来自:NeurIPS 2022
参考:https://zhuanlan.zhihu.com/p/588881767
攻击
On the Robustness of Deep Clustering Models: Adversarial Attacks and Defenses
Adversarial Attack on Attackers: Post-Process to Mitigate Black-Box Score-Based Query Attacks
GAMA: Generative Adversarial Multi-Object Scene Attacks
BadPrompt: Backdoor Attacks on Continuous Prompts
VoiceBox: Privacy through Real-Time Adversarial Attacks with Audio-to-Audio Models
Towards Reasonable Budget Allocation in Untargeted Graph Structure Attacks via Gradient Debias
Decision-based Black-box Attack Against Vision Transformers via Patch-wise Adversarial Removal
Revisiting Injective Attacks on Recommender Systems
Perceptual Attacks of No-Reference lmage Quality Models with Human-in-the-Loop
Marksman Backdoor: Backdoor Attacks with Arbitrary Target Class
Learning to Attack Federated Learning: A Model-based Reinforcement Learning Attack Framework
Boosting the Transferability of Adversarial Attacks with Reverse Adversarial Perturbation
Adv-Attribute: lnconspicuous and Transferable Adversarial Attack on Face Recognition
Black box Attacks via Surrogate Ensemble Search
Natural Color Fool : Towards Boosting Black-box Unrestricted Attacks
Towards Lightweight Black-Box Attack Against Deep Neural Networks
Practical Adversarial Attacks on Spatiotemporal Traffic Forecasting Models
One-shot Neural Backdoor Erasing via Adversarial Weight Masking Pre-trained Adversarial Perturbations
lsometric 3D Adversarial Examples in the Physical World
Adv-Attribute: Inconspicuous and Transferable Adversarial Attack on Face Recognition
MORA: Improving Ensemble Robustness Evaluation with Model Reweighing Attack
Autoregressive Perturbations for Data Poisoning
Sleeper Agent: Scalable Hidden Trigger Backdoors for Neural Networks Trained from Scratch
BadPrompt: Backdoor Attacks on Continuous Prompts
Amplifying Membership Exposure via Data Poisoning
Handcrafted Backdoors in Deep Neural Networks
Untargeted Backdoor Watermark: Towards Harmless and Stealthy Dataset Copyright Protection
Lethal Dose Conjecture on Data Poisoning
Robust Feature-Level Adversaries are Interpretability Tools
防御
MORA: Improving Ensemble Robustness Evaluation with Model Reweighing Attack
Adversarial Robustness is at Odds with Lazy Training
Defending Against Adversarial Attacks via Neural Dynamic System
A2: Efficient Automated Attacker for Boosting Adversarial Training
Randomized Channel Shuffling: Minimal-Overhead Backdoor Attack Detection without Clean Datasets
Friendly Noise against Adversarial Noise: A Powerful Defense against Data Poisoning Attack
Adversarial Training with Complementary Labels: On the Benefit of Gradually Informative Attacks
Trap and Replace: Defending Backdoor Attacks by Trapping Them into an Easy-to-Replace Subnetwork
Efficient Adversarial Training without Attacking: Worst-Case-Aware Robust Reinforcement Learning
Formulating Robustness Against Unforeseen Attacks
Alleviating Adversarial Attacks on Variational Autoencoders with MCMC
Adversarial training for high-stakes reliability
Phase Transition from Clean Training to Adversarial Training
Why Do Artificially Generated Data Help Adversarial Robustness
Toward Robust Spiking Neural Network Against Adversarial Perturbation
MultiGuard: Provably Robust Multi-label Classification against Adversarial Examples
SNN-RAT:Robustness-enhanced Spiking Neural Network through Regularized Adversarial Training
A CloserLook at the Adversarial Robustness of Deep Equilibrium Models
Make Some Noise: Reliable and Efficient Single-Step Adversarial Training
CalFAT: Calibrated Federated Adversarial Training with Label Skewness
Enhance the Visual Representation via Discrete Adversarial Training
Explicit Tradeoffs between Adversarial and Natural Distributional Robustness
Label Noise in Adversarial Training: A Novel Perspective to Study Robust Overfittingview
Adversarialy Robust Learning: A Generic Minimax Optimal Learner and Characterization
Boosting Barely Robust Learners: A New Perspective on Adversarial Robustness
Stability Analysis and Generalization Bounds of Adversarial Training
Efficient and Effective Augmentation Strategy for Adversarial Training
lmproving Adversarial Robustness of Vision Transformers
Random Normalization Aggregation for Adversarial Defense
DISCo: Adversarial Defense with Local lmplicit Functions
Synergy-of-Experts : Collaborate to Improve Adversarial Robustness
ViewFool: Evaluating the Robustness of Visual Recognition to Adversarial Viewpoints
Rethinking Lipschitz Neural Networks for Certified L-infinity Robustness
Understanding and Improving Robustness of Vision Transformers through Patch-based Negative Augmentation
其他
Indicators of Attack Failure: Debugging and Improving Optimization of Adversarial Examples
Can AdversarialTraining Be Manipulated By Non-Robust Features?
A Characterization of Semi-Supervised Adversarially Robust PAC Learnability
Are AlphaZero-like Agents Robust to Adversarial Perturbations?
On the Adversarial Robustness of Mixture of Experts
Increasing Confidence in Adversarial Robustness Evaluations
What Can the Neural Tangent Kernel Tell Us About Adversarial Robustness?