The 3rd Workshop of Adversarial Machine Learning
on Computer Vision: Art of Robustness


Workshop at IEEE Conference on Computer Vision and Pattern Recognition 2023



Overview

Deep learning has achieved significant success in multiple fields, including computer vision. However, studies in adversarial machine learning also indicate that deep learning models are highly vulnerable to adversarial examples. Extensive works have demonstrated that adversarial examples challenge the robustness of deep neural networks, which threatens deep-learning-based applications in both the digital and physical worlds.

Though harmful, adversarial attacks are also beneficial for deep learning models. Discovering and harnessing adversarial examples properly could be highly beneficial across several domains including improving model robustness, diagnosing model blind spots, protecting data privacy, safety evaluation, and further understanding vision systems in practice. Since there are both the devil and angel roles of adversarial learning, exploring robustness is an art of balancing and embracing both the light and dark sides of adversarial examples.

In this workshop, we aim to bring together researchers from the fields of computer vision, machine learning, and security to jointly cooperate with a series of meaningful works, lectures, and discussions. We will focus on the most recent progress and also the future directions of both the positive and negative aspects of adversarial machine learning, especially in computer vision. Different from the previous workshops on adversarial machine learning, our proposed workshop aims to explore both the devil and angel characters for building trustworthy deep learning models.

Overall, this workshop consists of invited talks from experts in this area, research paper submissions, and a large-scale online competition on building robust models.


Tentative Important Dates

Proposed Speakers
Alan
Yuille


Johns Hopkins University
Bo
Li

University of Illinois at Urbana-Champaign
Florian
Tramèr

ETH Zürich
Cihang
Xie

UC Santa Cruz
Deqing
Sun

Google

Nicholas
Papernot

University of Toronto
Aleksander
Mądry

Massachusetts Institute of Technology
Judy
Hoffman

Georgia Tech
Ludwig
Schmidt

University of Washington
Lingjuan
Lyu

Sony AI

Organizers
Aishan
Liu

Beihang
University
Jiakai
Wang

Zhongguancun
Lab
Francesco Croce

University of Tübingen
Vikash Sehwag

Princeton University
Yingwei
Li

Waymo
Xinyun
Chen

Google Brain
Cihang
Xie

UC Santa Cruz
Yuanfang
Guo

Beihang
University
Xianglong
Liu

Beihang
University
Xiaochun
Cao

Sun Yat-sen University
Dawn
Song

UC Berkeley
Alan
Yuille

Johns Hopkins
University
Philip
H.S. Torr

Oxford
University
Dacheng
Tao

JD Explore Academy

Call for Papers

Recently, the success of deep learning in AI has attracted great attention from academia. However, research shows that the security and safety of deep models have caused great concerns in real applications. This workshop focuses on discovering and harnessing both the positive and negative aspects of adversarial machine learning (especially in computer vision). We welcome research contributions related to the following (but not limited to) topics:
  • Adversarial attacks against computer vision tasks
  • Improve the robustness of deep learning systems
  • Interpreting and understanding model robustness
  • Adversarial attacks for social good
  • Dataset and benchmark that might benefit the model robustness
Format: Submissions papers (.pdf format) must use the CVPR 2023 Author Kit for LaTeX/Word Zip file and be anonymized and follow CVPR 2023 author instructions. The workshop considers two types of submissions: (1) Long Paper: Papers are limited to 6 pages excluding references; (2) Extended Abstract: Papers are limited to 4 pages including references.

Submission Site: https://cmt3.research.microsoft.com/3rdAdvML2023
Submission Due: March 15, 2023, Anywhere on Earth (AoE)


Challenge

Deep learning models have been widely used in the field of automatic driving. However, they are vulnerable against adversarial attacks which poses strong challenges on the the security of automatic driving system. To accelerate the research on building robust models in the automatic driving scenario, we focus on vehicle detection and organize this challenge track for motivating novel defense algorithms. Participants are encouraged to develop defense methods that could improve model robustness against diverse noises in the vehicle detection task on dataset we provided.More details could be found at AISafety.
For novices, you can refer to the model robustness benchmark RobustART.

Timeline

Challenge Timeline
2023-03-28 (UTC+8) Registration opens
2023-03-31 10:00 (UTC+8) Phase Ⅰ submission starts
2023-04-28 20:00 (UTC+8) Registration and Phase Ⅰ submission deadline
2023-05-01 10:00 (UTC+8) Phase Ⅱ submission starts
2023-05-31 20:00 (UTC+8) Phase Ⅱ submission deadline
2023-06 Results Announcement

Award

TOP1 ¥20000 TOP2 ¥15000 TOP3 ¥10000
TOP4 ¥9000 TOP5 ¥6000 TOP6 ¥4000 TOP7-10 ¥1500

Challenge Chair
Zonglei
Jing

Beihang
University
Haotong
Qin

Beihang
University
Siyuan
Liang

Chinese Academy
of Sciences
Ding
Liang

SenseTime
Yichao
Wu

SenseTime
Yue
Yu

NUDT & OPENI
Xianglong
Liu

Beihang
University

Sponsors

logo-img
logo-img


Program Committee
Simin
Li

Beihang
University
Shunchang
Liu

Beihang
University
Yisong
Xiao

Beihang
University
  • Akshayvarun Subramanya (UMBC)
  • Alexander Robey (University of Pennsylvania)
  • Ali Shahin Shamsabadi (Queen Mary University of London, UK)
  • Angtian Wang (Johns Hopkins University)
  • Aniruddha Saha (University of Maryland Baltimore County)
  • Anshuman Suri (University of Virginia)
  • Bernhard Egger (Massachusetts Institute of Technology)
  • Chenglin Yang (Johns Hopkins University)
  • Chirag Agarwal (Harvard University)
  • Gaurang Sriramanan (Indian Institute of Science)
  • Hang Yu (Beihang University)
  • Jiachen Sun (University of Michigan)
  • Jieru Mei (Johns Hopkins University)
  • Jun Guo (Beihang University)
  • Ju He (Johns Hopkins University)
  • Kibok Lee (University of Michigan)
  • Lifeng Huang (SunYat-sen university)
  • Maura Pintor (University of Cagliari)
  • Muhammad Awais (Kyung-Hee University)
  • Muzammal Naseer (ANU)
  • Nataniel Ruiz (Boston University)
  • Qihang Yu (Johns Hopkins University)
  • Qing Jin (Northeastern University)
  • Rajkumar Theagarajan (University of California, Riverside)
  • Ruihao Gong (SenseTime)
  • Shiyu Tang (Beihang University)
  • Shunchang liu (Beihang University)
  • Sravanti Addepalli (Indian Institute of Science)
  • Tianlin Li (NTU)
  • Wenxiao Wang (Tsinghua University)
  • Won Park (University of Michigan)
  • Xiangning Chen (University of California, Los Angeles)
  • Xiaohui Zeng (University of Toronto)
  • Xingjun Ma (Deakin University)
  • Xinwei Zhao (Drexel University)
  • Yulong Cao (University of Michigan, Ann Arbor)
  • Yutong Bai (Johns Hopkins University)
  • Zihao Xiao (Johns Hopkins University)
  • Zixin Yin (Beihang University)