Chaowei Xiao

TL;DR: This work proposes a general attack algorithm, Robust Physical Perturbations (RP2), to generate robust visual adversarial perturbations under different physical conditions and shows that adversarial examples generated using RP2 achieve high targeted misclassification rates against standard-architecture road sign classifiers in the physical world under various environmental conditions, including viewpoints.

TL;DR: Differential Augmented Hologram (DAH) is proposed which will facilitate the instant tracking of the mobile RFID tag to a high precision and devise a comprehensive solution to accurately recover the tag's moving trajectories and its locations.

TL;DR: In this paper, the authors proposed AdvGAN to generate adversarial examples with Generative Adversarial Networks (GANs), which can learn and approximate the distribution of original instances.

TL;DR: This work performs the first security study of LiDAR-based perception in AV settings, and designs an algorithm that combines optimization and global sampling, which improves the attack success rates to around 75%.

TL;DR: In this paper, the authors focus on a different type of perturbation, namely spatial transformation, as opposed to manipulating the pixel values directly as in prior works, and show that such spatially transformed adversarial examples are perceptually realistic and more difficult to defend against with existing defense systems.