Adversarial-Robustness-Papers

This repo includes recent works regarding adversarial robustness on deep neural network.

Adversarial Training & Robust Explanation

• 2019-ICLR-Texture-Learning Robust Representations by Projecting Superficial Statistics Out
• 2019-CVPR-Feature Denoising for Improving Adversarial Robustness
• 2019-ICML-Theoretically Principled Trade-off between Robustness and Accuracy
• 2019-NeurIPS-A Fourier Perspective on Model Robustness in Computer Vision
• 2019-NeurIPS-Unlabeled Data Improves Adversarial Robustness
• 2019-ICCV-Adversarial Defense by Restricting the Hidden Space of Deep Neural Networks
• 2020-ECCV-Attributional Robustness Training Using Input-Gradient Spatial Alignment
• 2020-ICLR-Improving Adversarial Robustness Requires Revisiting Misclassified Examples
• 2020-NeurIPS-Adversarial Weight Perturbation Helps Robust Generalization
• 2020-CVPR-High-Frequency Component Helps Explain the Generalization of Convolutional Neural Networks
• 2021-NeurIPS-Data Augmentation Can Improve Robustness
• 2021-NeurIPS-Improving Robustness using Generated Data
• 2022-CVPR-LAS-AT: Adversarial Training with Learnable Attack Strategy
• 2022-NeurIPS-Models Out of Line: A Fourier Lens on Distribution Shift Robustness
• 2022-NeurIPS-Label Noise in Adversarial Training: A Novel Perspective to Study Robust Overfitting
• 2023-NeurIPS-Adversarial Robustness through Random Weight Sampling
• 2023-NeurIPS-Improving Adversarial Robustness via Information Bottleneck Distillation
• 2023-NeurIPS-Revisiting Adversarial Robustness Distillation from the Perspective of Robust Fairness
• 2023-CVPR-The Enemy of My Enemy is My Friend: Exploring Inverse Adversaries for Improving Adversarial Training
• 2023-CVPR-Feature Separation and Recalibration for Adversarial Robustness
• 2023-CVPR-CFA: Class-wise Calibrated Fair Adversarial Training
• 2023-CVPR-Fast Adversarial Training with Smooth Convergence
• 2023-CVPR-AGAIN: Adversarial Training With Attribution Span Enlargement and Hybrid Feature Fusion
• 2023-CVPR-Masked Images Are Counterfactual Samples for Robust Fine-Tuning
• 2023-CVPR-Boosting Semi-Supervised Medical Image Classification via Pseudo-Loss Estimation and Feature Adversarial Training
• 2023-CVPR-Adversarial Counterfactual Visual Explanations
• 2023-ICCV-HybridAugment++: Unified Frequency Spectra Perturbations for Model Robustness
• 2023-ICCV-Towards Building More Robust Models with Frequency Bias
• 2023-ICCV-Improving Generalization of Adversarial Training via Robust Critical Fine-Tuning
• 2023-ICML-Better Diffusion Models Further Improve Adversarial Training
• 2023-ICML-Eliminating Adversarial Noise via Information Discard and Robust Representation Restoration
• 2023-ICML-Better Diffusion Models Further Improve Adversarial Training
• 2023-NeurIPS-Evaluating the Robustness of Interpretability Methods through Explanation Invariance and Equivariance
• 2024-CVPR-Soften to Defend: Towards Adversarial Robustness via Self-Guided Label Refinement
• 2024-CVPR-Enhancing Adversarial Contrastive Learning via Adversarial Invariant Regularization
• 2024-ICLR-Mitigating the Curse of Dimensionality for Certified Robustness via Dual Randomized Smoothing

Diffusion-based Purification

• 2022-ICML-Diffusion Models for Adversarial Purification
• 2023-CVPR-Back to the Source: Diffusion-Driven Adaptation To Test-Time Corruption
• 2023-ICLR-DensePure: Understanding Diffusion Models for Adversarial Robustness
• 2023-ICCV-Robust Evaluation of Diffusion-Based Adversarial Purification
• 2024-AAAI-Adversarial Purification with the Manifold Hypothesis
• 2024-ICLR-Adversarial Training on Purification (AToP): Advancing Both Robustness and Generalization
• 2024-Arxiv-Towards Better Adversarial Purification via Adversarial Denoising Diffusion Training
• 2024-CVPR24-MimicDiffusion: Purifying Adversarial Perturbation via Mimicking Clean Diffusion Model
• 2023-NeurIPS-Enhancing Adversarial Robustness via Score-Based Optimization
• 2023-NeurIPS-DiffAttack: Evasion Attacks Against Diffusion-Based Adversarial Purification

Foundation Model Robustness

• 2023-NeurIPS-On Transfer of Adversarial Robustness from Pretraining to Downstream Tasks
• 2023-ICCV-Improving Adversarial Robustness of Masked Autoencoders via Test-time Frequency-domain Prompting
• 2023-MM-Downstream-agnostic Adversarial Examples in Multimodal Contrastive Learning
• 2023-NeurIPS-Convolutional Visual Prompt for Robust Visual Perception
• 2023-NeurIPS-On Evaluating Adversarial Robustness of Large Vision-Language Models
• 2024-NAACL-Attacks, Defenses and Evaluations for LLM Conversation Safety: A Survey
• 2024-AAAI-Mutual-Modality Adversarial Attack with Semantic Perturbation
• 2024-ICML(oral)-Robust CLIP: Unsupervised Adversarial Fine-Tuning of Vision Embeddings for Robust Large Vision-Language Models
• 2024-CVPR-Initialization Matters for Adversarial Transfer Learning
• 2024-CVPR-One Prompt Word is Enough to Boost Adversarial Robustness for Pre-trained Vision-Language Models
• 2024-CVPR-Pre-trained Model Guided Fine-Tuning for Zero-Shot Adversarial Robustness
• 2024-NeurIPS-On Transfer of Adversarial Robustness from Pretraining to Downstream Tasks

Adversarial Attacks

• 2020-CVPR-Robust Superpixel-Guided Attentional Adversarial Attack
• 2021-ICCV-Admix: Enhancing the Transferability of Adversarial Attacks
• 2022-AAAI-Learning Universal Adversarial Perturbation by Adversarial Example
• 2023-ICCV-Downstream-agnostic Adversarial Examples
• 2023-ICCV-Boosting Adversarial Transferability via Gradient Relevance Attack
• 2023-CVPR-Enhancing Generalization of Universal Adversarial Perturbation through Gradient AggregationPPT
• 2023-CVPR-Enhancing the Self-Universality for Transferable Targeted Attacks
• 2023-CVPR-Towards Transferable Targeted Adversarial ExamplesCode
• 2023-NeurIPS-DiffAttack: Evasion Attacks Against Diffusion-Based Adversarial Purification
• 2024-ECCV-AdvDiff: Generating Unrestricted Adversarial Examples using Diffusion Models
• 2024-CVPR-Improving Transferable Targeted Adversarial Attacks with Model Self-EnhancementCode