Adversarial patch is one of the important forms performing adversarial attacks in physical world. To improve naturalness and aggressiveness existing patches, location-aware patches are proposed, where patch's location on target object integrated into optimization process to perform attacks. Although it effective, efficiently finding optimal for placing challenging, especially under black-box attack settings. In this paper, we first empirically find that aggregation regions locations show...

Recent studies have demonstrated that visual recognition models lack robustness to distribution shift. However, current work mainly considers model 2D image transformations, leaving viewpoint changes in the 3D world less explored. In general, are prevalent various real-world applications (e.g., autonomous driving), making it imperative evaluate robustness. this paper, we propose a novel method called ViewFool find adversarial viewpoints mislead models. By encoding objects as neural radiance...

Visual recognition models are not invariant to viewpoint changes in the 3D world, as different viewing directions can dramatically affect predictions given same object. Compared 2D transformations, exploration of invariance deserves more attention for its greater practical significance. Motivated by success adversarial training promoting model robustness, we propose Viewpoint-Invariant Adversarial Training (VIAT) improve robustness common image classifiers. By regarding transformation an...

Viewpoint invariance remains challenging for visual recognition in the 3D world, as altering viewing directions can significantly impact predictions same object. While substantial efforts have been dedicated to making neural networks invariant 2D image translations and rotations, viewpoint is rarely investigated. Motivated by success of adversarial training enhancing model robustness, we propose Viewpoint-Invariant Adversarial Training (VIAT) improve robustness classifiers. Regarding...

Vision-Language Pre-training (VLP) models like CLIP have achieved remarkable success in computer vision and particularly demonstrated superior robustness to distribution shifts of 2D images. However, their under 3D viewpoint variations is still limited, which can hinder the development for real-world applications. This paper successfully addresses this concern while keeping VLPs' original performance by breaking through two primary obstacles: 1) scarcity training data 2) suboptimal...

Embodied intelligence empowers agents with a profound sense of perception, enabling them to respond in manner closely aligned real-world situations. Large Language Models (LLMs) delve into language instructions depth, serving crucial role generating plans for intricate tasks. Thus, LLM-based embodied models further enhance the agent's capacity comprehend and process information. However, this amalgamation also ushers new challenges pursuit heightened intelligence. Specifically, attackers can...

Adversarial patches present significant challenges to the robustness of deep learning models, making development effective defenses become critical for real-world applications. This paper introduces DIFFender, a novel DIFfusion-based DeFender framework that leverages power text-guided diffusion model counter adversarial patch attacks. At core our approach is discovery Anomaly Perception (AAP) phenomenon, which enables accurately detect and locate by analyzing distributional anomalies....

With the rise of deep learning, facial recognition technology has seen extensive research and rapid development. Although is considered a mature technology, we find that existing open-source models commercial algorithms lack robustness in certain real-world Out-of-Distribution (OOD) scenarios, raising concerns about reliability these systems. In this paper, introduce OODFace, which explores OOD challenges faced by from two perspectives: common corruptions appearance variations. We...

Vision Language Models (VLMs) have exhibited remarkable generalization capabilities, yet their robustness in dynamic real-world scenarios remains largely unexplored. To systematically evaluate VLMs' to 3D variations, we propose AdvDreamer, the first framework that generates physically reproducible adversarial transformation (Adv-3DT) samples from single-view images. AdvDreamer integrates advanced generative techniques with two key innovations and aims characterize worst-case distributions of...

Adversarial patch is one of the important forms performing adversarial attacks in physical world. To improve naturalness and aggressiveness existing patches, location-aware patches are proposed, where patch's location on target object integrated into optimization process to perform attacks. Although it effective, efficiently finding optimal for placing challenging, especially under black-box attack settings. In this paper, we propose Distribution-Optimized Patch (DOPatch), a novel method...

Visual recognition models are not invariant to viewpoint changes in the 3D world, as different viewing directions can dramatically affect predictions given same object. Although many efforts have been devoted making neural networks 2D image translations and rotations, invariance is rarely investigated. As most process images perspective view, it challenging impose based only on inputs. Motivated by success of adversarial training promoting model robustness, we propose Viewpoint-Invariant...

Compared with transferable untargeted attacks, targeted adversarial attacks could specify the misclassification categories of samples, posing a greater threat to security-critical tasks. In meanwhile, 3D due their potential multi-view robustness, can more comprehensively identify weaknesses in existing deep learning systems, possessing great application value. However, field remains vacant. The goal this work is develop effective technique that generate examples, filling gap field. To...

Adversarial attacks, particularly patch pose significant threats to the robustness and reliability of deep learning models. Developing reliable defenses against attacks is crucial for real-world applications, yet current research in this area unsatisfactory. In paper, we propose DIFFender, a novel defense method that leverages text-guided diffusion model defend adversarial patches. DIFFender includes two main stages: localization restoration. stage, find exploit an intriguing property...