-
Notifications
You must be signed in to change notification settings - Fork 2
/
geotrap.html
196 lines (183 loc) · 9.72 KB
/
geotrap.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
<!DOCTYPE html>
<html>
<head lang="en">
<meta charset="UTF-8">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<title>GEO-TRAP</title>
<meta name="description" content="">
<meta name="viewport" content="width=device-width, initial-scale=1">
<!-- <base href="/"> -->
<link rel="apple-touch-icon" href="apple-touch-icon.png">
<!-- Place favicon.ico in the root directory -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.8.0/codemirror.min.css">
<link rel="stylesheet" href="css/app.css">
<link rel="stylesheet" type="text/css" href="//fonts.googleapis.com/css?family=Didact+Gothic" />
<link rel="stylesheet" href="css/bootstrap.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.8.0/codemirror.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.5.3/clipboard.min.js"></script>
<script src="js/app.js"></script>
</head>
<body font-family: 'Didact Gothic'>
<div class="container">
<div class="row">
<h1 class="col-md-12 text-center" font-family: 'Didact Gothic'>
Adversarial Attacks on Black Box Video Classifiers: Leveraging the Power of Geometric Transformations</br>
<small>
NeurIPS 2021
</small>
</h1>
</div>
<div class="row">
<div class="col-md-12 text-center">
<ul class="list-inline">
<li>
<a href="https://www.linkedin.com/in/shasha-li-538b72102/">
Shasha Li*
</a>
</br>UC Riverside
</li>
<li>
<a href="https://abhishekaich27.github.io/">
Abhishek Aich*
</a>
</br>UC Riverside
</li>
<li>
<a href="https://www.shitong.me/">
Shitong Zhu
</a>
</br>UC Riverside
</li>
<li>
<a href="https://intra.ece.ucr.edu/~sasif/">
M. Salman Asif
</a>
</br>UC Riverside
</li>
<li>
<a href="https://www.cs.ucr.edu/~csong/">
Chengyu Song
</a>
</br>UC Riverside
</li>
<li>
<a href="https://vcg.engr.ucr.edu/people/amit-roy-chowdhury">
Amit K. Roy-Chowdhury
</a>
</br>UC Riverside
</li>
<li>
<a href="https://www.cs.ucr.edu/~krish/">
Srikanth V. Krishnamurthy
</a>
</br>UC Riverside
</li>
</ul>
<ul>
(* joint first authors)
</ul>
</div>
</div>
<!-- <div class="row" id="header_img"> -->
<!-- <figure class="col-md-8 col-md-offset-2"> -->
<!-- <image src="img/teaser.png" class="img-responsive" alt="overview"> -->
<!-- <figcaption> -->
<!-- </figcaption> -->
<!-- </figure> -->
<!-- </div> -->
<div class="row" align="middle">
<figure class="col-md-6 col-md-offset-3" align="middle">
<image src="data/Project_pages/NeurIPS_2021/teaser.png" class="img-responsive" alt="overview">
<figcaption>
<b>Figure:</b> Proposed adversarial attack strategy on video classifiers
</figcaption>
</figure>
</div>
<div class="row">
<div class="col-md-8 col-md-offset-2">
<h3>
Abstract
</h3>
<p class="text-justify" font-family: 'Didact Gothic'>
When compared to the image classification models, black-box adversarial attacks against video classification models have been largely understudied. This could be possible because, with video, the temporal dimension poses significant additional challenges in gradient estimation. Query-efficient black-box attacks rely on effectively estimated gradients towards maximizing the probability of misclassifying the target video. In this work, we demonstrate that such effective gradients can be searched for by parameterizing the temporal structure of the search space with geometric transformations. Specifically, we design a novel iterative algorithm Geometric TRAnsformed Perturbations (GEO-TRAP), for attacking video classification models. GEO-TRAP employs standard geometric transformation operations to reduce the search space for effective gradients by searching for a small group of parameters that define these operations. This group of parameters describes the geometric progression of gradients, resulting in a reduced and structured search space. Our algorithm inherently leads to successful perturbations with surprisingly few queries. For example, adversarial examples generated from GEO-TRAP have better attack success rates with ~73.55% fewer queries compared to the state-of-the-art method for video adversarial attacks on the widely used Jester dataset. Overall, our algorithm exposes vulnerabilities of diverse video classification models and achieves new state-of-the-art results under black-box settings on two large datasets.
</p>
</div>
</div>
<div class="row">
<div class="col-md-8 col-md-offset-2">
<h3>
<!-- <h3 class="text-center"> -->
Downloads
</h3>
<div class="col-md-0 col-md-offset-0 text-center">
<ul class="nav nav-pills nav-justified">
<li>
<a href="https://arxiv.org/pdf/2110.01823.pdf">
<center>
<img align="middle" height="200px"width=130px class="thumbnail" src="data/Project_pages/NeurIPS_2021/paper_neurips2021_icon.png">
Paper
</center>
</a>
</li>
<li>
<a href="data/Project_pages/NeurIPS_2021/NeurIPS_2021_GEOTRAP_slides.pdf">
<center>
<img align="middle" width=250px class="thumbnail" src="data/Project_pages/NeurIPS_2021/slide_neurips2021_icon.png">
Slides
</center>
</a>
</li>
<li>
<a href="https://github.com/sli057/Geo-TRAP">
<center>
<img align="middle" height="200px"width=200px class="thumbnail" src="data/Project_pages/NeurIPS_2021/code_neurips2021_icon.png">
Code
</center>
</a>
</li>
</ul>
</div>
</div>
</div>
<div class="row">
<div class="col-md-8 col-md-offset-2">
<h3>
BibTeX
</h3>
<p class="text-justify">
<font face="Courier New">
@InProceedings{li2021adversarial, </br>
title={Adversarial Attacks on Black Box Video Classifiers: Leveraging the Power of Geometric Transformations}, </br>
author={Li, Shasha and Aich, Abhishek and Zhu, Shitong and Asif, Salman and Song, Chengyu and Roy-Chowdhury, Amit and Krishnamurthy, Srikanth}, </br>
booktitle = {Thirty-Fifth Conference on Neural Information Processing Systems},</br>
year={2021} </br>
}</font>
</p>
</div>
</div>
<div class="row">
<div class="col-md-8 col-md-offset-2">
<h3 font-family: 'Didact Gothic'>
Acknowledgements
</h3>
<p class="text-justify" font-family: 'Didact Gothic'>
The authors would like to thank Dr. Cliff Wang of US Army Research Office for his extensive comments and input on this work. This material is based upon work supported by the Defense Advanced Research Projects Agency (DARPA) under Agreement No. HR00112090096. Approved for public release; distribution is unlimited.
</p>
</div>
</div>
<div class="row">
<div class="col-md-8 col-md-offset-2">
<p class="text-justify" font-family: 'Didact Gothic'>
<center style="font-size:10px"><b>Credits:</b> Template of this webpage from <a href="http://www.mgharbi.com/">
here.
</a></center>
</p>
</div>
</div>
</div>
</body>
</html>