A curated list of Awesome Computer-Vision (Image Classification, Object Detection and Image Segmentation) Real-world Adversarial Examples (Aka Physcial Adversarial Examples, PAE) academic and R&D resources.
- A survey of practical adversarial example attacks, Sun et al., Cybersecurity 1, 9(2018).
Image Classification
-
Adversarial examples in the physical world, Kurakin et al., ICLR Workshop 2017. [demo]
- The first work study Physical Adversarial Examples by experiment which direct transfer Digital Adversarial Examples.
-
Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face Recognition, Sharif et al., CCS 2016. [code, talk]
- The first public paper contribute embryo of Patch Attack classic face recognition system.
-
Adversarial Patch, Brown et al., NIPS 2017. [demo, code]
- The first work contribute Patch Attack.
-
Synthesizing Robust Adversarial Examples, Athalye et al., ICML 2018. [OpenReview, code]
- The first work study 3D Attack.
-
Robust Physical-World Attacks on Deep Learning Models, Eykholt et al., CVPR 2018. [homepage, blog, demo, code, talk]
Object Detection
-
Adversarial Examples that Fool Detectors, Lu et al., arXiv preprint 2017.
- The first experiment Physical Adversarial Examples in Detectors.
-
ShapeShifter: Robust Physical Adversarial Attack on Faster R-CNN Object Detector, Chen et al., ECML-PKDD 2018. [code]
- Faster R-CNN
-
Physical Adversarial Examples for Object Detectors, Eykholt et al., WOOT 2018.
-
Fooling automated surveillance cameras: adversarial patches to attack person detection, S. Thys, W. V. Ranst et al., CVPR workshop 2019. [video]
-
DPATCH: An Adversarial Patch Attack on Object Detectors, X Liu et al., AAAI workshop 2019.
-
On Physical Adversarial Patches for Object Detection, Lee. M et al., ICML workshop 2019. [video]
-
CAMOU: Learning Physical Vehicle Camouflages to Adversarially Attack Detectors in the Wild, Y. Zhang et al., ICLR 2019.
-
Making an Invisibility Cloak: Real World Adversarial Attacks on Object Detectors, Z. Wu et al, arXiv 2019. [blog]
-
Adversarial T-shirt! Evading Person Detectors in A Physical World, K. Xu et al, arXiv 2019. [blog]
-
Design and Interpretation of Universal Adversarial Patches in Face Detection, X. Yang, F. Wei, H. Zhang et al., arXiv 2019.
-
FCA: Learning a 3D Full-coverage Vehicle Camouflage for Multi-view Physical Adversarial Attack, Wang. D et al., AAAI 2022. [homepage, blog, code]
-
DTA: Physical Camouflage Attacks using Differentiable Transformation Network, Suryanto. N et al., CVPR 2022. [homepage]
Image Segmentation
3D Attacks
Image Classification
Object Detection
-
NO Need to Worry about Adversarial Examples in Object Detection in Autonomous Vehicles, Lu et al., CVPR 2017.
- The first paper think Physical Adversarial Examples in Detectors not very serious.
-
Role of Spatial Context in Adversarial Robustness for Object Detection, Saha et al., CVPR Workshop 2020. [code]
-
Information Distribution Based Defense Against Physical Attacks on Object Detection, G. Zhou et al., IEEE ICMEW 2020.
Image Segmentation
- CS 404/504 Adversarial Machine Learning, Alex Vakanski, University of Idaho, Fall 2021.
- CS 562 Advanced Topics in Security, Privacy and Machine Learning, Bo Li, University of Illinois at Urbana-Champaign, Fall 2021.
- CY 7790 Machine Learning Security and Privacy, Alina Oprea, Northeastern University, Fall 2021.
- Security and Privacy of Machine Learning, Shang-Tse Chen, NTU, Fall 2021.
- Adversarial Machine Learning in Computer Vision, CVPR 2021 Tutorial, June 2021.
- CS 498 Special Topics on Trustworthy Machine Learning , Bo Li, University of Illinois at Urbana-Champaign, Spring 2021.
- CS 6231 Adversarial Machine Learning, Reza Shokri, National University of Singapore, Fall 2019.
(Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0)
To the extent possible under law, Jing Li lixeon.lij@gmail.com has waived all copyright and related or neighboring rights to this work.