Yiming Li

Tsinghua University
http://liyiming.tech
Publications17
h-index8
Citations238
Highly Influential Citations21
Author pages are created from data sourced from our academic publisher partnerships and public sources.

Recommended Authors

  • Shutao Xia
  • 280 Publications • 3,118 Citations
  • Xingjun Ma
  • 50 Publications • 2,726 Citations
  • Baoyuan Wu
  • 80 Publications • 2,500 Citations
  • D. Song
  • 419 Publications • 61,432 Citations
  • Publications
  • Influence
Backdoor Learning: A Survey
TLDR
This paper summarizes and categorizes existing backdoor attacks and defenses based on their characteristics, and provides a unified framework for analyzing poisoning-based backdoor attacks.
View on PubMed
Targeted Attack for Deep Hashing based Retrieval
TLDR
This paper proposes a novel method, dubbed deep hashing targeted attack (DHTA), to study the targeted attack on deep hashing based retrieval, which minimizes the average distance between the hash code of an adversarial example and those of a set of objects with the target label.
View PDF on arXiv
Rethinking the Trigger of Backdoor Attack
TLDR
This paper demonstrates that many backdoor attack paradigms are vulnerable when the trigger in testing images is not consistent with the one used for training, and proposes a transformation-based attack enhancement to improve the robustness of existing attacks towards transformation- based defense.
View PDF on arXiv
Backdoor Defense via Decoupling the Training Process
TLDR
This work proposes a novel backdoor defense via decoupling the original end-to-end training process into three stages, and reveals that poisoned samples tend to cluster together in the feature space of the attacked DNN model, which is mostly due to the endto- end supervised training paradigm.
View PDF on arXiv
Rectified Decision Trees: Towards Interpretability, Compression and Empirical Soundness
TLDR
This paper extends the impurity calculation and the pure ending condition of the classical decision tree to propose a decision tree extension that allows the use of soft labels generated by a well-trained teacher model in training and prediction process and demonstrates the superiority of ReDT in interpretability, compression, and empirical soundness.
View PDF on arXiv
Hidden Backdoor Attack against Semantic Segmentation Models
TLDR
This paper proposes a novel attack paradigm, the fine-grained attack, where the target label is treated from the object-level instead of the image-level to achieve more sophisticated manipulation of semantic segmentation models.
View PDF on arXiv
Open-sourced Dataset Protection via Backdoor Watermarking
TLDR
A backdoor-based watermarking method to protect an open-sourced image-classification dataset by verifying whether it is used for training a third-party model and a hypothesis test guided method for dataset verification based on the posterior probability generated by the suspicious third- party model.
View PDF on arXiv
Manhattan property of geodesic paths on self-affine carpets
For any Bedford-McMullen self-affine carpet, the geodesic path on the carpet between points $$(x_{1},y_{1})$$(x1,y1) and $$(x_{2},y_{2})$$(x2,y2) has length greater than or equal to
View on Springer
Adversarial Defense Via Local Flatness Regularization
TLDR
This paper defines the local flatness of the loss surface as the maximum value of the chosen norm of the gradient regarding to the input within a neighborhood centered on the benign sample, and discusses the relationship between the localflatness and adversarial vulnerability.
View on IEEE
Toward Adversarial Robustness via Semi-supervised Robust Training
TLDR
This work proposes a novel defense method, the robust training (RT), by jointly minimizing two separated risks, which is with respect to the benign example and its neighborhoods respectively, and proves that RT is upper-bounded by R_{stand} + R_{rob, which implies that RT has similar effect as AT.
View PDF on arXiv
...
...