CVPR2023对抗攻击&防御论文汇总

CVPR2023对抗攻击&防御论文汇总

下面论文部分来自这个链接，粗略分类，可能有遗漏

攻击

Re-Thinking Model Inversion Attacks Against Deep Neural Networks

Minimizing Maximum Model Discrepancy for Transferable Black-Box Targeted Attacks

Color Backdoor: A Robust Poisoning Attack in Color Space

Effective Ambiguity Attack Against Passport-Based DNN Intellectual Property Protection Schemes Through Fully Connected Layer Substitution

Sibling-Attack: Rethinking Transferable Adversarial Attacks Against Face Recognition

Physical-World Optical Adversarial Attacks on 3D Face Recognition

Proximal Splitting Adversarial Attack for Semantic Segmentation

Turning Strengths Into Weaknesses: A Certified Robustness Inspired Attack Framework Against Graph Neural Networks

Discrete Point-Wise Attack Is Not Enough: Generalized Manifold Adversarial Attack for Face Recognition

Transferable Adversarial Attacks on Vision Transformers With Token Gradient Regularization

TrojDiff: Trojan Attacks on Diffusion Models With Diverse Targets

T-SEA: Transfer-Based Self-Ensemble Attack on Object Detection

Rate Gradient Approximation Attack Threats Deep Spiking Neural Networks

Enhancing the Self-Universality for Transferable Targeted Attacks

Backdoor Attacks Against Deep Image Compression via Adaptive Frequency Trigger

Ensemble-Based Blackbox Attacks on Dense Prediction

Black-Box Sparse Adversarial Attack via Multi-Objective Optimisation

Progressive Backdoor Erasing via Connecting Backdoor and Adversarial Attacks

Can't Steal? Cont-Steal! Contrastive Stealing Attacks Against Image Encoders

Towards Benchmarking and Assessing Visual Naturalness of Physical World Adversarial Attacks

Dynamic Generative Targeted Attacks With Pattern Injection

Reinforcement Learning-Based Black-Box Model Inversion Attacks

StyLess: Boosting the Transferability of Adversarial Examples

Introducing Competition To Boost the Transferability of Targeted Adversarial Examples Through Clean Feature Mixup

Towards Transferable Targeted Adversarial Examples

Improving the Transferability of Adversarial Samples by Path-Augmented Method

Physically Adversarial Infrared Patches with Learnable Shapes and Locations

Towards Effective Adversarial Textured 3D Meshes on Physical Face Recognition

Physical-World Optical Adversarial Attacks on 3D Face Recognition

Single Image Backdoor Inversion via Robust Smoothed Classifiers

防御

Teacher-Generated Spatial-Attention Labels Boost Robustness and Accuracy of Contrastive Models

Boosting Accuracy and Robustness of Student Models via Adaptive Adversarial Distillation

Defending Against Patch-Based Backdoor Attacks on Self-Supervised Learning

Backdoor Defense via Deconfounded Representation Learning

Backdoor Defense via Adaptively Splitting Poisoned Dataset

TWINS: A Fine-Tuning Framework for Improved Transferability of Adversarial Robustness and Generalization

Towards Compositional Adversarial Robustness: Generalizing Adversarial Training to Composite Semantic Perturbations

Revisiting Residual Networks for Adversarial Robustness

CFA: Class-Wise Calibrated Fair Adversarial Training

Jedi: Entropy-Based Localization and Removal of Adversarial Patches

The Enemy of My Enemy Is My Friend: Exploring Inverse Adversaries for Improving Adversarial Training

Exploring the Relationship Between Architectural Design and Adversarially Robust Generalization

Adversarially Robust Neural Architecture Search for Graph Neural Networks

Randomized Adversarial Training via Taylor Expansion

Feature Separation and Recalibration for Adversarial Robustness

Adversarial Robustness via Random Projection Filters

AGAIN: Adversarial Training With Attribution Span Enlargement and Hybrid Feature Fusion

Improving Robustness of Vision Transformers by Reducing Sensitivity To Patch Corruptions

Demystifying Causal Features on Adversarial Examples and Causal Inoculation for Robust Network by Adversarial Instrumental Variable Regression

Cooperation or Competition: Avoiding Player Domination for Multi-Target Robustness via Adaptive Budgets

Benchmarking Robustness of 3D Object Detection to Common Corruptions

Adversarial Robustness via Random Projection Filters

Generalist: Decoupling Natural and Robust Generalization

其他

Efficient Loss Function by Minimizing the Detrimental Effect of Floating-Point Errors on Gradient-Based Attacks

The Resource Problem of Using Linear Layer Leakage Attack in Federated Learning

Breaching FedMD: Image Recovery via Paired-Logits Inversion Attack

Robust Single Image Reflection Removal Against Adversarial Attacks

You Are Catching My Attention: Are Vision Transformers Bad Learners Under Backdoor Attacks?

The Best Defense Is a Good Offense: Adversarial Augmentation Against Adversarial Attacks

SlowLiDAR: Increasing the Latency of LiDAR-Based Detection Using Adversarial Examples

Demystifying Causal Features on Adversarial Examples and Causal Inoculation for Robust Network by Adversarial Instrumental Variable Regression

Progressive Backdoor Erasing via Connecting Backdoor and Adversarial Attacks

CLIP2Protect: Protecting Facial Privacy Using Text-Guided Makeup via Adversarial Latent Search

Evading DeepFake Detectors via Adversarial Statistical Consistency

Detecting Backdoors During the Inference Stage Based on Corruption Robustness Consistency

Don't Lie to Me! Robust and Efficient Explainability With Verified Perturbation Analysis