Search Results for author:
Found 12 papers, 10 papers with code
On the Duality Between Sharpness-Aware Minimization and Adversarial Training
Instead of perturbing the samples, Sharpness-Aware Minimization (SAM) perturbs the model weights during training to find a more flat loss landscape and improve generalization.
Your Diffusion Model is Secretly a Certifiably Robust Classifier
Diffusion models are recently employed as generative classifiers for robust classification.
Precise Knowledge Transfer via Flow Matching
We name this framework Knowledge Transfer with Flow Matching (FM-KT), which can be integrated with a metric-based distillation method with any form (\textit{e. g.} vanilla KD, DKD, PKD and DIST) and a meta-encoder with any available architecture (\textit{e. g.} CNN, MLP and Transformer).
How Robust is Google's Bard to Adversarial Image Attacks?
By attacking white-box surrogate vision encoders or MLLMs, the generated adversarial examples can mislead Bard to output wrong image descriptions with a 22% success rate based solely on the transferability.
Enhancing Adversarial Attacks: The Similar Target Method
Deep neural networks are vulnerable to adversarial examples, posing a threat to the models' applications and raising security concerns.
AFN: Adaptive Fusion Normalization via an Encoder-Decoder Framework
The success of deep learning is inseparable from normalization layers.
Robust Classification via a Single Diffusion Model
Since our method does not require training on particular adversarial attacks, we demonstrate that it is more generalizable to defend against multiple unseen threats.
Ranked #2 on
Adversarial Defense
on CIFAR-10
Catch-Up Distillation: You Only Need to Train Once for Accelerating Sampling
On CIFAR-10, we obtain a FID of 2. 80 by sampling in 15 steps under one-session training and the new state-of-the-art FID of 3. 37 by sampling in one step with additional training.
Rethinking Model Ensemble in Transfer-based Adversarial Attacks
It is widely recognized that deep learning models lack robustness to adversarial examples.
Teaching What You Should Teach: A Data-Based Distillation Method
To be specific, we design a neural network-based data augmentation module with priori bias, which assists in finding what meets the teacher's strengths but the student's weaknesses, by learning magnitudes and probabilities to generate suitable data samples.
T-SEA: Transfer-based Self-Ensemble Attack on Object Detection
Then, we analogize patch optimization with regular model optimization, proposing a series of self-ensemble approaches on the input data, the attacked model, and the adversarial patch to efficiently make use of the limited information and prevent the patch from overfitting.
Bootstrap Generalization Ability from Loss Landscape Perspective
Domain generalization aims to learn a model that can generalize well on the unseen test dataset, i. e., out-of-distribution data, which has different distribution from the training dataset.
