Detecting backdoors in pre-trained encoders

S Feng, G Tao, S Cheng, G Shen… - Proceedings of the …, 2023 - openaccess.thecvf.com
Self-supervised learning in computer vision trains on unlabeled data, such as images or
(image, text) pairs, to obtain an image encoder that learns high-quality embeddings for input …

Segment and complete: Defending object detectors against adversarial patch attacks with robust patch detection

J Liu, A Levine, CP Lau… - Proceedings of the …, 2022 - openaccess.thecvf.com
Object detection plays a key role in many security-critical systems. Adversarial patch attacks,
which are easy to implement in the physical world, pose a serious threat to state-of-the-art …

{PatchGuard}: A provably robust defense against adversarial patches via small receptive fields and masking

C Xiang, AN Bhagoji, V Sehwag, P Mittal - 30th USENIX Security …, 2021 - usenix.org
Localized adversarial patches aim to induce misclassification in machine learning models
by arbitrarily modifying pixels within a restricted region of an image. Such attacks can be …

{PatchCleanser}: Certifiably robust defense against adversarial patches for any image classifier

C Xiang, S Mahloujifar, P Mittal - 31st USENIX Security Symposium …, 2022 - usenix.org
The adversarial patch attack against image classification models aims to inject adversarially
crafted pixels within a restricted image region (ie, a patch) for inducing model …

Harnessing perceptual adversarial patches for crowd counting

S Liu, J Wang, A Liu, Y Li, Y Gao, X Liu… - Proceedings of the 2022 …, 2022 - dl.acm.org
Crowd counting, which has been widely adopted for estimating the number of people in
safety-critical scenes, is shown to be vulnerable to adversarial examples in the physical …

Detectorguard: Provably securing object detectors against localized patch hiding attacks

C Xiang, P Mittal - Proceedings of the 2021 ACM SIGSAC Conference on …, 2021 - dl.acm.org
State-of-the-art object detectors are vulnerable to localized patch hiding attacks, where an
adversary introduces a small adversarial patch to make detectors miss the detection of …

Elijah: Eliminating backdoors injected in diffusion models via distribution shift

S An, SY Chou, K Zhang, Q Xu, G Tao… - Proceedings of the …, 2024 - ojs.aaai.org
Diffusion models (DM) have become state-of-the-art generative models because of their
capability of generating high-quality images from noises without adversarial training …

Adversarial patch attacks and defences in vision-based tasks: A survey

A Sharma, Y Bian, P Munz, A Narayan - arXiv preprint arXiv:2206.08304, 2022 - arxiv.org
Adversarial attacks in deep learning models, especially for safety-critical systems, are
gaining more and more attention in recent years, due to the lack of trust in the security and …

REAP: a large-scale realistic adversarial patch benchmark

N Hingun, C Sitawarin, J Li… - Proceedings of the IEEE …, 2023 - openaccess.thecvf.com
Abstract Machine learning models are known to be susceptible to adversarial perturbation.
One famous attack is the adversarial patch, a particularly crafted sticker that makes the …

Patchguard++: Efficient provable attack detection against adversarial patches

C Xiang, P Mittal - arXiv preprint arXiv:2104.12609, 2021 - arxiv.org
An adversarial patch can arbitrarily manipulate image pixels within a restricted region to
induce model misclassification. The threat of this localized attack has gained significant …