对抗性分析与防御

7月 7, 2021

深度学习的发明,使得人工智能技术迎来了新的机遇,再次进入了蓬勃发展期。其涉及到的隐私、安全、伦理等问题也日益受到了人们的广泛关注。以对抗样本生成为代表的新技术,直接将人工智能、特别是深度学习模型的脆弱性展示到了人们面前,使得人工智能技术在应用落地时,必须不得不重视此类问题。我们致力于研究智能系统,特别是生物特征识别系统的对抗样本、投毒攻击、后门攻击等技术,揭示现有现有系统的漏洞与弱点,有针对性地提升机器学习模型的健壮性、安全性和可解释性。

王伟
王伟
副研究员、硕导

主要从事多媒体内容安全、人工智能安全、多模态内容分析与理解等方面的研究工作。

文章

视觉对抗样本生成技术概述
深度学习的发明,使得人工智能技术迎来了新的机遇,再次进入了蓬勃发展期。其涉及到的隐私、安全、伦理等问题也日益受到了人们的广泛关注。以对抗样本生成为代表的新技术,直接将人工智能、特别是深度学习模型的脆弱性展示到了人们面前,使得人工智能技术在应用落地时,必须要重视此类问题。本文通过对抗样本生成技术的回顾,从信号层、内容层以及语义层三个层面,白盒攻击与黑盒攻击两个角度,简要介绍了对抗样本生成技术,目的是希望读者能够更好地发现对抗样本的本质,对机器学习模型的健壮性、安全性和可解释性研究有所启发。
3月 29, 2022 32 分钟阅读时长
项目

学术论文

DFGC 2022: The Second DeepFake Game Competition
This paper presents the summary report on our DFGC 2022 competition. The DeepFake is rapidly evolving, and realistic face-swaps are …
彭勃, 项伟, Yue Jiang, 王伟, 董晶, 孙哲南, Zhen Lei, Siwei Lyu
引用 项目 项目 DOI arXiv URL
RiDDLE: Reversible and Diversified De-Identification With Latent Encryptor
引用 项目 项目 项目
Temporal sparse adversarial attack on sequence-based gait recognition
Gait recognition is widely used in social security applications due to its advantages in long-distance human identification. Recently, …
何子文, 王伟, 董晶, 谭铁牛
引用 项目 项目 DOI arXiv URL
面向联邦学习的对抗样本投毒攻击
引用 项目 DOI URL
Revisiting ensemble adversarial attack
Deep neural networks have shown vulnerability to adversarial attacks. Adversarial examples generated with an ensemble of source models …
何子文, 王伟, 董晶, 谭铁牛
引用 项目 DOI URL
AdaDeId: Adjust Your Identity Attribute Freely
Face de-identification has drawn increasing attention in recent years. It is important to protect people’s identity information …
引用 项目 项目 项目 DOI URL
Defending Against Deepfakes with Ensemble Adversarial Perturbation
Maliciously manipulated images and videos, represented by prevalent deepfakes, can easily deceive human and mislead the public …
引用 项目 项目 项目 DOI URL
Transferable Sparse Adversarial Attack
Deep neural networks have shown their vulnerability to adversarial attacks. In this paper, we focus on sparse adversarial attack based …
何子文, 王伟, 董晶, 谭铁牛
PDF 引用 代码 项目 海报
Transferable Sparse Adversarial Attack
Defeating DeepFakes via Adversarial Visual Reconstruction
Existing DeepFake detection methods focus on passive detection, i.e., they detect fake face images by exploiting the artifacts produced …
引用 项目 项目
Guided Erasable Adversarial Attack (GEAA) towards Shared Data Protection
In recent years, there has been increasing interest in studying the adversarial attack, which poses potential risks to deep learning …
PDF 引用 代码 项目 DOI
DFGC 2021: A Deepfake Game Competition
This paper presents a summary of the DeepFake Game Competition (DFGC) 20211. DeepFake technology is developing fast, and realistic …
引用 项目 项目 项目 DOI arXiv URL
Exploring Adversarial Fake Images on Face Manifold
Images synthesized by powerful generative adversarial network (GAN) based methods have drawn moral and privacy concerns. Although image …
PDF 引用 项目 项目 海报
Exploring Adversarial Fake Images on Face Manifold
Adversarial Analysis for Source Camera Identification
Recent studies highlight the vulnerability of convolutional neural networks (CNNs) to adversarial attacks, which also calls into …
引用 项目 DOI URL
Are You Confident That You Have Successfully Generated Adversarial Examples?
Deep neural networks (DNNs) have seen extensive studies on image recognition and classification, image segmentation, and related …
PDF 引用 项目 DOI
视觉对抗样本生成技术概述
With the invention of deep learning, artificial intelligence (AI) has ushered in new opportunities and is booming again. However, its …
王伟, 董晶, 何子文, 孙哲南
引用 项目 DOI