• Publications
  • Influence
Backdoor Learning: A Survey
TLDR
This paper summarizes and categorizes existing backdoor attacks and defenses based on their characteristics, and provides a unified framework for analyzing poisoning-based backdoor attacks.
Targeted Attack for Deep Hashing based Retrieval
TLDR
This paper proposes a novel method, dubbed deep hashing targeted attack (DHTA), to study the targeted attack on deep hashing based retrieval, which minimizes the average distance between the hash code of an adversarial example and those of a set of objects with the target label.
Rethinking the Trigger of Backdoor Attack
TLDR
This paper demonstrates that many backdoor attack paradigms are vulnerable when the trigger in testing images is not consistent with the one used for training, and proposes a transformation-based attack enhancement to improve the robustness of existing attacks towards transformation- based defense.
Backdoor Defense via Decoupling the Training Process
TLDR
This work proposes a novel backdoor defense via decoupling the original end-to-end training process into three stages, and reveals that poisoned samples tend to cluster together in the feature space of the attacked DNN model, which is mostly due to the endto- end supervised training paradigm.
Rectified Decision Trees: Towards Interpretability, Compression and Empirical Soundness
TLDR
This paper extends the impurity calculation and the pure ending condition of the classical decision tree to propose a decision tree extension that allows the use of soft labels generated by a well-trained teacher model in training and prediction process and demonstrates the superiority of ReDT in interpretability, compression, and empirical soundness.
Hidden Backdoor Attack against Semantic Segmentation Models
TLDR
This paper proposes a novel attack paradigm, the fine-grained attack, where the target label is treated from the object-level instead of the image-level to achieve more sophisticated manipulation of semantic segmentation models.
Open-sourced Dataset Protection via Backdoor Watermarking
TLDR
A backdoor-based watermarking method to protect an open-sourced image-classification dataset by verifying whether it is used for training a third-party model and a hypothesis test guided method for dataset verification based on the posterior probability generated by the suspicious third- party model.
Manhattan property of geodesic paths on self-affine carpets
For any Bedford-McMullen self-affine carpet, the geodesic path on the carpet between points $$(x_{1},y_{1})$$(x1,y1) and $$(x_{2},y_{2})$$(x2,y2) has length greater than or equal to
Adversarial Defense Via Local Flatness Regularization
TLDR
This paper defines the local flatness of the loss surface as the maximum value of the chosen norm of the gradient regarding to the input within a neighborhood centered on the benign sample, and discusses the relationship between the localflatness and adversarial vulnerability.
Toward Adversarial Robustness via Semi-supervised Robust Training
TLDR
This work proposes a novel defense method, the robust training (RT), by jointly minimizing two separated risks, which is with respect to the benign example and its neighborhoods respectively, and proves that RT is upper-bounded by R_{stand} + R_{rob, which implies that RT has similar effect as AT.
...
...