⚠️ 以下所有内容总结都来自于 大语言模型的能力,如有错误,仅供参考,谨慎使用
🔴 请注意:千万不要用于严肃的学术场景,只能用于论文阅读前的初筛!
💗 如果您觉得我们的项目对您有帮助 ChatPaperFree ,还请您给我们一些鼓励!⭐️ HuggingFace免费体验
2025-05-24 更新
SuperPure: Efficient Purification of Localized and Distributed Adversarial Patches via Super-Resolution GAN Models
Authors:Hossein Khalili, Seongbin Park, Venkat Bollapragada, Nader Sehatbakhsh
As vision-based machine learning models are increasingly integrated into autonomous and cyber-physical systems, concerns about (physical) adversarial patch attacks are growing. While state-of-the-art defenses can achieve certified robustness with minimal impact on utility against highly-concentrated localized patch attacks, they fall short in two important areas: (i) State-of-the-art methods are vulnerable to low-noise distributed patches where perturbations are subtly dispersed to evade detection or masking, as shown recently by the DorPatch attack; (ii) Achieving high robustness with state-of-the-art methods is extremely time and resource-consuming, rendering them impractical for latency-sensitive applications in many cyber-physical systems. To address both robustness and latency issues, this paper proposes a new defense strategy for adversarial patch attacks called SuperPure. The key novelty is developing a pixel-wise masking scheme that is robust against both distributed and localized patches. The masking involves leveraging a GAN-based super-resolution scheme to gradually purify the image from adversarial patches. Our extensive evaluations using ImageNet and two standard classifiers, ResNet and EfficientNet, show that SuperPure advances the state-of-the-art in three major directions: (i) it improves the robustness against conventional localized patches by more than 20%, on average, while also improving top-1 clean accuracy by almost 10%; (ii) It achieves 58% robustness against distributed patch attacks (as opposed to 0% in state-of-the-art method, PatchCleanser); (iii) It decreases the defense end-to-end latency by over 98% compared to PatchCleanser. Our further analysis shows that SuperPure is robust against white-box attacks and different patch sizes. Our code is open-source.
随着基于视觉的机器学习模型越来越多地集成到自主和赛博物理系统中,关于(物理)对抗性补丁攻击的担忧也在增长。虽然最新的防御手段可以在对高度集中的局部补丁攻击实用性影响最小的情况下实现认证鲁棒性,但在两个重要方面仍然不足:(i)最新方法容易受到低噪声分布式补丁的攻击,这些扰动被微妙地分散以逃避检测或掩盖,正如DorPatch攻击最近所显示的那样;(ii)使用最新方法实现高鲁棒性极其耗费时间和资源,对于许多赛博物理系统中的延迟敏感应用而言,这些方法不切实际。为了解决鲁棒性和延迟问题,本文提出了一种新的对抗补丁攻击的防御策略,称为SuperPure。其关键新颖之处在于开发了一种像素级的掩模方案,该方案对分布式和局部补丁都具有鲁棒性。掩模涉及利用基于GAN的超分辨率方案来逐渐净化图像中的对抗性补丁。我们在ImageNet上以及使用ResNet和EfficientNet两个标准分类器的广泛评估表明,SuperPure在三个主要方向上推动了最新技术的前进:(i)它提高了对常规局部补丁的鲁棒性,平均提高了超过20%,同时还将top-1清洁精度提高了近10%;(ii)它对分布式补丁攻击的鲁棒性达到了58%(而PatchCleanser的鲁棒性为0%);(iii)与PatchCleanser相比,它将防御端到端的延迟减少了98%以上。我们的进一步分析表明,SuperPure对白色盒子攻击和不同大小的补丁具有鲁棒性。我们的代码是开源的。
论文及项目相关链接
Summary
针对基于视觉的机器学习任务,对抗性补丁攻击日益引起关注。现有顶尖防御技术虽然可以对抗集中性局部补丁攻击并保障认证的稳健性,但对散布式低噪声补丁攻击仍显脆弱。针对此,本文提出了一种新的防御策略——SuperPure。它采用像素级的掩模方案,对抗分布式和局部补丁攻击。借助基于生成对抗网络(GAN)的超分辨率方案逐步净化图像中的对抗补丁。评估显示,SuperPure在三个方面取得了进展:增强对常规局部补丁的稳健性、实现对分布式补丁攻击的稳健性,并大大降低了防御端到端的延迟。
Key Takeaways
- 对抗补丁攻击对基于视觉的机器学习任务构成威胁,特别是分散式低噪声补丁攻击。
- 现有顶尖防御技术在面对分散式补丁攻击时显得脆弱,并且实现高稳健性的过程耗时耗资。
- 本文提出的SuperPure策略采用像素级掩模方案,能有效对抗分布式和局部补丁攻击。
- SuperPure利用基于GAN的超分辨率方案逐步净化图像,以增强其稳健性。
- SuperPure在增强稳健性的同时,也提高了对干净数据的识别准确率,并显著降低了防御的端到端延迟。
- SuperPure对白皮书攻击和各种补丁尺寸具有稳健性。
点此查看论文截图
MambaStyle: Efficient StyleGAN Inversion for Real Image Editing with State-Space Models
Authors:Jhon Lopez, Carlos Hinojosa, Henry Arguello, Bernard Ghanem
The task of inverting real images into StyleGAN’s latent space to manipulate their attributes has been extensively studied. However, existing GAN inversion methods struggle to balance high reconstruction quality, effective editability, and computational efficiency. In this paper, we introduce MambaStyle, an efficient single-stage encoder-based approach for GAN inversion and editing that leverages vision state-space models (VSSMs) to address these challenges. Specifically, our approach integrates VSSMs within the proposed architecture, enabling high-quality image inversion and flexible editing with significantly fewer parameters and reduced computational complexity compared to state-of-the-art methods. Extensive experiments show that MambaStyle achieves a superior balance among inversion accuracy, editing quality, and computational efficiency. Notably, our method achieves superior inversion and editing results with reduced model complexity and faster inference, making it suitable for real-time applications.
将真实图片反转到StyleGAN的潜在空间以操纵其属性的任务已被广泛研究。然而,现有的GAN反转方法在平衡高重建质量、有效的可编辑性和计算效率方面遇到了困难。在本文中,我们介绍了MambaStyle,这是一种基于编码器的GAN反转和编辑的高效单阶段方法,它利用视觉状态空间模型(VSSMs)来解决这些挑战。具体来说,我们的方法将VSSMs集成到所提出的架构中,实现了高质量的图片反转和灵活的编辑,与最先进的方法相比,所需参数更少,计算复杂度更低。大量实验表明,MambaStyle在反转准确性、编辑质量和计算效率之间取得了出色的平衡。值得注意的是,我们的方法以较低的模型复杂度和更快的推理速度实现了出色的反转和编辑结果,使其适合实时应用。
论文及项目相关链接
Summary
本文介绍了MambaStyle,这是一种基于编码器的高效单阶段GAN反卷积方法,利用视觉状态空间模型(VSSMs)解决了GAN反卷积中的挑战。MambaStyle能够在减少参数和计算复杂性的同时实现高质量图像反卷积和灵活编辑。实验表明,MambaStyle在反卷积精度、编辑质量和计算效率之间取得了卓越的平衡,适合实时应用。
Key Takeaways
- MambaStyle是一种基于编码器的高效单阶段方法,用于将真实图像反卷积到StyleGAN的潜在空间并进行属性操作。
- 利用视觉状态空间模型(VSSMs)解决了现有GAN反卷积方法在高重建质量、有效可编辑性和计算效率之间的平衡问题。
- MambaStyle能够实现高质量图像反卷积和灵活编辑,同时减少参数和计算复杂性,相较于现有方法具有优势。
- 实验证明MambaStyle在反卷积精度、编辑质量和计算效率之间达到了卓越平衡。
- MambaStyle方法具有优异的反卷积和编辑结果,同时降低了模型复杂性和提高了推理速度。
- MambaStyle适用于实时应用,为GAN反卷积任务提供了一种新的有效解决方案。
点此查看论文截图
