Welcome to my homepage
Currently I am Tenured Associate Professor, and Assistant Dean (research) of School of Data Science, the Chinese University of Hong Kong, Shenzhen (CUHK-Shenzhen).
From November 2016 to August 2020, I was a Senior and Principal Researcher at Tencent AI lab. From August 2014 to November 2016, I was a Postdoc in KAUST, working with Prof. Bernard Ghanem. On June 2014, I received the PhD degree from the National Laboratory of Pattern Recognition, Institute of Automation, Chinese Academy of Sciences, supervised by Prof. Baogang Hu. I was a visiting student in Prof. Qiang Ji's lab of Rensselaer Polytechnic Institute, from September 2011 to September 2013. I am Senior Member of IEEE.
I am the director of Longgang District Key Laboratory of Intelligent Digital Economy Security (iDES,龙岗区智能数字经济安全重点实验室).
My research interests are trustworthy AI, generative AI, machine learning, computer vision, optimization, such as adversarial examples, backdoor learning, federated learning, face image editing/manipulation/generation, deepfake detection, etc.
Job openings
I am recruiting PhD and Master students to start at 2025 Fall. If you are interested in trustworthy AI, generative AI, machine learning, computer vision, optimization, and have solid mathematical foundations and experienced programming skills, please send me email.
I am also recruiting Postdoc Researcher (博士后), Visiting Students (master or PhD students) (访问学生).
News
2024/12/10 -- 2 papers are accepted to AAAI 2025, covering CLIP model and deepfake detection. Congrats to all collaborators.
2024/11/22 -- I am invited as an Area Chair of ICML 2025.
2024/11/19 -- I am awarded "2023 Young Researcher Award of The Chinese University of Hong Kong, Shenzhen" (2023年度香港中文大学(深圳)青年科研奖)
2024/09/26 -- 3 papers are accepted to NeurIPS 2024, covering two backdoor defenses, and one deepfake detection. Congrats to all students and collaborators.
2024/09/19 -- I will serve as Associate Editor for IEEE Transactions on Information Forensics and Security (TIFS).
2024/09/14 -- I am invited as an Area Chair of CVPR 2025.
2024/08/07 -- I am invited as an Area Chair of ICLR 2025.
2024/05/17 -- I am invited as an Area Chair of AAAI 2025.
2024/04/25 -- 1 paper "Regional Adversarial Training for Better Robust Generalization" is accepted to IJCV. Congrats to all collaborators.
2024/03/27 -- I am invited as an Area Chair of NeurIPS 2024, and NeurIPS 2024 Datasets and Benchmarks Track.
2024/03/15 -- 1 paper "Improving Fast Adversarial Training with Prior-Guided Knowledge" is accepted to TPAMI. Congrats to Dr. Xiaojun Jia and all collaborators.
2024/02/27 -- 3 papers are accepted to CVPR 2024, covering backdoor attack, deepfake detection and federated learning. Congrats to all students and collaborators.
2024/01/16 -- 1 paper "VDC: Versatile Data Cleanser for Detecting Dirty Samples via Visual-Linguistic Inconsistency" is accepted to ICLR. A very simple but highly effective approach for detecting any kind of noisily labeled samples (e.g., poisoned samples, samples with random noisy labels), based on the Visual-Linguistic matching capability of multi-modal large models. Congrats to all my student Zihao Zhu and all collaborators!
2023/12/07 -- I am invited as an Area Chair of ICML 2024.
2023/10/31 -- 1 paper "Imperceptible and Robust Backdoor Attack in 3D Point Cloud" is accepted to TIFS. Congrats to Kuofeng Gao, Jiawang Bai, and all collaborators.
2023/10/11 -- I am elected as the Senior Member of IEEE.
2023/10/03 -- The "Tutorial on Backdoor Learning: Recent Advances and Future" has been successfully presented at ICCV 2023 in Paris. The tutorial website is here.
2023/09/22 -- 3 papers are accepted by NeurIPS 2023, including two backdoor defense works in main track, and one deepfake benchmark (DeepfakeBench ) in the Datasets and Benchmark Track. Congrats to all my students and collaborators!
2023/08/15 -- I am invited as an Area Chairs of ICLR 2024, AISTATS 2024, and WACV 2024.
2023/08/13 -- I am invited as an Area Chair of CVPR 2024.
2023/07/14 -- Four papers are accepted to ICCV 2023, as well as one tutorial named "Backdoor Learning: Recent Advances and Future Trends". Congrats to all students and collaborators.
2023/07/08 -- DeepfakeBench (a benchmark for deepfake detection) has been released.
2023/07/06 -- Our work "Versatile Weight Attack via Flipping Limited Bits" is accepted to TPAMI. Congrats to Jiawang Bai and all collaborators.
2023/06/07 -- I am invited as an Area Chair of NeurIPS 2023 Datasets and Benchmarks Track.
2023/05/19 -- I am invited as an Area Chair of AAAI 2024.
2023/05/11 -- 1 paper "Robust and Generalized Physical Adversarial Attacks via Meta-GAN" is accepted to IEEE Transactions on Information Forensics & Security.
2023/04/25 -- 1 paper "Learning to Learn from APIs: Black-box Data-free Meta-Learning" is accepted to ICML 2023.
2023/04/21 -- 1 paper "TAT: Targeted Backdoor Attacks against Visual Object Tracking" is accepted to Pattern Recognition.
2023/04/14 -- We (me, Bernard Ghanem and Hasan Hammoud) will give a tutorial named "Backdoor Learning: Recent Advances and Future Trends" on Oct. 3 at ICCV 2023. See you in Paris :)
2023/04/12 -- BackdoorBench v2.0 has been released, with significant updates on codes, methods, and analysis tools.
2023/04/02 -- One paper is accepted to SIGGRAPH 2023. Congrats to Yanbo Fan and all collaborators.
2023/03/27 -- Our website "Adversarial Machine Learning" has been released at http://adversarial-ml.com/ .
2023/02/28 -- I am invited as an Area Chair of NeurIPS 2023.
2023/02/28 -- 1 paper "DropMAE: Masked Autoencoders with Spatial-Attention Dropout for Tracking Tasks" is accepted to CVPR 2023.
2023/02/21 -- Our survey "Adversarial Machine Learning: A Systematic Survey of Backdoor Attack, Weight Attack and Adversarial Example" has been released.
2022/12/20 -- I am invited as an Area Chair of ICML 2023.
2022/09/17 -- Our BackdoorBench is accepted to NeurIPS 2022 Datasets and Benchmarks Track. Congrats to all contributed students and collaborators.
2022/09/15 -- Two works about transfer-based adversarial attack and backdoor defense are accepted to NeurIPS 2022. Congrats to Yanbo Fan, Zeyu Qin and Weixin Chen.
2022/08/27 -- Our work "Robust Physical-World Attacks on Face Recognition" is accepted to Pattern Recognition. Congrats to Xin Zheng and Yanbo Fan.
2022/08/10 -- I am invited as an Area Chair of ICLR 2023.
2022/07/21 -- Our latest work about black-box adversarial attack has been accepted to TPAMI. Congratulations to all co-authors.
2022/07/04 -- 3 papers about adversarial training, black-box attack, talking face generation are accepted to ECCV 2022.
2022/05/28 -- 1 paper about adversarial training is accepted to TIP.
2022/04/06 -- BackdoorBench (a benchmark for backdoor learning) and BlackboxBench (a benchmark for black-box attacks) have been released.
2022/03/30 -- I am invited as an Area Chair of NeurIPS 2022.
2022/03/03 -- 2 papers (1 oral, 1 poster) about black-box adversarial attack, adversarial training are accepted to CVPR 2022.
2022/01/22 -- 1 paper about transformer is accepted to ICASSP 2022.
2022/01/21 -- 1 paper about backdoor defense is accepted to ICLR 2022.
2021/09/29 -- 1 paper about black-box adversarial defense is accepted to NeurIPS 2021.
2021/07/23 -- 3 papers are accepted to ICCV 2021.
2021/07/18 -- I am invited as an Area Chair of AAAI 2022.
2021/06/18 -- I am invited as an Area Chair of ICLR 2022.
2021/05/07 -- "AI security and Privacy" Seminar Series has been launched. Please see http://scl.sribd.cn/seminar/index.html for more details.
2021/03/18 -- The website of our Secure Computing Lab of Big Data (SCLBD) has been released. http://scl.sribd.cn/
2021/03/01 -- 3 papers are accepted to CVPR 2021.
2021/01/24 -- I am starting to serve as an Associate Editor of Neurocomputing.
2021/02/16 -- The Github repository of our IJCV work "MAP Inference via L2-Sphere Linear Program Reformulation" has been released (link), including both Python and Matlab implementations.
2021/01/30 -- 1 paper is accepted to ICASSP 2021.
2021/01/13 -- 2 papers are accepted by ICLR 2021, including the first efficient adversarial attack to Capsule networks, and the weight attack by bit flipping to the CNN model deployed in the device. Congrats to all co-authors.
2020/12/11 -- The github repository of our Lp-Box ADMM [TPAMI 2018] has been significantly updated with: C++ implementation, which is more efficient than the matlab and python implementation.
2020/09/18 -- "AI安全的威胁风险矩阵" has been released jointly by Tencent AI Lab and Tencent Zhuque Lab (腾讯朱雀实验室). It is the first technical report to comprehensively covering different kinds of security threats in the full cycle of an AI system. It could be an important reference for AI researchers, AI engineers and AI users. Lots of main-stream and social medias have reported this news. Download, Media 1, Media 2, Media 3, Media 4, Media 5, Media 6, ...
2020/08/24 -- The github repositories of our sparse attack and black-box attack of ECCV 2020 have been released. See the links below the papers.
2020/08/17 -- I will serve as Senior Program Committee Member (SPC) of AAAI 2021 and IJCAI 2021.
2020/07/26 -- One paper about adversarial attack to 3D Point Cloud Classification is accepted to ACM MM 2020. Congrats to Chengcheng Ma and other co-authors.
2020/07/03 -- 3 papers accepted to ECCV 2020. Congrats to all co-authors.
2019/12/22 -- The github repository of our Lp-Box ADMM [TPAMI 2018] has been significantly updated with: python implementation, function of BQP with both equality and inequality constraints, link to more applications and extensions.
2019/12/12 -- Our work "MAP Inference via L2-Sphere Linear Program Reformulation" is accepted to IJCV. Congrats to all co-authors, Dr. Li Shen, Professor Bernard Ghanem and Professor Tong Zhang.
2019/08/29 -- Our work "Bi-Real Net: Binarizing Deep Network Towards Real-Network Performance" is accepted to IJCV. Congrats to Zechun Liu.
2019/07/23 -- Our work "Context-aware Feature and Label Fusion for Facial Action Unit Intensity Estimation with Partially Labeled Data" is accepted to ICCV 2019.
2019/07/08 -- I was invited to give a keynote talk at the ICME 2019 Workshop on Information Theory and Multimedia Computing, named "Security of Deep Learning: Adversarial attacks ans Defenses".
2019/06/18 -- Our work "Learning to Compose Dynamic Tree Structures for Visual Contexts" is selected into the Best Paper Finalists of CVPR 2019.
2019/02/25 -- 7 papers (1 oral, 6 poster) accepted to CVPR 2019! Congrats to all co-authors.
2018/10/17 -- Tencent ML-Images is released at Github. It includes the largest open-source multi-label image database, and a very good ResNet-101 checkpoint achieving 80.73% top-1 accuracy on the validation set of ImageNet, as well as detailed codes of training and fine-tuning. Enjoy it :)
Website:
This website presents several important related resources, including our two benchmarks (as below), two surveys, as well as the taxonomies of existing works in adversarial machine learning which are proposed in our surveys. Using these taxonomies, it is very easy to search the corresponding works and overview their categories. The taxonomies will be continuously updated.
Tutorial:
"Tutorial on Backdoor Learning: Recent Advances and Future"
October 3, Paris, France, ICCV 2023.
Backdoor learning is an emerging and crucial field of research focused on investigating the security of machine learning systems, specifically computer vision systems, during the training phase. It has been demonstrated that an adversary could manipulate the training process to insert a backdoor into the trained model, such that the backdoored model will perform well on benign images while producing an adversary-specified prediction on images that has been tampered with. This tutorial aims to provide a comprehensive and detailed introduction to the field of backdoor learning, covering a wide range of important and interesting topics. We start by presenting basic definitions and taxonomies that are essential to understand the concept of backdoor learning. Then, we dive into the current progress of the field by presenting various existing attacks and defenses highlighting the seriousness of the threats and challenges faced by machine learning systems during their train- ing phase. After that, we will discuss the latest benchmark that has been developed for backdoor learning. To conclude the tutorial, we will discuss the real-world applications of backdoor learning and the challenges and future trends in this exciting research area.
Website (slides presented there)
Benchmarks:
BackdoorBench
BackdoorBench is a comprehensive benchmark for backdoor learning. We provide: 1) an integrated implementation of representative backdoor learning algorithms (currently including 20 attack and 32 defense algorithms), based on an extensible modular-based codebase; 2) comprehensive evaluations with 5 poisoning ratios, based on 4 models and 4 datasets, leading to 11,492 pairs of attack-against-defense evaluations in total, and 3) abundant analysis from 10 perspectives via 18 useful analysis tools, and several inspiring insights about backdoor learning. The first version of BackdoorBench is published at NeurIPS 2022 Track Datasets and Benchmarks.
BlackboxBench
BlackboxBench is a comprehensive benchmark for mainstream adversarial black-box attack methods. We provide: 1) a unified, extensible and modular-based codebase, implementing 25 query-based attack algorithms and 30 transfer-based attack algorithms; 2) comprehensive evaluations: we evaluate the implemented algorithms against several mainstreaming model architectures on 2 widely used datasets (CIFAR-10 and a subset of ImageNet), leading to 14,106 evaluations in total; 3) thorough analysis and new insights, as well analytical tools.
DeepfakeBench
DeepfakeBench is a unified platform for deepfake detection. It provides easy implementations of 15 state-of-the-art detectors with 9 deepfake datasets, as well as a extensive analysis based on comprehensive evaluations of these detectors, and revealing several new insights.
Surveys:
Defenses in Adversarial Machine Learning: A Survey
Baoyuan Wu, Shaokui Wei, Mingli Zhu, Meixi Zheng, Zihao Zhu, Mingda Zhang, Hongrui Chen, Danni Yuan, Li Liu, Qingshan Liu
(Brief description: this is a defense survey adversarial machine learning (AML), against backdoor attacks, weight attacks, and adversarial examples. We provide a unified perspective from the overall ML life-cycle, covering pre-training, training, post-training, deployment, and inference stages. This unified perspective clearly presents the connections and differences among various defense paradigms, and calibrate the defense and attack aspect in AML. Moreover, in each stage, we present one clear taxonomy to summarize representative approaches of the involved defense paradigms. )
Attacks in Adversarial Machine Learning: A Systematic Survey from the Life-cycle Perspective
Baoyuan Wu, Zihao Zhu, Li Liu, Qingshan Liu, Zhaofeng He, Siwei Lyu.
(Brief description: this is an attack survey adversarial machine learning (AML). We provide a unified perspective from the overall ML life-cycle, covering pre-training, training, post-training, deployment, and inference stages. This unified perspective clearly presents the connections and differences among various attack paradigms, and calibrate the defense and attack aspect in AML. Moreover, in each stage, we present one clear taxonomy to summarize representative approaches of the involved attack paradigms. )
Physically Adversarial Attacks and Defenses in Computer Vision: A Survey
Xingxing Wei, Bangzheng Pu, Jiefan Lu, Baoyuan Wu
A survey of trustworthy graph learning: Reliability, explainability, and privacy protection
Bingzhe Wu, Jintang Li, Junchi Yu, Yatao Bian, Hengtong Zhang, CHaochao Chen, Chengbin Hou, Guoji Fu, Liang Chen, Tingyang Xu, Yu Rong, Xiaolin Zheng, Junzhou Huang, Ran He, Baoyuan Wu, Guangyu Sun, Peng Cui, Zibin Zheng, Zhe Liu, Peilin Zhao
Publications
Technical Report:
Tencent AI Lab (Baoyuan Wu, Yanbo Fan, Yong Zhang, Yiming Li, Zhifeng Li, Wei Liu), Tencent Zhuque Lab (viking, jifengzhu, allenszch, ucasjh, dylan, xunsu). 2020/09/18.
Journal (4 TPAMI, 4 IJCV, 3 TIP, 2 TIFS):
26. Regional Adversarial Training for Better Robust Generalization
Chuanbiao Song, Yanbo Fan, Aoyang Zhou, Baoyuan Wu (corresponding author), Yiming Li, Zhifeng Li, Kun He (corresponding author)
Accepted to International Journal of Computer Vision (IJCV), 2024.
25. Improving Fast Adversarial Training with Prior-Guided Knowledge
Xiaojun Jia, Yong Zhang, Xingxing Wei, Baoyuan Wu, Ke Ma, Jue Wang, Xiaochun Cao
Accepted to IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI), 2024.
24. Versatile Weight Attack via Flipping Limited Bits
Jiawang Bai, Baoyuan Wu (corresponding author), Zhifeng Li, Shu-Tao Xia (corresponding author)
IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI), 2023.
23. Generalizable Black-Box Adversarial Attack with Meta Learning
Fei Yin, Yong Zhang, Baoyuan Wu (co-first author, corresponding author), Yan Feng, Jingyi Zhang, Yanbo Fan, Yujiu Yang (corresponding author)
IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI), 2023.
(Brief description: we propose a meta-learning framework which can capture both example-level and model-level adversarial transferability, to learn the probability distribution of the adversarial perturbation conditioned on the benign sample. Our framework can be naturally combined with any off-the-shelf query-based or query-and-transfer-combination-based black-box attack, leading to significant boost of the attack performance.)
22. Imperceptible and Robust Backdoor Attack in 3D Point Cloud
Kuofeng Gao*, Jiawang Bai *, Baoyuan Wu (corresponding author), Mengxi Ya, Shu-Tao Xia (corresponding author)
Accepted to IEEE Transactions on Information Forensics & Security (TIFS), 2024.
21. Robust and Generalized Physical Adversarial Attacks via Meta-GAN
Weiwei Feng, Nanqing Xu, Tianzhu Zhang, Baoyuan Wu, Yongdong Zhang
Accepted to IEEE Transactions on Information Forensics & Security (TIFS), 2024.
20. Visual Prompt Based Personalized Federated Learning
Guanghao Li, Wansen Wu, Yan Sun, Li Shen, Baoyuan Wu, Dacheng Tao
Transactions on Machine Learning Research (TMLR), 2024.
19. TAT: Targeted Backdoor Attacks against Visual Object Tracking
Ziyi Chen, Baoyuan Wu (corresponding author), Zhenya Zhang, Jianjun Zhao
Pattern Recognition (PR), 2023.
18. Robust Physical-World Attacks on Face Recognition
Xin Zheng, Yanbo Fan, Baoyuan Wu (corresponding author), Yong Zhang, Jue Wang, Shirui Pan
Accepted to Pattern Recognition (PR), 2022.
17. Boosting Fast Adversarial Training with Learnable Adversarial Initialization
Xiaojun Jia, Yong Zhang, Baoyuan Wu, Jue Wang and Xiaochun Cao.
Accepted to IEEE Transactions on Image Processing (TIP), 2022.
16. Effective and Robust Detection of Adversarial Examples via Benford-Fourier Coefficients
Chengcheng Ma (co-first authors), Baoyuan Wu (co-first authors, corresponding author), Yanbo Fan, Yong Zhang and Zhifeng Li
Accepted to Machine Intelligence Research, 2022.
15. Semi-supervised Robust Training with Generalized Perturbed Neighborhood
Yiming Li, Baoyuan Wu (corresponding author), Yan Feng, Yanbo Fan, Yong Jiang, Zhifeng Li, Shutao Xia (corresponding author)
Pattern Recognition, 2022.
14. Towards Corruption-Agnostic Robust Domain Adaptation
Yifan Xu, Kekai Sheng, Weiming Dong, Baoyuan Wu, Changsheng Xu, Bao-Gang Hu
The ACM Transactions on Multimedia Computing, Communications, and Applications (TOMM), 2022.
13. Customized Summarizations of Visual Data Collections
Mengke Yuan, Bernard Ghanem, Dong-Ming Yan, Baoyuan Wu, Xiaopeng Zhang, Peter Wonka
Computer Graphics Forum, 2021.
12. MAP Inference via L2-Sphere Linear Program Reformulation
Baoyuan Wu, Li Shen, Tong Zhang, Bernard Ghanem
International Journal of Computer Vision (IJCV), 128, pages1913–1936 (2020).
(This work proposed an equivalent continuous reformulation to the original integer programming of MAP inference, which was then efficiently solved by ADMM. It is globally convergent to epsilon-KKT solution. Codes will be released soon.)
11. Unsupervised Multi-view Constrained Convolutional Network for Accurate Depth Estimation
Yuyang Zhang, Shibiao Xu, Baoyuan Wu, Jian Shi, Weiliang Meng, Xiaopeng Zhang
IEEE Transactions on Image Processing (TIP), Volume 29, pages 7019-7031, 2020.
10. Bi-Real Net: Binarizing Deep Network Towards Real-Network Performance
Zechun Liu, Wenhan Luo, Baoyuan Wu, Xin Yang, Wei Liu, Kwang-Ting Cheng.
International Journal of Computer Vision (IJCV), 128, pages 202–219 (2020).
(Extended version of our ECCV 2018 work)
9. Tencent ML-Images: A large-scale multi-label image database for visual representation learning
Baoyuan Wu, Weidong Chen (equal contribution) , Yanbo Fan, Yong Zhang, Jinlong Hou, Jie Liu, Tong Zhang
Accepted to IEEE Access
Yongqiang Li, Baoyuan Wu, Yongping Zhao, Hongxun Yao, Qiang Ji
Multimedia Tools and Applications, 2019
7. Lp-Box ADMM: A Versatile Framework for Integer Programming
Baoyuan Wu, Bernard Ghanem
IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI) 2019, Volume 41, Issue 7, 1695-1708.
(ANY integer programming problem could be naturally and efficiently solved by our method.)
6. Automatic Building Rooftop Extraction From Aerial Images via Hierarchical RGB-D Priors
Shibiao Xu, Xingjia Pan, Er Li, Baoyuan Wu, Shuhui Bu, Weiming Dong, Shiming Xiang, Xiaopeng Zhang
IEEE Transactions on Geoscience and Remote Sensing, 2018.
5. Multi-label Learning with Missing Labels using Mixed Dependency Graphs
BaoyuanWu, Fan Jia, Wei Liu, Bernard Ghanem, Siwei Lyu
International Journal of Computer Vision (IJCV) 2018, Volume 126, Issue 8, pp 875–896.
(Extended version of our ICCV 2015 work "ML-MG: Multi-label Learning with Missing Labels Using a Mixed Graph".)
4. A Coupled Hidden Markov Random Field Model for Simultaneous Face Clustering and Tracking in Videos
Baoyuan Wu, Bao-Gang Hu, Qiang Ji
Pattern Recognition, 2017.
Yifan Zhang (corresponding author), Zhiqiang Tang, Baoyuan Wu (corresponding author), Qiang Ji, Hanqing Lu
IEEE Transactions on Image Processing (TIP), 2016.
Yongqiang Li, Baoyuan Wu (corresponding author), Bernard Ghanem, Yongping Zhao, Hongxun Yao, Qiang Ji
Pattern Recognition, 2016.
1. Multi-label learning with missing labels for image annotation and facial action unit recognition
Baoyuan Wu, Siwei Lyu, Bao-Gang Hu, Qiang Ji
Pattern Recognition, 2015.
Conference (20 CVPR, 10 ICCV, 7 ECCV, 4 ICLR, 10 NeurIPS, 1 ICML, 4 AAAI, 1 ACM MM, 1 SIGGRAPH) :
68. C2P-CLIP: Injecting Category Common Prompt in CLIP to Enhance Generalization in Deepfake Detection
Chuangchuang Tan, Renshuai Tao, Huan Liu, Guanghua Gu, Baoyuan Wu, Yao Zhao, Yunchao Wei
AAAI 2025.
67. Spurious Feature Eraser: Stabilizing Test-Time Adaptation for Vision-Language Foundation Model
Huan Ma, Yan Zhu, Changqing Zhang, Peilin Zhao, Baoyuan Wu, Long-Kai Huang, Qinghua Hu, Bingzhe Wu
AAAI 2025.
66. Breaking the False Sense of Security in Backdoor Defense through Re-Activation Attack
Mingli Zhu, Siyuan Liang, Baoyuan Wu (corresponding author)
NeurIPS 2024.
65. Mitigating Backdoor Attack by Injecting Proactive Defensive Backdoor
Shaokui Wei, Hongyuan Zha, Baoyuan Wu (corresponding author)
NeurIPS 2024.
64. FreqBlender: Enhancing DeepFake Detection by Blending Frequency Knowledge
Hanzhe LI, Jiaran Zhou, Yuezun Li, Baoyuan Wu, Bin Li, Junyu Dong
NeurIPS 2024.
63. Transcending Forgery Specificity with Latent Space Augmentation for Generalizable Deepfake Detection
Zhiyuan Yan, Yuhao Luo, Siwei Lyu, Qingshan Liu, Baoyuan Wu (corresponding author)
CVPR 2024.
62. BadCLIP: Dual-Embedding Guided Backdoor Attack on Multimodal Contrastive Learning
Siyuan Liang, Mingli Zhu, Aishan Liu, Baoyuan Wu, Xiaochun Cao, Ee-Chien Chang
CVPR 2024.
61. Directed Decentralized Collaboration for Personalized Federated Learning
Yingqi Liu, Yifan Shi, Qinglun Li, Baoyuan Wu, Xueqian Wang, Li Shen.
CVPR 2024.
60. Can ChatGPT Detect DeepFakes? A Study of Using Multimodal Large Language Models for Media Forensics
Shan Jia, Reilin Lyu, Kangran Zhao, Yize Chen, Zhiyuan Yan, Yan Ju, Chuanbo Hu, Xin Li, Baoyuan Wu, Siwei Lyu
CVPR 2024 Workshop on Media Forensics (WMF).
59. VDC: Versatile Data Cleanser for Detecting Dirty Samples via Visual-Linguistic Inconsistency
Zihao Zhu, Mingda Zhang, Shaokui Wei, Bingzhe Wu, Baoyuan Wu (corresponding author)
ICLR 2024.
58. Learning to Optimize Permutation Flow Shop Scheduling via Graph-based Imitation Learning
Longkang Li, Siyuan Liang, Zihao Zhu, Chris Ding, Hongyuan Zha, Baoyuan Wu (corresponding author)
AAAI 2024.
57. Fragile Model Watermark for Integrity Protection: leveraging boundary volatility and sensitive sample-pairing
Zhenzhe Gao, Zhenjun Tang, Zhaoxia Yin, Baoyuan Wu, Yue Lyu
Accepted to ICME 2024.
56. DeepfakeBench: A Comprehensive Benchmark of Deepfake Detection
Zhiyuan Yan, Yong Zhang, Xinhang Yuan, Siwei Lyu, Baoyuan Wu (corresponding author)
NeurIPS 2023 Datasets and Benchmarks Track.
55. Shared Adversarial Unlearning: Backdoor Mitigation by Unlearning Shared Adversarial Examples
Shaokui Wei, Mingda Zhang, Hongyuan Zha, Baoyuan Wu (corresponding author)
NeurIPS 2023.
54. Neural Polarizer: A Lightweight and Effective Backdoor Defense via Purifying Poisoned Features
Mingli Zhu, Shaokui Wei, Hongyuan Zha, Baoyuan Wu (corresponding author)
NeurIPS 2023.
53. Enhancing Fine-Tuning based Backdoor Defense with Sharpness-Aware Minimization
Mingli Zhu, Shaokui Wei, Li Shen, Yanbo Fan, Baoyuan Wu (corresponding author)
ICCV 2023.
52. UCF: Uncovering Common Features for Generalizable Deepfake Detection
Zhiyuan Yan, Yong Zhang, Yanbo Fan, Baoyuan Wu (corresponding author)
ICCV 2023.
51. Global Balanced Experts for Federated Long-tailed Learning
Yaopei Zeng, Lei Liu, Li Liu (corresponding author), Li Shen, Shaoguo Liu, Baoyuan Wu (corresponding author)
ICCV 2023.
50. ToonTalker: Cross-Domain Face Reenactment
Yuan Gong, Yong Zhang, Xiaodong Cun, Fei Yin, Yanbo Fan, Xuan Wang, Baoyuan Wu, Yujiu Yang
ICCV 2023.
49. Learning to Learn from APIs: Black-box Data-free Meta-Learning
Zixuan Hu, Li Shen, Zhenyi Wang, Baoyuan Wu, Chun Yuan, Dacheng Tao
ICML 2023.
48. NOFA: NeRF-based One-shot Facial Avatar Reconstruction
Wangbo Yu, Yanbo Fan, Yong Zhang, Xuan Wang, Fei Yin, Yunpeng Bai, Yan-Pei Cao, Ying Shan, Yang Wu, Zhongqian Sun, Baoyuan Wu
SIGGRAPH 2023.
47. DropMAE: Masked Autoencoders with Spatial-Attention Dropout for Tracking Tasks
Qiangqiang Wu, Tianyu Yang, Ziquan Liu, Baoyuan Wu, Ying Shan, Antoni B. Chan
CVPR 2023.
46. BackdoorBench: A Comprehensive Benchmark of Backdoor Learning
Baoyuan Wu (corresponding author), Hongrui Chen, Mingda Zhang, Zihao Zhu, Shaokui Wei, Danni Yuan, Chao Shen
NeurIPS 2022 Datasets and Benchmarks Track (Spotlight).
45. Effective Backdoor Defense by Exploiting Sensitivity of Poisoned Samples
Weixin Chen , Baoyuan Wu (corresponding author), Haoqian Wang (corresponding author)
NeurIPS 2022 (Spotlight).
44. Boosting the Transferability of Adversarial Attacks with Reverse Adversarial Perturbation
Zeyu Qin (equal contribution), Yanbo Fan (equal contribution), Yi Liu, Li Shen, Yong Zhang, Jue Wang, Baoyuan Wu (corresponding author)
NeurIPS 2022.
43. Prior-Guided Adversarial Initialization for Fast Adversarial Training
Xiaojun Jia, Yong Zhang, Xingxing Wei, Baoyuan Wu, Ke Ma, Jue Wang, Xiaochun Cao
ECCV 2022.
42. A Large-scale Multiple-objective Method for Black-box Attack against Object Detection
Siyuan Liang, Longkang Li, Yanbo Fan, Xiaojun Jia, Jingzhi Li, Baoyuan Wu (corresponding author), Xiaochun Cao (corresponding author)
ECCV 2022.
41. StyleHEAT: One-Shot High-Resolution Editable Talking Face Generation via Pre-trained StyleGAN
Fei Yin, Yong Zhang, Xiaodong Cun, Mingdeng Cao, Yanbo Fan, Xuan Wang, Qingyan Bai, Baoyuan Wu, Jue Wang, Yujiu Yang
ECCV 2022.
40. Boosting Black-Box Attack with Partially Transferred Conditional Adversarial Distribution
Yan Feng, Baoyuan Wu (corresponding author), Yanbo Fan, Li Liu, Zhifeng Li, Shu-Tao Xia (corresponding author)
CVPR 2022.
39. LAS-AT: Adversarial Training with Learnable Attack Strategy
Xiaojun Jia, Yong Zhang, Baoyuan Wu (corresponding author), Ke Ma, Jue Wang, Xiaochun Cao (corresponding author)
CVPR 2022 (Oral).
38. Backdoor Defense via Decoupling the Training Process
Kunzhe Huang, Yiming Li, Baoyuan Wu (corresponding author), Zhan Qin, Kui Ren
ICLR 2022.
37. Attention Probe: Vision Transformer Distillation In The Wild
Jiahao Wang, Mingdeng Cao, Shuwei Shi, Baoyuan Wu, Yujiu Yang
ICASSP 2022.
36. Random Noise Defense Against Query-Based Black-Box Attacks
Zeyu Qin, Yanbo Fan, Hongyuan Zha, Baoyuan Wu (corresponding author)
NeurIPS 2021.
35. Invisible Backdoor Attack with Sample-Specific Triggers
Yuezun Li, Yiming Li, Baoyuan Wu (corresponding author), Longkang Li, Ran He, Siwei Lyu (corresponding author)
ICCV 2021.
34. Parallel Rectangle Flip Attack: A Query-based Black-box Attack against Object Detection
Siyuan Liang, Baoyuan Wu (corresponding author), Yanbo Fan, Xingxing Wei, Xiaochun Cao (corresponding author)
ICCV 2021.
33. Meta-Attack: Class-agnostic and Model-agnostic Physical Adversarial Attack
Weiwei Feng, Baoyuan Wu (corresponding author), Tianzhu Zhang (corresponding author), Yong Zhang, Yongdong Zhang
ICCV 2021.
32. Probabilistic Modeling of Semantic Ambiguity for Scene Graph Generation
Gengcong Yang, Jingyi Zhang, Yong Zhang, Baoyuan Wu (corresponding author), Yujiu Yang (corresponding author)
CVPR 2021.
31. Prototype-supervised Adversarial Network for Targeted Attack of Deep Hashing
Xunguang Wang, Zheng Zhang, Baoyuan Wu, Fumin Shen, Guangming Lu
CVPR 2021.
30. TediGAN: Text-Guided Diverse Face Image Generation and Manipulation
Weihao Xia, Yujiu Yang, Jing-Hao Xue, Baoyuan Wu
CVPR 2021.
29. Effective and Efficient Vote Attack on Capsule Networks
Jindong Gu, Baoyuan Wu, Volker Tresp
ICLR 2021.
28. Targeted Attack against Deep Neural Networks via Flipping Limited Weight Bits
Jiawang Bai, Baoyuan Wu (corresponding author), Yong Zhang, Yiming Li, Zhifeng Li, Shu-Tao Xia (corresponding author)
ICLR 2021.
27. Backdoor Attack Against Speaker Verification
Tongqing Zhai, Yiming Li, Ziqi Zhang, Baoyuan Wu, Yong Jiang, Shu-Tao Xia
ICASSP 2021.
26. Towards Effective Adversarial Attack Against 3D Point Cloud Classification
Chengcheng Ma, Weiliang Meng, Baoyuan Wu, Shibiao Xu, Xiaopeng Zhang
ICME 2021.
25. Open-sourced Dataset Protection via Backdoor Watermarking
Yiming Li, Ziqi Zhang, Jiawang Bai, Baoyuan Wu, Yong Jiang, Shutao Xia
NeurIPS 2020 Workshop on Dataset Curation and Security.
24. Pixel-wise Dense Detector for Image Inpainting
Ruisong Zhang, Weize Quan, Baoyuan Wu, Zhifeng Li, Dong-Ming Yan
Pacific Graphics 2020.
23. Efficient Joint Gradient Based Attack Against SOR Defense for 3D Point Cloud Classification
Chengcheng Ma, Weiliang Meng, Baoyuan Wu, Shibiao Xu, Xiaopeng Zhang
ACM MM 2020.
22. Sparse Adversarial Attack via Perturbation Factorization
Yanbo Fan*, Baoyuan Wu* (co-first authors, corresponding author), Tuanhui Li, Yong Zhang, Mingyang Li, Zhifeng Li, Yujiu Yang.
European Conference on Computer Vision (ECCV), 2020.
21. Boosting Decision-based Black-box Adversarial Attacks with Random Sign Flip
Weilun Chen, Zhaoxiang Zhang, Xiaolin Hu, Baoyuan Wu.
European Conference on Computer Vision (ECCV), 2020.
20. SPL-MLL: Selecting Predictable Landmarks for Multi-Label Learning
Junbing Li, Changqing Zhang, Pengfei Zhu, Baoyuan Wu, Lei Chen, Qinghua Hu.
European Conference on Computer Vision (ECCV), 2020.
Yong Zhang, Haiyong Jiang, Baoyuan Wu (corresponding author), Yanbo Fan and Qiang Ji.
IEEE International Conference on Computer Vision (ICCV), 2019.
18. Learning to Compose Dynamic Tree Structures for Visual Contexts
Kaihua Tang, Hanwang Zhang, Baoyuan Wu, Wenhan Luo, Wei Liu
IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2019. (Oral, Best Paper Finalists)
17. Exact Adversarial Attack to Image Captioning via Structured Output Learning with Latent Variables
Yan Xu*, Baoyuan Wu* (co-first authors, corresponding author), Fumin Shen, Yanbo Fan,
Yong Zhang, Heng Tao Shen and Wei Liu (corresponding author).
IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2019.
16. Compressing Convolutional Neural Networks via Factorized Convolutional Filters
Tuanhui Li, Baoyuan Wu (corresponding author), Yujiu Yang (corresponding author),
Yanbo Fan, Yong Zhang, and Wei Liu
IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2019.
15. Joint Representation and Estimator Learning for Facial Action Unit Intensity Estimation
Yong Zhang, Baoyuan Wu (corresponding author), Weiming Dong, Zhifeng Li, Wei Liu,
Bao-Gang Hu and Qiang Ji
IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2019.
14. Efficient Decision-based Black-box Adversarial Attacks on Face Recognition
Yinpeng Dong, Hang Su, Baoyuan Wu, Zhifeng Li, Wei Liu, Tong Zhang and Jun Zhu
IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2019.
13. Target-Aware Deep Tracking
Xin Li, Chao Ma, Baoyuan Wu, Zhenyu He and Ming-Hsuan Yang
IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2019.
12. Residual Regression with Semantic Prior for Crowd Counting
Jia Wan, Wenhan Luo, Baoyuan Wu, Antoni Chan and Wei Liu
IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2019.
11. A proximal block coordinate descent algorithm for deep neural network training
Tim Tsz-Kit Lau, Jinshan Zeng, Baoyuan Wu, Yuan Yao
The 6th International Conference on Learning Representations Workshop (ICLRW), 2018
Zechun Liu, Baoyuan Wu, Wenhan Luo, Xin Yang, Wei Liu, Kang-Ting Cheng
European Conference on Computer Vision (ECCV), 2018.
(A simple, elegant and well formulated method for training CNNs with binary weights and binary activations. )
9. Tagging Like Humans: Diverse and Distinct Image Annotation
Baoyuan Wu, Weidong Chen, Wei Liu, Peng Sun, Bernard Ghanem, Siwei Lyu
IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2018.
(A simulation of crowd-sourcing human annotations.)
8. Video Object Segmentation via Inference in A Higher-Order Spatio-Temporal MRF
Linchao Bao, Baoyuan Wu, Wei Liu
IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2018.
Baoyuan Wu, Fan Jia, Wei Liu, Bernard Ghanem
IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2017.
(Encouraging diversity among the predicted tags in automatic image annotation.)
6. Constrained Sub-modular Minimization for Missing Labels and Class Imbalance in Multi-label Learning
Baoyuan Wu, Siwei Lyu, Bernard Ghanem
The Thirtieth AAAI Conference on Artificial Intelligence (AAAI), Phoenix, Arizona USA, 2016 (acceptance rate 25.7%)
5. ML-MG: Multi-label Learning with Missing Labels Using a Mixed Graph
Baoyuan Wu, Siwei Lyu, Bernard Ghanem
IEEE International Conference on Computer Vision (ICCV), Santiago, Chile, 2015(acceptance rate ~20%).
code
4. Multi-label Learning with Missing Labels
Baoyuan Wu, Zhilei Liu, Shangfei Wang, Baogang Hu, Qiang Ji
International Conference on Pattern Recognition (ICPR), Stockholm, Sweden, 2014 (oral, acceptance rate 14%).
3. Simultaneous Clustering and Tracklet Linking for Multi-Face Tracking in Videos
Baoyuan Wu, Siwei Lyu, Baogang Hu, Qiang Ji
IEEE International Conference on Computer Vision (ICCV), Sydney, Australia, 2013 (acceptance rate 27.87%).
code
2. Constrained Clustering and Its Application to Face Clustering In Videos
Baoyuan Wu, Yifan Zhang, Baogang Hu, and Qiang Ji
IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2013 (acceptance rate 25.2%).
1. Density and neighbor Adaptive Information Theoretic Clustering
Baoyuan Wu, Baogang Hu
The International Joint Conference on Neural Networks (IJCNN), pp. 230-237, 2011.
Professional services
Associate Editor: Neurocomputing (from Jan. 2021)
Area Chair: CVPR 2024, NeurIPS 2023/2022, ICML 2023, ICLR 2023/2022, AAAI 2024/2022, ICIG 2023/2021, NeurIPS 2023 Datasets and Benchmarks Track
Senior Program Committee Member: AAAI 2021, IJCAI 2020/2021