The 4th Workshop of Adversarial Machine Learning on Computer Vision: Robustness of Foundation Models


The IEEE/CVF Conference on Computer Vision and Pattern Recognition. Jun 17-21, 2024. Seatle WA, USA



Overview

Artificial intelligence (AI) has entered a new era with the emergence of foundation models (FMs). These models demonstrate powerful generative capabilities by leveraging extensive model parameters and training data, which have become a dominant force in computer vision, revolutionizing a wide range of applications. Alongside their potential benefits, the increasing reliance on FMs has also exposed their vulnerabilities to adversarial attacks. These malicious attacks involve applying imperceptible perturbations to input images or prompts, which can cause the models to misclassify the objects or generate adversary-intended outputs. Such vulnerabilities pose significant risks in safety-critical applications, such as autonomous vehicles and medical diagnosis, where incorrect predictions can have dire consequences. By studying and addressing the robustness challenges associated with FMs, we could enable practitioners to better construct robust, reliable FMs across various domains.

The workshop will bring together researchers and practitioners from the computer vision and machine learning communities to explore the latest advances and challenges in adversarial machine learning, with a focus on the robustness of foundation models. The program will consist of invited talks by leading experts in the field, as well as contributed talks and poster sessions featuring the latest research. In addition, the workshop will also organize a challenge on adversarial attacking foundation models.

We believe this workshop will provide a unique opportunity for researchers and practitioners to exchange ideas, share latest developments, and collaborate on addressing the challenges associated with the robustness and security of foundation models. We expect that the workshop will generate insights and discussions that will help advance the field of adversarial machine learning and contribute to the development of more secure and robust foundation models for computer vision applications.


Tentative Important Dates

Proposed Speakers
Bo
Li

University of Chicago

Tom
Goldstein


University of Maryland
Ludwig
Schmidt

University of Washington
Chaowei
Xiao

University of Wisconsin, Madison


Florian
Tramer

ETH Zurich
Alex
Beutel

OpenAI
Zico
Kolter

Carnegie Mellon University
Neil
Gong

Duke University

Organizers
Aishan
Liu

Beihang
University
Jiakai
Wang

Zhongguancun
Laboratory
Mo
Zhou

Johns Hopkins
University
Qing
Guo

A*STAR
Xiaoning
Du

Monash
University
Xinyun
Chen

Google Brain
Felix
Juefei-Xu

AI at Meta
Xianglong
Liu

Beihang
University
VishalM
M. Patel

Johns Hopkins University
Dawn
Song

UC Berkeley
Alan
Yuille

Johns Hopkins
University
Philip
H.S. Torr

Oxford
University
Dacheng
Tao

The University of Sydney

Call for Papers

Artificial intelligence (AI) has entered a new era with the emergence of foundation models (FMs). Alongside their potential benefits, the increasing reliance on FMs has also exposed their vulnerabilities to adversarial attacks. The workshop will bring together researchers and practitioners from the computer vision and machine learning communities to explore the latest advances and challenges in adversarial machine learning, with a focus on the robustness of foundation models. We welcome research contributions related to the following (but not limited to) topics:
  • Robustness of foundation models
  • Adversarial attacks on computer vision tasks
  • Improving the robustness of deep learning systems
  • Interpreting and understanding model robustness, especially foundation models
  • Adversarial attacks for social good
  • Dataset and benchmark that could evaluate foundation model robustness
Format: Submissions papers (.pdf format) must use the CVPR 2024 Author Kit for LaTeX/Word Zip file and be anonymized and follow CVPR 2024 author instructions. The workshop considers two types of submissions: (1) Long Paper: Papers are limited to 8 pages excluding references; (2) Extended Abstract: Papers are limited to 4 pages including references.

Submission Site: https://cmt3.research.microsoft.com/CVPRAdvML2024
Submission Due: March 15, 2024, Anywhere on Earth (AoE)


Accepted Long Paper

  • Large Language Models in Wargaming: Methodology, Application, and Robustness [Paper]
    Yuwei Chen (Aviation Industry Development Research Center of China)*; Shiyong Chu (Aviation Industry Development Research Center of China)
  • Enhancing Targeted Attack Transferability via Diversified Weight Pruning [Paper]
    Hung-Jui Wang (National Taiwan University)*; Yu-Yu Wu (National Taiwan University); Shang-Tse Chen (National Taiwan University)
  • Enhancing the Transferability of Adversarial Attacks with Stealth Preservation [Paper]
    Xinwei Zhang (Beihang University); Tianyuan Zhang (Beihang University); Yitong Zhang (Beihang University); Shuangcheng Liu (Beihang University)*
  • Adversarial Attacks on Foundational Vision Models
    Nathan Inkawhich (Air Force Research Laboratory)*; Ryan S Luley (Air Force Research Laboratory); Gwendolyn N McDonald (AFRL)
  • Benchmarking Robustness in Neural Radiance Fields
    Chen Wang (University of Pennsylvania)*; Angtian Wang (Johns Hopkins University); Junbo Li (UC Santa Cruz); Alan Yuille (Johns Hopkins University); Cihang Xie ( University of California, Santa Cruz)
  • Sharpness-Aware Optimization for Real-World Adversarial Attacks for Diverse Compute Platforms with Enhanced Transferability [Paper]
    Muchao Ye (The Pennsylvania State University); Xiang Xu (Amazon)*; Qin Zhang (Amazon.com); Jonathan Wu (Amazon)
  • Benchmarking Zero-Shot Robustness of Multimodal Foundation Models: A Pilot Study [Paper]
    Chenguang Wang (Washington University)*; Ruoxi Jia (Virginia Tech); Xin Liu (University of California); Dawn Song (UC Berkeley)
  • Red-Teaming Segment Anything Model [Paper]
    Krzysztof Jankowski (University of Warsaw)*; Bartłomiej Jan Sobieski (Warsaw University of Technology); Mateusz Kwiatkowski (MI2.AI, University of Warsaw); Jakub Szulc (University of Warsaw); Michał Janik (University of Warsaw); Hubert Baniecki (University of Warsaw); Przemyslaw Biecek (Warsaw University of Technology)
  • Learning to Schedule Resistant to Adversarial Attacks in Diffusion Probabilistic Models Under the Threat of Lipschitz Singularities [Paper]
    SangHwa Hong (SeoulTech)*
  • Multimodal Attack Detection for Action Recognition Models [Paper]
    Furkan Mumcu (University of South Florida)*; Yasin Yilmaz (University of South Florida)

Accepted Extended Abstract

  • Attack End-to-End Autonomous Driving through Module-Wise Noise [Paper]
    Lu Wang (Beihang University); Tianyuan Zhang (Beihang University)*; Yikai Han (Beijing University of Aeronautics and Astronautics); Muyang Fang (Beihang University); Ting Jin (Beihang University); 家麒 康 (Beihang University)
  • Scaling Vision-Language Models Does Not Improve Relational Understanding: The Right Learning Objective Helps [Paper]
    Haider Al-Tahan (Meta - FAIR)*; Quentin Garrido (Meta - FAIR); Randall Balestriero (Facebook AI Research); Diane Bouchacourt (Facebook AI); Caner Hazirbas (Meta AI); Mark Ibrahim (Capital One Center for Machine Learning)
  • ResampleTrack: Online Resampling for Adversarially Robust Visual Tracking
    Xuhong Ren (School of Computer Science and Engineering, Tianjin University of Technology); Jianlang Chen (Kyushu University); Yue Cao (Nanyang Technological University); Wanli Xue (Tianjin University of Technology)*; Qing Guo (A*STAR); Lei Ma (The University of Tokyo / University of Alberta); Jianjun Zhao (Kyushu University); Chen Shengyong (Zhejiang University of technology;Tianjin University of Technology)
  • Unlearning Backdoor Threats: Enhancing Backdoor Defense in Multimodal Contrastive Learning via Local Token Unlearning [Paper]
    Siyuan Liang (Department of Computer Science, National University of Singapore)*; kuanrong liu (Sun Yat-San University); Jiajun Gong (School of Computing, National University of Singapore); Jiawei Liang (SUN YAT-SEN UNIVERSITY); Yuan Xun (Institute of Information Engineering, Chinese Academy of Sciences); Ee-Chien Chang (NUS); Xiaochun Cao (Sun Yat-sen University)

Challenge

This workshop will organize a competition of adversarial attacks on the black-box multimodal foundation models (i.e., vision language models, VLMs). The detailed instructions will be specified later.

Challenge Chair
Jiakai
Wang

Zhongguancun
Laboratory
Zonglei
Jing

Beihang
University
Hainan
Li

Institute
of Dataspace
Zhenfei
Yin

Shanghai AI Laboratory & The University of Sydney

Haotong
Qin

ETH
Zurich
Jing
Shao

Shanghai AI
Laboratory
Xianglong
Liu

Beihang
University
Shengshan
Hu

Huazhong University of Science and Technology
Long
Zheng

Huazhong University of Science and Technology
Yanjun
Pu

Zhongguancun
Laboratory
Yue
Yu

OpenI

Sponsors

logo-img
logo-img

logo-img


Program Committee
Yisong
Xiao

Beihang
University
Jin
Hu

Beihang
University
Tianyuan
Zhang

Beihang
University
Siyang
Wu

Beihang
University
  • Tianlin Li (NTU)
  • Xinwei Liu (IIE, CAS)
  • Kui Zhang (USTC)
  • Linghui Zhu (Tsinghua University)
  • Jingzhi Li (IIE, CAS)
  • Bangyan He (IIE, CAS)
  • Yikun Xu (IIE, CAS)
  • Yulong Cao (University of Michigan)
  • Zhipeng Wei (Fudan University)
  • Xinwei Zhang (Beihang University)
  • Jiangfan Liu (Beihang University)
  • Haojie Hao (Beihang University)
  • Akshayvarun Subramanya (UMBC)
  • Chirag Agarwal (Harvard University)
  • Jieru Mei (Johns Hopkins University)
  • Jun Guo (Beihang University)
  • Kibok Lee (University of Michigan)
  • Lifeng Huang (SunYat-sen university)
  • Maura Pintor (University of Cagliari)
  • Ruihao Gong (SenseTime)
  • Jiachen Sun (University of Michigan)
  • Lu Wang (Beihang University)
  • Zihao Xiao (Johns Hopkins University)
  • Siqi Wang (Boston University)