LAS-AT: adversarial training with learnable attack strategy
Adversarial training (AT) is always formulated as a minimax problem, of which the
performance depends on the inner optimization that involves the generation of adversarial …
performance depends on the inner optimization that involves the generation of adversarial …
Backdoor learning: A survey
Backdoor attack intends to embed hidden backdoors into deep neural networks (DNNs), so
that the attacked models perform well on benign samples, whereas their predictions will be …
that the attacked models perform well on benign samples, whereas their predictions will be …
Adversarial unlearning of backdoors via implicit hypergradient
We propose a minimax formulation for removing backdoors from a given poisoned model
based on a small set of clean data. This formulation encompasses much of prior work on …
based on a small set of clean data. This formulation encompasses much of prior work on …
A closer look at accuracy vs. robustness
Current methods for training robust networks lead to a drop in test accuracy, which has led
prior works to posit that a robustness-accuracy tradeoff may be inevitable in deep learning …
prior works to posit that a robustness-accuracy tradeoff may be inevitable in deep learning …
Generating transferable 3d adversarial point cloud via random perturbation factorization
Recent studies have demonstrated that existing deep neural networks (DNNs) on 3D point
clouds are vulnerable to adversarial examples, especially under the white-box settings …
clouds are vulnerable to adversarial examples, especially under the white-box settings …
A survey of robust adversarial training in pattern recognition: Fundamental, theory, and methodologies
Deep neural networks have achieved remarkable success in machine learning, computer
vision, and pattern recognition in the last few decades. Recent studies, however, show that …
vision, and pattern recognition in the last few decades. Recent studies, however, show that …
Sibling-attack: Rethinking transferable adversarial attacks against face recognition
A hard challenge in developing practical face recognition (FR) attacks is due to the black-
box nature of the target FR model, ie, inaccessible gradient and parameter information to …
box nature of the target FR model, ie, inaccessible gradient and parameter information to …
Prior-guided adversarial initialization for fast adversarial training
Fast adversarial training (FAT) effectively improves the efficiency of standard adversarial
training (SAT). However, initial FAT encounters catastrophic overfitting, ie, the robust …
training (SAT). However, initial FAT encounters catastrophic overfitting, ie, the robust …
Sparse adversarial attack via perturbation factorization
This work studies the sparse adversarial attack, which aims to generate adversarial
perturbations onto partial positions of one benign image, such that the perturbed image is …
perturbations onto partial positions of one benign image, such that the perturbed image is …
Stability analysis and generalization bounds of adversarial training
In adversarial machine learning, deep neural networks can fit the adversarial examples on
the training dataset but have poor generalization ability on the test set. This phenomenon is …
the training dataset but have poor generalization ability on the test set. This phenomenon is …