D2
Computer Vision and Machine Learning

Sukrut Rao (PhD Student)

Sukrut Sridhar Rao

Address
Max-Planck-Institut für Informatik
Saarland Informatics Campus
Campus E1 4
66123 Saarbrücken
Location
E1 4 - 628
Phone
+49 681 9325 2146
Fax
+49 681 9325 2099

Personal Information

Publications

Rao, S., Böhle, M., & Schiele, B. (2022). Towards Better Understanding Attribution Methods. In IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR 2022). New Orleans, LA, USA: IEEE. doi:10.1109/CVPR52688.2022.00998
[DOI]
[PuRe]
[BibTeX]
[pre-print version]
Links
[DOI]
[PuRe]
[BibTeX]
[pre-print version]
Export
BibTeX
@inproceedings{Rao_CVPR2022, TITLE = {Towards Better Understanding Attribution Methods}, AUTHOR = {Rao, Sukrut and B{\"o}hle, Moritz and Schiele, Bernt}, LANGUAGE = {eng}, ISBN = {978-1-6654-6946-3}, DOI = {10.1109/CVPR52688.2022.00998}, PUBLISHER = {IEEE}, YEAR = {2022}, MARGINALMARK = {$\bullet$}, BOOKTITLE = {IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR 2022)}, PAGES = {10213--10222}, ADDRESS = {New Orleans, LA, USA}, }
Endnote
%0 Conference Proceedings %A Rao, Sukrut %A Böhle, Moritz %A Schiele, Bernt %+ Computer Graphics, MPI for Informatics, Max Planck Society Computer Vision and Machine Learning, MPI for Informatics, Max Planck Society Computer Vision and Machine Learning, MPI for Informatics, Max Planck Society %T Towards Better Understanding Attribution Methods : %G eng %U http://hdl.handle.net/21.11116/0000-000A-6F91-6 %R 10.1109/CVPR52688.2022.00998 %D 2022 %B 35th IEEE/CVF Conference on Computer Vision and Pattern Recognition %Z date of event: 2022-06-19 - 2022-06-24 %C New Orleans, LA, USA %B IEEE/CVF Conference on Computer Vision and Pattern Recognition %P 10213 - 10222 %I IEEE %@ 978-1-6654-6946-3
Rao, S., Stutz, D., & Schiele, B. (2020). Adversarial Training against Location-Optimized Adversarial Patches. Retrieved from https://arxiv.org/abs/2005.02313
(arXiv: 2005.02313)
[arXiv]
[PuRe]
[BibTeX]
[pre-print version]
Abstract
Deep neural networks have been shown to be susceptible to adversarial<br>examples -- small, imperceptible changes constructed to cause<br>mis-classification in otherwise highly accurate image classifiers. As a<br>practical alternative, recent work proposed so-called adversarial patches:<br>clearly visible, but adversarially crafted rectangular patches in images. These<br>patches can easily be printed and applied in the physical world. While defenses<br>against imperceptible adversarial examples have been studied extensively,<br>robustness against adversarial patches is poorly understood. In this work, we<br>first devise a practical approach to obtain adversarial patches while actively<br>optimizing their location within the image. Then, we apply adversarial training<br>on these location-optimized adversarial patches and demonstrate significantly<br>improved robustness on CIFAR10 and GTSRB. Additionally, in contrast to<br>adversarial training on imperceptible adversarial examples, our adversarial<br>patch training does not reduce accuracy.<br>
Links
[PuRe]
[arXiv]
[BibTeX]
[pre-print version]
Export
BibTeX
@online{Rao_arXiv2005.02313, TITLE = {Adversarial Training against Location-Optimized Adversarial Patches}, AUTHOR = {Rao, Sukrut and Stutz, David and Schiele, Bernt}, LANGUAGE = {eng}, URL = {https://arxiv.org/abs/2005.02313}, EPRINT = {2005.02313}, EPRINTTYPE = {arXiv}, YEAR = {2020}, ABSTRACT = {Deep neural networks have been shown to be susceptible to adversarial<br>examples -- small, imperceptible changes constructed to cause<br>mis-classification in otherwise highly accurate image classifiers. As a<br>practical alternative, recent work proposed so-called adversarial patches:<br>clearly visible, but adversarially crafted rectangular patches in images. These<br>patches can easily be printed and applied in the physical world. While defenses<br>against imperceptible adversarial examples have been studied extensively,<br>robustness against adversarial patches is poorly understood. In this work, we<br>first devise a practical approach to obtain adversarial patches while actively<br>optimizing their location within the image. Then, we apply adversarial training<br>on these location-optimized adversarial patches and demonstrate significantly<br>improved robustness on CIFAR10 and GTSRB. Additionally, in contrast to<br>adversarial training on imperceptible adversarial examples, our adversarial<br>patch training does not reduce accuracy.<br>}, }
Endnote
%0 Report %A Rao, Sukrut %A Stutz, David %A Schiele, Bernt %+ Computer Graphics, MPI for Informatics, Max Planck Society Computer Vision and Machine Learning, MPI for Informatics, Max Planck Society Computer Vision and Machine Learning, MPI for Informatics, Max Planck Society %T Adversarial Training against Location-Optimized Adversarial Patches : %G eng %U http://hdl.handle.net/21.11116/0000-0007-80D0-C %U https://arxiv.org/abs/2005.02313 %D 2020 %X Deep neural networks have been shown to be susceptible to adversarial<br>examples -- small, imperceptible changes constructed to cause<br>mis-classification in otherwise highly accurate image classifiers. As a<br>practical alternative, recent work proposed so-called adversarial patches:<br>clearly visible, but adversarially crafted rectangular patches in images. These<br>patches can easily be printed and applied in the physical world. While defenses<br>against imperceptible adversarial examples have been studied extensively,<br>robustness against adversarial patches is poorly understood. In this work, we<br>first devise a practical approach to obtain adversarial patches while actively<br>optimizing their location within the image. Then, we apply adversarial training<br>on these location-optimized adversarial patches and demonstrate significantly<br>improved robustness on CIFAR10 and GTSRB. Additionally, in contrast to<br>adversarial training on imperceptible adversarial examples, our adversarial<br>patch training does not reduce accuracy.<br> %K Computer Science, Computer Vision and Pattern Recognition, cs.CV,Computer Science, Cryptography and Security, cs.CR,Computer Science, Learning, cs.LG,Statistics, Machine Learning, stat.ML
Rao, S., Stutz, D., & Schiele, B. (2021). Adversarial Training Against Location-Optimized Adversarial Patches. In Computer Vision -- ECCV Workshops 2020. Glasgow, UK: Springer. doi:10.1007/978-3-030-68238-5_32
[DOI]
[PuRe]
[BibTeX]
Links
[DOI]
[PuRe]
[BibTeX]
Export
BibTeX
@inproceedings{DBLP:conf/eccv/RaoSS20, TITLE = {Adversarial Training Against Location-Optimized Adversarial Patches}, AUTHOR = {Rao, Sukrut and Stutz, David and Schiele, Bernt}, LANGUAGE = {eng}, ISBN = {978-3-030-68237-8}, DOI = {10.1007/978-3-030-68238-5_32}, PUBLISHER = {Springer}, YEAR = {2020}, MARGINALMARK = {$\bullet$}, DATE = {2021}, BOOKTITLE = {Computer Vision -- ECCV Workshops 2020}, EDITOR = {Bartoli, Adrian and Fusiello, Andrea}, PAGES = {429--448}, SERIES = {Lecture Notes in Computer Science}, VOLUME = {12539}, ADDRESS = {Glasgow, UK}, }
Endnote
%0 Conference Proceedings %A Rao, Sukrut %A Stutz, David %A Schiele, Bernt %+ Computer Graphics, MPI for Informatics, Max Planck Society Computer Vision and Machine Learning, MPI for Informatics, Max Planck Society Computer Vision and Machine Learning, MPI for Informatics, Max Planck Society %T Adversarial Training Against Location-Optimized Adversarial Patches : %G eng %U http://hdl.handle.net/21.11116/0000-0008-1662-1 %R 10.1007/978-3-030-68238-5_32 %D 2021 %B 16th European Conference on Computer Vision %Z date of event: 2020-08-23 - 2020-08-28 %C Glasgow, UK %B Computer Vision -- ECCV Workshops 2020 %E Bartoli, Adrian; Fusiello, Andrea %P 429 - 448 %I Springer %@ 978-3-030-68237-8 %B Lecture Notes in Computer Science %N 12539