no code implementations • 19 Sep 2020 • Ya-guan Qian, Qiqi Shao, Jia-min Wang, Xiang Lin, Yankai Guo, Zhaoquan Gu, Bin Wang, Chunming Wu
This dynamic defense can prohibit the adversary from selecting an optimal substitute model for black-box attacks.
no code implementations • 27 Oct 2019 • Ya-guan Qian, Dan-feng Ma, Bin Wang, Jun Pan, Jia-min Wang, Jian-hai Chen, Wu-jie Zhou, Jing-sheng Lei
In this paper, we propose an evasion attack on CNN classifiers in the context of License Plate Recognition (LPR), which adds predetermined perturbations to specific regions of license plate images, simulating some sort of naturally formed spots (such as sludge, etc.).