This paper evaluates the physical transfer of adversarial patches against aerial vehicle detectors, finding that while digitally optimized patches can be highly effective, their real-world robustness…

The paper proposes a unified, architecture-agnostic framework that significantly improves the robustness of deepfake image detectors against adversarial attacks by focusing on higher-order frequency s…

The paper proposes a novel Adversarial Attenuation Patch (AAP) method, which is a physically realizable and stealthy adversarial attack designed to degrade SAR target detection performance.

The paper introduces the Street-legal Physical Adversarial Rim (SPAR), a physically realizable and street-legal white-box attack that significantly degrades the accuracy of modern Automatic License Pl…

The paper introduces AdvScene, a novel scene-grounded framework that measures the real-world 'scene robustness' of adversarial patches by characterizing their operational envelope across varying viewp…

The paper proposes Attack-AAIRS, a novel framework that uses GAN-generated synthetic adversarial samples to enhance the robustness of skeleton-based person identification models against unseen attacks…

The paper proposes an on-device framework to detect and prevent the forwarding of images that have been physically recaptured (photographed) from a mobile screen, addressing the Screen Recaptured Anal…

ArmSSL is a novel watermarking framework that provides robust, black-box ownership verification for self-supervised learning encoders while maintaining high utility and resisting adversarial attacks.

This study longitudinally evaluates the adversarial robustness of Android malware detection systems over a decade, finding that temporal separation significantly degrades robustness due to concept dri…

The paper demonstrates that using synthetic hand images containing accessories, generated via inpainting, significantly improves the robustness of hand detectors for safety-critical applications by cl…

The paper introduces SORA, an adaptive adversarial training method that dynamically adjusts perturbation sizes to prevent Catastrophic Overfitting, achieving state-of-the-art robustness and clean accu…

The paper proposes AnaFP, a theoretically guided analytical fingerprinting scheme that determines the optimal distance of a model's fingerprint from the decision boundary to ensure both robustness and…

This paper analyzes existing watermarking schemes for autoregressive image generators and demonstrates that they are vulnerable to various removal and forgery attacks, suggesting they are unreliable f…

The paper introduces a sample-wise targeted adversarial attack that successfully misclassifies only specific, triggered inputs during test-time adaptation while maintaining the overall label distribut…

The paper proposes a simple, generic attack strategy—re-watermarking—that reliably suppresses existing watermarks, demonstrating that watermarks can be used to attack other watermarks.

The paper introduces a new adaptive jailbreak attack (JB-GCG) that successfully bypasses the state-of-the-art JBShield defense, and proposes a more robust defense (RTV) based on multi-layer representa…

IrisFP introduces a novel adversarial-example-based framework that generates composite-sample fingerprints near the intersection of multiple decision boundaries, significantly enhancing model ownershi…

The paper introduces Dummy-Aware Weighted Attack (DAWA), a novel evaluation method that significantly reduces the reported robustness of Dummy Classes-based defenses by simultaneously targeting both t…

The paper enhances the security of the PolyProtect biometric template protection method by proposing a key selection algorithm that significantly increases the difficulty of inverting protected face t…

DeepSignature proposes a novel, cryptographically verifiable watermarking system that uses deep neural networks to embed digital signatures into images, enabling robust source attribution and near 100…