Physical Adversarial Attacks on an Aerial Imagery Object Detector

• URL: http://arxiv.org/abs/2108.11765v1
• Date: Thu, 26 Aug 2021 12:53:41 GMT
• Title: Physical Adversarial Attacks on an Aerial Imagery Object Detector
• Authors: Andrew Du, Bo Chen, Tat-Jun Chin, Yee Wei Law, Michele Sasdelli, Ramesh Rajasegaran, Dillon Campbell
• Abstract summary: In this work, we demonstrate one of the first efforts on physical adversarial attacks on aerial imagery. We devised novel experiments and metrics to evaluate the efficacy of physical adversarial attacks against object detectors in aerial scenes. Our results indicate the palpable threat posed by physical adversarial attacks towards deep neural networks for processing satellite imagery.
• Score: 32.99554861896277
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Deep neural networks (DNNs) have become essential for processing the vast amounts of aerial imagery collected using earth-observing satellite platforms. However, DNNs are vulnerable towards adversarial examples, and it is expected that this weakness also plagues DNNs for aerial imagery. In this work, we demonstrate one of the first efforts on physical adversarial attacks on aerial imagery, whereby adversarial patches were optimised, fabricated and installed on or near target objects (cars) to significantly reduce the efficacy of an object detector applied on overhead images. Physical adversarial attacks on aerial images, particularly those captured from satellite platforms, are challenged by atmospheric factors (lighting, weather, seasons) and the distance between the observer and target. To investigate the effects of these challenges, we devised novel experiments and metrics to evaluate the efficacy of physical adversarial attacks against object detectors in aerial scenes. Our results indicate the palpable threat posed by physical adversarial attacks towards DNNs for processing satellite imagery.

Related papers

• Adversarial Camera Patch: An Effective and Robust Physical-World Attack on Object Detectors [0.0]
  Researchers are exploring patch-based physical attacks, yet traditional approaches, while effective, often result in conspicuous patches covering target objects. Recent camera-based physical attacks have emerged, leveraging camera patches to execute stealthy attacks. We propose an Adversarial Camera Patch (ADCP) to address this issue.
  arXiv  Detail & Related papers  (2023-12-11T06:56:50Z)
• Dual Adversarial Resilience for Collaborating Robust Underwater Image Enhancement and Perception [54.672052775549]
  In this work, we introduce a collaborative adversarial resilience network, dubbed CARNet, for underwater image enhancement and subsequent detection tasks. We propose a synchronized attack training strategy with both visual-driven and perception-driven attacks enabling the network to discern and remove various types of attacks. Experiments demonstrate that the proposed method outputs visually appealing enhancement images and perform averagely 6.71% higher detection mAP than state-of-the-art methods.
  arXiv  Detail & Related papers  (2023-09-03T06:52:05Z)
• CBA: Contextual Background Attack against Optical Aerial Detection in the Physical World [8.826711009649133]
  Patch-based physical attacks have increasingly aroused concerns. Most existing methods focus on obscuring targets captured on the ground, and some of these methods are simply extended to deceive aerial detectors. We propose Contextual Background Attack (CBA), a novel physical attack framework against aerial detection, which can achieve strong attack efficacy and transferability in the physical world even without smudging the interested objects at all.
  arXiv  Detail & Related papers  (2023-02-27T05:10:27Z)
• Contextual adversarial attack against aerial detection in the physical world [8.826711009649133]
  Deep Neural Networks (DNNs) have been extensively utilized in aerial detection. Physical attacks have gradually become a hot issue due to they are more practical in the real world. We propose an innovative contextual attack method against aerial detection in real scenarios.
  arXiv  Detail & Related papers  (2023-02-27T02:57:58Z)
• Physical Adversarial Attack meets Computer Vision: A Decade Survey [55.38113802311365]
  This paper presents a comprehensive overview of physical adversarial attacks. We take the first step to systematically evaluate the performance of physical adversarial attacks. Our proposed evaluation metric, hiPAA, comprises six perspectives.
  arXiv  Detail & Related papers  (2022-09-30T01:59:53Z)
• Adversarially-Aware Robust Object Detector [85.10894272034135]
  We propose a Robust Detector (RobustDet) based on adversarially-aware convolution to disentangle gradients for model learning on clean and adversarial images. Our model effectively disentangles gradients and significantly enhances the detection robustness with maintaining the detection ability on clean images.
  arXiv  Detail & Related papers  (2022-07-13T13:59:59Z)
• Empirical Evaluation of Physical Adversarial Patch Attacks Against Overhead Object Detection Models [2.2588953434934416]
  Adversarial patches are images designed to fool otherwise well-performing neural network-based computer vision models. Recent work has demonstrated that these attacks can successfully transfer to the physical world. We further test the efficacy of adversarial patch attacks in the physical world under more challenging conditions.
  arXiv  Detail & Related papers  (2022-06-25T20:05:11Z)
• Adversarial Zoom Lens: A Novel Physical-World Attack to DNNs [0.0]
  In this paper, we demonstrate a novel physical adversarial attack technique called Adrial Zoom Lens (AdvZL) AdvZL uses a zoom lens to zoom in and out of pictures of the physical world, fooling DNNs without changing the characteristics of the target object. In a digital environment, we construct a data set based on AdvZL to verify the antagonism of equal-scale enlarged images to DNNs. In the physical environment, we manipulate the zoom lens to zoom in and out of the target object, and generate adversarial samples.
  arXiv  Detail & Related papers  (2022-06-23T13:03:08Z)
• Exploring Frequency Adversarial Attacks for Face Forgery Detection [59.10415109589605]
  We propose a frequency adversarial attack method against face forgery detectors. Inspired by the idea of meta-learning, we also propose a hybrid adversarial attack that performs attacks in both the spatial and frequency domains.
  arXiv  Detail & Related papers  (2022-03-29T15:34:13Z)
• Evaluating the Robustness of Semantic Segmentation for Autonomous Driving against Real-World Adversarial Patch Attacks [62.87459235819762]
  In a real-world scenario like autonomous driving, more attention should be devoted to real-world adversarial examples (RWAEs) This paper presents an in-depth evaluation of the robustness of popular SS models by testing the effects of both digital and real-world adversarial patches.
  arXiv  Detail & Related papers  (2021-08-13T11:49:09Z)
• Robust Tracking against Adversarial Attacks [69.59717023941126]
  We first attempt to generate adversarial examples on top of video sequences to improve the tracking robustness against adversarial attacks. We apply the proposed adversarial attack and defense approaches to state-of-the-art deep tracking algorithms.
  arXiv  Detail & Related papers  (2020-07-20T08:05:55Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.