Search Results for author:
Found 62 papers, 30 papers with code
Sparse Adversarial Attack via Perturbation Factorization
Based on this factorization, we formulate the sparse attack problem as a mixed integer programming (MIP) to jointly optimize the binary selection factors and continuous perturbation magnitudes of all pixels, with a cardinality constraint on selection factors to explicitly control the degree of sparsity.
Boosting Decision-based Black-box Adversarial Attacks with Random Sign Flip
Decision-based black-box adversarial attacks (decision-based attack) pose a severe threat to current deep neural networks, as they only need the predicted label of the target model to craft adversarial examples.
Visual Prompt Based Personalized Federated Learning
Then, the local model is trained on the input composed of raw data and a visual prompt to learn the distribution information contained in the prompt.
Adversarial Machine Learning: A Systematic Survey of Backdoor Attack, Weight Attack and Adversarial Example
Some paradigms have been recently developed to explore this adversarial phenomenon occurring at different stages of a machine learning system, such as training-time adversarial attack (i. e., backdoor attack), deployment-time adversarial attack (i. e., weight attack), and inference-time adversarial attack (i. e., adversarial example).
Generalizable Black-Box Adversarial Attack with Meta Learning
In the scenario of black-box adversarial attack, the target model's parameters are unknown, and the attacker aims to find a successful adversarial perturbation based on query feedback under a query budget.
Visually Adversarial Attacks and Defenses in the physical world: A Survey
The current adversarial attacks in computer vision can be divided into digital attacks and physical attacks according to their different attack forms.
Learning to Optimize Permutation Flow Shop Scheduling via Graph-based Imitation Learning
Compared to the state-of-the-art reinforcement learning method, our model's network parameters are reduced to only 37\% of theirs, and the solution gap of our model towards the expert solutions decreases from 6. 8\% to 1. 3\% on average.
Boosting the Transferability of Adversarial Attacks with Reverse Adversarial Perturbation
Furthermore, RAP can be naturally combined with many existing black-box attack techniques, to further boost the transferability.
Adaptive Smoothness-weighted Adversarial Training for Multiple Perturbations with Its Stability Analysis
Therefore, adversarial training for multiple perturbations (ATMP) is proposed to generalize the adversarial robustness over different perturbation types (in $\ell_1$, $\ell_2$, and $\ell_\infty$ norm-bounded perturbations).
A Large-scale Multiple-objective Method for Black-box Attack against Object Detection
Recent studies have shown that detectors based on deep models are vulnerable to adversarial examples, even in the black-box scenario where the attacker cannot access the model information.
Imperceptible and Robust Backdoor Attack in 3D Point Cloud
Existing attacks often insert some additional points into the point cloud as the trigger, or utilize a linear transformation (e. g., rotation) to construct the poisoned point cloud.
Versatile Weight Attack via Flipping Limited Bits
Utilizing the latest technique in integer programming, we equivalently reformulate this MIP problem as a continuous optimization problem, which can be effectively and efficiently solved using the alternating direction method of multipliers (ADMM) method.
Prior-Guided Adversarial Initialization for Fast Adversarial Training
Based on the observation, we propose a prior-guided FGSM initialization method to avoid overfitting after investigating several initialization strategies, improving the quality of the AEs during the whole training process.
Learning to Accelerate Approximate Methods for Solving Integer Programming via Early Fixing
Integer programming (IP) is an important and challenging problem.
BackdoorBench: A Comprehensive Benchmark of Backdoor Learning
However, we find that the evaluations of new methods are often unthorough to verify their claims and accurate performance, mainly due to the rapid development, diverse settings, and the difficulties of implementation and reproducibility.
A Survey of Trustworthy Graph Learning: Reliability, Explainability, and Privacy Protection
Deep graph learning has achieved remarkable progresses in both business and scientific areas ranging from finance and e-commerce, to drug and advanced material discovery.
LAS-AT: Adversarial Training with Learnable Attack Strategy
In this paper, we propose a novel framework for adversarial training by introducing the concept of "learnable attack strategy", dubbed LAS-AT, which learns to automatically produce attack strategies to improve the model robustness.
StyleHEAT: One-Shot High-Resolution Editable Talking Face Generation via Pre-trained StyleGAN
Our framework elevates the resolution of the synthesized talking face to 1024*1024 for the first time, even though the training dataset has a lower resolution.
Backdoor Defense via Decoupling the Training Process
Recent studies have revealed that deep neural networks (DNNs) are vulnerable to backdoor attacks, where attackers embed hidden backdoors in the DNN model by poisoning a few training samples.
Parallel Rectangle Flip Attack: A Query-based Black-box Attack against Object Detection
Extensive experiments demonstrate that our method can effectively and efficiently attack various popular object detectors, including anchor-based and anchor-free, and generate transferable adversarial examples.
Accelerating Neural Network Optimization Through an Automated Control Theory Lens
We conduct experiments both from a control theory lens through a phase locus verification and from a network training lens on several models, including CNNs, Transformers, MLPs, and on benchmark datasets.
Boosting Fast Adversarial Training with Learnable Adversarial Initialization
Adversarial training (AT) has been demonstrated to be effective in improving model robustness by leveraging adversarial examples for training.
Robust Physical-World Attacks on Face Recognition
Face recognition has been greatly facilitated by the development of deep neural networks (DNNs) and has been widely applied to many safety-critical applications.
Regional Adversarial Training for Better Robust Generalization
Adversarial training (AT) has been demonstrated as one of the most promising defense methods against various adversarial attacks.
Prototype-supervised Adversarial Network for Targeted Attack of Deep Hashing
However, deep hashing networks are vulnerable to adversarial examples, which is a practical secure problem but seldom studied in hashing-based retrieval field.
Random Noise Defense Against Query-Based Black-Box Attacks
We conduct the theoretical analysis about the effectiveness of RND against query-based black-box attacks and the corresponding adaptive attacks.
Towards Corruption-Agnostic Robust Domain Adaptation
However, due to unpredictable corruptions (e. g., noise and blur) in real data like web images, domain adaptation methods are increasingly required to be corruption robust on target domains.
Towards Open-World Text-Guided Face Image Generation and Manipulation
To be specific, we propose a brand new paradigm of text-guided image generation and manipulation based on the superior characteristics of a pretrained GAN model.
Ranked #4 on
Text-to-Image Generation
on Multi-Modal-CelebA-HQ
Probabilistic Modeling of Semantic Ambiguity for Scene Graph Generation
The ambiguity naturally leads to the issue of \emph{implicit multi-label}, motivating the need for diverse predictions.
Targeted Attack against Deep Neural Networks via Flipping Limited Weight Bits
By utilizing the latest technique in integer programming, we equivalently reformulate this BIP problem as a continuous optimization problem, which can be effectively and efficiently solved using the alternating direction method of multipliers (ADMM) method.
Effective and Efficient Vote Attack on Capsule Networks
As alternatives to CNNs, the recently proposed Capsule Networks (CapsNets) are shown to be more robust to white-box attacks than CNNs under popular attack protocols.
Meta-Attack: Class-Agnostic and Model-Agnostic Physical Adversarial Attack
To tackle these issues, we propose a class-agnostic and model-agnostic physical adversarial attack model (Meta-Attack), which is able to not only generate robust physical adversarial examples by simulating color and shape distortions, but also generalize to attacking novel images and novel DNN models by accessing a few digital and physical images.
TediGAN: Text-Guided Diverse Face Image Generation and Manipulation
In this work, we propose TediGAN, a novel framework for multi-modal image generation and manipulation with textual descriptions.
Ranked #5 on
Text-to-Image Generation
on Multi-Modal-CelebA-HQ
Dual ResGCN for Balanced Scene GraphGeneration
We propose to incorporate the prior about the co-occurrence of relation pairs into the graph to further help alleviate the class imbalance issue.
Pixel-wise Dense Detector for Image Inpainting
Recent GAN-based image inpainting approaches adopt an average strategy to discriminate the generated image and output a scalar, which inevitably lose the position information of visual artifacts.
Backdoor Attack against Speaker Verification
We also demonstrate that existing backdoor attacks cannot be directly adopted in attacking speaker verification.
Teacher-Student Competition for Unsupervised Domain Adaptation
With the supervision from source domain only in class-level, existing unsupervised domain adaptation (UDA) methods mainly learn the domain-invariant representations from a shared feature extractor, which causes the source-bias problem.
Open-sourced Dataset Protection via Backdoor Watermarking
Based on the proposed backdoor-based watermarking, we use a hypothesis test guided method for dataset verification based on the posterior probability generated by the suspicious third-party model of the benign samples and their correspondingly watermarked samples ($i. e.$, images with trigger) on the target class.
SPL-MLL: Selecting Predictable Landmarks for Multi-Label Learning
Although significant progress achieved, multi-label classification is still challenging due to the complexity of correlations among different labels.
Boosting Black-Box Attack with Partially Transferred Conditional Adversarial Distribution
This work studies black-box adversarial attacks against deep neural networks (DNNs), where the attacker can only access the query feedback returned by the attacked DNN model, while other information such as model parameters or the training datasets are unknown.
Effective and Robust Detection of Adversarial Examples via Benford-Fourier Coefficients
In this work, we study the detection of adversarial examples, based on the assumption that the output and internal responses of one DNN model for both adversarial and benign examples follow the generalized Gaussian distribution (GGD), but with different parameters (i. e., shape factor, mean, and variance).
Rethinking the Trigger of Backdoor Attack
Backdoor attack intends to inject hidden backdoor into the deep neural networks (DNNs), such that the prediction of the infected model will be maliciously changed if the hidden backdoor is activated by the attacker-defined trigger, while it performs well on benign samples.
Toward Adversarial Robustness via Semi-supervised Robust Training
In this work, we propose a novel defense method, the robust training (RT), by jointly minimizing two separated risks ($R_{stand}$ and $R_{rob}$), which is with respect to the benign example and its neighborhoods respectively.
Joint Face Completion and Super-resolution using Multi-scale Feature Relation Learning
This paper proposes a multi-scale feature graph generative adversarial network (MFG-GAN) to implement the face restoration of images in which both degradation modes coexist, and also to repair images with a single type of degradation.
Controllable Descendant Face Synthesis
Most of the existing methods train models for one-versus-one kin relation, which only consider one parent face and one child face by directly using an auto-encoder without any explicit control over the resemblance of the synthesized face to the parent face.
Hiding Faces in Plain Sight: Disrupting AI Face Synthesis with Adversarial Perturbations
Recent years have seen fast development in synthesizing realistic human faces using AI technologies.
Exact Adversarial Attack to Image Captioning via Structured Output Learning with Latent Variables
Due to the sequential dependencies among words in a caption, we formulate the generation of adversarial noises for targeted partial captions as a structured output learning problem with latent variables.
MAP Inference via L2-Sphere Linear Program Reformulation
Thus, LS-LP is equivalent to the original MAP inference problem.
Efficient Decision-based Black-box Adversarial Attacks on Face Recognition
In this paper, we evaluate the robustness of state-of-the-art face recognition models in the decision-based black-box attack setting, where the attackers have no access to the model parameters and gradients, but can only acquire hard-label predictions by sending queries to the target model.
Target-Aware Deep Tracking
Despite demonstrated successes for numerous vision tasks, the contributions of using pre-trained deep features for visual tracking are not as significant as that for object recognition.
Tencent ML-Images: A Large-Scale Multi-Label Image Database for Visual Representation Learning
In this work, we propose to train CNNs from images annotated with multiple tags, to enhance the quality of visual representation of the trained CNN model.
Learning to Compose Dynamic Tree Structures for Visual Contexts
We propose to compose dynamic tree structures that place the objects in an image into a visual context, helping visual reasoning tasks such as scene graph generation and visual Q&A.
Ranked #3 on
Panoptic Scene Graph Generation
on PSG Dataset
Bi-Real Net: Binarizing Deep Network Towards Real-Network Performance
To address the training difficulty, we propose a training algorithm using a tighter approximation to the derivative of the sign function, a magnitude-aware gradient for weight updating, a better initialization method, and a two-step scheme for training a deep network.
Bi-Real Net: Enhancing the Performance of 1-bit CNNs With Improved Representational Capability and Advanced Training Algorithm
In this work, we study the 1-bit convolutional neural networks (CNNs), of which both the weights and activations are binary.
Multi-label Learning with Missing Labels using Mixed Dependency Graphs
This work focuses on the problem of multi-label learning with missing labels (MLML), which aims to label each test instance with multiple class labels given training instances that have an incomplete/partial set of these labels.
Tagging like Humans: Diverse and Distinct Image Annotation
In D2IA, we generate a relevant and distinct tag subset, in which the tags are relevant to the image contents and semantically distinct to each other, using sequential sampling from a determinantal point process (DPP) model.
CNN in MRF: Video Object Segmentation via Inference in A CNN-Based Higher-Order Spatio-Temporal MRF
With temporal dependencies established by optical flow, the resulting MRF model combines both spatial and temporal cues for tackling video object segmentation.
Ranked #3 on
Semi-Supervised Video Object Segmentation
on YouTube
A Proximal Block Coordinate Descent Algorithm for Deep Neural Network Training
Training deep neural networks (DNNs) efficiently is a challenge due to the associated highly nonconvex optimization.
Diverse Image Annotation
To this end, we treat the image annotation as a subset selection problem based on the conditional determinantal point process (DPP) model, which formulates the representation and diversity jointly.
$\ell_p$-Box ADMM: A Versatile Framework for Integer Programming
This paper revisits the integer programming (IP) problem, which plays a fundamental role in many computer vision and machine learning applications.
ML-MG: Multi-Label Learning With Missing Labels Using a Mixed Graph
This work focuses on the problem of multi-label learning with missing labels (MLML), which aims to label each test instance with multiple class labels given training instances that have an incomplete/partial set of these labels (i. e. some of their labels are missing).
Constrained Clustering and Its Application to Face Clustering in Videos
As a result, many pairwise constraints between faces can be easily obtained from the temporal and spatial knowledge of the face tracks.
