Search Results for author:
Found 65 papers, 17 papers with code
No Query, No Access
To prevent access to the victim model, we create a shadow dataset with publicly available pre-trained models and clustering methods as a foundation for developing substitute models.
Jailbreaking the Text-to-Video Generative Models
Our approach formulates the prompt generation task as an optimization problem with three key objectives: (1) maximizing the semantic similarity between the input and generated prompts, (2) ensuring that the generated prompts can evade the safety filter of the text-to-video model, and (3) maximizing the semantic similarity between the generated videos and the original input prompts.
Natural Reflection Backdoor Attack on Vision Language Model for Autonomous Driving
Vision-Language Models (VLMs) have been integrated into autonomous driving systems to enhance reasoning capabilities through tasks such as Visual Question Answering (VQA).
T2VShield: Model-Agnostic Jailbreak Defense for Text-to-Video Models
The rapid development of generative artificial intelligence has made text to video models essential for building future multimodal world simulators.
Manipulating Multimodal Agents via Cross-Modal Prompt Injection
The emergence of multimodal large language models has redefined the agent paradigm by integrating language and vision modalities with external data sources, enabling agents to better interpret human instructions and execute increasingly complex tasks.
Less is More: Efficient Black-box Attribution via Minimal Interpretable Subset Selection
Then, efficiently ranking input sub-regions by their importance for attribution, we improve optimization efficiency through a novel bidirectional greedy search algorithm.
Lie Detector: Unified Backdoor Detection via Cross-Examination Framework
Institutions with limited data and computing resources often outsource model training to third-party providers in a semi-honest setting, assuming adherence to prescribed training protocols with pre-defined learning paradigm (e. g., supervised or semi-supervised learning).
LEDiT: Your Length-Extrapolatable Diffusion Transformer without Positional Encoding
Diffusion transformers(DiTs) struggle to generate images at resolutions higher than their training resolutions.
Adversarial Training for Multimodal Large Language Models against Jailbreak Attacks
In this paper, we present the first adversarial training (AT) paradigm tailored to defend against jailbreak attacks during the MLLM training phase.
ELBA-Bench: An Efficient Learning Backdoor Attacks Benchmark for Large Language Models
Generative large language models are crucial in natural language processing, but they are vulnerable to backdoor attacks, where subtle triggers compromise their behavior.
Reasoning-Augmented Conversation for Multi-Turn Jailbreak Attacks on Large Language Models
Multi-turn jailbreak attacks simulate real-world human interactions by engaging large language models (LLMs) in iterative dialogues, exposing critical safety vulnerabilities.
Black-Box Adversarial Attack on Vision Language Models for Autonomous Driving
We identify two key challenges for achieving effective black-box attacks in this context: the effectiveness across driving reasoning chains in AD systems and the dynamic nature of driving scenarios.
CogMorph: Cognitive Morphing Attacks for Text-to-Image Models
The development of text-to-image (T2I) generative models, that enable the creation of high-quality synthetic images from textual prompts, has opened new frontiers in creative design and content generation.
Red Pill and Blue Pill: Controllable Website Fingerprinting Defense via Dynamic Backdoor Learning
CWFD exploits backdoor vulnerabilities in neural networks to directly control the attacker's model by designing trigger patterns based on network traffic.
CopyrightShield: Spatial Similarity Guided Backdoor Defense against Copyright Infringement in Diffusion Models
The diffusion model has gained significant attention due to its remarkable data generation ability in fields such as image synthesis.
Visual Adversarial Attack on Vision-Language Models for Autonomous Driving
To this end, we propose ADvLM, the first visual adversarial attack framework specifically designed for VLMs in AD.
Interpreting Object-level Foundation Models via Visual Precision Search
Advances in multimodal pre-training have propelled object-level foundation models, such as Grounding DINO and Florence-2, in tasks like visual grounding and object detection.
NoVo: Norm Voting off Hallucinations with Attention Heads in Large Language Models
NoVo demonstrates exceptional generalization to 20 diverse datasets, with significant gains in over 90\% of them, far exceeding all current representation editing and reading methods.
Patch is Enough: Naturalistic Adversarial Patch against Vision-Language Pre-training Models
Visual language pre-training (VLP) models have demonstrated significant success across various domains, yet they remain vulnerable to adversarial attacks.
Efficient Backdoor Defense in Multimodal Contrastive Learning: A Token-Level Unlearning Method for Mitigating Threats
In this study, we propose an efficient defense mechanism against backdoor threats using a concept known as machine unlearning.
CleanerCLIP: Fine-grained Counterfactual Semantic Augmentation for Backdoor Defense in Contrastive Learning
However, in the unsupervised and semi-supervised domain, we find that when CLIP faces some complex attack techniques, the existing fine-tuning defense strategy, CleanCLIP, has some limitations on defense performance.
Towards Robust Object Detection: Identifying and Removing Backdoors via Module Inconsistency Analysis
Object detection models, widely used in security-critical applications, are vulnerable to backdoor attacks that cause targeted misclassifications when triggered by specific patterns.
Adversarial Backdoor Defense in CLIP
Observations reveal that adversarial examples and backdoor samples exhibit similarities in the feature space within the compromised models.
Module-wise Adaptive Adversarial Training for End-to-end Autonomous Driving
Recent advances in deep learning have markedly improved autonomous driving (AD) models, particularly end-to-end systems that integrate perception, prediction, and planning stages, achieving state-of-the-art performance.
Compromising Embodied Agents with Contextual Backdoor Attacks
To enable context-dependent behaviors in downstream agents, we implement a dual-modality activation strategy that controls both the generation and execution of program defects through textual and visual triggers.
GenderBias-\emph{VL}: Benchmarking Gender Bias in Vision Language Models via Counterfactual Probing
For the first time, this paper introduces the GenderBias-\emph{VL} benchmark to evaluate occupation-related gender bias in LVLMs using counterfactual visual questions under individual fairness criteria.
Revisiting Backdoor Attacks against Large Vision-Language Models from Domain Shift
Instruction tuning enhances large vision-language models (LVLMs) but increases their vulnerability to backdoor attacks due to their open design.
Jailbreak Vision Language Models via Bi-Modal Adversarial Prompt
To address this limitation, this paper introduces the Bi-Modal Adversarial Prompt Attack (BAP), which executes jailbreaks by optimizing textual and visual prompts cohesively.
LanEvil: Benchmarking the Robustness of Lane Detection to Environmental Illusions
For the first time, this paper studies the potential threats caused by these environmental illusions to LD and establishes the first comprehensive benchmark LanEvil for evaluating the robustness of LD against this natural corruption.
Correlation Matching Transformation Transformers for UHD Image Restoration
To better improve feature representation in low-resolution space, we propose to build feature transformation from the high-resolution space to the low-resolution one.
Breaking the False Sense of Security in Backdoor Defense through Re-Activation Attack
Surprisingly, we find that the original backdoors still exist in defense models derived from existing post-training defense strategies, and the backdoor existence is measured by a novel metric called backdoor existence coefficient.
Environmental Matching Attack Against Unmanned Aerial Vehicles Object Detection
To the best of our knowledge, this paper is the first to consider natural patches in the domain of UAVs.
Towards Robust Physical-world Backdoor Attacks on Lane Detection
Existing backdoor attack methods on LD exhibit limited effectiveness in dynamic real-world scenarios, primarily because they fail to consider dynamic scene factors, including changes in driving perspectives (e. g., viewpoint transformations) and environmental conditions (e. g., weather or lighting changes).
Object Detectors in the Open Environment: Challenges, Solutions, and Outlook
This paper aims to bridge this gap by conducting a comprehensive review and analysis of object detectors in open environments.
Unlearning Backdoor Threats: Enhancing Backdoor Defense in Multimodal Contrastive Learning via Local Token Unlearning
In this paper, we explore the possibility of a less-cost defense from the perspective of model unlearning, that is, whether the model can be made to quickly \textbf{u}nlearn \textbf{b}ackdoor \textbf{t}hreats (UBT) by constructing a small set of poisoned samples.
Hide in Thicket: Generating Imperceptible and Rational Adversarial Perturbations on 3D Point Clouds
We find that concealing deformation perturbations in areas insensitive to human eyes can achieve a better trade-off between imperceptibility and adversarial strength, specifically in parts of the object surface that are complex and exhibit drastic curvature changes.
VL-Trojan: Multimodal Instruction Backdoor Attacks against Autoregressive Visual Language Models
Nevertheless, the frozen visual encoder in autoregressive VLMs imposes constraints on the learning of conventional image triggers.
Semantic Mirror Jailbreak: Genetic Algorithm Based Jailbreak Prompts Against Open-source LLMs
Large Language Models (LLMs), used in creative writing, code generation, and translation, generate text based on input sequences but are vulnerable to jailbreak attacks, where crafted prompts induce harmful outputs.
Poisoned Forgery Face: Towards Backdoor Attacks on Face Forgery Detection
However, this paper introduces a novel and previously unrecognized threat in face forgery detection scenarios caused by backdoor attack.
Less is More: Fewer Interpretable Region via Submodular Subset Selection
For incorrectly predicted samples, our method achieves gains of 81. 0% and 18. 4% compared to the HSIC-Attribution algorithm in the average highest confidence and Insertion score respectively.
Ranked #1 on
Error Understanding
on CUB-200-2011
Does Few-shot Learning Suffer from Backdoor Attacks?
However, in this paper, we propose the Few-shot Learning Backdoor Attack (FLBA) to show that FSL can still be vulnerable to backdoor attacks.
Pre-trained Trojan Attacks for Visual Recognition
This paper aims to raise awareness of the potential threats associated with applying PVMs in practical scenarios.
SA-Attack: Improving Adversarial Transferability of Vision-Language Pre-training Models via Self-Augmentation
Current Visual-Language Pre-training (VLP) models are vulnerable to adversarial examples.
BadCLIP: Dual-Embedding Guided Backdoor Attack on Multimodal Contrastive Learning
This paper reveals the threats in this practical scenario that backdoor attacks can remain effective even after defenses and introduces the \emph{\toolns} attack, which is resistant to backdoor detection and model fine-tuning defenses.
Improving Adversarial Transferability by Stable Diffusion
Various techniques have emerged to enhance the transferability of adversarial attacks for the black-box scenario.
Face Encryption via Frequency-Restricted Identity-Agnostic Attacks
As for the weak black-box scenario feasibility, we obverse that representations of the average feature in multiple face recognition models are similar, thus we propose to utilize the average feature via the crawled dataset from the Internet as the target to guide the generation, which is also agnostic to identities of unknown face recognition systems; in nature, the low-frequency perturbations are more visually perceptible by the human vision system.
Isolation and Induction: Training Robust Deep Neural Networks against Model Stealing Attacks
However, these defenses are now suffering problems of high inference computational overheads and unfavorable trade-offs between benign accuracy and stealing robustness, which challenges the feasibility of deployed models in practice.
Privacy-Enhancing Face Obfuscation Guided by Semantic-Aware Attribution Maps
Within this module, we introduce a pixel importance estimation model based on Shapley value to obtain a pixel-level attribution map, and then each pixel on the attribution map is aggregated into semantic facial parts, which are used to quantify the importance of different facial parts.
Diversifying the High-level Features for better Adversarial Transferability
Incorporated into the input transformation-based attacks, DHF generates more transferable adversarial examples and outperforms the baselines with a clear margin when attacking several defense models, showing its generalization to various attacks and high effectiveness for boosting transferability.
X-Adv: Physical Adversarial Object Attacks against X-ray Prohibited Item Detection
In this paper, we take the first step toward the study of adversarial attacks targeted at X-ray prohibited item detection, and reveal the serious threats posed by such attacks in this safety-critical scenario.
Optimal Inter-area Oscillation Damping Control: A Transfer Deep Reinforcement Learning Approach with Switching Control Strategy
Wide-area damping control for inter-area oscillation (IAO) is critical to modern power systems.
Exploring the Relationship Between Architectural Design and Adversarially Robust Generalization
In particular, we comprehensively evaluated 20 most representative adversarially trained architectures on ImageNette and CIFAR-10 datasets towards multiple l_p-norm adversarial attacks.
Learning to Optimize Permutation Flow Shop Scheduling via Graph-based Imitation Learning
Compared to the state-of-the-art reinforcement learning method, our model's network parameters are reduced to only 37\% of theirs, and the solution gap of our model towards the expert solutions decreases from 6. 8\% to 1. 3\% on average.
SimpleDG: Simple Domain Generalization Baseline without Bells and Whistles
We present a simple domain generalization baseline, which wins second place in both the common context generalization track and the hybrid context generalization track respectively in NICO CHALLENGE 2022.
Exploring the Relationship between Architecture and Adversarially Robust Generalization
Inparticular, we comprehensively evaluated 20 most representative adversarially trained architectures on ImageNette and CIFAR-10 datasets towards multiple `p-norm adversarial attacks.
Exploring Inconsistent Knowledge Distillation for Object Detection with Data Augmentation
Specifically, we propose a sample-specific data augmentation to transfer the teacher model's ability in capturing distinct frequency components and suggest an adversarial feature augmentation to extract the teacher model's perceptions of non-robust features in the data.
A Large-scale Multiple-objective Method for Black-box Attack against Object Detection
Recent studies have shown that detectors based on deep models are vulnerable to adversarial examples, even in the black-box scenario where the attacker cannot access the model information.
Improving Robust Fairness via Balance Adversarial Training
Adversarial training (AT) methods are effective against adversarial attacks, yet they introduce severe disparity of accuracy and robustness between different classes, known as the robust fairness problem.
Universal Backdoor Attacks Detection via Adaptive Adversarial Probe
Most detection methods are designed to verify whether a model is infected with presumed types of backdoor attacks, yet the adversary is likely to generate diverse backdoor attacks in practice that are unforeseen to defenders, which challenge current detection strategies.
Edge YOLO: Real-Time Intelligent Object Detection System Based on Edge-Cloud Cooperation in Autonomous Vehicles
Driven by the ever-increasing requirements of autonomous vehicles, such as traffic monitoring and driving assistant, deep learning-based object detection (DL-OD) has been increasingly attractive in intelligent transportation systems.
Fast Transient Stability Prediction Using Grid-informed Temporal and Topological Embedding Deep Neural Network
Transient stability prediction is critically essential to the fast online assessment and maintaining the stable operation in power systems.
Parallel Rectangle Flip Attack: A Query-based Black-box Attack against Object Detection
Extensive experiments demonstrate that our method can effectively and efficiently attack various popular object detectors, including anchor-based and anchor-free, and generate transferable adversarial examples.
Generate More Imperceptible Adversarial Examples for Object Detection
The existing attack methods have the following problems: 1) the training generator takes a long time and is difficult to extend to a large dataset; 2) the excessive destruction of the image features does not improve the black-box attack effect(the generated adversarial examples have poor transferability) and brings about visible perturbations.
Efficient Adversarial Attacks for Visual Object Tracking
In this paper, we analyze the weakness of object trackers based on the Siamese network and then extend adversarial examples to visual object tracking.
Transferable Adversarial Attacks for Image and Video Object Detection
Adversarial examples have been demonstrated to threaten many computer vision tasks including object detection.
