安全可信的智能算法研究组----视觉信息处理与学习研究组网站

课题组简介

在中科院先导项目、科技部青年科学家、国自然等项目的支持下，围绕智能算法内生安全问题和衍生安全问题展开基础和应用研究。通过分析算法缺陷的内在机理，构建算法安全评估体系，探索缺陷与风险防护机制，突破智能算法“可信、可管、可控”的理论和技术瓶颈，为智能算法的应用安全保驾护航。

研究内容

课题组围绕智能算法内生安全问题和衍生安全问题展开以下研究：

1. 对抗攻击与防御：

a) 对抗攻击：围绕如何提升对抗样本的迁移性展开研究

b) 对抗防御：从鲁棒结构设计、高效对抗训练等角度提升模型的对抗鲁棒性

2. 后门攻击与防御：

a) 后门攻击：围绕如何提升后门的攻击性、隐蔽性和稳定性展开研究

b) 后门防御：研究后门检测、后门定位和后门移除方法

3. 分布外泛化与检测：

研究可信域判定的理论分析方法、基于语义的域偏移衡量方法以及领域泛化方法等

4. 多模态大模型安全评估：评估多模态大模型的基础能力、公平性、隐私泄露风险、幻觉、价值观偏离等

5. 深伪与鉴伪、活体检测：

a) 数字世界：特定人语音生成、语音驱动、表情迁移等伪造方法以及图像视频鉴伪方法；

表情迁移

b) 物理世界：活体检测

部分论文

刊物论文

Jie Zhang, Zhifan Wan, Lanqing Hu, Stephen Lin, Shuzhe Wu, Shiguang Shan. Collaboratively Self-supervised Video Representation Learning for Action Recognition. IEEE Transactions on Information Forensics & Security (TIFS), 2025. (Accepted)
Changzhen Li, Jie Zhang, Shuzhe Wu, Xin Jin, Shiguang Shan. Hierarchical compositional representations for few-shot action recognition. Computer Vision and Image Understanding (CVIU), 240: 103911, 2024.
Mingjie He, Jie Zhang, Shiguang Shan, Xilin Chen. Enhancing Face Recognition with Detachable Self-Supervised Bypass Networks. IEEE Transactions on Image Processing (TIP), Vol. 33, pp. 1588-1599, 2024.
Zheng Yuan, Jie Zhang, Zhaoyan Jiang, Liangliang Li, Shiguang Shan. Adaptive Perturbation for Adversarial Attack. IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI), Vol. 46, No. 8, pp. 5663-5676, 2024.
Zheng Yuan, Jie Zhang, Yude Wang, Shiguang Shan, Xilin Chen. Towards Robust Semantic Segmentation against Patch-based Attack via Attention Refinement. International Journal of Computer Vision (IJCV), Vol. 132, No. 11, pp. 5270-5292, 2024.
Xingming Long, Jie Zhang, Shuzhe Wu, Xin Jin, Shiguang Shan. Dual Sampling Based Causal Intervention for Face Anti-Spoofing with Identity Debiasing. IEEE Transactions on Information Forensics and Security (TIFS), Vol. 19, pp. 851-862, 2023.
Yunpei Jia, Jie Zhang*, Shiguang Shan. Dual-Branch Meta-learning Network with Distribution Alignment for Face Anti-spoofing. IEEE Transactions on Information Forensics and Security, Vol.17, pp 138-151, 2022.
Yunpei Jia, Jie Zhang, Shiguang Shan and Xilin Chen. Unified Unsupervised and Semi-supervised Domain Adaptation Network for Cross-scenario Face Anti-spoofing. Pattern Recognition, 115: 107888, 2021.

会议论文

Sibo Wang, Jie Zhang, Zheng Yuan, Shiguang Shan. Pre-trained Model Guided Fine-Tuning for Zero-Shot Adversarial Robustness. IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pp. 24502-24511, Seattle WA, USA, Jun. 17-21, 2024.
Zonghui Guo, Xinyu Han, Jie Zhang, Shiguang Shan, Haiyong Zheng. Video Harmonization with Triplet Spatio-Temporal Variation Patterns. IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pp. 19177-19186, Seattle WA, USA, Jun. 17-21, 2024.
Zhongqi Wang, Jie Zhang, Shiguang Shan, Xilin Chen. T2IShield: Defending Against Backdoors on Text-to-Image Diffusion Models. European Conference on Computer Vision (ECCV), pp. 107-124, Mico Milano, Italy, Sep 29-Oct 4, 2024.
Xingming Long, Jie Zhang, Shiguang Shan, Xilin Chen. Rethinking the Evaluation of Out-of-Distribution Detection: A Sorites Paradox. Annual Conference on Neural Information Processing Systems (NeurIPS), Vancouver, Canada, Dec. 10-15, 2024.
Zheng Yuan, Jie Zhang, Shiguang Shan. Adaptive Image Transformations for Transfer-based Adversarial Attack. Proceedings of the 17th European Conference on Computer Vision (ECCV), Oct. 23-27, 2022, Tel Aviv, Isreal / Cyberspace.
Zheng Yuan, Jie Zhang, Yunpei Jia, Chuanqi Tan, Tao Xue and Shiguang Shan. Meta Gradient Adversarial Attack. IEEE/CVF International Conference on Computer Vision (ICCV), pp. 7748-7757, Montreal, Canada, Oct.11-17, 2021.
Yunpei Jia, Jie Zhang, Shiguang Shan, Xilin Chen, "Single-Side Domain Generalization for Face Anti-Spoofing," IEEE Conference on Computer Vision and Pattern Recognition(CVPR), pp. 8484-8493, 2020.