Recent deep-learning-based methods achieve great performance on various vision applications. However, insufficient robustness on adversarial cases limits real-world applications of deep-learning-based methods. AROW workshop aims to explore adversarial examples, as well as, evaluate and improve the adversarial robustness of computer vision systems.

This AROW workshop will be fully virtual.

Topics of AROW workshop include but are not limited to:

Improving model robustness against unrestricted adversarial attacks

Improving generalization to out-of-distribution samples or unforeseen adversaries

Discovery of real-world adversarial examples

Novel architectures with robustness to occlusion, viewpoint, and other real-world domain shifts

Domain adaptation techniques for robust vision in the real world

Datasets for evaluating model robustness

Structured deep models and explainable AI

Oct. 23, 2022. IST: Israel local time (UTC +2); PST: Pacific Standard Time (UTC -8) Live

Israel Morning Session

PST 11:05pm-11:35pm; IST 9:05am-9:35am

Invited Talk: Cihang Xie - CNN vs Transformer: Which One is More Robust - Live

PST 11:35pm-12:05am; IST 9:35am-10:05am

Invited Talk: Olga Russakovsky - Trustworthy and trusted computer vision

PST 12:05am-12:35am; IST 10:05am-10:35am

Invited Talk: Alan Yuille - Challenging Artificial Intellegence of Vision Algorithm to Achieve Human-Level Performance

PST 12:35am-1:05am; IST 10:35am-11:05am

Invited Talk: Xue Lin - Evaluation of Deep Learning Robustness and Reverse Engineering of Pertubations

Israel Afternoon Session

PST 4:15am-5:00am; IST 2:15pm-3:00pm

Invited Talk: Hima Hlakkaraju - Bringing Order to Chaos: Probing the Disagreement Problem in Explainable AI

PST 5:00am-5:45am; IST 3:00pm-3:45pm

Invited Talk: Pin-Yu Chen - Reprogramming Foundation Models with Limited Resources - Live

PST 5:45am-6:30am; IST 3:45pm-4:30pm

Invited Talk: Ekin Dogus Cubuk - Adversarial examples of classifiers, physical systems, and beyond - Live

PST 6:30am-7:00am; IST 4:30pm-5:00pm

Invited Talk: Bolei Zhou - Benchmarking AI Safety of Autonomous Driving through Diverse Traffic Scenario Generation - Live

PST 7:00am-7:30am; IST 5:00pm-5:30pm

Invited Talk: Dan Hendrycks - Beyond the Lp Ball and Long Tails - Live

PST 7:30am-8:30am; IST 5:30pm-6:30pm

Best Paper Session - Live

AROW Workshop Best Papers

Physical Passive Patch Adversarial Attacks on Visual Odometry Systems [Paper] [Supp]
Yaniv Nemcovsky (Technion); Matan Jacoby (Technion); Alex Bronstein (Tel Aviv University, Israel); Chaim Baskin (Technion)*

FLIP: A Provable Defense Framework for Backdoor Mitigation in Federated Learning [Paper]
Kaiyuan Zhang (Purdue University)*; Guanhong Tao (Purdue University); Qiuling Xu (Purdue University); Siyuan Cheng (Purdue University); Shengwei An (Purdue University); Yingqi Liu (Purdue University); Shiwei Feng (Purdue University); Pin-Yu Chen (IBM Research); Shiqing Ma (Rutgers University); Xiangyu Zhang (Purdue University)

Best Papers

ALA: Adversarial Lightness Attack via Naturalness-aware Regularizations [Paper]
Liangru Sun (East China Normal University)*; Felix Juefei-Xu (Meta AI); Yihao Huang (East China Normal University); Qing Guo (Nanyang Technological University); Jiayi Zhu (East China Normal University); Jincao Feng (East China Normal University); Yang Liu (Nanyang Technology University, Singapore); Geguang Pu (East China Normal University)

Attacking Motion Estimation with Adversarial Snow [Paper] [Supp]
Jenny Schmalfuss (University of Stuttgart)*; Lukas Mehl (University of Stuttgart); Andrés Bruhn (University of Stuttgart)

BadDet: Backdoor Attacks on Object Detection [Paper]
Shih-Han Chan (University of California San Diego)*; Yinpeng Dong (Tsinghua University); Jun Zhu (Tsinghua University); Xiaolu Zhang (Ant Financial Services Group); Jun Zhou (Ant Financial)

• TransPatch: A Transformer-based Generator for Accelerating Transferable Patch Generation in Adversarial Attacks Against Object Detection Models [Paper]
  Jinghao Wang (nanyang technological university)*; Chenling Cui (Nanyang Technological University); XUEJUN WEN (Huawei International Pte Ltd); Jie Shi (Huawei International)
• Feature-level augmentation to improve robustness of deep neural networks to affine transformations [Paper]
  Adrian Sandru (SecurifAI); Mariana-Iuliana Georgescu (University of Bucharest); Radu Tudor Ionescu (University of Bucharest)*
• Benchmarking Robustness beyond $l_p$ Norm Adversaries [Paper]
  Akshay Agarwal (University at Buffalo)*; Nalini Ratha (SUNY Buffalo); Mayank Vatsa (IIT Jodhpur); Richa Singh (IIT Jodhpur)
• Masked Faces with Faced Masks [Paper]
  Jiayi Zhu (East China Normal University)*; Qing Guo (Nanyang Technological University); Felix Juefei-Xu (Meta AI); Yihao Huang (East China Normal University); Yang Liu (Nanyang Technology University, Singapore); Geguang Pu (East China Normal University)
• Adversarially Robust Panoptic Segmentation (ARPaS) Benchmark [Paper]
  Laura Daza (Universidad de los Andes)*; Jordi Pont-Tuset (Google); Pablo Arbelaez (Universidad de los Andes)
• BadDet: Backdoor Attacks on Object Detection [Paper]
  Shih-Han Chan (University of California San Diego)*; Yinpeng Dong (Tsinghua University); Jun Zhu (Tsinghua University); Xiaolu Zhang (Ant Financial Services Group); Jun Zhou (Ant Financial)
• Universal, Transferable Adversarial Perturbations for Visual Object Trackers [Paper]
  Krishna Kanth Nakka (EPFL)*; Mathieu Salzmann (EPFL)
• Fluctuation in video analytics - Why? Now what? [Paper] [Video]
  Sibendu Paul (Purdue University)*; Kunal Rao (NEC Labs); Giuseppe Coviello (NEC Labs); Murugan Sankaradas (NEC Labs); Oliver Po (NEC Labs); Y. Charlie Hu (Purdue University); Srimat Chakradhar (nec labs)
• SkeleVision: Towards Adversarial Resiliency of Person Tracking with Multi-Task Learning [Paper]
  Nilaksh Das (Georgia Institute of Technology); ShengYun Peng (Georgia Institute of Technology)*; Duen Horng Chau (Georgia Institute of Technology)
• Unrestricted Black-box Adversarial Attack Using GAN with Limited Queries [Paper]
  Dongbin Na (POSTECH)*; Sangwoo Ji (POSTECH); Jong Kim (POSTECH)
• Truth-Table Net: A New Convolutional Architecture Encodable By Design Into SAT Formulas [Paper]
  Adrien Benamira (Nanyang Technological University)*; Thomas Peyrin (NTU); Bryan Hooi (NUS)
• Attribution-Based Confidence Metric for Detection of Adversarial Attacks on Breast Histopathological Images [Paper]
  Steven Fernandes (Creighton University)*; Senka Krivic (University of Sarajevo); Poonam Sharma (Creighton University); Sumit K Jha (University of Texas at San Antonio)
• Improving Adversarial Robustness by Penalizing Natural Accuracy [Paper]
  Kshitij Chandna (New York University)*

• ALA: Adversarial Lightness Attack via Naturalness-aware Regularizations [Paper]
  Liangru Sun (East China Normal University)*; Felix Juefei-Xu (Meta AI); Yihao Huang (East China Normal University); Qing Guo (Nanyang Technological University); Jiayi Zhu (East China Normal University); Jincao Feng (East China Normal University); Yang Liu (Nanyang Technology University, Singapore); Geguang Pu (East China Normal University)
• Physical Passive Patch Adversarial Attacks on Visual Odometry Systems [Paper] [Supp]
  Yaniv Nemcovsky (Technion); Matan Jacoby (Technion); Alex Bronstein (Tel Aviv University, Israel); Chaim Baskin (Technion)*
• Scaling Adversarial Training to Large Perturbation Bounds [Paper] [Supp]
  Sravanti Addepalli (Indian Institute of Science)*; Samyak Jain (Indian Institute of Technology (BHU), Varanasi); Gaurang Sriramanan (University of Maryland, College Park); Venkatesh Babu RADHAKRISHNAN (Indian Institute of Science)
• Confidence-aware Training of Smoothed Classifiers for Certified Robustness [Paper] [Supp]
  Jongheon Jeong (KAIST)*; Seojin Kim (KAIST); Jinwoo Shin (KAIST)
• Task Agnostic and Post-hoc Unseen Distribution Detection [Paper]
  Radhika Dua (KAIST)*; Seongjun Yang (KAIST); Yixuan Li (University of Wisconsin-Madison); Edward Choi (KAIST)
• Empowering a Robust Model with Stable and Object-Aligned Explanations [Paper]
  Sowrya Gali (Indian Institute of Technology, Hyderabad)*; Anindya Sarkar (Washington University in St. Louis); Vineeth N Balasubramanian (Indian Institute of Technology, Hyderabad)
• Attacking Motion Estimation with Adversarial Snow [Paper] [Supp]
  Jenny Schmalfuss (University of Stuttgart)*; Lukas Mehl (University of Stuttgart); Andrés Bruhn (University of Stuttgart)
• Adversarial amplitude swap towards robust image classifiers [Paper]
  Chun Yang Tan (Chiba University)*; Kazuhiko Kawamoto (Chiba University); Hiroshi Kera (Chiba University)
• How and When Adversarial Robustness Improves in Knowledge Distillation? [Paper]
  Rulin Shao (Carmegie Mellon University); Jinfeng Yi (JD AI Research); Cho-Jui Hsieh (UCLA); Pin-Yu Chen (IBM Research)*
• Efficient Training Methods for Achieving Adversarial Robustness Against Sparse Attacks [Paper] [Supp]
  Sravanti Addepalli (Indian Institute of Science)*; Dhruv Behl (Indian Institute of Science); Gaurang Sriramanan (University of Maryland, College Park); Venkatesh Babu RADHAKRISHNAN (Indian Institute of Science)
• The Hidden Costs on Distributional Shifts when Fine-tuning Joint Text-Image Encoders and Redemptions [Paper] [Supp]
  Andrew Geng (IBM)*; Pin-Yu Chen (IBM Research)
• Adversarially Robust Few-shot Learning through Simple Transfer [Paper] [Supp]
  Akshayvarun Subramanya (UMBC)*; Hamed Pirsiavash (University of California Davis)
• BARReL: Bottleneck Attention for Adversarial Robustness in Vision-Based Reinforcement Learning [Paper]
  Eugene Bykovets (ETH Zürich)*; Yannick Metz (University of Konstanz); Mennatallah El-Assady (ETH AI Center ); Daniel Keim (Uni. Konstanz); Joachim Buhmann (ETH Zurich)
• FLIP: A Provable Defense Framework for Backdoor Mitigation in Federated Learning [Paper]
  Kaiyuan Zhang (Purdue University)*; Guanhong Tao (Purdue University); Qiuling Xu (Purdue University); Siyuan Cheng (Purdue University); Shengwei An (Purdue University); Yingqi Liu (Purdue University); Shiwei Feng (Purdue University); Pin-Yu Chen (IBM Research); Shiqing Ma (Rutgers University); Xiangyu Zhang (Purdue University)
• Be Your Own Neighborhood: Detecting Adversarial Example by the Neighborhood Relations Built on Self-Supervised Learning [Paper]
  Zhiyuan He (The Chinese University of Hong Kong)*; Yijun Yang (The Chinese University of Hong Kong); Pin-Yu Chen (IBM Research); Qiang Xu (The Chinese University of Hong Kong); Tsung-Yi Ho (The Chinese University of Hong Kong)
• Certified Defenses Against Near-Subspace Unrestricted Adversarial Attacks [Paper]
  Ambar Pal (Johns Hopkins University)*; Rene Vidal (Johns Hopkins University, USA)
• GREAT Score: Evaluating Global Adversarial Robustness using Generative Models [Paper]
  ZAITANG LI (CUHK)*; Pin-Yu Chen (IBM Research); Tsung-Yi Ho (The Chinese University of Hong Kong)