Search Results for author:
Found 45 papers, 21 papers with code
Removal and Selection: Improving RGB-Infrared Object Detection via Coarse-to-Fine Fusion
Specifically, following this perspective, we design a Redundant Spectrum Removal module to coarsely remove interfering information within each modality and a Dynamic Feature Selection module to finely select the desired features for feature fusion.
Towards Transferable Targeted 3D Adversarial Attack in the Physical World
However, the field of transferable targeted 3D adversarial attacks remains vacant.
Embodied Adversarial Attack: A Dynamic Robust Physical Attack in Autonomous Driving
As physical adversarial attacks become extensively applied in unearthing the potential risk of security-critical scenarios, especially in autonomous driving, their vulnerability to environmental changes has also been brought to light.
Improving Adversarial Robust Fairness via Anti-Bias Soft Label Distillation
In this paper, we give an in-depth analysis of the potential factors and argue that the smoothness degree of samples' soft labels for different classes (i. e., hard class or easy class) will affect the robust fairness of DNN models from both empirical observation and theoretical analysis.
Classification Committee for Active Deep Object Detection
The role of the classification committee is to select the most informative images according to their uncertainty values from the view of classification, which is expected to focus more on the discrepancy and representative of instances.
Unified Adversarial Patch for Visible-Infrared Cross-modal Attacks in the Physical World
We also demonstrate the effectiveness of our approach in physical-world scenarios under various settings, including different angles, distances, postures, and scenes for both visible and infrared sensors.
Defending Adversarial Patches via Joint Region Localizing and Inpainting
In this paper, we analyse the properties of adversarial patches, and find that: on the one hand, adversarial patches will lead to the appearance or contextual inconsistency in the target objects; on the other hand, the patch region will show abnormal changes on the high-level feature maps of the objects extracted by a backbone network.
Improving Viewpoint Robustness for Visual Recognition via Adversarial Training
Experimental results show that VIAT significantly improves the viewpoint robustness of various image classifiers based on the diversity of adversarial viewpoints generated by GMVFool.
Towards Viewpoint-Invariant Visual Recognition via Adversarial Training
Visual recognition models are not invariant to viewpoint changes in the 3D world, as different viewing directions can dramatically affect the predictions given the same object.
Unified Adversarial Patch for Cross-modal Attacks in the Physical World
To show the potential risks under such scenes, we propose a unified adversarial patch to perform cross-modal physical attacks, i. e., fooling visible and infrared object detectors at the same time via a single patch.
Structured Network Pruning by Measuring Filter-wise Interactions
Utilizing this new redundancy criterion, we propose a structured network pruning approach SNPFI (Structured Network Pruning by measuring Filter-wise Interaction).
Learning to Pan-sharpening with Memories of Spatial Details
To address this issue, in this paper we observe that the spatial details from PAN images are mainly high-frequency cues, i. e., the edges reflect the contour of input PAN images.
Mitigating the Accuracy-Robustness Trade-off via Multi-Teacher Adversarial Distillation
Adversarial training is a practical approach for improving the robustness of deep neural networks against adversarial attacks.
$\mathbf{C}^2$Former: Calibrated and Complementary Transformer for RGB-Infrared Object Detection
In $\mathrm{C}^2$Former, we design an Inter-modality Cross-Attention (ICA) module to obtain the calibrated and complementary features by learning the cross-attention relationship between the RGB and IR modality.
Boosting Adversarial Transferability with Learnable Patch-wise Masks
The proposed approach is a preprocessing method and can be integrated with existing methods to further boost the transferability.
Distributional Modeling for Location-Aware Adversarial Patches
In this paper, we propose the Distribution-Optimized Adversarial Patch (DOPatch), a novel method that optimizes a multimodal distribution of adversarial locations instead of individual ones.
DIFFender: Diffusion-Based Adversarial Defense against Patch Attacks
In this paper, we propose DIFFender, a novel defense method that leverages a text-guided diffusion model to defend against adversarial patches.
Revisiting the Trade-off between Accuracy and Robustness via Weight Distribution of Filters
Secondly, based on this observation, we propose a sample-wise dynamic network architecture named Adversarial Weight-Varied Network (AW-Net), which focuses on dealing with clean and adversarial examples with a ``divide and rule" weight strategy.
Improving Fast Adversarial Training with Prior-Guided Knowledge
This initialization is generated by using high-quality adversarial perturbations from the historical training process.
Benchmarking Robustness of 3D Object Detection to Common Corruptions in Autonomous Driving
3D object detection is an important task in autonomous driving to perceive the surroundings.
Preventing Unauthorized AI Over-Analysis by Medical Image Adversarial Watermarking
The advancement of deep learning has facilitated the integration of Artificial Intelligence (AI) into clinical practices, particularly in computer-aided diagnosis.
Benchmarking Robustness of 3D Object Detection to Common Corruptions
3D object detection is an important task in autonomous driving to perceive the surroundings.
Simultaneously Optimizing Perturbations and Positions for Black-box Adversarial Patch Attacks
Extensive experiments are conducted on the Face Recognition (FR) task, and results on four representative FR models show that our method can significantly improve the attack success rate and query efficiency.
Visually Adversarial Attacks and Defenses in the Physical World: A Survey
The current adversarial attacks in computer vision can be divided into digital attacks and physical attacks according to their different attack forms.
ViewFool: Evaluating the Robustness of Visual Recognition to Adversarial Viewpoints
Recent studies have demonstrated that visual recognition models lack robustness to distribution shift.
Translation, Scale and Rotation: Cross-Modal Alignment Meets RGB-Infrared Vehicle Detection
Then, we propose a Translation-Scale-Rotation Alignment (TSRA) module to address the problem by calibrating the feature maps from these two modalities.
Prior-Guided Adversarial Initialization for Fast Adversarial Training
Based on the observation, we propose a prior-guided FGSM initialization method to avoid overfitting after investigating several initialization strategies, improving the quality of the AEs during the whole training process.
Adversarial Attack
Adversarial Attack on Video Classification
Enhancing Transferability of Adversarial Examples with Spatial Momentum
For that, we propose a novel method named Spatial Momentum Iterative FGSM attack (SMI-FGSM), which introduces the mechanism of momentum accumulation from temporal domain to spatial domain by considering the context information from different regions within the image.
Parallel Rectangle Flip Attack: A Query-based Black-box Attack against Object Detection
Extensive experiments demonstrate that our method can effectively and efficiently attack various popular object detectors, including anchor-based and anchor-free, and generate transferable adversarial examples.
Generating Transferable Adversarial Patch by Simultaneously Optimizing its Position and Perturbations
In this paper, we propose a method to simultaneously optimize the position and perturbation to generate transferable adversarial patches, and thus obtain high attack success rates in the black-box setting.
An Effective and Robust Detector for Logo Detection
Moreover, we have applied the proposed methods to competition ACM MM2021 Robust Logo Detection that is organized by Alibaba on the Tianchi platform and won top 2 in 36489 teams.
Generate More Imperceptible Adversarial Examples for Object Detection
The existing attack methods have the following problems: 1) the training generator takes a long time and is difficult to extend to a large dataset; 2) the excessive destruction of the image features does not improve the black-box attack effect(the generated adversarial examples have poor transferability) and brings about visible perturbations.
Improving Adversarial Transferability with Gradient Refining
To improve the transferability of adversarial examples for the black-box setting, several methods have been proposed, e. g., input diversity, translation-invariant attack, and momentum-based attack.
Adversarial Sticker: A Stealthy Attack Method in the Physical World
Unlike the previous adversarial patches by designing perturbations, our method manipulates the sticker's pasting position and rotation angle on the objects to perform physical attacks.
Automated Model Compression by Jointly Applied Pruning and Quantization
In the traditional deep compression framework, iteratively performing network pruning and quantization can reduce the model size and computation cost to meet the deployment requirements.
Object Hider: Adversarial Patch Attack Against Object Detectors
Additionally, we have applied the proposed methods to competition "Adversarial Challenge on Object Detection" that is organized by Alibaba on the Tianchi platform and won top 7 in 1701 teams.
Efficient Adversarial Attacks for Visual Object Tracking
In this paper, we analyze the weakness of object trackers based on the Siamese network and then extend adversarial examples to visual object tracking.
Attention: to Better Stand on the Shoulders of Giants
In the progress of science, the previously discovered knowledge principally inspires new scientific ideas, and citation is a reasonably good reflection of this cumulative nature of scientific research.
Sparse Black-box Video Attack with Reinforcement Learning
Adversarial attacks on video recognition models have been explored recently.
Heuristic Black-box Adversarial Attacks on Video Recognition Models
To overcome this challenge, we propose a heuristic black-box attack model that generates adversarial perturbations only on the selected frames and regions.
Identifying and Resisting Adversarial Videos Using Temporal Consistency
We propose the temporal defense, which reconstructs the polluted frames with their temporally neighbor clean frames, to deal with the adversarial videos with sparse polluted frames.
ComDefend: An Efficient Image Compression Model to Defend Adversarial Examples
In other words, ComDefend can transform the adversarial image to its clean version, which is then fed to the trained classifier.
Transferable Adversarial Attacks for Image and Video Object Detection
Adversarial examples have been demonstrated to threaten many computer vision tasks including object detection.
Modeling and Predicting Popularity Dynamics via Deep Learning Attention Mechanism
Here we propose a deep learning attention mechanism to model the process through which individual items gain their popularity.
Sparse Adversarial Perturbations for Videos
Although adversarial samples of deep neural networks (DNNs) have been intensively studied on static images, their extensions in videos are never explored.
