Skip to main content

Shape Matters: Deformable Patch Attack

  • Conference paper
  • First Online:
Computer Vision – ECCV 2022 (ECCV 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13664))

Included in the following conference series:

Abstract

Though deep neural networks (DNNs) have demonstrated excellent performance in computer vision, they are susceptible and vulnerable to carefully crafted adversarial examples which can mislead DNNs to incorrect outputs. Patch attack is one of the most threatening forms, which has the potential to threaten the security of real-world systems. Previous work always assumes patches to have fixed shapes, such as circles or rectangles, and it does not consider the shape of patches as a factor in patch attacks. To explore this issue, we propose a novel Deformable Patch Representation (DPR) that can harness the geometric structure of triangles to support the differentiable mapping between contour modeling and masks. Moreover, we introduce a joint optimization algorithm, named Deformable Adversarial Patch (DAPatch), which allows simultaneous and efficient optimization of shape and texture to enhance attack performance. We show that even with a small area, a particular shape can improve attack performance. Therefore, DAPatch achieves state-of-the-art attack performance by deforming shapes on GTSRB and ILSVRC2012 across various network architectures, and the generated patches can be threatening in the real world.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Athalye, A., Carlini, N., Wagner, D.A.: Obfuscated gradients give a false sense of security: circumventing defenses to adversarial examples. In: Dy, J.G., Krause, A. (eds.) Proceedings of the 35th International Conference on Machine Learning, ICML 2018, Stockholmsmässan, Stockholm, Sweden, 10–15 July 2018. Proceedings of Machine Learning Research, vol. 80, pp. 274–283. PMLR (2018). http://proceedings.mlr.press/v80/athalye18a.html

  2. Belongie, S.J., Malik, J., Puzicha, J.: Shape matching and object recognition using shape contexts. IEEE Trans. Pattern Anal. Mach. Intell. 24(4), 509–522 (2002). https://doi.org/10.1109/34.993558

    Article  Google Scholar 

  3. Brown, T.B., Mané, D., Roy, A., Abadi, M., Gilmer, J.: Adversarial patch (2017). http://arxiv.org/abs/1712.09665

  4. Chen, C., Zhang, J., Lyu, L.: Gear: a margin-based federated adversarial training approach. In: International Workshop on Trustable, Verifiable, and Auditable Federated Learning in Conjunction with AAAI 2022 (FL-AAAI-22) (2022)

    Google Scholar 

  5. Chen, Z., Li, B., Xu, J., Wu, S., Ding, S., Zhang, W.: Towards practical certifiable patch defense with vision transformer. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pp. 15148–15158, June 2022

    Google Scholar 

  6. Chiang, P., Ni, R., Abdelkader, A., Zhu, C., Studer, C., Goldstein, T.: Certified defenses for adversarial patches. In: 8th International Conference on Learning Representations, ICLR 2020, Addis Ababa, Ethiopia, 26–30 April 2020. OpenReview.net (2020). https://openreview.net/forum?id=HyeaSkrYPH

  7. Dai, J., et al.: Deformable convolutional networks. In: IEEE International Conference on Computer Vision, ICCV 2017, Venice, Italy, 22–29 October 2017, pp. 764–773. IEEE Computer Society (2017). https://doi.org/10.1109/ICCV.2017.89

  8. Ding, L., et al.: Towards universal physical attacks on single object tracking. In: Thirty-Fifth AAAI Conference on Artificial Intelligence, AAAI 2021, Thirty-Third Conference on Innovative Applications of Artificial Intelligence, IAAI 2021, The Eleventh Symposium on Educational Advances in Artificial Intelligence, EAAI 2021, Virtual Event, 2–9 February 2021, pp. 1236–1245. AAAI Press (2021). https://ojs.aaai.org/index.php/AAAI/article/view/16211

  9. Dosovitskiy, A., et a.: An image is worth 16x16 words: transformers for image recognition at scale. In: 9th International Conference on Learning Representations, ICLR 2021, Virtual Event, Austria, 3–7 May 2021. OpenReview.net (2021). https://openreview.net/forum?id=YicbFdNTTy

  10. Eykholt, K., et al.: Robust physical-world attacks on deep learning visual classification. In: 2018 IEEE Conference on Computer Vision and Pattern Recognition, CVPR 2018, Salt Lake City, UT, USA, 18–22 June 2018, pp. 1625–1634. IEEE Computer Society (2018). https://doi.org/10.1109/CVPR.2018.00175, http://openaccess.thecvf.com/content_cvpr_2018/html/Eykholt_Robust_Physical-World_Attacks_CVPR_2018_paper.html

  11. Geirhos, R., Rubisch, P., Michaelis, C., Bethge, M., Wichmann, F.A., Brendel, W.: Imagenet-trained CNNs are biased towards texture; increasing shape bias improves accuracy and robustness. In: 7th International Conference on Learning Representations, ICLR 2019, New Orleans, LA, USA, 6–9 May 2019. OpenReview.net (2019). https://openreview.net/forum?id=Bygh9j09KX

  12. Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. In: Bengio, Y., LeCun, Y. (eds.) 3rd International Conference on Learning Representations, ICLR 2015, San Diego, CA, USA, 7–9 May 2015, Conference Track Proceedings (2015). http://arxiv.org/abs/1412.6572

  13. Gu, Z., et al.: Spatiotemporal inconsistency learning for deepfake video detection. In: Proceedings of the 29th ACM International Conference on Multimedia, pp. 3473–3481 (2021)

    Google Scholar 

  14. Gu, Z., Chen, Y., Yao, T., Ding, S., Li, J., Ma, L.: Delving into the local: dynamic inconsistency learning for deepfake video detection. In: Proceedings of the 36th AAAI Conference on Artificial Intelligence (2022)

    Google Scholar 

  15. Gu, Z., Li, F., Fang, F., Zhang, G.: A novel retinex-based fractional-order variational model for images with severely low light. IEEE Trans. Image Process. 29, 3239–3253 (2020)

    Article  MathSciNet  MATH  Google Scholar 

  16. Gu, Z., Li, F., Lv, X.G.: A detail preserving variational model for image retinex. Appl. Math. Model. 68, 643–661 (2019)

    Article  MathSciNet  MATH  Google Scholar 

  17. Gu, Z., Yao, T., Yang, C., Yi, R., Ding, S., Ma, L.: Region-aware temporal inconsistency learning for deepfake video detection. In: Proceedings of the 31th International Joint Conference on Artificial Intelligence (2022)

    Google Scholar 

  18. Hayes, J.: On visible adversarial perturbations & digital watermarking. In: 2018 IEEE Conference on Computer Vision and Pattern Recognition Workshops, CVPR Workshops 2018, Salt Lake City, UT, USA, 18–22 June 2018, pp. 1597–1604. Computer Vision Foundation/IEEE Computer Society (2018). https://doi.org/10.1109/CVPRW.2018.00210, http://openaccess.thecvf.com/content_cvpr_2018_workshops/w32/html/Hayes_On_Visible_Adversarial_CVPR_2018_paper.html

  19. He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition. In: 2016 IEEE Conference on Computer Vision and Pattern Recognition, CVPR 2016, Las Vegas, NV, USA, 27–30 June 2016, pp. 770–778. IEEE Computer Society (2016). https://doi.org/10.1109/CVPR.2016.90

  20. Huang, G., Liu, Z., van der Maaten, L., Weinberger, K.Q.: Densely connected convolutional networks. In: 2017 IEEE Conference on Computer Vision and Pattern Recognition, CVPR 2017, Honolulu, HI, USA, 21–26 July 2017, pp. 2261–2269. IEEE Computer Society (2017). https://doi.org/10.1109/CVPR.2017.243

  21. Huang, H., Wang, Y., Chen, Z., Tang, Z., Zhang, W., Ma, K.: Rpattack: refined patch attack on general object detectors. In: 2021 IEEE International Conference on Multimedia and Expo, ICME 2021, Shenzhen, China, 5–9 July 2021, pp. 1–6. IEEE (2021). https://doi.org/10.1109/ICME51207.2021.9428443

  22. Huang, H., et al.: CMUA-watermark: a cross-model universal adversarial watermark for combating deepfakes. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol. 36, pp. 989–997 (2022)

    Google Scholar 

  23. Huang, L., Gao, C., Zhou, Y., Xie, C., Yuille, A.L., Zou, C., Liu, N.: Universal physical camouflage attacks on object detectors. In: 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition, CVPR 2020, Seattle, WA, USA, 13–19 June 2020, pp. 717–726. Computer Vision Foundation/IEEE (2020). https://doi.org/10.1109/CVPR42600.2020.00080, https://openaccess.thecvf.com/content_CVPR_2020/html/Huang_Universal_Physical_Camouflage_Attacks_on_Object_Detectors_CVPR_2020_paper.html

  24. Karmon, D., Zoran, D., Goldberg, Y.: Lavan: localized and visible adversarial noise. In: Dy, J.G., Krause, A. (eds.) Proceedings of the 35th International Conference on Machine Learning, ICML 2018, Stockholmsmässan, Stockholm, Sweden, 10–15 July 2018. Proceedings of Machine Learning Research, vol. 80, pp. 2512–2520. PMLR (2018). http://proceedings.mlr.press/v80/karmon18a.html

  25. Kong, X., Liu, X., Gu, J., Qiao, Y., Dong, C.: Reflash dropout in image super-resolution. arXiv preprint arXiv:2112.12089 (2021)

  26. Kong, X., Zhao, H., Qiao, Y., Dong, C.: ClassSR: a general framework to accelerate super-resolution networks by data characteristic. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pp. 12016–12025, June 2021

    Google Scholar 

  27. Levine, A., Feizi, S.: (de)randomized smoothing for certifiable defense against patch attacks. In: Larochelle, H., Ranzato, M., Hadsell, R., Balcan, M., Lin, H. (eds.) Advances in Neural Information Processing Systems 33: Annual Conference on Neural Information Processing Systems 2020, NeurIPS 2020, December 2020, pp. 6–12. Virtual (2020). https://proceedings.neurips.cc/paper/2020/hash/47ce0875420b2dbacfc5535f94e68433-Abstract.html

  28. Li, B., Sun, Z., Guo, Y.: SuperVAE: superpixelwise variational autoencoder for salient object detection. In: The Thirty-Third AAAI Conference on Artificial Intelligence, AAAI 2019, Honolulu, Hawaii, USA, 27 January–1 February 2019, pp. 8569–8576. AAAI Press (2019). https://doi.org/10.1609/aaai.v33i01.33018569

  29. Li, B., Sun, Z., Li, Q., Wu, Y., Hu, A.: Group-wise deep object co-segmentation with co-attention recurrent neural network. In: 2019 IEEE/CVF International Conference on Computer Vision, ICCV 2019, Seoul, Korea (South), 27 October –2 November 2019, pp. 8518–8527. IEEE (2019). https://doi.org/10.1109/ICCV.2019.00861

  30. Li, B., Sun, Z., Tang, L., Hu, A.: Two-b-real net: two-branch network for real-time salient object detection. In: IEEE International Conference on Acoustics, Speech and Signal Processing, ICASSP 2019, Brighton, United Kingdom, 12–17 May 2019, pp. 1662–1666. IEEE (2019). https://doi.org/10.1109/ICASSP.2019.8683022

  31. Li, B., Sun, Z., Tang, L., Sun, Y., Shi, J.: Detecting robust co-saliency with recurrent co-attention neural network. In: Kraus, S. (ed.) Proceedings of the Twenty-Eighth International Joint Conference on Artificial Intelligence, IJCAI 2019, Macao, China, 10–16 August 2019, pp. 818–825. ijcai.org (2019). https://doi.org/10.24963/ijcai.2019/115

  32. Li, B., Sun, Z., Wang, Q., Li, Q.: Co-saliency detection based on hierarchical consistency. In: Amsaleg, L., et al. (eds.) Proceedings of the 27th ACM International Conference on Multimedia, MM 2019, Nice, France, 21–25 October 2019, pp. 1392–1400. ACM (2019). https://doi.org/10.1145/3343031.3351016

  33. Li, B., Xu, J., Wu, S., Ding, S., Li, J., Huang, F.: Detecting adversarial patch attacks through global-local consistency. In: Song, D., et al. (eds.) ADVM 2021: Proceedings of the 1st International Workshop on Adversarial Learning for Multimedia, Virtual Event, China, 20 October 2021, pp. 35–41. ACM (2021). https://doi.org/10.1145/3475724.3483606

  34. Li, Y., et al.: Shape-texture debiased neural network training. In: 9th International Conference on Learning Representations, ICLR 2021, Virtual Event, Austria, 3–7 May 2021. OpenReview.net (2021). https://openreview.net/forum?id=Db4yerZTYkz

  35. Liu, A., et al.: Perceptual-sensitive GAN for generating adversarial patches. In: The Thirty-Third AAAI Conference on Artificial Intelligence, AAAI 2019, The Thirty-First Innovative Applications of Artificial Intelligence Conference, IAAI 2019, The Ninth AAAI Symposium on Educational Advances in Artificial Intelligence, EAAI 2019, Honolulu, Hawaii, USA, 27 January–1 February 2019, pp. 1028–1035. AAAI Press (2019). https://doi.org/10.1609/aaai.v33i01.33011028

  36. Liu, S., et al.: Efficient universal shuffle attack for visual object tracking. In: ICASSP 2022–2022 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pp. 2739–2743. IEEE (2022)

    Google Scholar 

  37. Liu, Z., et al.: Swin transformer: hierarchical vision transformer using shifted windows (2021). https://arxiv.org/abs/2103.14030

  38. Madry, A., Makelov, A., Schmidt, L., Tsipras, D., Vladu, A.: Towards deep learning models resistant to adversarial attacks. In: 6th International Conference on Learning Representations, ICLR 2018, Vancouver, BC, Canada, 30 April –3 May 2018, Conference Track Proceedings. OpenReview.net (2018). https://openreview.net/forum?id=rJzIBfZAb

  39. Malik, J., Belongie, S.J., Leung, T.K., Shi, J.: Contour and texture analysis for image segmentation. Int. J. Comput. Vis. 43(1), 7–27 (2001). https://doi.org/10.1023/A:1011174803800

    Article  MATH  Google Scholar 

  40. Naseer, M., Khan, S., Porikli, F.: Local gradients smoothing: defense against localized adversarial attacks. In: IEEE Winter Conference on Applications of Computer Vision, WACV 2019, Waikoloa Village, HI, USA, 7–11 January 2019, pp. 1300–1307. IEEE (2019). https://doi.org/10.1109/WACV.2019.00143

  41. Paszke, A., et al.: PyTorch: an imperative style, high-performance deep learning library. In: Wallach, H.M., Larochelle, H., Beygelzimer, A., d’Alché-Buc, F., Fox, E.B., Garnett, R. (eds.) Advances in Neural Information Processing Systems 32: Annual Conference on Neural Information Processing Systems 2019, NeurIPS 2019, pp. 8–14, December 2019. Vancouver, BC, Canada, pp. 8024–8035 (2019). https://proceedings.neurips.cc/paper/2019/hash/bdbca288fee7f92f2bfa9f7012727740-Abstract.html

  42. Rao, S., Stutz, D., Schiele, B.: Adversarial training against location-optimized adversarial patches. In: Bartoli, A., Fusiello, A. (eds.) ECCV 2020. LNCS, vol. 12539, pp. 429–448. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-68238-5_32

    Chapter  Google Scholar 

  43. Russakovsky, O., et al.: ImageNet large scale visual recognition challenge. Int. J. Comput. Vision 115(3), 211–252 (2015). https://doi.org/10.1007/s11263-015-0816-y

  44. Sandler, M., Howard, A.G., Zhu, M., Zhmoginov, A., Chen, L.: MobileNetv 2: inverted residuals and linear bottlenecks. In: 2018 IEEE Conference on Computer Vision and Pattern Recognition, CVPR 2018, Salt Lake City, UT, USA, 18–22 June 2018, pp. 4510–4520. IEEE Computer Society (2018). https://doi.org/10.1109/CVPR.2018.00474, http://openaccess.thecvf.com/content_cvpr_2018/html/Sandler_MobileNetV2_Inverted_Residuals_CVPR_2018_paper.html

  45. Sharif, M., Bhagavatula, S., Bauer, L., Reiter, M.K.: Accessorize to a crime: real and stealthy attacks on state-of-the-art face recognition. In: Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S. (eds.) Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, 24–28 October 2016, pp. 1528–1540. ACM (2016). https://doi.org/10.1145/2976749.2978392

  46. Shen, T., et al.: Federated mutual learning. arXiv preprint arXiv:2006.16765 (2020)

  47. Simonyan, K., Zisserman, A.: Very deep convolutional networks for large-scale image recognition. In: Bengio, Y., LeCun, Y. (eds.) 3rd International Conference on Learning Representations, ICLR 2015, San Diego, CA, USA, 7–9 May 2015, Conference Track Proceedings (2015). http://arxiv.org/abs/1409.1556

  48. Szegedy, C., et al.: Intriguing properties of neural networks. In: Bengio, Y., LeCun, Y. (eds.) 2nd International Conference on Learning Representations, ICLR 2014, Banff, AB, Canada, 14–16 April 2014, Conference Track Proceedings (2014). http://arxiv.org/abs/1312.6199

  49. Tan, M., Le, Q.V.: EfficientNet: rethinking model scaling for convolutional neural networks. In: Chaudhuri, K., Salakhutdinov, R. (eds.) Proceedings of the 36th International Conference on Machine Learning, ICML 2019, 9–15 June 2019, Long Beach, California, USA. Proceedings of Machine Learning Research, vol. 97, pp. 6105–6114. PMLR (2019). http://proceedings.mlr.press/v97/tan19a.html

  50. Tang, L., Li, B.: CLASS: cross-level attention and supervision for salient objects detection. In: Ishikawa, H., Liu, C.-L., Pajdla, T., Shi, J. (eds.) ACCV 2020. LNCS, vol. 12624, pp. 420–436. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-69535-4_26

    Chapter  Google Scholar 

  51. Tang, L., Li, B., Zhong, Y., Ding, S., Song, M.: Disentangled high quality salient object detection. In: 2021 IEEE/CVF International Conference on Computer Vision, ICCV 2021, Montreal, QC, Canada, 10–17 October 2021, pp. 3560–3570. IEEE (2021). https://doi.org/10.1109/ICCV48922.2021.00356

  52. Wang, Y., et al.: A systematic review on affective computing: emotion models, databases, and recent advances. Inf. Fusion 83–84, 19–52 (2022). https://doi.org/10.1016/j.inffus.2022.03.009

    Article  Google Scholar 

  53. Wang, Y., et al.: Ferv39k: a large-scale multi-scene dataset for facial expression recognition in videos. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pp. 20922–20931, June 2022

    Google Scholar 

  54. Wu, T., Tong, L., Vorobeychik, Y.: Defending against physically realizable attacks on image classification. In: 8th International Conference on Learning Representations, ICLR 2020, Addis Ababa, Ethiopia, 26–30 April 2020, OpenReview.net (2020). https://openreview.net/forum?id=H1xscnEKDr

  55. Xiang, C., Bhagoji, A.N., Sehwag, V., Mittal, P.: PatchGuard: a provably robust defense against adversarial patches via small receptive fields and masking. In: Bailey, M., Greenstadt, R. (eds.) 30th USENIX Security Symposium, USENIX Security 2021, 11–13 August 2021, pp. 2237–2254. USENIX Association (2021). https://www.usenix.org/conference/usenixsecurity21/presentation/xiang

  56. Xie, C., Wang, J., Zhang, Z., Zhou, Y., Xie, L., Yuille, A.L.: Adversarial examples for semantic segmentation and object detection. In: IEEE International Conference on Computer Vision, ICCV 2017, Venice, Italy, 22–29 October 2017, pp. 1378–1387. IEEE Computer Society (2017). https://doi.org/10.1109/ICCV.2017.153

  57. Xie, E., et al.: Polarmask: single shot instance segmentation with polar representation. In: 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition, CVPR 2020, Seattle, WA, USA, 13–19 June 2020, pp. 12190–12199. IEEE (2020). https://doi.org/10.1109/CVPR42600.2020.01221

  58. Zhang, J., Chen, C., Dong, J., Jia, R., Lyu, L.: QEKD: query-efficient and data-free knowledge distillation from black-box models. arXiv preprint arXiv:2205.11158 (2022)

  59. Zhang, J., et al.: A practical data-free approach to one-shot federated learning with heterogeneity. arXiv preprint arXiv:2112.12371 (2021)

  60. Zhang, J., et al.: Towards efficient data free black-box adversarial attack. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pp. 15115–15125, June 2022

    Google Scholar 

  61. Zhang, J., Zhang, L., Li, G., Wu, C.: Adversarial examples for good: adversarial examples guided imbalanced learning. arXiv preprint arXiv:2201.12356 (2022)

  62. Zhang, Z., Yuan, B., McCoyd, M., Wagner, D.A.: Clipped bagnet: defending against sticker attacks with clipped bag-of-features. In: 2020 IEEE Security and Privacy Workshops, SP Workshops, San Francisco, CA, USA, 21 May 2020, pp. 55–61. IEEE (2020). https://doi.org/10.1109/SPW50608.2020.00026

  63. Zhao, H., Kong, X., He, J., Qiao, Yu., Dong, C.: Efficient image super-resolution using pixel attention. In: Bartoli, A., Fusiello, A. (eds.) ECCV 2020. LNCS, vol. 12537, pp. 56–72. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-67070-2_3

    Chapter  Google Scholar 

  64. Zhong, Y., Li, B., Tang, L., Kuang, S., Wu, S., Ding, S.: Detecting camouflaged object in frequency domain. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pp. 4504–4513, June 2022

    Google Scholar 

  65. Zhong, Y., Li, B., Tang, L., Tang, H., Ding, S.: Highly efficient natural image matting. CoRR abs/2110.12748 (2021), https://arxiv.org/abs/2110.12748

  66. Zhou, Q., et al.: Uncertainty-aware consistency regularization for cross-domain semantic segmentation. In: Computer Vision and Image Understanding, p. 103448 (2022)

    Google Scholar 

  67. Zhou, Q., Zhang, K.Y., Yao, T., Yi, R., Ding, S., Ma, L.: Adaptive mixture of experts learning for generalizable face anti-spoofing. In: Proceedings of the 30th ACM International Conference on Multimedia (2022)

    Google Scholar 

  68. Zhou, Q., et al.: Generative domain adaptation for face anti-spoofing. In: Avidan, S., et al. (eds.) ECCV 2022. LNCS, vol. 13665, pp. 335–356. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-20065-6_20

Download references

Acknowledgements

This work was done when Zhaoyu Chen was an intern at Youtu Lab, Tencent. This work was supported by National Natural Science Foundation of China (No. 62072112), Scientific and Technological Innovation Action Plan of Shanghai Science and Technology Committee (No. 20511103102), Fudan University-CIOMP Joint Fund (No. FC2019-005), and Double First-class Construction Fund (No. XM03211178).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Bo Li .

Editor information

Editors and Affiliations

1 Electronic supplementary material

Below is the link to the electronic supplementary material.

Supplementary material 1 (pdf 17781 KB)

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Chen, Z., Li, B., Wu, S., Xu, J., Ding, S., Zhang, W. (2022). Shape Matters: Deformable Patch Attack. In: Avidan, S., Brostow, G., Cissé, M., Farinella, G.M., Hassner, T. (eds) Computer Vision – ECCV 2022. ECCV 2022. Lecture Notes in Computer Science, vol 13664. Springer, Cham. https://doi.org/10.1007/978-3-031-19772-7_31

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-19772-7_31

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-19771-0

  • Online ISBN: 978-3-031-19772-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics