安全可信的智能算法研究组
组 长: 张杰 副研究员; 山世光 研究员
Email: zhangjie at ict dot ac dot cn, sgshan at ict dot ac dot cn
课题组简介

在中科院先导项目、科技部青年科学家、国自然等项目的支持下,围绕智能算法内生安全问题和衍生安全问题展开基础和应用研究。通过分析算法缺陷的内在机理,构建算法安全评估体系,探索缺陷与风险防护机制,突破智能算法“可信、可管、可控”的理论和技术瓶颈,为智能算法的应用安全保驾护航。

研究内容

课题组围绕智能算法内生安全问题和衍生安全问题展开以下研究:

1.  对抗攻击与防御:

a)对抗攻击:围绕如何提升对抗样本的迁移性展开研究

b)对抗防御:从鲁棒结构设计、高效对抗训练等角度提升模型的对抗鲁棒性

    2.  后门攻击与防御:

a)后门攻击:围绕如何提升后门的攻击性、隐蔽性和稳定性展开研究

b)后门防御:研究后门检测、后门定位和后门移除方法

    3.  分布外泛化与检测:

研究可信域判定的理论分析方法、基于语义的域偏移衡量方法以及领域泛化方法等

    4.  多模态大模型安全评估:评估多模态大模型的基础能力、公平性、隐私泄露风险、幻觉、价值观偏离等

    5.  深伪与鉴伪、活体检测:

a)数字世界:特定人语音生成、语音驱动、表情迁移等伪造方法以及图像视频鉴伪方法;

表情迁移

b)物理世界:活体检测



部分论文

刊物论文

  • Changzhen Li, Jie Zhang, Shuzhe Wu, Xin Jin, Shiguang Shan. Hierarchical compositional representations for few-shot action recognition. Computer Vision and Image Understanding (CVIU), 240: 103911, 2024.
  • Mingjie He, Jie Zhang, Shiguang Shan, Xilin Chen. Enhancing Face Recognition with Detachable Self-Supervised Bypass Networks. IEEE Transactions on Image Processing (TIP), Vol. 33, pp. 1588-1599, 2024.
  • Xingming Long, Jie Zhang, Shiguang Shan. Generalized Face Liveness Detection via De-fake Face Generator. IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI), 2024.
  • Zheng Yuan, Jie Zhang, Zhaoyan Jiang, Liangliang Li, Shiguang Shan. Adaptive Perturbation for Adversarial Attack. IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI), Vol. 46, No. 8, pp. 5663-5676, 2024.
  • Zheng Yuan, Jie Zhang, Yude Wang, Shiguang Shan, Xilin Chen. Towards Robust Semantic Segmentation against Patch-based Attack via Attention Refinement. International Journal of Computer Vision (IJCV), Vol. 132, No. 11, pp. 5270-5292, 2024.
  • Xingming Long, Jie Zhang, Shuzhe Wu, Xin Jin, Shiguang Shan. Dual Sampling Based Causal Intervention for Face Anti-Spoofing with Identity Debiasing. IEEE Transactions on Information Forensics and Security (TIFS), Vol. 19, pp. 851-862, 2023.
  • Yunpei Jia, Jie Zhang*, Shiguang Shan. Dual-Branch Meta-learning Network with Distribution Alignment for Face Anti-spoofing. IEEE Transactions on Information Forensics and Security, Vol.17, pp 138-151, 2022.
  • Yunpei Jia, Jie Zhang, Shiguang Shan and Xilin Chen. Unified Unsupervised and Semi-supervised Domain Adaptation Network for Cross-scenario Face Anti-spoofing. Pattern Recognition, 115: 107888, 2021.

会议论文

  • Sibo Wang, Jie Zhang, Zheng Yuan, Shiguang Shan. Pre-trained Model Guided Fine-Tuning for Zero-Shot Adversarial Robustness. IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pp. 24502-24511, Seattle WA, USA, Jun. 17-21, 2024.
  • Zonghui Guo, Xinyu Han, Jie Zhang, Shiguang Shan, Haiyong Zheng. Video Harmonization with Triplet Spatio-Temporal Variation Patterns. IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pp. 19177-19186, Seattle WA, USA, Jun. 17-21, 2024.
  • Zhongqi Wang, Jie Zhang, Shiguang Shan, Xilin Chen. T2IShield: Defending Against Backdoors on Text-to-Image Diffusion Models. European Conference on Computer Vision (ECCV), pp. 107-124, Mico Milano, Italy, Sep 29-Oct 4, 2024.
  • Xingming Long, Jie Zhang, Shiguang Shan, Xilin Chen. Rethinking the Evaluation of Out-of-Distribution Detection: A Sorites Paradox. Annual Conference on Neural Information Processing Systems (NeurIPS), Vancouver, Canada, Dec. 10-15, 2024.
  • Zheng Yuan, Jie Zhang, Shiguang Shan. Adaptive Image Transformations for Transfer-based Adversarial Attack. Proceedings of the 17th European Conference on Computer Vision (ECCV), Oct. 23-27, 2022, Tel Aviv, Isreal / Cyberspace.
  • Zheng Yuan, Jie Zhang, Yunpei Jia, Chuanqi Tan, Tao Xue and Shiguang Shan. Meta Gradient Adversarial Attack. IEEE/CVF International Conference on Computer Vision (ICCV), pp. 7748-7757, Montreal, Canada, Oct.11-17, 2021.
  • Yunpei Jia, Jie Zhang, Shiguang Shan, Xilin Chen, "Single-Side Domain Generalization for Face Anti-Spoofing," IEEE Conference on Computer Vision and Pattern Recognition(CVPR), pp. 8484-8493, 2020.