Zhitao Gong scite author profile

Despite excellent performance on stationary test sets, deep neural networks (DNNs) can fail to generalize to out-of-distribution (OoD) inputs, including natural, nonadversarial ones, which are common in real-world settings. In this paper, we present a framework for discovering DNN failures that harnesses 3D renderers and 3D models. That is, we estimate the parameters of a 3D renderer that cause a target DNN to misbehave in response to the rendered image. Using our framework and a self-assembled dataset of 3D objects, we investigate the vulnerability of DNNs to OoD poses of well-known objects in ImageNet. For objects that are readily recognized by DNNs in their canonical poses, DNNs incorrectly classify 97% of their pose space. In addition, DNNs are highly sensitive to slight pose perturbations. Importantly, adversarial poses transfer across models and datasets. We find that 99.9% and 99.4% of the poses misclassified by Inception-v3 also transfer to the AlexNet and ResNet-50 image classifiers trained on the same ImageNet dataset, respectively, and 75.5% transfer to the YOLOv3 object detector trained on MS COCO.

show abstract

Adversarial Texts with Gradient Methods

Gong¹,

Wang²,

Li³

et al. 2018

Preprint

View full text Add to dashboard Cite

On Location Privacy in Fingerprinting-based Indoor Positioning System

Wang

Gong

Zhang

et al. 2019

View full text Add to dashboard Cite

Due to the inadequacy of GPS signals in indoor spaces, Indoor Positioning Services (IPSs) have drawn great attention. The popular smartphone localization technique relies on a centralized server to achieve localization, allowing the server to acquire a user's location in fine granularity. To ensure the privacy of IPS users, we propose an Encrypted Indoor Positioning Service (EIPS) model that protects users' privacy from the centralized server and maintains localization accuracy simultaneously. Our EIPS model enables users to encrypt and decrypt their query through an Encryption and Decryption Server (EDS) bi-directionally in a commutative way, so the users' locations remain private to both EIPS and EDS. We also propose Query Split, Artificial Dimensions and Columns to prevent Known Plaintext Attack (KPA). Our analytical and experimental evaluations show that our model is resilient to a variety of privacy attacks without loss of efficiency and accuracy. CCS CONCEPTS• Information systems → Location based services; • Security and privacy → Management and querying of encrypted data.

show abstract

Adversarial and Clean Data Are Not Twins

Gong¹,

Wang²,

Ku³

2023

View full text Add to dashboard Cite

Adversarial Algorithms In Tensorflow

Gong¹

2017

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Zhitao Gong

Strike (With) a Pose: Neural Networks Are Easily Fooled by Strange Poses of Familiar Objects

Adversarial Texts with Gradient Methods

On Location Privacy in Fingerprinting-based Indoor Positioning System

Adversarial and Clean Data Are Not Twins

Adversarial Algorithms In Tensorflow

Contact Info

Product

Resources

About