Ruitian Ding

Global Challenge: The security of machine learning models.

Abstract:

For computer vision systems, adversarial patches that get placed on objects can cause the computer vision systems to give wrong outputs, which can be very dangerous when computer vision is used in a context that has low tolerance of error, such as autonomous driving.

“DAP: A Dynamic Adversarial Patch for Evading Person Detectors” introduces a novel approach that produces an adversarial patch that is efficient, stealthy, and robust to real-world transformations. The approach involves redefining the optimization problem and introducing a novel objective function that incorporates a similarity metric to guide the patch's creation. Unlike GAN-based techniques, the DAP directly modifies pixel values within the patch, providing increased flexibility and adaptability to multiple transformations. Furthermore, most clothing-based physical attacks assume static objects and ignore the possible transformations caused by non-rigid deformation due to changes in a person's pose. To address this limitation, crease transformation is applied to the patch during the training, enhancing the patch's resilience to a variety of real-world distortions. Experimental results demonstrate that the proposed approach outperforms state-of-the-art attacks, achieving a success rate of up to 82.28% in the digital world when targeting the YOLOv7 detector and 65% in the physical world when targeting YOLOv3tiny detectors deployed in edge-based smart cameras.

This paper is related to the NAE Grand Challenge of securing cyberspace. As computer vision models become more prevalent in our society, their ability to withstand cyber attacks also becomes more crucial. By exploring weaknesses in the computer vision models, this paper can prompt developers of computer vision models to implement more robust defenses that fix this problem, which can stop actual adversaries from taking advantage of similar loopholes. In addition, the method of generating adversarial patches also provides a potential tool for testing the robustness of computer vision models and can enhance the security of these models.

Bio:

Victor Ding was born in China but moved to Australia when he was 12, an experience that exposed him to different perspectives.
Victor Ding pursued a Bachelor of Science in Computer Science in NYU Tandon while also minoring in Mathematics and Cybersecurity. His academic interest lies in the area of machine learning, cybersecurity, and robotics, particularly in the intersection of these areas.
Victor’s GLASS project focuses on the security of machine learning models.

He participated in research on adversarial machine learning during his semester in NYU Abu Dhabi. Victor’s research utilized machine learning to create a naturalistic patch that can fool object detectors, which exposes the security vulnerabilities of these models and offers a method of testing the robustness of object detectors.

During his four years of undergraduate education, Victor engaged in a wide range of activities. Since freshman year, Victor has participated in the VIP team Robosub, which builds an autonomous underwater vehicle, and served as co-president for the team in his senior year. Victor also joined NYU’s cybersecurity lab, Osiris Lab, to practice his cybersecurity skill and learn from other members of the lab. In addition, Victor also interned at a startup company 10Clear to gain real world software engineering skills.