More Works from Our Lab

DynamicPAE: Generating Scene-Aware Physical Adversarial Examples in Real-Time

This work introduces the DynamicPAE, the first end-to-ends framework for physical adversarial patch generation.

IEEE TPAMI 2025 (current state: Accepted, waiting for IEEE preprint)
Dual Intention Escape: Jailbreak Attack against Large Language Models

This work proposes a dual intention escape (DIE) jailbreak attack framework to generate stealthy and toxic prompts that deceive large language models (LLMs) into producing harmful content. By leveraging psychological mechanisms, DIE effectively evades defenses like sensitive word detection and induces malicious outputs.

WWW 2025 (oral)
Dual Attention Suppression Attack: Generate Adversarial Camouflage in Physical World

This paper proposes the Dual Attention Suppression (DAS) attack, which creates visually natural and highly transferable physical adversarial camouflages by simultaneously suppressing both model attention and human visual attention.

CVPR 2021 (oral)

Exploring Semantically-constrained Adversarial Example with Instruction Uncertainty Reduction

Jin Hu, Jiakai Wang*, Linna Jing, Haolin Li, Haodong Liu, Haotong Qin, Aishan Liu, Ke Xu, Xianglong Liu
State Key Laboratory of Complex & Critical Software Environment, Beihang University, Zhongguancun Laboratory,
School of Computer Science and Engineering, Beihang University,
Dept. of Information Technology and Electrical Engineering, ETH Zurich
NeurIPS 2025
Paper Supplementary Code arXiv
Illustration of 3D SemanticAE

This video demonstrates a generated 3D adversarial tricycle. Our method (Adv Sample with ResAdv-DDIM) generates 3D adversarial objects directly from instructions and can effectively fool vision models.

Abstract

Recently, semantically constrained adversarial examples (SemanticAE), which are directly generated from natural language instructions, have become a promising avenue for future research due to their flexible attacking forms, but have not been thoroughly explored yet. To generate SemanticAEs, current methods fall short of satisfactory attacking ability as the key underlying factors of semantic uncertainty in human instructions, such as referring diversity, descriptive incompleteness, and boundary ambiguity, have not been fully investigated. To tackle the issues, this paper develops a multi-dimensional instruction uncertainty reduction (InsUR) framework to generate more satisfactory SemanticAE, transferable, adaptive, and effective. Specifically, in the dimension of the sampling method, we propose the residual-driven attacking direction stabilization to alleviate the unstable adversarial optimization caused by the diversity of language references. By coarsely predicting the language-guided sampling process, the optimization process will be stabilized by the designed ResAdv-DDIM sampler, therefore releasing the transferable and robust adversarial capability of multi-step diffusion models. In task modeling, we propose the context-encoded attacking scenario constraint to supplement the missing knowledge from incomplete human instructions. Guidance masking and renderer integration are proposed to regulate the constraints of 2D/3D SemanticAE, activating stronger scenario-adapted attacks. Moreover, in the dimension of generator evaluation, we propose the semantic-abstracted attacking evaluation enhancement by clarifying the evaluation boundary based on the label taxonomy, facilitating the development of more effective SemanticAE generators. Extensive experiments demonstrate the superiority of the transfer attack performance of InSUR. Besides, it is worth highlighting that we realize the reference-free generation of semantically constrained 3D adversarial examples by utilizing language-guided 3D generation models for the first time.

Illustion of SemanticAE

Illustion of SemanticAE

Key Visualizations

2D SemanticAEs Visualization

Visualization of 2D SemanticAEs.

3D SemanticAEs Visualization

Visualization of generated 3D SemanticAEs.

Generated 3D Adversarial Examples

Conference Paper

BibTeX

@inproceedings{Hu2025SemanticAE,
  title={Exploring Semantic-constrained Adversarial Example with Instruction Uncertainty Reduction},
  author={Hu, Jin and Wang, Jiakai and Jing, Linna and Li, Haolin and Liu, Haodong and Qin, Haotong and Liu, Aishan and Xu, Ke and Liu, Xianglong},
  booktitle={Neural Information Processing Systems (NeurIPS)},
  year={2025},
}