LAS-AT: adversarial training with learnable attack strategy

X Jia, Y Zhang, B Wu, K Ma… - Proceedings of the …, 2022 - openaccess.thecvf.com
Adversarial training (AT) is always formulated as a minimax problem, of which the
performance depends on the inner optimization that involves the generation of adversarial …

Backdoor learning: A survey

Y Li, Y Jiang, Z Li, ST Xia - IEEE Transactions on Neural …, 2022 - ieeexplore.ieee.org
Backdoor attack intends to embed hidden backdoors into deep neural networks (DNNs), so
that the attacked models perform well on benign samples, whereas their predictions will be …

Adversarial unlearning of backdoors via implicit hypergradient

Y Zeng, S Chen, W Park, ZM Mao, M Jin… - arXiv preprint arXiv …, 2021 - arxiv.org
We propose a minimax formulation for removing backdoors from a given poisoned model
based on a small set of clean data. This formulation encompasses much of prior work on …

A closer look at accuracy vs. robustness

YY Yang, C Rashtchian, H Zhang… - Advances in neural …, 2020 - proceedings.neurips.cc
Current methods for training robust networks lead to a drop in test accuracy, which has led
prior works to posit that a robustness-accuracy tradeoff may be inevitable in deep learning …

Generating transferable 3d adversarial point cloud via random perturbation factorization

B He, J Liu, Y Li, S Liang, J Li, X Jia… - Proceedings of the AAAI …, 2023 - ojs.aaai.org
Recent studies have demonstrated that existing deep neural networks (DNNs) on 3D point
clouds are vulnerable to adversarial examples, especially under the white-box settings …

A survey of robust adversarial training in pattern recognition: Fundamental, theory, and methodologies

Z Qian, K Huang, QF Wang, XY Zhang - Pattern Recognition, 2022 - Elsevier
Deep neural networks have achieved remarkable success in machine learning, computer
vision, and pattern recognition in the last few decades. Recent studies, however, show that …

Sibling-attack: Rethinking transferable adversarial attacks against face recognition

Z Li, B Yin, T Yao, J Guo, S Ding… - Proceedings of the …, 2023 - openaccess.thecvf.com
A hard challenge in developing practical face recognition (FR) attacks is due to the black-
box nature of the target FR model, ie, inaccessible gradient and parameter information to …

Prior-guided adversarial initialization for fast adversarial training

X Jia, Y Zhang, X Wei, B Wu, K Ma, J Wang… - European Conference on …, 2022 - Springer
Fast adversarial training (FAT) effectively improves the efficiency of standard adversarial
training (SAT). However, initial FAT encounters catastrophic overfitting, ie, the robust …

Sparse adversarial attack via perturbation factorization

Y Fan, B Wu, T Li, Y Zhang, M Li, Z Li… - Computer Vision–ECCV …, 2020 - Springer
This work studies the sparse adversarial attack, which aims to generate adversarial
perturbations onto partial positions of one benign image, such that the perturbed image is …

Stability analysis and generalization bounds of adversarial training

J Xiao, Y Fan, R Sun, J Wang… - Advances in Neural …, 2022 - proceedings.neurips.cc
In adversarial machine learning, deep neural networks can fit the adversarial examples on
the training dataset but have poor generalization ability on the test set. This phenomenon is …