为了使得视觉与学习领域相关从业者快速及时地了解领域的最新发展动态和前沿技术进展,VALSE最新推出了《论文速览》栏目,将在每周发布一至两篇顶会顶刊论文的录制视频,对单个前沿工作进行细致讲解。本期VALSE论文速览选取了来自北京航空航天大学的物理环境下对抗攻击方面的工作。该工作由韦星星副教授指导、论文作者郭颖录制。 论文题目:Adversarial Sticker: A Stealthy Attack Method in the Physical World 作者列表:韦星星 (北京航空航天大学),郭颖 (北京航空航天大学),余杰 (北京航空航天大学) B站观看网址: 论文摘要: To assess the vulnerability of deep learning in the physical world, recent works introduce adversarial patch and apply it on different tasks. In this paper, we propose another kind of adversarial patch: Meaningful Adversarial Sticker, a physically feasible and stealthy attack method by using real stickers existing in our life. Instead of previous adversarial patches by designing perturbations, our method manipulates the sticker's pasting position, rotation angle on the objects to perform physical attacks. Because the position and rotation angle are less affected by the printing loss and color distortion, adversarial stickers can keep good attacking performance in the physical world. Besides, to make adversarial stickers more practical in real scenes, we conduct attacks in the black-box setting with limited information rather than the white-box setting with all the details of threat models. To effectively solve the sticker's parameters, we design Region based Heuristic Differential Algorithm, which utilizes the new-found regional aggregation of effective solutions and the adaptive adjustment strategy of evaluation criteria. Our method is comprehensively verified in Face Recognition and then extended to Image Retrieval and Traffic Sign Recognition. Extensive experiments show the proposed method is effective and efficient in complex physical conditions and has good generalization for different tasks. 论文信息: [1] Xingxing Wei*, Ying Guo, Jie Yu, "Adversarial Sticker: A Stealthy Attack Method in the Physical World", IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI), 2022. 论文链接: [https://ieeexplore.ieee.org/abstract/document/9779913] 代码链接: [https://github.com/jinyugy21/Adv-Stickers_RHDE] 视频讲者简介: 郭颖,美团视觉智能部算法工程师,2022年毕业于北京航空航天大学,师从韦星星副教授。研究方向包括深度学习对抗攻防、深度伪造检测、人脸图像生成等,主要专注于人脸识别模型的安全性研究。该工作于北京航空航天大学完成。 特别鸣谢本次论文速览主要组织者: 月度轮值AC:冯尊磊 (浙江大学),徐易 (大连理工大学) 季度责任AC:张姗姗 (南京理工大学) 活动参与方式 1、VALSE每周举行的Webinar活动依托B站直播平台进行,欢迎在B站搜索VALSE_Webinar关注我们! 直播地址: https://live.bilibili.com/22300737; 历史视频观看地址: https://space.bilibili.com/562085182/ 2、VALSE Webinar活动通常每周三晚上20:00进行,但偶尔会因为讲者时区问题略有调整,为方便您参加活动,请关注VALSE微信公众号:valse_wechat 或加入VALSE QQ R群,群号:137634472); *注:申请加入VALSE QQ群时需验证姓名、单位和身份,缺一不可。入群后,请实名,姓名身份单位。身份:学校及科研单位人员T;企业研发I;博士D;硕士M。 3、VALSE微信公众号一般会在每周四发布下一周Webinar报告的通知。 4、您也可以通过访问VALSE主页:http://valser.org/ 直接查看Webinar活动信息。Webinar报告的PPT(经讲者允许后),会在VALSE官网每期报告通知的最下方更新。 |
