Search Results for author:
Found 34 papers, 27 papers with code
Improving Adversarial Transferability on Vision Transformers via Forward Propagation Refinement
However, existing work on ViTs has restricted their surrogate refinement to backward propagation.
Revisiting Training-Inference Trigger Intensity in Backdoor Attacks
Backdoor attacks typically place a specific trigger on certain training data, such that the model makes prediction errors on inputs with that trigger during inference.
CLIP is Strong Enough to Fight Back: Test-time Counterattacks towards Zero-shot Adversarial Robustness of CLIP
Our paradigm is simple and training-free, providing the first method to defend CLIP from adversarial attacks at test time, which is orthogonal to existing methods aiming to boost zero-shot adversarial robustness of CLIP.
Improving Integrated Gradient-based Transferable Adversarial Examples by Refining the Integration Path
We propose the Multiple Monotonic Diversified Integrated Gradients (MuMoDIG) attack, which can generate highly transferable adversarial examples on different CNN and ViT models and defenses.
Nullu: Mitigating Object Hallucinations in Large Vision-Language Models via HalluSpace Projection
By orthogonalizing the model weights, input features will be projected into the Null space of the HalluSpace to reduce OH, based on which we name our method Nullu.
Can Targeted Clean-Label Poisoning Attacks Generalize?
In a common clean-label setting, they are achieved by slightly perturbing a subset of training samples given access to those specific targets.
Improving Adversarial Robustness in Android Malware Detection by Reducing the Impact of Spurious Correlations
In particular, our defense can improve adversarial robustness by up to 55% against realistic evasion attacks compared to Sec-SVM.
Unlocking Adversarial Suffix Optimization Without Affirmative Phrases: Efficient Black-box Jailbreaking via LLM as Optimizer
Moreover, ECLIPSE is on par with template-based methods in ASR while offering superior attack efficiency, reducing the average attack overhead by 83%.
A Survey of Defenses against AI-generated Visual Media: Detection, Disruption, and Authentication
Deep generative models have demonstrated impressive performance in various computer vision applications, including image synthesis, video generation, and medical analysis.
ControlLoc: Physical-World Hijacking Attack on Visual Perception in Autonomous Driving
Extensive evaluations demonstrate the superior performance of ControlLoc, achieving an impressive average attack success rate of around 98. 1% across various AD visual perceptions and datasets, which is four times greater effectiveness than the existing hijacking attack.
SlowPerception: Physical-World Latency Attack against Visual Perception in Autonomous Driving
Additionally, we conduct AD system-level impact assessments, such as vehicle collisions, using industry-grade AD systems with production-grade AD simulators with a 97% average rate.
Physical 3D Adversarial Attacks against Monocular Depth Estimation in Autonomous Driving
Deep learning-based monocular depth estimation (MDE), extensively applied in autonomous driving, is known to be vulnerable to adversarial attacks.
Adversarial Example Soups: Improving Transferability and Stealthiness for Free
Transferable adversarial examples cause practical security risks since they can mislead a target model without knowing its internal knowledge.
Collapse-Aware Triplet Decoupling for Adversarially Robust Image Retrieval
Furthermore, CA prevents the consequential model collapse, based on a novel metric, collapseness, which is incorporated into the optimization of perturbation.
Revisiting Transferable Adversarial Image Examples: Attack Categorization, Evaluation Guidelines, and New Insights
Transferable adversarial examples raise critical security concerns in real-world, black-box attack scenarios.
Prompt Backdoors in Visual Prompt Learning
Specifically, the VPPTaaS provider optimizes a visual prompt given downstream data, and downstream users can use this prompt together with the large pre-trained model for prediction.
Composite Backdoor Attacks Against Large Language Models
Such a Composite Backdoor Attack (CBA) is shown to be stealthier than implanting the same multiple trigger keys in only a single component.
Turn Fake into Real: Adversarial Head Turn Attacks Against Deepfake Detection
Although effective deepfake detectors have been proposed, they are substantially vulnerable to adversarial attacks.
Generative Watermarking Against Unauthorized Subject-Driven Image Synthesis
In particular, to help the watermark survive the subject-driven synthesis, we incorporate the synthesis process in learning GenWatermark by fine-tuning the detector with synthesized images for a specific subject.
Image Shortcut Squeezing: Countering Perturbative Availability Poisons with Compression
Perturbative availability poisons (PAPs) add small changes to images to prevent their use for model training.
Towards Good Practices in Evaluating Transfer Adversarial Attacks
In this work, we design good practices to address these limitations, and we present the first comprehensive evaluation of transfer attacks, covering 23 representative attacks against 9 defenses on ImageNet.
Generative Poisoning Using Random Discriminators
We introduce ShortcutGen, a new data poisoning attack that generates sample-dependent, error-minimizing perturbations by learning a generator.
Membership Inference Attacks by Exploiting Loss Trajectory
Machine learning models are vulnerable to membership inference attacks in which an adversary aims to predict whether or not a particular sample was contained in the target model's training dataset.
The Importance of Image Interpretation: Patterns of Semantic Misclassification in Real-World Adversarial Images
In this paper, we propose that adversarial images should be evaluated based on semantic mismatch, rather than label mismatch, as used in current work.
Level Up with ML Vulnerability Identification: Leveraging Domain Constraints in Feature Space for Robust Android Malware Detection
The primary approach to identifying vulnerable regions involves investigating realizable AEs, but generating these feasible apps poses a challenge.
Going Grayscale: The Road to Understanding and Improving Unlearnable Examples
Recent work has shown that imperceptible perturbations can be applied to craft unlearnable examples (ULEs), i. e. images whose content cannot be used to improve a classifier during training.
On Success and Simplicity: A Second Look at Transferable Targeted Attacks
In particular, we, for the first time, identify that a simple logit loss can yield competitive results with the state of the arts.
Adversarial Image Color Transformations in Explicit Color Filter Space
In particular, our color filter space is explicitly specified so that we are able to provide a systematic analysis of model robustness against adversarial color transformations, from both the attack and defense perspectives.
Profile Consistency Identification for Open-domain Dialogue Agents
Maintaining a consistent attribute profile is crucial for dialogue agents to naturally converse with humans.
Adversarial Color Enhancement: Generating Unrestricted Adversarial Images by Optimizing a Color Filter
We introduce an approach that enhances images using a color filter in order to create adversarial effects, which fool neural networks into misclassification.
Towards Large yet Imperceptible Adversarial Image Perturbations with Perceptual Color Distance
The success of image perturbations that are designed to fool image classifier is assessed in terms of both adversarial effect and visual imperceptibility.
Who's Afraid of Adversarial Queries? The Impact of Image Modifications on Content-based Image Retrieval
An adversarial query is an image that has been modified to disrupt content-based image retrieval (CBIR) while appearing nearly untouched to the human eye.
From Volcano to Toyshop: Adaptive Discriminative Region Discovery for Scene Recognition
As deep learning approaches to scene recognition emerge, they have continued to leverage discriminative regions at multiple scales, building on practices established by conventional image classification research.
