| _ | attack | _ |
|---|
| 360- | attack | : Distortion-Aware Perturbations from Perspective-Views |
| 3D face mask presentation | attack | detection based on intrinsic image analysis |
| 3D Facial Geometric Attributes Based Anti-Spoofing Approach against Mask | attack | s |
| 3D High-Fidelity Mask Face Presentation | attack | Detection Challenge |
| 3D mask presentation | attack | detection via high resolution face parts |
| 3D model watermarking algorithm robust to geometric | attack | s |
| 3DHacker: Spectrum-based Decision Boundary Generation for Hard-label 3D Point Cloud | attack | |
| A3C-Based Intelligent Event-Triggering Control of Networked Nonlinear Unmanned Marine Vehicles Subject to Hybrid | attack | s |
| Accuracy-Perturbation Curves for Evaluation of Adversarial | attack | and Defence Methods |
| Adaptive Cross-Modal Transferable Adversarial | attack | s From Images to Videos |
| Adaptive Image Transformations for Transfer-Based Adversarial | attack | |
| Adaptive iterative | attack | towards explainable adversarial robustness |
| Adaptive local adversarial | attack | s on 3D point clouds |
| Adaptive Model Ensemble Adversarial | attack | for Boosting Adversarial Transferability, An |
| Adaptive momentum variance for attention-guided sparse adversarial | attack | s |
| Adaptive radial basis function sliding mode control for platoons under DoS | attack | s |
| Adaptive Warping Network for Transferable Adversarial | attack | s |
| ADC: Adversarial | attack | s against object Detection that evade Context consistency checks |
| Admix: Enhancing the Transferability of Adversarial | attack | s |
| AdvCapsNet: To defense adversarial | attack | s based on Capsule networks |
| AdvDO: Realistic Adversarial | attack | s for Trajectory Prediction |
| AdvDrop: Adversarial | attack | to DNNs by Dropping Information |
| Adversarial | attack | Against Deep Saliency Models Powered by Non-Redundant Priors |
| Adversarial | attack | and Defense on Deep Learning for Air Transportation Communication Jamming |
| Adversarial | attack | for SAR Target Recognition Based on UNet-Generative Adversarial Network |
| Adversarial | attack | on Deep Cross-Modal Hamming Retrieval |
| Adversarial | attack | on Deep Learning-Based Splice Localization |
| Adversarial | attack | on Fake-Faces Detectors Under White and Black Box Scenarios |
| Adversarial | attack | on Semantic Segmentation Preprocessed with Super Resolution |
| Adversarial | attack | Type I: Cheat Classifiers by Significant Changes |
| Adversarial | attack | s |
| Adversarial | attack | s Against Uncertainty Quantification |
| Adversarial | attack | s and Defenses in Deep Learning: From a Perspective of Cybersecurity |
| Adversarial | attack | s and Defenses in Image Classification: A Practical Perspective |
| Adversarial | attack | s are Reversible with Natural Supervision |
| Adversarial | attack | s Beyond the Image Space |
| Adversarial | attack | s in Underwater Acoustic Target Recognition with Deep Learning Models |
| Adversarial | attack | s on Deep Learning-Based DOA Estimation With Covariance Input |
| Adversarial | attack | s on Deepfake Detectors: A Practical Analysis |
| Adversarial | attack | s on Kinship Verification using Transformer |
| Adversarial | attack | s On Multi-Agent Communication |
| Adversarial | attack | s through architectures and spectra in face recognition |
| Adversarial Camouflage: Hiding Physical-World | attack | s With Natural Styles |
| Adversarial color projection: A projector-based physical-world | attack | to DNNs |
| Adversarial Defense via Learning to Generate Diverse | attack | s |
| Adversarial Eigen | attack | on BlackBox Models |
| Adversarial examples for replay | attack | s against CNN-based face recognition with anti-spoofing capability |
| Adversarial Label Poisoning | attack | on Graph Neural Networks via Label Propagation |
| Adversarial Label-Poisoning | attack | s and Defense for General Multi-Class Models Based on Synthetic Reduced Nearest Neighbor |
| Adversarial Laser Beam: Effective Physical-World | attack | to DNNs in a Blink |
| Adversarial Learning Targeting Deep Neural Network Classification: A Comprehensive Review of Defenses Against | attack | s |
| Adversarial Light Projection | attack | s on Face Recognition Systems: A Feasibility Study |
| Adversarial Machine Learning | attack | s Against Video Anomaly Detection Systems |
| Adversarial Machine Learning: | attack | s From Laboratories to the Real World |
| Adversarial Metric | attack | and Defense for Person Re-Identification |
| Adversarial mimicry | attack | s against image splicing forensics: An approach for jointly hiding manipulations and creating false detections |
| Adversarial Neon Beam: A light-based physical | attack | to DNNs |
| Adversarial Noise | attack | s of Deep Learning Architectures: Stability Analysis via Sparse-Modeled Signals |
| Adversarial pan-sharpening | attack | s for object detection in remote sensing |
| Adversarial Patch | attack | on Multi-Scale Object Detection for UAV Remote Sensing Images |
| Adversarial Ranking | attack | and Defense |
| Adversarial Sample | attack | and Defense Method for Encrypted Traffic Data |
| Adversarial scratches: Deployable | attack | s to CNN classifiers |
| Adversarial Sticker: A Stealthy | attack | Method in the Physical World |
| AdvHat: Real-World Adversarial | attack | on ArcFace Face ID System |
| AdvMask: A sparse adversarial | attack | -based data augmentation method for image classification |
| advPattern: Physical-World | attack | s on Deep Person Re-Identification via Adversarially Transformable Patterns |
| AGKD-BML: Defense Against Adversarial | attack | by Attention Guided Knowledge Distillation and Bi-directional Metric Learning |
| Aha! Adaptive History-driven | attack | for Decision-based Black-box Models |
| AI-Based Compression: A New Unintended Counter | attack | on JPEG-Related Image Forensic Detectors? |
| AI-GAN: | attack | -Inspired Generation of Adversarial Examples |
| Algorithmic Fairness in Face Morphing | attack | Detection |
| All You Need Is RAW: Defending Against Adversarial | attack | s with Camera Image Pipelines |
| Alpha-Wolves and Alpha-mammals: Exploring Dictionary | attack | s on Iris Recognition Systems |
| Analysis of Master Vein | attack | s on Finger Vein Recognition Systems |
| Analysis of Nonlinear Collusion | attack | s on Fingerprinting Systems for Compressed Multimedia |
| Analysis of the resistance of the Spread Transform against Temporal Frame Averaging | attack | |
| Analysis of the synthetic periocular iris images for robust Presentation | attack | s Detection algorithms |
| Analysis of user-specific score characteristics for spoof biometric | attack | s |
| Anomaly Detection Against GPS Spoofing | attack | s on Connected and Autonomous Vehicles Using Learning From Demonstration |
| AoI Optimization in the UAV-Aided Traffic Monitoring Network Under | attack | : A Stackelberg Game Viewpoint |
| Appearance and Structure Aware Robust Deep Visual Graph Matching: | attack | , Defense and Beyond |
| Appending Adversarial Frames for Universal Video | attack | |
| Apricot: A Dataset of Physical Adversarial | attack | s on Object Detection |
| ART: An | attack | -Resistant Trust Management Scheme for Securing Vehicular Ad Hoc Networks |
| ASePPI: Robust Privacy Protection Against De-Anonymization | attack | s |
| Ask, Acquire, and | attack | : Data-Free UAP Generation Using Class Impressions |
| Assessing the Threat of Adversarial Examples on Deep Neural Networks for Remote Sensing Scene Classification: | attack | s and Defenses |
| Asymmetric Modality Translation for Face Presentation | attack | Detection |
| attack | Against Image-Based Selective Bitplane Encryption, An |
| attack | Agnostic Adversarial Defense via Visual Imperceptible Bound |
| attack | Agnostic Detection of Adversarial Examples via Random Subspace Analysis |
| attack | Agnostic Statistical Method for Adversarial Detection |
| attack | Analysis for He and Wu's Joint Watermarking/Fingerprinting Scheme |
| attack | as the Best Defense: Nullifying Image-to-image Translation GANs via Limit-aware Adversarial Attack |
| attack | as the Best Defense: Nullifying Image-to-image Translation GANs via Limit-aware Adversarial Attack |
| attack | Characterization for Effective Watermarking |
| attack | invariant scheme for content-based video copy detection, An |
| attack | LSB Matching Steganography by Counting Alteration Rate of the Number of Neighbourhood Gray Levels |
| attack | Modeling Methodology and Taxonomy for Intelligent Transportation Systems |
| attack | Modelling: Towards a Second Generation Watermarking Benchmark |
| attack | on JPEG2000 Steganography Using LRCA |
| attack | on Watermarking Method Based on Significant Difference of Wavelet Coefficient Quantization |
| attack | Operators for Digitally Watermarked Images |
| attack | to BPCS-steganography using complexity histogram and countermeasure, An |
| attack | to Explain Deep Representation |
| attack | to Fool and Explain Deep Networks |
| attack | -agnostic Adversarial Detection on Medical Data Using Explainable Machine Learning |
| attack | -Agnostic Deep Face Anti-Spoofing |
| attack | -Guided Perceptual Data Generation for Real-world Re-Identification |
| attack | -invariant attention feature for adversarial defense in hyperspectral image classification |
| attack | s against AODV Routing Protocol in Mobile Ad-Hoc Networks |
| Attention-Enhanced One-Shot | attack | against Single Object Tracking for Unmanned Aerial Vehicle Remote Sensing Images |
| Attention-guided evolutionary | attack | with elastic-net regularization on face recognition |
| Attribution-based Confidence Metric for Detection of Adversarial | attack | s on Breast Histopathological Images |
| Augmented Lagrangian Adversarial | attack | s |
| Authentication Of Copy Detection Patterns Under Machine Learning | attack | s: A Supervised Approach |
| AutoMA: Towards Automatic Model Augmentation for Transferable Adversarial | attack | s |
| Automatic Detection of Injection | attack | s by Machine Learning in NoSQL Databases |
| Average Gradient-Based Adversarial | attack | |
| Avoiding replay- | attack | s in a face recognition system using head-pose estimation |
| Backdoor | attack | against 3D Point Cloud Classifiers, A |
| Backdoor | attack | s |
| Backdoor | attack | s Against Deep Image Compression via Adaptive Frequency Trigger |
| Backdoor | attack | s Against Deep Learning Systems in the Physical World |
| Backdoor | attack | s against Deep Neural Networks by Personalized Audio Steganography |
| Backdoor | attack | s on Self-Supervised Learning |
| Backdoor | attack | s, Robustness |
| BadCM: Invisible Backdoor | attack | Against Cross-Modal Learning |
| Baddet: Backdoor | attack | s on Object Detection |
| Bandits for Structure Perturbation-based Black-box | attack | s to Graph Neural Networks with Theoretical Guarantees |
| BASAR:Black-box | attack | on Skeletal Action Recognition |
| Bayesian Hill-Climbing | attack | and Its Application to Signature Verification |
| Beating Backdoor | attack | at Its Own Game |
| Best Defense is a Good Offense: Adversarial Augmentation Against Adversarial | attack | s, The |
| BHAC-MRI: Backdoor and Hybrid | attack | s on MRI Brain Tumor Classification Using CNN |
| Bias-based Universal Adversarial Patch | attack | for Automatic Check-out |
| Bilateral Adversarial Training: Towards Fast Training of More Robust Models Against Adversarial | attack | s |
| Biometric presentation | attack | s: Handcrafted features versus deep learning approaches |
| Biometrics Systems Under Spoofing | attack | : An evaluation methodology and lessons learned |
| Bit-Flip | attack | : Crushing Neural Network With Progressive Bit Search |
| Black-box Adversarial | attack | against Visual Interpreters for Deep Neural Networks |
| black-box adversarial | attack | for poisoning clustering, A |
| black-box adversarial | attack | strategy with adjustable sparsity and generalizability for deep image classifiers, A |
| Black-box | attack | against handwritten signature verification with region-restricted adversarial perturbations |
| Black-Box | attack | s on Image Activity Prediction and its Natural Language Explanations |
| Black-Box | attack | s, Robustness |
| Black-box Detection of Backdoor | attack | s with Limited Information and Data |
| Black-Box Dissector: Towards Erasing-Based Hard-Label Model Stealing | attack | |
| Black-Box Sparse Adversarial | attack | via Multi-Objective Optimisation CVPR Proceedings |
| Blind and Robust Watermarking of 3D Models: How to Withstand the Cropping | attack | ? |
| blind high definition video watermarking scheme robust to geometric and temporal synchronization | attack | s, A |
| Blind MPEG-2 Video Watermarking Robust Against Geometric | attack | s: A Set of Approaches in DCT Domain |
| Boosting Adversarial | attack | s with Momentum |
| Boosting Adversarial Transferability via Gradient Relevance | attack | |
| Boosting Adversarial Transferability with Shallow-Feature | attack | on SAR Images |
| Boosting Black-Box | attack | with Partially Transferred Conditional Adversarial Distribution |
| Boosting Decision-based Black-box Adversarial | attack | s with Random Sign Flip |
| Boosting Query Efficiency of Meta | attack | With Dynamic Fine-Tuning |
| Boosting transferability of physical | attack | against detectors by redistributing separable attention |
| Boundary augment: A data augment method to defend poison | attack | |
| Boundary Defense Against Black-box Adversarial | attack | s |
| Bounded Adversarial | attack | on Deep Content Features |
| Bpp | attack | : Stealthy and Efficient Trojan Attacks against Deep Neural Networks via Image Quantization and Contrastive Adversarial Learning |
| Breaching FedMD: Image Recovery via Paired-Logits Inversion | attack | |
| Bridging Machine Learning and Cryptography in Defence Against Adversarial | attack | s |
| CADW: CGAN-Based | attack | on Deep Robust Image Watermarking |
| CamoNet: A Target Camouflage Network for Remote Sensing Images Based on Adversarial | attack | |
| Can audio-visual integration strengthen robustness under multimodal | attack | s? |
| Can't Steal? Cont-Steal! Contrastive Stealing | attack | s Against Image Encoders |
| CAN-Bus | attack | Detection With Deep Learning |
| Capture the Bot: Using Adversarial Examples to Improve CAPTCHA Robustness to Bot | attack | s |
| Cascade Defense Method for Multidomain Adversarial | attack | s under Remote Sensing Detection, A |
| Catastrophic Child's Play: Easy to Perform, Hard to Defend Adversarial | attack | s |
| Category | attack | for LSB Steganalysis of JPEG Images |
| CCA: Exploring the Possibility of Contextual Camouflage | attack | on Object Detection |
| CGBA: Curvature-aware Geometric Black-box | attack | |
| Change Point Models for Real-Time Cyber | attack | Detection in Connected Vehicle Environment |
| Chosen plaintext | attack | on JPEG image encryption with adaptive key and run consistency |
| CIIDefence: Defeating Adversarial | attack | s by Fusing Class-Specific Image Inpainting and Image Denoising |
| CIT-GAN: Cyclic Image Translation Generative Adversarial Network With Application in Iris Presentation | attack | Detection |
| Class of Nonlinear Kalman Filters Under a Generalized Measurement Model With False Data Injection | attack | s, A |
| Clean-Label Backdoor | attack | s on Video Recognition Models |
| CleanCLIP: Mitigating Data Poisoning | attack | s in Multimodal Contrastive Learning |
| Client-specific anomaly detection for face presentation | attack | detection |
| Closer Look at Robustness of Vision Transformers to Backdoor | attack | s, A |
| Cloud security based | attack | detection using transductive learning integrated with Hidden Markov Model |
| CNN Patch Pooling for Detecting 3D Mask Presentation | attack | s in NIR |
| CNN-Based Anomaly Detection for Face Presentation | attack | Detection with Multi-Channel Images |
| CNNs Under | attack | : On the Vulnerability of Deep Neural Networks Based Face Recognition to Image Morphing |
| COLFISPOOF: A new Database for Contactless Fingerprint Presentation | attack | Detection Research |
| Collusion | attack | -Resilient Hierarchical Encryption of JPEG 2000 Codestreams with Scalable Access Control |
| Collusive | attack | s to Partition Authentication Visual Cryptography Scheme |
| Color Backdoor: A Robust Poisoning | attack | in Color Space |
| Combating desynchronization | attack | s on blind watermarking systems: A message passing approach |
| Combining 2D texture and 3D geometry features for Reliable iris presentation | attack | detection using light field focal stack |
| Combining Identity Features and Artifact Analysis for Differential Morphing | attack | Detection |
| Comparative Study of Wavelet Based Lattice QIM Techniques and Robustness against AWGN and JPEG | attack | s |
| Composite | attack | s-based copy-move image forgery detection using AKAZE and FAST with automatic contrast thresholding |
| Comprehensive Resilient Control Strategy for CBTC Systems Through Train-to-Train Communications Under Malicious | attack | s, A |
| Comprehensive Survey on Authentication and | attack | Detection Schemes That Threaten It in Vehicular Ad-Hoc Networks, A |
| Comprehensive Vulnerability Evaluation of Face Recognition Systems to Template Inversion | attack | s via 3D Face Reconstruction |
| Computation and Data Efficient Backdoor | attack | s |
| Concealed | attack | for Robust Watermarking Based on Generative Model and Perceptual Loss |
| Consistency-Sensitivity Guided Ensemble Black-Box Adversarial | attack | s in Low-Dimensional Spaces |
| Consistent | attack | : Universal adversarial perturbation on embodied vision navigation |
| Consistent Semantic | attack | s on Optical Flow |
| ConstDet: Control Semantics-Based Detection for GPS Spoofing | attack | s on UAVs |
| Content-dependent Spatially Localized Video Watermark for Resistance to Collusion and Interpolation | attack | s, A |
| Convolutional Neural Networks for Iris Presentation | attack | Detection: Toward Cross-Dataset and Cross-Sensor Generalization |
| Cooling-Shrinking | attack | : Blinding the Tracker With Imperceptible Noises |
| Cooperative Location-Sensing Network Based on Vehicular Communication Security Against | attack | s |
| Cost-Effective Adversarial | attack | s against Scene Text Recognition |
| Counterfeiting | attack | s on Oblivious Block-wise Independent Invisible Watermarking Schemes |
| Countering Adversarial | attack | s, Defense, Robustness |
| Countermeasure for the protection of face recognition systems against mask | attack | s |
| Countermeasure of re-recording prevention against | attack | with short wavelength pass filter |
| Countermeasure to Resist Block Replacement | attack | s, A |
| CRAB: Certified Patch Robustness Against Poisoning-Based Backdoor | attack | s |
| Critical Infrastructure Security Against Drone | attack | s Using Visual Analytics |
| Cross-database and cross- | attack | Iris presentation attack detection using micro stripes analyses |
| Cross-database and cross- | attack | Iris presentation attack detection using micro stripes analyses |
| Cross-Domain Face Presentation | attack | Detection via Multi-Domain Disentangled Representation Learning |
| Cross-Layer Defense Method for Blockchain Empowered CBTC Systems Against Data Tampering | attack | s, A |
| Cross-Layer Defense Scheme for Edge Intelligence-Enabled CBTC Systems Against MitM | attack | s, A |
| Cross-Modal Text Steganography Against Synonym Substitution-Based Text | attack | |
| Cross-Modal Transferable Adversarial | attack | s from Images to Videos |
| Cross-resolution face recognition adversarial | attack | s |
| Cross-Shaped Adversarial Patch | attack | |
| Cryptanalysis of iterative encryption and image sharing scheme based on the VQ | attack | |
| CSSBA: A Clean Label Sample-Specific Backdoor | attack | |
| Curls and Whey: Boosting Black-Box Adversarial | attack | s |
| Cyber | attack | s on Scada Based Traffic Light Control Systems in the Smart Cities |
| Cycle GAN-Based | attack | on Recaptured Images to Fool both Human and Machine |
| Cyclic Defense GAN Against Speech Adversarial | attack | s |
| Cyclical Adversarial | attack | Pierces Black-box Deep Neural Networks |
| DaST: Data-Free Substitute Training for Adversarial | attack | s |
| Data Poisoning | attack | Aiming the Vulnerability of Continual Learning |
| Data-Driven Fault-Tolerant Platooning Control Under Aperiodic DoS | attack | s |
| Data-free Universal Adversarial Perturbation and Black-box | attack | |
| Database for Face Presentation | attack | Using Wax Figure Faces, A |
| Dataset Security for Machine Learning: Data Poisoning, Backdoor | attack | s, and Defenses |
| DCA: Delayed Charging | attack | on the Electric Shared Mobility System |
| Decision-Based | attack | to Speaker Recognition System via Local Low-Frequency Perturbation |
| Decision-based Black-box | attack | Specific to Large-size Images |
| Decoupling Direction and Norm for Efficient Gradient-Based L2 Adversarial | attack | s and Defenses |
| Deep convolutional neural networks for face and iris presentation | attack | detection: survey and case study |
| Deep Image Destruction: Vulnerability of Deep Image-to-Image Models against Adversarial | attack | s |
| Deep Learning-Based Forgery | attack | on Document Images |
| Deep patch-wise supervision for presentation | attack | detection |
| Deeply vulnerable: a study of the robustness of face recognition to presentation | attack | s |
| DEFEAT: Deep Hidden Feature Backdoor | attack | s by Imperceptible Perturbation and Latent Representation Constraints |
| Defending Against Adversarial | attack | s by Randomized Diversification |
| Defending against | attack | s tailored to transfer learning via feature distancing |
| Defending Against Model Stealing | attack | s With Adaptive Misinformation |
| Defending Against Patch-based Backdoor | attack | s on Self-Supervised Learning |
| Defending against Poisoning | attack | s in Aerial Image Semantic Segmentation with Robust Invariant Feature Enhancement |
| Defending Against Universal | attack | s Through Selective Feature Regeneration |
| Defending and Harnessing the Bit-Flip Based Adversarial Weight | attack | |
| Defending Black Box Facial Recognition Classifiers Against Adversarial | attack | s |
| Defending Low-Bandwidth Talking Head Videoconferencing Systems From Real-Time Puppeteering | attack | s |
| Defending malware detection models against evasion based adversarial | attack | s |
| Defending Neural ODE Image Classifiers from Adversarial | attack | s with Tolerance Randomization |
| Defending Person Detection Against Adversarial Patch | attack | by Using Universal Defensive Frame |
| Defense Against Adversarial | attack | s by Reconstructing Images |
| Defense Against Adversarial | attack | s Using High-Level Representation Guided Denoiser |
| Defense Against Adversarial | attack | s via Controlling Gradient Leaking on Embedded Manifolds |
| Defense Against Adversarial | attack | s with Efficient Frequency-Adaptive Compression and Reconstruction |
| Defense against Adversarial Cloud | attack | on Remote Sensing Salient Object Detection |
| Defense against Adversarial Patch | attack | s for Aerial Image Semantic Segmentation by Robust Feature Extraction |
| Defense Mechanism Against Adversarial | attack | s Using Density-based Representation of Images |
| Defense-friendly Images in Adversarial | attack | s: Dataset and Metrics for Perturbation Difficulty |
| Defense-Prefix for Preventing Typographic | attack | s on CLIP |
| Deflecting Adversarial | attack | s with Pixel Deflection |
| delayed Elastic-Net approach for performing adversarial | attack | s, A |
| Delving into Data: Effectively Substitute Training for Black-box | attack | |
| Denoising and copy | attack | s resilient watermarking by exploiting prior knowledge at detector |
| Design of Blockchain enabled intrusion detection model for detecting security | attack | s using deep learning |
| Detecting anti-forensic | attack | s on demosaicing-based camera model identification |
| Detecting Disguise | attack | s on Multi-spectral Face Recognition Through Spectral Signatures |
| Detecting Face Morphing | attack | s by Analyzing the Directed Distances of Facial Landmarks Shifts |
| Detecting Morphed Face | attack | s Using Residual Noise from Deep Multi-scale Context Aggregation Network |
| Detecting Presentation | attack | s from 3D Face Masks Under Multispectral Imaging |
| Detecting Replay | attack | s Using Multi-Channel Audio: A Neural Network-Based Method |
| Detecting Sirex noctilio grey- | attacked | and lightning-struck pine trees using airborne hyperspectral data, random forest and support vector machines classifiers |
| Detecting State of Charge False Reporting | attack | s via Reinforcement Learning Approach |
| Detection and Continual Learning of Novel Face Presentation | attack | s |
| Detection and Isolation of Sensor | attack | s for Autonomous Vehicles: Framework, Algorithms, and Validation |
| Detection Defenses: An Empty Promise against Adversarial Patch | attack | s on Optical Flow |
| Detection of Face Morphing | attack | s by Deep Learning |
| Detection of Face Recognition Adversarial | attack | s |
| Detection of False Data Injection | attack | in Connected and Automated Vehicles via Cloud-Based Sandboxing |
| Detection of False Data Injection | attack | s in Smart Grid Communication Systems |
| Detection of Larch Forest Stress from Jas's Larch Inchworm (Erannis jacobsoni Djak) | attack | Using Hyperspectral Remote Sensing |
| Detection of Longhorned Borer | attack | and Assessment in Eucalyptus Plantations Using UAV Imagery |
| Detection of Makeup Presentation | attack | s based on Deep Face Representations |
| Developing Robust and Lightweight Adversarial Defenders by Enforcing Orthogonality on | attack | -Agnostic Denoising Autoencoders |
| Diffdefense: Defending Against Adversarial | attack | s via Diffusion Models |
| Differential Fault | attack | on Security Vehicle System Applied SIMON Block Cipher, A |
| Differentially Private Tripartite Intelligent Matching Against Inference | attack | s in Ride-Sharing Services |
| Digital and Physical-World | attack | s on Remote Pulse Detection |
| Direct Adversarial | attack | on Stego Sandwiched Between Black Boxes |
| DisBezant: Secure and Robust Federated Learning Against Byzantine | attack | in IoT-Enabled MTS |
| Discrete Point-Wise | attack | is Not Enough: Generalized Manifold Adversarial Attack for Face Recognition |
| Discrete Point-Wise | attack | is Not Enough: Generalized Manifold Adversarial Attack for Face Recognition |
| Discussion on comparative analysis and a new | attack | on optical asymmetric cryptosystem |
| Disrupting Image-Translation-Based DeepFake Algorithms with Adversarial | attack | s |
| Distance Based Leakage Alignment for Side Channel | attack | s |
| Distracting Downpour: Adversarial Weather | attack | s for Motion Estimation |
| Distributed Adaptive Platoon Secure Control on Unmanned Vehicles System for Lane Change Under Compound | attack | s |
| Distributed Cyber | attack | s Detection and Recovery Mechanism for Vehicle Platooning |
| Distributed edge-event-triggered consensus of multi-agent system under DoS | attack | |
| Distributed Secure Platoon Control of Connected Vehicles Subject to DoS | attack | : Theory and Application |
| Dither-modulation data riding with distortion-compensation: exact performance analysis and an improved detector for JPEG | attack | s |
| Divergence-Agnostic Unsupervised Domain Adaptation by Adversarial | attack | s |
| Diverse Generative Perturbations on Attention Space for Transferable Adversarial | attack | s |
| Do Adaptive Active | attack | s Pose Greater Risk Than Static Attacks? |
| Do Adaptive Active | attack | s Pose Greater Risk Than Static Attacks? |
| Do Gradient Inversion | attack | s Make Federated Learning Unsafe? |
| DOA Estimation under GNSS Spoofing | attack | s Using a Coprime Array: From a Sparse Reconstruction Viewpoint |
| Dodging | attack | Using Carefully Crafted Natural Makeup |
| Does Capture Background Influence the Accuracy of the Deep Learning Based Fingerphoto Presentation | attack | Detection Techniques? |
| Does Physical Adversarial Example Really Matter to Autonomous Driving? Towards System-Level Effect of Adversarial Object Evasion | attack | |
| Domain Adaptive Transfer | attack | -Based Segmentation Networks for Building Extraction From Aerial Images |
| Domain Knowledge Alleviates Adversarial | attack | s in Multi-Label Classifiers |
| Domain-Generalized Face Anti-Spoofing with Unknown | attack | s |
| DOS | attack | forecasting: A comparative study on wrapper feature selection |
| DST: Dynamic Substitute Training for Data-free Black-box | attack | |
| DTA: Physical Camouflage | attack | s using Differentiable Transformation Network |
| DTFA: Adversarial | attack | with discrete cosine transform noise and target features on deep neural networks |
| Dual Attention Suppression | attack | : Generate Adversarial Camouflage in Physical World |
| Dual-stream Framework for 3D Mask Face Presentation | attack | Detection, A |
| DWT-based high-capacity blind video watermarking, invariant to geometrical | attack | s |
| Dynamic Generative Targeted | attack | s with Pattern Injection |
| Dynamically Mitigating Data Discrepancy with Balanced Focal Loss for Replay | attack | Detection |
| Ear anti-spoofing against print | attack | s using three-level fusion of image quality measures |
| Early Detection of Bark Beetle | attack | Using Remote Sensing and Machine Learning: A Review |
| Early Detection of Bark Beetle Green | attack | Using TerraSAR-X and RapidEye Data |
| effect of the random jitter | attack | on the bit error rate performance of spatial domain image watermarking, The |
| Effective Ambiguity | attack | Against Passport-based DNN Intellectual Property Protection Schemes through Fully Connected Layer Substitution |
| Effective Presentation | attack | Detection Driven by Face Related Task |
| Effective Way to Boost Black-box Adversarial | attack | , An |
| Effectiveness of Generative | attack | s on an Online Handwriting Biometric, The |
| Efficient Adversarial | attack | s for Visual Object Tracking |
| Efficient any-Target Backdoor | attack | with Pseudo Poisoned Samples |
| Efficient Decision-Based Black-Box Adversarial | attack | s on Face Recognition |
| Efficient Decision-based Black-box Patch | attack | s on Video Recognition |
| Efficient Detection of Pixel-Level Adversarial | attack | s |
| Efficient Detection of Routing | attack | s in Wireless Sensor Networks |
| Efficient Loss Function by Minimizing the Detrimental Effect of Floating-Point Errors on Gradient-Based | attack | s |
| Efficient Non-Targeted | attack | for Deep Hashing Based Image Retrieval |
| Efficient Ordered-Transmission Based Distributed Detection Under Data Falsification | attack | s |
| Efficient software | attack | to multimodal biometric systems and its application to face and iris fusion |
| Elimination of Undetectable | attack | s on Natural Gas Networks |
| Embarrassingly Simple Backdoor | attack | on Self-supervised Learning, An |
| empirical evaluation of information metrics for low-rate and high-rate DDoS | attack | detection, An |
| Empirical Study of Fully Black-Box and Universal Adversarial | attack | for SAR Target Recognition, An |
| encoded histogram of ridge bifurcations and contours for fingerprint presentation | attack | detection, An |
| Enhanced iris presentation | attack | detection via contraction-expansion CNN |
| Enhanced Neuron Attribution-Based | attack | Via Pixel Dropping, An |
| Enhanced Transferable Adversarial | attack | of Scale-Invariant Methods, An |
| Enhancement Methods of Image Quality in Screen Mark | attack | |
| Enhancing Adversarial Example Transferability With an Intermediate Level | attack | |
| Enhancing deep discriminative feature maps via perturbation for face presentation | attack | detection |
| Enhancing Soft Biometric Face Template Privacy with Mutual Information-Based Image | attack | s |
| Enhancing the Robustness of Neural Collaborative Filtering Systems Under Malicious | attack | s |
| Enhancing the Self-Universality for Transferable Targeted | attack | s |
| Enhancing the Transferability of Adversarial | attack | s through Variance Tuning |
| Enhancing transferability of adversarial examples via rotation-invariant | attack | s |
| Ensemble adversarial black-box | attack | s against deep learning systems |
| Ensemble Generative Cleaning With Feedback Loops for Defending Adversarial | attack | s |
| Ensemble-based Blackbox | attack | s on Dense Prediction |
| Erosion | attack | : Harnessing Corruption To Improve Adversarial Examples |
| Estimation of optimum coding redundancy and frequency domain analysis of | attack | s for YASS: A randomized block based hiding scheme |
| Evading Deepfake-Image Detectors with White- and Black-Box | attack | s |
| Evading Defenses to Transferable Adversarial Examples by Translation-Invariant | attack | s |
| Evaluating Robustness of Deep Image Super-Resolution Against Adversarial | attack | s |
| Evaluating the Losses and Recovery of GPP in the Subtropical Mangrove Forest Directly | attacked | by Tropical Cyclone: Case Study in Hainan Island |
| Evaluating the Resilience of Face Recognition Systems Against Malicious | attack | s |
| Evaluating the Robustness of Semantic Segmentation for Autonomous Driving against Real-World Adversarial Patch | attack | s |
| Evaluation of a Fourier Watermarking Method Robustness to Cards Durability | attack | s |
| Evaluation of Brute-force | attack | to Dynamic Signature Verification Using Synthetic Samples |
| evaluation of direct | attack | s using fake fingers generated from ISO templates, An |
| evaluation of indirect | attack | s and countermeasures in fingerprint verification systems, An |
| Evaluation of wolf | attack | for classified target on speaker verification systems |
| Evasion | attack | STeganography: Turning Vulnerability Of Machine Learning To Adversarial Attacks Into A Real-world Application |
| Evasion | attack | STeganography: Turning Vulnerability Of Machine Learning To Adversarial Attacks Into A Real-world Application |
| Event-Based Distributed Secure Control of Unmanned Surface Vehicles With DoS | attack | s |
| Event-Based Fault Detection for Unmanned Surface Vehicles Subject to Denial-of-Service | attack | s |
| Event-Based Secure Leader-Following Consensus Control for Multiagent Systems With Multiple Cyber | attack | s |
| Exact Adversarial | attack | to Image Captioning via Structured Output Learning With Latent Variables |
| Examining the potential for early detection of spruce bark beetle | attack | s using multi-temporal Sentinel-2 and harvester data |
| Experimental Investigation of Text-Based CAPTCHA | attack | s and Their Robustness, An |
| Explain2 | attack | : Text Adversarial Attacks via Cross-Domain Interpretability |
| Explainability-Aware One Point | attack | for Point Cloud Neural Networks |
| Explainable Attention-Guided Iris Presentation | attack | Detector, An |
| Explaining Face Presentation | attack | Detection Using Natural Language |
| Exploiting Explanations for Model Inversion | attack | s |
| Exploiting Multi-Object Relationships for Detecting Adversarial | attack | s in Complex Scenes |
| Exploiting the Local Parabolic Landscapes of Adversarial Losses to Accelerate Black-Box Adversarial | attack | |
| Exploratory Adversarial | attack | s on Graph Neural Networks for Semi-Supervised Node Classification |
| Explore Adversarial | attack | via Black Box Variational Inference |
| Exploring Effective Data for Surrogate Training Towards Black-box | attack | |
| Exploring Frequency Adversarial | attack | s for Face Forgery Detection |
| Exploring presentation | attack | vulnerability and usability of face recognition systems |
| Exploring the Devil in Graph Spectral Domain for 3D Point Cloud | attack | s |
| Exposing Presentation | attack | s by a Combination of Multi-intrinsic Image Properties, Convolutional Networks and Transfer Learning |
| Exposing seam carving forgery under recompression | attack | s by hybrid large feature mining |
| Exposure Time Change | attack | on Image Watermarking Systems |
| Extending Adversarial | attack | s and Defenses to Deep 3D Point Cloud Classifiers |
| Eye movement-driven defense against iris print- | attack | s |
| EyePAD++: A Distillation-based approach for joint Eye Authentication and Presentation | attack | Detection using Periocular Images |
| F&F | attack | : Adversarial Attack against Multiple Object Trackers by Inducing False Negatives and False Positives |
| F&F | attack | : Adversarial Attack against Multiple Object Trackers by Inducing False Negatives and False Positives |
| F-mixup: | attack | CNNs From Fourier Perspective |
| Fabricate-Vanish: An Effective and Transferable Black-Box Adversarial | attack | Incorporating Feature Distortion |
| Face Biometrics Under Spoofing | attack | s: Vulnerabilities, Countermeasures, Open Issues, and Research Directions |
| Face Image Quality Estimation on Presentation | attack | Detection |
| Face liveness detection for combating the spoofing | attack | in face recognition |
| Face morphing | attack | detection and attacker identification based on a watchlist |
| Face morphing | attack | s and face image quality: The effect of morphing and the unsupervised attack detection by quality |
| Face morphing | attack | s and face image quality: The effect of morphing and the unsupervised attack detection by quality |
| Face presentation | attack | detection across spectrum using time-frequency descriptors of maximal response in Laplacian scale-space |
| Face presentation | attack | detection based on chromatic co-occurrence of local binary pattern and ensemble learning |
| Face Presentation | attack | Detection by Excavating Causal Clues and Adapting Embedding Statistics |
| Face Presentation | attack | Detection by Exploring Spectral Signatures |
| Face presentation | attack | detection in mobile scenarios: A comprehensive evaluation |
| Face Presentation | attack | with Latex Masks in Multispectral Videos |
| Face recognition under spoofing | attack | s: countermeasures and research directions |
| Face spoofing detection under super-realistic 3D wax face | attack | s |
| Failure of affine-based reconstruction | attack | in regenerating vascular feature points |
| Fairness in face presentation | attack | detection |
| False Data Injection | attack | in a Platoon of CACC: Real-Time Detection and Isolation With a PDE Approach |
| Fashion-Guided Adversarial | attack | on Person Segmentation |
| Fault Detection Filter and Controller Co-Design for Unmanned Surface Vehicles Under DoS | attack | s |
| FDA: Feature Disruptive | attack | |
| Feature Extraction For Visual Speaker Authentication Against Computer-Generated Video | attack | s |
| Feature Importance-aware Transferable Adversarial | attack | s |
| feature-based robust digital image watermarking against geometric | attack | s, A |
| Federated Test-Time Adaptive Face Presentation | attack | Detection with Dual-Phase Privacy Preservation |
| Few pixels | attack | s with generative model |
| Few-shot Website Fingerprinting | attack | with Meta-Bias Learning |
| FIBA: Frequency-Injection based Backdoor | attack | in Medical Image Analysis |
| Fingerprint Adversarial Presentation | attack | in the Physical Domain |
| Fingerprint Presentation | attack | Detection Method Based on a Bag-of-Words Approach |
| Fingerprint Presentation | attack | Detector Using Global-Local Model |
| Fingerprint Readers: Vulnerabilities to Front- and Back- end | attack | s |
| FinPAD: State-of-the-art of fingerprint presentation | attack | detection mechanisms, taxonomy and future perspectives |
| Focused LRP: Explainable AI for Face Morphing | attack | Detection |
| Fooling a Face Recognition System with a Marker-Free Label-Consistent Backdoor | attack | |
| Forensic Analysis of Nonlinear Collusion | attack | s for Multimedia Fingerprinting |
| Forming Adversarial Example | attack | s Against Deep Neural Networks With Reinforcement Learning |
| Four-scanning | attack | on hierarchical digital watermarking method for image tamper detection and recovery |
| framework for liveness detection for direct | attack | s in the visible spectrum for multimodal ocular biometrics, A |
| Frequency Domain Model Augmentation for Adversarial | attack | |
| Frequency domain regularization for iterative adversarial | attack | s |
| Frequency-driven Imperceptible Adversarial | attack | on Semantic Similarity |
| Frequency-Tuned Universal Adversarial | attack | s on Texture Recognition |
| From Gradient Leakage To Adversarial | attack | s In Federated Learning |
| Fusion of Handcrafted and Deep Learning Features for Large-Scale Multiple Iris Presentation | attack | Detection |
| Fuzzy-Model-Based Lateral Control for Networked Autonomous Vehicle Systems Under Hybrid Cyber- | attack | s |
| Gaussian Filtering With Cyber- | attacked | Data |
| general quantitative cryptanalysis of permutation-only multimedia ciphers against plaintext | attack | s, A |
| Generalizable Black-Box Adversarial | attack | With Meta Learning |
| Generalized Iris Presentation | attack | Detection Algorithm under Cross-Database Settings |
| Generated Distributions Are All You Need for Membership Inference | attack | s Against Generative Models |
| Generating Adversarial | attack | s in the Latent Space |
| Generating Adversarial Examples By Makeup | attack | s on Face Recognition |
| Generating Master Faces for Dictionary | attack | s with a Network-Assisted Latent Space Evolution |
| Generating Out of Distribution Adversarial | attack | Using Latent Space Poisoning |
| Generative Adversarial | attack | on Ensemble Clustering |
| Generative Adversarial Networks: A Survey on | attack | and Defense Perspective |
| Genetic algorithm | attack | on minutiae-based fingerprint authentication and protected template fingerprint systems |
| GeoDA: A Geometric Framework for Black-Box Adversarial | attack | s |
| Geometric Adversarial | attack | s and Defenses on 3D Point Clouds |
| Geometric | attack | Invariant Watermarking with Biometric Data: Applied on Offline Handwritten Signature |
| Geometrically Adaptive Dictionary | attack | on Face Recognition |
| Geometry-Inspired Decision-Based | attack | , A |
| GIS-Assisted Prediction and Risk Zonation of Wildlife | attack | s in the Chitwan National Park in Nepal |
| GNP | attack | : Transferable Adversarial Examples Via Gradient Norm Penalty |
| GradAuto: Energy-Oriented | attack | on Dynamic Neural Networks |
| GradMDM: Adversarial | attack | on Dynamic Networks |
| Guessing Smart: Biased Sampling for Efficient Black-Box Adversarial | attack | s |
| Guest Editorial: Face Recognition and Spoofing | attack | s |
| Hamiltonian Monte Carlo Method for Probabilistic Adversarial | attack | and Learning, A |
| Hard No-Box Adversarial | attack | on Skeleton-Based Human Action Recognition with Skeleton-Motion-Informed Gradient |
| Hard-label based Small Query Black-box Adversarial | attack | |
| Hardly Perceptible Trojan | attack | Against Neural Networks with Bit Flips |
| Heuristic | attack | Method to PRH-Based Audio Copy Detectors, A |
| Hidden Conditional Adversarial | attack | s |
| Hierarchical Average Fusion With GM-PHD Filters Against FDI and DoS | attack | s |
| Histogram of oriented gradients based presentation | attack | detection in dorsal hand-vein biometric system |
| Histogram-oriented watermarking algorithm: colour image watermarking scheme robust against geometric | attack | s and signal processing |
| How to choose your best allies for a transferable | attack | ? |
| Hybrid Convolutional Neural Networks To Create An | attack | Detection Framework For A Wireless Sensor Network Based Health Care Application |
| ILFO: Adversarial | attack | on Adaptive Neural Networks |
| Image Copy Detection via Grouping in Feature Space Based on Virtual Prior | attack | s |
| Image Super-Resolution as a Defense Against Adversarial | attack | s |
| Image Translation-Based Deniable Encryption against Model Extraction | attack | |
| Image Watermarking Resistant To Combined Geometric And Removal | attack | s |
| Image watermarking with feature point based synchronization robust to print-scan | attack | |
| Image-Level Iris Morph | attack | |
| Impact of Adversarial | attack | s on Federated Learning: A Survey, The |
| Impact of Synthetic Images on Morphing | attack | Detection Using a Siamese Network |
| Impact of the Cropping | attack | on Scalar STDM Data Hiding, The |
| Imperceptible Transfer | attack | and Defense on 3D Point Cloud Classification |
| Improved Noise and | attack | Robustness for Semantic Segmentation by Using Multi-Task Training with Self-Supervised Depth Estimation |
| Improved Statistic for the Pooled Triangle Test Against PRNU-Copy | attack | , An |
| Improving Adversarial Transferability via Neuron Attribution-based | attack | s |
| Improving DNN Robustness to Adversarial | attack | s Using Jacobian Regularization |
| Improving Gait Biometrics under Spoofing | attack | s |
| Improving Query Efficiency of Black-box Adversarial | attack | |
| Improving Robustness Against Stealthy Weight Bit-Flip | attack | s by Output Code Matching |
| Improving Robustness of Facial Landmark Detection by Defending against Adversarial | attack | s |
| Improving the robustness of adversarial | attack | s using an affine-invariant gradient estimator |
| Improving the Transferability of Adversarial | attack | s Through Both Front and Rear Vector Method |
| In-Vehicle CAN Bus Tampering | attack | s Detection for Connected and Autonomous Vehicles Using an Improved Isolation Forest Method |
| Increasing Robustness of an Improved Spread Spectrum Audio Watermarking Method Using | attack | Characterization |
| Incremental Support Vector Machine for Self-updating Fingerprint Presentation | attack | Detection Systems |
| Indirect Local | attack | s for Context-aware Semantic Segmentation Networks |
| Indirect synthetic | attack | on thermal face biometric systems via visible-to-thermal spectrum conversion |
| Intelligent | attack | defense scheme based on DQL algorithm in mobile fog computing |
| Interactive Photo Liveness for Presentation | attack | s Detection |
| Interest flooding | attack | mitigation in a vehicular named data network |
| Intermediate-Level | attack | Framework on the Basis of Linear Regression, An |
| Interpretable security analysis of cancellable biometrics using constrained-optimized similarity-based | attack | |
| Interpreting Attributions and Interactions of Adversarial | attack | s |
| Introducing a new method of image reconstruction against crop | attack | using sudoku watermarking algorithm |
| Introducing a new method robust against crop | attack | in digital image watermarking using two-step sudoku |
| Intrusion Detection and Ejection Framework Against Lethal | attack | s in UAV-Aided Networks: A Bayesian Game-Theoretic Methodology |
| Inversion | attack | resilient zero-watermarking scheme for medical image authentication |
| Invertibility | attack | against watermarking based on forged algorithm and a countermeasure |
| Investigating the significance of adversarial | attack | s and their relation to interpretability for radar-based human activity recognition systems |
| Investigating Top-k White-Box and Transferable Black-box | attack | |
| Investigating Weight-Perturbed Deep Neural Networks with Application in Iris Presentation | attack | Detection |
| Invisible Backdoor | attack | with Sample-Specific Triggers |
| Invisible Black-Box Backdoor | attack | Through Frequency Domain, An |
| IoU | attack | : Towards Temporally Coherent Black-Box Adversarial Attack for Visual Object Tracking |
| IoU | attack | : Towards Temporally Coherent Black-Box Adversarial Attack for Visual Object Tracking |
| Iris Presentation | attack | Detection Based on Photometric Stereo Features |
| Iris presentation | attack | detection: Where are we now? |
| Iris Presentation | attack | via Textured Contact Lens in Unconstrained Environment |
| Iris Presentation | attack | : Assessing the Impact of Combining Vanadium Dioxide Films with Artificial Eyes |
| Iris Recognition Against Counterfeit | attack | Using Gradient Based Fusion of Multi-spectral Images |
| Iris Recognition Systems, Spoofing, Liveness, Presentation | attack | , Contact Lenses |
| Is it Really Easy to Detect Sybil | attack | s in C-ITS Environments: A Position Paper |
| Iterative Adversarial | attack | on Image-Guided Story Ending Generation |
| Jointly Defending DeepFake Manipulation and Adversarial | attack | Using Decoy Mechanism |
| JSNet: A simulation network of JPEG lossy compression and restoration for robust image watermarking against JPEG | attack | |
| Just One Moment: Structural Vulnerability of Deep Action Recognition against One Frame | attack | |
| Killing Four Birds with one Gaussian Process: The Relation between different Test-Time | attack | s |
| Knowledge-Enriched Distributional Model Inversion | attack | s |
| L-GEM based robust learning against poisoning | attack | |
| Label-Only Model Inversion | attack | s via Boundary Repulsion |
| Lambertian-based adversarial | attack | s on deep-learning-based underwater side-scan sonar image classification |
| Large Scale Audio-Visual Video Analytics Platform for Forensic Investigations of Terroristic | attack | s |
| Large-Scale Multiple-Objective Method for Black-box | attack | Against Object Detection, A |
| LAS-AT: Adversarial Training with Learnable | attack | Strategy |
| LBP-TOP Based Countermeasure against Face Spoofing | attack | s |
| LDFT-Based Watermarking Resilient to Local Desynchronization | attack | s |
| LEA2: A Lightweight Ensemble Adversarial | attack | via Non-overlapping Vulnerable Frequency Regions |
| Learnable Gradient operator for face presentation | attack | detection, A |
| Learnable Multi-level Frequency Decomposition and Hierarchical Attention Mechanism for Generalized Face Presentation | attack | Detection |
| Learning Ordered Top-k Adversarial | attack | s via Adversarial Distillation |
| Leveraging Local Patch Differences in Multi-Object Scenes for Generative Adversarial | attack | s |
| LG-GAN: Label Guided Adversarial Network for Flexible Targeted | attack | of Point Cloud Based Deep Networks |
| LIRA: Learnable, Imperceptible and Robust Backdoor | attack | s |
| Live Trojan | attack | s on Deep Neural Networks |
| Liveness Detection, Spoofing, Presentation | attack | , Faces, Other Biometrics |
| Liveness-Enforcing Supervisor Tolerant to Sensor-Reading Modification | attack | s, A |
| LMS-based | attack | on watermark public detectors |
| Local Gradients Smoothing: Defense Against Localized Adversarial | attack | s |
| Local Texture Complexity Guided Adversarial | attack | |
| LogBarrier Adversarial | attack | : Making Effective Use of Decision Boundary Information, The |
| Low-Cost | attack | on Branch-Based Software Watermarking Schemes, A |
| LP-GAN: Learning perturbations based on generative adversarial networks for point cloud adversarial | attack | s |
| Machine learning based adaptive watermark decoding in view of anticipated | attack | |
| Machine Learning in the Hyperspectral Classification of Glycaspis brimblecombei (Hemiptera Psyllidae) | attack | Severity in Eucalyptus |
| Making an Invisibility Cloak: Real World Adversarial | attack | s on Object Detectors |
| Making Corgis Important for Honeycomb Classification: Adversarial | attack | s on Concept-based Explainability Tools |
| Making impostor pass rates meaningless: A case of snoop-forge-replay | attack | on continuous cyber-behavioral verification with keystrokes |
| Manipulation, Adversarial and Presentation | attack | s in Biometrics |
| Masquerade | attack | on transform-based binary-template protection based on perceptron learning |
| Master Key backdoor for universal impersonation | attack | against DNN-based face verification, A |
| Maximum isotope accumulation in the retrosplenial cortex during amnesia | attack | and its temporal change suggest cortical spreading depression as a pathophysiology of patients with transient global amnesia |
| MAZE: Data-Free Model Stealing | attack | Using Zeroth-Order Gradient Estimation |
| MedRDF: A Robust and Retrain-Less Diagnostic Framework for Medical Pretrained Models Against Adversarial | attack | |
| Membership Inference | attack | Using Self Influence Functions |
| Membership Inference | attack | s are Easier on Difficult Problems |
| Meta Generative | attack | on Person Reidentification |
| Meta Gradient Adversarial | attack | |
| Meta- | attack | : Class-agnostic and Model-agnostic Physical Adversarial Attack |
| Meta- | attack | : Class-agnostic and Model-agnostic Physical Adversarial Attack |
| Metamorphic Testing-based Adversarial | attack | to Fool Deepfake Detectors |
| method of H.264 video watermarking robust to | attack | on I and P frames by removal, A |
| Methods for countering | attack | s on image watermarking schemes: Overview |
| MFNet-LE: Multilevel fusion network with Laplacian embedding for face presentation | attack | s detection |
| Minimally Distorted Structured Adversarial | attack | s |
| Minimizing Maximum Model Discrepancy for Transferable Black-box Targeted | attack | s |
| Minmax Strategies for QIM Watermarking Subject to | attack | s with Memory |
| Mixed Quantization Enabled Federated Learning to Tackle Gradient Inversion | attack | s |
| MixNet for Generalized Face Presentation | attack | Detection |
| ML | attack | : Fooling Semantic Segmentation Networks by Multi-layer Attacks |
| MLSD-GAN: Generating Strong High Quality Face Morphing | attack | s Using Latent Semantic Disentanglement |
| Model scheduling and sample selection for ensemble adversarial example | attack | s |
| Modelling & Analysis of High Impact Terrorist | attack | s in India & Its Neighbors |
| More or Less (MoL): Defending against Multiple Perturbation | attack | s on Deep Neural Networks through Model Ensemble and Compression |
| Motion-based counter-measures to photo | attack | s in face recognition |
| Motion-based countermeasure against photo and video spoofing | attack | s in face recognition |
| Motion-Excited Sampler: Video Adversarial | attack | with Sparked Prior |
| MPAF: Model Poisoning | attack | s to Federated Learning based on Fake Clients |
| Multi-Adversarial Discriminative Deep Domain Generalization for Face Presentation | attack | Detection |
| Multi- | attack | Reference Hashing Generation for Image Authentication |
| Multi-Expert Adversarial | attack | Detection in Person Re-identification Using Context Inconsistency |
| Multi-Label Adversarial | attack | Based on Label Correlation |
| Multi-robot adversarial patrolling: Handling sequential | attack | s |
| Multi-task Convolutional Neural Network for Joint Iris Detection and Presentation | attack | Detection, A |
| Multilevel histogram shape-based image watermarking invariant to geometric | attack | s |
| Multimodal Biometric Fusion: A Study on Vulnerabilities to Indirect | attack | s |
| Multispectral Imaging for Differential Face Morphing | attack | Detection: A Preliminary Study |
| Myope Models: Are face presentation | attack | detection models short-sighted? |
| Natural Light Can Also be Dangerous: Traffic Sign Misinterpretation Under Adversarial Natural Light | attack | s |
| NetTimeView: Applying Spatio-temporal Data Visualization Techniques to DDoS | attack | Analysis |
| Network | attack | s Related To Smart Healthcare and Their Impact Evaluation |
| Neural Watermarking Method Including an | attack | Simulator against Rotation and Compression Attacks |
| Neural Watermarking Method Including an | attack | Simulator against Rotation and Compression Attacks |
| Neuro-Inspired Autoencoding Defense Against Adversarial | attack | s, A |
| New Approach for Detecting DDoS | attack | s Based on Wavelet Analysis, A |
| New Backdoor | attack | in CNNS by Training Set Corruption Without Label Poisoning, A |
| New Blind | attack | Procedure For Dct-based Image Encryption With Spectrum Learning, A |
| New Collusion | attack | and Its Performance Evaluation, A |
| New Multi-spectral Iris Acquisition Sensor for Biometric Verification and Presentation | attack | Detection, A |
| New Protocol to Evaluate the Resistance of Template Update Systems against Zero-Effort | attack | s, A |
| New Public-Key Authentication Watermarking for Binary Document Images Resistant to Parity | attack | s, A |
| No Surprises: Training Robust Lung Nodule Detection for Low-Dose CT Scans by Augmenting With Adversarial | attack | s |
| Noise in Adversarial | attack | s, Removing, Detection, Use |
| Non-reference Image Quality Assessment for Fingervein Presentation | attack | Detection |
| NoPeek-Infer: Preventing face reconstruction | attack | s in distributed inference after on-premise training |
| Not All Samples Are Born Equal: Towards Effective Clean-Label Backdoor | attack | s |
| novel approach for securing data against adversary | attack | s in UAV embedded HetNet using identity based authentication scheme, A |
| Novel Bipartite Consensus Tracking Control for Multiagent Systems Under Sensor Deception | attack | s, A |
| Novel Collusion | attack | Strategy for Digital Fingerprinting, A |
| Novel Cyber | attack | Detection Method in Networked Control Systems, A |
| novel face presentation | attack | detection scheme based on multi-regional convolutional neural networks, A |
| novel image watermarking scheme against desynchronization | attack | s by SVR revision, A |
| novel image watermarking scheme based on amplitude | attack | , A |
| Novel presentation | attack | detection algorithm for face recognition system: Application to 3D face mask attack |
| Novel presentation | attack | detection algorithm for face recognition system: Application to 3D face mask attack |
| Novel Sketch | attack | for H.264/AVC Format-Compliant Encrypted Video, A |
| Novel Steganographic Algorithm Resisting Targeted Steganalytic | attack | s on LSB Matching, A |
| Novel System for Deep Contour Classifiers Certification Under Filtering | attack | s, A |
| Novel Watermarking Algorithm for Image Authentication: Robustness Against Common | attack | s and JPEG2000 Compression, A |
| object-based non-blind watermarking that is robust to non-linear geometrical distortion | attack | s, An |
| Off-Policy Learning-Based Following Control of Cooperative Autonomous Vehicles Under Distributed | attack | s |
| OMG- | attack | : Self-Supervised On-Manifold Generation of Transferable Evasion Attacks |
| OMG- | attack | : Self-Supervised On-Manifold Generation of Transferable Evasion Attacks |
| On | attack | -Resilient Service Placement and Availability in Edge-Enabled IoV Networks |
| On Iris Spoofing Using Print | attack | |
| On Isometry Robustness of Deep 3D Point Cloud Models Under Adversarial | attack | s |
| On JPEG2000 Error Concealment | attack | s |
| On Single-Model Transferable Targeted | attack | s: A Closer Look at Decision-Level Optimization |
| On the Difficulty of Membership Inference | attack | s |
| On the Effectiveness of Small Input Noise for Defending Against Query-based Black-Box | attack | s |
| On the generalisation capabilities of Fisher vector-based face presentation | attack | detection |
| On the Optimal Structure of Watermark Decoders Under Desynchronization | attack | s |
| On the Reversibility of Adversarial | attack | s |
| On the Risk Assessment of Terrorist | attack | s Coupled with Multi-Source Factors |
| On the Robustness of Deep Learning Models to Universal Adversarial | attack | |
| On the Robustness of Semantic Segmentation Models to Adversarial | attack | s |
| On the Security of Block Scrambling-Based EtC Systems against Extended Jigsaw Puzzle Solver | attack | s |
| On the transferability of adversarial perturbation | attack | s against fingerprint based authentication systems |
| On the vulnerability of deep learning to adversarial | attack | s for camera model identification |
| On the Vulnerability of Deepfake Detectors to | attack | s Generated by Denoising Diffusion Models |
| On the vulnerability of face verification systems to hill-climbing | attack | s |
| On the Vulnerability of Iris-based Systems to a Software | attack | Based on a Genetic Algorithm |
| Once a MAN: Towards Multi-Target | attack | via Learning Multi-Target Adversarial Network Once |
| One-bit Flip is All You Need: When Bit-flip | attack | Meets Model Training |
| One-Class Fingerprint Presentation | attack | Detection Using Auto-Encoder Network |
| One-Shot Adversarial | attack | s on Visual Tracking With Dual Attention |
| Online Alternate Generator Against Adversarial | attack | s |
| Only Once | attack | : Fooling the Tracker With Adversarial Template |
| OOD | attack | : Generating Overconfident out-of-Distribution Examples to Fool Deep Neural Classifiers |
| Operational Perspectives Into the Resilience of the U.S. Air Transportation Network Against Intelligent | attack | s |
| Optical Adversarial | attack | |
| Optimal decoding for watermarks subject to geometrical | attack | s |
| Optimal Transport as a Defense Against Adversarial | attack | s |
| Optimal watermark power and host samples allocation under random gain | attack | |
| OQFL: An Optimized Quantum-Based Federated Learning Framework for Defending Against Adversarial | attack | s in Intelligent Transportation Systems |
| OULU-NPU: A Mobile Face Presentation | attack | Database with Real-World Variations |
| Over-the-Air Adversarial Flickering | attack | s against Video Recognition Networks |
| Overloaded Branch Chains Induced by False Data Injection | attack | in Smart Grid |
| Parallel Rectangle Flip | attack | : A Query-based Black-box Attack against Object Detection |
| Parallel Rectangle Flip | attack | : A Query-based Black-box Attack against Object Detection |
| Parametric Noise Injection: Trainable Randomness to Improve Deep Neural Network Robustness Against Adversarial | attack | |
| PARAPH: Presentation | attack | Rejection by Analyzing Polarization Hypotheses |
| Partial | attack | Supervision and Regional Weighted Inference for Masked Face Presentation Attack Detection |
| Partial | attack | Supervision and Regional Weighted Inference for Masked Face Presentation Attack Detection |
| Pasadena: Perceptually Aware and Stealthy Adversarial Denoise | attack | |
| Patch | attack | Invariance: How Sensitive are Patch Attacks to 3D Pose? |
| Patch | attack | Invariance: How Sensitive are Patch Attacks to 3D Pose? |
| Patch-wise | attack | for Fooling Deep Neural Network |
| Patch | attack | : A Black-box Texture-based Attack with Reinforcement Learning |
| PatchZero: Defending against Adversarial Patch | attack | s by Detecting and Zeroing the Patch |
| PATROL: Privacy-Oriented Pruning for Collaborative Inference Against Model Inversion | attack | s |
| Pattern Recognition Scheme for Distributed Denial of Service (DDoS) | attack | s in Wireless Sensor Networks, A |
| Pattern Recognition Systems under | attack | |
| Perceptual quality-preserving black-box | attack | against deep learning image classifiers |
| Performance Evaluation for Secure Communications in Mobile Internet of Vehicles With Joint Reactive Jamming and Eavesdropping | attack | s |
| Performing | attack | Halting Process with Digital Pattern and Proactive Model Resolving the Security Issues in IoT Based Models |
| Perils of Learning From Unlabeled Data: Backdoor | attack | s on Semi-supervised Learning, The |
| Person Re-identification Method Based on Color | attack | and Joint Defence |
| Perturbation analysis of gradient-based adversarial | attack | s |
| Perturbation-Constrained Adversarial | attack | for Evaluating the Robustness of Optical Flow, A |
| Phantom Sponges: Exploiting Non-Maximum Suppression to | attack | Deep Object Detectors |
| PhygitalNet: Unified Face Presentation | attack | Detection via One-Class Isolation Learning |
| Physical Adversarial | attack | s on an Aerial Imagery Object Detector |
| Physical | attack | on Monocular Depth Estimation with Optimal Adversarial Patches |
| Physical Passive Patch Adversarial | attack | s on Visual Odometry Systems |
| Physical-World Optical Adversarial | attack | s on 3D Face Recognition |
| Pick-Object- | attack | : Type-specific adversarial attack for object detection |
| Pick-Object- | attack | : Type-specific adversarial attack for object detection |
| Pilot Contamination | attack | Detection and Defense Strategy in Wireless Communications |
| Pilot Study of Query-Free Adversarial | attack | against Stable Diffusion, A |
| Pixel-wise supervision for presentation | attack | detection on identity document cards |
| Planting | attack | on latent fingerprints |
| Point Cloud | attack | s in Graph Spectral Domain: When 3D Geometry Meets Graph Signal Processing |
| PointBA: Towards Backdoor | attack | s in 3D Point Cloud |
| Poison Ink: Robust and Invisible Backdoor | attack | |
| Poisoning | attack | Against Estimating From Pairwise Comparisons |
| PPGSecure: Biometric Presentation | attack | Detection Using Photopletysmograms |
| Practical Black-Box | attack | s on Deep Neural Networks Using Efficient Query Mechanisms |
| Practical Evaluation of Adversarial Robustness via Adaptive Auto | attack | |
| Practical Membership Inference | attack | s Against Large-Scale Multi-Modal Models: A Pilot Study |
| Practical Poisoning | attack | s on Neural Networks |
| Practical Real-Time Video Watermarking Scheme Robust against Downscaling | attack | , A |
| Practical Relative Order | attack | in Deep Ranking |
| practical scheme of defeating interpretation | attack | of digital watermarking, A |
| Practical View on Face Presentation | attack | Detection |
| Practical Wireless | attack | on the Connected Car and Security Protocol for In-Vehicle CAN, A |
| PRAT: PRofiling Adversarial | attack | s |
| Predicting the vulnerability of biometric systems to | attack | s based on morphed biometric information |
| Presentation | attack | detection based on two-stream vision transformers with self-attention fusion |
| Presentation | attack | Detection for Face Recognition Using Light Field Camera |
| Presentation | attack | Detection for Iris Recognition: An Assessment of the State-of-the-Art |
| Presentation | attack | Detection for Sclera Biometric Applications |
| Presentation | attack | Detection Methods for Face Recognition Systems: A Comprehensive Survey |
| Presentation | attack | Detection Methods for Fingerprint Recognition Systems: A Survey |
| Presentations and | attack | s, and spoofs, oh my |
| Preventing Fake Information Generation Against Media Clone | attack | s |
| Principal Component Analysis-Based Approach for Single Morphing | attack | Detection, A |
| Privacy Preserving Defense For Black Box Classifiers Against On-Line Adversarial | attack | s |
| Privacy-friendly Synthetic Data for the Development of Face Morphing | attack | Detectors |
| ProFlip: Targeted Trojan | attack | with Progressive Bit Flips |
| Progressive Backdoor Erasing via connecting Backdoor and Adversarial | attack | s |
| Projection Probability-Driven Black-Box | attack | |
| Projection-Based Physical Adversarial | attack | for Monocular Depth Estimation |
| Propagated Perturbation of Adversarial | attack | for well-known CNNs: Empirical Study and its Explanation |
| Protecting Autonomous Cars from Phantom | attack | s |
| Protecting Intellectual Property of Generative Adversarial Networks from Ambiguity | attack | s |
| Prototype-supervised Adversarial Network for Targeted | attack | of Deep Hashing |
| Proximal Splitting Adversarial | attack | for Semantic Segmentation |
| PSAT-GAN: Efficient Adversarial | attack | s Against Holistic Scene Understanding |
| Push & Pull: Transferable Adversarial Examples With Attentive | attack | |
| PW-MAD: Pixel-Wise Supervision for Generalized Face Morphing | attack | Detection |
| QAIR: Practical Query-efficient Black-Box | attack | s for Image Retrieval |
| QEBA: Query-Efficient Boundary-Based Blackbox | attack | |
| quality evaluation of image recovery | attack | for visible watermarking algorithms, The |
| Quantization Based Watermarking Approach with Gain | attack | Recovery |
| Quarantine: Sparsity Can Uncover the Trojan | attack | Trigger for Free |
| Query efficient black-box adversarial | attack | on deep neural networks |
| Query-Efficient Adversarial | attack | Based On Latin Hypercube Sampling |
| Query-Efficient Black-Box Adversarial | attack | With Customized Iteration and Sampling |
| Query-Efficient Black-Box Adversarial | attack | s Guided by a Transfer-Based Prior |
| Query-efficient decision-based | attack | via sampling distribution reshaping |
| Queryable Semantics to Detect Cyber- | attack | s: A Flow-Based Detection Approach |
| Quick response airborne deployment of VIPER muzzle flash detection and location system during DC sniper | attack | s |
| Randomized Gradient-Free | attack | on ReLU Networks, A |
| Rate Gradient Approximation | attack | Threats Deep Spiking Neural Networks |
| RD-IWAN: Residual Dense Based Imperceptible Watermark | attack | Network |
| Re-Thinking Model Inversion | attack | s Against Deep Neural Networks |
| Real masks and spoof faces: On the masked face presentation | attack | detection |
| Real-time | attack | s on robust watermarking tools in the wild by CNN |
| Real-Time Detection and Estimation of Denial of Service | attack | in Connected Vehicle Systems |
| Reflection Backdoor: A Natural Backdoor | attack | on Deep Neural Networks |
| ReGenMorph: Visibly Realistic GAN Generated Face Morphing | attack | s by Attack Re-generation |
| ReGenMorph: Visibly Realistic GAN Generated Face Morphing | attack | s by Attack Re-generation |
| Regional Saliency Map | attack | for Medical Image Segmentation |
| Regularized Intermediate Layers | attack | : Adversarial Examples With High Transferability |
| Reinforcement Learning-Based Black-Box Model Inversion | attack | s |
| Relativistic Discriminator: A One-Class Classifier for Generalized Iris Presentation | attack | Detection |
| Relevance | attack | on detectors |
| Remote Photoplethysmography Correspondence Feature for 3D Mask Face Presentation | attack | Detection |
| Remote Sensing of Poplar Phenophase and Leaf Miner | attack | in Urban Forests |
| Resilience of Massive MIMO PNC to Jamming | attack | s in Vehicular Networks, The |
| Resilient Countermeasures Against Cyber- | attack | s on Self-Driving Car Architecture |
| Resilient Distributed Event-Triggered Platooning Control of Connected Vehicles Under Denial-of-Service | attack | s |
| Resilient Distributed Kalman Filtering Under Bidirectional Stealthy | attack | , A |
| Resilient Formation Tracking of Spacecraft Swarm Against Actuation | attack | s: A Distributed Lyapunov-Based Model Predictive Approach |
| Resilient path-following control of autonomous vehicles subject to intermittent denial-of-service | attack | s |
| Resilient Platoon Control of Vehicular Cyber Physical Systems Under DoS | attack | s and Multiple Disturbances |
| Resistance Analysis of Scalable Video Fingerprinting Systems Under Fair Collusion | attack | s |
| ResMax: Detecting Voice Spoofing | attack | s with Residual Network and Max Feature Map |
| Resource Problem of Using Linear Layer Leakage | attack | in Federated Learning, The |
| ResSFL: A Resistance Transfer Framework for Defending Model Inversion | attack | in Split Federated Learning |
| Rethinking Label Flipping | attack | : From Sample Masking to Sample Thresholding |
| Rethinking the Backdoor | attack | s' Triggers: A Frequency Perspective |
| Reversible | attack | based on adversarial perturbation and reversible data hiding in YUV colorspace |
| Revisiting ensemble adversarial | attack | |
| RFLA: A Stealthy Reflected Light Adversarial | attack | in the Physical World |
| RIBAC: Towards Robust and Imperceptible Backdoor | attack | against Compact DNN |
| Risk Assessment for Connected Vehicles Under Stealthy | attack | s on Vehicle-to-Vehicle Networks |
| Risk-Distortion Analysis for Video Collusion | attack | s: A Mouse-and-Cat Game |
| Robust Adversarial Watermark Defending Against GAN Synthesization | attack | |
| Robust Audio Patch | attack | s Using Physical Sample Simulation and Adversarial Patch Noise Generation |
| Robust convolutional neural networks against adversarial | attack | s on medical images |
| Robust Decision-Based Black-Box Adversarial | attack | via Coarse-To-Fine Random Search |
| Robust Design of Deep Neural Networks Against Adversarial | attack | s Based on Lyapunov Theory |
| Robust digital image watermarking method against geometrical | attack | s |
| Robust Feature-Guided Generative Adversarial Network for Aerial Image Semantic Segmentation against Backdoor | attack | s |
| Robust Geometry-Dependent | attack | for 3D Point Clouds |
| Robust image watermarking against local geometric | attack | s using multiscale block matching method |
| Robust IRIS Presentation | attack | Detection Through Stochastic Filter Noise |
| Robust multimodal face and fingerprint fusion in the presence of spoofing | attack | s |
| Robust Physical-World | attack | s on Deep Learning Visual Classification |
| Robust Physical-World | attack | s on Face Recognition |
| Robust Residual Dense Neural Network For Countering Antiforensic | attack | on Median Filtered Images, A |
| Robust Single Image Reflection Removal Against Adversarial | attack | s |
| Robust Structured Declarative Classifiers for 3D Point Clouds: Defending Adversarial | attack | s with Implicit Gradients |
| Robust Superpixel-Guided Attentional Adversarial | attack | |
| Robust Tracking Against Adversarial | attack | s |
| Robust watermarking against print and scan | attack | through efficient modeling algorithm |
| Robust Watermarking Algorithm Using | attack | Pattern Analysis, A |
| Robust Watermarking Scheme against Frame Blending, Projection and Content Adaptation | attack | s, A |
| Robustness Against Gradient based | attack | s through Cost Effective Network Fine-Tuning |
| Robustness Evaluation of Biometric Systems under Spoof | attack | s |
| Robustness of Deep Learning-Based Specific Emitter Identification under Adversarial | attack | s |
| Robustness of Saak Transform Against Adversarial | attack | s |
| Robustness of Trajectory Prediction Models Under Map-Based | attack | s |
| Robustness with Query-efficient Adversarial | attack | using Reinforcement Learning |
| rPPG-Based Spoofing Detection for Face Mask | attack | using Efficientnet on Weighted Spatial-Temporal Representation |
| RSD-GAN: Regularized Sobolev Defense GAN Against Speech-to-Text Adversarial | attack | s |
| Rust-Style Patch: A Physical and Naturalistic Camouflage | attack | s on Object Detector for Remote Sensing Images |
| SAGA: Spectral Adversarial Geometric | attack | on 3D Meshes |
| Sample Efficient Detection and Classification of Adversarial | attack | s via Self-Supervised Embeddings |
| Scale-Adaptive Adversarial Patch | attack | for Remote Sensing Image Aircraft Detection |
| Scaling up the Randomized Gradient-Free Adversarial | attack | Reveals Overestimation of Robustness Using Established Attacks |
| Scaling up the Randomized Gradient-Free Adversarial | attack | Reveals Overestimation of Robustness Using Established Attacks |
| Secret Revealer: Generative Model-Inversion | attack | s Against Deep Neural Networks, The |
| Secure and robust SIFT with resistance to chosen-plaintext | attack | |
| Secure Distributed Adaptive Platooning Control of Automated Vehicles Over Vehicular Ad-Hoc Networks Under Denial-of-Service | attack | s |
| Secure watermarking scheme against watermark | attack | s in the encrypted domain |
| Security evaluation of biometric authentication systems under real spoofing | attack | s |
| Security of Facial Forensics Models Against Adversarial | attack | s |
| Security Study of Routing | attack | s in Vehicular Ad-Hoc Networks (Autonomous Car) |
| Security Study of Routing | attack | s in Vehicular Ad-Hoc Networks (Vanets) |
| Segment and Complete: Defending Object Detectors against Adversarial Patch | attack | s with Robust Patch Detection |
| Segmentations-leak: Membership Inference | attack | s and Defenses in Semantic Image Segmentation |
| SegPGD: An Effective and Efficient Adversarial | attack | for Evaluating and Boosting Segmentation Robustness |
| Self-Attention Context Network: Addressing the Threat of Adversarial | attack | s for Hyperspectral Image Classification |
| self-immune to 3D masks | attack | s face recognition system, A |
| Self-supervised 2D face presentation | attack | detection via temporal sequence sampling |
| Self-Supervised Face Presentation | attack | Detection with Dynamic Grayscale Snippets |
| Semantic Adversarial | attack | s: Parametric Transformations That Fool Deep Classifiers |
| Semantically Stealthy Adversarial | attack | s against Segmentation Models |
| Semi-Leak: Membership Inference | attack | s Against Semi-supervised Learning |
| Sensitivity Analysis | attack | s Against Randomized Detectors |
| Sensor fault estimation of networked vehicle suspension system with deny-of-service | attack | |
| Sensor Fusion-Based GNSS Spoofing | attack | Detection Framework for Autonomous Vehicles, A |
| Sequential architecture-agnostic black-box | attack | design and analysis |
| Serve receive-to- | attack | period extraction and histogram-based player localization in broadcast volleyball videos |
| Set-level Guidance | attack | : Boosting Adversarial Transferability of Vision-Language Pre-training Models |
| Set-Valued State Estimation and | attack | Detection for Uncertain Descriptor Systems |
| Shadows can be Dangerous: Stealthy and Effective Physical-world Adversarial | attack | by Natural Phenomenon |
| Shape and Texture Based Countermeasure to Protect Face Recognition Systems against Mask | attack | s |
| Shape Matters: Deformable Patch | attack | |
| ShieldNets: Defending Against Adversarial | attack | s Using Probabilistic Adversarial Robustness |
| Shilling | attack | detection in collaborative filtering recommender system by PCA detection and perturbation |
| Sibling- | attack | : Rethinking Transferable Adversarial Attacks against Face Recognition |
| Sibling- | attack | : Rethinking Transferable Adversarial Attacks against Face Recognition |
| SIFT-Symmetry: A robust detection method for copy-move forgery with reflection | attack | |
| Sign-OPT+: An Improved Sign Optimization Adversarial | attack | |
| SilentTrig: An imperceptible backdoor | attack | against speaker identification with hidden triggers |
| Similarity-based Gray-box Adversarial | attack | Against Deep Face Recognition |
| Simple and Strong Baseline for Universal Targeted | attack | s on Siamese Visual Tracking, A |
| Simple Black-Box Adversarial | attack | s on Deep Neural Networks |
| Simple Countermeasure to Non-Linear Collusion | attack | s Targeted for Spread-Spectrum Fingerprinting Scheme |
| Simple Countermeasures to Mitigate the Effect of Pollution | attack | in Network Coding-Based Peer-to-Peer Live Streaming |
| Simtrojan: Stealthy Backdoor | attack | |
| Simulating Unknown Target Models for Query-Efficient Black-box | attack | s |
| Simulator | attack | + for Black-Box Adversarial Attack |
| Simulator | attack | + for Black-Box Adversarial Attack |
| Simultaneous | attack | on CNN-Based Monocular Depth Estimation and Optical Flow Estimation |
| Simultaneously Optimizing Perturbations and Positions for Black-Box Adversarial Patch | attack | s |
| Sinkhorn Adversarial | attack | and Defense |
| Smart City Security Issues: the Main | attack | s and Countermeasures |
| Smoothing Adversarial Domain | attack | and P-Memory Reconsolidation for Cross-Domain Person Re-Identification |
| Soccer Video Event Annotation by Synchronization of | attack | -Defense Clips and Match Reports With Coarse-Grained Time Information |
| Spark: Spatial-aware Online Incremental | attack | Against Visual Tracking |
| Sparse Adversarial | attack | via Perturbation Factorization |
| Sparse and Imperceivable Adversarial | attack | s |
| Sparse Black-Box Video | attack | with Reinforcement Learning |
| Spatial Distribution Assessment of Terrorist | attack | Types Based on I-MLKNN Model |
| Spatiotemporal | attack | s for Embodied Agents |
| Special ciphertext-only | attack | to double random phase encryption by plaintext shifting with speckle correlation |
| Spectro-Temporally Compressed Source Features for Replay | attack | Detection |
| Spoofed replay | attack | detection by Multidimensional Fourier transform on facial micro-expression regions |
| Square | attack | : A Query-efficient Black-box Adversarial Attack via Random Search |
| Square | attack | : A Query-efficient Black-box Adversarial Attack via Random Search |
| Stability Analysis for H_inf-Controlled Active Quarter-Vehicle Suspension Systems With a Resilient Event-Triggered Scheme Under Periodic DoS | attack | s |
| Statistical | attack | against fuzzy commitment scheme |
| Statistical | attack | against iris-biometric fuzzy commitment schemes |
| Statistical Meta-Analysis of Presentation | attack | s for Secure Multibiometric Systems |
| Stealthy Backdoor | attack | Against Speaker Recognition Using Phase-Injection Hidden Trigger |
| Stealthy Frequency-Domain Backdoor | attack | s: Fourier Decomposition and Fundamental Frequency Injection |
| Stealthy Physical Masked Face Recognition | attack | via Adversarial Style Optimization |
| Steganographic Security Analysis From Side Channel Steganalysis and Its Complementary | attack | s |
| Stochastic Variance Reduced Ensemble Adversarial | attack | for Boosting the Adversarial Transferability |
| Study of Smart Campus Environment and Its Security | attack | s, A |
| Study on using individual differences in facial expressions for a face recognition system immune to spoofing | attack | s |
| Study on Visual | attack | to BPCS-Steganography and Countermeasure, A |
| Subgraph Robustness of Complex Networks Under | attack | s |
| Substitute Meta-Learning for Black-Box Adversarial | attack | |
| Substitute Model Generation for Black-Box Adversarial | attack | Based on Knowledge Distillation |
| Support vector machines resilient against training data integrity | attack | s |
| SurFree: a fast surrogate-free black-box | attack | |
| Surveillance Face Presentation | attack | Detection Challenge |
| Survey of | attack | s on Controller Area Networks and Corresponding Countermeasures, A |
| Survey of Robustness and Safety of 2D and 3D Deep Learning Models against Adversarial | attack | s, A |
| survey on 3D mask presentation | attack | detection and countermeasures, A |
| Survey on Adversarial Recommender Systems: From | attack | /Defense Strategies to Generative Adversarial Networks, A |
| Survey on Situational Awareness of Ransomware | attack | s: Detection and Prevention Parameters, A |
| Survey on Watermarking Application Scenarios and Related | attack | s, A |
| Sybil | attack | Identification for Crowdsourced Navigation: A Self-Supervised Deep Learning Approach |
| Symmetric Saliency-Based Adversarial | attack | to Speaker Identification |
| Synchronization of Switched Neural Networks via | attacked | Mode-Dependent Event-Triggered Control and Its Application in Image Encryption |
| SynthASpoof: Developing Face Presentation | attack | Detection Based on Privacy-friendly Synthetic Data |
| Systematic Evaluation of Backdoor Data Poisoning | attack | s on Image Classifiers |
| T-BFA: Targeted Bit-Flip Adversarial Weight | attack | |
| t-RAIN: Robust generalization under weather-aliasing label shift | attack | s |
| T-SEA: Transfer-Based Self-Ensemble | attack | on Object Detection |
| TAFIM: Targeted Adversarial | attack | s Against Facial Image Manipulations |
| Tale of HodgeRank and Spectral Method: Target | attack | Against Rank Aggregation is the Fixed Point of Adversarial Game, A |
| Targeted Adversarial | attack | Against Deep Cross-Modal Hashing Retrieval |
| Targeted Adversarial | attack | s on Generalizable Neural Radiance Fields |
| Targeted | attack | and security enhancement on texture synthesis based steganography |
| Targeted | attack | for Deep Hashing Based Retrieval |
| Targeted | attack | of Deep Hashing Via Prototype-Supervised Adversarial Networks |
| Targeted Mismatch Adversarial | attack | : Query With a Flower to Retrieve the Tower |
| Task Assignment Algorithm for Multiple Aerial Vehicles to | attack | Targets With Dynamic Values, A |
| TAT: Targeted backdoor | attack | s against visual object tracking |
| TBT: Targeted Neural Network | attack | With Bit Trojan |
| Template Inversion | attack | against Face Recognition Systems using 3D Face Reconstruction |
| Temporal Similarity Analysis of Remote Photoplethysmography for Fast 3D Mask Face Presentation | attack | Detection |
| Temporal sparse adversarial | attack | on sequence-based gait recognition |
| Temporal Statistic Based Video Watermarking Scheme Robust against Geometric | attack | s and Frame Dropping |
| Theoretical Framework for Constructing Matching Algorithms Secure against Wolf | attack | , A |
| Time Series Intra-Video Collusion | attack | on Frame-by-Frame Video Watermarking, A |
| Time-aware and task-transferable adversarial | attack | for perception of autonomous vehicles |
| TkML-AP: Adversarial | attack | s to Top-k Multi-Label Learning |
| Topological safeguard for evasion | attack | interpreting the neural networks' behavior |
| Toward | attack | -Resistant Route Mutation for VANETs: An Online and Adaptive Multiagent Reinforcement Learning Approach |
| Toward high imperceptibility deep JPEG steganography based on sparse adversarial | attack | |
| Toward Resisting Forgery | attack | s via Pseudo-Signatures |
| Toward Robust Neural Image Compression: Adversarial | attack | and Model Finetuning |
| Toward Visual Distortion in Black-Box | attack | s |
| Towards | attack | -tolerant Federated Learning via Critical Parameter Analysis |
| Towards Benchmarking and Assessing Visual Naturalness of Physical World Adversarial | attack | s |
| Towards Class-Oriented Poisoning | attack | s Against Neural Networks |
| Towards Efficient Data Free Blackbox Adversarial | attack | |
| Towards generalized morphing | attack | detection by learning residuals |
| Towards Improving the Anti- | attack | Capability of the Rangenet++ |
| Towards Model Quantization on the Resilience Against Membership Inference | attack | s |
| Towards More Realistic Membership Inference | attack | s on Large Diffusion Models |
| Towards Practical Deployment-Stage Backdoor | attack | on Deep Neural Networks |
| Towards Query Efficient and Generalizable Black-Box Face Reconstruction | attack | |
| Towards realistic fingerprint presentation | attack | s: The ScreenSpoof method |
| Towards Robust Community Detection via Extreme Adversarial | attack | s |
| Towards Robust Rain Removal Against Adversarial | attack | s: A Comprehensive Benchmark Analysis and Beyond |
| Towards Transferable Adversarial | attack | s on Image and Video Transformers |
| Towards Transferable Targeted | attack | |
| Towards Universal Physical | attack | s on Cascaded Camera-Lidar 3d Object Detection Models |
| Tracing the Origin of Adversarial | attack | for Forensic Investigation and Deterrence |
| Traffic sign | attack | via pinpoint region probability estimation network |
| Transferability analysis of adversarial | attack | s on gender classification to face recognition: Fixed and variable attack perturbation |
| Transferability analysis of adversarial | attack | s on gender classification to face recognition: Fixed and variable attack perturbation |
| Transferable Adversarial | attack | for Both Vision Transformers and Convolutional Networks via Momentum Integrated Gradients |
| Transferable Adversarial | attack | on 3d Object Tracking in Point Cloud |
| Transferable Adversarial | attack | s for Deep Scene Text Detection |
| Transferable Adversarial | attack | s on Vision Transformers with Token Gradient Regularization |
| Transferable Adversarial Belief | attack | With Salient Region Perturbation Restriction, A |
| Transferable, Controllable, and Inconspicuous Adversarial | attack | s on Person Re-identification With Deep Mis-Ranking |
| Transformer-Encoder Detector Module: Using Context to Improve Robustness to Adversarial | attack | s on Object Detection |
| Translucent Patch: A Physical and Universal | attack | on Object Detectors, The |
| Transpatch: A Transformer-based Generator for Accelerating Transferable Patch Generation in Adversarial | attack | s Against Object Detection Models |
| Triangle | attack | : A Query-Efficient Decision-Based Adversarial Attack |
| Triangle | attack | : A Query-Efficient Decision-Based Adversarial Attack |
| Triggering Failures: Out-Of-Distribution detection by learning from local adversarial | attack | s in Semantic Segmentation |
| TrojDiff: Trojan | attack | s on Diffusion Models with Diverse Targets |
| Trust in Vehicles: Toward Context-Aware Trust and | attack | Resistance for the Internet of Vehicles |
| Trust Region Based Adversarial | attack | on Neural Networks |
| Turning Strengths into Weaknesses: A Certified Robustness Inspired | attack | Framework against Graph Neural Networks |
| Type I | attack | For Generative Models |
| Uncertainty-weighted Loss Functions for Improved Adversarial | attack | s on Semantic Segmentation |
| Understanding adversarial | attack | s on deep learning based medical image analysis systems |
| Understanding Cross Domain Presentation | attack | Detection for Visible Face Recognition |
| Understanding the Robustness of Skeleton-based Action Recognition under Adversarial | attack | |
| Unified Adversarial Patch for Cross-modal | attack | s in the Physical World |
| Unified Adversarial Patch for Visible-Infrared Cross-Modal | attack | s in the Physical World |
| Unified Detection of Digital and Physical Face | attack | s |
| Unified Model for Face Matching and Presentation | attack | Detection using an Ensemble of Vision Transformer Features, A |
| uniform representation model for OCT-based fingerprint presentation | attack | detection and reconstruction, A |
| UniNet: A Unified Scene Understanding Network and Exploring Multi-Task Relationships through the Lens of Adversarial | attack | s |
| Universal Adversarial | attack | on Attention and the Resulting Dataset DAmageNet |
| Universal Adversarial | attack | Via Enhanced Projected Gradient Descent |
| Universal Adversarial Patch | attack | for Automatic Checkout Using Perceptual and Attentional Bias |
| Universal Chosen-Ciphertext | attack | for a Family of Image Encryption Schemes |
| Universal Litmus Patterns: Revealing Backdoor | attack | s in CNNs |
| Universal Perturbation | attack | Against Image Retrieval |
| Universal Perturbation Generation for Black-box | attack | Using Evolutionary Algorithms |
| Universal Physical Camouflage | attack | s on Object Detectors |
| Universal Spectral Adversarial | attack | s for Deformable Shapes |
| Unknown presentation | attack | detection against rational attackers |
| Unmanned Ground Vehicle Platooning Under Cyber | attack | s: A Human-Robot Interaction Framework |
| Unrestricted Black-box Adversarial | attack | Using GAN with Limited Queries |
| Unseen Face Presentation | attack | Detection Using Sparse Multiple Kernel Fisher Null-Space |
| Using Animation in Active Learning Tool to Detect Possible | attack | s in Cryptographic Protocols |
| Using Deep learning for image watermarking | attack | |
| Vax-a-net: Training-time Defence Against Adversarial Patch | attack | s |
| Versatile Weight | attack | via Flipping Limited Bits |
| Viability of Optical Coherence Tomography for Iris Presentation | attack | Detection |
| Video watermarking scheme resistant to geometric | attack | s |
| video-based surveillance solution for protecting the air-intakes of buildings from chem-bio | attack | s, A |
| ViP: Unified Certified Detection and Recovery for Patch | attack | with Vision Transformers |
| visual dictionary | attack | on Picture Passwords, A |
| Visual/Inertial/GNSS Integrated Navigation System under GNSS Spoofing | attack | |
| Vitranspad: Video Transformer Using Convolution And Self-Attention For Face Presentation | attack | Detection |
| Vulnerabilities, | attack | s, and Countermeasures in Balise-Based Train Control Systems |
| Vulnerability of Person Re-Identification Models to Metric Adversarial | attack | s |
| Vulnerability of Semantic Segmentation Networks to Adversarial | attack | s in Autonomous Driving: Enhancing Extensive Environment Sensing, The |
| WatchNet++: efficient and accurate depth-based network for detecting people | attack | s and intrusion |
| Watermark Embedding and Recovery in the Presence of C-LPCD De-synchronization | attack | s |
| Watermark Vaccine: Adversarial | attack | s to Prevent Watermark Removal |
| Watermarking | attack | : Security of WSS Techniques |
| Watermarking scheme capable of resisting | attack | s based on availability of inserter |
| Watermarking Scheme Capable of Resisting Sensitivity | attack | |
| Watermarking-Based Framework for Protecting Deep Image Classifiers Against Adversarial | attack | s, A |
| Wavelet-FCWAN: Fast and Covert Watermarking | attack | Network in Wavelet Domain |
| Web-based Smart Telecare System for Early Diagnosis of Heart | attack | , A |
| Website Fingerprinting | attack | on Psiphon and Its Forensic Analysis |
| What Does It Mean to Learn in Deep Networks? And, How Does One Detect Adversarial | attack | s? |
| When NAS Meets Robustness: In Search of Robust Architectures Against Adversarial | attack | s |
| Wolf | attack | Probability: A New Security Measure in Biometric Authentication Systems |
| World State | attack | to Blockchain Based IoV and Efficient Protection With Hybrid RSUs Architecture |
| Yet Another Intermediate-level | attack | |
| You Are Catching My Attention: Are Vision Transformers Bad Learners under Backdoor | attack | s? |
| You See What I Want You to See: Exploring Targeted Black-Box Transferability | attack | for Hash-based Image Retrieval Systems |
| Zero-Query Transfer | attack | s on Context-Aware Object Detectors |
| Zero-Shot Attribute | attack | s on Fine-Grained Recognition Models |
| Zero-Watermarking Based on Improved ORB Features Against Print-cam | attack | |
1059 for attack