Demystifying Adversarial Patch Attacks and Defenses in the Physical World

-

B9 R2325

In this talk, I will introduce a series of adversarial patch attacks in face recognition systems and autonomous driving cars, and present our recent studies in developing a zero-shot and patch-agnostic defense framework.

Adversarial patch attacks have become one of the most ubiquitous and urgent threats to state-of-the-art computer vision systems that are widely deployed in real-world platforms, such as critical surveillance cameras and autonomous vehicles. Specifically, these attacks are launched by embedding adversarial perturbations into small and purposely located patches, allowing the adversary to directly disrupt or mislead model predictions in digital and physical environments, such as hiding and altering target objects to evade vision-based detection systems.

In this talk, I will reveal the prior knowledge in adversarial patches by characterizing the causality, generation, and effectiveness, and illustrate the perturbations through modelling and visualization. Specifically, I will introduce a series of adversarial patch attacks in face recognition systems and autonomous driving cars that adopt diverse mechanisms to generate the patches and successfully spoof various systems in real-world scenarios. Then, I will present our recent studies in developing a zero-shot and patch-agnostic defense framework that can detect, localize, and purify adversarial patches and restore original images while outperforming existing defense solutions.

Presenters

Brief Biography

Ni is an assistant professor of Computer Science in the Computer, Electrical and Mathematical Sciences and Engineering Division at KAUST. His research spans computer systems security, machine learning systems security, embodied AI security, and low-power mobile computing.

Before joining KAUST, Ni was a postdoctoral researcher at the City University of Hong Kong (CityUHK), working under the supervision of Professor Cong Wang. He earned his Ph.D. in Computer Science from CityUHK in 2024, a Master of Computing from the Australian National University in 2020, and a Bachelor of Engineering in electrical engineering from Shanghai Jiao Tong University in 2018.

Ni's dissertation research received the CityUHK's Outstanding Research Thesis Award. His work won the Springer Cybersecurity Best Practical Paper Award in 2024, and he was also recognized as a rising star at the 22nd ACM International Conference on Mobile Systems, Applications and Services.

Related People

Related Researchers