Welcome to my homepage

Currently I am Associate Professor of School of Data Science, the Chinese University of Hong Kong, Shenzhen (CUHK-Shenzhen).
I am leading the Secure Computing Lab of Big Data (SCLBD), Shenzhen Research Institute of Big Data (SBRID).
From November 2016 to August 2020, I was a Senior and Principal Researcher at Tencent AI lab. From August 2014 to November 2016, I was a Postdoc in KAUST, working with Prof. Bernard Ghanem. On June 2014, I received the PhD degree from the National Laboratory of Pattern Recognition, Institute of Automation, Chinese Academy of Sciences, supervised by Prof. Baogang Hu. I was a visiting student in Prof. Qiang Ji's lab of Rensselaer Polytechnic Institute, from Sept. 2011 to Sept. 2013.
My research interests are machine learning, computer vision and optimization, including deep learning, model compression, visual reasoning, image annotation, weakly/unsupervised learning, structured prediction, probabilistic graphical models, video processing, and integer programming. Recently, I am especially interested in AI security and privacy, such as adversarial examples, backdoor attacks and defenses, federated learning.
Email: wubaoyuan1987@gmail.com; wubaoyuan@cuhk.edu.cn

Job openings

I am recruiting PhD students to start at 2023 Spring and Fall. If you are interested in machine learning, computer vision, optimization, security and privacy of artificial intelligence. More details of applying PhD students can be found from http://scl.sribd.cn/admissions.html .
I am recruiting Research Scientist (研究科学家), Data Engineer (数据工程师), Postdoc Researcher (博士后), Visiting Students (master or PhD students) (访问学生) for the Secure Computing Lab of Big Data, Shenzhen Research Institute of Big Data (SBRID). More details of these positions can be found from http://scl.sribd.cn/admissions.html .

News

2022/08/10 -- I am invited as an Area Chair of ICLR 2023.
2022/07/21 -- Our latest work about black-box adversarial attack has been accepted to TPAMI. Congratulations to all co-authors.
2022/07/04 -- 3 papers about adversarial training, black-box attack, talking face generation are accepted to ECCV 2022.
2022/05/28 -- 1 paper about adversarial training is accepted to TIP.
2022/04/06 -- BackdoorBench (a benchmark for backdoor learning) and BlackboxBench (a benchmark for black-box attacks) have been released.
2022/03/30 -- I am invited as an Area Chair of NeurIPS 2022.
2022/03/03 -- 2 papers (1 oral, 1 poster) about black-box adversarial attack, adversarial training are accepted to CVPR 2022.
2022/01/22 -- 1 paper about transformer is accepted to ICASSP 2022.
2022/01/21 -- 1 paper about backdoor defense is accepted to ICLR 2022.
2021/09/29 -- 1 paper about black-box adversarial defense is accepted to NeurIPS 2021.
2021/07/23 -- 3 papers are accepted to ICCV 2021.
2021/07/18 -- I am invited as an Area Chair of AAAI 2022.
2021/06/18 -- I am invited as an Area Chair of ICLR 2022.
2021/05/07 -- "AI security and Privacy" Seminar Series has been launched. Please see http://scl.sribd.cn/seminar/index.html for more details.
2021/03/18 -- The website of our Secure Computing Lab of Big Data (SCLBD) has been released. http://scl.sribd.cn/
2021/03/01 -- 3 papers are accepted to CVPR 2021.
2021/01/24 -- I am starting to serve as an Associate Editor of Neurocomputing (JCR Q1, Impact Factor: 4.438).
2021/02/16 -- The Github repository of our IJCV work "MAP Inference via L2-Sphere Linear Program Reformulation" has been released (link), including both Python and Matlab implementations.
2021/01/30 -- 1 paper is accepted to ICASSP 2021.
2021/01/13 -- 2 papers are accepted by ICLR 2021, including the first efficient adversarial attack to Capsule networks, and the weight attack by bit flipping to the CNN model deployed in the device. Congrats to all co-authors.
2020/12/11 -- The github repository of our Lp-Box ADMM [TPAMI 2018] has been significantly updated with: C++ implementation, which is more efficient than the matlab and python implementation.
2020/09/18 -- "AI安全的威胁风险矩阵" has been released jointly by Tencent AI Lab and Tencent Zhuque Lab (腾讯朱雀实验室). It is the first technical report to comprehensively covering different kinds of security threats in the full cycle of an AI system. It could be an important reference for AI researchers, AI engineers and AI users. Lots of main-stream and social medias have reported this news. Download, Media 1, Media 2, Media 3, Media 4, Media 5, Media 6, ...
2020/08/24 -- The github repositories of our sparse attack and black-box attack of ECCV 2020 have been released. See the links below the papers.
2020/08/17 -- I will serve as Senior Program Committee Member (SPC) of AAAI 2021 and IJCAI 2021.
2020/07/26 -- One paper about adversarial attack to 3D Point Cloud Classification is accepted to ACM MM 2020. Congrats to Chengcheng Ma and other co-authors.
2020/07/03 -- 3 papers accepted to ECCV 2020. Congrats to all co-authors.
2019/12/22 -- The github repository of our Lp-Box ADMM [TPAMI 2018] has been significantly updated with: python implementation, function of BQP with both equality and inequality constraints, link to more applications and extensions.
2019/12/12 -- Our work "MAP Inference via L2-Sphere Linear Program Reformulation" is accepted to IJCV. Congrats to all co-authors, Dr. Li Shen, Professor Bernard Ghanem and Professor Tong Zhang.
2019/08/29 -- Our work "Bi-Real Net: Binarizing Deep Network Towards Real-Network Performance" is accepted to IJCV. Congrats to Zechun Liu.
2019/07/23 -- Our work "Context-aware Feature and Label Fusion for Facial Action Unit Intensity Estimation with Partially Labeled Data" is accepted to ICCV 2019.
2019/07/08 -- I was invited to give a keynote talk at the ICME 2019 Workshop on Information Theory and Multimedia Computing, named "Security of Deep Learning: Adversarial attacks ans Defenses".
2019/06/18 -- Our work "Learning to Compose Dynamic Tree Structures for Visual Contexts" is selected into the Best Paper Finalists of CVPR 2019.
2019/02/25 -- 7 papers (1 oral, 6 poster) accepted to CVPR 2019! Congrats to all co-authors.
2018/10/17 -- Tencent ML-Images is released at Github. It includes the largest open-source multi-label image database, and a very good ResNet-101 checkpoint achieving 80.73% top-1 accuracy on the validation set of ImageNet, as well as detailed codes of training and fine-tuning. Enjoy it :)

Benchmarks:

BackdoorBench

BackdoorBench aims to provide easy implementations of 8 backdoor attack and 9 backdoor defense methods to facilitate future research, as well as a comprehensive evaluation of these attack and defense methods. (Arxiv, Code has been public at https://github.com/SCLBD/backdoorbench)

BlackboxBench

BlackboxBench is a benchmark for mainstream adversarial black-box attack methods. We provide easy implementations of 7 score-based and 8 decision-based black-box attack methods, as well as their evaluation on several models and databases. It can be used to evaluate the adversarial robustness of any ML models, or as the baseline to develop more advanced attack and defense methods. (Code has been public at https://github.com/SCLBD/BlackboxBench)

Publications

Technical Report:

AI安全的威胁风险矩阵

Tencent AI Lab (Baoyuan Wu, Yanbo Fan, Yong Zhang, Yiming Li, Zhifeng Li, Wei Liu), Tencent Zhuque Lab (viking, jifengzhu, allenszch, ucasjh, dylan, xunsu). 2020/09/18.

Journal (2 TPAMI, 3 IJCV, 3 TIP):

18. Generalizable Black-Box Adversarial Attack with Meta Learning

Fei Yin, Yong Zhang, Baoyuan Wu (co-first author, corresponding author), Yan Feng, Jingyi Zhang, Yanbo Fan, Yujiu Yang (corresponding author).

Accepted to IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI), 2022.

(Brief description: we propose a meta-learning framework which can capture both example-level and model-level adversarial transferability, to learn the probability distribution of the adversarial perturbation conditioned on the benign sample. Our framework can be naturally combined with any off-the-shelf query-based or query-and-transfer-combination-based black-box attack, leading to significant boost of the attack performance.)

17. Boosting Fast Adversarial Training with Learnable Adversarial Initialization

Xiaojun Jia, Yong Zhang, Baoyuan Wu, Jue Wang and Xiaochun Cao.

Accepted to IEEE Transactions on Image Processing (TIP), 2022.

16. Effective and Robust Detection of Adversarial Examples via Benford-Fourier Coefficients

Chengcheng Ma (co-first authors), Baoyuan Wu (co-first authors, corresponding author), Yanbo Fan, Yong Zhang and Zhifeng Li

Accepted to Machine Intelligence Research, 2022.

15. Semi-supervised Robust Training with Generalized Perturbed Neighborhood

Yiming Li, Baoyuan Wu (corresponding author), Yan Feng, Yanbo Fan, Yong Jiang, Zhifeng Li, Shutao Xia (corresponding author)

Pattern Recognition, 2022.

14. Towards Corruption-Agnostic Robust Domain Adaptation

Yifan Xu, Kekai Sheng, Weiming Dong, Baoyuan Wu, Changsheng Xu, Bao-Gang Hu

The ACM Transactions on Multimedia Computing, Communications, and Applications (TOMM), 2022.

13. Customized Summarizations of Visual Data Collections

Mengke Yuan, Bernard Ghanem, Dong-Ming Yan, Baoyuan Wu, Xiaopeng Zhang, Peter Wonka

Computer Graphics Forum, 2021.

12. MAP Inference via L2-Sphere Linear Program Reformulation

Baoyuan Wu, Li Shen, Tong Zhang, Bernard Ghanem

International Journal of Computer Vision (IJCV), 128, pages1913–1936 (2020).

(This work proposed an equivalent continuous reformulation to the original integer programming of MAP inference, which was then efficiently solved by ADMM. It is globally convergent to epsilon-KKT solution. Codes will be released soon.)

Github Arxiv

11. Unsupervised Multi-view Constrained Convolutional Network for Accurate Depth Estimation

Yuyang Zhang, Shibiao Xu, Baoyuan Wu, Jian Shi, Weiliang Meng, Xiaopeng Zhang

IEEE Transactions on Image Processing (TIP), Volume 29, pages 7019-7031, 2020.

10. Bi-Real Net: Binarizing Deep Network Towards Real-Network Performance

Zechun Liu, Wenhan Luo, Baoyuan Wu, Xin Yang, Wei Liu, Kwang-Ting Cheng.

International Journal of Computer Vision (IJCV), 128, pages 202–219 (2020).

(Extended version of our ECCV 2018 work)

Github

9. Tencent ML-Images: A large-scale multi-label image database for visual representation learning

Baoyuan Wu, Weidong Chen (equal contribution) , Yanbo Fan, Yong Zhang, Jinlong Hou, Jie Liu, Tong Zhang

Accepted to IEEE Access

Github

8. Handling missing labels and class imbalance challenges simultaneously for facial action unit recognition

Yongqiang Li, Baoyuan Wu, Yongping Zhao, Hongxun Yao, Qiang Ji

Multimedia Tools and Applications, 2019

7. Lp-Box ADMM: A Versatile Framework for Integer Programming

Baoyuan Wu, Bernard Ghanem

IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI) 2019, Volume 41, Issue 7, 1695-1708.

(ANY integer programming problem could be naturally and efficiently solved by our method.)

Supplementary pdf GitHub

6. Automatic Building Rooftop Extraction From Aerial Images via Hierarchical RGB-D Priors

Shibiao Xu, Xingjia Pan, Er Li, Baoyuan Wu, Shuhui Bu, Weiming Dong, Shiming Xiang, Xiaopeng Zhang

IEEE Transactions on Geoscience and Remote Sensing, 2018.

5. Multi-label Learning with Missing Labels using Mixed Dependency Graphs

BaoyuanWu, Fan Jia, Wei Liu, Bernard Ghanem, Siwei Lyu

International Journal of Computer Vision (IJCV) 2018, Volume 126, Issue 8, pp 875–896.

(Extended version of our ICCV 2015 work "ML-MG: Multi-label Learning with Missing Labels Using a Mixed Graph".)

4. A Coupled Hidden Markov Random Field Model for Simultaneous Face Clustering and Tracking in Videos

Baoyuan Wu, Bao-Gang Hu, Qiang Ji

Pattern Recognition, 2017.

Notting_Hill_face_track

3. A Coupled Hidden Conditional Random Field Model for Simultaneous Face Clustering and Naming in Videos

Yifan Zhang (corresponding author), Zhiqiang Tang, Baoyuan Wu (corresponding author), Qiang Ji, Hanqing Lu

IEEE Transactions on Image Processing (TIP), 2016.

2. Facial Action Unit Recognition under Incomplete Data Based on Multi-label Learning with Missing Labels

Yongqiang Li, Baoyuan Wu (corresponding author), Bernard Ghanem, Yongping Zhao, Hongxun Yao, Qiang Ji

Pattern Recognition, 2016.

1. Multi-label learning with missing labels for image annotation and facial action unit recognition

Baoyuan Wu, Siwei Lyu, Bao-Gang Hu, Qiang Ji

Pattern Recognition, 2015.

code

Conference (16 CVPR, 6 ICCV, 7 ECCV, 3 ICLR, 1 NeurIPS, 1 AAAI, 1 ACM MM) :

43. Prior-Guided Adversarial Initialization for Fast Adversarial Training

Xiaojun Jia, Yong Zhang, Xingxing Wei, Baoyuan Wu, Ke Ma, Jue Wang, Xiaochun Cao

Accepted to ECCV 2022.

42. A Large-scale Multiple-objective Method for Black-box Attack against Object Detection

Siyuan Liang, Longkang Li, Yanbo Fan, Xiaojun Jia, Jingzhi Li, Baoyuan Wu (corresponding author), Xiaochun Cao (corresponding author)

Accepted to ECCV 2022.

41. StyleHEAT: One-Shot High-Resolution Editable Talking Face Generation via Pre-trained StyleGAN

Fei Yin, Yong Zhang, Xiaodong Cun, Mingdeng Cao, Yanbo Fan, Xuan Wang, Qingyan Bai, Baoyuan Wu, Jue Wang, Yujiu Yang

Accepted to ECCV 2022.

40. Boosting Black-Box Attack with Partially Transferred Conditional Adversarial Distribution

Yan Feng, Baoyuan Wu (corresponding author), Yanbo Fan, Li Liu, Zhifeng Li, Shu-Tao Xia (corresponding author)

Accepted to CVPR 2022.

Arxiv

39. LAS-AT: Adversarial Training with Learnable Attack Strategy

Xiaojun Jia, Yong Zhang, Baoyuan Wu (corresponding author), Ke Ma, Jue Wang, Xiaochun Cao (corresponding author)

Accepted to CVPR 2022 (Oral).

Arxiv

38. Backdoor Defense via Decoupling the Training Process

Kunzhe Huang, Yiming Li, Baoyuan Wu (corresponding author), Zhan Qin, Kui Ren

ICLR 2022.

Github

37. Attention Probe: Vision Transformer Distillation In The Wild

Jiahao Wang, Mingdeng Cao, Shuwei Shi, Baoyuan Wu, Yujiu Yang

ICASSP 2022, to appear.

36. Random Noise Defense Against Query-Based Black-Box Attacks

Zeyu Qin, Yanbo Fan, Hongyuan Zha, Baoyuan Wu (corresponding author)

NeurIPS 2021.

35. Invisible Backdoor Attack with Sample-Specific Triggers

Yuezun Li, Yiming Li, Baoyuan Wu (corresponding author), Longkang Li, Ran He, Siwei Lyu (corresponding author)

ICCV 2021.

Github

34. Parallel Rectangle Flip Attack: A Query-based Black-box Attack against Object Detection

Siyuan Liang, Baoyuan Wu (corresponding author), Yanbo Fan, Xingxing Wei, Xiaochun Cao (corresponding author)

ICCV 2021.

33. Meta-Attack: Class-agnostic and Model-agnostic Physical Adversarial Attack

Weiwei Feng, Baoyuan Wu (corresponding author), Tianzhu Zhang (corresponding author), Yong Zhang, Yongdong Zhang

ICCV 2021.

Github

32. Probabilistic Modeling of Semantic Ambiguity for Scene Graph Generation

Gengcong Yang, Jingyi Zhang, Yong Zhang, Baoyuan Wu (corresponding author), Yujiu Yang (corresponding author)

CVPR 2021.

31. Prototype-supervised Adversarial Network for Targeted Attack of Deep Hashing

Xunguang Wang, Zheng Zhang, Baoyuan Wu, Fumin Shen, Guangming Lu

CVPR 2021.

30. TediGAN: Text-Guided Diverse Face Image Generation and Manipulation

Weihao Xia, Yujiu Yang, Jing-Hao Xue, Baoyuan Wu

CVPR 2021.

29. Effective and Efficient Vote Attack on Capsule Networks

Jindong Gu, Baoyuan Wu, Volker Tresp

ICLR 2021.

28. Targeted Attack against Deep Neural Networks via Flipping Limited Weight Bits

Jiawang Bai, Baoyuan Wu (corresponding author), Yong Zhang, Yiming Li, Zhifeng Li, Shu-Tao Xia (corresponding author)

ICLR 2021.

Github

27. Backdoor Attack Against Speaker Verification

Tongqing Zhai, Yiming Li, Ziqi Zhang, Baoyuan Wu, Yong Jiang, Shu-Tao Xia

ICASSP 2021.

26. Towards Effective Adversarial Attack Against 3D Point Cloud Classification

Chengcheng Ma, Weiliang Meng, Baoyuan Wu, Shibiao Xu, Xiaopeng Zhang

ICME 2021.

25. Open-sourced Dataset Protection via Backdoor Watermarking

Yiming Li, Ziqi Zhang, Jiawang Bai, Baoyuan Wu, Yong Jiang, Shutao Xia

NeurIPS 2020 Workshop on Dataset Curation and Security.

24. Pixel-wise Dense Detector for Image Inpainting

Ruisong Zhang, Weize Quan, Baoyuan Wu, Zhifeng Li, Dong-Ming Yan

Pacific Graphics 2020.

23. Efficient Joint Gradient Based Attack Against SOR Defense for 3D Point Cloud Classification

Chengcheng Ma, Weiliang Meng, Baoyuan Wu, Shibiao Xu, Xiaopeng Zhang

ACM MM 2020.

Github

22. Sparse Adversarial Attack via Perturbation Factorization

Yanbo Fan*, Baoyuan Wu* (co-first authors, corresponding author), Tuanhui Li, Yong Zhang, Mingyang Li, Zhifeng Li, Yujiu Yang.

European Conference on Computer Vision (ECCV), 2020.

Github

21. Boosting Decision-based Black-box Adversarial Attacks with Random Sign Flip

Weilun Chen, Zhaoxiang Zhang, Xiaolin Hu, Baoyuan Wu.

European Conference on Computer Vision (ECCV), 2020.

Github

20. SPL-MLL: Selecting Predictable Landmarks for Multi-Label Learning

Junbing Li, Changqing Zhang, Pengfei Zhu, Baoyuan Wu, Lei Chen, Qinghua Hu.

European Conference on Computer Vision (ECCV), 2020.

19. Context-aware Feature and Label Fusion for Facial Action Unit Intensity Estimation with Partially Labeled Data

Yong Zhang, Haiyong Jiang, Baoyuan Wu (corresponding author), Yanbo Fan and Qiang Ji.

IEEE International Conference on Computer Vision (ICCV), 2019.

18. Learning to Compose Dynamic Tree Structures for Visual Contexts

Kaihua Tang, Hanwang Zhang, Baoyuan Wu, Wenhan Luo, Wei Liu

IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2019. (Oral, Best Paper Finalists)

Github

17. Exact Adversarial Attack to Image Captioning via Structured Output Learning with Latent Variables

Yan Xu*, Baoyuan Wu* (co-first authors, corresponding author), Fumin Shen, Yanbo Fan,

Yong Zhang, Heng Tao Shen and Wei Liu (corresponding author).