GAMA: Generative Adversarial Multi-Object Scene Attacks
- URL: http://arxiv.org/abs/2209.09502v1
- Date: Tue, 20 Sep 2022 06:40:54 GMT
- Title: GAMA: Generative Adversarial Multi-Object Scene Attacks
- Authors: Abhishek Aich, Calvin Khang-Ta, Akash Gupta, Chengyu Song, Srikanth V.
Krishnamurthy, M. Salman Asif, Amit K. Roy-Chowdhury
- Abstract summary: This paper presents the first approach of using generative models for adversarial attacks on multi-object scenes.
We call this attack approach Generative Adversarial Multi-object scene Attacks (GAMA)
- Score: 48.33120361498787
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: The majority of methods for crafting adversarial attacks have focused on
scenes with a single dominant object (e.g., images from ImageNet). On the other
hand, natural scenes include multiple dominant objects that are semantically
related. Thus, it is crucial to explore designing attack strategies that look
beyond learning on single-object scenes or attack single-object victim
classifiers. Due to their inherent property of strong transferability of
perturbations to unknown models, this paper presents the first approach of
using generative models for adversarial attacks on multi-object scenes. In
order to represent the relationships between different objects in the input
scene, we leverage upon the open-sourced pre-trained vision-language model CLIP
(Contrastive Language-Image Pre-training), with the motivation to exploit the
encoded semantics in the language space along with the visual space. We call
this attack approach Generative Adversarial Multi-object scene Attacks (GAMA).
GAMA demonstrates the utility of the CLIP model as an attacker's tool to train
formidable perturbation generators for multi-object scenes. Using the joint
image-text features to train the generator, we show that GAMA can craft potent
transferable perturbations in order to fool victim classifiers in various
attack settings. For example, GAMA triggers ~16% more misclassification than
state-of-the-art generative approaches in black-box settings where both the
classifier architecture and data distribution of the attacker are different
from the victim. Our code will be made publicly available soon.
Related papers
- Hiding-in-Plain-Sight (HiPS) Attack on CLIP for Targetted Object Removal from Images [3.537369004801589]
Hiding-in-Plain-Sight (HiPS) attacks subtly modifies model predictions by selectively concealing target object(s)
We propose two HiPS attack variants, HiPS-cls and HiPS-cap, and demonstrate their effectiveness in transferring to downstream image captioning models.
arXiv Detail & Related papers (2024-10-16T20:11:32Z) - CLIP-Guided Generative Networks for Transferable Targeted Adversarial Attacks [52.29186466633699]
Transferable targeted adversarial attacks aim to mislead models into outputting adversary-specified predictions in black-box scenarios.
textitsingle-target generative attacks train a generator for each target class to generate highly transferable perturbations.
textbfCLIP-guided textbfGenerative textbfNetwork with textbfCross-attention modules (CGNC) to enhance multi-target attacks.
arXiv Detail & Related papers (2024-07-14T12:30:32Z) - Stealthy Targeted Backdoor Attacks against Image Captioning [16.409633596670368]
We present a novel method to craft targeted backdoor attacks against image caption models.
Our method first learns a special trigger by leveraging universal perturbation techniques for object detection.
Our approach can achieve a high attack success rate while having a negligible impact on model clean performance.
arXiv Detail & Related papers (2024-06-09T18:11:06Z) - Adversarial Robustness for Visual Grounding of Multimodal Large Language Models [49.71757071535619]
Multi-modal Large Language Models (MLLMs) have recently achieved enhanced performance across various vision-language tasks.
adversarial robustness of visual grounding remains unexplored in MLLMs.
We propose three adversarial attack paradigms as follows.
arXiv Detail & Related papers (2024-05-16T10:54:26Z) - Unsegment Anything by Simulating Deformation [67.10966838805132]
"Anything Unsegmentable" is a task to grant any image "the right to be unsegmented"
We aim to achieve transferable adversarial attacks against all prompt-based segmentation models.
Our approach focuses on disrupting image encoder features to achieve prompt-agnostic attacks.
arXiv Detail & Related papers (2024-04-03T09:09:42Z) - GLOW: Global Layout Aware Attacks for Object Detection [27.46902978168904]
Adversarial attacks aim to perturb images such that a predictor outputs incorrect results.
We present first approach that copes with various attack requests by generating global layout-aware adversarial attacks.
In experiment, we design multiple types of attack requests and validate our ideas on MS validation set.
arXiv Detail & Related papers (2023-02-27T22:01:34Z) - Leveraging Local Patch Differences in Multi-Object Scenes for Generative
Adversarial Attacks [48.66027897216473]
We tackle a more practical problem of generating adversarial perturbations using multi-object (i.e., multiple dominant objects) images.
We propose a novel generative attack (called Local Patch Difference or LPD-Attack) where a novel contrastive loss function uses the aforesaid local differences in feature space of multi-object scenes.
Our approach outperforms baseline generative attacks with highly transferable perturbations when evaluated under different white-box and black-box settings.
arXiv Detail & Related papers (2022-09-20T17:36:32Z) - Context-Aware Transfer Attacks for Object Detection [51.65308857232767]
We present a new approach to generate context-aware attacks for object detectors.
We show that by using co-occurrence of objects and their relative locations and sizes as context information, we can successfully generate targeted mis-categorization attacks.
arXiv Detail & Related papers (2021-12-06T18:26:39Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.