Academics
Home > Research > Academics > Content
The Research Papers from the Team Led by Minghui Li Have Been Accepted by CVPR’22 and AAAI’21

Time:January 17, 2024

The 2022 Computer Vision and Pattern Recognition Conference (CVPR’22) was held in New Orleans, USA from June 19th to June 23rd, 2022, with a synchronized online component. A research paper titled “Protecting Facial Privacy: Generating Adversarial Identity Masks via Style-robust Makeup Transfer” guided by Dr. Minghui Li was acceptedbyCVPR’22. CVPR is anA-levelinternational academic conference recommended by the CCF and enjoys a high reputation in the field of computer vision. The conference received a total of 8,161 submissions, with 2,064 papers being accepted, resulting in an acceptance rate of approximately 25.3%.

This research introduced the adversarial makeup transfer GAN (AMT-GAN) which leverages generative adversarial networks (GANs) to synthesize adversarial face images with makeup transferred from reference images. AMT-GAN preserves stronger black-box transferability and better visual quality simultaneously. Additionally, a novel regularization module and a joint training strategy are proposed to reconcile the conflict between the adversarial noises and the cycle consistency loss in makeup transfer, achieving a desirable balance between the attack strength and visual changes. Extensive experiments demonstrate that compared to existing methods, AMT-GAN can not only preserve a comfortable visual quality, but also achieve a higher attack success rate over commercial FR APIs, including Face++, Aliyun, and Microsoft.

Figure 1: The architecture of AMT-GAN.

The 29th ACM International Conference on Multimedia (ACM MM’21) was held in Chengdu, China from October 20th to October 24th, 2021. A research paper titled “AdvHash: Set-to-set Targeted Attack on Deep Hashing with One Single Adversarial Patch” guided by Dr. Minghui Li from our institution was acceptedbyCVPR’22. ACM MM’21 is an A-level international academic conference recommended by the CCF and enjoys a high reputation in the field of computer graphics. This year, the conference received a total of 1,942 submissions, and 542 papers were accepted, with an acceptance rate of about 27.9%.

This paper explores the robustness of image retrieval systems based on deep learning to targeted adversarial attacks. While adversarial attacks on image classifiers have been extensively studied, the generalization ability of targeted attacks on image retrieval systems is yet to be explored. To address this gap, this paper introduced AdvHash, the first targeted mismatch attack on deep hashing through adversarial patches. After superimposed with the same adversarial patch, any query image with a chosen label will retrieve a set of irrelevant images with the target label. Concretely, researchers first formulate a set-to-set problem, where a set of samples are pushed into a predefined clustered area in the Hamming space. Then researchers obtain a target anchor hash code and transform the attack to a set-to-point optimization. In order to generate a stable class-wise adversarial patch more efficiently, researchers propose a product-based weighted gradient aggregation strategy to dynamically adjust the gradient direction of the patch by exploiting the Hamming distances between training samples and the target anchor hash code and assigning different weights to discriminatively aggregate gradients. Extensive experiments on benchmark datasets verify that AdvHash is highly effective at attacking two state-of-the-art deep hashing schemes.

The source codes are available at:https://github.com/CGCL-codes/AdvHash.

Figure 2: Illustration of the set-to-point optimization

Contact us
    CONTACT US

    Tel: +86 27 87792255

    Email: sse@hust.edu.cn

    Address: Luoyu Road 1037, Wuhan, China


    @Huazhong University of Science and Technology, School of Optical and Electronic Information