Xianfeng Gao scite author profile

These years, Deep Neural Networks (DNNs) have shown unprecedented performance in many areas. However, some recent studies revealed their vulnerability to small perturbations added on source inputs. Furthermore, we call the ways to generate these perturbations’ adversarial attacks, which contain two types, black-box and white-box attacks, according to the adversaries’ access to target models. In order to overcome the problem of black-box attackers’ unreachabilities to the internals of target DNN, many researchers put forward a series of strategies. Previous works include a method of training a local substitute model for the target black-box model via Jacobian-based augmentation and then use the substitute model to craft adversarial examples using white-box methods. In this work, we improve the dataset augmentation to make the substitute models better fit the decision boundary of the target model. Unlike the previous work that just performed the non-targeted attack, we make it first to generate targeted adversarial examples via training substitute models. Moreover, to boost the targeted attacks, we apply the idea of ensemble attacks to the substitute training. Experiments on MNIST and GTSRB, two common datasets for image classification, demonstrate our effectiveness and efficiency of boosting a targeted black-box attack, and we finally attack the MNIST and GTSRB classifiers with the success rates of 97.7% and 92.8%.

show abstract

A discrete cosine transform-based query efficient attack on black-box object detectors

Kuang

Gao

Wang

et al. 2021

Information Sciences

View full text Add to dashboard Cite

Unrestricted Adversarial Attacks on ImageNet Competition

Chen¹,

Mao²,

He³

et al. 2021

Preprint

View full text Add to dashboard Cite

Improving Transferability of Adversarial Patches on Face Recognition with Generative Models

Xiao¹,

Gao²,

Fu³

et al. 2021

Preprint

View full text Add to dashboard Cite

Face recognition is greatly improved by deep convolutional neural networks (CNNs). Recently, these face recognition models have been used for identity authentication in security sensitive applications. However, deep CNNs are vulnerable to adversarial patches, which are physically realizable and stealthy, raising new security concerns on the real-world applications of these models. In this paper, we evaluate the robustness of face recognition models using adversarial patches based on transferability, where the attacker has limited accessibility to the target models. First, we extend the existing transfer-based attack techniques to generate transferable adversarial patches. However, we observe that the transferability is sensitive to initialization and degrades when the perturbation magnitude is large, indicating the overfitting to the substitute models. Second, we propose to regularize the adversarial patches on the low dimensional data manifold. The manifold is represented by generative models pre-trained on legitimate human face images. Using face-like features as adversarial perturbations through optimization on the manifold, we show that the gaps between the responses of substitute models and the target models dramatically decrease, exhibiting a better transferability. Extensive digital world experiments are conducted to demonstrate the superiority of the proposed method in the black-box setting. We apply the proposed method in the physical world as well.

show abstract

A deep learning-based approach for the automatic measurement of laser-cladding coating sizes

Zhang

Lian

Zheng

et al. 2023

Materials Today Communications

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Xianfeng Gao

Improving Transferability of Adversarial Patches on Face Recognition with Generative Models

Boosting Targeted Black-Box Attacks via Ensemble Substitute Training and Linear Augmentation

A discrete cosine transform-based query efficient attack on black-box object detectors

Unrestricted Adversarial Attacks on ImageNet Competition

Improving Transferability of Adversarial Patches on Face Recognition with Generative Models

A deep learning-based approach for the automatic measurement of laser-cladding coating sizes

Contact Info

Product

Resources

About