🛡️ AI Safety¶
🎞️ ECCV2024 · 13 paper notes
📌 Same area in other venues: 📷 CVPR2026 (145) · 🔬 ICLR2026 (141) · 💬 ACL2026 (5) · 🧪 ICML2026 (114) · 🤖 AAAI2026 (45) · 🧠 NeurIPS2025 (73)
🔥 Top topics: Adversarial Robustness ×6 · Federated Learning ×3
- Any Target Can Be Offense: Adversarial Example Generation via Generalized Latent Infection
-
GAKer is proposed as the first targeted adversarial attack generator that generalizes to unseen target classes. By injecting target features (latent infection) into the intermediate layers of a UNet and employing a class-agnostic cosine distance loss instead of cross-entropy, it outperforms HGN on unseen classes by 14.13% in attack success rate.
- Bi-TTA: Bidirectional Test-Time Adapter for Remote Physiological Measurement
-
This paper proposes the Bi-TTA framework, which introduces Test-Time Adaptation to remote photoplethysmography (rPPG) tasks for the first time. By leveraging a spatiotemporal consistency self-supervised prior and a prospective-retrospective bidirectional adaptation strategy, the proposed method achieves model domain adaptation at test-time using only unlabeled single-instance data during inference.
- CLIP-Guided Generative Networks for Transferable Targeted Adversarial Attacks
-
This paper proposes CGNC, which leverages the CLIP text encoder to inject target-category semantic information into a conditional generative network. Combining cross-attention modules with masked fine-tuning, this method significantly improves the black-box transfer success rate of both multi-target and single-target directed adversarial attacks.
- Fisher Calibration for Backdoor-Robust Heterogeneous Federated Learning
-
This paper proposes Self-Driven Fisher Calibration (SDFC), which utilizes Fisher information to measure differences in parameter importance across different distributions. SDFC effectively distinguishes malicious backdoor clients and performs parameter calibration in heterogeneous federated learning scenarios, overcoming the limitations of existing defense methods that rely on data homogeneity and minority malicious node assumptions.
- Event Trojan: Asynchronous Event-based Backdoor Attacks
-
This paper proposes the Event Trojan framework, which, for the first time, designs backdoor attack methods specifically for asynchronous event data streams. It includes two modes, namely immutable triggers and mutable triggers, directly injecting malicious events at the event stream level to achieve stealthy and efficient backdoor attacks.
- Noise-Assisted Prompt Learning for Image Forgery Detection and Localization
-
This paper proposes CLIP-IFDL, a CLIP-based image forgery detection and localization model. By employing instance-aware dual-stream prompt learning and a forgery-enhanced noise adapter, it addresses CLIP's lack of domain-specific prompts and forgery sensitivity in forgery detection, successfully transferring CLIP's open-world generalization capability to the forgery detection task.
- One-stage Prompt-based Continual Learning
-
This paper proposes the OS-Prompt framework. By directly utilizing the token embeddings of ViT intermediate layers as prompt queries (rather than relying on an extra query ViT forward pass), it reduces the computational-cost of prompt-based continual learning by approximately 50%. It further compensates for the loss in representation capacity with a Query-Pool Regularization (QR) loss, outperforming CodaPrompt by about 1.4% on CIFAR-100, ImageNet-R, and DomainNet.
- Operational Open-Set Recognition and PostMax Refinement
-
This paper proposes OOSA (Operational Open-Set Accuracy), an evaluation metric for practical deployment scenarios, and PostMax, a post-processing algorithm. By normalizing the maximum class logit with deep feature magnitude and mapping it through a Generalized Pareto Distribution (GPD), logits are converted into reasonable probability estimates, achieving statistically significant SOTA performance in large-scale evaluations.
- Preventing Catastrophic Overfitting in Fast Adversarial Training: A Bi-level Optimization Perspective
-
Analyzes the causes of catastrophic overfitting in fast adversarial training from a bi-level optimization perspective, and proposes the FGSM-PCO method. By adaptively fusing historical and current adversarial examples along with custom regularization loss, it effectively prevents and corrects the collapse of inner optimization.
- Resilience of Entropy Model in Distributed Neural Networks
-
This paper presents the first systematic study on the robustness of entropy coding models in distributed DNNs under both intentional interference (adversarial attacks) and unintentional interference (weather changes, motion blur, etc.). It reveals that the compression features learned by the entropy model are distinct from classification features, and proposes an object-aware total variation denoising defense method. This approach reduces post-attack transmission overhead to below clean data levels, with an accuracy drop of only around 2%.
- SkyMask: Attack-Agnostic Robust Federated Learning with Fine-Grained Learnable Masks
-
This paper proposes SkyMask, which utilizes parameter-level learnable binary masks at the server side to detect malicious client model updates, achieving attack-agnostic robust federated learning that remains resilient even when up to 80% of clients are malicious.
- Towards Multi-modal Transformers in Federated Learning
-
The FedCola framework is proposed, which utilizes complementary local training and collaborative aggregation to realize cross-modal knowledge transfer for multi-modal Transformers in federated learning, effectively bridging the gap between uni-modal and multi-modal clients without requiring public data.
- Unveiling Privacy Risks in Stochastic Neural Networks Training: Effective Image Reconstruction from Gradients
-
This paper unveils that Stochastic Neural Networks (SNNs) in federated learning remain vulnerable to gradient inversion attacks. It proposes the ISG method, which reconstructs training data by formulating the stochastic training process of SNNs as an equivalent variant of traditional NN training, and introduces a feature constraint strategy to improve reconstruction fidelity.