DPA: Learning Robust Physical Adversarial Camouflages for Object Detectors

• URL: http://arxiv.org/abs/2109.00124v1
• Date: Wed, 1 Sep 2021 00:18:17 GMT
• Title: DPA: Learning Robust Physical Adversarial Camouflages for Object Detectors
• Authors: Yexin Duan, Jialin Chen, Xingyu Zhou, Junhua Zou, Zhengyun He, Wu Zhang, Zhisong Pan
• Abstract summary: We propose the Dense Proposals Attack (DPA) to learn robust, physical and targeted adversarial camouflages for detectors. The camouflages are robust because they remain adversarial when filmed under arbitrary viewpoint and different illumination conditions. We build a virtual 3D scene using the Unity simulation engine to fairly and reproducibly evaluate different physical attacks.
• Score: 5.598600329573922
• License: http://creativecommons.org/licenses/by-nc-sa/4.0/
• Abstract: Adversarial attacks are feasible in the real world for object detection. However, most of the previous works have tried to learn "patches" applied to an object to fool detectors, which become less effective or even ineffective in squint view angles. To address this issue, we propose the Dense Proposals Attack (DPA) to learn robust, physical and targeted adversarial camouflages for detectors. The camouflages are robust because they remain adversarial when filmed under arbitrary viewpoint and different illumination conditions, physical because they function well both in the 3D virtual scene and the real world, and targeted because they can cause detectors to misidentify an object as a specific target class. In order to make the generated camouflages robust in the physical world, we introduce a combination of viewpoint shifts, lighting and other natural transformations to model the physical phenomena. In addition, to improve the attacks, DPA substantially attacks all the classifications in the fixed region proposals. Moreover, we build a virtual 3D scene using the Unity simulation engine to fairly and reproducibly evaluate different physical attacks. Extensive experiments demonstrate that DPA outperforms the state-of-the-art methods significantly, and generalizes well to the real world, posing a potential threat to the security-critical computer vision systems.

Related papers

• TPatch: A Triggered Physical Adversarial Patch [19.768494127237393]
  We propose TPatch, a physical adversarial patch triggered by acoustic signals. To avoid the suspicion of human drivers, we propose a content-based camouflage method and an attack enhancement method to strengthen it.
  arXiv  Detail & Related papers  (2023-12-30T06:06:01Z)
• AdvMono3D: Advanced Monocular 3D Object Detection with Depth-Aware Robust Adversarial Training [64.14759275211115]
  We propose a depth-aware robust adversarial training method for monocular 3D object detection, dubbed DART3D. Our adversarial training approach capitalizes on the inherent uncertainty, enabling the model to significantly improve its robustness against adversarial attacks.
  arXiv  Detail & Related papers  (2023-09-03T07:05:32Z)
• Unified Adversarial Patch for Visible-Infrared Cross-modal Attacks in the Physical World [11.24237636482709]
  We design a unified adversarial patch that can perform cross-modal physical attacks, achieving evasion in both modalities simultaneously with a single patch. We propose a novel boundary-limited shape optimization approach that aims to achieve compact and smooth shapes for the adversarial patch. Our method is evaluated against several state-of-the-art object detectors, achieving an Attack Success Rate (ASR) of over 80%.
  arXiv  Detail & Related papers  (2023-07-27T08:14:22Z)
• Unified Adversarial Patch for Cross-modal Attacks in the Physical World [11.24237636482709]
  We propose a unified adversarial patch to fool visible and infrared object detectors at the same time via a single patch. Considering different imaging mechanisms of visible and infrared sensors, our work focuses on modeling the shapes of adversarial patches. Results show that our unified patch achieves an Attack Success Rate (ASR) of 73.33% and 69.17%, respectively.
  arXiv  Detail & Related papers  (2023-07-15T17:45:17Z)
• Shadows can be Dangerous: Stealthy and Effective Physical-world Adversarial Attack by Natural Phenomenon [79.33449311057088]
  We study a new type of optical adversarial examples, in which the perturbations are generated by a very common natural phenomenon, shadow. We extensively evaluate the effectiveness of this new attack on both simulated and real-world environments.
  arXiv  Detail & Related papers  (2022-03-08T02:40:18Z)
• ObjectSeeker: Certifiably Robust Object Detection against Patch Hiding Attacks via Patch-agnostic Masking [95.6347501381882]
  Object detectors are found to be vulnerable to physical-world patch hiding attacks. We propose ObjectSeeker as a framework for building certifiably robust object detectors.
  arXiv  Detail & Related papers  (2022-02-03T19:34:25Z)
• On the Real-World Adversarial Robustness of Real-Time Semantic Segmentation Models for Autonomous Driving [59.33715889581687]
  The existence of real-world adversarial examples (commonly in the form of patches) poses a serious threat for the use of deep learning models in safety-critical computer vision tasks. This paper presents an evaluation of the robustness of semantic segmentation models when attacked with different types of adversarial patches. A novel loss function is proposed to improve the capabilities of attackers in inducing a misclassification of pixels.
  arXiv  Detail & Related papers  (2022-01-05T22:33:43Z)
• FCA: Learning a 3D Full-coverage Vehicle Camouflage for Multi-view Physical Adversarial Attack [5.476797414272598]
  We propose a robust Full-coverage Camouflage Attack (FCA) to fool detectors. Specifically, we first try rendering the non-planar camouflage texture over the full vehicle surface. We then introduce a transformation function to transfer the rendered camouflaged vehicle into a photo-realistic scenario.
  arXiv  Detail & Related papers  (2021-09-15T10:17:12Z)
• Evaluating the Robustness of Semantic Segmentation for Autonomous Driving against Real-World Adversarial Patch Attacks [62.87459235819762]
  In a real-world scenario like autonomous driving, more attention should be devoted to real-world adversarial examples (RWAEs) This paper presents an in-depth evaluation of the robustness of popular SS models by testing the effects of both digital and real-world adversarial patches.
  arXiv  Detail & Related papers  (2021-08-13T11:49:09Z)
• Exploring Adversarial Robustness of Multi-Sensor Perception Systems in Self Driving [87.3492357041748]
  In this paper, we showcase practical susceptibilities of multi-sensor detection by placing an adversarial object on top of a host vehicle. Our experiments demonstrate that successful attacks are primarily caused by easily corrupted image features. Towards more robust multi-modal perception systems, we show that adversarial training with feature denoising can boost robustness to such attacks significantly.
  arXiv  Detail & Related papers  (2021-01-17T21:15:34Z)
• CCA: Exploring the Possibility of Contextual Camouflage Attack on Object Detection [16.384831731988204]
  We propose a contextual camouflage attack (CCA) algorithm to in-fluence the performance of object detectors. In this paper, we usean evolutionary search strategy and adversarial machine learningin interactions with a photo-realistic simulated environment. Theproposed camouflages are validated effective to most of the state-of-the-art object detectors.
  arXiv  Detail & Related papers  (2020-08-19T06:16:10Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.