Summary of Adversarial Works

This repository contains one-file-quick-summaries of works from CVPR which deal with adversarial attack or defense. The list might be incomplete! In case you find a paper which I missed out, let me know!

This post is linked to my blog post, where draw the broad scope and direction of adversarial works in CVPR 2019, and also briefly introduce few of the interesting results from CVPR 2019.

TODO:

1. Finish All CVPR 2019 papers

2. Extend to a gh-pages website.

Note: The Adversarial works I am referring of here are related to robustness of deep neural networks, i.e. Attacks and Defenses. This repository is not about Generative Adversarial Networks.

CVPR 2017

1. Universal Adversarial perturbations, Seyed-Mohsen Moosavi-Dezfooli et al.

CVPR 2018

2. Defense Against Universal Adversarial Perturbations

3. Generative Adversarial Perturbations

4. Art of Singular Vectors and Universal Adversarial Perturbations

5. Deflecting Adversarial Attacks With Pixel Deflection

6. On the Robustness of Semantic Segmentation Models to Adversarial Attacks

7. Robust Physical-World Attacks on Deep Learning Visual Classification

8. Defense Against Adversarial Attacks Using High-Level Representation Guided Denoiser

9. Boosting Adversarial Attacks With Momentum

10. NAG: Network for Adversary Generation

CVPR 2019

Defense Based TODO:

11. Adversarial Defense by Stratified Convolutional Sparse Coding

12. Feature Denoising for Improving Adversarial Robustness

13. Parametric Noise Injection: Trainable Randomness to Improve Deep Neural Network Robustness Against Adversarial Attack

14. Feature Distillation: DNN-Oriented JPEG Compression Against Adversarial Examples

15. Adversarial Defense Through Network Profiling Based Path Extraction

16. Detection Based Defense Against Adversarial Examples From the Steganalysis Point of View

17. ComDefend: An Efficient Image Compression Model to Defend Adversarial Examples

18. Barrage of Random Transforms for Adversarially Robust Defense

19. Defending Against Adversarial Attacks by Randomized Diversification

20. A Kernelized Manifold Mapping to Diminish the Effect of Adversarial Perturbations

21. ShieldNets: Defending Against Adversarial Attacks Using Probabilistic Adversarial Robustness

Attack Based TODO:

22. Trust Region Based Adversarial Attack on Neural Networks

23. Curls & Whey: Boosting Black-Box Adversarial Attacks

24. Evading Defenses to Transferable Adversarial Examples by Translation-Invariant Attacks

25. SparseFool: a few pixels make a big difference.

26. Catastrophic Child's Play: Easy to Perform, Hard to Defend Adversarial Attacks

27. Decoupling Direction and Norm for Efficient Gradient-Based L2 Adversarial Attacks and Defenses

28. Feature Space Perturbations Yield More Transferable Adversarial Examples

Attack on different tasks:

29. AIRD: Adversarial Learning Framework for Image Repurposing Detection

30. Defense Against Adversarial Images using Web-Scale Nearest-Neighbor Search

31. Efficient Decision-based Black-box Adversarial Attacks on Face Recognition

32. Fooling automated surveillance cameras: adversarial patches to attack person detection

33. Exact Adversarial Attack to Image Captioning via Structured Output Learning with Latent Variables

34. Retrieval-Augmented Convolutional Neural Networks Against Adversarial Examples

Attacking 3D data TODO:

35. Adversarial Attacks Beyond the Image Space

36. Generating 3D Adversarial Point Clouds

37. Realistic Adversarial Examples in 3D Meshes

38. MeshAdv: Adversarial Meshes for Visual Recognition

39. Robustness of 3D Deep Learning in an Adversarial Setting

40. Strike (With) a Pose: Neural Networks Are Easily Fooled by Strange Poses of Familiar Objects

On Explaining Adversarial A&D TODO:

41. What Does It Mean to Learn in Deep Networks? And, How Does One Detect Adversarial Attacks?

42. Disentangling Adversarial Robustness and Generalization

43. Robustness via Curvature Regularization, and Vice Versa