noises caused by different system implementations.
FAIRER: Fairness as Decision Rationale Alignment
Existing fairness regularization terms fail to achieve decision rationale alignment because they only constrain last-layer outputs while ignoring intermediate neuron alignment.
Towards Benchmarking and Assessing Visual Naturalness of Physical World Adversarial Attacks
First, to benchmark attack naturalness, we contribute the first Physical Attack Naturalness (PAN) dataset with human rating and gaze.
Latent Imitator: Generating Natural Individual Discriminatory Instances for Black-Box Fairness Testing
Machine learning (ML) systems have achieved remarkable performance across a wide area of applications.
X-Adv: Physical Adversarial Object Attacks against X-ray Prohibited Item Detection
In this paper, we take the first step toward the study of adversarial attacks targeted at X-ray prohibited item detection, and reveal the serious threats posed by such attacks in this safety-critical scenario.
Attacking Cooperative Multi-Agent Reinforcement Learning by Adversarial Minority Influence
To achieve maximum deviation in victim policies under complex agent-wise interactions, our unilateral attack aims to characterize and maximize the impact of the adversary on the victims.
Exploring the Relationship Between Architectural Design and Adversarially Robust Generalization
In particular, we comprehensively evaluated 20 most representative adversarially trained architectures on ImageNette and CIFAR-10 datasets towards multiple l_p-norm adversarial attacks.
Exploring the Relationship between Architecture and Adversarially Robust Generalization
Inparticular, we comprehensively evaluated 20 most representative adversarially trained architectures on ImageNette and CIFAR-10 datasets towards multiple `p-norm adversarial attacks.
Exploring Inconsistent Knowledge Distillation for Object Detection with Data Augmentation
Specifically, we propose a sample-specific data augmentation to transfer the teacher model's ability in capturing distinct frequency components and suggest an adversarial feature augmentation to extract the teacher model's perceptions of non-robust features in the data.
Improving Robust Fairness via Balance Adversarial Training
Adversarial training (AT) methods are effective against adversarial attacks, yet they introduce severe disparity of accuracy and robustness between different classes, known as the robust fairness problem.
Universal Backdoor Attacks Detection via Adaptive Adversarial Probe
Most detection methods are designed to verify whether a model is infected with presumed types of backdoor attacks, yet the adversary is likely to generate diverse backdoor attacks in practice that are unforeseen to defenders, which challenge current detection strategies.
Hierarchical Perceptual Noise Injection for Social Media Fingerprint Privacy Protection
The threat of fingerprint leakage from social media raises a strong desire for anonymizing shared images while maintaining image qualities, since fingerprints act as a lifelong individual biometric password.
Defensive Patches for Robust Recognition in the Physical World
For the generalization against diverse noises, we inject class-specific identifiable patterns into a confined local patch prior, so that defensive patches could preserve more recognizable features towards specific classes, leading models for better recognition under noises.
BiBERT: Accurate Fully Binarized BERT
The large pre-trained BERT has achieved remarkable performance on Natural Language Processing (NLP) tasks but is also computation and memory expensive.
Exploring Endogenous Shift for Cross-Domain Detection: A Large-Scale Benchmark and Perturbation Suppression Network
To handle the endogenous shift, we further introduce the Perturbation Suppression Network (PSN), motivated by the fact that this shift is mainly caused by two types of perturbations: category-dependent and category-independent ones.
Harnessing Perceptual Adversarial Patches for Crowd Counting
Crowd counting, which has been widely adopted for estimating the number of people in safety-critical scenes, is shown to be vulnerable to adversarial examples in the physical world (e. g., adversarial patches).
RobustART: Benchmarking Robustness on Architecture Design and Training Techniques
Thus, we propose RobustART, the first comprehensive Robustness investigation benchmark on ImageNet regarding ARchitecture design (49 human-designed off-the-shelf architectures and 1200+ networks from neural architecture search) and Training techniques (10+ techniques, e. g., data augmentation) towards diverse noises (adversarial, natural, and system noises).
ARShoe: Real-Time Augmented Reality Shoe Try-on System on Smartphones
To this concern, this work proposes a real-time augmented reality virtual shoe try-on system for smartphones, namely ARShoe.
Dual Attention Suppression Attack: Generate Adversarial Camouflage in Physical World
Deep learning models are vulnerable to adversarial examples.
Over-sampling De-occlusion Attention Network for Prohibited Items Detection in Noisy X-ray Images
The images are gathered from an airport and these prohibited items are annotated manually by professional inspectors, which can be used as a benchmark for model training and further facilitate future research.
A Comprehensive Evaluation Framework for Deep Model Robustness
To mitigate this problem, we establish a model robustness evaluation framework containing 23 comprehensive and rigorous metrics, which consider two key perspectives of adversarial learning (i. e., data and model).
Towards Defending Multiple $\ell_p$-norm Bounded Adversarial Perturbations via Gated Batch Normalization
In this paper, we observe that different $\ell_p$ bounded adversarial perturbations induce different statistical properties that can be separated and characterized by the statistics of Batch Normalization (BN).
On the Guaranteed Almost Equivalence between Imitation Learning from Observation and Demonstration
By contrast, this paper proves that LfO is almost equivalent to LfD in the deterministic robot environment, and more generally even in the robot environment with bounded randomness.
Bias-based Universal Adversarial Patch Attack for Automatic Check-out
To address the problem, this paper proposes a bias-based framework to generate class-agnostic universal adversarial patches with strong generalization ability, which exploits both the perceptual and semantic bias of models.
Spatiotemporal Attacks for Embodied Agents
Adversarial attacks are valuable for providing insights into the blind-spots of deep learning models and help improve their robustness.
Region-wise Generative Adversarial ImageInpainting for Large Missing Areas
To address these problems, we propose a generic inpainting framework capable of handling with incomplete images on both continuous and discontinuous large missing areas, in an adversarial manner.
Training Robust Deep Neural Networks via Adversarial Noise Propagation
Various adversarial defense methods have accordingly been developed to improve adversarial robustness for deep models.
Interpreting and Improving Adversarial Robustness of Deep Neural Networks with Neuron Sensitivity
In this paper, we first draw the close connection between adversarial robustness and neuron sensitivities, as sensitive neurons make the most non-trivial contributions to model predictions in the adversarial setting.
PDA: Progressive Data Augmentation for General Robustness of Deep Neural Networks
In other words, DNNs trained with PDA are able to obtain more robustness against both adversarial attacks as well as common corruptions than the recent state-of-the-art methods.
