Search Results for author:
Found 41 papers, 21 papers with code
A Roadmap for Big Model
With the rapid development of deep learning, training Big Models (BMs) for multiple downstream tasks becomes a popular paradigm.
Query-Efficient Black-box Adversarial Attacks Guided by a Transfer-based Prior
However, the existing methods inevitably suffer from low attack success rates or poor query efficiency since it is difficult to estimate the gradient in a high-dimensional input space with limited information.
Controllable Evaluation and Generation of Physical Adversarial Patch on Face Recognition
It is therefore imperative to develop a framework that can enable a comprehensive evaluation of the vulnerability of face recognition in the physical world.
Unrestricted Adversarial Attacks on ImageNet Competition
Many works have investigated the adversarial attacks or defenses under the settings where a bounded and imperceptible perturbation can be added to the input.
Adversarial Attacks on ML Defense Models Competition
Due to the vulnerability of deep neural networks (DNNs) to adversarial examples, a large number of defense techniques have been proposed to alleviate this problem in recent years.
Model-Agnostic Meta-Attack: Towards Reliable Evaluation of Adversarial Robustness
The vulnerability of deep neural networks to adversarial examples has motivated an increasing number of defense strategies for promoting model robustness.
GSmooth: Certified Robustness against Semantic Transformations via Generalized Randomized Smoothing
The vulnerability of deep learning models to adversarial examples and semantic transformations has limited the applications in risk-sensitive areas.
Boosting Transferability of Targeted Adversarial Examples via Hierarchical Generative Networks
Transfer-based adversarial attacks can effectively evaluate model robustness in the black-box setting.
Improving Transferability of Adversarial Patches on Face Recognition with Generative Models
However, deep CNNs are vulnerable to adversarial patches, which are physically realizable and stealthy, raising new security concerns on the real-world applications of these models.
Accumulative Poisoning Attacks on Real-time Data
Collecting training data from untrusted sources exposes machine learning services to poisoning adversaries, who maliciously manipulate training data to degrade the model accuracy.
Exploring Memorization in Adversarial Training
In this paper, we explore the memorization effect in adversarial training (AT) for promoting a deeper understanding of model capacity, convergence, generalization, and especially robust overfitting of the adversarially trained models.
Two Coupled Rejection Metrics Can Tell Adversarial Examples Apart
Along with this routine, we find that confidence and a rectified confidence (R-Con) can form two coupled rejection metrics, which could provably distinguish wrongly classified inputs from correctly classified ones.
Automated Decision-based Adversarial Attacks
Deep learning models are vulnerable to adversarial examples, which can fool a target classifier by imposing imperceptible perturbations onto natural examples.
Black-box Detection of Backdoor Attacks with Limited Information and Data
Although deep neural networks (DNNs) have made rapid progress in recent years, they are vulnerable in adversarial environments.
Understanding and Exploring the Network with Stochastic Architectures
In this work, we decouple the training of a network with stochastic architectures (NSA) from NAS and provide a first systematical investigation on it as a stand-alone problem.
BayesAdapter: Being Bayesian, Inexpensively and Reliably, via Bayesian Fine-tuning
Despite their theoretical appealingness, Bayesian neural networks (BNNs) are left behind in real-world adoption, due to persistent concerns on their scalability, accessibility, and reliability.
Bag of Tricks for Adversarial Training
Adversarial training (AT) is one of the most effective strategies for promoting model robustness.
BayesAdapter: Being Bayesian, Inexpensively and Robustly, via Bayesian Fine-tuning
Despite their theoretical appealingness, Bayesian neural networks (BNNs) are falling far behind in terms of adoption in real-world applications compared with normal NNs, mainly due to their limited scalability in training, and low fidelity in their uncertainty estimates.
RobFR: Benchmarking Adversarial Robustness on Face Recognition
Based on large-scale evaluations, the commercial FR API services fail to exhibit acceptable performance on robustness evaluation, and we also draw several important conclusions for understanding the adversarial robustness of FR models and providing insights for the design of robust FR models.
Benchmarking Adversarial Robustness on Image Classification
Deep neural networks are vulnerable to adversarial examples, which becomes one of the most important research problems in the development of deep learning.
Towards Face Encryption by Generating Adversarial Identity Masks
As billions of personal data being shared through social media and network, the data privacy and security have drawn an increasing attention.
Boosting Adversarial Training with Hypersphere Embedding
Adversarial training (AT) is one of the most effective defenses against adversarial attacks for deep learning models.
Adversarial Distributional Training for Robust Deep Learning
Adversarial training (AT) is among the most effective techniques to improve model robustness by augmenting training data with adversarial examples.
Benchmarking Adversarial Robustness
Deep neural networks are vulnerable to adversarial examples, which becomes one of the most important research problems in the development of deep learning.
Improving Black-box Adversarial Attacks with a Transfer-based Prior
We consider the black-box adversarial setting, where the adversary has to generate adversarial perturbations without access to the target models to compute gradients.
Rethinking Softmax Cross-Entropy Loss for Adversarial Robustness
Previous work shows that adversarially robust generalization requires larger sample complexity, and the same dataset, e. g., CIFAR-10, which enables good standard accuracy may not suffice to train robust models.
Efficient Decision-based Black-box Adversarial Attacks on Face Recognition
In this paper, we evaluate the robustness of state-of-the-art face recognition models in the decision-based black-box attack setting, where the attackers have no access to the model parameters and gradients, but can only acquire hard-label predictions by sending queries to the target model.
Evading Defenses to Transferable Adversarial Examples by Translation-Invariant Attacks
In this paper, we propose a translation-invariant attack method to generate more transferable adversarial examples against the defense models.
Batch Virtual Adversarial Training for Graph Convolutional Networks
We present batch virtual adversarial training (BVAT), a novel regularization method for graph convolutional networks (GCNs).
Towards Interpretable Deep Neural Networks by Leveraging Adversarial Examples
3) We propose to improve the consistency of neurons on adversarial example subset by an adversarial training algorithm with a consistent loss.
Composite Binary Decomposition Networks
Binary neural networks have great resource and computing efficiency, while suffer from long training procedure and non-negligible accuracy drops, when comparing to the full-precision counterparts.
Learning Visual Knowledge Memory Networks for Visual Question Answering
Second is the mechanism for handling multiple knowledge facts expanding from question and answer pairs.
Adversarial Attacks and Defences Competition
To accelerate research on adversarial examples and robustness of machine learning classifiers, Google Brain organized a NIPS 2017 competition that encouraged researchers to develop new methods to generate adversarial examples as well as to develop new ways to defend against them.
Defense against Adversarial Attacks Using High-Level Representation Guided Denoiser
First, with HGD as a defense, the target model is more robust to either white-box or black-box adversarial attacks.
Boosting Adversarial Attacks with Momentum
To further improve the success rates for black-box attacks, we apply momentum iterative algorithms to an ensemble of models, and show that the adversarially trained models with a strong defense ability are also vulnerable to our black-box attacks.
Towards Interpretable Deep Neural Networks by Leveraging Adversarial Examples
We find that: (1) the neurons in DNNs do not truly detect semantic objects/parts, but respond to objects/parts only as recurrent discriminative patches; (2) deep visual representations are not robust distributed codes of visual concepts because the representations of adversarial images are largely not consistent with those of real images, although they have similar visual appearance, both of which are different from previous findings.
Learning Accurate Low-Bit Deep Neural Networks with Stochastic Quantization
This procedure can greatly compensate the quantization error and thus yield better accuracy for low-bit DNNs.
Towards Robust Detection of Adversarial Examples
Although the recent progress is substantial, deep learning methods can be vulnerable to the maliciously generated adversarial examples.
Improving Interpretability of Deep Neural Networks with Semantic Information
Interpretability of deep neural networks (DNNs) is essential since it enables users to understand the overall strengths and weaknesses of the models, conveys an understanding of how the models will behave in the future, and how to diagnose and correct potential problems.
Feature Engineering and Ensemble Modeling for Paper Acceptance Rank Prediction
Measuring research impact and ranking academic achievement are important and challenging problems.
Technical Report on the CleverHans v2.1.0 Adversarial Examples Library
An adversarial example library for constructing attacks, building defenses, and benchmarking both
