[1] |
SZEGEDY C , ZAREMBA W , SUTSKEVER I ,et al. Intriguing properties of neural networks[C]// Proceedings of International Conference on Learning Representations (ICLR). 2014.
|
[2] |
GOODFELLOW I J , SHLENS J , SZEGEDY C . Explaining and harnessing adversarial examples[C]// Proceedings of International Conference on Learning Representations (ICLR). 2015.
|
[3] |
ZHU L , WANG X , KE Z ,et al. BiFormer:vision transformer with bi-level routing attention[C]// Proceedings of Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). 2023: 10323-10333.
|
[4] |
DEVRIES T , TAYLOR G W . Improved regularization of convolutional neural networks with cutout[J]. arXiv preprint arXiv:1708.04552, 2017.
|
[5] |
KURAKIN A , GOODFELLOW I J , BENGIO S . Adversarial examples in the physical world[C]// Proceedings of International Conference on Learning Representations (ICLR). 2017.
|
[6] |
MADRY A , MAKELOV A , SCHMIDT L ,et al. Towards deep learning models resistant to adversarial attacks[C]// Proceedings of International Conference on Learning Representations(ICLR). 2018.
|
[7] |
DONG Y , LIAO F , PANG T ,et al. Boosting adversarial attacks with momentum[C]// Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR). 2018: 9185-9193.
|
[8] |
BROWN T B , MANé D , ROY A ,et al. Adversarial patch[J]. arXiv preprint arXiv:1712.09665, 2017.
|
[9] |
KARMON D , ZORAN D , GOLDBERG Y . Lavan:Localized and visible adversarial noise[C]// Proceedings of International Conference on Machine Learning (ICML). 2018: 3903-3911.
|
[10] |
EYKHOLT K , EVTIMOV I , FERNANDES E ,et al. Robust physical-world attacks on deep learning visual classification[C]// Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR). 2018: 1625-1634.
|
[11] |
YANG C , KORTYLEWSKI A , XIE C ,et al. Patchattack:A black-box texture-based attack with reinforcement learning[C]// Proceedings of European Conference on Computer Vision (ECCV). 2020: 681-698.
|
[12] |
SUBRAMANYA A , PILLAI V , PIRSIAVASH H . Fooling network interpretation in image classification[C]// Proceedings of the IEEE/CVF International Conference on Computer Vision (CVPR). 2019: 2020-2029.
|
[13] |
SELVARAJU R R , COGSWELL M , DAS A ,et al. Grad-CAM:Visual explanations from deep networks via gradient-based localization[C]// Proceedings of the IEEE International Conference on Computer Vision (ICCV). 2017: 618-626.
|
[14] |
LIU X , YANG H , LIU Z ,et al. Dpatch:An adversarial patch attack on object detectors[C]// 2019. AAAI Workshop on Artificial Intelligence Safety (SafeAI), 2019.
|
[15] |
LEE M , KOLTER Z . On physical adversarial patches for object detection[J]. arXiv preprint arXiv:1906.11897, 2019.
|
[16] |
WU S , DAI T , XIA S T . DPAttack:Diffused patch attacks against universal object detection[J]. arXiv preprint arXiv:2010.11679, 2020.
|
[17] |
HUANG H , WANG Y , CHEN Z ,et al. RPAttack:Refined patch attack on general object detectors[C]// Proceedings of 2021 IEEE International Conference on Multimedia and Expo (ICME). 2021: 1-6.
|
[18] |
ZHAO Y , YAN H , WEI X . Object hider:Adversarial patch attack against object detectors[C]// Proceedings of Conference on Information and Knowledge Management (CIKM). 2020: 28-31.
|
[19] |
SHARIF M , BHAGAVATULA S , BAUER L ,et al. Accessorize to a crime:Real and stealthy attacks on state-of-the-art face recognition[C]// Proceedings of the 2016 ACM Sigsac Conference on Computer and Communications Security. 2016: 1528-1540.
|
[20] |
YANG X , WEI F , ZHANG H ,et al. Design and interpretation of universal adversarial patches in face detection[C]// Proceedings of European Conference on Computer Vision (ECCV). 2020: 174-191.
|
[21] |
THYS S , VAN RANST W , GOEDEMé T . Fooling automated surveillance cameras:adversarial patches to attack person detection[C]// Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops (CVPRW). 2019: 49-55.
|
[22] |
HU Y C T , KUNG B H , TAN D S ,et al. Naturalistic physical adversarial patch for object detectors[C]// Proceedings of the IEEE/CVF International Conference on Computer Vision (ICCV). 2021: 7848-7857.
|
[23] |
HUANG H , CHEN Z , CHEN H ,et al. T-SEA:Transfer-based self-ensemble attack on object detection[C]// Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). 2023: 20514-20523.
|
[24] |
NASEER M , KHAN S , PORIKLI F . Local gradients smoothing:Defense against localized adversarial attacks[C]// Proceedings of 2019 IEEE Winter Conference on Applications of Computer Vision (WACV). 2019: 1300-1307.
|
[25] |
HAYES J . On visible adversarial perturbations & digital watermarking[C]// Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition Workshops (CVPRW). 2018: 1597-1604.
|
[26] |
CHOU E , TRAMER F , PELLEGRINO G . SentiNet:Detecting localized universal attacks against deep learning systems[C]// Proceedings of 2020 IEEE Security and Privacy Workshops (SPW). 2020: 48-54.
|
[27] |
XIANG C , MAHLOUJIFAR S , MITTAL P . {PatchCleanser}:Certifiably robust defense against adversarial patches for any image classifier[C]// Proceedings of 31st USENIX Security Symposium (USENIX Security 22). 2022: 2065-2082.
|
[28] |
LIU J , LEVINE A , LAU C P ,et al. Segment and complete:Defending object detectors against adversarial patch attacks with robust patch detection[C]// Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). 2022: 14973-14982.
|
[29] |
RAO S , STUTZ D , SCHIELE B . Adversarial training against location-adamized adversarial patches[C]// Proceedings of European Conference on Computer Vision (ECCV). 2020: 429-448.
|
[30] |
JI N , FENG Y F , XIE H ,et al. Adversarial yolo:Defense human detection patch attacks via detecting adversarial patches[J]. arXiv preprint arXiv:2103.08860, 2021.
|
[31] |
ZHANG Z , YUAN B , MCCOYD M ,et al. Clipped bagnet:Defending against sticker attacks with clipped bag-of- features[C]// Proceedings of 2020 IEEE Security and Privacy Workshops (SPW). 2020: 55-61.
|
[32] |
XIANG C , BHAGOJI A N , SEHWAG V ,et al. {PatchGuard}:a provably robust defense against adversarial patches via small receptive fields and masking[C]// Proceedings of 30th USENIX Security Symposium (USENIX Security 21). 2021: 2237-2254.
|
[33] |
KINGMA D P , BA J . Adam:A method for stochastic adamization[C]// Proceedings of International Conference on Learning Representations (ICLR). 2015.
|
[34] |
DZIUGAITE G K , GHAHRAMANI Z , ROY D M . A study of the effect of JPG compression on adversarial images[J]. arXiv preprint arXiv:1608.00853, 2016.
|
[35] |
TARCHOUN B , BEN KHALIFA A , MAHJOUB M A ,et al. Jedi:entropy-based localization and removal of adversarial patches[C]// Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 2023: 4087-4095.
|
[36] |
LIU J , LEVINE A , LAU C P ,et al. Segment and complete:defending object detectors against adversarial patch attacks with robust patch detection[C]// Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 2022: 14973-14982.
|