Enhancing Robust Representation in Adversarial Training: Alignment and Exclusion Criteria

Deep neural networks are vulnerable to adversarial noise. Adversarial Training (AT) has been demonstrated to be the most effective defense strategy to protect neural networks from being fooled. However, we find AT omits to learning robust features, resulting in poor performance of adversarial robustness. To address this issue, we highlight two criteria of robust representation: (1) Exclusion: \emph{the feature of examples keeps away from that of other classes}; (2) Alignment: \emph{the feature of natural and corresponding adversarial examples is close to each other}. These motivate us to propose a generic framework of AT to gain robust representation, by the asymmetric negative contrast and reverse attention. Specifically, we design an asymmetric negative contrast based on predicted probabilities, to push away examples of different classes in the feature space. Moreover, we propose to weight feature by parameters of the linear classifier as the reverse attention, to obtain class-aware feature and pull close the feature of the same class. Empirical evaluations on three benchmark datasets show our methods greatly advance the robustness of AT and achieve state-of-the-art performance.Comment: 10 pages, 9 figures, Submitted to TIF

Mitigating Feature Gap for Adversarial Robustness by Feature Disentanglement

Deep neural networks are vulnerable to adversarial samples. Adversarial fine-tuning methods aim to enhance adversarial robustness through fine-tuning the naturally pre-trained model in an adversarial training manner. However, we identify that some latent features of adversarial samples are confused by adversarial perturbation and lead to an unexpectedly increasing gap between features in the last hidden layer of natural and adversarial samples. To address this issue, we propose a disentanglement-based approach to explicitly model and further remove the latent features that cause the feature gap. Specifically, we introduce a feature disentangler to separate out the latent features from the features of the adversarial samples, thereby boosting robustness by eliminating the latent features. Besides, we align features in the pre-trained model with features of adversarial samples in the fine-tuned model, to further benefit from the features from natural samples without confusion. Empirical evaluations on three benchmark datasets demonstrate that our approach surpasses existing adversarial fine-tuning methods and adversarial training baselines.Comment: 8 pages, 6 figure

TransFA: Transformer-based Representation for Face Attribute Evaluation

Face attribute evaluation plays an important role in video surveillance and face analysis. Although methods based on convolution neural networks have made great progress, they inevitably only deal with one local neighborhood with convolutions at a time. Besides, existing methods mostly regard face attribute evaluation as the individual multi-label classification task, ignoring the inherent relationship between semantic attributes and face identity information. In this paper, we propose a novel \textbf{trans}former-based representation for \textbf{f}ace \textbf{a}ttribute evaluation method (\textbf{TransFA}), which could effectively enhance the attribute discriminative representation learning in the context of attention mechanism. The multiple branches transformer is employed to explore the inter-correlation between different attributes in similar semantic regions for attribute feature learning. Specially, the hierarchical identity-constraint attribute loss is designed to train the end-to-end architecture, which could further integrate face identity discriminative information to boost performance. Experimental results on multiple face attribute benchmarks demonstrate that the proposed TransFA achieves superior performances compared with state-of-the-art methods

Attention Consistency Refined Masked Frequency Forgery Representation for Generalizing Face Forgery Detection

Due to the successful development of deep image generation technology, visual data forgery detection would play a more important role in social and economic security. Existing forgery detection methods suffer from unsatisfactory generalization ability to determine the authenticity in the unseen domain. In this paper, we propose a novel Attention Consistency Refined masked frequency forgery representation model toward generalizing face forgery detection algorithm (ACMF). Most forgery technologies always bring in high-frequency aware cues, which make it easy to distinguish source authenticity but difficult to generalize to unseen artifact types. The masked frequency forgery representation module is designed to explore robust forgery cues by randomly discarding high-frequency information. In addition, we find that the forgery attention map inconsistency through the detection network could affect the generalizability. Thus, the forgery attention consistency is introduced to force detectors to focus on similar attention regions for better generalization ability. Experiment results on several public face forgery datasets (FaceForensic++, DFD, Celeb-DF, and WDF datasets) demonstrate the superior performance of the proposed method compared with the state-of-the-art methods.Comment: The source code and models are publicly available at https://github.com/chenboluo/ACM

Visual Privacy Protection Based on Type-I Adversarial Attack

With the development of online artificial intelligence systems, many deep neural networks (DNNs) have been deployed in cloud environments. In practical applications, developers or users need to provide their private data to DNNs, such as faces. However, data transmitted and stored in the cloud is insecure and at risk of privacy leakage. In this work, inspired by Type-I adversarial attack, we propose an adversarial attack-based method to protect visual privacy of data. Specifically, the method encrypts the visual information of private data while maintaining them correctly predicted by DNNs, without modifying the model parameters. The empirical results on face recognition tasks show that the proposed method can deeply hide the visual information in face images and hardly affect the accuracy of the recognition models. In addition, we further extend the method to classification tasks and also achieve state-of-the-art performance

Gradient constrained sharpness-aware prompt learning for vision-language models

This paper targets a novel trade-off problem in generalizable prompt learning for vision-language models (VLM), i.e., improving the performance on unseen classes while maintaining the performance on seen classes. Comparing with existing generalizable methods that neglect the seen classes degradation, the setting of this problem is more strict and fits more closely with practical applications. To solve this problem, we start from the optimization perspective, and leverage the relationship between loss landscape geometry and model generalization ability. By analyzing the loss landscapes of the state-of-the-art method and vanilla Sharpness-aware Minimization (SAM) based method, we conclude that the trade-off performance correlates to both loss value and loss sharpness, while each of them is indispensable. However, we find the optimizing gradient of existing methods cannot maintain high relevance to both loss value and loss sharpness during optimization, which severely affects their trade-off performance. To this end, we propose a novel SAM-based method for prompt learning, denoted as Gradient Constrained Sharpness-aware Context Optimization (GCSCoOp), to dynamically constrain the optimizing gradient, thus achieving above two-fold optimization objective simultaneously. Extensive experiments verify the effectiveness of GCSCoOp in the trade-off problem.Comment: 19 pages 11 figure

FedForgery: Generalized Face Forgery Detection with Residual Federated Learning

With the continuous development of deep learning in the field of image generation models, a large number of vivid forged faces have been generated and spread on the Internet. These high-authenticity artifacts could grow into a threat to society security. Existing face forgery detection methods directly utilize the obtained public shared or centralized data for training but ignore the personal privacy and security issues when personal data couldn't be centralizedly shared in real-world scenarios. Additionally, different distributions caused by diverse artifact types would further bring adverse influences on the forgery detection task. To solve the mentioned problems, the paper proposes a novel generalized residual Federated learning for face Forgery detection (FedForgery). The designed variational autoencoder aims to learn robust discriminative residual feature maps to detect forgery faces (with diverse or even unknown artifact types). Furthermore, the general federated learning strategy is introduced to construct distributed detection model trained collaboratively with multiple local decentralized devices, which could further boost the representation generalization. Experiments conducted on publicly available face forgery detection datasets prove the superior performance of the proposed FedForgery. The designed novel generalized face forgery detection protocols and source code would be publicly available.Comment: The code is available at https://github.com/GANG370/FedForgery. The paper has been accepted in the IEEE Transactions on Information Forensics & Securit

Glucose-fueled Micromotors with Highly Efficient Visible Light Photocatalytic Propulsion

Synthetic micro/nanomotors fueled by glucose are highly desired for numerous practical applications because of the biocompatibility of their required fuel. However, currently all of the glucose-fueled micro/nanomotors are based on enzyme-catalytic-driven mechanisms, which usually suffer from strict operation conditions and weak propulsion characteristics that greatly limit their applications. Here, we report a highly efficient glucose-fueled cuprous oxide@N-doped carbon nanotube (Cu_2O@N-CNT) micromotor, which can be activated by environment-friendly visible-light photocatalysis. The speeds of such Cu_2O@N-CNT micromotors can reach up to 18.71 μm/s, which is comparable to conventional Pt-based catalytic Janus micromotors usually fueled by toxic H_2O_2 fuel. In addition, the velocities of such motors can be efficiently regulated by multiple approaches, such as adjusting the N-CNT content within the micromotors, glucose concentrations, or light intensities. Furthermore, the Cu_2O@N-CNT micromotors exhibit a highly controllable negative phototaxis behavior (moving away from light sources). Such motors with outstanding propulsion in biological environments and wireless, repeatable, and light-modulated three-dimensional motion control are extremely attractive for future practical applications

Broadband Doherty Power Amplifier With Transferable Continuous Mode

In this paper, in-band continuous mode transferring (CMT) method is presented for designing broadband Doherty power amplifier (DPA). Specifically, transferable continuous mode, transferring between class-J continuum to class-F-1 continuum, is introduced into DPA at output back-off (OBO) power level for improving bandwidth and efficiency. For validation, a broadband DPA with operation mode transferring from continuous class-J to continuous class-F-1 is designed, fabricated and measured. Experimental results show the drain efficiencies (DEs) of the fabricated DPA are 46.3%-57.7% and 58.4%-69.1% at 6 dB OBO and peaking power levels over 1.7-2.6 GHz. The saturation power of this DPA is 43.1-45.2 dBm with a gain of 9.1-11.2 dB in the interested band. Furthermore, when the fabricated DPA is stimulated by a 20 MHz wideband signal with a peak-to-average power ratio (PAPR) of 7.05 dB at 2.4 GHz, the measured average power is 36.5 dBm with an average DE of 45.7%, and the measured adjacent channel leakage ratios (ACLRs) are -31.9 dBc and -50.4 dBc before and after DPD technique, respectively